Hi, Any update. Regards, Sarfraz ----- Original Message ----- From: ***some text missing*** <shozii1@xxxxxxxxx> To: Amos Jeffries <squid3@xxxxxxxxxxxxx>; "squid-users@xxxxxxxxxxxxxxx" <squid-users@xxxxxxxxxxxxxxx> Cc: Sent: Friday, January 31, 2014 7:08 PM Subject: Re: Website contents loading problem through squid proxy Below is my squid.conf configuration. #---------Network Defined------------ acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/32 acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 # for servers like wsus others ipbased access is required. acl ipbslhe src "/etc/squid/iusers/lhe/ipbasedservers.list" acl ipbskhi src "/etc/squid/iusers/khi/ipbasedservers.list" # Executive ip clients acl ipbcelhe src "/etc/squid/iusers/lhe/ipbcfullaccess.list" acl ipbcekhi src "/etc/squid/iusers/khi/ipbcfullaccess.list" acl isa src "/etc/squid/iusers/lhe/isa.list" # Restricted IP based clients acl ipbclhe src "/etc/squid/iusers/lhe/ipbasedclients.list" acl ipbckhi src "/etc/squid/iusers/khi/ipbasedclients.list" # Temporary IP Based clients acl templhe src "/etc/squid/iusers/lhe/tempusers.list" acl tempkhi src "/etc/squid/iusers/khi/tempusers.list" #Special users that require torrnet access acl allportslhe src "/etc/squid/iusers/lhe/allportscl.list" acl allportskhi src "/etc/squid/iusers/khi/allportscl.list" # For MCB visa update department which require quality of service. acl visaupdaterskhi src "/etc/squid/iusers/khi/visaupdaters.list" acl impsitessubnets src "/etc/squid/iusers/khi/impsitessubnets.list" # Branches that have access to only few specific sites related to biz. # In the next phase the branches related to Khi should be moved to Karachi Proxy. acl ipbizlhe src "/etc/squid/iusers/lhe/ipbizlhe.list" #acl ipbizkhi src "/etc/squid/iusers/lhe/ipbizkhi.list" acl ipbizkhi src "/etc/squid/iusers/khi/ipbizkhi.list" acl ipbizisb src "/etc/squid/iusers/lhe/ipbizisb.list" acl filos src "/etc/squid/iusers/lhe/filos.list" acl niftusers src "/etc/squid/iusers/lhe/niftusers.list" #acl nadra_bkoffice_lhe src "/etc/squid/iusers/lhe/nadra.list" #acl nadra_bkoffice_khi src "/etc/squid/iusers/khi/nadra.list" #----------------------------- banned sites for specific users----------------- acl special_clients src "/etc/squid/dacls/special_client_ips.list" acl bad_domains dstdomain "/etc/squid/dacls/bad_domains.list" # RFC1918 internal network acl localnet src 10.0.0.0/8 acl proxykhi src 10.25.88.175 acl serversubnet src 10.1.82.0/24 acl SSL_ports port 443 # HTTPS #acl SSL_ports port 9443 # HTTPS acl SSL_ports port 4443 # HTTPS acl SSL_ports port 137 # VPN acl SSL_ports port 138 # VPN acl SSL_ports port 1900 # VPN acl SSL_ports port 53333 # VPN acl SSL_ports port 139 # VPN acl SSL_ports port 8443 #AD Manager/Audit #acl SSL_ports port 9045 #TPM acl Safe_ports port 80 # http acl Safe_ports port 4443 # HTTPS Lotus Protector acl Safe_ports port 138 # VPN acl Safe_ports port 137 # VPN acl Safe_ports port 1900 # VPN acl Safe_ports port 53333 # VPN acl Safe_ports port 139 # VPN #acl Safe_ports port 7777 # http #acl Safe_ports port 89 # http acl Safe_ports port 21 # ftp acl Safe_ports port 8443 # Ad manager acl Safe_ports port 443 # https #acl Safe_ports port 9443 # https #acl Safe_ports port 9045 #TPM HTTPs acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT acl FTP proto FTP acl GET method GET acl POST method POST #-------Necessary ACLs defined--------- http_access allow