Hi all. Im still trying to get my squid proxy server going and i think im almost done getting it fixed, yesterday after taking the advice from some of the forum members i got the server up and going. However, i wasnt able to actually 'browse' anywhere when i connected to the server through its listening port 3128. So i decided to take the conf home and work on it as best i could. Its a big conf file but i feel that i need to paste the entire conf because i edited it as best i could. So here it is...
Code:
#Recommended minimum configuration per scheme:
#auth_param negotiate program <uncomment and complete this line to activate>
#auth_param negotiate children
#auth_param negotiate keep_alive on
#auth_param ntlm program <uncomment and complete this line to activate>
#auth_param ntlm children 5
#auth_param ntlm keep_alive on
#auth_param digest program <uncomment and complete this line>
#auth_param digest children 5
#auth_param digest realm Squid proxy-caching web server
#auth_param digest nonce_garbage_interval 5 minutes
#auth_param digest nonce_max_duration 30 minutes
#auth_param digest nonce_max_count 50
#auth_param basic program <uncomment and complete this line>
#auth_param basic children 5
#auth_param basic realm Squid proxy-caching web server
#auth_param basic credentialsttl 2 hours
#auth_param basic casesensitive off
# authenticate_cache_garbage_interval 1 hour
# authenticate_ttl 1 hour
# authenticate_ip_ttl 0 seconds
# authenticate_ip_shortcircuit_ttl 0 seconds
#Examples:
acl macaddress arp 09:00:2b:23:45:67
acl myexample dst_as 1241
#acl password proxy_auth REQUIRED
acl fileupload req_mime_type -i ^multipart/form-data$
acl javascript rep_mime_type -i ^application/x-javascript$
#
#Recommended minimum configuration:
acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
#
# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
#
acl SSL_ports port 443 # https
acl SSL_ports port 563 # snews
acl SSL_ports port 873 # rsync
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # SWAT
acl purge method PURGE
acl CONNECT method CONNECT
# ----------------------- HTTP Access Controls
http_access allow all
# Squid normally listens to port 3128
http_port 10.1.10.88:3128
#https_port 10.1.10.88:443 defaultsite=visolve.com
http_access allow manager localhost
http_access deny manager
# Only allow purge requests from localhost
http_access allow purge localnet
http_access deny purge
http_access allow localnet
http_access deny all
http_reply_access allow all
# -----------------------------------------------------------
htcp_access allow localnet
htcp_access deny all
#acl htcp_clr_peer src 172.16.1.2
#htcp_clr_access allow htcp_clr_peer
# htcp_clr_access deny all
# miss_access allow all
# ident_lookup_access deny all
# reply_body_max_size 0 allow all
# authenticate_ip_shortcircuit_access
# follow_x_forwarded_for deny all
# delay_pool_uses_indirect_client on
# log_uses_indirect_client on
# sslproxy_client_certificate
# sslproxy_client_key
# sslproxy_version
# sslproxy_version 1
# sslproxy_options
# sslproxy_cipher
# sslproxy_cafile
# sslproxy_capath
# zph_mode off
# zph_local 0
# zph_sibling 0
# zph_parent 0
# zph_option 136
# cache_peer_access
# dead_peer_timeout 10 seconds
hierarchy_stoplist cgi-bin ? #We recommend you to use at least this following line.
