Re: [squid-users] Squid Proxy Server Problems

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Fri, 10 Jul 2009 15:18:32 +1200

admin_at_unixguru.asia wrote:
>> admin_at_unixguru.asia wrote:
>>> Hi,
>>>
>>> Im using debian etch 4.0. I runing Squid Proxy Server on my dedicated
>>> server. Because of first time i installing it. Im confiusing why when im
>>> try it on browser it re-direct back to my website.
>>>
>>> IP: 77.92.87.175 Port: 3128
>>>
>>>
>>> Thanks and appreciate!
>>>
>> What exactly are you trying to do here? the config is a mix of purposes
>> / proxy modes and none of them completely configured.
>>
>> Some notes on the config below after particular items...
>>
>>> ---------------------------------------------------------
>>>
>>> [root_at_unixguru] null $ cat /etc/squid/squid.conf | sed '/ *#/d; /^ *$/d'
>>> acl all src 0.0.0.0/0.0.0.0
>> acl all src all
>>
>>> acl manager proto cache_object
>>> acl localhost src 127.0.0.1/255.255.255.255
>> acl localhost 127.0.0.1/32
>>
>>> acl to_localhost dst 127.0.0.0/8
>>> acl SSL_ports port 443 563
>>> acl purge method PURGE
>>> acl CONNECT method CONNECT
>>> http_access allow manager localhost
>>> http_access deny manager
>>> http_access allow purge localhost
>>> http_access deny purge
>>> http_access deny !Safe_ports
>>> http_access deny CONNECT !SSL_ports
>>> http_access allow localhost
>>> http_access deny all
>>> http_reply_access allow all
>>> icp_access allow all
>>> coredump_dir /var/cache/squid
>>> never_direct allow Safe_ports
>> .. means only the known _dangerous_ ports are allowed to be connected
>> directly to the Internet by Squid. !!!
>>
>> .. Safe ports are forced to go through a cache_peer...
>>
>> Thankfully http_access still prevents those ports being acceptable.
>> Remove this never_direct line from your config as the first thing you do.
>>
>>
>>> http_port 3128
>>> cache_peer 192.168.0.1 parent 3128 3130
>> ... the only cache_peer is 192.168.0.1 . From your problem description I
>> guess this is your web server.
>>
>>> header_access via allow all
>>> header_access from allow all
>> Default actions you can remove these lines.
>>
>>> forwarded_for off
>>> access_log /var/log/squid/access_log_v3
>>> cache_access_log /var/log/squid/cache_acces_log_v3
>>> cache_mem 64 MB
>>> [root_at_unixguru] null $
>>>
>>
>> Amos
>> --
>> Please be using
>> Current Stable Squid 2.7.STABLE6 or 3.0.STABLE16
>> Current Beta Squid 3.1.0.9
>>
> Amos thanks for replied.
>
> I did change what you told there..it still forwarded to mywebsite.
>
> [root_at_unixguru] null $ cat /etc/squid/squid.conf | sed '/ *#/d; /^ *$/d'
> acl all src all
> acl manager proto cache_object
> acl localhost src 127.0.0.1/32
> acl to_localhost dst 127.0.0.0/8
> acl SSL_ports port 443 563
> acl purge method PURGE
> acl CONNECT method CONNECT
> http_access allow manager localhost
> http_access deny manager
> http_access allow purge localhost
> http_access deny purge
> http_access deny !Safe_ports
> http_access deny CONNECT !SSL_ports
> http_access allow localhost
> http_access deny all
> http_reply_access allow all
> icp_access allow all
> coredump_dir /var/cache/squid
> http_port 3128
> cache_peer 77.92.87.41 parent 3128 3130

All requests will still be attempted through this upstream proxy before
going to the Internet, even though they are now allowed to The Net.

> forwarded_for on
> access_log /var/log/squid/access_log_v3
> cache_access_log /var/log/squid/cache_acces_log_v3
> cache_mem 64 MB
> [root_at_unixguru] null $
>

You sill haven;t answered my first Question though...
>> What exactly are you trying to do here? the config is a mix of purposes
>> / proxy modes and none of them completely configured.

I think you need to read through these:
   http://wiki.squid-cache.org/ConfigExamples/Reverse/BasicAccelerator

Amos

-- 
Please be using
   Current Stable Squid 2.7.STABLE6 or 3.0.STABLE16
   Current Beta Squid 3.1.0.9
Received on Fri Jul 10 2009 - 03:18:41 MDT

This archive was generated by hypermail 2.2.0 : Fri Jul 10 2009 - 12:00:02 MDT