Re: [squid-users] skype connection problem

Tue, 25 Oct 2016 07:25:14 -0700 

Amos, thanks for the tips!
any idea about my skype problem?

regards

On 10/25/2016 08:13 AM, Amos Jeffries wrote:

On 25/10/2016 5:19 a.m., Nicolas Valera wrote:

Hi Yuri, thanks for the answer!

we don't have the squid in transparent mode in this network.
the squid configuration is very basic. here is the conf:

-------------------------------------------------------------------------
http_port 1280 connection-auth=off
forwarded_for delete
httpd_suppress_version_string on
client_persistent_connections off

cache_mem 16 GB
maximum_object_size_in_memory 8 MB

url_rewrite_program /usr/bin/squidGuard


These...


url_rewrite_children 10
url_rewrite_access allow all


... are redundant. That is the default values for those directives.



acl numeric_IPs dstdom_regex
^(([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)|(\[([0-9a-f]+)?:([0-9a-f:]+)?:([0-9a-f]+|0-9\.]+)?\])):443

acl Skype_UA browser ^skype

acl SSL_ports port 443 563 873 1445 2083 8000 8088 10017 8443 5443 7443
50001
acl Safe_ports port 80 82 88 182 210 554 591 777 873 1001 21 443 70 280 488
acl Safe_ports port 1025-65535  # unregistered ports

acl CONNECT method CONNECT
acl safe_method method GET
acl safe_method method PUT
acl safe_method method POST
acl safe_method method HEAD
acl safe_method method CONNECT
acl safe_method method OPTIONS
acl safe_method method PROPFIND
acl safe_method method REPORT
acl safe_method method MERGE
acl safe_method method MKACTIVITY
acl safe_method method CHECKOUT


Whats the point of this ACL ?




http_access deny !Safe_ports
http_access allow CONNECT localnet numeric_IPS Skype_UA
http_access deny CONNECT !SSL_ports
http_access deny !safe_method
http_access allow localnet
http_access allow localhost
http_access deny all

refresh_pattern ^ftp:        1440    20%    10080
refresh_pattern ^gopher:    1440    0%    1440
refresh_pattern -i (/cgi-bin/|\?) 0    0%    0
refresh_pattern Packages\.tar$ 0       20%    4320 refresh-ims
ignore-no-cache
refresh_pattern Packages\.bz2$ 0       20%    4320 refresh-ims
ignore-no-cache
refresh_pattern Sources\.bz2$  0       20%    4320 refresh-ims
ignore-no-cache
refresh_pattern Release\.gpg$  0       20%    4320 refresh-ims
refresh_pattern Release$       0       20%    4320 refresh-ims
refresh_pattern -i
microsoft.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 4320 80%
43200 reload-into-ims ignore-no-cache
refresh_pattern -i
windowsupdate.com/.*\.(esd|cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip)
4320 80% 43200 reload-into-ims ignore-no-cache
refresh_pattern -i
windows.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 4320 80%
43200 reload-into-ims ignore-no-cache
refresh_pattern -i
live.net/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 4320 80% 43200
reload-into-ims ignore-no-cache
refresh_pattern .        0    20%    4320



All those "ignore-no-cache" are not useful. Run "squid -k parse" and it
should mention they are no longer supported.

Amos
_______________________________________________
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users


_______________________________________________
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Reply via email to