So, I changed my default acl setting in squid guard config file to pass all for now (I know it is not ideal), just to monitor the cache as I am trying to get the HIT ratio up. (currently only at 7.8%)
squid guard config: pastebin.com/bbe8CWLE
So your SG config just does basic IP, URL and time based allow or
redirect decisions.
I suggest you drop SG entirely and move that config into your squid.conf:
# Time rules
# abbrev for weekdays:
# s = sun, m = mon, t =tue, w = wed, h = thu, f = fri, a = sat
acl non-working-hours time MTWHF 18:00-24:00 00:00-08:00
acl non-working-hours time MTWHF 18:00-24:00 00:00-08:00
acl non-working-hours time SA 00:00-24:00
# Source addresses
acl exempt src 10.0.0.90 10.0.0.167
acl youtubers src 10.0.0.1-10.0.0.4
acl localnet src 10.0.0.0/24
# Destination classes
acl blah_domains dstdomain "adv/domains"
acl blah_domains dstdomain "deny/domains"
acl blah_domains dstdomain "porn/domains"
acl blah_domains dstdomain "spyware/domains"
acl blah_domains dstdomain "socialnet/domains"
acl blah_urls dstdom_regex "adv/urls"
acl blah_urls dstdom_regex "deny/urls"
acl blah_urls dstdom_regex "porn/urls"
acl blah_urls dstdom_regex "spyware/urls"
acl blah_urls dstdom_regex "socialnet/urls"
acl stuff_always_blocked anyof blah_domains blah_urls
acl whitelist_domains dstdomain "whitelist/domains"
acl whitelist_urls dstdom_regex "whitelist/urls"
acl whitelist anyof whitelist_domains whitelist_urls
deny_info 302:
http://example.com/squid/denegado.html whitelist
acl youtubers_domains dstdomain "socialnet/domains"
acl youtubers_urls dstdom_regex "adv/urls"
acl youtubers anyof youtubers_domains youtubers_urls
deny_info 302:
http://example.com/squid/denegado.html youtubers
# Policies
http_access deny !localnet
deny_info 302:
http://example.com/squid/denegado.html localnet
http_access allow exempt
http_access allow youtubers !stuff_always_blocked
http_access deny youtubers
http_access allow non-working-hours
http_access allow whitelist !stuff_always_blocked
http_access deny whitelist
http_access allow localnet
deny_info 302:
http://example.com/squid/denegado.html all
http_access deny all
squid.conf:
http://pastebin.com/TQ8H6bRp
Quote from your config:
acl Safe_ports port 587 #SMTP
Did you read Amos' reply "SMTP is the #1 worst protocol to let anywhere near
an HTTP proxy. Preventing what you have allowed to happen is one of the
primary reasons Safe_ports exists in the first place!”
The reason I allow 587 is because the Squid Proxy lives on the same
server as a mail server which needs this port, and several clients have
their mail clientes (Outlook..etc) already configured to use this port.
Bogus. You should know it is possible that two pieces of software can
run on one machine without interferring with each other.
Whether or not a mailserver exists on the same machine has nothing to do
with Squid.
Your mailserver itself should be using that port and controlling what
traffic can use it. *HTTP* traffic should never be allowed to flow from
the proxy software through to the mailserver software.
Amos
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users