How about contacting google for advise?
They are the one that forces you to the issue.
They don't like it that you have a 1k clients behind your IP address.
They should tell you what to do.
You can tell them that you are using squid as a forward proxy to enforce
usage acls on users inside the network.
It's not a share to use squid...
It's a shame that you cannot get a reasonable explanation to the reason
you are blocked...
Eliezer
On 06/27/2014 02:43 AM, squid@xxxxxxxxxxxxxxxxx wrote:
So, I added those and restarted...still get the "your computer may be
sending automated queries" error form google.
I then set x forwarded for to off, no change.
Then commented out via, no change.
Current conf:
auth_param basic realm AAA proxy server
auth_param basic credentialsttl 2 hours
auth_param basic program /usr/lib64/squid/ncsa_auth /etc/squid/squid_passwd
authenticate_cache_garbage_interval 1 hour
authenticate_ip_ttl 2 hours
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 1863 # MSN messenger
acl ncsa_users proxy_auth REQUIRED
acl CONNECT method CONNECT
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny to_localhost
http_access allow localhost
http_access allow ncsa_users
http_access deny all
icp_access allow all
http_port 8080
access_log /var/log/squid/access.log squid
cache_log /var/log/squid/cache.log
buffered_logs on
half_closed_clients off
visible_hostname AAAProxyServer
log_icp_queries off
dns_nameservers 208.67.222.222 208.67.220.220
hosts_file /etc/hosts
memory_pools off
client_db off
delay_pools 1
delay_class 1 2
delay_parameters 1 -1/-1 400000/400000
forwarded_for on
via on
cache_mem 256 MB
Quoting Amos Jeffries <squid3@xxxxxxxxxxxxx>:
On 8/06/2014 5:06 a.m., Lawrence Pingree wrote:
I use the following but you need to make sure you have no looping
occurring in your nat rules if you are using Transparent mode.
forwarded_for delete
via off
Given that the notice is above traffic volume arriving at Google (not
looping) you probably actually need "via on" to both protect against
looping and tell google there is a proxy so they should use different
metrics.
You could also cache to reduce the upstream connection load. Squid does
in-memory caching well enough for up to MB sized objects if you give it
some cache_mem and remove that "cache deny all" (cache_dir is optional
and disabled by default in squid-3).
Amos
----- End forwarded message -----