[squid-users] It doesnt cacche
Hi, I dont understand why my squid doesn't cache anything : my acces log said TCP_CLIENT_REFRESH_MISS:DIRECT my cfg : # On écoute le port 80 pour faire un proxy transparent http_port 80 transparent #=== GESTIONS DES LOGS # emplacement access_log /var/log/squid/access.log cache_log /var/log/squid/cache.log cache_store_log /var/log/squid/store.log cache_swap_log /var/log/squid/swap.log useragent_log /var/log/squid/useragent.log referer_log /var/log/squid/referer.log # Options emulate_httpd_log on client_netmask 255.255.255.255 #== GESTION DU CACHE # Objet a cacher # ici il y a des expressions régulières puis la durée minimum, le % de temps accpetable # typemin % max options refresh_pattern -i \*.jpg$ 150% 2override-expire reload-into-ims ignore-reload # Cache Disque # modelientaille R1 R2 options cache_dir ufs /var/spool/squid/ 100016 256 max-size=32768 maximum_object_size 32768 KB minimum_object_size 0 KB # Cache RAM cache_mem 100 MB maximum_object_size_in_memory 4096 KB memory_replacement_policy lru cache_replacement_policy lru #== REWRITE URL url_rewrite_program /etc/squid/rewriter.php url_rewrite_children 20 redirector_bypass off #== ACL's acl all src all acl rw url_regex -ihttp://192.168.100.189/img=* acl out dstdomain "/etc/squid/white" acl localhost src 127.0.0.1 acl manager proto cache_object #= Application des ACL url_rewrite_access allow rw http_access allow manager localhost http_access allow rw http_access denyall http_reply_access allow out deny_info TCP_RESET all #=== MISC pid_filename /var/run/squid.pid cachemgr_passwd toto all # pas de protocole d'échnage de cache icp_port 0 # pas de snmp snmp_port 0 half_closed_clients off dns_nameservers 192.168.100.1 192.168.100.1 #évite de garder des stat sur les IP client_db off buffered_logs on client_persistent_connections off if i use http_port 80 tranparent, url rewrite is OK but without cache If i use http_port 80, squid send me an error page like : While trying to process the request: GET /img=http%3A%2F%2Ffiles.macbidouille.com%2Fmbv2%2Fnews%2F200509%2Fnano_1yen.jpg HTTP/1.1 Host: 192.168.100.189 Invalid Request -- View this message in context: http://www.nabble.com/It-doesnt-cacche-tp23055372p23055372.html Sent from the Squid - Users mailing list archive at Nabble.com.
Re: [squid-users] ACLs
I know its a strange config! We have few webserver with hudge charge and those server needs files from others compagnies. This squid instance will cache those files. For TCP_RESET, it maybe a bad for our server! But it'll be usefull for others instances of squid i need. I write init.d scripts to allow multi squid, maybe it could be usefull for oters. -- View this message in context: http://www.nabble.com/ACLs-tp22844495p22865669.html Sent from the Squid - Users mailing list archive at Nabble.com.
Re: [squid-users] acl dstdomains does not block!
I'm not sure but i use a dstdomain acl with a file like this : .google.com without last dot Or an bad usage or order of acl allow/deny your_acl -- View this message in context: http://www.nabble.com/acl-dstdomains-does-not-block%21-tp22863222p22864630.html Sent from the Squid - Users mailing list archive at Nabble.com.
Re: [squid-users] ACLs
I used : http_access allow manager localhost http_access allow localnet PROTO METHOD http_access deny all !port I try to add deny_info options : deny_infoTCP_RESET !manager !localhost deny_infoTCP_RESET !localnet deny_infoTCP_RESET !all or deny_infoTCP_RESET manager localhost deny_infoTCP_RESET localnet deny_infoTCP_RESET all But i'allways have an error message "Access control configuration prevents your request from being allowed at this time. Please contact your service provider if you feel this is incorrect. etc" Instead ofan effective TCP_reset -- View this message in context: http://www.nabble.com/ACLs-tp22844495p22846726.html Sent from the Squid - Users mailing list archive at Nabble.com.
[squid-users] ACLs
Hi i use a transparent squid proxy and i want : - access as manager with squidclient from localhost only - allow only computer from localhost to go every where My ACLs : #== ACL # nom type acl allsrc all acl port port82 acl localnet src 192.168.100.0/192.168.100.255 acl managerproto cache_object acl PROTO proto http acl METHODmethod GET acl localhost src 127.0.0.1 I try : http_access allow localhost manager http_access allow localnet port !manager http_access denyall !port !PROTO !METHOD but manager can acces from every IP of localnet I try : http_access allow localnet port !manager http_access denyall !port !PROTO !METHOD http_access allow localhost manager http_access deny!localhost !manger but it block every request from client -- View this message in context: http://www.nabble.com/ACLs-tp22844495p22844495.html Sent from the Squid - Users mailing list archive at Nabble.com.
