Merhaba Yaklaşık 10 gün centos 5.2 üzerine squid kurdum. Clientlar bunun üzerinden adsl bağlantısıyla internete çıkıyor. iptables ta bişeyler yazmıştım ama makineyi yeniden başlattığım için ve bunları kaydetmediğim için iptables ım şu an boş. squid.conf dosyasını aşağıda vereceğim. Bugün internette inanılmaz bir yavaşlama oldu. Ben de access.loglara baktım. bazı ipler için "GET error:invalid-request - NONE" hatası veriyor. Googleda bu hatayı arattım. Bazıları bunu transparent proxy yaparak çözmüş. Ben de transparent proxy yaptım ama yine olmadı. Acaba sorun nereden kaynaklanıyor olabilir? squid.conf dosyam şu şekilde
# HTTP PORT # http_port 3128 # ----------------------------------------------------------------------------- #We recommend you to use the following two lines. acl QUERY urlpath_regex cgi-bin \? no_cache deny QUERY # ----------------------------------------------------------------------------- # Ka?e Miktar? Kapat?ld? Unal # # cache_mem 8 MB # maximum_object_size 4096 KB # minimum_object_size 0 KB # ----------------------------------------------------------------------------- # Ka?e Dosyas? # cache_dir ufs /var/spool/squid 10000 64 256 cache_access_log /var/log/squid/access.log cache_log /var/log/squid/cache.log # cache_store_log /var/log/squid/store.log # ----------------------------------------------------------------------------- #dns_nameservers 212.175.152.2 195.175.39.39 195.175.39.40 144.122.199.90 4.2.2.1 #195.175.39.39 195.175.39.40 144.122.199.90 4.2.2.1 dns_nameservers 208.67.222.222 208.67.222.220 hosts_file /etc/hosts # ----------------------------------------------------------------------------- # Bunlar? Kald?r?p dene Unal # auth_param basic children 5 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hours auth_param basic casesensitive off # ----------------------------------------------------------------------------- #Refresh Pattern Kald?r Dene Unal # #Suggested default: #refresh_pattern ^ftp: 1440 20% 10080 #refresh_pattern ^gopher: 1440 0% 1440 #refresh_pattern . 0 20% 4320 # ----------------------------------------------------------------------------- # ACCESS CONTROLS #----------------------------------------------------------------------------- #Recommended minimum configuration: acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 # 563 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # 563 # https, snews acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl Safe_ports port 1863 #msn acl Safe_ports port 6891-6900 #msn acl Safe_ports port 6901 #msn acl Safe_ports port 5190 #msn acl CONNECT method CONNECT ########Delay Pools######### internetten kopyala yapistir yaptim (mehmet) # a simple global throttle, users sharing 256 Kbit/s #acl ip_1 src 192.168.2.111/255.255.255.0 #delay_pools <http://192.168.2.111/255.255.255.0#delay_pools> 1 #delay_class 1 1 # 256 Kbit/s fill rate, 1024 Kbit/s reserve #delay_parameters 1 2200/4000 #acl All src 0/0 #delay_access 1 allow ip_1 #Recommended minimum configuration: # Only allow cachemgr access from localhost #http_access allow manager localhost #http_access deny manager # Deny requests to unknown ports http_access deny !Safe_ports # Deny CONNECT to other than SSL ports #http_access deny CONNECT !SSL_ports # We strongly recommend the following be uncommented to protect innocent # web applications running on the proxy server who think the only # one who can access services on "localhost" is a local user #http_access deny to_localhost # ----------------------------------------------------------------------------- acl croco dst 88.85.82.204 acl PC_yasaksiz arp 00:1E:68:E0:16:4B 00:14:A5:ED:19:1A #acl PC_yasakli src 192.168.147.236 #acl macf1 arp 00:19:d2:8a:91:29 #acl macf2 arp 00:1e:68:e0:16:4b #http_access macf1 allow #http_access macf2 allow #http_access deny PC_yasakli http_access allow PC_yasaksiz http_access deny croco #SKYPE Engelleme----------------- # Skype https engelleme #acl numeric_IPs url_regex ^[0-9]+.[0-9]+.[0-9]+.