Search squid archive

Re: Website contents loading problem through squid proxy

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,
 
Any update.
 
Regards,
Sarfraz 


----- Original Message -----
From: ***some text missing*** <shozii1@xxxxxxxxx>
To: Amos Jeffries <squid3@xxxxxxxxxxxxx>; "squid-users@xxxxxxxxxxxxxxx" <squid-users@xxxxxxxxxxxxxxx>
Cc: 
Sent: Friday, January 31, 2014 7:08 PM
Subject: Re:  Website contents loading problem through squid  proxy

 
 
Below is my squid.conf configuration.
 #---------Network Defined------------
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
# for servers like wsus others ipbased access is required.
acl ipbslhe src "/etc/squid/iusers/lhe/ipbasedservers.list"
acl ipbskhi src "/etc/squid/iusers/khi/ipbasedservers.list"
 
# Executive ip clients
acl ipbcelhe src "/etc/squid/iusers/lhe/ipbcfullaccess.list"
acl ipbcekhi src "/etc/squid/iusers/khi/ipbcfullaccess.list"
acl isa src "/etc/squid/iusers/lhe/isa.list"
 
# Restricted IP based clients
acl ipbclhe src "/etc/squid/iusers/lhe/ipbasedclients.list"
acl ipbckhi src "/etc/squid/iusers/khi/ipbasedclients.list"
# Temporary IP Based clients
acl templhe src "/etc/squid/iusers/lhe/tempusers.list"
acl tempkhi src "/etc/squid/iusers/khi/tempusers.list"
#Special users that require torrnet access
acl allportslhe src "/etc/squid/iusers/lhe/allportscl.list"
acl allportskhi src "/etc/squid/iusers/khi/allportscl.list"
# For MCB visa update department which require quality of service.
acl visaupdaterskhi src "/etc/squid/iusers/khi/visaupdaters.list"
 
acl impsitessubnets src "/etc/squid/iusers/khi/impsitessubnets.list"
 
 
 
# Branches that have access to only few specific sites related to biz.
# In the next phase the branches related to Khi should be moved to Karachi Proxy.
acl ipbizlhe src "/etc/squid/iusers/lhe/ipbizlhe.list"
#acl ipbizkhi src "/etc/squid/iusers/lhe/ipbizkhi.list"
acl ipbizkhi src "/etc/squid/iusers/khi/ipbizkhi.list"
acl ipbizisb src "/etc/squid/iusers/lhe/ipbizisb.list"
acl filos src "/etc/squid/iusers/lhe/filos.list"
acl niftusers src "/etc/squid/iusers/lhe/niftusers.list"
#acl nadra_bkoffice_lhe src "/etc/squid/iusers/lhe/nadra.list"
#acl nadra_bkoffice_khi src "/etc/squid/iusers/khi/nadra.list"
#----------------------------- banned sites for specific users-----------------
acl special_clients src "/etc/squid/dacls/special_client_ips.list"
acl bad_domains dstdomain "/etc/squid/dacls/bad_domains.list"
 
 
# RFC1918 internal network
acl localnet src 10.0.0.0/8 
acl proxykhi src 10.25.88.175
acl serversubnet src 10.1.82.0/24
 
acl SSL_ports port 443  # HTTPS
#acl SSL_ports port 9443  # HTTPS
acl SSL_ports port 4443 # HTTPS
acl SSL_ports port 137 # VPN
acl SSL_ports port 138 # VPN
acl SSL_ports port 1900 # VPN
acl SSL_ports port 53333 # VPN
acl SSL_ports port 139 # VPN
acl SSL_ports port 8443 #AD Manager/Audit
#acl SSL_ports port 9045 #TPM
acl Safe_ports port 80 # http
acl Safe_ports port 4443 # HTTPS Lotus Protector
acl Safe_ports port 138 # VPN
acl Safe_ports port 137 # VPN
acl Safe_ports port 1900 # VPN
acl Safe_ports port 53333 # VPN
acl Safe_ports port 139 # VPN
#acl Safe_ports port 7777 # http
#acl Safe_ports port 89 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 8443 # Ad manager
acl Safe_ports port 443 # https
#acl Safe_ports port 9443 # https
#acl Safe_ports port 9045 #TPM HTTPs
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
 
