[squid-users] skype connection problem

Amos Jeffries squid3 at treenet.co.nz
Tue Oct 25 11:13:50 UTC 2016 

On 25/10/2016 5:19 a.m., Nicolas Valera wrote:
> Hi Yuri, thanks for the answer!
> 
> we don't have the squid in transparent mode in this network.
> the squid configuration is very basic. here is the conf:
> 
> -------------------------------------------------------------------------
> http_port 1280 connection-auth=off
> forwarded_for delete
> httpd_suppress_version_string on
> client_persistent_connections off
> 
> cache_mem 16 GB
> maximum_object_size_in_memory 8 MB
> 
> url_rewrite_program /usr/bin/squidGuard

These...

> url_rewrite_children 10
> url_rewrite_access allow all

... are redundant. That is the default values for those directives.

> 
> acl numeric_IPs dstdom_regex
> ^(([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)|(\[([0-9a-f]+)?:([0-9a-f:]+)?:([0-9a-f]+|0-9\.]+)?\])):443
> 
> acl Skype_UA browser ^skype
> 
> acl SSL_ports port 443 563 873 1445 2083 8000 8088 10017 8443 5443 7443
> 50001
> acl Safe_ports port 80 82 88 182 210 554 591 777 873 1001 21 443 70 280 488
> acl Safe_ports port 1025-65535  # unregistered ports
> 
> acl CONNECT method CONNECT
> acl safe_method method GET
> acl safe_method method PUT
> acl safe_method method POST
> acl safe_method method HEAD
> acl safe_method method CONNECT
> acl safe_method method OPTIONS
> acl safe_method method PROPFIND
> acl safe_method method REPORT
> acl safe_method method MERGE
> acl safe_method method MKACTIVITY
> acl safe_method method CHECKOUT

Whats the point of this ACL ?


> 
> http_access deny !Safe_ports
> http_access allow CONNECT localnet numeric_IPS Skype_UA
> http_access deny CONNECT !SSL_ports
> http_access deny !safe_method
> http_access allow localnet
> http_access allow localhost
> http_access deny all
> 
> refresh_pattern ^ftp:        1440    20%    10080
> refresh_pattern ^gopher:    1440    0%    1440
> refresh_pattern -i (/cgi-bin/|\?) 0    0%    0
> refresh_pattern Packages\.tar$ 0       20%    4320 refresh-ims
> ignore-no-cache
> refresh_pattern Packages\.bz2$ 0       20%    4320 refresh-ims
> ignore-no-cache
> refresh_pattern Sources\.bz2$  0       20%    4320 refresh-ims
> ignore-no-cache
> refresh_pattern Release\.gpg$  0       20%    4320 refresh-ims
> refresh_pattern Release$       0       20%    4320 refresh-ims
> refresh_pattern -i
> microsoft.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 4320 80%
> 43200 reload-into-ims ignore-no-cache
> refresh_pattern -i
> windowsupdate.com/.*\.(esd|cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip)
> 4320 80% 43200 reload-into-ims ignore-no-cache
> refresh_pattern -i
> windows.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 4320 80%
> 43200 reload-into-ims ignore-no-cache
> refresh_pattern -i
> live.net/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 4320 80% 43200
> reload-into-ims ignore-no-cache
> refresh_pattern .        0    20%    4320
> 

All those "ignore-no-cache" are not useful. Run "squid -k parse" and it
should mention they are no longer supported.

Amos

More information about the squid-users mailing list