LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Enterprise (http://www.linuxquestions.org/questions/linux-enterprise-47/)
-   -   Setting up Squid.conf (http://www.linuxquestions.org/questions/linux-enterprise-47/setting-up-squid-conf-634409/)

raptor2 04-10-2008 09:18 AM

Setting up Squid.conf
 
I am new to LINUX, and I am trying to migrate what I can from windows. My first project is a Sqid server, I am not sure if I need IPTABLEs too. I have it working from the 127. ips but not the 10.1.109.0 ips. Can someone help me with understanding the config and fixing it? I am not even sure I need everything I have in there. Here is a copy of my squid.conf.

http_port 3128
ssl_unclean_shutdown off
sslproxy_version 1
icp_port 3130
udp_incoming_address 0.0.0.0
udp_outgoing_address 255.255.255.255
icp_query_timeout 0
maximum_icp_query_timeout 2000
mcast_icp_query_timeout 2000
dead_peer_timeout 10 seconds
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY
cache_vary on
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
cache_mem 8 MB
cache_swap_low 90
cache_swap_high 95
maximum_object_size 4096 KB
minimum_object_size 0 KB
maximum_object_size_in_memory 8 KB
ipcache_size 1024
ipcache_low 90
ipcache_high 95
fqdncache_size 1024
cache_replacement_policy lru
memory_replacement_policy lru
cache_dir ufs /var/spool/squid 100 16 256
#logformat squid %ts.%03tu %6tr %>a %Ss/%03Hs %<st %rm %ru %un %Sh/%<A %mt
#logformat squidmime %ts.%03tu %6tr %>a %Ss/%03Hs %<st %rm %ru %un %Sh/%<A %mt [%>h] [%<h]
#logformat common %>a %ui %un [%tl] "%rm %ru HTTP/%rv" %Hs %<st %Ss:%Sh
#logformat combined %>a %ui %un [%tl] "%rm %ru HTTP/%rv" %Hs %<st "%{Referer}>h" "%{User-Agent}>h" %Ss:%Sh
access_log /var/log/squid/access.log squid
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
emulate_httpd_log off
log_ip_on_direct on
mime_table /etc/squid/mime.conf
log_mime_hdrs off
pid_filename /var/run/squid.pid
debug_options ALL,1
log_fqdn off
client_netmask 255.255.255.255
ftp_user Squid@
ftp_list_width 32
ftp_passive on
ftp_sanitycheck on
ftp_telnet_protocol on
check_hostnames on
allow_underscore on

# cache_dns_program /usr/lib/squid/dnsserver
# dns_children 5
# dns_retransmit_interval 5 seconds
# dns_timeout 2 minutes
# dns_defnames off

dns_nameservers 66.155.216.122 207.59.153.242
hosts_file /etc/hosts
diskd_program /usr/lib/squid/diskd-daemon
unlinkd_program /usr/lib/squid/unlinkd
# pinger_program /usr/lib/squid/pinger
url_rewrite_children 5
url_rewrite_concurrency 0
url_rewrite_host_header on
location_rewrite_children 5
location_rewrite_concurrency 0
#
# auth_param negotiate keep_alive on
#
#Recommended minimum configuration per scheme:
# auth_param negotiate program <uncomment and complete this line to activate>
# auth_param negotiate children 5
# auth_param negotiate keep_alive on
# auth_param ntlm program <uncomment and complete this line to activate>
# auth_param ntlm children 5
# auth_param ntlm keep_alive on
# auth_param digest program <uncomment and complete this line>
# auth_param digest children 5
# auth_param digest realm Squid proxy-caching web server
# auth_param digest nonce_garbage_interval 5 minutes
# auth_param digest nonce_max_duration 30 minutes
# auth_param digest nonce_max_count 50
# auth_param basic program <uncomment and complete this line>
# auth_param basic children 5
# auth_param basic realm Squid proxy-caching web server
# auth_param basic credentialsttl 2 hours
# auth_param basic casesensitive off
# authenticate_cache_garbage_interval 1 hour
# authenticate_ttl 1 hour
# authenticate_ip_ttl 0 seconds
wais_relay_port 0
request_header_max_size 20 KB
request_body_max_size 0 KB
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
quick_abort_min 16 KB
quick_abort_max 16 KB
quick_abort_pct 95
read_ahead_gap 16 KB
negative_ttl 5 minutes
positive_dns_ttl 6 hours
negative_dns_ttl 1 minute
range_offset_limit 0 KB
collapsed_forwarding off
refresh_stale_hit 0 seconds
forward_timeout 4 minutes
connect_timeout 1 minute
peer_connect_timeout 30 seconds
read_timeout 15 minutes
request_timeout 5 minutes
persistent_request_timeout 1 minute
client_lifetime 1 day
half_closed_clients on
pconn_timeout 120 seconds
ident_timeout 10 seconds
shutdown_lifetime 30 seconds
#Examples:
#acl macaddress arp 09:00:2b:23:45:67
#acl myexample dst_as 1241
#acl password proxy_auth REQUIRED
#acl fileupload req_mime_type -i ^multipart/form-data$
#acl javascript rep_mime_type -i ^application/x-javascript$
#
#Recommended minimum configuration:
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.0
acl to_localhost dst 127.0.0.0/8
# acl a src 10.1.109.1-10.1.109.254/255.255.255.0
# http_access allow a
# acl a src 10.1.109.1-10.1.109.254/255.255.255.0
http_access allow all
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
follow_x_forwarded_for deny all
acl_uses_indirect_client on
delay_pool_uses_indirect_client on
log_uses_indirect_client on
http_access allow all
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
# Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#acl our_networks src 192.168.1.0/24 192.168.2.0/24
acl our_networks src 10.1.109.0/24
#http_access allow our_networks
http_access allow our_networks
# And finally deny all other access to this proxy
http_access allow localhost
http_reply_access allow all
http_reply_access allow all
#Default:
# icp_access deny all
icp_access allow all
reply_header_max_size 20 KB
reply_body_max_size 0 allow all
cache_mgr root
mail_program mail
cache_effective_user squid
cache_effective_group squid
httpd_suppress_version_string off
umask 027
# announce_period 0
announce_host tracker.ircache.net
announce_port 3131
httpd_accel_no_pmtu_disc off
dns_testnames netscape.com internic.net nlanr.net microsoft.com
logfile_rotate 0
# append_domain .yourdomain.com
tcp_recv_bufsize 0 bytes
memory_pools on
memory_pools_limit 5 MB
via on
forwarded_for on
log_icp_queries on
icp_hit_stale off
minimum_direct_hops 4
minimum_direct_rtt 400
cachemgr_passwd secret shutdown
cachemgr_passwd lesssssssecret info stats/objects
cachemgr_passwd disable all
store_avg_object_size 13 KB
store_objects_per_bucket 20
client_db on
netdb_low 900
netdb_high 1000
netdb_ping_period 5 minutes
query_icmp off
test_reachability off
buffered_logs off
reload_into_ims off
icon_directory /usr/share/squid/icons
global_internal_static on
short_icon_urls off
error_directory /usr/share/squid/errors/English
maximum_single_addr_tries 1
retry_on_error off
# snmp_port 3401
wccp_router 10.1.109.250
wccp_version 4
wccp2_rebuild_wait on
wccp2_forwarding_method 1
wccp2_return_method 1
wccp2_assignment_method 1
wccp2_service standard 0
wccp2_weight 10000
delay_pools 0
delay_initial_bucket_level 50
incoming_icp_average 6
incoming_http_average 4
incoming_dns_average 4
min_icp_poll_cnt 8
min_dns_poll_cnt 8
min_http_poll_cnt 8
max_open_disk_fds 0
offline_mode off
uri_whitespace strip
nonhierarchical_direct on
prefer_direct off
strip_query_terms on
coredump_dir none
coredump_dir /var/spool/squid
redirector_bypass off
ignore_unknown_nameservers on
digest_generation on
digest_bits_per_entry 5
digest_rebuild_period 1 hour
digest_rewrite_period 1 hour
digest_swapout_chunk_size 4096 bytes
digest_rebuild_chunk_percentage 10
client_persistent_connections on
server_persistent_connections on
persistent_connection_after_error off
detect_broken_pconn off
balance_on_multiple_ip on
pipeline_prefetch off
request_entities off
high_response_time_warning 0
high_page_fault_warning 0
high_memory_warning 0
store_dir_select_algorithm least-load
ie_refresh off
vary_ignore_expire off
sleep_after_fork 0
minimum_expiry_time 60 seconds
relaxed_header_parser on
max_filedesc 1024

Please help.

0Trey0 04-10-2008 12:34 PM

Delete from
#Recommended minimum configuration:
to
acl CONNECT method CONNECT

then

Copy and paste this...



#Recommended minimum configuration:
acl a src 10.1.109.0/255.255.255.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.0
acl to_localhost dst 127.0.0.0/8
http_access allow a
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT


All times are GMT -5. The time now is 03:35 AM.