Hi all. Im still trying to get my squid proxy server going and i think im almost done getting it fixed, yesterday after taking the advice from some of the forum members i got the server up and going. However, i wasnt able to actually 'browse' anywhere when i connected to the server through its listening port 3128. So i decided to take the conf home and work on it as best i could. Its a big conf file but i feel that i need to paste the entire conf because i edited it as best i could. So here it is...
Code:
#Recommended minimum configuration per scheme:
#auth_param negotiate program <uncomment and complete this line to activate>
#auth_param negotiate children
#auth_param negotiate keep_alive on
#auth_param ntlm program <uncomment and complete this line to activate>
#auth_param ntlm children 5
#auth_param ntlm keep_alive on
#auth_param digest program <uncomment and complete this line>
#auth_param digest children 5
#auth_param digest realm Squid proxy-caching web server
#auth_param digest nonce_garbage_interval 5 minutes
#auth_param digest nonce_max_duration 30 minutes
#auth_param digest nonce_max_count 50
#auth_param basic program <uncomment and complete this line>
#auth_param basic children 5
#auth_param basic realm Squid proxy-caching web server
#auth_param basic credentialsttl 2 hours
#auth_param basic casesensitive off
# authenticate_cache_garbage_interval 1 hour
# authenticate_ttl 1 hour
# authenticate_ip_ttl 0 seconds
# authenticate_ip_shortcircuit_ttl 0 seconds
#Examples:
acl macaddress arp 09:00:2b:23:45:67
acl myexample dst_as 1241
#acl password proxy_auth REQUIRED
acl fileupload req_mime_type -i ^multipart/form-data$
acl javascript rep_mime_type -i ^application/x-javascript$
#
#Recommended minimum configuration:
acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
#
# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
#
acl SSL_ports port 443 # https
acl SSL_ports port 563 # snews
acl SSL_ports port 873 # rsync
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # SWAT
acl purge method PURGE
acl CONNECT method CONNECT
# ----------------------- HTTP Access Controls
http_access allow all
# Squid normally listens to port 3128
http_port 10.1.10.88:3128
#https_port 10.1.10.88:443 defaultsite=visolve.com
http_access allow manager localhost
http_access deny manager
# Only allow purge requests from localhost
http_access allow purge localnet
http_access deny purge
http_access allow localnet
http_access deny all
http_reply_access allow all
# -----------------------------------------------------------
htcp_access allow localnet
htcp_access deny all
#acl htcp_clr_peer src 172.16.1.2
#htcp_clr_access allow htcp_clr_peer
# htcp_clr_access deny all
# miss_access allow all
# ident_lookup_access deny all
# reply_body_max_size 0 allow all
# authenticate_ip_shortcircuit_access
# follow_x_forwarded_for deny all
# delay_pool_uses_indirect_client on
# log_uses_indirect_client on
# sslproxy_client_certificate
# sslproxy_client_key
# sslproxy_version
# sslproxy_version 1
# sslproxy_options
# sslproxy_cipher
# sslproxy_cafile
# sslproxy_capath
# zph_mode off
# zph_local 0
# zph_sibling 0
# zph_parent 0
# zph_option 136
# cache_peer_access
# dead_peer_timeout 10 seconds
hierarchy_stoplist cgi-bin ? #We recommend you to use at least this following line.
# cache_mem 8 MB
# maximum_object_size_in_memory 8 KB
# memory_replacement_policy lru
# cache_replacement_policy lru
# cache_dir ufs /var/spool/squid 100 16 256
# store_dir_select_algorithm least-load
# max_open_disk_fds 0
# minimum_object_size 0 KB
# maximum_object_size 20480 KB
# cache_swap_low 90
# cache_swap_high 95
update_headers on
# ----------------------------------------------------------------------------
# -----------------------------------------------------------------------------
# LOGFILE OPTIONS
# -----------------------------------------------------------------------------
logformat squid %ts.%03tu %6tr %>a %Ss/%03Hs %<st %rm %ru %un %Sh/%<A %mt
logformat squidmime %ts.%03tu %6tr %>a %Ss/%03Hs %<st %rm %ru %un %Sh/%<A %mt [%>h] [%<h]
logformat common %>a %ui %un [%tl] "%rm %ru HTTP/%rv" %Hs %<st %Ss:%Sh
logformat combined %>a %ui %un [%tl] "%rm %ru HTTP/%rv" %Hs %<st "%{Referer}>h" "%{User-Agent}>h" %Ss:%Sh
access_log /var/log/squid/access.log squid
# log_access allow|deny acl acl...
# logfile_daemon /usr/lib/squid/logfile-daemon
# cache_log /var/log/squid/cache.log
# cache_store_log /var/log/squid/store.log
# cache_swap_state
# logfile_rotate 0
# emulate_httpd_log off
# log_ip_on_direct on
mime_table /usr/share/squid/mime.conf
# log_mime_hdrs off
# useragent_log
# referer_log
# pid_filename /var/run/squid.pid
# debug_options ALL,1
# log_fqdn off
# client_netmask 255.255.255.255
# forward_log
# strip_query_terms on
# buffered_logs off
# netdb_filename /var/spool/squid/logs/netdb.state
# -----------------------------------------------------------------------------
# OPTIONS FOR FTP GATEWAYING
# -----------------------------------------------------------------------------
# ftp_user Squid@
# ftp_list_width 32
# ftp_passive on
# ftp_sanitycheck on
# ftp_telnet_protocol on
# -----------------------------------------------------------------------------
# OPTIONS FOR EXTERNAL SUPPORT PROGRAMS
# -----------------------------------------------------------------------------
# diskd_program /usr/lib/squid/diskd-daemon
# unlinkd_program /usr/lib/squid/unlinkd
# pinger_program /usr/lib/squid/pinger
# -----------------------------------------------------------------------------
# OPTIONS FOR URL REWRITING
# -----------------------------------------------------------------------------
# TAG: storeurl_rewrite_program
# storeurl_rewrite_children 5
# storeurl_rewrite_concurrency 0
# url_rewrite_program
# url_rewrite_children 5
# url_rewrite_concurrency 0
# url_rewrite_host_header on
# url_rewrite_access
# storeurl_access
# redirector_bypass off
# location_rewrite_program
# location_rewrite_children 5
# location_rewrite_concurrency 0
# location_rewrite_access
# -----------------------------------------------------------------------------
# OPTIONS FOR TUNING THE CACHE
# -----------------------------------------------------------------------------
# cache
# max_stale 1 week
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern (Release|Package(.gz)*)$ 0 20% 2880
refresh_pattern . 0 20% 4320
# quick_abort_min 16 KB
# quick_abort_max 16 KB
# quick_abort_pct 95
# read_ahead_gap 16 KB
# negative_ttl 5 minutes
# positive_dns_ttl 6 hours
# negative_dns_ttl 1 minute
# range_offset_limit 0 KB
# minimum_expiry_time 60 seconds
# store_avg_object_size 13 KB
# store_objects_per_bucket 20
# -----------------------------------------------------------------------------
# HTTP OPTIONS
# -----------------------------------------------------------------------------
# request_header_max_size 20 KB
# reply_header_max_size 20 KB
# request_body_max_size 0 KB
# acl buggy_server url_regex ^http://....
# broken_posts allow buggy_server
acl shoutcast rep_header X-HTTP09-First-Line ^ICY\s[0-9]
upgrade_http0.9 deny shoutcast
via on
cache_vary on
acl apache rep_header Server ^Apache
# broken_vary_encoding allow apache
# collapsed_forwarding off
# refresh_stale_hit 0 seconds
ie_refresh on
# vary_ignore_expire off
extension_methods REPORT MERGE MKACTIVITY CHECKOUT
# request_entities off
header_access Proxy-Connection allow all
# header_replace
# relaxed_header_parser on
# server_http11 off
# ignore_expect_100 off
# external_refresh_check
# -----------------------------------------------------------------------------
# TIMEOUTS
# -----------------------------------------------------------------------------
# forward_timeout 4 minutes
# connect_timeout 1 minute
# peer_connect_timeout 30 seconds
# read_timeout 15 minutes
# request_timeout 5 minutes
# persistent_request_timeout 2 minutes
# client_lifetime 1 day
# half_closed_clients on
# pconn_timeout 1 minute
# ident_timeout 10 seconds
# shutdown_lifetime 30 seconds
# -----------------------------------------------------------------------------
# ADMINISTRATIVE PARAMETERS
# -----------------------------------------------------------------------------
# cache_mgr Matt-Admin
# mail_from
# mail_program mail
# cache_effective_user proxy
# cache_effective_group
# httpd_suppress_version_string off
# visible_hostname
# unique_hostname
# hostname_aliases none
umask 027
# -----------------------------------------------------------------------------
# OPTIONS FOR THE CACHE REGISTRATION SERVICE
# -----------------------------------------------------------------------------
# announce_period 0
# announce_period 1 day
# announce_host tracker.ircache.net
# announce_port 3131
# -----------------------------------------------------------------------------
# HTTPD-ACCELERATOR OPTIONS
# -----------------------------------------------------------------------------
# httpd_accel_no_pmtu_disc off
# -----------------------------------------------------------------------------
# DELAY POOL PARAMETERS
# -----------------------------------------------------------------------------
# delay_pools 0
# delay_pools 2 # 2 delay pools
# delay_class 1 2 # pool 1 is a class 2 pool
# delay_class 2 3 # pool 2 is a class 3 pool
# delay_access 1 allow some_big_clients
# delay_access 1 deny all
# delay_access 2 allow lotsa_little_clients
# delay_access 2 deny all
# delay_parameters 2 32000/32000 8000/8000 600/8000
# delay_initial_bucket_level 50
# -----------------------------------------------------------------------------
# WCCPv1 AND WCCPv2 CONFIGURATION OPTIONS
# -----------------------------------------------------------------------------
# wccp_router 0.0.0.0
