1 |
Hallo newsgroup, |
2 |
|
3 |
ich hab z.Z. ein kleines Problem mit der Konfiguration von squid. |
4 |
|
5 |
Die Kette ist so aufgebaut: |
6 |
|
7 |
Browser -> squid -> privoxy -> internet |
8 |
|
9 |
Nun werden einige Anfragen aber am privoxy vorbei direkt ins Internet |
10 |
verschickt. |
11 |
Ich in den logfiles einträge gefunden wie diesen: |
12 |
|
13 |
01/Dec/2006:18:22:30 +0100 281 192.168.1.13 TCP_MISS/200 676 GET |
14 |
http://www.etracker.de/cnt.php? - DIRECT/62.80.2.70 image/gif |
15 |
|
16 |
oder |
17 |
|
18 |
01/Dec/2006:23:38:47 +0100 226 192.168.1.11 TCP_MISS/200 1262 GET |
19 |
http://www.beepworld.de/cgi-bin/imgdelivery/imgdelivery.pl? - |
20 |
DIRECT/217.118.19.10 text/html |
21 |
|
22 |
oder |
23 |
|
24 |
1173531764.913 166 127.0.0.1 TCP_MISS/302 669 POST |
25 |
http://www1.dasoertliche.de/Controller - DIRECT/82.98.79.71 text/html |
26 |
|
27 |
In der squid.conf habe ich nun folgende einstellungen gefunden, die teilweise |
28 |
hierfür verantwortlich sind: |
29 |
|
30 |
|
31 |
# TAG: hierarchy_stoplist |
32 |
# A list of words which, if found in a URL, cause the object to |
33 |
# be handled directly by this cache. In other words, use this |
34 |
# to not query neighbor caches for certain objects. You may |
35 |
# list this option multiple times. Note: never_direct overrides |
36 |
# this option. |
37 |
#We recommend you to use at least the following line. |
38 |
|
39 |
#geändert PREIS! |
40 |
#hierarchy_stoplist cgi-bin ? |
41 |
|
42 |
# TAG: cache |
43 |
# A list of ACL elements which, if matched, cause the request to |
44 |
# not be satisfied from the cache and the reply to not be cached. |
45 |
# In other words, use this to force certain objects to never be cached. |
46 |
# |
47 |
# You must use the word 'DENY' to indicate the ACL names which should |
48 |
# NOT be cached. |
49 |
# |
50 |
# Default is to allow all to be cached |
51 |
#We recommend you to use the following two lines. |
52 |
|
53 |
#geändert PREIS! |
54 |
#acl QUERY urlpath_regex cgi-bin \? |
55 |
#cache deny QUERY |
56 |
|
57 |
|
58 |
aber der letzte Eintrag im Logfile verschwindet deswegen leider immer noch |
59 |
nicht. Wer weis warum diese weiterhin direkt ins Internet verschickt werden? |
60 |
|
61 |
Danke |
62 |
Gruß |
63 |
Markus |
64 |
|
65 |
PS: Hier die squid.config ohne Kommentare: |
66 |
|
67 |
http_port 8080 |
68 |
cache_peer localhost parent 8118 0 no-query |
69 |
acl apache rep_header Server ^Apache |
70 |
broken_vary_encoding allow apache |
71 |
logformat mylog %tl %6tr %>a %Ss/%03Hs %<st %rm %ru %un %Sh/%<A %mt |
72 |
access_log /var/log/squid/access.log squid |
73 |
debug_options ALL,2 |
74 |
refresh_pattern ^ftp: 1440 20% 10080 |
75 |
refresh_pattern ^gopher: 1440 0% 1440 |
76 |
refresh_pattern . 0 20% 4320 |
77 |
acl all src 0.0.0.0/0.0.0.0 |
78 |
acl manager proto cache_object |
79 |
acl localhost src 127.0.0.1/255.255.255.255 |
80 |
acl to_localhost dst 127.0.0.0/8 |
81 |
acl SSL_ports port 443 563 5223 |
82 |
acl Safe_ports port 80 # http |
83 |
acl Safe_ports port 21 # ftp |
84 |
acl Safe_ports port 443 563 # https, snews |
85 |
acl Safe_ports port 70 # gopher |
86 |
acl Safe_ports port 210 # wais |
87 |
acl Safe_ports port 1025-65535 # unregistered ports |
88 |
acl Safe_ports port 280 # http-mgmt |
89 |
acl Safe_ports port 488 # gss-http |
90 |
acl Safe_ports port 591 # filemaker |
91 |
acl Safe_ports port 777 # multiling http |
92 |
acl Safe_ports port 631 # cups |
93 |
acl Safe_ports port 901 # SWAT |
94 |
acl purge method PURGE |
95 |
acl CONNECT method CONNECT |
96 |
acl my_network src 192.168.1.0/24 |
97 |
acl ICQ_DOMAIN dstdomain icq.com aol.com |
98 |
acl ICQ_ADDR dst 64.12.0.0/16 205.188.0.0/16 |
99 |
acl ICQ_PORT port 5190 443 |
100 |
acl JABBER_DOMAIN dstdomain amessage.info jabber.org |
101 |
acl JABBER_ADDR dst 212.112.0.0/16 208.245.0.0/16 |
102 |
acl JABBER_PORT port 5223 |
103 |
acl master src 192.168.1.10/32 |
104 |
acl j src 192.168.1.11/32 |
105 |
acl m src 192.168.1.12/32 |
106 |
acl l src 192.168.1.13/32 |
107 |
acl T2000 time SMTWH 07:00-20:00 |
108 |
acl T2100 time SMTWH 07:00-21:00 |
109 |
acl Tweek time FA 07:00-24:00 |
110 |
acl ICQtest time MTWHF 17:15-21:00 |
111 |
http_access allow manager localhost |
112 |
http_access deny manager |
113 |
http_access allow purge localhost |
114 |
http_access deny purge |
115 |
http_access deny CONNECT !SSL_ports |
116 |
http_access allow j T2100 |
117 |
http_access allow m T2100 |
118 |
http_access allow l T2000 |
119 |
http_access allow master |
120 |
|
121 |
http_access allow my_network Tweek |
122 |
http_access allow localhost |
123 |
http_access deny all |
124 |
http_reply_access allow all |
125 |
icp_access allow all |
126 |
logfile_rotate 0 |
127 |
forwarded_for off |
128 |
acl FTP proto FTP |
129 |
always_direct allow FTP |
130 |
always_direct allow ICQ_DOMAIN ICQ_PORT CONNECT |
131 |
always_direct allow ICQ_ADDR ICQ_PORT CONNECT |
132 |
always_direct allow JABBER_DOMAIN JABBER_PORT CONNECT |
133 |
always_direct allow JABBER_ADDR JABBER_PORT CONNECT |
134 |
coredump_dir /var/cache/squid |
135 |
|
136 |
-- |
137 |
gentoo-user-de@g.o mailing list |