Hey Robert, Can you be more specific? “Not working” can depend on couple things and on the nature of the streaming system. I know that many streaming sites do work under transparent squid so it’s not really well understood what is not working from the spectrum of options. Can you give examples for streaming sites that do work and others that do not? The first that pops in my mind to test it would be: https://www.youtube.com/ https://www.crunchyroll.com/ https://rutube.ru/ And many others that are mentioned at: http://www.unveiltech.com/indexsquidvideobooster.php (under Smart Cache) And take Amos suggestion about restricting the headers more selectively. Depends on your system policy you would be able to find that for most sites you won’t have any issues letting any headers pass but for selective sites you would want to take another policy that would be to block in general and leaving aside the specific headers “allowed” approach. Also, have you tried to disable the virus scan to verify if it’s the culprit for the streaming issue? Please give one example so I and maybe others would be able to grasp the issue in some way. Thanks, Eliezer ---- Eliezer Croitoru <http://ngtech.co.il/lmgtfy/> Linux System Administrator Mobile: +972-5-28704261 Email: eliezer@xxxxxxxxxxxx From: squid-users [mailto:squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx] On Behalf Of Robert Watson Sent: Saturday, December 17, 2016 7:00 AM To: squid-users@xxxxxxxxxxxxxxxxxxxxx Subject: squid.conf blocking live video stream Sorry if this shows up twice on the mailing list... I've setup a transparent proxy squid v3.5.22 on a x86_64 Arch Linux server. The transparent proxy is working fine for web page caching but live video isn't getting through. I thought it was a netfilter issue but bypassing the proxy fixes this issue. acl localnet src 10.20.0.0/16 <http://10.20.0.0/16> # RFC1918 possible internal network acl SSL_ports port 443 # https acl Safe_ports port 80 # http acl Safe_ports port 554 # rtsp acl Safe_ports port 1935 # rtmp acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 1025-65535 # unregistered ports acl CONNECT method CONNECT http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow localhost manager http_access deny manager http_access deny to_localhost http_access allow localnet http_access allow localhost http_access deny all visible_hostname server.ourhome.net <http://server.ourhome.net> http_port 10.20.30.1:3128 <http://10.20.30.1:3128> intercept disable-pmtu-discovery=transparent http_port 127.0.0.0:8181 <http://127.0.0.0:8181> coredump_dir /var/cache/squid refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 20% 4320 # # Anonymous Proxy settings include /etc/squid/extra/anonymous.conf # # Virus scanning via C-ICAP # include /etc/squid/extra/c-icap.conf # By the process of elimination I've narrowed it down to the anonymous proxy settings... anonymous.conf forwarded_for off request_header_access Allow allow all request_header_access Authorization allow all request_header_access WWW-Authenticate allow all request_header_access Proxy-Authorization allow all request_header_access Proxy-Authenticate allow all request_header_access Cache-Control allow all request_header_access Content-Encoding allow all request_header_access Content-Length allow all request_header_access Content-Type allow all request_header_access Date allow all request_header_access Expires allow all request_header_access Host allow all request_header_access If-Modified-Since allow all request_header_access Last-Modified allow all request_header_access Location allow all request_header_access Pragma allow all request_header_access Accept allow all request_header_access Accept-Charset allow all request_header_access Accept-Encoding allow all request_header_access Accept-Language allow all request_header_access Content-Language allow all request_header_access Mime-Version allow all request_header_access Retry-After allow all request_header_access Title allow all request_header_access Connection allow all request_header_access Proxy-Connection allow all request_header_access User-Agent allow all request_header_access Cookie allow all request_header_access All deny all could someone please tell me what request_header_access I need to all, or how to further trouble shoot this configuration?
<<attachment: winmail.dat>>
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
