On 25/10/2016 5:19 a.m., Nicolas Valera wrote: > Hi Yuri, thanks for the answer! > > we don't have the squid in transparent mode in this network. > the squid configuration is very basic. here is the conf: > > ------------------------------------------------------------------------- > http_port 1280 connection-auth=off > forwarded_for delete > httpd_suppress_version_string on > client_persistent_connections off > > cache_mem 16 GB > maximum_object_size_in_memory 8 MB > > url_rewrite_program /usr/bin/squidGuard These... > url_rewrite_children 10 > url_rewrite_access allow all ... are redundant. That is the default values for those directives. > > acl numeric_IPs dstdom_regex > ^(([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)|(\[([0-9a-f]+)?:([0-9a-f:]+)?:([0-9a-f]+|0-9\.]+)?\])):443 > > acl Skype_UA browser ^skype > > acl SSL_ports port 443 563 873 1445 2083 8000 8088 10017 8443 5443 7443 > 50001 > acl Safe_ports port 80 82 88 182 210 554 591 777 873 1001 21 443 70 280 488 > acl Safe_ports port 1025-65535 # unregistered ports > > acl CONNECT method CONNECT > acl safe_method method GET > acl safe_method method PUT > acl safe_method method POST > acl safe_method method HEAD > acl safe_method method CONNECT > acl safe_method method OPTIONS > acl safe_method method PROPFIND > acl safe_method method REPORT > acl safe_method method MERGE > acl safe_method method MKACTIVITY > acl safe_method method CHECKOUT Whats the point of this ACL ? > > http_access deny !Safe_ports > http_access allow CONNECT localnet numeric_IPS Skype_UA > http_access deny CONNECT !SSL_ports > http_access deny !safe_method > http_access allow localnet > http_access allow localhost > http_access deny all > > refresh_pattern ^ftp: 1440 20% 10080 > refresh_pattern ^gopher: 1440 0% 1440 > refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 > refresh_pattern Packages\.tar$ 0 20% 4320 refresh-ims > ignore-no-cache > refresh_pattern Packages\.bz2$ 0 20% 4320 refresh-ims > ignore-no-cache > refresh_pattern Sources\.bz2$ 0 20% 4320 refresh-ims > ignore-no-cache > refresh_pattern Release\.gpg$ 0 20% 4320 refresh-ims > refresh_pattern Release$ 0 20% 4320 refresh-ims > refresh_pattern -i > microsoft.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 4320 80% > 43200 reload-into-ims ignore-no-cache > refresh_pattern -i > windowsupdate.com/.*\.(esd|cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) > 4320 80% 43200 reload-into-ims ignore-no-cache > refresh_pattern -i > windows.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 4320 80% > 43200 reload-into-ims ignore-no-cache > refresh_pattern -i > live.net/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 4320 80% 43200 > reload-into-ims ignore-no-cache > refresh_pattern . 0 20% 4320 > All those "ignore-no-cache" are not useful. Run "squid -k parse" and it should mention they are no longer supported. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
