Search squid archive

Re: problem migrating from 2 to v3 and to new server: video streaming

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Which version 3 are you migrating to?
 NP: you need at least 3.2 and preferrably 3.4 for an easy transition.

Please run squid -k check and fix any problems it highlights.

On 7/06/2014 11:20 a.m., squid@xxxxxxxxxxxxxxxxx wrote:
> I have migrated to a new server and upgraded the version.
> I can connect to the proxy and all webpages seem to work except when I
> access a video site.
> I'm just getting lots of TCP_MISS in the logs.
> Is there anything in the conf that kight cause this?
> The video sites can be accessed but when I press play, they just hang
> continiuously on downloading.
> 
> auth_param basic realm proxy server
> auth_param basic credentialsttl 2 hours
> auth_param basic program /usr/lib64/squid/ncsa_auth /etc/squid/squid_passwd
> authenticate_cache_garbage_interval 1 hour
> authenticate_ip_ttl 2 hours
> acl all src all
> acl manager proto cache_object
> acl localhost src 127.0.0.1/255.255.255.255
> acl to_localhost dst 127.0.0.0/8
> acl SSL_ports port 443
> acl Safe_ports port 80          # http
> acl Safe_ports port 21          # ftp
> acl Safe_ports port 443         # https
> acl Safe_ports port 70          # gopher
> acl Safe_ports port 210         # wais
> acl Safe_ports port 1025-65535  # unregistered ports
> acl Safe_ports port 280         # http-mgmt
> acl Safe_ports port 488         # gss-http
> acl Safe_ports port 591         # filemaker
> acl Safe_ports port 777         # multiling http
> acl Safe_ports port 1863         # MSN messenger
> acl ncsa_users proxy_auth REQUIRED
> acl maxuser max_user_ip -s 2

Careful with this. Squid-3.1 and later are IPv6 enabled. You may see up
to 5 unique IPs from any one actual machine.

Although it has not been working anyway. see below..

> acl CONNECT method CONNECT
> http_access deny manager
> http_access allow ncsa_users

Okay, so anyone logged in can do what they like with the proxy except
gets to its cachemgr.
None of the below security protections apply to authenticated users...

> http_access deny !Safe_ports
> http_access deny CONNECT !SSL_ports
> http_access deny to_localhost

NP: you should have the allow ncsa_users rule down here to protect your
proxy (and users) against some common forms of abuse and malware nasties.

> http_access deny maxuser

Thats a useless position for this rule. authenticates users are aready
allowed and Squid never even tests this rule for them. It has no effect
on unauthentictated requests.

> http_access allow localhost
> http_access deny all
> icp_access allow all
> http_port 8080
> http_port aa.aaa.aaa.aa:80

What is your Squid supposed to be doing with port 80 traffic?

> cache deny all
> access_log /var/log/squid/access.log squid
> cache_log /var/log/squid/cache.log
> buffered_logs on
> half_closed_clients off
> visible_hostname ProxyServer
> log_icp_queries off
> dns_nameservers 208.67.222.222 208.67.220.220
> hosts_file /etc/hosts
> memory_pools off
> client_db off
> coredump_dir /var/spool/squid
> delay_pools 1
> delay_class 1 2
> delay_parameters 1 -1/-1 400000/400000
> forwarded_for off
> via off
> url_rewrite_program /usr/bin/squidGuard -c /etc/squid/squidguard.conf
> url_rewrite_children 8 startup=0 idle=1 concurrency=0
> 

FYI: SG requires some patching to work with the latest Squid versions.
http://bugs.squid-cache.org/show_bug.cgi?id=3978

Amos





[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux