[gentoo-user-de] Proxy-Kette Squid - > Privoxy - Konfiguration von Squid damit nichts mehr an privoxy vorbei geht. - gentoo-user-de

From:	Markus Preis <mpnews1@××××××.de>
To:	gentoo-user-de@l.g.o
Subject:	[gentoo-user-de] Proxy-Kette Squid - > Privoxy - Konfiguration von Squid damit nichts mehr an privoxy vorbei geht.
Date:	Sat, 10 Mar 2007 20:30:23
Message-Id:	`200703102128.08233.mpnews1@online.de`

1

Hallo newsgroup,

2

3

ich hab z.Z. ein kleines Problem mit der Konfiguration von squid.

4

5

Die Kette ist so aufgebaut:

6

7

Browser -> squid -> privoxy -> internet

8

9

Nun werden einige Anfragen aber am privoxy vorbei direkt ins Internet 

10

verschickt.

11

Ich in den logfiles einträge gefunden wie diesen:

12

13

01/Dec/2006:18:22:30 +0100    281 192.168.1.13 TCP_MISS/200 676 GET 

14

http://www.etracker.de/cnt.php? - DIRECT/62.80.2.70 image/gif

15

16

oder

17

18

01/Dec/2006:23:38:47 +0100    226 192.168.1.11 TCP_MISS/200 1262 GET 

19

http://www.beepworld.de/cgi-bin/imgdelivery/imgdelivery.pl? - 

20

DIRECT/217.118.19.10 text/html

21

22

oder

23

24

1173531764.913    166 127.0.0.1 TCP_MISS/302 669 POST 

25

http://www1.dasoertliche.de/Controller - DIRECT/82.98.79.71 text/html

26

27

In der squid.conf habe ich nun folgende einstellungen gefunden, die teilweise 

28

hierfür verantwortlich sind:

29

30

31

#  TAG: hierarchy_stoplist

32

#	A list of words which, if found in a URL, cause the object to

33

#	be handled directly by this cache.  In other words, use this

34

#	to not query neighbor caches for certain objects.  You may

35

#	list this option multiple times. Note: never_direct overrides

36

#	this option.

37

#We recommend you to use at least the following line.

38

39

#geändert PREIS!

40

#hierarchy_stoplist cgi-bin ?

41

42

#  TAG: cache

43

#	A list of ACL elements which, if matched, cause the request to

44

#	not be satisfied from the cache and the reply to not be cached.

45

#	In other words, use this to force certain objects to never be cached.

46

#

47

#	You must use the word 'DENY' to indicate the ACL names which should

48

#	NOT be cached.

49

#

50

#	Default is to allow all to be cached

51

#We recommend you to use the following two lines.

52

53

#geändert PREIS!

54

#acl QUERY urlpath_regex cgi-bin \?

55

#cache deny QUERY

56

57

58

aber der letzte Eintrag im Logfile verschwindet deswegen leider immer noch 

59

nicht. Wer weis warum diese weiterhin direkt ins Internet verschickt werden?

60

61

Danke 

62

Gruß

63

Markus

64

65

PS: Hier die squid.config ohne Kommentare:

66

67

http_port 8080

68

cache_peer localhost parent 8118 0 no-query

69

acl apache rep_header Server ^Apache

70

broken_vary_encoding allow apache

71

logformat mylog  %tl %6tr %>a %Ss/%03Hs %<st %rm %ru %un %Sh/%<A %mt

72

access_log /var/log/squid/access.log squid

73

debug_options ALL,2

74

refresh_pattern ^ftp:           1440    20%     10080

75

refresh_pattern ^gopher:        1440    0%      1440

76

refresh_pattern .               0       20%     4320

77

acl all src 0.0.0.0/0.0.0.0

78

acl manager proto cache_object

79

acl localhost src 127.0.0.1/255.255.255.255

80

acl to_localhost dst 127.0.0.0/8

81

acl SSL_ports port 443 563 5223

82

acl Safe_ports port 80          # http

83

acl Safe_ports port 21          # ftp

84

acl Safe_ports port 443 563     # https, snews

85

acl Safe_ports port 70          # gopher

86

acl Safe_ports port 210         # wais

87

acl Safe_ports port 1025-65535  # unregistered ports

88

acl Safe_ports port 280         # http-mgmt

89

acl Safe_ports port 488         # gss-http

90

acl Safe_ports port 591         # filemaker

91

acl Safe_ports port 777         # multiling http

92

acl Safe_ports port 631         # cups

93

acl Safe_ports port 901         # SWAT

94

acl purge method PURGE

95

acl CONNECT method CONNECT

96

acl my_network src 192.168.1.0/24

97

acl ICQ_DOMAIN          dstdomain       icq.com aol.com

98

acl ICQ_ADDR            dst             64.12.0.0/16 205.188.0.0/16

99

acl ICQ_PORT            port            5190 443

100

acl JABBER_DOMAIN       dstdomain       amessage.info jabber.org

101

acl JABBER_ADDR         dst             212.112.0.0/16 208.245.0.0/16

102

acl JABBER_PORT         port            5223

103

acl master     src 192.168.1.10/32

104

acl j    src 192.168.1.11/32

105

acl m      src 192.168.1.12/32

106

acl l       src 192.168.1.13/32

107

acl T2000 time SMTWH 07:00-20:00

108

acl T2100 time SMTWH 07:00-21:00

109

acl Tweek time FA 07:00-24:00

110

acl ICQtest time MTWHF 17:15-21:00

111

http_access allow manager localhost

112

http_access deny manager

113

http_access allow purge localhost

114

http_access deny purge

115

http_access deny CONNECT !SSL_ports

116

http_access allow  j T2100

117

http_access allow  m T2100

118

http_access allow  l T2000

119

http_access allow master

120

121

http_access allow my_network Tweek

122

http_access allow localhost

123

http_access deny all

124

http_reply_access allow all

125

icp_access allow all

126

logfile_rotate 0

127

forwarded_for off

128

acl FTP proto FTP

129

always_direct allow FTP

130

always_direct   allow   ICQ_DOMAIN ICQ_PORT CONNECT

131

always_direct   allow   ICQ_ADDR   ICQ_PORT CONNECT

132

always_direct   allow   JABBER_DOMAIN JABBER_PORT CONNECT

133

always_direct   allow   JABBER_ADDR   JABBER_PORT CONNECT

134

coredump_dir /var/cache/squid

135

136

--

137

gentoo-user-de@g.o mailing list

1	Hallo newsgroup,
2
3	ich hab z.Z. ein kleines Problem mit der Konfiguration von squid.
4
5	Die Kette ist so aufgebaut:
6
7	Browser -> squid -> privoxy -> internet
8
9	Nun werden einige Anfragen aber am privoxy vorbei direkt ins Internet
10	verschickt.
11	Ich in den logfiles einträge gefunden wie diesen:
12
13	01/Dec/2006:18:22:30 +0100 281 192.168.1.13 TCP_MISS/200 676 GET
14	http://www.etracker.de/cnt.php? - DIRECT/62.80.2.70 image/gif
15
16	oder
17
18	01/Dec/2006:23:38:47 +0100 226 192.168.1.11 TCP_MISS/200 1262 GET
19	http://www.beepworld.de/cgi-bin/imgdelivery/imgdelivery.pl? -
20	DIRECT/217.118.19.10 text/html
21
22	oder
23
24	1173531764.913 166 127.0.0.1 TCP_MISS/302 669 POST
25	http://www1.dasoertliche.de/Controller - DIRECT/82.98.79.71 text/html
26
27	In der squid.conf habe ich nun folgende einstellungen gefunden, die teilweise