Re: [squid-users] SQuid and squid client
I use a little different config : #== ACL # nom type acl all src all acl rw url_regex -ihttp://192.168.100.189/img=* acl out dstdomain "/etc/squid/white" acl portport80 #== MISC visible_hostname 192.168.100.189 http_port 80 transparent icp_port 0 half_closed_clients off #== REWRITE URL url_rewrite_program /etc/squid/rewriter.php url_rewrite_children 20 url_rewrite_access allow rw #= info password cachemgr_passwd toto all #== GESTION DES DROITS # relation nom acl localhost src 127.0.0.1 acl managerproto cache_object http_accessallow manager localhost http_accessallow rw port http_accessdeny all http_reply_accessallow out and i had localhost to my white list domain. Thanks again!! -- View this message in context: http://www.nabble.com/SQuid-and-squid-client-tp22783707p22805000.html Sent from the Squid - Users mailing list archive at Nabble.com.
Re: [squid-users] SQuid and squid client
I added : cachemgr_passwd toto all but i still have an error : cant access to the info my acls : #== ACL # nom type acl all src all acl rw url_regex -ihttp://moi/img=* acl out dstdomain "/etc/squid/white" acl portport80 acl localhost src 127.0.0.1 #== MISC visible_hostname moi http_port 80 transparent icp_port 0 #== REWRITE URL url_rewrite_program /etc/squid/rewriter.php url_rewrite_children 15 url_rewrite_access allow rw #= info password cachemgr_passwd toto all #== GESTION DES DROITS # relationnom http_access deny!rw !all !port !localhost http_access allow rw all port localhost http_reply_access deny!out !localhost http_reply_access allow out localhost -- View this message in context: http://www.nabble.com/SQuid-and-squid-client-tp22783707p22800258.html Sent from the Squid - Users mailing list archive at Nabble.com.
[squid-users] SQuid and squid client
Hi! I use zabbix for my squid server monitoring and somme zabbix config that launch something like: squidclient -p80 -h localhohst mgr:60min|grep what_i_need| sed something_to_have_an_usable_output It works for 2 of my squidconf but it doesn't work for the last one witch have restrictiv access and url revriting. Is there anyway to acces squid stats? -- View this message in context: http://www.nabble.com/SQuid-and-squid-client-tp22783707p22783707.html Sent from the Squid - Users mailing list archive at Nabble.com.
[squid-users] Tow squid on ths same computer
Hi! I need 2 squid on a computer with 2 differents ports (80 for the first and 81 for the others. I have 2 different config, 2 different cache dir and only a single user for squid 1& 2 First i use a init.d sqcipt with a littlle modification : append -f $CONFIGFILE to prevent a squid -k message which impact the 2 instances. I try to change cachedir, squidpid file in the nit script but it doesnt work! -- View this message in context: http://www.nabble.com/Tow-squid-on-ths-same-computer-tp22698128p22698128.html Sent from the Squid - Users mailing list archive at Nabble.com.
Re: [squid-users] Is this possible?
It works : a little mistake for an acl : acl out dstdomain /etc/squid/white instead of : acl out dstdomain "/etc/squid/white" Thanks! -- View this message in context: http://www.nabble.com/Is-this-possible--tp22601561p22678829.html Sent from the Squid - Users mailing list archive at Nabble.com.
Re: [squid-users] Is this possible?
> Don't send the 302. Just rewrite the URL. Squid will fetch the > rewritten URL and send the result to the client. > > Chris > > OK it works! Thanks! So i use : acl rw url_regex -i http://moi/img=* http_access deny!rw http_access allow rw To only accept http://moi/img=an_url I try to add an acl on http_acces_reply with an url-regexp whitelist to restrict what sould squid accept to reply after rewriting. But it doesnt work -- View this message in context: http://www.nabble.com/Is-this-possible--tp22601561p22676600.html Sent from the Squid - Users mailing list archive at Nabble.com.
Re: [squid-users] Is this possible?
Chris Robertson-2 wrote: > > http://www.squid-cache.org/Doc/config/url_rewrite_program/ > Chris > I have a simple redirection script. It ll send a 302:URL in replacement of http://mysquid/img=URL the browser load the file from the original site and SARG says that nothing was cached! -- View this message in context: http://www.nabble.com/Is-this-possible--tp22601561p22617359.html Sent from the Squid - Users mailing list archive at Nabble.com.
