[Linuxtrent] Re: squid access.log ma non capisco.

• From: Mario Vittorio Guenzi <jclark@xxxxxxxxxx>
• To: linuxtrent@xxxxxxxxxxxxx
• Date: Thu, 24 Feb 2011 10:26:04 +0100

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Kinkie ha scritto:

> 
> Bisognerebbe vedere la configurazione del tuo squid (le linee acl e
> http_access per lo meno)
> 
> 

giusto...
sorry avrei dovuto pensarci prima ma si vede che sono propriopiu'
stordito del solito vecchiaia e interventi non aiutano certo.
- --

Mario Vittorio Guenzi
E-mail jclark@xxxxxxxxxx
Si vis pacem, para bellum
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk1mJCsACgkQm6qs1ZkNrIrKOwCdEbOlauWobdjr+h3oXx1+3kSn
QZIAn2c9xpBzcCSQovYFnmIDRjcAy5xJ
=6zb7
-----END PGP SIGNATURE-----

### test per java
acl Java browser Java/1.4 Java/1.5 Java/1.6
http_access allow Java
### fine test

auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 5
auth_param ntlm keep_alive on
auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
authenticate_cache_garbage_interval 1 hour
authenticate_ttl 1 hour
### windows update prima di autenticazione
acl wu dstdomain .windowsupdate.com .microsoft.com .windows.com 
.public-trust.com
http_access allow wu
### avast update prima di autenticazione
acl avast dstdomain .avast.com
http_access allow avast
### disperato tentativo per adobe
acl adobe dstdomain .adobe.com 
http_access allow adobe
#acl my_lan src 192.168.2.0/24
#acl macaddress arp 09:00:2b:23:45:67
#acl myexample dst_as 1241
acl password proxy_auth REQUIRED
#acl fileupload req_mime_type -i ^multipart/form-data$
acl javascript rep_mime_type -i ^application/x-javascript$
#
#Default:
#acl all src 0.0.0.0/0.0.0.0
#
#Recommended minimum configuration:
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
#
#
acl SSL_ports port 443
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT
# Only allow cachemgr access from localhost
http_access allow manager localhost
http_access deny manager
# Deny requests to unknown ports
http_access deny !Safe_ports
# Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports
#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
acl my_lan src 192.168.2.0/24
acl gator browser Gator/5.0
acl blacklist url_regex "/jumper/etc/blacklist.txt"
acl malware_block_list url_regex -i "/jumper/etc/malware_block_list.txt"
acl reqmsn req_mime_type -i ^application/x-msn-messenger
acl repmsn rep_mime_type -i ^application/x-msn-messenger

http_access deny blacklist
http_access deny malware_block_list
deny_info http://malware.hiperlinks.com.br/denied.shtml malware_block_list
http_access deny gator
http_access deny reqmsn
http_reply_access deny repmsn
http_access allow localhost
http_access allow password
http_access deny blacklist
http_access deny malware_block_list
deny_info http://malware.hiperlinks.com.br/denied.shtml malware_block_list
http_access deny gator
http_access deny reqmsn
http_access allow localhost
# And finally deny all other access to this proxy
http_access deny all
# none
http_reply_access deny repmsn
http_reply_access allow all
icp_access deny all
htcp_access deny all
htcp_clr_access deny all
# Squid normally listens to port 3128
http_port 3128       
# none
cache_peer_access 127.0.0.1 allow password

hierarchy_stoplist cgi-bin ?
#Default:
 cache_mem 8 MB
#cache_mem 512 MB
maximum_object_size_in_memory 8 KB
memory_replacement_policy lru
cache_replacement_policy lru
cache_dir aufs /cache 22000 16 256
store_dir_select_algorithm least-load
max_open_disk_fds 0
minimum_object_size 0 KB
maximum_object_size 4096 KB
logformat combined %>a %ui %un [%tl] "%rm %ru HTTP/%rv" %>Hs %<st 
"%{Referer}>h" "%{User-Agent}>h" %Ss:%Sh
access_log jumper/var/log/squid3/access.log squid
cache_log /jumper/var/log/squid3/cache.log
cache_store_log jumper/var/log/squid3/store.log
logfile_rotate 0
emulate_httpd_log off
log_ip_on_direct on
mime_table /usr/share/squid3/mime.conf
log_mime_hdrs off
pid_filename /var/run/squid3.pid
debug_options ALL,1
log_fqdn on
buffered_logs on
ftp_user Squid@
ftp_list_width 32
ftp_passive on
ftp_sanitycheck on
ftp_telnet_protocol on
diskd_program /usr/lib/squid3/diskd
unlinkd_program /usr/lib/squid3/unlinkd
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern (cgi-bin|\?)    0       0%      0
refresh_pattern .               0       20%     4320
 quick_abort_min 16 KB
 quick_abort_max 16 KB
 quick_abort_pct 95
 read_ahead_gap 16 KB
 positive_dns_ttl 6 hours
 negative_dns_ttl 1 minutes
 range_offset_limit 0 KB
 minimum_expiry_time 60 seconds
 store_avg_object_size 13 KB
 store_objects_per_bucket 20
 request_header_max_size 20 KB
 reply_header_max_size 20 KB
 request_body_max_size 0 KB
ie_refresh on
 relaxed_header_parser on
 forward_timeout 4 minutes
 connect_timeout 1 minute
 request_timeout 5 minutes
 persistent_request_timeout 2 minutes
 client_lifetime 600 minutes 
 half_closed_clients on
 pconn_timeout 1 minute
 ident_timeout 10 seconds
 shutdown_lifetime 30 seconds
cache_mgr webmaster
mail_from squid@proxy
mail_program mail
cache_effective_user proxy
cache_effective_group proxy
 httpd_suppress_version_string on
visible_hostname proxy
#Default:
 client_persistent_connections on
 server_persistent_connections on
 persistent_connection_after_error off
snmp_port 3401
icp_port 3130
icon_directory /usr/share/squid3/icons
global_internal_static on
error_directory /usr/share/squid3/errors/Italian
 email_err_data on
acl FTP proto FTP
always_direct allow FTP
check_hostnames on
 allow_underscore on
 dns_retransmit_interval 5 seconds
 dns_timeout 2 minutes
 dns_defnames off
dns_nameservers 192.168.2.10
 hosts_file /etc/hosts
 ignore_unknown_nameservers on
ipcache_size 1024
ipcache_low 90
ipcache_high 95
fqdncache_size 1024
 memory_pools on
 memory_pools_limit 5 MB
 forwarded_for on
 client_db on
coredump_dir jumper/var/spool/squid3

• References:
  • [Linuxtrent] squid access.log ma non capisco.
    • From: Mario Vittorio Guenzi
  • [Linuxtrent] Re: squid access.log ma non capisco.
    • From: Kinkie

Other related posts:

• » [Linuxtrent] squid access.log ma non capisco.- Mario Vittorio Guenzi
• » [Linuxtrent] Re: squid access.log ma non capisco.- Kinkie
• » [Linuxtrent] Re: squid access.log ma non capisco. - Mario Vittorio Guenzi

1. Home
2. linuxtrent
3. Archive
4. 02-2011

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---