# cache_mem 8 MB
# maximum_object_size_in_memory 8 KB
# memory_replacement_policy lru
# cache_replacement_policy lru
# cache_dir ufs /var/spool/squid 100 16 256
# store_dir_select_algorithm least-load
# max_open_disk_fds 0
# minimum_object_size 0 KB
# maximum_object_size 20480 KB
# cache_swap_low 90
# cache_swap_high 95
update_headers on
# ----------------------------------------------------------------------------
# -----------------------------------------------------------------------------
# LOGFILE OPTIONS
# -----------------------------------------------------------------------------
logformat squid %ts.%03tu %6tr %>a %Ss/%03Hs %<st %rm %ru %un %Sh/%<A %mt
logformat squidmime %ts.%03tu %6tr %>a %Ss/%03Hs %<st %rm %ru %un %Sh/%<A %mt [%>h] [%<h]
logformat common %>a %ui %un [%tl] "%rm %ru HTTP/%rv" %Hs %<st %Ss:%Sh
logformat combined %>a %ui %un [%tl] "%rm %ru HTTP/%rv" %Hs %<st "%{Referer}>h" "%{User-Agent}>h" %Ss:%Sh
access_log /var/log/squid/access.log squid
# log_access allow|deny acl acl...
# logfile_daemon /usr/lib/squid/logfile-daemon
# cache_log /var/log/squid/cache.log
# cache_store_log /var/log/squid/store.log
# cache_swap_state
# logfile_rotate 0
# emulate_httpd_log off
# log_ip_on_direct on
mime_table /usr/share/squid/mime.conf
# log_mime_hdrs off
# useragent_log
# referer_log
# pid_filename /var/run/squid.pid
# debug_options ALL,1
# log_fqdn off
# client_netmask 255.255.255.255
# forward_log
# strip_query_terms on
# buffered_logs off
# netdb_filename /var/spool/squid/logs/netdb.state
# -----------------------------------------------------------------------------
# OPTIONS FOR FTP GATEWAYING
# -----------------------------------------------------------------------------
# ftp_user Squid@
# ftp_list_width 32
# ftp_passive on
# ftp_sanitycheck on
# ftp_telnet_protocol on
# -----------------------------------------------------------------------------
# OPTIONS FOR EXTERNAL SUPPORT PROGRAMS
# -----------------------------------------------------------------------------
# diskd_program /usr/lib/squid/diskd-daemon
# unlinkd_program /usr/lib/squid/unlinkd
# pinger_program /usr/lib/squid/pinger
# -----------------------------------------------------------------------------
# OPTIONS FOR URL REWRITING
# -----------------------------------------------------------------------------
# TAG: storeurl_rewrite_program
# storeurl_rewrite_children 5
# storeurl_rewrite_concurrency 0
# url_rewrite_program
# url_rewrite_children 5
# url_rewrite_concurrency 0
# url_rewrite_host_header on
# url_rewrite_access
# storeurl_access
# redirector_bypass off
# location_rewrite_program
# location_rewrite_children 5
# location_rewrite_concurrency 0
# location_rewrite_access
# -----------------------------------------------------------------------------
# OPTIONS FOR TUNING THE CACHE
# -----------------------------------------------------------------------------
# cache
# max_stale 1 week
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern (Release|Package(.gz)*)$ 0 20% 2880