acl CONNECT method CONNECT
acl FTP proto FTP 
acl GET method GET
acl POST method POST
#-------Necessary ACLs defined---------
http_access allow manager localhost
http_access deny manager
# Deny requests to unknown ports
http_access allow !Safe_ports allportslhe
http_access allow !Safe_ports allportskhi
http_access deny !Safe_ports
# Deny CONNECT to other than SSL ports
# For utorrentz to work the below directive is to comment but thats not safe.
http_access allow !SSL_ports allportslhe
http_access allow !SSL_ports allportskhi
http_access deny CONNECT !SSL_ports
http_access deny to_localhost
http_access allow FTP
# ------------------Local servers configurations-------------------------
acl localservers dstdomain .mcb.com.pk
always_direct allow localservers
cache deny localservers
#-------------cache peer if any---------------------
#cache_peer 10.1.82.205 parent 8080 0 default no-digest no-query
#never_direct allow all 
# Fault tolering the internet connection for business sites that are to be accessed from branches.
#cache_peer squidlhe1.mailserver.mcb.com.pk parent 8080 0 proxy-only
#prefer_direct on
#nonhierarchical_direct off
#cache_peer_access squidlhe1.mailserver.mcb.com.pk deny proxykhi
#cache_peer_access squidlhe1.mailserver.mcb.com.pk allow all
 
