On Mon, 30 Aug 2010 09:58:03 -0700, Darren <mister.raven_at_gmail.com> wrote:
> I've been made aware of an issue with viewing streaming media files
> off of sites like cbc.ca where the video files simply will not load
> and play.
>
> I am using squid and dansguardian. If I proxy directly through squid
> and skip dansguardian, the videos stream fine. If I go through
> dansguardian, the videos will not stream.
HTTP, SHOUTcast/ICY or RTSP streams?
>
> I can, however, stream video from youtube just fine through dans and
squid.
These are HTTP streams (aka just a big file download with range requests).
>
> I think that my issue is with dansguardian not dealing with the java
> script files on the loading pages properly, so I've allowed certain
> mime types through dans. Unfortunately this has not met with success.
>
> Has anyone else had this experience or able to recommend an avenue to
> explore?
Your Squid config file as posted belies your claim of using DG. You both
do NAT interception directly into Squid (ie bypassing DG at the firewall)
and use always_direct to prevent any cache_peers (ie a DG sitting behind
Squid) being used.
>
> Squid.conf
>
> acl manager proto cache_object
> acl localhost src 127.0.0.1/32
> acl to_localhost dst 127.0.0.0/8
> acl SSL_ports port 443
> acl Safe_ports port 80 # http
> acl Safe_ports port 21 # ftp
> acl Safe_ports port 443 # https
> acl Safe_ports port 70 # gopher
> acl Safe_ports port 210 # wais
> acl Safe_ports port 1025-65535 # unregistered ports
> acl Safe_ports port 280 # http-mgmt
> acl Safe_ports port 488 # gss-http
> acl Safe_ports port 591 # filemaker
> acl Safe_ports port 777 # multiling http
> acl CONNECT method CONNECT
>
> maximum_object_size 4 GB
> store_avg_object_size 50 KB
> half_closed_clients off
> quick_abort_min -1 KB
>
> http_access allow manager localhost
> #http_access deny manager
> http_access deny !Safe_ports
> http_access deny CONNECT !SSL_ports
> http_access allow localhost
> icp_access deny all
> htcp_access deny all
> http_port 207.102.59.150:3128 transparent
Either you are receiving traffic from a NAT firewall or from DansGuardian.
Which is it?
Accepting both on the same port opens you wide to CVE-2009-0801.
> hierarchy_stoplist cgi-bin ?
> access_log /var/log/squid/access.log squid
> logfile_rotate 10
> cache_store_log none
>
> refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
> refresh_pattern . 0 20% 4320
>
> icp_port 3130
> coredump_dir /var/spool/squid
>
> dns_nameservers 208.67.222.222 208.67.220.220
>
> redirect_rewrites_host_header off
> cache_replacement_policy heap GDSF
> cache_effective_user squid
> cache_effective_group squid
> cache_mem 300 MB
> cache_dir ufs /var/spool/squid 2000 16 256
>
> emulate_httpd_log on
Please use the tag "common" (Apache format) instead of "squid" (Squid
format) at the end of your access_log directive instead of emulating.
>
> visible_hostname Proxy
Please use an FQDN here. It's used in things like automatic loop detection
and by other administrators to track down your contact details.
>
> always_direct allow all
> acl our_networks src xxx.xxx.xx.xxx
> http_access allow our_networks
Received on Mon Aug 30 2010 - 23:59:37 MDT
This archive was generated by hypermail 2.2.0 : Tue Aug 31 2010 - 12:00:03 MDT