# wccp_version 4
# wccp2_rebuild_wait on
# wccp2_forwarding_method 1
# wccp2_return_method 1
# wccp2_assignment_method 1
# wccp2_service standard 0
# wccp2_service_info
# wccp2_weight 10000
# wccp_address 0.0.0.0
# wccp2_address 0.0.0.0
# -----------------------------------------------------------------------------
# PERSISTENT CONNECTION HANDLING
# -----------------------------------------------------------------------------
# client_persistent_connections on
# server_persistent_connections on
# persistent_connection_after_error off
# detect_broken_pconn off
# -----------------------------------------------------------------------------
# CACHE DIGEST OPTIONS
# -----------------------------------------------------------------------------
# digest_generation on
# digest_bits_per_entry 5
# digest_rebuild_period 1 hour
# digest_rewrite_period 1 hour
# digest_swapout_chunk_size 4096 bytes
# digest_rebuild_chunk_percentage 10
# -----------------------------------------------------------------------------
# SNMP OPTIONS
# -----------------------------------------------------------------------------
# snmp_port
# snmp_access allow all
# snmp_incoming_address 0.0.0.0
# snmp_outgoing_address 255.255.255.255
# -----------------------------------------------------------------------------
# ICP OPTIONS
# -----------------------------------------------------------------------------
icp_access allow localnet
icp_access deny all
icp_port 3130
# htcp_port 0
# log_icp_queries on
# udp_incoming_address 0.0.0.0
# udp_outgoing_address 255.255.255.255
# icp_hit_stale off
# minimum_direct_hops 4
# minimum_direct_rtt 400
# netdb_low 900
# netdb_high 1000
# netdb_ping_period 5 minutes
# query_icmp off
# test_reachability off
icp_query_timeout 2000
#maximum_icp_query_timeout 5000
#minimum_icp_query_timeout 4000
# -----------------------------------------------------------------------------
# MULTICAST ICP OPTIONS
# -----------------------------------------------------------------------------
# mcast_groups
# mcast_miss_addr 255.255.255.255
# mcast_miss_ttl 16
# mcast_miss_port 3135
# mcast_miss_encode_key XXXXXXXXXXXXXXXX
# mcast_icp_query_timeout 2000
# -----------------------------------------------------------------------------
# INTERNAL ICON OPTIONS
# -----------------------------------------------------------------------------
# icon_directory /usr/share/squid/icons
# global_internal_static on
short_icon_urls off
# -----------------------------------------------------------------------------
# ERROR PAGE OPTIONS
# -----------------------------------------------------------------------------
# error_directory /usr/share/squid/errors/English
# error_map none
# err_html_text none
# deny_info none
# -----------------------------------------------------------------------------
# OPTIONS INFLUENCING REQUEST FORWARDING
# -----------------------------------------------------------------------------
nonhierarchical_direct on
# prefer_direct off
ignore_ims_on_miss off
always_direct allow HTTP
# never_direct
max_filedescriptors 0
## The accept_filter httpready is for FreeBSD
#accept_filter httpready
## The accept_filter data is for Linux
accept_filter data
# Can you set network bandwidth this way too? O_o
tcp_recv_bufsize 0 bytes
incoming_rate 30
# -----------------------------------------------------------------------------
# DNS OPTIONS
# -----------------------------------------------------------------------------
check_hostnames on
allow_underscore on
# cache_dns_program /usr/lib/squid/dnsserver
# dns_children 5
dns_retransmit_interval 10 seconds
dns_timeout 2 minutes
# dns_defnames off
#dns_nameservers 10.0.0.1 192.172.0.4
hosts_file /etc/hosts
dns_testnames google.com yahoo.com icq.com myspace.com
# append_domain .yourdomain.com
ignore_unknown_nameservers off
# ipcache_size 1024
# ipcache_low 90
# ipcache_high 95
# fqdncache_size 1024
# -----------------------------------------------------------------------------
# MISCELLANEOUS OPTIONS
# -----------------------------------------------------------------------------
# memory_pools on
# memory_pools_limit 5 MB
# cachemgr_passwd disable all
client_db on
# Note: reload_into_ims does not look like a good idea, better keep it disabled.
# reload_into_ims off
maximum_single_addr_tries 3
retry_on_error on
# as_whois_server whois.ra.net
# as_whois_server whois.ra.net
# offline_mode off
# uri_whitespace strip
coredump_dir /var/spool/squid
# chroot
# balance_on_multiple_ip on
# pipeline_prefetch off
# high_page_fault_warning
# high_response_time_warning 0
# high_memory_warning 0
# sleep_after_fork 0
# zero_buffers on
# windows_ipaddrchangemonitor on
After spending like 3 hours working on that and reading from a .pdf i felt that i took all the needed steps into getting a _working_ proxy server for my job. However even after all of that i got the following error.
Code:
Starting Squid HTTP proxy: squid2009/08/21 13:44:18| ACL name 'HTTP' not defined!
FATAL: Bungled squid.conf line 445: always_direct allow HTTP
Squid Cache (Version 2.7.STABLE3): Terminated abnormally.
failed!
And before i mustered up the time to post this i thought i would try to investigate this further by getting the original conf thats in /usr/share/doc/squid/examples/squid.conf This is Squid 2.7 Stable 3 - Any help on this would be much appreciated. Thanx in advance!
P.S. sorry for posting a new question on an old topic, but i just havnt figured it out yet!