Hello Linux User I need help ... my squid having some error when try to browse http://mail.leaderuniversal.com:90 Below is my squid.conf files setting. Need HELP # If not set (default) or set to zero, Squid will keep all memory it # can. That is, there will be no limit on the total amount of memory # used for safe-keeping. # # To disable memory allocation optimization, do not set # memory_pools_limit to 0. Set memory_pools to "off" instead. # # An overhead for maintaining memory pools is not taken into account # when the limit is checked. This overhead is close to four bytes per # object kept. However, pools may actually _save_ memory because of # reduced memory thrashing in your malloc library. # TAG: forwarded_for on|off # If set, Squid will include your system's IP address or name # in the HTTP requests it forwards. By default it looks like # this: # # X-Forwarded-For: 192.1.2.3 # # If you disable this, it will appear as # # X-Forwarded-For: unknown # #forwarded_for on # TAG: log_icp_queries on|off # If set, ICP queries are logged to access.log. You may wish # do disable this if your ICP load is VERY high to speed things # up or to simplify log analysis. # #log_icp_queries on # TAG: icp_hit_stale on|off # If you want to return ICP_HIT for stale cache objects, set this # option to 'on'. If you have sibling relationships with caches # in other administrative domains, this should be 'off'. If you only # have sibling relationships with caches under your control, then # it is probably okay to set this to 'on'. # #icp_hit_stale off # TAG: minimum_direct_hops # If using the ICMP pinging stuff, do direct fetches for sites # which are no more than this many hops away. # #minimum_direct_hops 4 # TAG: cachemgr_passwd # Specify passwords for cachemgr operations. # # Usage: cachemgr_passwd password action action ... # # Some valid actions are (see cache manager menu for a full list): # 5min # 60min # asndb # authenticator # cbdata # client_list # comm_incoming # config * # counters # delay # digest_stats # dns # events # filedescriptors # fqdncache # histograms # http_headers # info # io # ipcache # mem # menu # netdb # non_peers # objects # pconn # peer_select # redirector # refresh # server_list # shutdown * # store_digest # storedir # utilization # via_headers # vm_objects # # * Indicates actions which will not be performed without a # valid password, others can be performed if not listed here. # # To disable an action, set the password to "disable". # To allow performing an action without a password, set the # password to "none". # # Use the keyword "all" to set the same password for all actions. # #cachemgr_passwd secret shutdown #cachemgr_passwd lesssssssecret info stats/objects #cachemgr_passwd disable all # TAG: store_avg_object_size (kbytes) # Average object size, used to estimate number of objects your # cache can hold. See doc/Release-Notes-1.1.txt. The default is # 13 KB. # #store_avg_object_size 13 KB # TAG: store_objects_per_bucket # Target number of objects per bucket in the store hash table. # Lowering this value increases the total number of buckets and # also the storage maintenance rate. The default is 50. # #store_objects_per_bucket 50 # TAG: client_db on|off # If you want to disable collecting per-client statistics, then # turn off client_db here. # #client_db on # TAG: netdb_low # TAG: netdb_high # The low and high water marks for the ICMP measurement # database. These are counts, not percents. The defaults are # 900 and 1000. When the high water mark is reached, database # entries will be deleted until the low mark is reached. # #netdb_low 900 #netdb_high 1000 # TAG: netdb_ping_period # The minimum period for measuring a site. There will be at # least this much delay between successive pings to the same # network. The default is five minutes. # #netdb_ping_period 5 minutes # TAG: query_icmp on|off # If you want to ask your peers to include ICMP data in their ICP # replies, enable this option. # # If your peer has configured Squid (during compilation) with # '--enable-icmp' then that peer will send ICMP pings to origin server # sites of the URLs it receives. If you enable this option then the # ICP replies from that peer will include the ICMP data (if available). # Then, when choosing a parent cache, Squid will choose the parent with # the minimal RTT to the origin server. When this happens, the # hierarchy field of the access.log will be # "CLOSEST_PARENT_MISS". This option is off by default. # #query_icmp off # TAG: test_reachability on|off # When this is 'on', ICP MISS replies will be ICP_MISS_NOFETCH # instead of ICP_MISS if the target host is NOT in the ICMP # database, or has a zero RTT. # #test_reachability off # TAG: buffered_logs on|off # Some log files (cache.log, useragent.log) are written with # stdio functions, and as such they can be buffered or # unbuffered. By default they will be unbuffered. Buffering them # can speed up the writing slightly (though you are unlikely to # need to worry). #buffered_logs off # TAG: reload_into_ims on|off # When you enable this option, client no-cache or ``reload'' # requests will be changed to If-Modified-Since requests. # Doing this VIOLATES the HTTP standard. Enabling this # feature could make you liable for problems which it # causes. # # see also refresh_pattern for a more selective approach. # # This option may be disabled by using --disable-http-violations # with the configure script. #reload_into_ims off # TAG: always_direct # Usage: always_direct allow|deny [!]aclname ... # # Here you can use ACL elements to specify requests which should # ALWAYS be forwarded directly to origin servers. For example, # to always directly forward requests for local servers use # something like: # # acl local-servers dstdomain my.domain.net # always_direct allow local-servers # # To always forward FTP requests directly, use # # acl FTP proto FTP # always_direct allow FTP # # NOTE: There is a similar, but opposite option named # 'never_direct'. You need to be aware that "always_direct deny # foo" is NOT the same thing as "never_direct allow foo". You # may need to use a deny rule to exclude a more-specific case of # some other rule. Example: # # acl local-external dstdomain external.foo.net # acl local-servers dstdomain foo.net # always_direct deny local-external # always_direct allow local-servers # # This option replaces some v1.1 options such as local_domain # and local_ip. # TAG: never_direct # Usage: never_direct allow|deny [!]aclname ... # # never_direct is the opposite of always_direct. Please read # the description for always_direct if you have not already. # # With 'never_direct' you can use ACL elements to specify # requests which should NEVER be forwarded directly to origin # servers. For example, to force the use of a proxy for all # requests, except those in your local domain use something like: # # acl local-servers dstdomain foo.net # acl all src 0.0.0.0/0.0.0.0 # never_direct deny local-servers # never_direct allow all # # or if squid is inside a firewall and there is local intranet # servers inside the firewall then use something like: # # acl local-intranet dstdomain foo.net # acl local-external dstdomain external.foo.net # always_direct deny local-external # always_direct allow local-intranet # never_direct allow all # # This option replaces some v1.1 options such as inside_firewall # and firewall_ip. # TAG: anonymize_headers # Usage: anonymize_headers allow|deny header_name ... # # This option replaces the old 'http_anonymizer' option with # something that is much more configurable. You may now # specify exactly which headers are to be allowed, or which # are to be removed from outgoing requests. # # There are two methods of using this option. You may either # allow specific headers (thus denying all others), or you # may deny specific headers (thus allowing all others). # # For example, to achieve the same behavior as the old # 'http_anonymizer standard' option, you should use: # # anonymize_headers deny From Referer Server # anonymize_headers deny User-Agent WWW-Authenticate Link # # Or, to reproduce the old 'http_anonymizer paranoid' feature # you should use: # # anonymize_headers allow Allow Authorization Cache-Control # anonymize_headers allow Content-Encoding Content-Length # anonymize_headers allow Content-Type Date Expires Host # anonymize_headers allow If-Modified-Since Last-Modified # anonymize_headers allow Location Pragma Accept # anonymize_headers allow Accept-Encoding Accept-Language # anonymize_headers allow Content-Language Mime-Version # anonymize_headers allow Retry-After Title Connection # anonymize_headers allow Proxy-Connection # # NOTE: You can not mix "allow" and "deny". All 'anonymize_headers' # lines must have the same second argument. # # By default, all headers are allowed (no anonymizing is # performed). # #anonymize_headers # TAG: fake_user_agent # If you filter the User-Agent header with 'anonymize_headers' it # may cause some Web servers to refuse your request. Use this to # fake one up. For example: # # fake_user_agent Nutscrape/1.0 (CP/M; 8-bit) # (credit to Paul Southworth [EMAIL PROTECTED] for this one!) # #fake_user_agent none # TAG: icon_directory # Where the icons are stored. These are normally kept in # /usr/lib/squid/icons # TAG: error_directory # Directory