#cache_peer_access squidkhi1.mailserver.mcb.com.pk allow bizsites
# Nadra Setup
#cache_peer 10.1.82.16 parent 8080 0 default no-query no-digest
#acl nadra_sites dst 10.10.10.11 
#cache_peer_access 10.1.82.16 allow nadra_sites 
#never_direct allow nadra_sites
#minimum_object_size 32 KB
maximum_object_size 4194304 KB
maximum_object_size_in_memory 1024 KB
#This settings seems to affect the delaypools so should be kept to minimum i have set it to default.
quick_abort_min 10000 KB
quick_abort_max 20000 KB
range_offset_limit -1 KB
negative_ttl 0
#--------Cache Memory Settings-----------
#memory_replacement_policy heap GDSF
#cache_mem 1024 MB
#------- Cache Directory Related Definition----------
cache_replacement_policy heap LFUDA
cache_dir aufs /cachedisk1/var/spool/squid 60000 128 256
#cache_replacement_policy heap LFUDA
#cache_dir aufs /cache1/spool/squid 40000 128 256
#---------Refresh Pattern Portion--------------------------
# Custom Refresh patterns will come first
# Updates windows
refresh_pattern windowsupdate.com/.*.(cab|exe)(\?|$) 518400 100% 518400 reload-into-ims
refresh_pattern update.microsoft.com/.*.(cab|exe)(\?|$) 518400 100% 518400 reload-into-ims
refresh_pattern download.microsoft.com/.*.(cab|exe)(\?|$) 518400 100% 518400 reload-into-ims
refresh_pattern download.windowsupdate.com/.*\.(cab|exe|dll|msi) 1440 100% 43200 reload-into-ims
#specific for youtube custom refreshpatterns belowones....
refresh_pattern -i (get_video\?|videoplayback\?|videodownload\?) 5259487 99999999% 5259487 override-expire ignore-reload
# Break HTTP standard for flash videos. Keep them in cache even if asked not to.
refresh_pattern -i \.flv$ 10080 90% 999999 ignore-no-cache override-expire ignore-private
# Other long-lived items
refresh_pattern -i \.(jp(e?g|e|2)|gif|png|tiff?|bmp|ico|flv)(\?|$) 161280 3000% 525948 override-expire reload-into-ims
refresh_pattern -i \.(iso|avi|wav|mp3|mp4|mpeg|mpg|swf|x-flv)$ 43200 90% 432000 override-expire ignore-no-cache ignore-private
refresh_pattern -i \.(deb|rpm|exe|ram|bin|pdf|ppt|doc|tiff)$ 10080 90% 43200 override-expire ignore-no-cache ignore-private
refresh_pattern -i \.(gif|png|jpg|jpeg|ico)$ 10080 90% 43200 override-expire ignore-no-cache ignore-private
refresh_pattern -i \.(zip|gz|arj|lha|lzh|tar|tgz|cab|rar)$ 10080 95% 43200 override-expire ignore-no-cache ignore-private
refresh_pattern -i \.(php|asp|aspx|cgi|html|htm|css|js) 1440 40% 40320
refresh_pattern -i (.*html$|.*htm|.*shtml|.*aspx|.*asp|.*php) 180 35% 4320 override-expire override-lastmod ignore-reload reload-into-ims
refresh_pattern ^http://www.flickr.com/.*180 100% 4320 override-expire override-lastmod ignore-reload reload-into-ims
refresh_pattern ^http://www.jobsdb.com/.*180 35% 4320 override-expire override-lastmod ignore-reload reload-into-ims
refresh_pattern ^http://www.download.com/.*180 100% 4320 override-expire override-lastmod ignore-reload reload-into-ims
refresh_pattern ^http://www.amazon.com/.*180 35% 4320 override-expire override-lastmod ignore-reload reload-into-ims
refresh_pattern ^http://www.myspace.com/.*180 100% 4320 override-expire override-lastmod ignore-reload reload-into-ims
#suggested defaults
refresh_pattern ^ftp:    1440    20%     10080
refresh_pattern ^gopher:       1440    0%      1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
#-----------------------------Defined URLs which will be sent to the store url rewriter.
acl store_rewrite_list urlpath_regex \/(get_video\?|videodownload\?|videoplayback.*id)
acl store_rewrite_list_domain url_regex ^http:\/\/([a-zA-Z-]+[0-9-]+)\.[A-Za-z]*\.[A-Za-z]*
acl store_rewrite_list_domain url_regex (([a-z]{1,2}[0-9]{1,3})|([0-9]{1,3}[a-z]{1,2}))\.[a-z]*[0-9]?\.[a-z]{3}
acl store_rewrite_list_path urlpath_regex \.(jp(e?g|e|2)|gif|png|tiff?|bmp|ico|flv|avc|zip|mp3|3gp|rar|on2|mar|exe)$
acl html url_regex \.((html|htm|php|js|css|aspx)(\?.*)?)$ \.com\/$ \.com$
acl images urlpath_regex \.((jp(e?g|e|2)|gif|png|tiff?|bmp|ico)(\?.*)?)$
acl store_rewrite_list_domain_CDN url_regex \.rapidshare\.com.*\/[0-9]*\/.*\/[^\/]* ^http:\/\/(www\.ziddu\.com.*\.[^\/]{3,4})\/(.*) \.doubleclick\.net.* yieldmanager cpxinteractive ^http:\/\/[.a-z0-9]*\.photobucket\.com.*\.[a-z]{3}$ quantserve\.com
acl rapidurl url_regex \.rapidshare\.com.*\/[0-9]*\/[0-9]*\/[^\/]*
acl video urlpath_regex \.((mpeg|ra?m|avi|mp(g|e|4)|mov|divx|asf|qt|wmv|m\dv|rv|vob|asx|ogm|flv|3gp)(\?.*)?)$ (get_video\?|videoplayback\?|videodownload\?|\.flv(\?.*)?)
#----------------------------------------------------------------------------------------
storeurl_access allow store_rewrite_list_domain_CDN 
storeurl_access allow store_rewrite_list_domain
storeurl_access allow store_rewrite_list_path
storeurl_access allow store_rewrite_list
storeurl_access allow html
storeurl_access allow images
storeurl_access allow video
storeurl_access deny all
# call storeurl rewrite helper program
storeurl_rewrite_program /usr/libexec/squid/storeurl.pl
storeurl_rewrite_children 10 
storeurl_rewrite_concurrency 20
#url_rewrite_program /usr/libexec/squid/redirect.php
#url_rewrite_children 5
#url_rewrite_concurrency 0
#url_rewrite_access allow all
 