refresh_pattern . 0 20% 4320
# quick_abort_min 16 KB
# quick_abort_max 16 KB
# quick_abort_pct 95
# read_ahead_gap 16 KB
# negative_ttl 5 minutes
# positive_dns_ttl 6 hours
# negative_dns_ttl 1 minute
# range_offset_limit 0 KB
# minimum_expiry_time 60 seconds
# store_avg_object_size 13 KB
# store_objects_per_bucket 20
# -----------------------------------------------------------------------------
# HTTP OPTIONS
# -----------------------------------------------------------------------------
# request_header_max_size 20 KB
# reply_header_max_size 20 KB
# request_body_max_size 0 KB
# acl buggy_server url_regex ^http://....
# broken_posts allow buggy_server
acl shoutcast rep_header X-HTTP09-First-Line ^ICY\s[0-9]
upgrade_http0.9 deny shoutcast
via on
cache_vary on
acl apache rep_header Server ^Apache
# broken_vary_encoding allow apache
# collapsed_forwarding off
# refresh_stale_hit 0 seconds
ie_refresh on
# vary_ignore_expire off
extension_methods REPORT MERGE MKACTIVITY CHECKOUT
# request_entities off
header_access Proxy-Connection allow all
# header_replace
# relaxed_header_parser on
# server_http11 off
# ignore_expect_100 off
# external_refresh_check
# -----------------------------------------------------------------------------
# TIMEOUTS
# -----------------------------------------------------------------------------
# forward_timeout 4 minutes
# connect_timeout 1 minute
# peer_connect_timeout 30 seconds
# read_timeout 15 minutes
# request_timeout 5 minutes
# persistent_request_timeout 2 minutes
# client_lifetime 1 day
# half_closed_clients on
# pconn_timeout 1 minute
# ident_timeout 10 seconds
# shutdown_lifetime 30 seconds
# -----------------------------------------------------------------------------
# ADMINISTRATIVE PARAMETERS
# -----------------------------------------------------------------------------
# cache_mgr Matt-Admin
# mail_from
# mail_program mail
# cache_effective_user proxy
# cache_effective_group
# httpd_suppress_version_string off
# visible_hostname
# unique_hostname
# hostname_aliases none
umask 027
# -----------------------------------------------------------------------------
# OPTIONS FOR THE CACHE REGISTRATION SERVICE
# -----------------------------------------------------------------------------
# announce_period 0
# announce_period 1 day
# announce_host tracker.ircache.net
# announce_port 3131
# -----------------------------------------------------------------------------
# HTTPD-ACCELERATOR OPTIONS
# -----------------------------------------------------------------------------
# httpd_accel_no_pmtu_disc off
# -----------------------------------------------------------------------------
# DELAY POOL PARAMETERS
# -----------------------------------------------------------------------------
# delay_pools 0
# delay_pools 2 # 2 delay pools
# delay_class 1 2 # pool 1 is a class 2 pool
# delay_class 2 3 # pool 2 is a class 3 pool
# delay_access 1 allow some_big_clients
# delay_access 1 deny all
# delay_access 2 allow lotsa_little_clients
# delay_access 2 deny all
# delay_parameters 2 32000/32000 8000/8000 600/8000
# delay_initial_bucket_level 50
# -----------------------------------------------------------------------------
# WCCPv1 AND WCCPv2 CONFIGURATION OPTIONS
# -----------------------------------------------------------------------------
# wccp_router 0.0.0.0
# wccp_version 4
# wccp2_rebuild_wait on
# wccp2_forwarding_method 1
# wccp2_return_method 1
# wccp2_assignment_method 1
# wccp2_service standard 0
# wccp2_service_info
# wccp2_weight 10000
# wccp_address 0.0.0.0
# wccp2_address 0.0.0.0
# -----------------------------------------------------------------------------
# PERSISTENT CONNECTION HANDLING
# -----------------------------------------------------------------------------
# client_persistent_connections on
# server_persistent_connections on
# persistent_connection_after_error off
# detect_broken_pconn off
# -----------------------------------------------------------------------------
# CACHE DIGEST OPTIONS
# -----------------------------------------------------------------------------
# digest_generation on
# digest_bits_per_entry 5
# digest_rebuild_period 1 hour
# digest_rewrite_period 1 hour
# digest_swapout_chunk_size 4096 bytes
# digest_rebuild_chunk_percentage 10
# -----------------------------------------------------------------------------
# SNMP OPTIONS
# -----------------------------------------------------------------------------
# snmp_port
# snmp_access allow all
# snmp_incoming_address 0.0.0.0
# snmp_outgoing_address 255.255.255.255
# -----------------------------------------------------------------------------
# ICP OPTIONS
# -----------------------------------------------------------------------------
icp_access allow localnet
icp_access deny all
icp_port 3130
# htcp_port 0
# log_icp_queries on
# udp_incoming_address 0.0.0.0
# udp_outgoing_address 255.255.255.255
# icp_hit_stale off
# minimum_direct_hops 4
# minimum_direct_rtt 400
# netdb_low 900
# netdb_high 1000
# netdb_ping_period 5 minutes
# query_icmp off
# test_reachability off
icp_query_timeout 2000
#maximum_icp_query_timeout 5000
#minimum_icp_query_timeout 4000
# -----------------------------------------------------------------------------
# MULTICAST ICP OPTIONS
# -----------------------------------------------------------------------------
# mcast_groups
# mcast_miss_addr 255.255.255.255
# mcast_miss_ttl 16
# mcast_miss_port 3135
# mcast_miss_encode_key XXXXXXXXXXXXXXXX
# mcast_icp_query_timeout 2000
# -----------------------------------------------------------------------------
# INTERNAL ICON OPTIONS
# -----------------------------------------------------------------------------
# icon_directory /usr/share/squid/icons
# global_internal_static on
short_icon_urls off
# -----------------------------------------------------------------------------
# ERROR PAGE OPTIONS
# -----------------------------------------------------------------------------
# error_directory /usr/share/squid/errors/English
# error_map none
# err_html_text none
# deny_info none
# -----------------------------------------------------------------------------
# OPTIONS INFLUENCING REQUEST FORWARDING
# -----------------------------------------------------------------------------
nonhierarchical_direct on
# prefer_direct off
ignore_ims_on_miss off
always_direct allow HTTP
# never_direct
max_filedescriptors 0
## The accept_filter httpready is for FreeBSD
#accept_filter httpready
## The accept_filter data is for Linux
accept_filter data
# Can you set network bandwidth this way too? O_o
tcp_recv_bufsize 0 bytes
incoming_rate 30
# -----------------------------------------------------------------------------
# DNS OPTIONS
# -----------------------------------------------------------------------------
check_hostnames on
allow_underscore on
# cache_dns_program /usr/lib/squid/dnsserver
# dns_children 5
dns_retransmit_interval 10 seconds
dns_timeout 2 minutes
# dns_defnames off
#dns_nameservers 10.0.0.1 192.172.0.4
hosts_file /etc/hosts
dns_testnames google.com yahoo.com icq.com myspace.com
# append_domain .yourdomain.com
ignore_unknown_nameservers off
# ipcache_size 1024
# ipcache_low 90
# ipcache_high 95
# fqdncache_size 1024
# -----------------------------------------------------------------------------
# MISCELLANEOUS OPTIONS
# -----------------------------------------------------------------------------
# memory_pools on
# memory_pools_limit 5 MB
# cachemgr_passwd disable all
client_db on
# Note: reload_into_ims does not look like a good idea, better keep it disabled.
# reload_into_ims off
maximum_single_addr_tries 3
retry_on_error on
# as_whois_server whois.ra.net
# as_whois_server whois.ra.net
# offline_mode off
# uri_whitespace strip
coredump_dir /var/spool/squid
# chroot
# balance_on_multiple_ip on
# pipeline_prefetch off
# high_page_fault_warning
# high_response_time_warning 0
# high_memory_warning 0
# sleep_after_fork 0
# zero_buffers on
# windows_ipaddrchangemonitor on
After spending like 3 hours working on that and reading from a .pdf i felt that i took all the needed steps into getting a _working_ proxy server for my job. However even after all of that i got the following error.
Code:
Starting Squid HTTP proxy: squid2009/08/21 13:44:18| ACL name 'HTTP' not defined!
FATAL: Bungled squid.conf line 445: always_direct allow HTTP
Squid Cache (Version 2.7.STABLE3): Terminated abnormally.
failed!
And before i mustered up the time to post this i thought i would try to investigate this further by getting the original conf thats in /usr/share/doc/squid/examples/squid.conf This is Squid 2.7 Stable 3 - Any help on this would be much appreciated. Thanx in advance!
P.S. sorry for posting a new question on an old topic, but i just havnt figured it out yet!
Squid ACL error
But your advice was dead on. Now im off to save this config for later use as im sure i'll need it again. 