where the error files are read from. # /usr/lib/squid/errors contains sets of error files # in different languages. The default error directory # is /etc/squid/errors, which is a link to one of these # error sets. # # If you wish to create your own versions of the error files, # either to customize them to suit your language or company, # copy the template English files to another # directory and point this tag at them. # #error_directory /etc/squid/errors # TAG: minimum_retry_timeout (seconds) # This specifies the minimum connect timeout, for when the # connect timeout is reduced to compensate for the availability # of multiple IP addresses. # # When a connection to a host is initiated, and that host has # several IP addresses, the default connection timeout is reduced # by dividing it by the number of addresses. So, a site with 15 # addresses would then have a timeout of 8 seconds for each # address attempted. To avoid having the timeout reduced to the # point where even a working host would not have a chance to # respond, this setting is provided. The default, and the # minimum value, is five seconds, and the maximum value is sixty # seconds, or half of connect_timeout, whichever is greater and # less than connect_timeout. # #minimum_retry_timeout 5 seconds # TAG: maximum_single_addr_tries # This sets the maximum number of connection attempts for a # host that only has one address (for multiple-address hosts, # each address is tried once). # # The default value is three tries, the (not recommended) # maximum is 255 tries. A warning message will be generated # if it is set to a value greater than ten. # #maximum_single_addr_tries 3 # TAG: snmp_port # Squid can now serve statistics and status information via SNMP. # By default it listens to port 3401 on the machine. If you don't # wish to use SNMP, set this to "0". # # NOTE: SNMP support requires use the --enable-snmp configure # command line option. #snmp_port 3401 # TAG: snmp_access # Allowing or denying access to the SNMP port. # # All access to the agent is denied by default. # usage: # # snmp_access allow|deny [!]aclname ... # #Example: #snmp_access allow snmppublic localhost #snmp_access deny all # TAG: snmp_incoming_address # TAG: snmp_outgoing_address # Just like 'udp_incoming_address' above, but for the SNMP port. # # snmp_incoming_address is used for the SNMP socket receiving # messages from SNMP agents. # snmp_outgoing_address is used for SNMP packets returned to SNMP # agents. # # The default behavior is to not bind to any specific address. # # NOTE, snmp_incoming_address and snmp_outgoing_address can not have # the same value since they both use port 3130. # #snmp_incoming_address 0.0.0.0 #snmp_outgoing_address 0.0.0.0 # TAG: as_whois_server # WHOIS server to query for AS numbers. NOTE: AS numbers are # queried only when Squid starts up, not for every request. # TAG: wccp_router # Use this option to define your WCCP ``home'' router for # Squid. Setting the 'wccp_router' to 0.0.0.0 (the default) # disables WCCP. #wccp_router 0.0.0.0 # TAG: wccp_incoming_address # TAG: wccp_outgoing_address # wccp_incoming_address Use this option if you require WCCP # messages to be received on only one # interface. Do NOT use this option if # you're unsure how many interfaces you # have, or if you know you have only one # interface. # # wccp_outgoing_address Use this option if you require WCCP # messages to be sent out on only one # interface. Do NOT use this option if # you're unsure how many interfaces you # have, or if you know you have only one # interface. # # The default behavior is to not bind to any specific address. # # NOTE, wccp_incoming_address and wccp_outgoing_address can not have # the same value since they both use port 2048. # #wccp_incoming_address 0.0.0.0 #wccp_outgoing_address 0.0.0.0 # DELAY POOL PARAMETERS (all require DELAY_POOLS compilation option) # -------------------------------------------------------------------------- --- # TAG: delay_pools # This represents the number of delay pools to be used. For example, # if you have one class 2 delay pool and one class 3 delays pool, you # have a total of 2 delay pools. # # To enable this option, you must use --enable-delay-pools with the # configure script. #delay_pools 0 # TAG: delay_class # This defines the class of each delay pool. There must be exactly one # delay_class line for each delay pool. For example, to define two # delay pools, one of class 2 and one of class 3, the settings above # and here would be: # #delay_pools 2 # 2 delay pools #delay_class 1 2 # pool 1 is a class 2 pool #delay_class 2 3 # pool 2 is a class 3 pool # # The delay pool classes