#---------Administrative Directives-----------------
http_port 8080
visible_hostname squidkhi1.mailserver.mcb.com.pk
cache_effective_user proxy 
cache_effective_group proxy
cache_mgr servicedesk@xxxxxxxxxx
#cachemgr_passwd password all (not required as informational aspects are covered without it)
icp_port 0
# snmp related configuration....
#snmp_port 3161
#acl snmppublic snmp_community public
#snmp_access allow snmppublic localhost
#snmp_access deny all
access_log /var/logs/access.log
cache_store_log none
coredump_dir /cachedisk1/var/spool/squid
fqdncache_size 1536
ipcache_size 6144
connect_timeout 2 minutes
#negative_dns_ttl 10 seconds
###These are the varaibles that should be enabled if required.Knowing completely what are u doing.
#dns_retransmit_interval 10 seconds
#memory_pools off
#incoming_rate 15
#server_http11 on
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
#cache_vary off
acl PURGE method PURGE
http_access allow PURGE localhost
http_access deny PURGE
#---------Directives to enhance security-----------
allow_underscore off
httpd_suppress_version_string on
forwarded_for off
log_mime_hdrs on
#--------Definition of working hours---------------
acl wdays time MTWHFA 
acl whours time 09:00-18:00
# Ramdadan Timinings
#acl whours time 08:30-15:30
#------------------Delay Pools Settings-----------------------------------
#complete bandwidth available 3276800
delay_pools 4
delay_class 1 2
delay_access 1 allow serversubnet wdays whours 
delay_access 1 deny all
delay_parameters 1 294912/294912 -1/-1
delay_class 2 2
#delay_access 3 allow ipbc
#delay_access 3 allow temp
#delay_access 3 deny all
delay_access 2 allow visaupdaterskhi wdays whours
delay_access 2 deny all
delay_parameters 2 294912/294912 131072/131072
#delay_parameters 3 409600/409600 196608/196608
delay_class 3 2
delay_access 3 allow impsitessubnets wdays whours
delay_access 3 deny all
#delay_access 2 deny ipbs
#delay_access 2 deny ipbc
#delay_access 2 deny temp
#delay_access 2 allow all wdays whours
#delay_parameters 2 -1/-1 131072/131072
delay_parameters 3 786432/786432 131072/131072 
delay_class 4 2
delay_access 4 deny serversubnet
delay_access 4 deny impsitessubnets
#delay_access 4 deny proxylhe
delay_access 4 deny visaupdaterskhi
delay_access 4 allow all
 
#--------------------Definitions for BlockingRules------------------
###Definition of MP3/MPEG
acl MP3url urlpath_regex \.mp3(\?.*)?$
acl Movies rep_mime_type video/mpeg
acl MP3s rep_mime_type audio/mpeg
####-------------------------------Media Streams--------------------
## MediaPlayer MMS Protocol
acl mediamms rep_mime_type mms
acl mediaprmms url_regex dvrplayer mediastream ^mms://
## (Squid does not yet handle the URI as a known proto type.)
## Active Stream Format (Windows Media Player)
acl mediaasf rep_mime_type x-ms-asf
acl mediaprasf urlpath_regex \.(afx|asf)(\?.*)?$
## Flash Video Format
acl mediaflv rep_mime_type video/flv video/x-flv
acl mediaprflv urlpath_regex \.flv(\?.*)?$
## Flash General Media Scripts (Animation)
acl media rep_mime_type application/x-shockwave-flash
acl mediapr urlpath_regex \.swf(\?.*)?$
## Others currently unknown
acl mediams-hdr rep_mime_type ms-hdr
acl mediax-fcs rep_mime_type x-fcs
acl RealAudio_url urlpath_regex /SmpDsBhgRl(.*)
acl RealAudio_mime req_mime_type application/x-pncmd
#------------------------------Media Streams End here------------------------
# Nadra Verification 
#acl nadra dst 10.10.10.11
# Sites which must be operned to whole MCB.
acl allowedtoall dstdomain "/etc/squid/dacls/allowedtoall.list"
###Definition of bizsites
acl bizsites dstdomain "/etc/squid/dacls/bizsites.list"
###Definition for Disallowing download of programs from web#####
acl sdownloads url_regex "/etc/squid/dacls/sdownload.list"
###Definition for Disallowing download of entertainmentstuff from web.
acl entdownloads url_regex "/etc/squid/dacls/entdownload.list"
###Definition of  Porn
acl PornSites dstdomain "/etc/squid/dacls/pornblocked.list"
####Definition of YouTube.
## The videos come from several domains
#acl youtube_domains dstdomain .youtube.com .googlevideo.com .ytimg.com
###Definition of FaceBook
acl facebook_sites dstdomain .facebook.com
cache deny facebook_sites
header_access Accept-Encoding deny facebook_sites
acl ecgi_sites dstdomain .ecgi.org
cache deny ecgi_sites
acl kse dstdomain .kse.com.pk
cache deny kse
#acl ms dstdomain .microsoft.com
#cache deny ms
 
