1 |
Hallo newsgroup, |
2 |
|
3 |
hat denn niemand ein Tipp, wo ich sonst ggf. noch fragen könnte? |
4 |
|
5 |
|
6 |
|
7 |
ich hab z.Z. ein kleines Problem mit der Konfiguration von squid. |
8 |
|
9 |
Die Kette ist so aufgebaut: |
10 |
|
11 |
Browser -> squid -> privoxy -> internet |
12 |
|
13 |
Nun werden einige Anfragen aber am privoxy vorbei direkt ins Internet |
14 |
verschickt. |
15 |
Ich in den logfiles einträge gefunden wie diesen: |
16 |
|
17 |
01/Dec/2006:18:22:30 +0100 281 192.168.1.13 TCP_MISS/200 676 GET |
18 |
http://www.etracker.de/cnt.php? - DIRECT/62.80.2.70 image/gif |
19 |
|
20 |
oder |
21 |
|
22 |
01/Dec/2006:23:38:47 +0100 226 192.168.1.11 TCP_MISS/200 1262 GET |
23 |
http://www.beepworld.de/cgi-bin/imgdelivery/imgdelivery.pl? - |
24 |
DIRECT/217.118.19.10 text/html |
25 |
|
26 |
oder |
27 |
|
28 |
1173531764.913 166 127.0.0.1 TCP_MISS/302 669 POST |
29 |
http://www1.dasoertliche.de/Controller - DIRECT/82.98.79.71 text/html |
30 |
|
31 |
In der squid.conf habe ich nun folgende einstellungen gefunden, die teilweise |
32 |
hierfür verantwortlich sind: |
33 |
|
34 |
|
35 |
# TAG: hierarchy_stoplist |
36 |
# A list of words which, if found in a URL, cause the object to |
37 |
# be handled directly by this cache. In other words, use this |
38 |
# to not query neighbor caches for certain objects. You may |
39 |
# list this option multiple times. Note: never_direct overrides |
40 |
# this option. |
41 |
#We recommend you to use at least the following line. |
42 |
|
43 |
#geändert PREIS! |
44 |
#hierarchy_stoplist cgi-bin ? |
45 |
|
46 |
# TAG: cache |
47 |
# A list of ACL elements which, if matched, cause the request to |
48 |
# not be satisfied from the cache and the reply to not be cached. |
49 |
# In other words, use this to force certain objects to never be cached. |
50 |
# |
51 |
# You must use the word 'DENY' to indicate the ACL names which should |
52 |
# NOT be cached. |
53 |
# |
54 |
# Default is to allow all to be cached |
55 |
#We recommend you to use the following two lines. |
56 |
|
57 |
#geändert PREIS! |
58 |
#acl QUERY urlpath_regex cgi-bin \? |
59 |
#cache deny QUERY |
60 |
|
61 |
|
62 |
aber der letzte Eintrag im Logfile verschwindet deswegen leider immer noch |
63 |
nicht. Wer weis warum diese weiterhin direkt ins Internet verschickt werden? |
64 |
|
65 |
Danke |
66 |
Gruß |
67 |
Markus |
68 |
|
69 |
PS: Hier die squid.config ohne Kommentare: |
70 |
|
71 |
http_port 8080 |
72 |
cache_peer localhost parent 8118 0 no-query |
73 |
acl apache rep_header Server ^Apache |
74 |
broken_vary_encoding allow apache |
75 |
logformat mylog %tl %6tr %>a %Ss/%03Hs %<st %rm %ru %un %Sh/%<A %mt |
76 |
access_log /var/log/squid/access.log squid |
77 |
debug_options ALL,2 |
78 |
refresh_pattern ^ftp: 1440 20% 10080 |
79 |
refresh_pattern ^gopher: 1440 0% 1440 |
80 |
refresh_pattern . 0 20% 4320 |
81 |
acl all src 0.0.0.0/0.0.0.0 |
82 |
acl manager proto cache_object |
83 |
acl localhost src 127.0.0.1/255.255.255.255 |
84 |
acl to_localhost dst 127.0.0.0/8 |
85 |
acl SSL_ports port 443 563 5223 |
86 |
acl Safe_ports port 80 # http |
87 |
acl Safe_ports port 21 # ftp |
88 |
acl Safe_ports port 443 563 # https, snews |
89 |
acl Safe_ports port 70 # gopher |
90 |
acl Safe_ports port 210 # wais |
91 |
acl Safe_ports port 1025-65535 # unregistered ports |
92 |
acl Safe_ports port 280 # http-mgmt |
93 |
acl Safe_ports port 488 # gss-http |
94 |
acl Safe_ports port 591 # filemaker |
95 |
acl Safe_ports port 777 # multiling http |
96 |
acl Safe_ports port 631 # cups |
97 |
acl Safe_ports port 901 # SWAT |
98 |
acl purge method PURGE |
99 |
acl CONNECT method CONNECT |
100 |
acl my_network src 192.168.1.0/24 |
101 |
acl ICQ_DOMAIN dstdomain icq.com aol.com |
102 |
acl ICQ_ADDR dst 64.12.0.0/16 205.188.0.0/16 |
103 |
acl ICQ_PORT port 5190 443 |
104 |
acl JABBER_DOMAIN dstdomain amessage.info jabber.org |
105 |
acl JABBER_ADDR dst 212.112.0.0/16 208.245.0.0/16 |
106 |
acl JABBER_PORT port 5223 |
107 |
acl master src 192.168.1.10/32 |
108 |
acl j src 192.168.1.11/32 |
109 |
acl m src 192.168.1.12/32 |
110 |
acl l src 192.168.1.13/32 |
111 |
acl T2000 time SMTWH 07:00-20:00 |
112 |
acl T2100 time SMTWH 07:00-21:00 |
113 |
acl Tweek time FA 07:00-24:00 |
114 |
acl ICQtest time MTWHF 17:15-21:00 |
115 |
http_access allow manager localhost |
116 |
http_access deny manager |
117 |
http_access allow purge localhost |
118 |
http_access deny purge |
119 |
http_access deny CONNECT !SSL_ports |
120 |
http_access allow j T2100 |
121 |
http_access allow m T2100 |
122 |
http_access allow l T2000 |
123 |
http_access allow master |
124 |
|
125 |
http_access allow my_network Tweek |
126 |
http_access allow localhost |
127 |
http_access deny all |
128 |
http_reply_access allow all |
129 |
icp_access allow all |
130 |
logfile_rotate 0 |
131 |
forwarded_for off |
132 |
acl FTP proto FTP |
133 |
always_direct allow FTP |
134 |
always_direct allow ICQ_DOMAIN ICQ_PORT CONNECT |
135 |
always_direct allow ICQ_ADDR ICQ_PORT CONNECT |
136 |
always_direct allow JABBER_DOMAIN JABBER_PORT CONNECT |
137 |
always_direct allow JABBER_ADDR JABBER_PORT CONNECT |
138 |
coredump_dir /var/cache/squid |