[squid-users] CentOS6 and squid34 package ...

Walter H. Walter.H at mathemainzel.info
Thu May 25 19:07:16 UTC 2017 

On 25.05.2017 12:50, Amos Jeffries wrote:
> On 25/05/17 20:19, Walter H. wrote:
>> Hello
>>
>> what is the essential difference between the default squid package 
>> and this squid34 package,
>
> Run "squid -v" to find out if there are any build options different. 
> Usually its just two alternative versions from the vendor.
>
Squid Cache: Version 3.4.14
configure options:  '--build=x86_64-redhat-linux-gnu' 
'--host=x86_64-redhat-linux-gnu' '--target=x86_64-redhat-linux-gnu' 
'--program-prefix=' '--prefix=/usr' '--exec-prefix=/usr' 
'--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' 
'--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib64' 
'--libexecdir=/usr/libexec' '--sharedstatedir=/var/lib' 
'--mandir=/usr/share/man' '--infodir=/usr/share/info' 
'--enable-internal-dns' '--disable-strict-error-checking' 
'--exec_prefix=/usr' '--libexecdir=/usr/lib64/squid' 
'--localstatedir=/var' '--datadir=/usr/share/squid' 
'--sysconfdir=/etc/squid' '--with-logdir=$(localstatedir)/log/squid' 
'--with-pidfile=$(localstatedir)/run/squid.pid' 
'--disable-dependency-tracking' '--enable-arp-acl' 
'--enable-follow-x-forwarded-for' 
'--enable-auth-basic=LDAP,MSNT,NCSA,PAM,SMB,POP3,RADIUS,SASL,getpwnam,NIS,MSNT-multi-domain' 
'--enable-auth-ntlm=smb_lm,fake' 
'--enable-auth-digest=file,LDAP,eDirectory' 
'--enable-auth-negotiate=kerberos' 
'--enable-external-acl-helpers=file_userip,LDAP_group,session,unix_group,wbinfo_group' 
'--enable-cache-digests' '--enable-cachemgr-hostname=localhost' 
'--enable-delay-pools' '--enable-epoll' '--enable-icap-client' 
'--enable-ident-lookups' '--enable-linux-netfilter' 
'--enable-referer-log' '--enable-removal-policies=heap,lru' 
'--enable-snmp' '--enable-ssl' '--enable-storeio=aufs,diskd,ufs' 
'--enable-useragent-log' '--enable-wccpv2' '--enable-esi' 
'--enable-http-violations' '--with-aio' '--with-default-user=squid' 
'--with-filedescriptors=16384' '--with-dl' '--with-openssl' 
'--with-pthreads' '--disable-arch-native' 
'build_alias=x86_64-redhat-linux-gnu' 
'host_alias=x86_64-redhat-linux-gnu' 
'target_alias=x86_64-redhat-linux-gnu' 'CFLAGS=-O2 -g -pipe -Wall 
-Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector 
--param=ssp-buffer-size=4 -m64 -mtune=generic -fpie' 'CXXFLAGS=-O2 -g 
-pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector 
--param=ssp-buffer-size=4 -m64 -mtune=generic -fpie' 
'PKG_CONFIG_PATH=:/usr/lib64/pkgconfig:/usr/share/pkgconfig'

