Search squid archive

Re: ACL Problem

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi Eliezer,

Thanks for your kind respond. actually im reposting because i see on http://marc.info/ that my email is unreadable because the format from the email client i used (yahoo internal send mail editor), because its unreadable then im afraid no one will reply to it.

Ok for the squid problem, i think it is cause by the squid server, because when im skipping squid server, the web access for this url not having these problem.
In the access log i only see the user can access the main web 


[root@localhost html]# tail -f /var/log/squid/access.log | grep 192.25.80.58 
2014-06-30 16:26:42     64 192.25.80.58 TCP_MISS/200 30289 GET http://989321dut38h.sbobet.com/euro/ - DIRECT/103.11.41.9 text/html 
2014-06-30 16:26:42   -131 192.25.80.58 TCP_MISS/200 48308 GET http://989321dut38h.sbobet.com/en/resource/e/euro-static.js? - DIRECT/103.11.41.9 application/x-javascript 
2014-06-30 16:26:42   -137 192.25.80.58 TCP_MISS/200 15143 GET http://989321dut38h.sbobet.com/en/resource/e/euro-dynamic.js? - DIRECT/103.11.41.9 application/x-javascript 

but for the other css / js file needed for these main web is not found in access.log.



Here is my squid.conf :

http_port 888 transparent 
cache_mem 128 MB 
cache_mgr xxxxxxxxx 

cachemgr_passwd xxxxx all 
cache_dir aufs /var/spool/squid 8000 256 256 

cache_dir aufs /var/spool/squid1 8000 256 256 
cache_dir aufs /var/spool/squid2 8000 256 256 
cache_dir aufs /var/spool/squid3 8000 256 256 
cache_dir aufs /var/spool/squid4 8000 256 256 
cache_dir aufs /var/spool/squid5 8000 256 256 
cache_dir aufs /var/spool/squid6 8000 256 256 
cache_dir aufs /var/spool/squid7 8000 256 256 
cache_dir aufs /var/spool/squid8 8000 256 256 

logformat squid %{%Y-%m-%d %H:%M:%S}tl %6tr %>a %Ss/%03Hs %<st %rm %ru %un %Sh/%<A %mt 

max_filedesc 8000 
dns_nameservers 192.168.189.189 
cache_access_log /var/log/squid/access.log squid 
request_body_max_size 0 KB 
cache_log /var/log/squid/cache.log 
server_http11 on 

cache_store_log none 

negative_ttl 1 minutes 
maximum_object_size 200 MB 
half_closed_clients off 
cache_effective_user squid 
cache_effective_group squid 
cache_swap_high 95 
cache_swap_low 90 
cache_replacement_policy  heap LFUDA 
memory_replacement_policy  heap GDSF 
maximum_object_size_in_memory 640 KB 
zph_mode tos 
zph_local 0x30 
zph_parent 0x30 
#zph_sibling 0x10 
zph_option 136 
hierarchy_stoplist cgi-bin ? 
acl QUERY urlpath_regex cgi-bin  \? 
no_cache deny QUERY 
pid_filename /var/run/squid.pid 
auth_param basic children 5 
auth_param basic realm Squid proxy-caching web server 
auth_param basic credentialsttl 2 hours 
auth_param basic casesensitive off 
refresh_pattern (/cgi-bin/|\?) 0 0% 0 
refresh_pattern . 0 20% 4 
refresh_pattern -i exe$ 0 800% 999999 ignore-reload 
refresh_pattern -i zip$ 0 800% 999999 ignore-reload 
refresh_pattern -i tar\.gz$ 0 800% 999999 ignore-reload 
refresh_pattern -i tgz$ 0 800% 999999 ignore-reload 
refresh_pattern -i rar$ 0 800% 999999 ignore-reload 
refresh_pattern -i rpm$ 0 800% 999999 ignore-reload 
refresh_pattern -i cab$ 0 800% 999999 ignore-reload 
refresh_pattern -i pdf$ 0 800% 999999 ignore-reload 
refresh_pattern -i bin$ 0 800% 999999 ignore-reload 
refresh_pattern -i dat$ 0 800% 999999 ignore-reload 
refresh_pattern -i gif$ 21600 999% 999999 
refresh_pattern -i jpeg$ 21600 999% 999999 
refresh_pattern -i jpg$ 21600 999% 999999 
refresh_pattern -i png$ 0 500% 999999 
refresh_pattern -i jpe$ 21600 999% 999999 
refresh_pattern -i tif$ 21600 999% 999999 
refresh_pattern ^ftp:           1440    20%     10080 
refresh_pattern ^gopher:        1440    0%      1440 
refresh_pattern .       180     95%     120960  reload-into-ims override-lastmod 
refresh_pattern ^http://*.googlesyndication.*/.* 720 90% 4320 
# various windows versions 
refresh_pattern http://.*\.windowsupdate\.microsoft\.com/ 0 80% 20160 reload-into-ims 
refresh_pattern http://.*\.update\.microsoft\.com/ 0 80% 20160 reload-into-ims 
refresh_pattern http://download\.microsoft\.com/ 0 80% 20160 reload-into-ims 
refresh_pattern http://windowsupdate\.microsoft\.com/ 0 80% 20160 reload-into-ims 
refresh_pattern http://office\.microsoft\.com/ 0 80% 20160 reload-into-ims 
refresh_pattern http://w?xpsp[0-9]\.microsoft\.com/ 0 80% 20160 reload-into-ims 
refresh_pattern http://w2ksp[0-9]\.microsoft\.com/ 0 80% 20160 reload-into-ims 
refresh_pattern windowsupdate.com/.*\.(cab|exe) 4320 100% 43200 reload-into-ims 
refresh_pattern download.microsoft.com/.*\.(cab|exe) 4320 100% 43200 reload-into-ims 

