Well the only issue I really have is that any host that is MANUALLY configure for the squid gets cache hits on the hosts in the localdomain, which really isny a problem, considering none of my hosts are manually configured, and its all done via forwarding on the router. So in essence, squid is doing what I want it to do, caching all traffic, and letting the local hosts go directly to local webservers on the intranet. I was just surprised and bewildered by the lack of log file generation when trying to access a local webserver. I would have expected to see logs with DIRECT in them rather than a lack of logs all together. Of course I get log files just fine when accessing normal web sites, and logs, and squid functions. On Wed, 06 Jun 2012 18:51:02 +0300 Eliezer Croitoru <eliezer@xxxxxxxxxxxx> wrote: > you might have an accept rule before the redirect in iptalbes. > > Eliezer > On 06/06/2012 18:17, bnichols wrote: > > One thing that ive noticed is that on machines being forwarded to my > > squidbox via my router, all other sites show up in the access.log > > and everything functions fine, however, when I try to access the > > webserver residing on the squid box there are no logs at all > > generated for those requests. I would expect to see DIRECT there. > > > > Equally of note, when I manually enter the proxy config into the > > browsers, I get access.log entries for the domain, along with cache > > hits of course. > > > > Just find it interesting that there is no log generation when the > > webserver is accessed from a machine on the lan being forwarded by > > my router. > > > > > > On Wed, 06 Jun 2012 18:05:49 +0300 > > Eliezer Croitoru<eliezer@xxxxxxxxxxxx> wrote: > > > >> there was a bug on some old version of squid. > >> you better use the newest version. > >> > >> ELiezer > >> On 06/06/2012 18:01, mrnicholsb wrote: > >>> Im scratching my head here, Ive got an issue thats driving me > >>> bonkers... > >>> > >>> 1338994323.846 0 10.10.1.105 TCP_IMS_HIT/304 278 GET > >>> http://deviant.evil/ - NONE/- text/html > >>> > >>> Clearly this local site is being cached, what is frustrating is > >>> that I have the following meta tag on the page > >>> > >>> <meta http-equiv="Cache-control" content="no-cache"> > >>> > >>> Yet squid is apparently ignoring that directive completely. > >>> > >>> Ok, no problem, so we set our conf up to always go direct for > >>> localnet acl right? No dice, still caching, > >>> > >>> Could one of you be so kind as to take a look at my conf and tell > >>> me why? > >>> > >>> > >>> ############################################################## > >>> > >>> #transparent because ddwrt is forwarding traffic to it > >>> http_port 3128 transparent > >>> #parent disabled due to location outside scope of firewall rules > >>> #cache_peer 192.168.1.205 parent 3128 3129 default > >>> # no-query no-digest > >>> never_direct deny all > >>> > >>> refresh_pattern ^ftp: 1440 20% 10080 > >>> refresh_pattern ^gopher: 1440 0% 1440 > >>> refresh_pattern (/cgi-bin/|\?) 0 0% 0 > >>> refresh_pattern . 0 20% 4320 > >>> > >>> dns_nameservers 10.10.1.1 > >>> hosts_file /etc/hosts > >>> cache_swap_low 95 > >>> cache_swap_high 98 > >>> access_log /var/log/squid3/access.log > >>> cache_mem 320 MB > >>> memory_pools on > >>> maximum_object_size_in_memory 512 KB > >>> maximum_object_size 400 MB > >>> log_icp_queries off > >>> half_closed_clients on > >>> cache_mgr mrnicholsb@xxxxxxxxx > >>> cache_dir ufs /mnt/secondary/var/spool/squid3 30000 32 256 > >>> visible_hostname deviant.evil > >>> shutdown_lifetime 1 second > >>> > >>> #icap_enable on > >>> #icap_send_client_ip on > >>> #icap_send_client_username on > >>> #icap_client_username_encode off > >>> #icap_client_username_header X-Authenticated-User > >>> #icap_preview_enable on > >>> #icap_preview_size 1024 > >>> #icap_service service_req reqmod_precache bypass=1 > >>> icap://127.0.0.1:1344/squidclamav > >>> #adaptation_access service_req allow all > >>> #icap_service service_resp respmod_precache bypass=1 > >>> icap://127.0.0.1:1344/squidclamav > >>> #adaptation_access service_resp allow all > >>> > >>> acl manager proto cache_object > >>> acl localhost src 127.0.0.1/32 > >>> acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 > >>> acl localnet src 10.10.1.0/24 > >>> acl blacklist dstdomain "/mnt/secondary/squid3/squid-block.acl" > >>> > >>> acl SSL_ports port 443 > >>> acl Safe_ports port 80 > >>> acl Safe_ports port 21 # http > >>> acl Safe_ports port 443 # ftp > >>> acl Safe_ports port 70 # https > >>> acl Safe_ports port 210 # gopher > >>> acl Safe_ports port 1025-65535 # wais > >>> acl Safe_ports port 280 # unregistered ports > >>> acl Safe_ports port 488 # http-mgmt > >>> acl Safe_ports port 591 # gss-http > >>> acl Safe_ports port 777 # filemaker > >>> acl CONNECT method CONNECT # multiling http > >>> > >>> always_direct allow localnet > >>> > >>> #icp_access allow localnet > >>> #icp_access deny all > >>> > >>> http_access deny blacklist > >>> http_access allow manager localhost > >>> http_access deny manager > >>> http_access deny !Safe_ports > >>> http_access deny CONNECT !SSL_ports > >>> http_access allow localhost > >>> http_access allow localnet > >>> http_access deny all > >>> > >>> > >>> #Thanks heaps in advance. Squid 3.1.6-1.2 Debian Squeeze > >>> > >>> > >> > >> > > > >