#### Definition of MSN Messenger
#acl msn urlpath_regex -i gateway.dll
#acl msnd dstdomain messenger.msn.com gateway.messenger.hotmail.com
#acl msn1 req_mime_type application/x-msn-messenger
####Definition of Skype
#acl numeric_IPs url_regex ^(([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)|(\[([0-9af]+)?:([0-9af:]+)?:([0-9af]+)?\])):443
#acl Skype_UA browser ^skype^
##Definition of Yahoo! Messenger
#acl ym dstdomain .messenger.yahoo.com .psq.yahoo.com
#acl ym dstdomain .us.il.yimg.com .msg.yahoo.com .pager.yahoo.com
#acl ym dstdomain .rareedge.com .ytunnelpro.com .chat.yahoo.com
#acl ym dstdomain .voice.yahoo.com
#acl ymregex url_regex yupdater.yim ymsgr myspaceim
## Other protocols Yahoo!Messenger uses ??
#acl ym dstdomain .skype.com .imvu.com
###Definiton of Torrentz####
#acl torrentSeeds urlpath_regex \.torrent(\?.*)?$
###Definition of Rapidshare###
##acl dlSites dstdomain .rapidshare.com .rapidsharemegaupload.com .filespump.com
# For tigher conrol over sites such as facebook youtube.
#acl BIP dst "/etc/squid/dacls/blockedips.list"
###Limiting by Reply Body Size#####
#eply_body_max_size 0 deny sdownloads
reply_body_max_size 524288000 deny sdownloads
#eply_body_max_size 219430400  allow entdownloads
#external_acl_type   session  ttl=300  negative_ttl=0  children=1   concurrency=200 %SRC /usr/libexec/squid/squid_session
#acl session external session
#http_access deny !session
#deny_info http://10.1.82.175/squid-errors/default.htm?url=%ssession
#---------------ACLs Section for IP Based Clients---------------------------
http_access deny PornSites
#http_access deny ipbc msnd 
#http_access deny ipbc msn 
#http_access deny ipbc msn1
#http_access deny ipbc numeric_IPs
#http_access deny ipbc Skype_UA 
#http_access deny ipbc ym 
#http_access deny ipbc ymregex 
#--------------------- -----------------Deny Streaming to Restricted Clients------------------------------------------
http_reply_access deny ipbclhe Movies
http_reply_access deny ipbckhi Movies
http_reply_access deny templhe Movies
http_reply_access deny tempkhi Movies
http_reply_access deny ipbslhe Movies
http_reply_access deny ipbskhi Movies
http_reply_access deny ipbclhe MP3s
http_reply_access deny ipbckhi MP3s
http_reply_access deny templhe MP3s 
http_reply_access deny tempkhi MP3s
http_reply_access deny ipbslhe Mp3s
http_reply_access deny ipbskhi Mp3s
#http_access deny ipbc FTP
#http_access deny temp FTP
#http_access deny ipbs FTP
http_access deny ipbclhe MP3url
http_access deny ipbckhi MP3url
http_access deny templhe MP3url
http_access deny tempkhi MP3url
http_access deny ipbslhe MP3url
http_access deny ipbskhi Mp3url
http_reply_access deny ipbclhe mediamms
http_reply_access deny ipbckhi mediamms
http_reply_access deny templhe mediamms
http_reply_access deny tempkhi mediamms
http_reply_access deny ipbslhe mediamms
http_reply_access deny ipbskhi mediamms
http_reply_access deny ipbclhe mediaasf
http_reply_access deny ipbckhi mediaasf
http_reply_access deny templhe mediaasf
http_reply_access deny tempkhi mediaasf
http_reply_access deny ipbslhe mediaasf
http_reply_access deny ipbskhi mediaasf
#-----------------------------------------------Streaming youtube block for ipbased,temp,servers(sarfraz 1-1-011)
http_reply_access deny ipbclhe mediaflv
#http_reply_access deny templhe mediaflv
#http_reply_access deny ipbslhe mediaflv
http_reply_access deny ipbckhi mediaflv
http_access deny ipbclhe mediaprmms
http_access deny templhe mediaprmms
http_access deny ipbslhe mediaprmms
http_access deny ipbckhi mediaprmms
http_access deny tempkhi mediaprmms
http_access deny ipbskhi mediaprmms
 