manager localhost http_access deny manager # Deny requests to unknown ports http_access allow !Safe_ports allportslhe http_access allow !Safe_ports allportskhi http_access deny !Safe_ports # Deny CONNECT to other than SSL ports # For utorrentz to work the below directive is to comment but thats not safe. http_access allow !SSL_ports allportslhe http_access allow !SSL_ports allportskhi http_access deny CONNECT !SSL_ports http_access deny to_localhost http_access allow FTP # ------------------Local servers configurations------------------------- acl localservers dstdomain .mcb.com.pk always_direct allow localservers cache deny localservers #-------------cache peer if any--------------------- #cache_peer 10.1.82.205 parent 8080 0 default no-digest no-query #never_direct allow all # Fault tolering the internet connection for business sites that are to be accessed from branches. #cache_peer squidlhe1.mailserver.mcb.com.pk parent 8080 0 proxy-only #prefer_direct on #nonhierarchical_direct off #cache_peer_access squidlhe1.mailserver.mcb.com.pk deny proxykhi #cache_peer_access squidlhe1.mailserver.mcb.com.pk allow all #cache_peer_access squidkhi1.mailserver.mcb.com.pk allow bizsites # Nadra Setup #cache_peer 10.1.82.16 parent 8080 0 default no-query no-digest #acl nadra_sites dst 10.10.10.11 #cache_peer_access 10.1.82.16 allow nadra_sites #never_direct allow nadra_sites #minimum_object_size 32 KB maximum_object_size 4194304 KB maximum_object_size_in_memory 1024 KB #This settings seems to affect the delaypools so should be kept to minimum i have set it to default. quick_abort_min 10000 KB quick_abort_max 20000 KB range_offset_limit -1 KB negative_ttl 0 #--------Cache Memory Settings----------- #memory_replacement_policy heap GDSF #cache_mem 1024 MB #------- Cache Directory Related Definition---------- cache_replacement_policy heap LFUDA cache_dir aufs /cachedisk1/var/spool/squid 60000 128 256 #cache_replacement_policy heap LFUDA #cache_dir aufs /cache1/spool/squid 40000 128 256 #---------Refresh Pattern Portion-------------------------- # Custom Refresh patterns will come first # Updates windows refresh_pattern windowsupdate.com/.*.(cab|exe)(\?|$) 518400 100% 518400 reload-into-ims refresh_pattern update.microsoft.com/.*.(cab|exe)(\?|$) 518400 100% 518400 reload-into-ims refresh_pattern download.microsoft.com/.*.(cab|exe)(\?|$) 518400 100% 518400 reload-into-ims refresh_pattern download.windowsupdate.com/.*\.(cab|exe|dll|msi) 1440 100% 43200 reload-into-ims #specific for youtube custom refreshpatterns belowones.... refresh_pattern -i (get_video\?|videoplayback\?|videodownload\?) 5259487 99999999% 5259487 override-expire ignore-reload # Break HTTP standard for flash videos. Keep them in cache even if asked not to. refresh_pattern -i \.flv$ 10080 90% 999999 ignore-no-cache override-expire ignore-private # Other long-lived items refresh_pattern -i \.(jp(e?g|e|2)|gif|png|tiff?|bmp|ico|flv)(\?|$) 161280 3000% 525948 override-expire reload-into-ims refresh_pattern -i \.(iso|avi|wav|mp3|mp4|mpeg|mpg|swf|x-flv)$ 43200 90% 432000 override-expire ignore-no-cache ignore-private refresh_pattern -i \.(deb|rpm|exe|ram|bin|pdf|ppt|doc|tiff)$ 10080 90% 43200 override-expire ignore-no-cache ignore-private refresh_pattern -i \.(gif|png|jpg|jpeg|ico)$ 10080 90% 43200 override-expire ignore-no-cache ignore-private refresh_pattern -i \.(zip|gz|arj|lha|lzh|tar|tgz|cab|rar)$ 10080 95% 43200 override-expire ignore-no-cache ignore-private refresh_pattern -i \.(php|asp|aspx|cgi|html|htm|css|js) 1440 40% 40320 refresh_pattern -i (.*html$|.*htm|.*shtml|.*aspx|.*asp|.*php) 180 35% 4320 override-expire override-lastmod ignore-reload reload-into-ims refresh_pattern ^http://www.flickr.com/.*180 100% 4320 override-expire override-lastmod ignore-reload reload-into-ims refresh_pattern ^http://www.jobsdb.com/.*180 35% 4320 override-expire override-lastmod ignore-reload reload-into-ims refresh_pattern ^http://www.download.com/.*180 100% 4320 override-expire override-lastmod ignore-reload reload-into-ims refresh_pattern ^http://www.amazon.com/.*180 35% 4320 override-expire override-lastmod ignore-reload reload-into-ims refresh_pattern ^http://www.myspace.com/.*180 100% 4320 override-expire override-lastmod ignore-reload reload-into-ims #suggested defaults refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 20% 4320 #-----------------------------Defined URLs which will be sent to the store url rewriter. acl store_rewrite_list urlpath_regex \/(get_video\?|videodownload\?|videoplayback.*id) acl store_rewrite_list_domain url_regex ^http:\/\/([a-zA-Z-]+[0-9-]+)\.[A-Za-z]*\.[A-Za-z]* acl store_rewrite_list_domain url_regex (([a-z]{1,2}[0-9]{1,3})|([0-9]{1,3}[a-z]{1,2}))\.[a-z]*[0-9]?\.[a-z]{3} acl store_rewrite_list_path urlpath_regex \.(jp(e?g|e|2)|gif|png|tiff?|bmp|ico|flv|avc|zip|mp3|3gp|rar|on2|mar|exe)$ acl html url_regex \.((html|htm|php|js|css|aspx)(\?.*)?)$ \.com\/$ \.com$ acl images urlpath_regex \.((jp(e?g|e|2)|gif|png|tiff?|bmp|ico)(\?.*)?)$ acl store_rewrite_list_domain_CDN url_regex \.rapidshare\.com.*\/[0-9]*\/.*\/[^\/]* ^http:\/\/(www\.ziddu\.com.*\.[^\/]{3,4})\/(.*) \.doubleclick\.net.* yieldmanager cpxinteractive ^http:\/\/[.a-z0-9]*\.photobucket\.com.*\.[a-z]{3}$ quantserve\.com acl rapidurl url_regex \.rapidshare\.com.*\/[0-9]*\/[0-9]*\/[^\/]* acl video urlpath_regex \.((mpeg|ra?m|avi|mp(g|e|4)|mov|divx|asf|qt|wmv|m\dv|rv|vob|asx|ogm|flv|3gp)(\?.*)?)$ (get_video\?|videoplayback\?|videodownload\?|\.flv(\?.*)?) #---------------------------------------------------------------------------------------- storeurl_access allow store_rewrite_list_domain_CDN storeurl_access allow store_rewrite_list_domain storeurl_access allow store_rewrite_list_path storeurl_access allow store_rewrite_list storeurl_access allow html storeurl_access allow images storeurl_access allow video storeurl_access deny all # call storeurl rewrite helper program storeurl_rewrite_program /usr/libexec/squid/storeurl.pl storeurl_rewrite_children 10 storeurl_rewrite_concurrency 20 #url_rewrite_program /usr/libexec/squid/redirect.php #url_rewrite_children 5 #url_rewrite_concurrency 0 #url_rewrite_access allow all #---------Administrative Directives----------------- http_port 8080 visible_hostname squidkhi1.mailserver.mcb.com.pk cache_effective_user proxy cache_effective_group proxy cache_mgr servicedesk@xxxxxxxxxx #cachemgr_passwd password all (not required as informational aspects are covered without it) icp_port 0 # snmp related configuration.... #snmp_port 3161 #acl snmppublic snmp_community public #snmp_access allow snmppublic localhost #snmp_access deny all access_log /var/logs/access.log cache_store_log none coredump_dir /cachedisk1/var/spool/squid fqdncache_size 1536 ipcache_size 6144 connect_timeout 2 minutes #negative_dns_ttl 10 seconds ###These are the varaibles that should be enabled