[gentoo-user-de] Nachfrage zu Proxy-Kette Squid - > Privoxy - Konfiguration von Squid damit nichts mehr an privoxy vorbei geht. - gentoo-user-de

From:	Markus Preis <mpnews1@××××××.de>
To:	gentoo-user-de@l.g.o
Subject:	[gentoo-user-de] Nachfrage zu Proxy-Kette Squid - > Privoxy - Konfiguration von Squid damit nichts mehr an privoxy vorbei geht.
Date:	Tue, 13 Mar 2007 08:11:04
Message-Id:	`200703130908.54652.mpnews1@online.de`

1

Hallo newsgroup,

2

3

hat denn niemand ein Tipp, wo ich sonst ggf. noch fragen könnte?

ich hab z.Z. ein kleines Problem mit der Konfiguration von squid.

8

9

Die Kette ist so aufgebaut:

10

11

Browser -> squid -> privoxy -> internet

12

13

Nun werden einige Anfragen aber am privoxy vorbei direkt ins Internet 

14

verschickt.

15

Ich in den logfiles einträge gefunden wie diesen:

16

17

01/Dec/2006:18:22:30 +0100    281 192.168.1.13 TCP_MISS/200 676 GET 

18

http://www.etracker.de/cnt.php? - DIRECT/62.80.2.70 image/gif

19

20

oder

21

22

01/Dec/2006:23:38:47 +0100    226 192.168.1.11 TCP_MISS/200 1262 GET 

23

http://www.beepworld.de/cgi-bin/imgdelivery/imgdelivery.pl? - 

24

DIRECT/217.118.19.10 text/html

25

26

oder

27

28

1173531764.913    166 127.0.0.1 TCP_MISS/302 669 POST 

29

http://www1.dasoertliche.de/Controller - DIRECT/82.98.79.71 text/html

30

31

In der squid.conf habe ich nun folgende einstellungen gefunden, die teilweise 

32

hierfür verantwortlich sind:

33

34

35

#  TAG: hierarchy_stoplist

36

#	A list of words which, if found in a URL, cause the object to

37

#	be handled directly by this cache.  In other words, use this

38

#	to not query neighbor caches for certain objects.  You may

39

#	list this option multiple times. Note: never_direct overrides

40

#	this option.

41

#We recommend you to use at least the following line.

42

43

#geändert PREIS!

44

#hierarchy_stoplist cgi-bin ?

45

46

#  TAG: cache

47

#	A list of ACL elements which, if matched, cause the request to

48

#	not be satisfied from the cache and the reply to not be cached.

49

#	In other words, use this to force certain objects to never be cached.

50

#

51

#	You must use the word 'DENY' to indicate the ACL names which should

52

#	NOT be cached.

53

#

54

#	Default is to allow all to be cached

55

#We recommend you to use the following two lines.

56

57

#geändert PREIS!

58

#acl QUERY urlpath_regex cgi-bin \?

59

#cache deny QUERY

60

61

62

aber der letzte Eintrag im Logfile verschwindet deswegen leider immer noch 

63

nicht. Wer weis warum diese weiterhin direkt ins Internet verschickt werden?

64

65

Danke 

66

Gruß

67

Markus

68

69

PS: Hier die squid.config ohne Kommentare:

70

71

http_port 8080

72

cache_peer localhost parent 8118 0 no-query

73

acl apache rep_header Server ^Apache

74

broken_vary_encoding allow apache

75

logformat mylog  %tl %6tr %>a %Ss/%03Hs %<st %rm %ru %un %Sh/%<A %mt

76

access_log /var/log/squid/access.log squid

77

debug_options ALL,2

78

refresh_pattern ^ftp:           1440    20%     10080

79

refresh_pattern ^gopher:        1440    0%      1440

80

refresh_pattern .               0       20%     4320

81

acl all src 0.0.0.0/0.0.0.0

82

acl manager proto cache_object

83

acl localhost src 127.0.0.1/255.255.255.255

84

acl to_localhost dst 127.0.0.0/8

85

acl SSL_ports port 443 563 5223

86

acl Safe_ports port 80          # http

87

acl Safe_ports port 21          # ftp

88

acl Safe_ports port 443 563     # https, snews

89

acl Safe_ports port 70          # gopher

90

acl Safe_ports port 210         # wais

91

acl Safe_ports port 1025-65535  # unregistered ports

92

acl Safe_ports port 280         # http-mgmt

93

acl Safe_ports port 488         # gss-http

94

acl Safe_ports port 591         # filemaker

95

acl Safe_ports port 777         # multiling http

96

acl Safe_ports port 631         # cups

97

acl Safe_ports port 901         # SWAT

98

acl purge method PURGE

99

acl CONNECT method CONNECT

100

acl my_network src 192.168.1.0/24

101

acl ICQ_DOMAIN          dstdomain       icq.com aol.com

102

acl ICQ_ADDR            dst             64.12.0.0/16 205.188.0.0/16

103

acl ICQ_PORT            port            5190 443

104

acl JABBER_DOMAIN       dstdomain       amessage.info jabber.org

105

acl JABBER_ADDR         dst             212.112.0.0/16 208.245.0.0/16

106

acl JABBER_PORT         port            5223

107

acl master     src 192.168.1.10/32

108

acl j    src 192.168.1.11/32

109

acl m      src 192.168.1.12/32

110

acl l       src 192.168.1.13/32

111

acl T2000 time SMTWH 07:00-20:00

112

acl T2100 time SMTWH 07:00-21:00

113

acl Tweek time FA 07:00-24:00

114

acl ICQtest time MTWHF 17:15-21:00

115

http_access allow manager localhost

116

http_access deny manager

117

http_access allow purge localhost

118

http_access deny purge

119

http_access deny CONNECT !SSL_ports

120

http_access allow  j T2100

121

http_access allow  m T2100

122

http_access allow  l T2000

123

http_access allow master

124

125

http_access allow my_network Tweek

126

http_access allow localhost

127

http_access deny all

128

http_reply_access allow all

129

icp_access allow all

130

logfile_rotate 0

131

forwarded_for off

132

acl FTP proto FTP

133

always_direct allow FTP

134

always_direct   allow   ICQ_DOMAIN ICQ_PORT CONNECT

135

always_direct   allow   ICQ_ADDR   ICQ_PORT CONNECT

136

always_direct   allow   JABBER_DOMAIN JABBER_PORT CONNECT

137

always_direct   allow   JABBER_ADDR   JABBER_PORT CONNECT

138

coredump_dir /var/cache/squid

1	Hallo newsgroup,
2
3	hat denn niemand ein Tipp, wo ich sonst ggf. noch fragen könnte?
4
5
6
7	ich hab z.Z. ein kleines Problem mit der Konfiguration von squid.
8
9	Die Kette ist so aufgebaut:
10
11	Browser -> squid -> privoxy -> internet
12
13	Nun werden einige Anfragen aber am privoxy vorbei direkt ins Internet
14	verschickt.
15	Ich in den logfiles einträge gefunden wie diesen:
16
17	01/Dec/2006:18:22:30 +0100 281 192.168.1.13 TCP_MISS/200 676 GET
18	http://www.etracker.de/cnt.php? - DIRECT/62.80.2.70 image/gif
19
20	oder
21
22	01/Dec/2006:23:38:47 +0100 226 192.168.1.11 TCP_MISS/200 1262 GET
23	http://www.beepworld.de/cgi-bin/imgdelivery/imgdelivery.pl? -
24	DIRECT/217.118.19.10 text/html
25
26	oder
27
28	1173531764.913 166 127.0.0.1 TCP_MISS/302 669 POST
29	http://www1.dasoertliche.de/Controller - DIRECT/82.98.79.71 text/html
30
