Starting squid: [FAILED]
[root@test ~]# service squid start
Starting squid: [FAILED]
[root@test ~]# grep | squid
Usage: grep [OPTION]... PATTERN [FILE]...
Try `grep --help' for more information.
2012/05/07 16:38:31| ACL name 'QUERY' not defined!
FATAL: Bungled squid.conf line 609: cache deny QUERY
Squid Cache (Version 2.6.STABLE21): Terminated abnormally.
[root@test ~]# vim /squid.conf
# WELCOME TO SQUID 2.6.STABLE21
# ----------------------------
#
# # acl many_spaces rep_header Content-Disposition -i [[:space:]]{3,}
#
# acl acl_name external class_name [arguments...]
# # external ACL lookup via a helper class defined by the
# # external_acl_type directive.
#
# acl urlgroup group1 ...
# # match against the urlgroup as indicated by redirectors
#
# acl aclname user_cert attribute values...
# # match against attributes in a user SSL certificate
# # attribute is one of DN/C/O/CN/L/ST
#
# acl aclname ca_cert attribute values...
# # match against attributes a users issuing CA SSL certificate
# # attribute is one of DN/C/O/CN/L/ST
#
# acl aclname ext_user username ...
# acl aclname ext_user_regex [-i] pattern ...
# # string match on username returned by external acl helper
# # use REQUIRED to accept any non-null user name.
#
#Examples:
#acl macaddress arp 09:00:2b:23:45:67
#acl myexample dst_as 1241
#acl password proxy_auth REQUIRED
#acl fileupload req_mime_type -i ^multipart/form-data$
#acl javascript rep_mime_type -i ^application/x-javascript$
#
#Recommended minimum configuration:
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl localnet src 172.20.0.0/255.255.240.0
acl localuser src "/etc/squid/localuser"
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Blockdomain dstdomain "/etc/squid/blockdomain"
acl BlockSites dstdom_regex "/etc/squid/wordbasis"
acl fullinternet src "/etc/squid/fullinternet"
acl blockinternet src "/etc/squid/blockinternet"
acl allowsiteip src "/etc/squid/allowsiteip"
acl allowskype src "/etc/squid/allowskype"
acl allowsite url_regex -i "/etc/squid/allowsite"
acl CONNECT method CONNECT
acl deny_tor rep_mime_type -i ^application/x-bittorrent
acl ipacl url_regex
http://[0-9]*\.[0-9]*\.[0-9]*\.[0-9]*
acl numeric_IPs url_regex ^[0-9]+.[0-9]+.[0-9]+.[0-9]+
acl datacenter url_regex "/etc/squid/datacenter"
acl team url_regex 5983
acl DenyFile urlpath_regex -i .mp3$ .exe$ .mp4$ .mpeg$ .wav$ .AVI$
.MKV$ .MOV$ .MP4$ .DivX$ .FLV$ .ogg$ .ogv$
acl skype dstdom_regex
^(([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)|(\[([0-9af]+)?
[0-9af:]+)?
[0-9af]+)?\])):443
acl skype_UA browser ^skype^
acl full_without_social src "/etc/squid/full_without_social"
acl social url_regex -i "/etc/squid/social"
cache deny QUERY
visible_hostname proxy.gtsl.gcl.in
deny_info
http://a11ybugs.org/images/fix-the-web.jpg accessdenied
cache_mgr
tsgitsupport@gcl.in
# TAG: http_access
# Allowing or Denying access based on defined access lists
#
# Access to the HTTP port:
# http_access allow|deny [!]aclname ...
#
# NOTE on default values:
#
# If there are no "access" lines present, the default is to deny
# the request.
#
# If none of the "access" lines cause a match, the default is the
# opposite of the last line in the list. If the last line was
# deny, the default is allow. Conversely, if the last line
# is allow, the default will be deny. For these reasons, it is a
# good idea to have an "deny all" or "allow all" entry at the end
# of your access lists to avoid potential confusion.
#
#Default:
# http_access deny all
#
#Recommended minimum configuration:
#
# Only allow cachemgr access from localhost
http_access allow manager localhost
http_access allow localhost
#http_access deny manager
http_access allow datacenter
http_access allow team
http_access allow fullinternet
http_access deny deny_tor
http_access deny full_without_social social
http_access allow full_without_social
# Deny requests to unknown ports
http_access deny !Safe_ports
#http_access deny manager
# Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports
http_access allow !Safe_ports
http_access deny ipacl
http_access deny numeric_IPs
#http_access deny myacl
#
# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on "localhost" is a local user