28	hierfür verantwortlich sind:
29
30
31	# TAG: hierarchy_stoplist
32	# A list of words which, if found in a URL, cause the object to
33	# be handled directly by this cache. In other words, use this
34	# to not query neighbor caches for certain objects. You may
35	# list this option multiple times. Note: never_direct overrides
36	# this option.
37	#We recommend you to use at least the following line.
38
39	#geändert PREIS!
40	#hierarchy_stoplist cgi-bin ?
41
42	# TAG: cache
43	# A list of ACL elements which, if matched, cause the request to
44	# not be satisfied from the cache and the reply to not be cached.
45	# In other words, use this to force certain objects to never be cached.
46	#
47	# You must use the word 'DENY' to indicate the ACL names which should
48	# NOT be cached.
49	#
50	# Default is to allow all to be cached
51	#We recommend you to use the following two lines.
52
53	#geändert PREIS!
54	#acl QUERY urlpath_regex cgi-bin \?
55	#cache deny QUERY
56
57
58	aber der letzte Eintrag im Logfile verschwindet deswegen leider immer noch
59	nicht. Wer weis warum diese weiterhin direkt ins Internet verschickt werden?
60
61	Danke
62	Gruß
63	Markus
64
65	PS: Hier die squid.config ohne Kommentare:
66
67	http_port 8080
68	cache_peer localhost parent 8118 0 no-query
69	acl apache rep_header Server ^Apache
70	broken_vary_encoding allow apache
71	logformat mylog %tl %6tr %>a %Ss/%03Hs %<st %rm %ru %un %Sh/%<A %mt
72	access_log /var/log/squid/access.log squid
73	debug_options ALL,2
74	refresh_pattern ^ftp: 1440 20% 10080
75	refresh_pattern ^gopher: 1440 0% 1440
76	refresh_pattern . 0 20% 4320
77	acl all src 0.0.0.0/0.0.0.0
78	acl manager proto cache_object
79	acl localhost src 127.0.0.1/255.255.255.255
80	acl to_localhost dst 127.0.0.0/8
81	acl SSL_ports port 443 563 5223
82	acl Safe_ports port 80 # http
83	acl Safe_ports port 21 # ftp
84	acl Safe_ports port 443 563 # https, snews
85	acl Safe_ports port 70 # gopher
86	acl Safe_ports port 210 # wais
87	acl Safe_ports port 1025-65535 # unregistered ports
88	acl Safe_ports port 280 # http-mgmt
89	acl Safe_ports port 488 # gss-http
90	acl Safe_ports port 591 # filemaker
91	acl Safe_ports port 777 # multiling http
92	acl Safe_ports port 631 # cups
93	acl Safe_ports port 901 # SWAT
94	acl purge method PURGE
95	acl CONNECT method CONNECT
96	acl my_network src 192.168.1.0/24
97	acl ICQ_DOMAIN dstdomain icq.com aol.com
98	acl ICQ_ADDR dst 64.12.0.0/16 205.188.0.0/16
99	acl ICQ_PORT port 5190 443
100	acl JABBER_DOMAIN dstdomain amessage.info jabber.org
101	acl JABBER_ADDR dst 212.112.0.0/16 208.245.0.0/16
102	acl JABBER_PORT port 5223
103	acl master src 192.168.1.10/32
104	acl j src 192.168.1.11/32
105	acl m src 192.168.1.12/32
106	acl l src 192.168.1.13/32
107	acl T2000 time SMTWH 07:00-20:00
108	acl T2100 time SMTWH 07:00-21:00
109	acl Tweek time FA 07:00-24:00
110	acl ICQtest time MTWHF 17:15-21:00
111	http_access allow manager localhost
112	http_access deny manager
113	http_access allow purge localhost
114	http_access deny purge
115	http_access deny CONNECT !SSL_ports
116	http_access allow j T2100
117	http_access allow m T2100
118	http_access allow l T2000
119	http_access allow master
120
121	http_access allow my_network Tweek
122	http_access allow localhost
123	http_access deny all
124	http_reply_access allow all
125	icp_access allow all
126	logfile_rotate 0
127	forwarded_for off
128	acl FTP proto FTP
129	always_direct allow FTP
130	always_direct allow ICQ_DOMAIN ICQ_PORT CONNECT
131	always_direct allow ICQ_ADDR ICQ_PORT CONNECT
132	always_direct allow JABBER_DOMAIN JABBER_PORT CONNECT
133	always_direct allow JABBER_ADDR JABBER_PORT CONNECT
134	coredump_dir /var/cache/squid
135
136	--
137	gentoo-user-de@g.o mailing list

Gentoo Archives: gentoo-user-de