I appreciate you helping me Amos! Thanks Again in Advance I am using Squid v3.1.2 because that is what apt-get pulled from the repository. Hopefully I'll be able to sum up my response to your last 2 posts in a way that makes sense. *The First Thing I'd like to inquire about*: you mentioned that; >>> http_access deny all > ... [show rest of quote] */ > Which is what it should be. /* Among the other places that I have been researching on how to set up squid - I found this video here: https://www.youtube.com/watch?v=qRx_RkdvpS4 <https://www.youtube.com/watch?v=qRx_RkdvpS4> At the 27Min34Second mark he mentions that from an absolutely clean install the only thing you have to do to get squid to start working is change that line from "*http_access /deny/ all*" to "*http_access /allow/ all*" Now he admits this is not a best security practice - this just gets it running and the caching started. This is why I did it, and frankly, I am not worried about my internal network from a security point of view at this point in time - I'd simply like to see the caching to start working. So, even though I obviously have a > . . .very strong sign that your configuration is broken." . . . should the system not have started to cache something anyway? =========================== As suggested, I took this link: http://www.nvidia.com/object/notebook-win8-win7-64bit-320.49-whql-driver.html <http://www.nvidia.com/object/notebook-win8-win7-64bit-320.49-whql-driver.html> . . . and this link: http://www.mozilla.org/en-US/firefox/all/ <http://www.mozilla.org/en-US/firefox/all/> . . .and did as you suggested: > Step #1: take the URL and paste it into redbot.org. If I am reading this right, the downloads on those pages should be cacheable. Am I reading that info right? ============================ Thanks for looking into mysquid.conf file. This is still like drinking from a fire hose, but I have made the tweaks you suggested. If I have understood what you have said it should look like this now: my_tweaked_squid.conf <http://squid-web-proxy-cache.1019090.n4.nabble.com/file/n4661751/my_tweaked_squid.conf> > acl manager proto cache_object > acl localhost src 127.0.0.1/32 ::1 > acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1 > > # Below is where I added my local network IP range. I am not sure if this > # correct . . . do I need to exclude my squid Static IP of 192.168.1.6 > # and my routers IP of 192.168.1.1 ??? > acl localnet src 192.168.1.0/24 > > acl SSL_ports port 443 > acl Safe_ports port 80 # http > acl Safe_ports port 21 # ftp > acl Safe_ports port 443 # https > acl Safe_ports port 70 # gopher > acl Safe_ports port 210 # wais > acl Safe_ports port 1025-65535 # unregistered ports > acl Safe_ports port 280 # http-mgmt > acl Safe_ports port 488 # gss-http > acl Safe_ports port 591 # filemaker > acl Safe_ports port 777 # multiling http > acl CONNECT method CONNECT > > http_access allow manager localhost > http_access deny manager > > http_access deny !Safe_ports > > http_access deny CONNECT !SSL_ports > > > # Here is where I entered the Windows Update code from the FAQ: > # Amos, I have moved it to the position that "I think" you were referring > to > > acl windowsupdate dstdomain windowsupdate.microsoft.com > acl windowsupdate dstdomain .update.microsoft.com > acl windowsupdate dstdomain download.windowsupdate.com > acl windowsupdate dstdomain redir.metaservices.microsoft.com > acl windowsupdate dstdomain images.metaservices.microsoft.com > acl windowsupdate dstdomain c.microsoft.com > acl windowsupdate dstdomain www.download.windowsupdate.com > acl windowsupdate dstdomain wustat.windows.com > acl windowsupdate dstdomain crl.microsoft.com > acl windowsupdate dstdomain sls.microsoft.com > acl windowsupdate dstdomain productactivation.one.microsoft.com > acl windowsupdate dstdomain ntservicepack.microsoft.com > > acl CONNECT method CONNECT > acl wuCONNECT dstdomain www.update.microsoft.com > acl wuCONNECT dstdomain sls.microsoft.com > > http_access allow CONNECT wuCONNECT localnet > http_access allow windowsupdate localnet > > # The 2 lines below I have still left commented out as Squid will not > restart with them enabled. > # http_access allow windowsupdate localnet > # http_access allow windowsupdate localhost > > > # Amos - I have added this next line as you have suggested > http_access allow localnet > > > http_access allow localhost > http_access deny all > > http_port 8080 > > # I tweaked this > cache_mem 512 MB > > # I tweaked this as well: > maximum_object_size_in_memory 2048 KB > > # I increased the cache size here, but would like to make it much bigger > if possible. I just wanted to start small and get it working first. > cache_dir ufs /var/spool/squid3 45000 16 256 > > # This was a Squid Windows Update suggested tweak: > maximum_object_size 200 MB > > coredump_dir /var/spool/squid3 > > # This was a Squid Windows Update suggested tweak: > quick_abort_min -1 > > # This was a Squid Windows Update suggested tweak: > range_offset_limit -1 KB > > > # This was a Squid Windows Update suggested tweak (the FAQ said to place > it above the other refresh_pattern entries): > refresh_pattern -i > microsoft.com/.*\.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip) 4320 80% 1051200 > reload-into-ims > refresh_pattern -i > windowsupdate.com/.*\.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip) 4320 80% > 1051200 reload-into-ims > refresh_pattern -i > my.windowsupdate.website.com/.*\.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip) > 4320 80% 1051200 reload-into-ims > > # Add any of your own refresh_pattern entries above these. > refresh_pattern ^ftp: 1440 20% 10080 > refresh_pattern ^gopher: 1440 0% 1440 > refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 > refresh_pattern (Release|Packages(.gz)*)$ 0 20% 2880 > # example lin deb packages > #refresh_pattern (\.deb|\.udeb)$ 129600 100% 129600 > refresh_pattern . 0 20% 4320 > > ## Amos - is this what you meant by placing the ". . . above cgi-bin > pattern needs to be the second to last."? Did I write my acl rule correctly? > acl localnet src 192.168.1.0/24 Do I need to exclude my squid Static IP of 192.168.1.6 and my routers IP of 192.168.1.1 ? If I understand this correctly, the reason I was not able to access the internet was BECAUSE I didn't have an http_access rule written for it: > http_access allow localnet That is why I couldn't get to the internet with the "http_access deny all" rule in place. I simply have to make sure that the > http_access allow localnet . . . is above the "http_access deny all" rule - correct? Sorry for the long post. Would making these changes using "Webmin" place all the rules, etc, in the correct position? -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/defined-localnet-to-mean-your-local-clients-tp4661726p4661751.html Sent from the Squid - Users mailing list archive at Nabble.com.