if required.Knowing completely what are u doing. #dns_retransmit_interval 10 seconds #memory_pools off #incoming_rate 15 #server_http11 on acl apache rep_header Server ^Apache broken_vary_encoding allow apache #cache_vary off acl PURGE method PURGE http_access allow PURGE localhost http_access deny PURGE #---------Directives to enhance security----------- allow_underscore off httpd_suppress_version_string on forwarded_for off log_mime_hdrs on #--------Definition of working hours--------------- acl wdays time MTWHFA acl whours time 09:00-18:00 # Ramdadan Timinings #acl whours time 08:30-15:30 #------------------Delay Pools Settings----------------------------------- #complete bandwidth available 3276800 delay_pools 4 delay_class 1 2 delay_access 1 allow serversubnet wdays whours delay_access 1 deny all delay_parameters 1 294912/294912 -1/-1 delay_class 2 2 #delay_access 3 allow ipbc #delay_access 3 allow temp #delay_access 3 deny all delay_access 2 allow visaupdaterskhi wdays whours delay_access 2 deny all delay_parameters 2 294912/294912 131072/131072 #delay_parameters 3 409600/409600 196608/196608 delay_class 3 2 delay_access 3 allow impsitessubnets wdays whours delay_access 3 deny all #delay_access 2 deny ipbs #delay_access 2 deny ipbc #delay_access 2 deny temp #delay_access 2 allow all wdays whours #delay_parameters 2 -1/-1 131072/131072 delay_parameters 3 786432/786432 131072/131072 delay_class 4 2 delay_access 4 deny serversubnet delay_access 4 deny impsitessubnets #delay_access 4 deny proxylhe delay_access 4 deny visaupdaterskhi delay_access 4 allow all #--------------------Definitions for BlockingRules------------------ ###Definition of MP3/MPEG acl MP3url urlpath_regex \.mp3(\?.*)?$ acl Movies rep_mime_type video/mpeg acl MP3s rep_mime_type audio/mpeg ####-------------------------------Media Streams-------------------- ## MediaPlayer MMS Protocol acl mediamms rep_mime_type mms acl mediaprmms url_regex dvrplayer mediastream ^mms:// ## (Squid does not yet handle the URI as a known proto type.) ## Active Stream Format (Windows Media Player) acl mediaasf rep_mime_type x-ms-asf acl mediaprasf urlpath_regex \.(afx|asf)(\?.*)?$ ## Flash Video Format acl mediaflv rep_mime_type video/flv video/x-flv acl mediaprflv urlpath_regex \.flv(\?.*)?$ ## Flash General Media Scripts (Animation) acl media rep_mime_type application/x-shockwave-flash acl mediapr urlpath_regex \.swf(\?.*)?$ ## Others currently unknown acl mediams-hdr rep_mime_type ms-hdr acl mediax-fcs rep_mime_type x-fcs acl RealAudio_url urlpath_regex /SmpDsBhgRl(.*) acl RealAudio_mime req_mime_type application/x-pncmd #------------------------------Media Streams End here------------------------ # Nadra Verification #acl nadra dst 10.10.10.11 # Sites which must be operned to whole MCB. acl allowedtoall dstdomain "/etc/squid/dacls/allowedtoall.list" ###Definition of bizsites acl bizsites dstdomain "/etc/squid/dacls/bizsites.list" ###Definition for Disallowing download of programs from web##### acl sdownloads url_regex "/etc/squid/dacls/sdownload.list" ###Definition for Disallowing download of entertainmentstuff from web. acl entdownloads url_regex "/etc/squid/dacls/entdownload.list" ###Definition of Porn acl PornSites dstdomain "/etc/squid/dacls/pornblocked.list" ####Definition of YouTube. ## The videos come from several domains #acl youtube_domains dstdomain .youtube.com .googlevideo.com .ytimg.com ###Definition