Search squid archive

Re: Fwd: Request Entity Too Large Error in Squid Reverse Proxy

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 8/14/2014 8:10 AM, Amos Jeffries wrote:
If you can provide your squid.conf it would be really helpful understanding this. Amos
I think the terminology is confusing because it's the terminology used in the pfsense box that squid is running on. Nevertheless, squid.conf is below:

====== squid.conf starts below ========

http_port 10.10.14.1:3128
icp_port 7
dns_v4_first off
pid_filename /var/run/squid.pid
cache_effective_user proxy
cache_effective_group proxy
error_default_language en
icon_directory /usr/pbi/squid-i386/etc/squid/icons
visible_hostname localhost
cache_mgr admin@localhost
access_log /var/squid/logs/access.log
cache_log /var/squid/logs/cache.log
cache_store_log none
sslcrtd_children 0
logfile_rotate 1
shutdown_lifetime 3 seconds
# Allow local network(s) on interface(s)
acl localnet src  10.10.14.0/24
uri_whitespace strip

acl dynamic urlpath_regex cgi-bin \?
cache deny dynamic
cache_mem 2000 MB
maximum_object_size_in_memory 32 KB
memory_replacement_policy heap GDSF
cache_replacement_policy heap LFUDA
cache_dir ufs /var/squid/cache 500 16 256
minimum_object_size 0 KB
maximum_object_size 4 KB
offline_mode offcache_swap_low 90
cache_swap_high 95

# No redirector configured


#Remote proxies


# Setup some default acls
acl allsrc src all
acl localhost src 127.0.0.1/32
acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901 3128 1025-65535
acl sslports port 443 563
acl manager proto cache_object
acl purge method PURGE
acl connect method CONNECT

# Define protocols used for redirects
acl HTTP proto HTTP
acl HTTPS proto HTTPS

http_access allow manager localhost

http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !safeports
http_access deny CONNECT !sslports

# Always allow localhost connections
http_access allow localhost

quick_abort_min 0 KB
quick_abort_max 0 KB
request_body_max_size 0 KB
delay_pools 1
delay_class 1 2
delay_parameters 1 -1/-1 -1/-1
delay_initial_bucket_level 100
# Throttle extensions matched in the url
acl throttle_exts urlpath_regex -i "/var/squid/acl/throttle_exts.acl"
delay_access 1 allow throttle_exts
delay_access 1 deny allsrc

# Reverse Proxy settings
http_port 75.145.82.58:80 accel defaultsite=deeztek.com vhost
https_port 75.145.82.58:443 accel cert=/usr/pbi/squid-i386/etc/squid/53dfccd7cbb37.crt key=/usr/pbi/squid-i386/etc/squid/53dfccd7cbb37.key defaultsite=deeztek.com vhost
#
cache_peer 10.10.14.254 parent 443 0 proxy-only no-query no-digest originserver login=PASS round-robin ssl sslflags=DONT_VERIFY_PEER front-end-https=auto name=rvp_webserver.deeztek.com

#
cache_peer 10.10.14.201 parent 443 0 proxy-only no-query no-digest originserver login=PASS round-robin ssl sslflags=DONT_VERIFY_PEER front-end-https=auto name=rvp_owa.deeztek.com

#
cache_peer 10.10.14.251 parent 458 0 proxy-only no-query no-digest originserver login=PASS round-robin ssl sslflags=DONT_VERIFY_PEER front-end-https=auto name=rvp_cloud.deeztek.com

#
cache_peer 10.10.14.238 parent 443 0 proxy-only no-query no-digest originserver login=PASS round-robin ssl sslflags=DONT_VERIFY_PEER front-end-https=auto name=rvp_ewa.deeztek.com

#
cache_peer 10.10.14.250 parent 443 0 proxy-only no-query no-digest originserver login=PASS round-robin ssl sslflags=DONT_VERIFY_PEER front-end-https=auto name=rvp_mail.deeztek.com

#
cache_peer 10.10.14.254 parent 80 0 proxy-only no-query no-digest originserver login=PASS round-robin name=rvp_admin.grubbcontractors.com

acl rvm_deeztek.com url_regex -i ^https://secure.deeztek.com/.*
acl rvm_deeztek.com url_regex -i ^https://www.deeztek.com/.*
acl rvm_deeztek.com url_regex -i ^https://forums.deeztek.com/.*
acl rvm_deeztek.com url_regex -i ^https://deeztek.com/.*
acl rvm_OWASSL url_regex -i ^https://owa.deeztek.com/.*
acl rvm_OWASSL url_regex -i ^https://hdgexchange.deeztek.com/.*
acl rvm_OWASSL url_regex -i ^https://activesync.deeztek.com/.*
acl rvm_OWASSL url_regex -i ^https://autodiscover.deeztek.com/.*
acl rvm_OWASSL url_regex -i ^https://autodiscover.mydirectmail.net/.*
acl rvm_EWASSL url_regex -i ^https://ewa.deeztek.com/.*
acl rvm_MAILSSL url_regex -i ^https://mail.deeztek.com/.*
acl rvm_visionexperts.com url_regex -i ^https://www.visionexperts.com/.*
acl rvm_visionexperts.com url_regex -i ^https://visionexperts.com/.*
acl rvm_visionexperts.com url_regex -i ^https://secure.visionexperts.com/.*
acl rvm_grubbcontractors.com url_regex -i ^https://www.grubbcontractors.com/.* acl rvm_grubbcontractors.com url_regex -i ^https://bids.grubbcontractors.com/.*
acl rvm_grubbcontractors.com url_regex -i ^https://grubbcontractors.com/.*
acl rvm_admin.grubbcontractors.com url_regex -i ^https://admin.grubbcontractors.com/.*
cache_peer_access rvp_webserver.deeztek.com allow rvm_deeztek.com
cache_peer_access rvp_owa.deeztek.com allow rvm_OWASSL
cache_peer_access rvp_ewa.deeztek.com allow rvm_EWASSL
cache_peer_access rvp_mail.deeztek.com allow rvm_MAILSSL
cache_peer_access rvp_webserver.deeztek.com allow rvm_visionexperts.com
cache_peer_access rvp_webserver.deeztek.com allow rvm_grubbcontractors.com
cache_peer_access rvp_admin.grubbcontractors.com allow rvm_admin.grubbcontractors.com
cache_peer_access rvp_webserver.deeztek.com deny allsrc
cache_peer_access rvp_owa.deeztek.com deny allsrc
cache_peer_access rvp_ewa.deeztek.com deny allsrc
cache_peer_access rvp_mail.deeztek.com deny allsrc
cache_peer_access rvp_webserver.deeztek.com deny allsrc
cache_peer_access rvp_webserver.deeztek.com deny allsrc
cache_peer_access rvp_admin.grubbcontractors.com deny allsrc
never_direct allow rvm_deeztek.com
never_direct allow rvm_OWASSL
never_direct allow rvm_EWASSL
never_direct allow rvm_MAILSSL
never_direct allow rvm_visionexperts.com
never_direct allow rvm_grubbcontractors.com
never_direct allow rvm_admin.grubbcontractors.com
http_access allow rvm_deeztek.com
http_access allow rvm_OWASSL
http_access allow rvm_EWASSL
http_access allow rvm_MAILSSL
http_access allow rvm_visionexperts.com
http_access allow rvm_grubbcontractors.com
http_access allow rvm_admin.grubbcontractors.com

deny_info TCP_RESET allsrc

# Custom options


# Setup allowed acls
# Allow local network(s) on interface(s)
http_access allow localnet
# Default block all to be sure
http_access deny allsrc

====== squid.conf ends above ========





[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux