On 2014-04-01 10:07, Elvar Sævarsson wrote:
? Please
Can any one help me get this working?
I have tryed everything.
I am trying to use squid on qnap to cache all files or at least
Facebook pictures and videos , webpages pictures( that works) videos
and
ads.
Dowloads ( all dowloads iphone apps google play apps .exe .pdf or just
all)
What version of Squid is this?
Have you tried getting help from QNAP?
FYI: current release of Squid cache all that content by default quite
well.
This is my config file:
# The user name and group name Squid will operate as
cache_effective_user httpdusr
cache_effective_group everyone
?? Strange. But not related to the problem.
FYI: We recommend leaving the group directive undefined and adding the
effective user account as a member of the group at the OS level.
#
# Recommended minimum configuration:
#
# Auth Method
#auth_param basic program
/share/MD0_DATA/.qpkg/Squid/opt/libexec/squid/ncsa_auth /etc/shadow
#auth_param basic children 5
#auth_param basic realm Squid proxy-caching web server
#auth_param basic credentialsttl 2 hours
acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl localnet src fc00::/7 # RFC 4193 local private network range
acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged)
machines
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
#acl ncsa_users proxy_auth REQUIRED
#
# Recommended minimum Access Permission configuration:
#
# Only allow cachemgr access from localhost
http_access allow manager localhost
http_access deny manager
# Deny requests to certain unsafe ports
http_access deny !Safe_ports
# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports
# We strongly recommend the following be uncommented to protect
innocent
# web applications running on the proxy server who think the only
# one who can access services on "localhost" is a local user
#http_access deny to_localhost
#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#
# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP
networks
# from where browsing should be allowed
http_access allow localnet
#http_access allow ncsa_users
# And finally deny all other access to this proxy
http_access deny all
# Squid normally listens to port 3128
http_port 3128
# We recommend you to use at least the following line.
hierarchy_stoplist cgi-bin ?
# Uncomment and adjust the following to add a disk cache directory.
cache_dir ufs /share/MD0_DATA/.qpkg/Squid/opt/var/squid/cache 40000 16
256
cache_mem 125 MB
# Leave coredumps in the first cache dir
coredump_dir /share/MD0_DATA/.qpkg/Squid/opt/var/squid/
access_log /share/MD0_DATA/.qpkg/Squid/opt/var/squid/logs/access.log
squid
cache_log /share/MD0_DATA/.qpkg/Squid/opt/var/squid/logs/cache.log
cache_store_log
/share/MD0_DATA/.qpkg/Squid/opt/var/squid/logs/store.log
# Add logfile rotated mechanism
logfile_rotate 7
debug_options rotate=1
#
mime_table /share/MD0_DATA/.qpkg/Squid/opt/etc/squid/mime.conf
pid_filename /share/MD0_DATA/.qpkg/Squid/opt/var/squid/run/squid.pid
diskd_program /share/MD0_DATA/.qpkg/Squid/opt/libexec/squid/diskd
unlinkd_program /share/MD0_DATA/.qpkg/Squid/opt/libexec/squid/unlinkd
icon_directory /share/MD0_DATA/.qpkg/Squid/opt/share/squid/icons
err_page_stylesheet
/share/MD0_DATA/.qpkg/Squid/opt/etc/squid/errorpage.css
error_default_language en-us
error_directory
/share/MD0_DATA/.qpkg/Squid/opt/share/squid/errors/en-us
# Add any of your own refresh_pattern entries above these.
refresh_pattern (get_video|videoplayback\?|videodownload|\.flv|\.webm)
0 0%
0
NP: this will prevent caching whenever ".flv" exists in the URL. Which
will prevent several of the .flv patterns below being useful.
refresh_pattern imeem.*\.flv 0 0% 0 override-lastmod override-expire
... like this one will never be used.
refresh_pattern ^ftp: 40320 20% 40320 override-expire reload-into-ims
store-stale
refresh_pattern ^gopher: 1440 0% 1440
# facebook
refresh_pattern ((facebook.com)|(85.131.151.39)).*\.(png|gif) 5259487
999999% 5259487 override-expire ignore-reload store-stale
refresh_pattern .fbcdn.net.*\.(jpg|gif|png) 5259487 999999% 5259487
ignore-no-cache override-expire ignore-reload store-stale
negative-ttl=0
refresh_pattern -i
.facebook.com.*.(jpg|gif|png|swf|wav|mp(e?g|a|e|1|2|3|4)|3gp|flv|swf|wmv|zip|rar)
12960 999999% 129600 override-lastmod reload-into-ims ignore-reload
ignore-no-cache ignore-auth store-stale
NP: you already have the pattern facebook.com.*\.(png|gif) with
different parameters.