and

Squid Cache: Version 3.1.23
configure options:  '--build=x86_64-redhat-linux-gnu' 
'--host=x86_64-redhat-linux-gnu' '--target=x86_64-redhat-linux-gnu' 
'--program-prefix=' '--prefix=/usr' '--exec-prefix=/usr' 
'--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' 
'--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib64' 
'--libexecdir=/usr/libexec' '--sharedstatedir=/var/lib' 
'--mandir=/usr/share/man' '--infodir=/usr/share/info' 
'--enable-internal-dns' '--disable-strict-error-checking' 
'--exec_prefix=/usr' '--libexecdir=/usr/lib64/squid' 
'--localstatedir=/var' '--datadir=/usr/share/squid' 
'--sysconfdir=/etc/squid' '--with-logdir=$(localstatedir)/log/squid' 
'--with-pidfile=$(localstatedir)/run/squid.pid' 
'--disable-dependency-tracking' '--enable-arp-acl' 
'--enable-follow-x-forwarded-for' 
'--enable-auth=basic,digest,ntlm,negotiate' 
'--enable-basic-auth-helpers=LDAP,MSNT,NCSA,PAM,SMB,YP,getpwnam,multi-domain-NTLM,SASL,DB,POP3,squid_radius_auth' 
'--enable-ntlm-auth-helpers=smb_lm,no_check,fakeauth' 
'--enable-digest-auth-helpers=password,ldap,eDirectory' 
'--enable-negotiate-auth-helpers=squid_kerb_auth' 
'--enable-external-acl-helpers=ip_user,ldap_group,session,unix_group,wbinfo_group' 
'--enable-cache-digests' '--enable-cachemgr-hostname=localhost' 
'--enable-delay-pools' '--enable-epoll' '--enable-icap-client' 
'--enable-ident-lookups' '--enable-linux-netfilter' 
'--enable-referer-log' '--enable-removal-policies=heap,lru' 
'--enable-snmp' '--enable-ssl' '--enable-storeio=aufs,diskd,ufs' 
'--enable-useragent-log' '--enable-wccpv2' '--enable-esi' 
'--enable-http-violations' '--with-aio' '--with-default-user=squid' 
'--with-filedescriptors=16384' '--with-dl' '--with-openssl' 
'--with-pthreads' 'build_alias=x86_64-redhat-linux-gnu' 
'host_alias=x86_64-redhat-linux-gnu' 
'target_alias=x86_64-redhat-linux-gnu' 'CFLAGS=-O2 -g -pipe -Wall 
-Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector 
--param=ssp-buffer-size=4 -m64 -mtune=generic -fpie' 'LDFLAGS=-pie' 
'CXXFLAGS=-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions 
-fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic -fpie' 
--with-squid=/builddir/build/BUILD/squid-3.1.23

>
>> as I have problems using this squid34 package for FTP connections;
>> there are no shown icons, when going to e.g. ftp://ftp.adobe.com/
>> when I tell the browser to show the image then I get this squid 
>> generated message ...
>>
>> the same config /etc/squid/squid.conf works with the default squid 
>> package ...
>>
>> <message>
>> While trying to retrieve the URL: 
>> http://proxy.local:3128/squid-internal-static/icons/silk/folder.png 
>> <http://zbox-ci323.waldinet.local:3128/squid-internal-static/icons/silk/folder.png> 
>>
>>
>
> Notice the port number in that URL...
>
yes I see the squid port 3128

when I do this with the default squid package, there I get the icons, 
and when I want to get the URL of such an icon,
it shows e.g. 
ftp://ftp.adobe.com/squid-internal-static/icons/anthony-dir.gif

when I add
global_internal_static off
to squid.conf at the squid34 package,
then there also no icons shown;
when I tell the browser to show the image then I get this squid 
generated message ...

<message>
The following URL could not be retrieved: 
ftp://ftp.adobe.com/squid-internal-static/icons/silk/folder.png

Squid sent the following FTP command:

    *

    CWD squid-internal-static

    * 

and then received this reply

    *

    Failed to change directory.

    * 

This might be caused by an FTP URL with an absolute path (which does not 
comply with RFC 1738).
If this is the cause, then the file can be found at 
ftp://ftp.adobe.com%2f2f/squid-internal-static/icons/silk/folder.png 
<ftp://ftp.adobe.com%2f/squid-internal-static/icons/silk/folder.png>.

Your cache administrator is ...

Generated Thu, 25 May 2017 18:57:52 GMT by proxy.local (squid/3.4.14)
</message>

what is running wrong here?
is there a setting I can change without having to allow
port 3128 traffic go through the proxy?
(this is not really logic, as the default squid package also doesn't 
allow port 3128 traffic go through ...)

>>
>> <squid.conf>
>> acl localnet src 192.168.1.0/24
>>
>> acl SSL_ports port 443
>> acl Safe_ports port 80          # http
>> acl Safe_ports port 21          # ftp
>> acl Safe_ports port 443         # https
>> acl Safe_ports port 70          # gopher
>
> You have removed the port range 1025-65535 from Safe_ports. So traffic 
> with URL port 3128 is no longer permitted.
I configured on the clients this
http://proxy.local:3128
as proxy ...

Thanks,
Walter
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20170525/c478bdd5/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3491 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20170525/c478bdd5/attachment-0001.bin>

More information about the squid-users mailing list