are: # # class 1 Everything is limited by a single aggregate # bucket. # # class 2 Everything is limited by a single aggregate # bucket as well as an "individual" bucket chosen # from bits 25 through 32 of the IP address. # # class 3 Everything is limited by a single aggregate # bucket as well as a "network" bucket chosen # from bits 17 through 24 of the IP address and a # "individual" bucket chosen from bits 17 through # 32 of the IP address. # # NOTE: If an IP address is a.b.c.d # -> bits 25 through 32 are "d" # -> bits 17 through 24 are "c" # -> bits 17 through 32 are "c * 256 + d" # TAG: delay_access # This is used to determine which delay pool a request falls into. # The first matched delay pool is always used, i.e., if a request falls # into delay pool number one, no more delay are checked, otherwise the # rest are checked in order of their delay pool number until they have # all been checked. For example, if you want some_big_clients in delay # pool 1 and lotsa_little_clients in delay pool 2: # #delay_access 1 allow some_big_clients #delay_access 1 deny all #delay_access 2 allow lotsa_little_clients #delay_access 2 deny all # TAG: delay_parameters # This defines the parameters for a delay pool. Each delay pool has # a number of "buckets" associated with it, as explained in the # description of delay_class. For a class 1 delay pool, the syntax is: # #delay_parameters pool aggregate # # For a class 2 delay pool: # #delay_parameters pool aggregate individual # # For a class 3 delay pool: # #delay_parameters pool aggregate network individual # # The variables here are: # # pool a pool number - ie, a number between 1 and the # number specified in delay_pools as used in # delay_class lines. # # aggregate the "delay parameters" for the aggregate bucket # (class 1, 2, 3). # # individual the "delay parameters" for the individual # buckets (class 2, 3). # # network the "delay parameters" for the network buckets # (class 3). # # A pair of delay parameters is written restore/maximum, where restore is # the number of bytes (not bits - modem and network speeds are usually # quoted in bits) per second placed into the bucket, and maximum is the # maximum number of bytes which can be in the bucket at any time. # # For example, if delay pool number 1 is a class 2 delay pool as in the # above example, and is being used to strictly limit each host to 64kbps # (plus overheads), with no overall limit, the line is: # #delay_parameters 1 -1/-1 8000/8000 # # Note that the figure -1 is used to represent "unlimited". # # And, if delay pool number 2 is a class 3 delay pool as in the above # example, and you want to limit it to a total of 256kbps (strict limit) # with each 8-bit network permitted 64kbps (strict limit) and each # individual host permitted 4800bps with a bucket maximum size of 64kb # to permit a decent web page to be downloaded at a decent speed # (if the network is not being limited due to overuse) but slow down # large downloads more significantly: # #delay_parameters 2 32000/32000 8000/8000 600/64000 # # There must be one delay_parameters line for each delay pool. # TAG: delay_initial_bucket_level (percent, 0-100) # The initial bucket percentage is used to determine how much is put # in each bucket when squid starts, is reconfigured, or first notices # a host accessing it (in class 2 and class 3, individual hosts and # networks only have buckets associated with them once they have been # "seen" by squid). # #delay_initial_bucket_level 50 # TAG: incoming_icp_average # TAG: incoming_http_average # TAG: min_icp_poll_cnt # TAG: min_http_poll_cnt # Heavy voodoo here. I can't even believe you are reading this. # Are you crazy? Don't even think about adjusting these unless # you understand the algorithms in comm_select.c first! # #incoming_icp_average 6 #incoming_http_average 4 #min_icp_poll_cnt 8 #min_http_poll_cnt 8 # TAG: max_open_disk_fds # TAG: offline_mode # Enable this option and Squid will never try to validate cached # objects. # TAG: uri_whitespace # What to do with requests that have whitespace characters in the # URI. Options: # # strip: The whitespace characters are stripped out of the URL. # This is the behavior recommended by RFC2616. # deny: The request is denied. The user receives an "Invalid # Request" message. # allow: The request is allowed and the URI is not changed. The # whitespace characters remain in the URI. Note the # whitespace is passed to redirector processes if they # are in use. # encode: The request is allowed and the whitespace characters are # encoded according to RFC1738. This could be considered # a violation of the HTTP/1.1 # RFC because proxies are not