RE: [squid-users] Images are not loading properly into web pages. (not sure about my cache settings)

From: GIGO . <gigoz_at_msn.com>
Date: Thu, 11 Mar 2010 05:32:44 +0000

Your mail explained a lot. (thanks)
 
Query:
 
I infer that squid should be run with "nobody" user with least priviliges and providing read/write access to logs and squid data dirs is good enough. There is no need to run " Sudo Squid3". As these priviliges are already assigned to the software by the linux distro the Squid package comes with.This is the portion which i am confused about as there are many texts available on the net which suggest that is should be chrooted(which honeslty look complex to me as well) while others explaining that giving directory permissions is good enough. I want to know the best and safe practice no matters even if it requires a little more hassle.
 
 
 
Secondly the default packaged software Version 3.0.STABLE1 that comes with Ubuntu is good enough and there is no reason to moe to stable24 unless you have a specific need. However upgrading the software will preserve the configuration settings of version 3.0 stable1 and will be installed in the same path.
 
Please guide further

regards,

----------------------------------------
> Date: Thu, 11 Mar 2010 12:33:15 +1300
> From: squid3_at_treenet.co.nz
> To: squid-users_at_squid-cache.org
> Subject: RE: [squid-users] Images are not loading properly into web pages. (not sure about my cache settings)
>
> On Wed, 10 Mar 2010 14:50:50 +0000, "GIGO ." wrote:
>> Dear Amos,
>>
>> Thank you very much for your detail analysis.I have tried to understood
>> and implemented whatever u have told .However i have few more queries.
>>
>> 1. Best way to move from ufs to aufs? Specially in my scenario.
>
> Check that your squid supports it:
> squid -v
>
> one of the options about disk should list ufs,aufs maybe diskd and null
> as well.
>
> If so, simply change the config file and reload. There is no disk actions
> needed to change between ufs/aufs/diskd.
>
>
>>
>> 2. I think the setting you told about splitting of ftpmp3 will now block
>> both FTP protocol and mp3 as well. as different from the original
> settings
>> where only that ftp sites were blocked that contained mp3s? Am i right.
>
> No. Having two acl on line line only blocks when BOTH match the same
> request.
>
>>
>> 3. My acls that contained time were not working can u see any problem in
>> order or anything. (i have optimized them according to your suggestions
> but
>> do they also solve the problem of logic as well)
>
> I could not see anything wrong with them.
>
> If you like to try another way of writing the same thing would be:
>
> acl workHours time MTWHF
> acl workHours time MTWHF
>
>>
>> 4. Is there a way to block torrentz & rapidshare?
>>
>
> Yes, with some restrictions. Only the part of torrent that goes through
> HTTP can be blocked by Squid.
>
> Torrent:
> acl torrentSeeds urlpath_regex \.torrent(\?.*)?$
>
> Rapidshare:
> acl dlSites dstdomain .rapidshare.com .rapidsharemegaupload.com
> .filespump.com
>
> I'm not too sure about the rapidshare domains, there are likely some I
> don't know about, and some of those may only be look-alike sites.
>
>
>> 5. I am currently working on squid3 package (stable) that defaults with
>> Ubuntu 8.04 LTS. Should i move to 3.0.STABLE24 and how to do that with
> best
>> ease without having to do all the reconfigurations. The default version
>> have a capacity to startup automatically with system boot. Would the
>> version i install will also have the same capacity.
>
> You should be able to easily upgrade between 3.0 releases. The main
> meaning of that "STABLE" word is that we wont add configuration changes to
> 3.0 any longer, and features require a very good reason even to be
> considered.
>
>
>>
>> 6. With which user Squid should be running the default proxy is ok i am
>> running it with default. (Only i have given read+write+execute
> permissions
>> on the folder /etc/squid3 ** var/log/squid3 to everyone and its working.
> Is
>> it good enough or its risky.
>>
>
> Squid needs to be started as some high-powered user. Commonly root, but
> the requirement is only for admin access to certain networking operations.
> This is needed by the master instance to catch system signals etc.
>
> The configuration should then specify some very low-level user account
> used to do the more dangerous stuff such as listening for public HTTP
> requests. That only needs read/write access to logs and squid data dirs
> IIRC.
> The default is usually set and prepared properly by the distro packager.
>
> Amos
>
_________________________________________________________________
Hotmail: Trusted email with Microsoft’s powerful SPAM protection.
https://signup.live.com/signup.aspx?id=60969
Received on Thu Mar 11 2010 - 05:32:59 MST

This archive was generated by hypermail 2.2.0 : Fri Mar 12 2010 - 12:00:03 MST