refresh_pattern au.download.windowsupdate.com/.*\.(cab|exe) 4320 100% 43200 reload-into-ims 
# and some other windows updaters 
refresh_pattern http://download\.macromedia\.com/ 0 80% 20160 reload-into-ims 
refresh_pattern ftp://ftp\.nai\.com/ 0 80% 20160 reload-into-ims 
refresh_pattern http://ftp\.software\.ibm\.com/ 0 80% 20160 reload-into-ims 
refresh_pattern http://.*\.grisoft\.com/ 0 80% 20160 reload-into-ims 
refresh_pattern http://download\.lavasoft\.de*/ 0 80% 20160 reload-into-ims 
refresh_pattern ftp://ftp\.nai\.com/ 0 80% 20160 reload-into-ims 
# repositories 
refresh_pattern http://.*\.archive\.ubuntu\.com/ 0 80% 20160 reload-into-ims 
refresh_pattern http://www\.getautomatix\.com/ 0 80% 20160 reload-into-ims 
refresh_pattern http://wine\.budgetdedicated\.com/ 0 80% 20160 reload-into-ims 
refresh_pattern ^.*(utm\.gif|ads\?|rmxads\.com|ad\.z5x\.net|bh\.contextweb\.com|bstats\.adbrite\.com|a1\.interclick\.com|ad\.trafficmp\.com|ads\.cubics\.com|ad\.xtendmedia\.com|\.googlesyndication\.com|advertising\.com|yieldmanager|game-advertising\.com|pixel\.quantserve\.com|adperium\.com|doubleclick\.net|adserving\.cpxinteractive\.com|syndication\.com|media.fastclick.net).* 10800 20% 10800 ignore-no-cache  ignore-private override-expire ignore-reload ignore-auth   negative-ttl=40320 max-stale=10 
#acl googlesyn  dstdomain *.googlesyndication.com 
#http_access deny googlesyn 
#acl blockeddomain dstdomain "/etc/blocked.domains.acl" 
#acl adsites dstdomain url_regex "/etc/adlist.acl" 
#acl adsip dst "/etc/adsip.acl" 
#acl adsites1 url_regex "/etc/adlist.txt" 
acl sbobet  dstdomain *.sbobet.com/* 
acl sbobet dstdomain *.sbostatic.com/* 
always_direct allow sbobet 
#cache deny sbobet 
acl all src 0.0.0.0/0.0.0.0 
acl client1 src 10.16.8.0/24 
acl ippublic src x.x.x.x/29 

acl client2 src 192.168.88.0/24 
acl client3 src x.x.x.0/24 
acl client4 src x.x.x.0/24 
acl manager proto cache_object 
acl localhost src 127.0.0.1/255.255.255.255 
acl to_localhost dst 127.0.0.0/8 
acl SSL_ports port 443 563 
acl Safe_ports port 80          # http 

acl Safe_ports port 21          # ftp 
acl Safe_ports port 443 563     # https, snews 
acl Safe_ports port 70          # gopher 
acl Safe_ports port 210         # wais 
acl Safe_ports port 1025-65535  # unregistered ports 
acl Safe_ports port 280         # http-mgmt 
acl Safe_ports port 488         # gss-http 
acl Safe_ports port 591         # filemaker 
acl Safe_ports port 777         # multiling http 
acl CONNECT method CONNECT 
#http_access deny blockeddomain 
#http_access deny adsites1 
#http_access deny adsip 
http_access allow manager localhost 
http_access deny !Safe_ports 
http_access deny CONNECT !SSL_ports 
http_access allow client1 
http_access allow client2 
http_access allow client3
http_access allow client4 
http_access allow ippublic 

http_access allow localhost 
http_access deny all 
#deny_info http://www.geocities.com/asaddotcom2002/Final-2.html adsites1 
http_reply_access allow all 
icp_access allow all 
visible_hostname skylinx.squid.proxy.local.net 
coredump_dir /var/spool/squid 
reload_into_ims on 
pipeline_prefetch on 
vary_ignore_expire on 
ipcache_size 8192 
ipcache_low 98 
ipcache_high 99 
minimum_direct_hops 5 
fqdncache_size 8192 
log_fqdn off 

memory_pools off 
forwarded_for off 
icp_hit_stale on 
logfile_rotate 5 
client_db off 
#client_persistent_connection on 
store_objects_per_bucket 10 
store_avg_object_size 13 kb 
netdb_high 10000 
netdb_low   9900 
netdb_ping_period    30 seconds 
log_icp_queries off 
test_reachability off 
query_icmp off 


================== end of squid.conf ===============

The only reason still using these version is very stable and almost forget when having trouble when using these version.
So because its running well then never consider to upgrade it for years.

Best Regards

Der


On Monday, June 30, 2014 10:19 AM, Eliezer Croitoru <eliezer@xxxxxxxxxxxx> wrote:
Hey,

Please don't double post and in a Case really you must remind us that we 
didn't responded just top-post\reply on the same thread.
(I do not think that even 48 hours has passed since anyone have seen it 
yet and in many places sunday is not a work day.)

Eventually I will try to help you a bit.
What do you see in the access.log at the same time?
Did you considered that this might not be because of your squid server 
directly?
This url seems to work.
If you can share your full squid.conf we might be able to assist you 
with it.
There are couple options to debug it but since squid 2.7 is quite solid 
I think it's something with your acl logic(if it's from your server).

Just for general understanding:
Is there a reason for why you are using such an old version of squid 
which is not maintained for more then 3-4 years?

Eliezer
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux