On 16.08.2012 12:41, Christopher Kurtis Koeber wrote:
Here is the squid.conf. If there are any optimizations I can do let
me know.
The application that uses the "acl Citrix_Ports port 2598" rule is
what I am
concerned about.
I probably commented out some safety/admin stuff due to
troubleshooting.
Just as a note, the actual proxy process works fast; everything comes
up
fine on the network. Just slow for certain apps.
------------------------------------------
http_port 3128
visible_hostname [Our Proxy FQDN]
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
acl manager url_regex -i ^cache_object:// +i
^https?://[^/]+/squid-internal-mgr/
#acl manager url_regex -i ^cache_object:// /squid-internal-mgr/
acl localhost src 127.0.0.1/32 ::1
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
acl localnet src 10.0.0.0/8 # RFC 1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC 1918 possible internal network
acl localnet src fc00::/7 # RFC 4193 local private network
range
acl localnet src fe80::/10 # RFC 4291 link-local (directly
plugged)
machine
s
acl blacklist-sites dstdom_regex -i "/etc/squid/blacklist-sites"
acl whitelist-sites dstdom_regex -i "/etc/squid/whitelist-sites"
acl SSL_ports port 443
###########################################
####### Ports for Particular User ####################
###########################################
acl Citrix_Ports port 2598
acl Citrix_Ports port 2589
acl Citrix_Ports port 1494
acl Citrix_Ports port 1452
# acl Citrix_Ports port 8080
# acl Citrix_Ports port 443
# acl Citrix_Ports port 80
# acl Citrix_Ports port 433
###########################################
###########################################
###########################################
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access deny manager
# http_access deny !Safe_ports
# http_access deny CONNECT !SSL_ports
http_access deny adobe-sites
Um, adobe-sites is not defined anywhere above.
http_access allow Citrix_Ports
http_access allow CONNECT Citrix_Ports
This CONNECT line is useless, the ports are already all allowed
globally by the "allow Citrix_Ports" line directly above it.
http_access allow whitelist-sites
http_access allow manager localhost
http_access allow manager localnet
all "manager" access is blocked by a "deny manager" above. These lines
are useless.
http_access allow localhost
http_access allow localnet
A series of allow are all equivalent, sort by fastest test or
most-inclusive test. In this case "localnet" numeric comparison is
faster than "whitelist-sites" regex string comparisons.
http_access allow localhost
http_access allow localnet
http_access allow whitelist-sites
Amos