of FaceBook acl facebook_sites dstdomain .facebook.com cache deny facebook_sites header_access Accept-Encoding deny facebook_sites acl ecgi_sites dstdomain .ecgi.org cache deny ecgi_sites acl kse dstdomain .kse.com.pk cache deny kse #acl ms dstdomain .microsoft.com #cache deny ms #### Definition of MSN Messenger #acl msn urlpath_regex -i gateway.dll #acl msnd dstdomain messenger.msn.com gateway.messenger.hotmail.com #acl msn1 req_mime_type application/x-msn-messenger ####Definition of Skype #acl numeric_IPs url_regex ^(([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)|(\[([0-9af]+)?:([0-9af:]+)?:([0-9af]+)?\])):443 #acl Skype_UA browser ^skype^ ##Definition of Yahoo! Messenger #acl ym dstdomain .messenger.yahoo.com .psq.yahoo.com #acl ym dstdomain .us.il.yimg.com .msg.yahoo.com .pager.yahoo.com #acl ym dstdomain .rareedge.com .ytunnelpro.com .chat.yahoo.com #acl ym dstdomain .voice.yahoo.com #acl ymregex url_regex yupdater.yim ymsgr myspaceim ## Other protocols Yahoo!Messenger uses ?? #acl ym dstdomain .skype.com .imvu.com ###Definiton of Torrentz#### #acl torrentSeeds urlpath_regex \.torrent(\?.*)?$ ###Definition of Rapidshare### ##acl dlSites dstdomain .rapidshare.com .rapidsharemegaupload.com .filespump.com # For tigher conrol over sites such as facebook youtube. #acl BIP dst "/etc/squid/dacls/blockedips.list" ###Limiting by Reply Body Size##### #eply_body_max_size 0 deny sdownloads reply_body_max_size 524288000 deny sdownloads #eply_body_max_size 219430400 allow entdownloads #external_acl_type session ttl=300 negative_ttl=0 children=1 concurrency=200 %SRC /usr/libexec/squid/squid_session #acl session external session #http_access deny !session #deny_info http://10.1.82.175/squid-errors/default.htm?url=%ssession #---------------ACLs Section for IP Based Clients--------------------------- http_access deny PornSites #http_access deny ipbc msnd #http_access deny ipbc msn #http_access deny ipbc msn1 #http_access deny ipbc numeric_IPs #http_access deny ipbc Skype_UA #http_access deny ipbc ym #http_access deny ipbc ymregex #--------------------- -----------------Deny Streaming to Restricted Clients------------------------------------------ http_reply_access deny ipbclhe Movies http_reply_access deny ipbckhi Movies http_reply_access deny templhe Movies http_reply_access deny tempkhi Movies http_reply_access deny ipbslhe Movies http_reply_access deny ipbskhi Movies http_reply_access deny ipbclhe MP3s http_reply_access deny ipbckhi MP3s http_reply_access deny templhe MP3s http_reply_access deny tempkhi MP3s http_reply_access deny ipbslhe Mp3s http_reply_access deny ipbskhi Mp3s #http_access deny ipbc FTP #http_access deny temp FTP #http_access deny ipbs FTP http_access deny ipbclhe MP3url http_access deny ipbckhi MP3url http_access deny templhe MP3url http_access deny tempkhi MP3url http_access deny ipbslhe MP3url http_access deny ipbskhi Mp3url http_reply_access deny ipbclhe mediamms http_reply_access deny ipbckhi mediamms http_reply_access deny templhe mediamms http_reply_access deny tempkhi mediamms http_reply_access deny ipbslhe mediamms http_reply_access deny ipbskhi mediamms http_reply_access deny ipbclhe mediaasf http_reply_access deny ipbckhi mediaasf http_reply_access deny templhe mediaasf http_reply_access deny tempkhi mediaasf http_reply_access deny ipbslhe mediaasf http_reply_access deny ipbskhi mediaasf #-----------------------------------------------Streaming