NP: you also already have a pattern for .flv. There are other examples
like this one and the below.
refresh_pattern -i
.fbcdn.net.*.(jpg|gif|png|swf|wav|mp(e?g|a|e|1|2|3|4)|3gp|flv|swf|wmv|zip|rar)
12960 999999% 129690 ignore-no-cache ignore-no-store reload-into-ims
override-expire ignore-must-revalidate store-stale
NP: you already have the pattern .fbcdn.net.*\.(jpg|gif|png) with
different parameters.
refresh_pattern -i
.zynga.com.*.(jpg|gif|png|swf|wav|mp(e?g|a|e|1|2|3|4)|3gp|flv|swf|wmv)
12960
999999% 129609 ignore-no-cache ignore-no-store reload-into-ims
override-expire ignore-must-revalidate store-stale
refresh_pattern -i
.crowdstar.com.*.(jpg|gif|png|swf|wav|mp(e?g|a|e|1|2|3|4)|3gp|flv|swf|wmv)
12960 999999% 129609 ignore-no-cache ignore-no-store reload-into-ims
override-expire ignore-must-revalidate store-stale
refresh_pattern
^http://static.ak.fbcdn.net*.(jpg|gif...gp|flv|swf|wmv)
129600 999999% 129600 ignore-no-cache ignore-no-store reload-into-ims
override-expire ignore-must-revalidate store-stale
refresh_pattern
^http://videoxl.l[0-9].facebook.com/(.*)(3gp|flv|swf|wmv|mp(e?g|a|e|1|2|3|4))
129600 999999% 129600 ignore-no-cache ignore-no-store reload-into-ims
override-expire ignore-must-revalidate store-stale
refresh_pattern
^http://*.channel.facebook.com/(.*)(j...?g|a|e|1|2|3|4))
129600 999999% 129600 ignore-no-cache ignore-no-store reload-into-ims
override-expire ignore-must-revalidate store-stale negative-ttl=0
refresh_pattern
^http://video.ak.facebook.com*.(3gp|f...?g|a|e|1|2|3|4))
129600 999999% 129600 ignore-no-cache ignore-no-store reload-into-ims
override-expire ignore-must-revalidate store-stale
refresh_pattern
^http://photos-[a-z].ak.fbcdn.net/(.*)(css|swf|jpg|gif|png|mp(e?g|a|e|1|2|3|4))
129600 999999% 129600 ignore-no-cache ignore-no-store reload-into-ims
override-expire ignore-must-revalidate store-stale
refresh_pattern ^http://profile.ak.fbcdn.net*.(jpg|gif|png) 129600
999999%
129600 ignore-no-cache ignore-no-store reload-into-ims override-expire
ignore-must-revalidate store-stale
refresh_pattern ^http://platform.ak.fbcdn.net/.* 720 100% 4320
ignore-no-cache ignore-no-store reload-into-ims override-expire
ignore-must-revalidate store-stale
Regex patterns start and end with an implicit ".*" sequence unless
anchored with ^ and $. The trailing .* is useless here.
Also, facebook in recent times have become very cache friendly (apart
from the HTTPS usage). It will mostly likely start to cache better when
you remove these HTTP protocol violation options that are causing your
Squid to ignore caching parameters.
refresh_pattern ^http://creative.ak.fbcdn.net/.* 720 100% 4320
ignore-no-cache ignore-no-store reload-into-ims override-expire
ignore-must-revalidate store-stale
Multiple lines differing only in domain name prefix can be collapsed
down to one refresh_pattern to shorten the config and make it clearer
what you are doing.