http_access deny ipbclhe mediaprasf
http_access deny templhe mediaprasf
http_access deny ipbslhe mediaprasf
http_access deny ipbckhi mediaprasf
http_access deny tempkhi mediaprasf
http_access deny ipbskhi mediaprasf
 
 
#http_access deny ipbc mediaprflv
#http_access deny temp mediaprflv
#http_access deny ipbs mediaprflv
http_access deny ipbclhe RealAudio_url
http_access deny templhe RealAudio_url
http_access deny ipbslhe RealAudio_url
http_access deny ipbckhi RealAudio_url
http_access deny tempkhi RealAudio_url
http_access deny ipbskhi RealAudio_url
 
 
http_access deny POST ipbclhe RealAudio_mime
http_access deny POST templhe RealAudio_mime
http_access deny ipbslhe RealAudio_mime
http_access deny POST ipbckhi RealAudio_mime
http_access deny POST tempkhi RealAudio_mime
http_access deny ipbskhi RealAudio_mime
http_reply_access deny ipbclhe mediams-hdr
http_reply_access deny templhe mediams-hdr
http_reply_access deny ipbslhe mediams-hdr
http_reply_access deny ipbckhi mediams-hdr
http_reply_access deny tempkhi mediams-hdr
http_reply_access deny ipbskhi mediams-hdr
 
#http_reply_access deny templhe mediams-hdr
http_reply_access deny ipbslhe mediax-fcs
http_reply_access deny ipbclhe mediax-fcs
http_reply_access deny ipbckhi mediax-fcs
#http_reply_access deny tempkhi mediams-hdr
http_reply_access deny ipbskhi mediax-fcs
 
#http_access deny ipbc youtube_domains
http_access allow isa
#http_access allow facebook_sites isa
http_access deny ipbclhe PornSites
http_access deny ipbckhi PornSites
http_access deny templhe PornSites
http_access deny tempkhi PornSites
http_access deny ipbslhe PornSites
http_access deny ipbskhi PornSites
http_access deny facebook_sites
#http_access deny facebook_sites ipbcelhe
#http_access deny facebook_sites templhe
#http_access deny facebook_sites ipbslhe
#http_access deny facebook_sites ipbcekhi
#http_access deny facebook_sites ipbckhi
#http_access deny facebook_sites tempkhi
#http_access deny facebook_sites ipbskhi
#http_access deny BIP
http_access deny ipbclhe entdownloads
http_access deny templhe entdownloads
http_access deny ipbslhe entdownloads
http_access deny ipbckhi entdownloads
http_access deny tempkhi entdownloads
http_access deny ipbskhi entdownloads
http_access deny ipbclhe sdownloads
http_access deny ipbckhi sdownloads
#http_access deny ipbc torrentSeeds
#http_access deny ipbc dlSites
#http_access allow nadra_bkoffice_lhe nadra wdays whours
#http_access allow nadra_bkoffice_khi nadra wdays whours
#http_access deny ipbcelhe nadra
#http_access deny ipbclhe nadra
#http_access deny templhe nadra
#http_access deny ipbslhe nadra
#http_access deny ipbcekhi nadra
#http_access deny ipbckhi nadra
#http_access deny tempkhi nadra
#http_access deny ipbskhi nadra
http_access deny bad_domains special_clients
http_access allow ipbcelhe
#http_access allow isa
http_access allow ipbclhe
http_access allow templhe
http_access allow ipbslhe
http_access allow ipbcekhi
http_access allow ipbckhi
http_access allow tempkhi
http_access allow ipbskhi
http_access allow proxykhi
 