youtube block for ipbased,temp,servers(sarfraz 1-1-011) http_reply_access deny ipbclhe mediaflv #http_reply_access deny templhe mediaflv #http_reply_access deny ipbslhe mediaflv http_reply_access deny ipbckhi mediaflv http_access deny ipbclhe mediaprmms http_access deny templhe mediaprmms http_access deny ipbslhe mediaprmms http_access deny ipbckhi mediaprmms http_access deny tempkhi mediaprmms http_access deny ipbskhi mediaprmms http_access deny ipbclhe mediaprasf http_access deny templhe mediaprasf http_access deny ipbslhe mediaprasf http_access deny ipbckhi mediaprasf http_access deny tempkhi mediaprasf http_access deny ipbskhi mediaprasf #http_access deny ipbc mediaprflv #http_access deny temp mediaprflv #http_access deny ipbs mediaprflv http_access deny ipbclhe RealAudio_url http_access deny templhe RealAudio_url http_access deny ipbslhe RealAudio_url http_access deny ipbckhi RealAudio_url http_access deny tempkhi RealAudio_url http_access deny ipbskhi RealAudio_url http_access deny POST ipbclhe RealAudio_mime http_access deny POST templhe RealAudio_mime http_access deny ipbslhe RealAudio_mime http_access deny POST ipbckhi RealAudio_mime http_access deny POST tempkhi RealAudio_mime http_access deny ipbskhi RealAudio_mime http_reply_access deny ipbclhe mediams-hdr http_reply_access deny templhe mediams-hdr http_reply_access deny ipbslhe mediams-hdr http_reply_access deny ipbckhi mediams-hdr http_reply_access deny tempkhi mediams-hdr http_reply_access deny ipbskhi mediams-hdr #http_reply_access deny templhe mediams-hdr http_reply_access deny ipbslhe mediax-fcs http_reply_access deny ipbclhe mediax-fcs http_reply_access deny ipbckhi mediax-fcs #http_reply_access deny tempkhi mediams-hdr http_reply_access deny ipbskhi mediax-fcs #http_access deny ipbc youtube_domains http_access allow isa #http_access allow facebook_sites isa http_access deny ipbclhe PornSites http_access deny ipbckhi PornSites http_access deny templhe PornSites http_access deny tempkhi PornSites http_access deny ipbslhe PornSites http_access deny ipbskhi PornSites http_access deny facebook_sites #http_access deny facebook_sites ipbcelhe #http_access deny facebook_sites templhe #http_access deny facebook_sites ipbslhe #http_access deny facebook_sites ipbcekhi #http_access deny facebook_sites ipbckhi #http_access deny facebook_sites tempkhi #http_access deny facebook_sites ipbskhi #http_access deny BIP http_access deny ipbclhe entdownloads http_access deny templhe entdownloads http_access deny ipbslhe entdownloads http_access deny ipbckhi entdownloads http_access deny tempkhi entdownloads http_access deny ipbskhi entdownloads http_access deny ipbclhe sdownloads http_access deny ipbckhi sdownloads #http_access deny ipbc torrentSeeds #http_access deny ipbc dlSites #http_access allow nadra_bkoffice_lhe nadra wdays whours #http_access allow nadra_bkoffice_khi nadra wdays whours #http_access deny ipbcelhe nadra #http_access deny ipbclhe nadra #http_access deny templhe nadra #http_access deny ipbslhe nadra #http_access deny ipbcekhi nadra #http_access deny ipbckhi nadra #http_access deny tempkhi nadra #http_access deny ipbskhi nadra http_access deny bad_domains special_clients http_access allow ipbcelhe #http_access allow isa http_access allow ipbclhe http_access allow templhe http_access allow ipbslhe http_access allow ipbcekhi http_access allow ipbckhi http_access allow tempkhi http_access allow ipbskhi http_access allow proxykhi # ----------------Windows Update Section----------------------- acl windowsupdate dstdomain windowsupdate.microsoft.com acl windowsupdate dstdomain .update.microsoft.com acl windowsupdate dstdomain download.windowsupdate.com acl windowsupdate dstdomain redir.metaservices.microsoft.com acl windowsupdate dstdomain images.metaservices.microsoft.com acl windowsupdate dstdomain c.microsoft.com acl windowsupdate dstdomain www.download.windowsupdate.com acl windowsupdate dstdomain wustat.windows.com acl windowsupdate dstdomain crl.microsoft.com acl windowsupdate dstdomain sls.microsoft.com acl windowsupdate dstdomain productactivation.one.microsoft.com acl windowsupdate dstdomain ntservicepack.microsoft.com acl wuCONNECT dstdomain www.update.microsoft.com acl wuCONNECT dstdomain sls.microsoft.com #acl zohomeeting dstdomain .zoho.com http_access allow ipbizlhe bizsites whours wdays #http_access allow ipbizlhe nadra http_access allow ipbizkhi bizsites whours wdays #http_access allow ipbizkhi nadra http_access allow ipbizisb bizsites whours wdays #http_access allow ipbizisb nadra http_access allow filos bizsites whours wdays #http_access allow filos nadra http_access allow niftusers bizsites whours wdays #http_access allow niftusers nadra http_access allow CONNECT ipbizlhe bizsites http_access allow CONNECT ipbizkhi bizsites http_access allow CONNECT ipbizisb bizsites http_access allow CONNECT filos bizsites http_access allow CONNECT niftusers bizsites http_access allow CONNECT wuCONNECT ipbizlhe http_access allow CONNECT wuCONNECT ipbizkhi http_access allow CONNECT wuCONNECT ipbizisb http_access allow CONNECT wuCONNECT filos http_access allow CONNECT wuCONNECT niftusers http_access allow windowsupdate ipbizlhe http_access allow windowsupdate ipbizkhi http_access allow windowsupdate ipbizisb http_access allow windowsupdate filos http_access allow windowsupdate niftusers http_access allow CONNECT wuCONNECT localnet http_access allow windowsupdate localnet #http_access allow zohomeeting localnet http_access allow allowedtoall localnet #http_access allow mcb localnet # Other sites which are required to be given to access to all should be put here. #acl utorrents browser -i uTorrent/* #acl utorrents browser -i BTWebClient/* #http_access allow localnet utorrents http_access allow CONNECT wuCONNECT localhost http_access allow windowsupdate localhost auth_param negotiate program /usr/libexec/squid/squid_kerb_auth/squid_kerb_auth auth_param negotiate children 20 startup=5 idle=1 auth_param negotiate keep_alive on # basic auth ACL controls to make use of it are.(if and only if squid_kerb_ldap authorization is not used) acl auth proxy_auth REQUIRED #http_access deny !auth #http_access allow auth #------------------Groups fom Mailserver Domain:--------------------------- external_acl_type squid_kerb_ldap_msgroup1 ttl=3600 negative_ttl=3600 %LOGIN /usr/libexec/squid/squid_kerb_ldap -g INETGRP1@xxxxxxxxxxxxxxxxxxxxx #external_acl_type squid_kerb_ldap_msgroup2 ttl=3600 negative_ttl=3600 %LOGIN /usr/libexec/squid/squid_kerb_ldap -g INETGRP2@xxxxxxxxxxxxxxxxxxxxx external_acl_type squid_kerb_ldap_msgroup3 ttl=3600 negative_ttl=3600 %LOGIN /usr/libexec/squid/squid_kerb_ldap -g INETGRP3@xxxxxxxxxxxxxxxxxxxxx acl msgroup1 external squid_kerb_ldap_msgroup1 #acl msgroup2 external squid_kerb_ldap_msgroup2 acl msgroup3 external squid_kerb_ldap_msgroup3 #---------------- Groups from bts Domain :--------------------- #external_acl_type squid_kerb_ldap_btsgroup1 ttl=3600 negative_ttl=3600 %LOGIN /usr/libexec/squid/squid_kerb_ldap -g INETGRP1@xxxxxxxxxxxxxx # external_acl_type squid_kerb_ldap_btsgroup3 ttl=3600 negative_ttl=3600 %LOGIN /usr/libexec/squid/squid_kerb_ldap -g INETGRP3@xxxxxxxxxxxxxx #acl btsgroup1 external squid_kerb_ldap_btsgroup1 #acl btsgroup3 external squid_kerb_ldap_btsgroup3 #---------------ACLs Section for Mailserver Clients--------------------------- #http_access deny msgroup3 msnd #http_access deny msgroup3 msn #http_access deny msgroup3 msn1 #http_access deny msgroup3 numeric_IPs #http_access deny msgroup3 Skype_UA #http_access deny msgroup3 ym #http_access deny msgroup3 ymregex ###----Most Restricted settings Exclusive for Normal users......### # http reply access is not supported with authenticated clients so acl changed to simply http_access. futher R&D required. # Deny Streaming to Restricted Clients http_access deny msgroup3 Movies http_access deny msgroup3 MP3s #http_access deny msgroup3 FTP http_access deny msgroup3 MP3url http_access deny msgroup3 mediamms http_access deny msgroup3 mediaprmms http_access deny msgroup3 PornSites http_access deny msgroup3 mediaasf http_access deny msgroup3 mediaprasf #----------------------------------------------------Streaming youtube block for msgourp3(sarfraz 1-1-11 #http_access deny msgroup3 mediaflv http_reply_access deny mediaflv msgroup3 #http_access deny msgroup3 mediaprflv http_access deny msgroup3 RealAudio_url http_access deny POST msgroup3 RealAudio_mime http_access deny msgroup3 mediams-hdr http_access deny msgroup3 mediax-fcs #http_access deny msgroup3 youtube_domains #http_access deny msgroup1 facebook_sites #http_access deny msgroup3 facebook_sites http_access deny msgroup3 entdownloads http_access deny msgroup3 sdownloads #http_access deny msgroup3 torrentSeeds #http_access deny msgroup3 dlSites #http_access deny msgroup1 nadra #http_access deny msgroup3 nadra http_access allow msgroup1 #http_access allow msgroup2 http_access allow msgroup3 #----------------ACLs Section for bts Clients------------------------------ #http_access deny btsgroup3 msnd #http_access deny btsgroup3 msn #http_access deny btsgroup3 msn1 #http_access deny btsgroup3 numeric_IPs #http_access deny btsgroup3 Skype_UA #http_access deny btsgroup3 ym #http_access deny btsgroup3 ymregex #http_access deny btsgroup3 Movies #http_access deny btsgroup3 MP3s #http_access deny btsgroup3 FTP #http_access deny btsgroup3 MP3url #http_access deny btsgroup3 flashvideo #http_access deny btsgroup3 youtube_domains #http_access deny btsgroup3 facebook_sites #http_access deny btsgroup3 downloads #http_access deny btsgroup3 torrentSeeds #http_access deny btsgroup3 dlSites #http_access allow btsgroup1 bizsites wdays whours #http_access allow btsgroup1 nadra wdays whours http_access deny all Regards, Sarfraz ----- Original Message ----- From: Amos Jeffries <squid3@xxxxxxxxxxxxx> To: ***some text missing*** <shozii1@xxxxxxxxx>; "squid-users@xxxxxxxxxxxxxxx" <squid-users@xxxxxxxxxxxxxxx> Cc: Sent: Wednesday, January 29, 2014 2:44 PM Subject: Re: Website contents loading problem through squid proxy On 29/01/2014 10:02 p.m., ***some text missing*** wrote: > > Can you please guide me the way to troubleshoot this issue. You could share your squid.conf and we might be able to find something. Amos
