[squid-users] Squid proxy not working when upgrade from 27 to 3.5
Angus J.
ajiang at ouhk.edu.hk
Tue Oct 23 03:28:01 UTC 2018
Squid proxy not working when upgrade from 27 to 3.5
Squid proxy not working when upgrade to 3.5 and it will not caching anything
----------------------------------------------------------------------------
#Default:
# windows_ipaddrchangemonitor on
visible_hostname oul163.hkbb.edu.hk
http_port 3128 accel vhost defaultsite=oul163.hkbb.edu.hk
https_port 80 accel cert=/etc/squid/certs/ouhk.crt
key=/etc/squid/certs/ouhk.key defaultsite=oul163.hkbb.edu.hk vhost
protocol=https options=NO_SSLv3:NO_SSLv2
https_port 8000 accel cert=/etc/squid/certs/ouhk.crt
key=/etc/squid/certs/ouhk.key defaultsite=oul163.hkbb.edu.hk vhost
protocol=https options=NO_SSLv3:NO_SSLv2
#https_port 8004 accel cert=/etc/squid/certs/ouhk.crt
key=/etc/squid/certs/ouhk.key defaultsite=oul163.hkbb.edu.hk vhost
protocol=https options=NO_SSLv3:NO_SSLv2
https_port 8004 accel cert=/etc/squid/certs/ouhk2.crt
key=/etc/squid/certs/ouhk2.key defaultsite=oul163.hkbb.edu.hk vhost
protocol=https options=NO_SSLv3:NO_SSLv2
#https_port 8005 accel cert=/etc/squid/certs/ouhk.crt
key=/etc/squid/certs/ouhk.key defaultsite=oul163.hkbb.edu.hk vhost
protocol=https options=NO_SSLv3:NO_SSLv2
https_port 8005 accel cert=/etc/squid/certs/ouhk3.crt
key=/etc/squid/certs/ouhk3.key defaultsite=oul163.hkbb.edu.hk vhost
protocol=https options=NO_SSLv3:NO_SSLv2
#ssl_bump allow all
# Disable the following one
#ssl_bump options=NO_SSLv3
#always_direct allow all
# Disable the following one
#sslproxy_cert_error allow all
sslproxy_options NO_SSLv3:NO_SSLv2
access_log /var/log/squid/access.log squid
cache_effective_user squid
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
# the proxy-only indicates that caching will not be performed.
cache_peer 192.168.31.113 parent 8001 0 proxy-only name=prdhrms
cache_peer_domain prdhrms prdhrms.hkbb.edu.hk
cache_peer 192.168.31.134 parent 8005 0 ssl sslflags=DONT_VERIFY_PEER
proxy-only name=uathrms ssloptions=NO_SSLv3:NO_SSLv2
#cache_peer 192.168.31.134 parent 8005 0 ssl sslflags=DONT_VERIFY_DOMAIN
proxy-only name=uathrms ssloptions=NO_SSLv3:NO_SSLv2
cache_peer_domain uathrms uathrms.hkbb.edu.hk
cache_peer 192.168.31.134 parent 8004 0 ssl sslflags=DONT_VERIFY_PEER
proxy-only name=sithrms ssloptions=NO_SSLv3:NO_SSLv2
cache_peer_domain sithrms sithrms.hkbb.edu.hk
cache_peer 192.168.31.134 parent 8000 0 ssl sslflags=DONT_VERIFY_PEER
proxy-only name=devhrms ssloptions=NO_SSLv3:NO_SSLv2
#cache_peer 192.168.31.134 parent 8000 0 proxy-only originserver
name=devhrms ssll sslcafile=/certs/star_ouhk_edu_hk.crt
cache_peer_domain devhrms devhrms.hkbb.edu.hk
# Create an additional ACL for local network access
acl localip src 192.168.31.0/24
# access control list
acl hrmsacl dstdomain .hkbb.edu.hk
http_access allow hrmsacl
#acl hrmsacl2 dstdomain devhrms.hkbb.edu.hk
#cache_peer_access devhrms allow hrmsacl2
cache_peer_access prdhrms allow hrmsacl
cache_peer_access uathrms allow hrmsacl
cache_peer_access sithrms allow hrmsacl
cache_peer_access devhrms allow hrmsacl
#cache_peer_access secure allow SSL_ports
# Additional ACL definitions
acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
acl purge method PURGE
acl CONNECT method CONNECT
# Restrictions
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny all
# Disable caching
cache deny all
logfile_rotate 10
oul163:/etc/squid # vi squid.conf
cache_peer 192.168.31.113 parent 8001 0 proxy-only name=prdhrms
cache_peer_domain prdhrms prdhrms.hkbb.edu.hk
cache_peer 192.168.31.134 parent 8005 0 ssl sslflags=DONT_VERIFY_PEER
proxy-only name=uathrms ssloptions=NO_SSLv3:NO_SSLv2
#cache_peer 192.168.31.134 parent 8005 0 ssl sslflags=DONT_VERIFY_DOMAIN
proxy-only name=uathrms ssloptions=NO_SSLv3:NO_SSLv2
cache_peer_domain uathrms uathrms.hkbb.edu.hk
cache_peer 192.168.31.134 parent 8004 0 ssl sslflags=DONT_VERIFY_PEER
proxy-only name=sithrms ssloptions=NO_SSLv3:NO_SSLv2
cache_peer_domain sithrms sithrms.hkbb.edu.hk
cache_peer 192.168.31.134 parent 8000 0 ssl sslflags=DONT_VERIFY_PEER
proxy-only name=devhrms ssloptions=NO_SSLv3:NO_SSLv2
#cache_peer 192.168.31.134 parent 8000 0 proxy-only originserver
name=devhrms ssll sslcafile=/certs/star_ouhk_edu_hk.crt
cache_peer_domain devhrms devhrms.hkbb.edu.hk
# Create an additional ACL for local network access
acl localip src 192.168.31.0/24
# access control list
acl hrmsacl dstdomain .hkbb.edu.hk
http_access allow hrmsacl
#acl hrmsacl2 dstdomain devhrms.hkbb.edu.hk
#cache_peer_access devhrms allow hrmsacl2
cache_peer_access prdhrms allow hrmsacl
cache_peer_access uathrms allow hrmsacl
cache_peer_access sithrms allow hrmsacl
cache_peer_access devhrms allow hrmsacl
#cache_peer_access secure allow SSL_ports
# Additional ACL definitions
acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
acl purge method PURGE
acl CONNECT method CONNECT
# Restrictions
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny all
# Disable caching
cache deny all
logfile_rotate 10
--
Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html
More information about the squid-users
mailing list