# ----------------Windows Update Section-----------------------
acl windowsupdate dstdomain windowsupdate.microsoft.com
acl windowsupdate dstdomain .update.microsoft.com
acl windowsupdate dstdomain download.windowsupdate.com
acl windowsupdate dstdomain redir.metaservices.microsoft.com
acl windowsupdate dstdomain images.metaservices.microsoft.com
acl windowsupdate dstdomain c.microsoft.com
acl windowsupdate dstdomain www.download.windowsupdate.com
acl windowsupdate dstdomain wustat.windows.com
acl windowsupdate dstdomain crl.microsoft.com
acl windowsupdate dstdomain sls.microsoft.com
acl windowsupdate dstdomain productactivation.one.microsoft.com
acl windowsupdate dstdomain ntservicepack.microsoft.com
acl wuCONNECT dstdomain www.update.microsoft.com
acl wuCONNECT dstdomain sls.microsoft.com
#acl zohomeeting dstdomain .zoho.com
http_access allow ipbizlhe bizsites whours wdays
#http_access allow ipbizlhe nadra
http_access allow ipbizkhi bizsites whours wdays
#http_access allow ipbizkhi nadra 
http_access allow ipbizisb bizsites whours wdays
#http_access allow ipbizisb nadra
http_access allow filos bizsites whours wdays
#http_access allow filos nadra
http_access allow niftusers bizsites whours wdays
#http_access allow niftusers nadra
http_access allow CONNECT ipbizlhe bizsites
http_access allow CONNECT ipbizkhi bizsites 
http_access allow CONNECT ipbizisb bizsites 
http_access allow CONNECT filos bizsites 
http_access allow CONNECT niftusers bizsites 
 
http_access allow CONNECT wuCONNECT ipbizlhe
http_access allow CONNECT wuCONNECT  ipbizkhi
http_access allow CONNECT wuCONNECT ipbizisb
http_access allow CONNECT wuCONNECT filos
http_access allow CONNECT wuCONNECT niftusers
http_access allow windowsupdate ipbizlhe
http_access allow windowsupdate ipbizkhi 
http_access allow windowsupdate ipbizisb 
http_access allow windowsupdate filos
http_access allow windowsupdate niftusers
 
http_access allow CONNECT wuCONNECT localnet
http_access allow windowsupdate localnet
#http_access allow zohomeeting localnet
http_access allow allowedtoall localnet
 
#http_access allow mcb localnet
# Other sites which are required to be given to access to all should be put here.
#acl utorrents browser -i uTorrent/*
#acl utorrents browser -i BTWebClient/*
#http_access allow localnet utorrents
 
