Which version 3 are you migrating to? NP: you need at least 3.2 and preferrably 3.4 for an easy transition. Please run squid -k check and fix any problems it highlights. On 7/06/2014 11:20 a.m., squid@xxxxxxxxxxxxxxxxx wrote: > I have migrated to a new server and upgraded the version. > I can connect to the proxy and all webpages seem to work except when I > access a video site. > I'm just getting lots of TCP_MISS in the logs. > Is there anything in the conf that kight cause this? > The video sites can be accessed but when I press play, they just hang > continiuously on downloading. > > auth_param basic realm proxy server > auth_param basic credentialsttl 2 hours > auth_param basic program /usr/lib64/squid/ncsa_auth /etc/squid/squid_passwd > authenticate_cache_garbage_interval 1 hour > authenticate_ip_ttl 2 hours > acl all src all > acl manager proto cache_object > acl localhost src 127.0.0.1/255.255.255.255 > acl to_localhost dst 127.0.0.0/8 > acl SSL_ports port 443 > acl Safe_ports port 80 # http > acl Safe_ports port 21 # ftp > acl Safe_ports port 443 # https > acl Safe_ports port 70 # gopher > acl Safe_ports port 210 # wais > acl Safe_ports port 1025-65535 # unregistered ports > acl Safe_ports port 280 # http-mgmt > acl Safe_ports port 488 # gss-http > acl Safe_ports port 591 # filemaker > acl Safe_ports port 777 # multiling http > acl Safe_ports port 1863 # MSN messenger > acl ncsa_users proxy_auth REQUIRED > acl maxuser max_user_ip -s 2 Careful with this. Squid-3.1 and later are IPv6 enabled. You may see up to 5 unique IPs from any one actual machine. Although it has not been working anyway. see below.. > acl CONNECT method CONNECT > http_access deny manager > http_access allow ncsa_users Okay, so anyone logged in can do what they like with the proxy except gets to its cachemgr. None of the below security protections apply to authenticated users... > http_access deny !Safe_ports > http_access deny CONNECT !SSL_ports > http_access deny to_localhost NP: you should have the allow ncsa_users rule down here to protect your proxy (and users) against some common forms of abuse and malware nasties. > http_access deny maxuser Thats a useless position for this rule. authenticates users are aready allowed and Squid never even tests this rule for them. It has no effect on unauthentictated requests. > http_access allow localhost > http_access deny all > icp_access allow all > http_port 8080 > http_port aa.aaa.aaa.aa:80 What is your Squid supposed to be doing with port 80 traffic? > cache deny all > access_log /var/log/squid/access.log squid > cache_log /var/log/squid/cache.log > buffered_logs on > half_closed_clients off > visible_hostname ProxyServer > log_icp_queries off > dns_nameservers 208.67.222.222 208.67.220.220 > hosts_file /etc/hosts > memory_pools off > client_db off > coredump_dir /var/spool/squid > delay_pools 1 > delay_class 1 2 > delay_parameters 1 -1/-1 400000/400000 > forwarded_for off > via off > url_rewrite_program /usr/bin/squidGuard -c /etc/squid/squidguard.conf > url_rewrite_children 8 startup=0 idle=1 concurrency=0 > FYI: SG requires some patching to work with the latest Squid versions. http://bugs.squid-cache.org/show_bug.cgi?id=3978 Amos