[squid-users] Is this possible?
Hi! I'll try to explain what i want : 1) A browser comes to my squidcache on port 80 with an url like this : htpp://mycache/img=url_to_an_external_jpg_or_gif 2) Squid must cache this image for few hours 3) Squid send to the browser the wanted image without visible redirection for browser Is this possible? -- View this message in context: http://www.nabble.com/Is-this-possible--tp22601561p22601561.html Sent from the Squid - Users mailing list archive at Nabble.com.
Re: [squid-users] squid SNMP acl
May i use squid and snmpd? Squid can respond directly to snmp ask. -- View this message in context: http://www.nabble.com/squid-SNMP-acl-tp22497151p22540328.html Sent from the Squid - Users mailing list archive at Nabble.com.
[squid-users] squid SNMP acl
Hi everybody Now one of my squid servers does every things i wanted to, i try snmp features acl snmppublic snmp_community public acl manager src 192.168.100.194 snmp_port 3401 snmp_access allow snmppublic snmp_access allow manager snmp_access denyall snmp_incoming_address 0.0.0.0 snmp_outgoing_address 255.255.255.255 It's impossible to retreive data from 192.168.100.194 And i try smp_access allow all for testing and i only can retreive data from localhost. Any idea? -- View this message in context: http://www.nabble.com/squid-SNMP-acl-tp22497151p22497151.html Sent from the Squid - Users mailing list archive at Nabble.com.
[squid-users] Squidgard never redirect
hi! I've made a little squidgard config witch redirect non-white taged domains : ex: echo "http://forum.ubuntu-fr.org/viewtopic.php?id=149985 10.0.0.1/ - - GET" | squidGuard -c /etc/squid/squidguard.conf result : Processing file and database /etc/squid/db/whitelist.acl [==] 100 % done www.google.com 10.0.0.1/- - - And i add this to my squid conf : redirector_access allow all redirect_program /usr/bin/squidguard -c /etc/squid/squidguard.conf redirect_children 30 But there is no redirection and nothing in squidliogs (only my xterm call) -- View this message in context: http://www.nabble.com/Squidgard-never-redirect-tp22456091p22456091.html Sent from the Squid - Users mailing list archive at Nabble.com.
Re: [squid-users] Squid proxy
Jan-Frode Myklebust-2 wrote: > > On 2009-03-06, Merdouille wrote: >> >> I need to have a squid conf to allow peaople to acces data from url like >> : >> >> http://mysquidproxy/img=http%3A%2F%2Ffiles.macbidouille.com%2Fnews%2F200903%2FAP999.jpg >> or >> http://mysquidproxy/img=http://files.macbidouille.com/Fnews/200903/AP999.jpg >> >> and i want mysquid to use cache for >> http://files.macbidouille.com/Fnews/200903/AP999.jpg > > > I recently had a similar problem, but I solved it using apache instead > of squid. Assuming your squid is running on port 3128/tcp, and you have > apache listening on 80/tcp. The following apache-config should do what > you ask (I think): > > ProxyRequests On > ProxyRemote * http://localhost:3128 > ProxyTimeout 600 > ProxyPreserveHost Off > > RewriteEngine on > RewriteRule ^/img=http://(.*) http://$1 [L,P] > > > > -jf > > > I tried it for my httpd : # Activation du proxy ProxyRequests On ProxyVia On # Les proxy peres ProxyRemote * http://192.168.100.194:81 # Le timeout ProxyTimeout 600 ProxyPreserveHost Off RewriteEngine on RewriteRule ^/img=http://(.*) http://$1 [L,P] RewriteLog /var/log/httpd/rewrite.log RewriteLogLevel 3 And my squid on the same computer port 81 : visible_hostname moi acl all src all acl white dstdomain "/etc/squid/white" acl TRACE method TRACE acl PUT method PUT acl POSTmethod POST acl proxyed urlpath_regex -i"/etc/squid/whitelist" http_access allow white !POST !PUT !TRACE proxyed http_access deny!white POST PUT TRACE !proxyed http_port moi:81 icp_port0 etc When i try http://moi/http://somesite/someURL it works but it works for every site! My dstdomain white list works no more! -- View this message in context: http://www.nabble.com/Squid-proxy-tp22369482p22413411.html Sent from the Squid - Users mailing list archive at Nabble.com.
