Re: [squid-users] Uploads not working behind squid proxy

Wed, 11 Jul 2012 16:57:19 -0700 

On 7/12/2012 1:21 AM, Crawford, Ben wrote:

As requested, a more detailed squid.conf:
acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
acl localnet src 10.161.128.0/20
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
acl SSL_ports port 443
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT
cache_peer 10.55.240.250 parent 3128 3130 no-query default login=PASS
http_access allow manager localhost
http_access allow localnet
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access deny all
http_port 10.161.128.11:3128 intercept
coredump_dir /var/spool/squid3
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
refresh_pattern (Release|Packages(.gz)*)$      0       20%     2880
refresh_pattern .               0       20%     4320

Ben

well the answer is you other mail + the squid.conf
"Without the cache_peer I can not get to any sties at all.  All
internet (well, http and https) traffic on our network must go through
the parent proxy, either directly or through a local child proxy."
the proxy tries to connect the direct upstream server to get access because you dont have an explicit "never_direct allow all" acl defined. so post and other requests that requires direct access will then tried to be served by accessing the origin server. 
you must be explicit with cache_peer acl.
replace:
##
cache_peer 10.55.240.250 parent 3128 3130 no-query default login=PASS
##
with
##
cache_peer 10.55.240.250 parent 3128 3130 no-query default login=PASS name=upstream 
cache_peer_access upstream allow all
never_direct allow all
##
this will allow and will force all traffic through the upstream proxy server. 

Good luck,
Eliezer

<SNIP>
--
Eliezer Croitoru
https://www1.ngtech.co.il
IT consulting for Nonprofit organizations
eliezer <at> ngtech.co.il

Reply via email to