http_access allow CONNECT wuCONNECT localhost
http_access allow windowsupdate localhost
auth_param negotiate program /usr/libexec/squid/squid_kerb_auth/squid_kerb_auth
auth_param negotiate children 20 startup=5 idle=1
auth_param negotiate keep_alive on
# basic auth ACL controls to make use of it are.(if and only if squid_kerb_ldap authorization is not used)
acl auth proxy_auth REQUIRED
#http_access deny !auth
#http_access allow auth
#------------------Groups fom Mailserver Domain:---------------------------
external_acl_type squid_kerb_ldap_msgroup1 ttl=3600  negative_ttl=3600  %LOGIN /usr/libexec/squid/squid_kerb_ldap -g INETGRP1@xxxxxxxxxxxxxxxxxxxxx 
#external_acl_type squid_kerb_ldap_msgroup2 ttl=3600  negative_ttl=3600  %LOGIN /usr/libexec/squid/squid_kerb_ldap -g INETGRP2@xxxxxxxxxxxxxxxxxxxxx 
external_acl_type squid_kerb_ldap_msgroup3 ttl=3600  negative_ttl=3600  %LOGIN /usr/libexec/squid/squid_kerb_ldap -g INETGRP3@xxxxxxxxxxxxxxxxxxxxx 
acl msgroup1 external squid_kerb_ldap_msgroup1
#acl msgroup2 external squid_kerb_ldap_msgroup2
acl msgroup3 external squid_kerb_ldap_msgroup3
#---------------- Groups from bts Domain :---------------------
#external_acl_type squid_kerb_ldap_btsgroup1 ttl=3600  negative_ttl=3600  %LOGIN /usr/libexec/squid/squid_kerb_ldap -g INETGRP1@xxxxxxxxxxxxxx
# external_acl_type squid_kerb_ldap_btsgroup3 ttl=3600  negative_ttl=3600  %LOGIN /usr/libexec/squid/squid_kerb_ldap -g INETGRP3@xxxxxxxxxxxxxx
#acl btsgroup1 external squid_kerb_ldap_btsgroup1
#acl btsgroup3 external squid_kerb_ldap_btsgroup3
#---------------ACLs Section for Mailserver Clients---------------------------
#http_access deny  msgroup3 msnd
#http_access deny  msgroup3 msn
#http_access deny  msgroup3 msn1
#http_access deny  msgroup3 numeric_IPs
#http_access deny  msgroup3 Skype_UA
#http_access deny  msgroup3 ym
#http_access deny  msgroup3 ymregex
###----Most Restricted settings Exclusive for Normal users......###
# http reply access is not supported with authenticated clients so acl changed to simply http_access. futher R&D required.
# Deny Streaming to Restricted Clients
http_access deny  msgroup3 Movies
http_access deny  msgroup3 MP3s
#http_access deny  msgroup3 FTP
http_access deny  msgroup3 MP3url
http_access deny  msgroup3 mediamms
http_access deny msgroup3 mediaprmms
http_access deny msgroup3 PornSites
http_access deny msgroup3 mediaasf
http_access deny  msgroup3 mediaprasf
#----------------------------------------------------Streaming youtube block for msgourp3(sarfraz 1-1-11
#http_access deny msgroup3 mediaflv
http_reply_access deny mediaflv msgroup3
#http_access deny msgroup3 mediaprflv
http_access deny msgroup3 RealAudio_url
http_access deny POST msgroup3 RealAudio_mime
http_access deny msgroup3 mediams-hdr
http_access deny msgroup3 mediax-fcs
#http_access deny  msgroup3 youtube_domains
#http_access deny  msgroup1 facebook_sites
#http_access deny  msgroup3 facebook_sites
http_access deny  msgroup3 entdownloads
http_access deny  msgroup3 sdownloads
#http_access deny  msgroup3 torrentSeeds
#http_access deny  msgroup3 dlSites
#http_access deny msgroup1 nadra
#http_access deny msgroup3 nadra
http_access allow msgroup1
#http_access allow msgroup2
http_access allow msgroup3
#----------------ACLs Section for bts Clients------------------------------
#http_access deny btsgroup3 msnd
#http_access deny btsgroup3 msn
#http_access deny btsgroup3 msn1
#http_access deny btsgroup3 numeric_IPs
#http_access deny btsgroup3 Skype_UA
#http_access deny btsgroup3 ym
#http_access deny btsgroup3 ymregex 
#http_access deny btsgroup3 Movies
#http_access deny btsgroup3 MP3s
#http_access deny btsgroup3 FTP
#http_access deny btsgroup3 MP3url
#http_access deny btsgroup3 flashvideo
#http_access deny btsgroup3 youtube_domains
#http_access deny btsgroup3 facebook_sites
#http_access deny btsgroup3 downloads
#http_access deny btsgroup3 torrentSeeds
#http_access deny btsgroup3 dlSites
#http_access allow btsgroup1 bizsites wdays whours
#http_access allow btsgroup1 nadra wdays whours
http_access deny all
 
Regards,
Sarfraz
 
 
 


----- Original Message -----
From: Amos Jeffries <squid3@xxxxxxxxxxxxx>
To: ***some text missing*** <shozii1@xxxxxxxxx>; "squid-users@xxxxxxxxxxxxxxx" <squid-users@xxxxxxxxxxxxxxx>
Cc: 
Sent: Wednesday, January 29, 2014 2:44 PM
Subject: Re:  Website contents loading problem through squid  proxy

On 29/01/2014 10:02 p.m., ***some text missing*** wrote:
>  
> Can you please guide me the way to troubleshoot this issue.

You could share your squid.conf and we might be able to find something.


Amos   





[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux