------------------------------------------------------------------------------- Thanks so much Amos, I eliminated a lot of lines per your suggestion and I see now how line precedence matters! Also the directive ' http_port 80 accel' seems to have seemingly sped up the server dramatically. It co-exists with my default listening ports which is a bit confusing. http_port 3128 http_port 80 accel Do both of these (speed and co-existance) makes sense? Thanks again, Patrick ------------------------------------------------------------------------------- Message: 3 Date: Sat, 20 May 2017 23:22:26 +1200 From: Amos Jeffries <squid3@xxxxxxxxxxxxx> To: squid-users@xxxxxxxxxxxxxxxxxxxxx Subject: Re: Change are not taking Message-ID: <f50726c5-07fd-8b01-4eae-05cde2444b37@xxxxxxxxxxxxx> Content-Type: text/plain; charset=utf-8; format=flowed On 20/05/17 05:13, Patrick Flaherty wrote: > > Hi, > > I am making changes to my squid.conf, yet they don’t seem to take. Is > there something I’m missing? Any help appreciated > From the changes below it looks like you are attempting to configure a reverse-proxy. Relevant changes below: > # Squid Proxy Configuration > > # Network(s) where proxy traffic is originating > > # acl localnet src 10.0.0.0/8 # RFC1918 possible internal network > > # acl localnet src 172.16.0.0/12 # RFC1918 possible internal network > > # acl localnet src 192.168.0.0/16 # RFC1918 possible internal network > > acl localnet src all > Remove the above change. > # acl and http_access ("rmsc.txt") > > acl whitelist dstdomain "c:/squid/etc/squid/rmsc.txt" > > http_access allow whitelist > Move this section down to the place marked below. > acl http proto http > > acl https proto https > > acl SSL_ports port 443 > > acl Safe_ports port 80 # http > > acl Safe_ports port 443 # https > > acl CONNECT method CONNECT > > # rules allowing proxy access > > http_access allow http Safe_ports whitelist localnet > > http_access allow https SSL_ports whitelist localnet > Remove the above http_access lines. > # Deny requests to certain unsafe ports > > http_access deny !Safe_ports > > # Deny CONNECT to other than secure SSL ports > > http_access deny CONNECT !SSL_ports > This is where the whiltelist lines should be placed. > # Lastly deny all other access to this proxy > > http_access deny all > > # Listens to port 3128 > > http_port 3128 > Add this line: http_port 80 accel > # DNS servers (Change dns_nameservers to client dns servers for > consistency and better performance) > > dns_nameservers 8.8.8.8 8.8.4.4 > NP: Google DNS server farm design causes DNS results to churn on every single request. This breaks HTTP/1.x connection persistence, pipeline and multiplexing performance features. If you want these performance enhancing features to work properly you should run your own local DNS resolver and have Squid and the LAN use that. > # Roll log file daily and keep 30 days > > logfile_rotate 30 > > # Access log format > > logformat squid %tl %6tr %>a %Ss/%03>Hs %<st %rm %ru %un %Sh/%<A %mt > > Do not re-define the "squid" default logformat the result will not be what you want. If you need something that is not provided by one of the default formats use a format name of your own choosing name. > # Debug (Only used by Rave Service Personnel) > > # debug_options ALL,2 > > # Use IPv4 based DNS first > > dns_v4_first on > > # Log definitions > > access_log stdio:c:/Squid/var/log/squid/access.log > > cache_store_log stdio:c:/Squid/var/log/squid/store.log > > buffered_logs on > > .. and finally as Dijixie mentioned dont forget to reload Squid. PS: If you are using Squid-3 on one of the latest Linux with systemd that may need to be a full stop/start cycle to make sure it works due to problems systemd has with services like Squid-3. Amos |
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
