[Techtalk] Squid

Kristina Jareckaite kristi at erdves.lt
Fri Jun 20 08:48:59 EST 2003


Firstly, thanks to Maria for her helpful advices on the fiber optics problem.

... and I've already got another question -- on Squid :]

My co-worker tried to configure it and everything seems to work fine but
there's a problem with the sites that request authentification (like web-mail
or so), they don't work  (connection time outs appear). He asked for my help,
and I told him that as far as I know these authorisations must be let through
and not cached -- though I was unable to find where to fix this in the
squid.conf (must confess I've never worked with squid before myself, had only
a touch of Oops as a proxy server). I'd really appreciate help on this

PS: attached is the squid.conf.

-------------- next part --------------
http_port 8080
icp_port 3130


cache_peer proxy.mit.lt parent  8080 3130 no-query default
 icp_query_timeout 1
 acl QUERY urlpath_regex bad_url
 no_cache deny  QUERY
cache_mem 64 MB
cache_dir ufs /var/cache/squid 1024 16 256

 log_ip_on_direct on

 ftp_user zemko@
ftp_passive on

 dns_timeout 2 minutes

 reference_age 1 week
 negative_ttl 2  minutes
 connect_timeout 1 minute

acl all src
acl allowed_hosts src
acl machineip src
acl manager proto cache_object
acl localhost src
acl good_url	url_regex	 "/etc/squid/acl/good_url"
acl bad_urlpath	urlpath_regex	 "/etc/squid/acl/bad_url_path"
acl bad_url	url_regex	 "/etc/squid/acl/bad_url"
acl SSL_ports port 443 563
acl Safe_ports port 80		# http
acl Safe_ports port 21		# ftp
acl Safe_ports port 443 563	# https, snews
acl Safe_ports port 70		# gopher
acl Safe_ports port 210		# wais
acl Safe_ports port 1025-65535	# unregistered ports
acl Safe_ports port 280		# http-mgmt
acl Safe_ports port 488		# gss-http
acl Safe_ports port 591		# filemaker
acl Safe_ports port 777		# multiling http

http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access allow CONNECT !SSL_ports
http_access allow localhost
http_access allow allowed_hosts
http_access deny manager !machineip
http_access allow SSL_ports
http_access deny bad_urlpath !good_url
http_access deny bad_url !good_url 
http_access deny all

 icp_access allow allowed_hosts
 icp_access deny all
icp_access allow allowed_hosts
 miss_access allow all

	acl ident_aware_hosts src
	ident_lookup_access allow ident_aware_hosts

cache_mgr root

 announce_host zemko
 announce_port 3131

 httpd_accel_with_proxy off

 append_domain .zemko

More information about the Techtalk mailing list