[squid-users] CentOS6 and squid34 package ...

Walter H. Walter.H at mathemainzel.info
Fri May 26 16:57:25 UTC 2017

On 26.05.2017 17:49, Amos Jeffries wrote:
> On 26/05/17 07:51, Mike wrote:
>> Walter, what I've found is when compiling to squid 3.5.x and higher, 
>> the compile options change. Also remember that many of the options 
>> that were available with 3.1.x are depreciated and likely will not 
>> work with 3.4.x and higher.
>> The other issue is that squid is only supposed to be handling HTTP 
>> and HTTPS traffic, not FTP. trying to use it as a FTP proxy will need 
>> a different configuration than the standard HTTP/Secure proxy.
> Well, to be correct Squid talks HTTP to the client software. It has 
> log supported mapping FTP server URLs into HTTP.
> This second problem seems like the symptoms of 
> <http://bugs.squid-cache.org/show_bug.cgi?id=4132> which was fixed 
> years ago in the Squid-3.5.5 release. But that was apparently a 
> regression not affecting 3.4 or 3.1. Hmm.
Strange, isn't it?
>> On 5/25/2017 14:07 PM, Walter H. wrote:
>>> On 25.05.2017 12:50, Amos Jeffries wrote:
>>>> On 25/05/17 20:19, Walter H. wrote:
>>>>> Hello
>>>>> what is the essential difference between the default squid package 
>>>>> and this squid34 package,
>>>>> as I have problems using this squid34 package for FTP connections;
>>>>> there are no shown icons, when going to e.g. ftp://ftp.adobe.com/
>>>>> when I tell the browser to show the image then I get this squid 
>>>>> generated message ...
>>>>> the same config /etc/squid/squid.conf works with the default squid 
>>>>> package ...
>>>>> <message>
>>>>> While trying to retrieve the URL: 
>>>>> http://proxy.local:3128/squid-internal-static/icons/silk/folder.png <http://zbox-ci323.waldinet.local:3128/squid-internal-static/icons/silk/folder.png> 
>>>> Notice the port number in that URL...
>>> yes I see the squid port 3128
>>> when I do this with the default squid package, there I get the 
>>> icons, and when I want to get the URL of such an icon,
>>> it shows e.g. 
>>> ftp://ftp.adobe.com/squid-internal-static/icons/anthony-dir.gif
>>> what is running wrong here?
>>> is there a setting I can change without having to allow
>>> port 3128 traffic go through the proxy?
>>> (this is not really logic, as the default squid package also doesn't 
>>> allow port 3128 traffic go through ...)
> Er, it is using the recommended default config we ship from upstream. 
> Some Vendors like to install packages that are not usable without 
> manual attention. Usually by commenting out the "http_access allow 
> localnet" rule though, not marking registered HTTP ports as unsafe for 
> use with HTTP.
> Anyhow:
>  acl Safe_ports port 3128
>  acl port3128 port 3128
>  acl squid-internal urlpath_regex ^/squid-internal
> Then add this directly before the "deny manager" line:
>   http_access deny port3128 !squid-internal 

Many thanks,
this shows the icons and doesn't allow port 3128 go through ...
exactly as I wanted


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3491 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20170526/5cbd14d9/attachment.bin>

More information about the squid-users mailing list