allowed to rewrite URI's. # chop: The request is allowed and the URI is chopped at the # first whitespace. This might also be considered a # violation. #uri_whitespace strip # TAG: broken_posts # A list of ACL elements which, if matched, causes Squid to send # a extra CRLF pair after the body of a PUT/POST request. # # Some HTTP servers has broken implementations of PUT/POST, # and rely on a extra CRLF pair sent by some WWW clients. # # Quote from RFC 2068 section 4.1 on this matter: # # Note: certain buggy HTTP/1.0 client implementations generate an # extra CRLF's after a POST request. To restate what is explicitly # forbidden by the BNF, an HTTP/1.1 client must not preface or follow # a request with an extra CRLF. # #acl buggy_server url_regex ^http://.... #broken_posts allow buggy_server # TAG: mcast_miss_addr # If you enable this option, every "cache miss" URL will # be sent out on the specified multicast address. # # Do not enable this option unless you are are absolutely # certain you understand what you are doing. # TAG: mcast_miss_ttl # This is the time-to-live value for packets multicasted # when multicasting off cache miss URLs is enabled. By # default this is set to 'site scope', i.e. 16. # TAG: mcast_miss_port # This is the port number to be used in conjunction with # 'mcast_miss_addr'. # TAG: mcast_miss_encode_key # The URLs that are sent in the multicast miss stream are # encrypted. This is the encryption key. # TAG: prefer_direct # By default, if the ICP, HTCP, Cache Digest, etc. techniques # do not yield a parent cache, Squid gives higher preference # to forwarding the request direct to origin servers, rather # than selecting a parent cache anyway. # # If you want Squid to give higher precedence to a parent # cache, instead of going direct, then turn this option off. #prefer_direct on # TAG: strip_query_terms # By default, Squid strips query terms from requested URLs before # logging. This protects your user's privacy. #strip_query_terms on # TAG: coredump_dir # By default Squid leaves core files in the first cache_dir # directory. If you set 'coredump_dir' to a directory # that exists, Squid will chdir() to that directory at startup # and coredump files will be left there. # TAG: redirector_bypass # When this is 'on', a request will not go through the # redirector if all redirectors are busy. If this is 'off' # and the redirector queue grows too large, Squid will exit # with a FATAL error and ask you to increase the number of # redirectors. You should only enable this if the redirectors # are not critical to your caching system. If you use # redirectors for access control, and you enable this option, # then users may have access to pages that they should not # be allowed to request. # TAG: ignore_unknown_nameservers # By default Squid checks that DNS responses are received # from the same IP addresses that they are sent to. If they # don't match, Squid ignores the response and writes a warning # message to cache.log. You can allow responses from unknown # nameservers by setting this option to 'off'. #ignore_unknown_nameservers on # TAG: digest_generation # This controls whether the server will generate a Cache Digest # of its contents. By default, Cache Digest generation is # enabled if Squid is compiled with USE_CACHE_DIGESTS defined. #digest_generation on # TAG: digest_bits_per_entry # This is the number of bits of the server's Cache Digest which # will be associated with the Digest entry for a given HTTP # Method and URL (public key) combination. The default is 5. #digest_bits_per_entry 5 # TAG: digest_rebuild_period (seconds) # This is the number of seconds between Cache Digest rebuilds. # By default the server's Digest is rebuilt every hour. #digest_rebuild_period 1 hour # TAG: digest_rewrite_period (seconds) # This is the number of seconds between Cache Digest writes to # disk. By default the server's Digest is written to disk every # hour. #digest_rewrite_period 1 hour # TAG: digest_swapout_chunk_size (bytes) # This is the number of bytes of the Cache Digest to write to # disk at a time. It defaults to 4096 bytes (4KB), the Squid # default swap page. #digest_swapout_chunk_size 4096 bytes # TAG: digest_rebuild_chunk_percentage (percent, 0-100) # This is the percentage of the Cache Digest to be scanned at a # time. By default it is set to 10% of the Cache Digest. #digest_rebuild_chunk_percentage 10 # TAG: chroot # Use this to have Squid do a chroot() while initializing. This # also causes Squid to fully drop root privileges after # initializing. This means, for example, that if you use a HTTP # port less than 1024 and try to reconfigure, you will get an # error.
