you might have an accept rule before the redirect in iptalbes.
Eliezer
On 06/06/2012 18:17, bnichols wrote:
One thing that ive noticed is that on machines being forwarded to my
squidbox via my router, all other sites show up in the access.log and
everything functions fine, however, when I try to access the webserver
residing on the squid box there are no logs at all generated for those
requests. I would expect to see DIRECT there.
Equally of note, when I manually enter the proxy config into the
browsers, I get access.log entries for the domain, along with cache
hits of course.
Just find it interesting that there is no log generation when the
webserver is accessed from a machine on the lan being forwarded by my
router.
On Wed, 06 Jun 2012 18:05:49 +0300
Eliezer Croitoru<eliezer@xxxxxxxxxxxx> wrote:
there was a bug on some old version of squid.
you better use the newest version.
ELiezer
On 06/06/2012 18:01, mrnicholsb wrote:
Im scratching my head here, Ive got an issue thats driving me
bonkers...
1338994323.846 0 10.10.1.105 TCP_IMS_HIT/304 278 GET
http://deviant.evil/ - NONE/- text/html
Clearly this local site is being cached, what is frustrating is
that I have the following meta tag on the page
<meta http-equiv="Cache-control" content="no-cache">
Yet squid is apparently ignoring that directive completely.
Ok, no problem, so we set our conf up to always go direct for
localnet acl right? No dice, still caching,
Could one of you be so kind as to take a look at my conf and tell
me why?
##############################################################
#transparent because ddwrt is forwarding traffic to it
http_port 3128 transparent
#parent disabled due to location outside scope of firewall rules
#cache_peer 192.168.1.205 parent 3128 3129 default
# no-query no-digest
never_direct deny all
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
dns_nameservers 10.10.1.1
hosts_file /etc/hosts
cache_swap_low 95
cache_swap_high 98
access_log /var/log/squid3/access.log
cache_mem 320 MB
memory_pools on
maximum_object_size_in_memory 512 KB
maximum_object_size 400 MB
log_icp_queries off
half_closed_clients on
cache_mgr mrnicholsb@xxxxxxxxx
cache_dir ufs /mnt/secondary/var/spool/squid3 30000 32 256
visible_hostname deviant.evil
shutdown_lifetime 1 second
#icap_enable on
#icap_send_client_ip on
#icap_send_client_username on
#icap_client_username_encode off
#icap_client_username_header X-Authenticated-User
#icap_preview_enable on
#icap_preview_size 1024
#icap_service service_req reqmod_precache bypass=1
icap://127.0.0.1:1344/squidclamav
#adaptation_access service_req allow all
#icap_service service_resp respmod_precache bypass=1
icap://127.0.0.1:1344/squidclamav
#adaptation_access service_resp allow all
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
acl localnet src 10.10.1.0/24
acl blacklist dstdomain "/mnt/secondary/squid3/squid-block.acl"
acl SSL_ports port 443
acl Safe_ports port 80
acl Safe_ports port 21 # http
acl Safe_ports port 443 # ftp
acl Safe_ports port 70 # https
acl Safe_ports port 210 # gopher
acl Safe_ports port 1025-65535 # wais
acl Safe_ports port 280 # unregistered ports
acl Safe_ports port 488 # http-mgmt
acl Safe_ports port 591 # gss-http
acl Safe_ports port 777 # filemaker
acl CONNECT method CONNECT # multiling http
always_direct allow localnet
#icp_access allow localnet
#icp_access deny all
http_access deny blacklist
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access allow localnet
http_access deny all
#Thanks heaps in advance. Squid 3.1.6-1.2 Debian Squeeze
--
Eliezer Croitoru
https://www1.ngtech.co.il
IT consulting for Nonprofit organizations
eliezer <at> ngtech.co.il