[squid-users] CentOS6 and squid34 package ...
Walter.H at mathemainzel.info
Fri May 26 16:57:25 UTC 2017
On 26.05.2017 17:49, Amos Jeffries wrote:
> On 26/05/17 07:51, Mike wrote:
>> Walter, what I've found is when compiling to squid 3.5.x and higher,
>> the compile options change. Also remember that many of the options
>> that were available with 3.1.x are depreciated and likely will not
>> work with 3.4.x and higher.
>> The other issue is that squid is only supposed to be handling HTTP
>> and HTTPS traffic, not FTP. trying to use it as a FTP proxy will need
>> a different configuration than the standard HTTP/Secure proxy.
> Well, to be correct Squid talks HTTP to the client software. It has
> log supported mapping FTP server URLs into HTTP.
> This second problem seems like the symptoms of
> <http://bugs.squid-cache.org/show_bug.cgi?id=4132> which was fixed
> years ago in the Squid-3.5.5 release. But that was apparently a
> regression not affecting 3.4 or 3.1. Hmm.
Strange, isn't it?
>> On 5/25/2017 14:07 PM, Walter H. wrote:
>>> On 25.05.2017 12:50, Amos Jeffries wrote:
>>>> On 25/05/17 20:19, Walter H. wrote:
>>>>> what is the essential difference between the default squid package
>>>>> and this squid34 package,
>>>>> as I have problems using this squid34 package for FTP connections;
>>>>> there are no shown icons, when going to e.g. ftp://ftp.adobe.com/
>>>>> when I tell the browser to show the image then I get this squid
>>>>> generated message ...
>>>>> the same config /etc/squid/squid.conf works with the default squid
>>>>> package ...
>>>>> While trying to retrieve the URL:
>>>>> http://proxy.local:3128/squid-internal-static/icons/silk/folder.png <http://zbox-ci323.waldinet.local:3128/squid-internal-static/icons/silk/folder.png>
>>>> Notice the port number in that URL...
>>> yes I see the squid port 3128
>>> when I do this with the default squid package, there I get the
>>> icons, and when I want to get the URL of such an icon,
>>> it shows e.g.
>>> what is running wrong here?
>>> is there a setting I can change without having to allow
>>> port 3128 traffic go through the proxy?
>>> (this is not really logic, as the default squid package also doesn't
>>> allow port 3128 traffic go through ...)
> Er, it is using the recommended default config we ship from upstream.
> Some Vendors like to install packages that are not usable without
> manual attention. Usually by commenting out the "http_access allow
> localnet" rule though, not marking registered HTTP ports as unsafe for
> use with HTTP.
> acl Safe_ports port 3128
> acl port3128 port 3128
> acl squid-internal urlpath_regex ^/squid-internal
> Then add this directly before the "deny manager" line:
> http_access deny port3128 !squid-internal
this shows the icons and doesn't allow port 3128 go through ...
exactly as I wanted
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 3491 bytes
Desc: S/MIME Cryptographic Signature
More information about the squid-users