31	In der squid.conf habe ich nun folgende einstellungen gefunden, die teilweise
32	hierfür verantwortlich sind:
33
34
35	# TAG: hierarchy_stoplist
36	# A list of words which, if found in a URL, cause the object to
37	# be handled directly by this cache. In other words, use this
38	# to not query neighbor caches for certain objects. You may
39	# list this option multiple times. Note: never_direct overrides
40	# this option.
41	#We recommend you to use at least the following line.
42
43	#geändert PREIS!
44	#hierarchy_stoplist cgi-bin ?
45
46	# TAG: cache
47	# A list of ACL elements which, if matched, cause the request to
48	# not be satisfied from the cache and the reply to not be cached.
49	# In other words, use this to force certain objects to never be cached.
50	#
51	# You must use the word 'DENY' to indicate the ACL names which should
52	# NOT be cached.
53	#
54	# Default is to allow all to be cached
55	#We recommend you to use the following two lines.
56
57	#geändert PREIS!
58	#acl QUERY urlpath_regex cgi-bin \?
59	#cache deny QUERY
60
61
62	aber der letzte Eintrag im Logfile verschwindet deswegen leider immer noch
63	nicht. Wer weis warum diese weiterhin direkt ins Internet verschickt werden?
64
65	Danke
66	Gruß
67	Markus
68
69	PS: Hier die squid.config ohne Kommentare:
70
71	http_port 8080
72	cache_peer localhost parent 8118 0 no-query
73	acl apache rep_header Server ^Apache
74	broken_vary_encoding allow apache
75	logformat mylog %tl %6tr %>a %Ss/%03Hs %<st %rm %ru %un %Sh/%<A %mt
76	access_log /var/log/squid/access.log squid
77	debug_options ALL,2
78	refresh_pattern ^ftp: 1440 20% 10080
79	refresh_pattern ^gopher: 1440 0% 1440
80	refresh_pattern . 0 20% 4320
81	acl all src 0.0.0.0/0.0.0.0
82	acl manager proto cache_object
83	acl localhost src 127.0.0.1/255.255.255.255
84	acl to_localhost dst 127.0.0.0/8
85	acl SSL_ports port 443 563 5223
86	acl Safe_ports port 80 # http
87	acl Safe_ports port 21 # ftp
88	acl Safe_ports port 443 563 # https, snews
89	acl Safe_ports port 70 # gopher
90	acl Safe_ports port 210 # wais
91	acl Safe_ports port 1025-65535 # unregistered ports
92	acl Safe_ports port 280 # http-mgmt
93	acl Safe_ports port 488 # gss-http
94	acl Safe_ports port 591 # filemaker
95	acl Safe_ports port 777 # multiling http
96	acl Safe_ports port 631 # cups
97	acl Safe_ports port 901 # SWAT
98	acl purge method PURGE
99	acl CONNECT method CONNECT
100	acl my_network src 192.168.1.0/24
101	acl ICQ_DOMAIN dstdomain icq.com aol.com
102	acl ICQ_ADDR dst 64.12.0.0/16 205.188.0.0/16
103	acl ICQ_PORT port 5190 443
104	acl JABBER_DOMAIN dstdomain amessage.info jabber.org
105	acl JABBER_ADDR dst 212.112.0.0/16 208.245.0.0/16
106	acl JABBER_PORT port 5223
107	acl master src 192.168.1.10/32
108	acl j src 192.168.1.11/32
109	acl m src 192.168.1.12/32
110	acl l src 192.168.1.13/32
111	acl T2000 time SMTWH 07:00-20:00
112	acl T2100 time SMTWH 07:00-21:00
113	acl Tweek time FA 07:00-24:00
114	acl ICQtest time MTWHF 17:15-21:00
115	http_access allow manager localhost
116	http_access deny manager
117	http_access allow purge localhost
118	http_access deny purge
119	http_access deny CONNECT !SSL_ports
120	http_access allow j T2100
121	http_access allow m T2100
122	http_access allow l T2000
123	http_access allow master
124
125	http_access allow my_network Tweek
126	http_access allow localhost
127	http_access deny all
128	http_reply_access allow all
129	icp_access allow all
130	logfile_rotate 0
131	forwarded_for off
132	acl FTP proto FTP
133	always_direct allow FTP
134	always_direct allow ICQ_DOMAIN ICQ_PORT CONNECT
135	always_direct allow ICQ_ADDR ICQ_PORT CONNECT
136	always_direct allow JABBER_DOMAIN JABBER_PORT CONNECT
137	always_direct allow JABBER_ADDR JABBER_PORT CONNECT
138	coredump_dir /var/cache/squid

Gentoo Archives: gentoo-user-de