Sorry I missed one part...
On 20/05/17 23:22, Amos Jeffries wrote:
On 20/05/17 05:13, Patrick Flaherty wrote:
Hi,
I am making changes to my squid.conf, yet they don’t seem to take. Is
there something I’m missing? Any help appreciated
From the changes below it looks like you are attempting to configure a
reverse-proxy. Relevant changes below:
# Squid Proxy Configuration
# Network(s) where proxy traffic is originating
# acl localnet src 10.0.0.0/8 # RFC1918 possible internal
network
# acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
# acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl localnet src all
Remove the above change.
# acl and http_access ("rmsc.txt")
acl whitelist dstdomain "c:/squid/etc/squid/rmsc.txt"
http_access allow whitelist
Move this section down to the place marked below.
acl http proto http
acl https proto https
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 443 # https
acl CONNECT method CONNECT
# rules allowing proxy access
http_access allow http Safe_ports whitelist localnet
http_access allow https SSL_ports whitelist localnet
Remove the above http_access lines.
# Deny requests to certain unsafe ports
http_access deny !Safe_ports
# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports
This is where the whiltelist lines should be placed.
Also, add cache_peer and cache_peer_access entries for each of your servers.
# Lastly deny all other access to this proxy
http_access deny all
# Listens to port 3128
http_port 3128
Add this line:
http_port 80 accel
# DNS servers (Change dns_nameservers to client dns servers for
consistency and better performance)
dns_nameservers 8.8.8.8 8.8.4.4
NP: Google DNS server farm design causes DNS results to churn on every
single request. This breaks HTTP/1.x connection persistence, pipeline
and multiplexing performance features. If you want these performance
enhancing features to work properly you should run your own local DNS
resolver and have Squid and the LAN use that.
# Roll log file daily and keep 30 days
logfile_rotate 30
# Access log format
logformat squid %tl %6tr %>a %Ss/%03>Hs %<st %rm %ru %un %Sh/%<A %mt
Do not re-define the "squid" default logformat the result will not be
what you want.
If you need something that is not provided by one of the default
formats use a format name of your own choosing name.
# Debug (Only used by Rave Service Personnel)
# debug_options ALL,2
# Use IPv4 based DNS first
dns_v4_first on
# Log definitions
access_log stdio:c:/Squid/var/log/squid/access.log
cache_store_log stdio:c:/Squid/var/log/squid/store.log
buffered_logs on
.. and finally as Dijixie mentioned dont forget to reload Squid.
PS: If you are using Squid-3 on one of the latest Linux with systemd
that may need to be a full stop/start cycle to make sure it works due
to problems systemd has with services like Squid-3.
Amos
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