[0-9]+ #http_access deny CONNECT numeric_IPs all # Skype http engelleme #acl Skype_UA browser Skype #http_access deny Skype_UA #NETWORK AYARLARI----------------------------------------------- acl vefa src 192.168.147.0/24 acl vefa1 src 192.168.2.0/24 #acl blocked_sites dstdom_regex "/etc/squid/yasaksite.txt" acl yasak url_regex "/etc/squid/yasak.txt" acl serbest url_regex "/etc/squid/serbest.txt" acl oyun1 dst 217.20.117.157 acl oyun2 dst 84.16.235.34 acl is_saatleri time S M T W H F A 7:00-23:05 http_access allow manager localhost http_access deny manager http_access deny CONNECT !SSL_ports http_access allow serbest http_access deny yasak http_access deny oyun1 #http_access deny blocked_sites http_access deny oyun2 http_access deny vefa !is_saatleri #http_access allow vefa is_saatleri http_access allow vefa http_access allow vefa1 http_access allow localhost # And finally deny all other access to this proxy #####DELAY POOLS #This is the most important part for shaping incoming traffic with Squid #For detailed description see squid.conf file or docs at #http://www.squid-cache.org #We don't want to limit downloads on our local network. acl magic_words1 url_regex -i 192.168 #We want to limit downloads of these type of files #Put this all in one line acl magic_words2 url_regex -i ftp .exe .mp3 .vqf .tar.gz .gz .rpm .zip .rar .avi .mpeg .mpe .mpg .qt .ram .rm .iso .raw .wav .mov #We don't block .html, .gif, .jpg and similar files, because they #generally don't consume much bandwidth #We want to limit bandwidth during the day, and allow #full bandwidth during the night #Caution! with the acl below your downloads are likely to break #at 23:59. Read the FAQ in this bandwidth if you want to avoid it. acl day time 07:00-23:00 #We have two different delay_pools #View Squid documentation to get familiar #with delay_pools and delay_class. delay_pools 2 #First delay pool #We don't want to delay our local traffic. #There are three pool classes; here we will deal only with the second. #First delay class (1) of second type (2). delay_class 1 2 #-1/-1 mean that there are no limits. delay_parameters 1 -1/-1 -1/-1 #magic_words1: 192.168 we have set before delay_access 1 allow magic_words1 #Second delay pool. #we want to delay downloading files mentioned in magic_words2. #Second delay class (2) of second type (2). delay_class 2 2 #The numbers here are values in bytes; #we must remember that Squid doesn't consider start/stop bits #5000/150000 are values for the whole network #5000/120000 are values for the single IP #after downloaded files exceed about 150000 bytes, #(or even twice or three times as much) #they will continue to download at about 5000 bytes/s delay_parameters 2 512000/512000 20000/20000 #We have set day to 09:00-23:59 before. delay_access 2 allow day delay_access 2 deny !day delay_access 2 allow magic_words2 #EOF http_access deny all # ----------------------------------------------------------------------------- # TAG: http_reply_access # Allow replies to client requests. This is complementary to http_access. # # http_reply_access allow|deny [!] aclname ... # # NOTE: if there are no access lines present, the default is to allow # all replies # # If none of the access lines cause a match the opposite of the # last line will apply. Thus it is good practice to end the rules # with an "allow all" or "deny all" entry. # #http_reply_access allow all # TAG: icp_access # Allowing or Denying access to the ICP port based on defined # access lists # # icp_access allow|deny [!]aclname ... # # See http_access for details #Allow ICP queries from everyone 26.02.2007 Unal #icp_access allow all # ----------------------------------------------------------------------------- # ADMINISTRATIVE PARAMETERS #cache_mgr Derya cache_effective_user squid cache_effective_group squid visible_hostname vefayurdu #error_directory /etc/squid/errors/Turkish # ----------------------------------------------------------------------------- # HTTPD-ACCELERATOR OPTIONS # httpd_accel_port 80 # httpd_accel_single_host off # httpd_accel_with_proxy off # httpd_accel_uses_host_header off # ----------------------------------------------------------------------------- # OSYM SITESI # header_access X-Forwarded-For deny all header_access Accept-Encoding deny all # ----------------------------------------------------------------------------- # TAG: coredump_dir # By default Squid leaves core files in the directory from where # it was started. If you set 'coredump_dir' to a directory # that exists, Squid will chdir() to that directory at startup # and coredump files will be left there. # #Default: # coredump_dir none # # Leave coredumps in the first cache dir #coredump_dir /var/spool/squid # ----------------------------------------------------------------------------- #emulate_httpd_log on -- Mehmet Recep Türkoğlu <--/ http://www.mehfun.com /-->
_______________________________________________ Linux E-Posta Listesi [email protected] Bu Listede neden bulunduğunuzu bilmiyorsanız veya artık bu listeden gelen e-postaları almak istemiyorsanız aşağıdaki bağlantı adresini kullanarak 1 dakika içinde üyeliğinizi sonlandırabilirsiniz. http://liste.linux.org.tr/mailman/listinfo/linux
