Brodsky, Jared S. wrote:
Hi all,
I am running Squid 2.6 Stable 3 in Transparent mode and none of my users
can access msnbc.com from behind the our cache.
I see from the config you are using tproxy. I'd recommend upgrading to
tproxy v4.1+ and the Squid 3.1 as soon as convenient. It's just had
quite a few fixes and being rolled out successfully in some high-load sites.
It's up to you though. We expect formal 3.1 test releases within weeks.
tcp_outgoing_address 10.100.1.2 has undefined network behavior. It
goes against the tproxy operation usage. tproxy behavior under those
config conditions may be unexpected.
acl adzapports myport 81 also has undefined behavior as tproxy
intercepted requests work with whatever dstIP:port the client originally
requested. Not squid listening port.
The cache box itself
has no problem reaching the site via wget, lynx, or telnet. The strange
part is that if you have a direct url to one of their CSS files it loads
fine when behind squid. I can also telnet into msnbc.com from machines
behind the proxy as well. I have added into my conf file the following
which had no effect:
acl msnbc dstdomain .msnbc.msn.com
cache deny msnbc
I have tried this with no luck as well
http://wiki.squid-cache.org/SquidFaq/SystemWeirdnesses#head-699d810035c0
99c8b4bff21e12bb365438a21027
Note: msnbc.com redirects to www.msnbc.msn.com.
We can get to msn.com just fine, as well as cnbc.com. I think there is
a problem w/ my conf file with the rewrite statements I have in
conjunction w/ how msnbc redirects their traffic. I have attached my
conf file below.
Any help would be greatly appreciated.
http_port 81 transparent tproxy
http_port 3128
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
cache_mem 525 MB
cache_swap_low 93
cache_swap_high 95
maximum_object_size 300 MB
maximum_object_size_in_memory 100 MB
cache_replacement_policy heap LFUDA
memory_replacement_policy heap GDSF
cache_dir aufs /var/spool/squid/ 20480 16 256
access_log /var/log/squid/access.log
log_fqdn on
ftp_user [EMAIL PROTECTED]
ftp_list_width 64
hosts_file /etc/hosts
acl adzapports myport 81
acl adzapmethods method HEAD GET
url_rewrite_access deny !adzapmethods
url_rewrite_access allow adzapports
refresh_pattern ^ftp: 144020% 10080 reload-into-ims
refresh_pattern ^gopher:14400% 1440
refresh_pattern . 0 20% 4320reload-into-ims
refresh_pattern cgi-bin 0 0% 0
refresh_pattern \? 0 0% 0
refresh_pattern . 0 20% 4320
refresh_pattern (/cgi-bin/|\?) 0 0% 0
refresh_pattern .0 20% 4320
quick_abort_min 64 KB
quick_abort_max 512 KB
quick_abort_pct 50
range_offset_limit 1 MB
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 # https
acl SSL_ports port 563 # snews
acl SSL_ports port 873 # rsync
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 873 # rsync
acl purge method PURGE
acl CONNECT method CONNECT
refresh_pattern -i \.flv$ 10080 90% 99 ignore-no-cache
override-expire ignore-private
quick_abort_min -1 KB
acl youtube dstdomain .youtube.com
cache allow youtube
hierarchy_stoplist cgi-bin ?
cache allow all
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
acl gtn_lan src 10.1.1.0/24
acl gtn_lan2 src 10.100.1.0/24
http_access allow gtn_lan
http_access allow gtn_lan2
http_access allow localhost
http_access deny all
http_reply_access allow all
icp_access allow all
tcp_outgoing_address 10.100.1.2
log_access deny localhost
log_access allow all
cache_mgr [EMAIL PROTECTED]
mail_from [EMAIL PROTECTED]
cache_effective_group proxy
httpd_accel_no_pmtu_disc on
append_domain .greatertalent.com
memory_pools_limit 64 MB
via off
forwarded_for off
snmp_port 3401
acl snmp_public snmp_community public
acl snmp_probes src 10.1.1.0/24
acl snmp_probes src 10.100.1.0/24
snmp_access allow snmp_public localhost snmp_probes
snmp_access deny all
strip_query_terms off
coredump_dir /var/spool/squid
pipeline_prefetch on
Amos
--
Please use Squid 2.7.STABLE4 or 3.0.STABLE9