refresh_pattern ^http://apps.facebook.com/.* 1200 100% 4320
ignore-no-cache
ignore-no-store reload-into-ims override-expire ignore-must-revalidate
store-stale
refresh_pattern ^http://static.ak.fbcdn.net*.(js|css|jpg|gif|png)
129600
999999% 129600 ignore-no-cache ignore-no-store reload-into-ims
override-expire ignore-must-revalidate store-stale
refresh_pattern
^http://statics.poker.static.zynga.co...?g|a|e|1|2|3|4))
129600 999999% 129600 ignore-no-cache ignore-no-store reload-into-ims
override-expire ignore-must-revalidate store-stale
refresh_pattern ^http://statics.poker.static.zynga.com/.* 720 100%
4320
ignore-no-cache ignore-no-store reload-into-ims override-expire
ignore-must-revalidate store-stale
refresh_pattern
^http://*.zynga.com*.(swf|jpg|gif|png...?g|a|e|1|2|3|4))
129600 999999% 129600 ignore-no-cache ignore-no-store reload-into-ims
override-expire ignore-must-revalidate store-stale
refresh_pattern
^.*(streamate.doublepimp.com.*\.js\?|utm\.gif|ads\?|rmxads\.com|ad\.z5x\.net|bh\.contextweb\.com|bst
ats\.adbrite\.com|a1\.interclick\.com|ad\.trafficmp\.com|ads\.cubics\.com|ad\.xtendmedia\.com|\.goog
lesyndication\.com|advertising\.com|yieldmanager|game-advertising\.com|pixel\.quantserve\.com|adperium\.com|doubleclick\.net|adserving\.cpxinteractive\.co
m|syndication\.com|media.fastclick.net).* 5259487 70% 5259487
ignore-no-cache ignore-no-store ignore-private override-expire
ignore-reload
ignore-auth ignore-must-revalidate store-stale negative-ttl=40320
max-stale=1440
refresh_pattern ^http://v\.okezone\.com/get_video\/([a-zA-Z0-9])
129600 100%
129600 ignore-no-cache ignore-no-store reload-into-ims override-expire
ignore-must-revalidate store-stale
#antivirus
refresh_pattern avast.com.*\.vpx 40320 50% 161280 store-stale
reload-into-ims
refresh_pattern (avgate|avira).*\.(idx|gz)$ 21900 90% 21900
ignore-reload
ignore-no-cache ignore-no-store store-stale ignore-must-revalidate
reload-into-ims
refresh_pattern kaspersky.*\.avc$ 5259487 999999% 5259487
ignore-reload
store-stale
refresh_pattern kaspersky 31900 80% 161280 ignore-no-cache store-stale
refresh_pattern mbamupdates.com.*\.ref 1440 50% 161280 reload-into-ims
store-stale
#situs lainnya
refresh_pattern \.rapidshare.*\/[0-9]*\/.*\/[^\/]* 161280 90% 161280
ignore-reload store-stale
refresh_pattern
(get_video\?|videoplayback\?|videodownload\?|\.flv?|webm)
5259487 99999999% 5259487 override-expire ignore-reload store-stale
ignore-private negative-ttl=0
NP: this pattern is nearly a duplicate of the one at the top of the
list, but with different parameters. All it does is apply these
parameters to URL with:
* the string "webm" but not with a '.' preceeding (eg ".webm"),
* the string ".fl" but not with a 'v' on the end (eg ".flv"),
refresh_pattern \.(ico|video-stats) 5259487 999999% 5259487
override-expire
ignore-reload ignore-no-cache ignore-no-store ignore-private
ignore-auth
override-lastmod ignore-must-revalidate negative-ttl=10080 store-stale
* ignore-auth does not do what you think. It *prevents* Squid from
caching any authenticated responses. HTTP/1.1 permits caching
authenticated responses provided strict revalidation is performed.