#http_access deny to_localhost
#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
# Example rule allowing access from your local networks. Adapt
# to list your (internal) IP networks from where browsing should
# be allowed
#acl our_networks src 192.168.1.0/24 192.168.2.0/24
#http_access allow our_networks
# And finally deny all other access to this proxy
http_access allow allowskype skype_UA
http_access allow allowskype skype
http_access allow allowsiteip allowsite
http_access allow localhost
#http_access deny all
#http_access allow all
http_access deny CONNECT !SSL_ports
http_access deny Blockdomain
http_access deny BlockSites
http_access deny blockinternet
http_access allow allowsiteip
http_access allow allowskype
http_access allow localuser
http_access deny DenyFile !DenyFile
http_access deny all
http_access deny localnet
# TAG: http_access2
# Allowing or Denying access based on defined access lists
#
# Identical to http_access, but runs after redirectors. If not set
# then only http_access is used.
#
#Default:
# none
# TAG: http_reply_access
# Allow replies to client requests. This is complementary to http_access.
#
# http_reply_access allow|deny [!] aclname ...
#
# NOTE: if there are no access lines present, the default is to allow
# all replies
#
# If none of the access lines cause a match the opposite of the
# last line will apply. Thus it is good practice to end the rules
# with an "allow all" or "deny all" entry.
#
#Default:
http_reply_access allow all
# TAG: icp_access
# Allowing or Denying access to the ICP port based on defined
# access lists
#
# icp_access allow|deny [!]aclname ...
#
# See http_access for details
#
#Default:
# icp_access deny all
#
#Allow ICP queries from everyone
icp_access allow all
# TAG: htcp_access
# Note: This option is only available if Squid is rebuilt with the
# --enable-htcp option
#
# Allowing or Denying access to the HTCP port based on defined
# access lists
#
# htcp_access allow|deny [!]aclname ...
#
# See http_access for details
#
# NOTE: The default if no htcp_access lines are present is to
# deny all traffic. This default may cause problems with peers
# using the htcp or htcp-oldsquid options.
#
##Allow HTCP queries from everyone
#htcp_access allow all
#
#Default:
# htcp_access deny all
# TAG: htcp_clr_access
# Note: This option is only available if Squid is rebuilt with the
# --enable-htcp option
#
# Allowing or Denying access to purge content using HTCP based
# on defined access lists
#
# htcp_clr_access allow|deny [!]aclname ...
#
# See http_access for details
#
##Allow HTCP CLR requests from trusted peers
#acl htcp_clr_peer src 172.16.1.2
#htcp_clr_access allow htcp_clr_peer
#
#Default:
# htcp_clr_access deny all
# TAG: miss_access
# Use to force your neighbors to use you as a sibling instead of
# a parent. For example:
#
# acl localclients src 172.16.0.0/16
# miss_access allow localclients
# miss_access deny !localclients
#
# This means only your local clients are allowed to fetch
# MISSES and all other clients can only fetch HITS.
#
# By default, allow all clients who passed the http_access rules
# to fetch MISSES from us.
#
#Default setting:
# miss_access allow all
# TAG: ident_lookup_access
# A list of ACL elements which, if matched, cause an ident
# (RFC931) lookup to be performed for this request. For
# example, you might choose to always perform ident lookups
# for your main multi-user Unix boxes, but not for your Macs
# and PCs. By default, ident lookups are not performed for
# any requests.
#
# To enable ident lookups for specific client addresses, you
# can follow this example:
#
# acl ident_aware_hosts src 198.168.1.0/255.255.255.0
# ident_lookup_access allow ident_aware_hosts
# ident_lookup_access deny all
#
# Only src type ACL checks are fully supported. A src_domain
# ACL might work at times, but it will not always provide
# the correct result.
#
#Default:
# ident_lookup_access deny all
# TAG: reply_body_max_size bytes allow|deny acl acl...
# This option specifies the maximum size of a reply body in bytes.
# It can be used to prevent users from downloading very large files,
# such as MP3's and movies. When the reply headers are received,
# the reply_body_max_size lines are processed, and the first line with
# a result of "allow" is used as the maximum body size for this reply.
# This size is checked twice. First when we get the reply headers,
# we check the content-length value. If the content length value exists
# and is larger than the allowed size, the request is denied and the
# user receives an error message that says "the request or reply
# is too large." If there is no content-length, and the reply
# size exceeds this limit, the client's connection is just closed
# and they will receive a partial reply.
#
# WARNING: downstream caches probably can not detect a partial reply
# if there is no content-length header, so they will cache
# partial responses and give them out as hits. You should NOT
# use this option if you have downstream caches.
#
# If you set this parameter to zero (the default), there will be
# no limit imposed.
#
#Default:
# reply_body_max_size 0 allow all
#Default:
# none
LOG_FACILITY|LOG_PRIORITY
access_log /var/log/squid/access.log squid
#Default:
# coredump_dir none
#
# Leave coredumps in the first cache dir
coredump_dir /var/spool/squid
#
#Default:
# max_filedesc 1024