Re: [squid-users] Squid proxy
The squid server is alone here. if i use this config : # nom de la machine visible_hostname moi # niveau d'information en cas d'erreur debug_options ALL, 9 #== CREATION DES DROITS # nom typeip/masque acl all src 0.0.0.0-255.255.255.255 acl white dstdomain "/etc/squid/white" #== GESTION DES DROITS # relationnom http_access allow white http_access deny!white #== GESTION DES PORTS # host:port http_port moi:81 icp_port0 #== GESTION DU CACHE # mémoire vive utilisé en cache cache_mem 100 MB # emplacement du cache avec taille en Mo avec 16 répertoires # et 256 sous répertoires # et la taille maximum de fichier a mettre en cache cache_dir ufs /var/spool/squid/ 100 16 256 max-size=1024 #== GESTION DU CACHE PAR TYPE DE FICHIER # ici il y a des expressions régulières puis la durée minimum, # le % de temps accpetable # typemin % max options refresh_pattern -i \.gif$ 1 50% 2 override-expire reload-into-ims ignore-reload refresh_pattern -i \.jpg$ 3000 20% 6000override-expire reload-into-ims ignore-reload refresh_pattern -i \.swf$ 3000 20% 6000override-expire reload-into-ims ignore-reload refresh_pattern -i \.txt$ 3000 20% 6000override-expire reload-into-ims ignore-reload refresh_pattern -i \.html$ 320% 6 override-expire reload-into-ims ignore-reload refresh_pattern -i \.js$ 3 20% 6 override-expire reload-into-ims ignore-reload #== LOGS # type de log emplacement access_log /var/log/squid/access.log cache_log /var/log/squid/cache.log cache_store_log /var/log/squid/store.log cache_swap_log /var/log/squid/swap.log useragent_log /var/log/squid/useragent.log referer_log /var/log/squid/referer.log emulate_httpd_log on #== LES REQUETES # Pour limiter la taille de l'entête HTTP et éviter les # attaques de type DOS o request_header_max_size 10 KB # Pour éviter des données POST ou PUT request_body_max_size 0 KB #== LES TIMEOUT # fermeture immédiate des demiconnections half_closed_clients on #== Page d'erreur # ici la connection est coupé directemennt #deny_info TCP_RESET white pid_filename /var/run/squid2.pid it works nicely when i config my browser to use it as proxy. But how to force a PC outside my intranet to use it as proxy. -- View this message in context: http://www.nabble.com/Squid-proxy-tp22369482p22376190.html Sent from the Squid - Users mailing list archive at Nabble.com.
Re: [squid-users] Squid proxy
To explain what i need : i need few images or others kind of file witch are on few http servers. But those site arent fast and il want squid to cache thoses files. And i want 'askers' to use my squid instead of reals sites. -- View this message in context: http://www.nabble.com/Squid-proxy-tp22369482p22372339.html Sent from the Squid - Users mailing list archive at Nabble.com.
Re: [squid-users] Squid proxy
Sorry but i'm new on squid and non english people so i dont understood your response... -- View this message in context: http://www.nabble.com/Squid-proxy-tp22369482p22372223.html Sent from the Squid - Users mailing list archive at Nabble.com.
Re: [squid-users] Squid proxy
Maybe but it'll works with a very little and restrictive white list. -- View this message in context: http://www.nabble.com/Squid-proxy-tp22369482p22372049.html Sent from the Squid - Users mailing list archive at Nabble.com.
[squid-users] Squid proxy
Hi everyone! I need to have a squid conf to allow peaople to acces data from url like : http://mysquidproxy/img=http%3A%2F%2Ffiles.macbidouille.com%2Fnews%2F200903%2FAP999.jpg or http://mysquidproxy/img=http://files.macbidouille.com/Fnews/200903/AP999.jpg and i want mysquid to use cache for http://files.macbidouille.com/Fnews/200903/AP999.jpg How to do? -- View this message in context: http://www.nabble.com/Squid-proxy-tp22369482p22369482.html Sent from the Squid - Users mailing list archive at Nabble.com.
[squid-users] Squid & url rewriter
Hi everyone I'm trying to use url rewriter for SQUID. I use Squid 2.6 stable on CentOS. In my config file i wrote : never_direct allow all url_rewrite_program /etc/squid/test.php url_rewrite_children 1 And a stupid php file to do test : #!/usr/bin/php http://www.yahoo.fr/";; } ?> when i try to open an URL on my server, there is no redirection on yahoo like it should do. -- View this message in context: http://www.nabble.com/Squid---url-rewriter-tp3197p3197.html Sent from the Squid - Users mailing list archive at Nabble.com.