* override-lastmod pretty much makes Squid drop the caching heuristics
depending on Last-Modified header. Again *reducing* caching for objects
which depend on it.
refresh_pattern \.etology\? 5259487 999999% 5259487 override-expire
ignore-reload ignore-no-cache store-stale
refresh_pattern galleries\.video(\?|sz) 5259487 999999% 5259487
override-expire ignore-reload ignore-no-cache store-stale
refresh_pattern brazzers\? 5259487 999999% 5259487 override-expire
ignore-reload ignore-no-cache store-stale
refresh_pattern \.adtology\? 5259487 999999% 5259487 override-expire
ignore-reload ignore-no-cache store-stale
refresh_pattern ^.*safebrowsing.*google 5259487 999999% 5259487
override-expire ignore-reload ignore-no-cache ignore-no-store
ignore-private
ignore-auth ignore-must-revalidate negative-ttl=10080 store-stale
refresh_pattern ^http://((cbk|mt|khm|mlt)[0-9]?)\.google\.co(m|\.id)
5259487
999999% 5259487 override-expire ignore-reload store-stale
ignore-private
negative-ttl=10080
refresh_pattern ytimg\.com.*\.(jpg|png) 5259487 999999% 5259487
override-expire ignore-reload store-stale
refresh_pattern images\.friendster\.com.*\.(png|gif) 5259487 999999%
5259487
override-expire ignore-reload store-stale
refresh_pattern garena\.com 5259487 999999% 5259487 override-expire
reload-into-ims store-stale
refresh_pattern photobucket.*\.(jp(e?g|e|2)|tiff?|bmp|gif|png) 5259487
999999% 5259487 override-expire ignore-reload store-stale
refresh_pattern vid\.akm\.dailymotion\.com.*\.on2\? 5259487 999999%
5259487
ignore-no-cache override-expire override-lastmod store-stale
refresh_pattern ^http:\/\/images|openx|pics|thumbs[0-9]\. 5259487
999999%
5259487 ignore-no-cache ignore-no-store ignore-reload override-expire
store-stale
refresh_pattern ^http:\/\/www.onemanga.com.*\/ 5259487 999999% 5259487
reload-into-ims override-expire store-stale
refresh_pattern
mediafire.com\/images.*\.(jp(e?g|e|2)|tiff?|bmp|gif|png)
5259487 999999% 5259487 reload-into-ims override-expire ignore-private
store-stale
NP: you do not have to escape '/' characters in patterns.
refresh_pattern
speedtest.*\.(jp(e?g|e|2)|tiff?|bmp|gif|png|swf|txt|js)
43800 90% 43800 store-stale negative-ttl=0
refresh_pattern \.(jp(e?g|e|2)|tiff?|bmp|gif|png) 5259487 999999%
5259487
ignore-no-cache ignore-no-store reload-into-ims override-expire
ignore-must-revalidate store-stale
refresh_pattern
\.(z(ip|[0-9]{2})|r(ar|[0-9]{2})|jar|bz2|gz|tar|rpm|vpu)
5259487 100% 5259487 override-expire reload-into-ims
refresh_pattern \.(mp3|wav|og(g|a)|flac|midi?|rm|aac|wma|mka|ape)
5259487
100% 5259487 override-expire reload-into-ims ignore-reload
refresh_pattern \.(exe|msi|dmg|bin|xpi|iso|swf|mar|psf|cab) 5259487
999999%%
5259487 override-expire reload-into-ims ignore-no-cache
ignore-must-revalidate
refresh_pattern
\.(mpeg|ra?m|avi|mp(g|e|4)|mov|divx|asf|wmv|m\dv|rv|vob|asx|ogm|flv|3gp|on2|webm)
5259487 100% 5259487 override-expire reload-into-ims
refresh_pattern -i (cgi-bin) 0 0% 0
This is incorrect. The pattern tuned for safety is:
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern \.(php|jsp|cgi|asx)\? 1900 30% 1800
refresh_pattern -i (pull) 21400 70% 21400 reload-into-ims
ignore-no-cache
ignore-must-revalidate store-stale negative-ttl=10080
( and ) around a pattern like this are useless.
refresh_pattern . 0 50% 161280 store-stale
All refresh_pattern lines following one with the '.' pattern will have
no effect at all. These directives are order-dependent, only the first
matching pattern is applied and '.' matches everything that reaches it.
Also, a lot of these google and facebook patterns will never match
because of HTTPS traffic. Unless you are decrypting the HTTPS traffic
the path?query portion of URLs is unavailable, and if you are then the
URL will contain either "https://"; and/or port ":443" parts which are
not handled in most of the above patterns.
HTH
Amos
