<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:"Arial Rounded MT Bold";
panose-1:2 15 7 4 3 5 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
span.EmailStyle18
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.EmailStyle19
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.EmailStyle22
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="#0563C1" vlink="#954F72">
<div class="WordSection1">
<p class="MsoNormal">This was my first concern with posting, having managed NetView/AIX for years—that folks may focus on the choice of OS versus the problem at hand. This is not meant to be an enterprise solution, it’s something for a team of non-network engineers
to use to support passing tcp/443 traffic from servers blocked from the internet. Why not choose the platform that is most familiar to the people that will need to support it?
<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">I’ve got a fifth Windows Squid test box running outside the F5 that has yet to error, but it only has a handful of agents sending Log Analytics data. The F5’s have been checked out, so the hope is that a Squid config or OS registry change
will fix this. <o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">However, if the consensus is that the Windows port is unstable under any kind of load, then we’d have to consider options.
<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b>From:</b> eliezer@ngtech.co.il <eliezer@ngtech.co.il> <br>
<b>Sent:</b> Thursday, February 21, 2019 12:50 AM<br>
<b>To:</b> Van Order, Drew (US - Hermitage) <dvanorder@deloitte.com>; squid-users@lists.squid-cache.org<br>
<b>Subject:</b> [EXT] RE: [squid-users] Squid for Windows Repeatedly Crashing<o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">May I ask about the usage of Windows 2016 VM’s compared to CentOS or Ubuntu?<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Eliezer<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal"><span style="font-family:"Arial Rounded MT Bold",sans-serif">----<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Arial Rounded MT Bold",sans-serif"><a href="http://secure-web.cisco.com/1QlNYIFwJYHHQ7Gju-o31exeEfzmLfLHD-tlPBXtA4AjezZjFRrjCjQhCtZ3finQTxn34ZnlGjGrThEMYGWtTzylNEw-ofQAp8U32g0ctuACuPLDsaX0vdvlccEM9yAFrtly-r6W9v8aAND2sTwtjG_DdCWCqHr20GzEBelQB5zTXPLSrBWKwb2lQG4S9q1TfNVRxihuQEW_4yLWhCq4aD2qelhYU-Z_IcKwsQ5SDh_RAGgz1tx_F3PIGffKM9wlJgUgh75XoWakVDRnMuUx_OdOl2IgHlZsveHKOFhCiBjHKJ5MsZCUVdB2EsQ-WarU2je57Od_AQy8Le44KosAmxe7QcJbvSFxmUm6Gea-lNQZPJ__ZRbR8U-OurUTPnV8l2paOjYM2srjFrDknyxo_5KwLIn6pqIR2O2RpC6mUFl4Jj2LOaSoPW1RPPepT4-bm-YdpU5ZU9rymMsiZWEIxrhT1IJYxMYP7HuQFJ-4MmxrZAY2yUaMbB9tiyHf2CimH/http%3A%2F%2Fngtech.co.il%2Fmain-en%2F">Eliezer
Croitoru</a><br>
Linux System Administrator<br>
Mobile: +972-5-28704261<br>
Email: <a href="mailto:eliezer@ngtech.co.il">eliezer@ngtech.co.il</a><o:p></o:p></span></p>
<p class="MsoNormal"><img border="0" width="183" height="69" style="width:1.9062in;height:.7187in" id="Picture_x0020_1" src="cid:image001.png@01D4C9C2.1BC83110" alt="cid:image001.png@01D2675E.DCF360D0"><o:p></o:p></p>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b>From:</b> squid-users <<a href="mailto:squid-users-bounces@lists.squid-cache.org">squid-users-bounces@lists.squid-cache.org</a>>
<b>On Behalf Of </b>Van Order, Drew (US - Hermitage)<br>
<b>Sent:</b> Thursday, February 21, 2019 07:23<br>
<b>To:</b> <a href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a><br>
<b>Subject:</b> [squid-users] Squid for Windows Repeatedly Crashing<o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Hello folks, we’re running Squid 3.5.28 on four Windows 2016 VM’s, each has 4 CPU, 8 GB memory, 10 GB NIC. We implemented Squid to support forwarding Azure Log Analytics data, it’s all CONNECT. The Squids are load balanced through a F5.
There are less than 1,000 servers sending data to Log Analytics.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">All four Squids are regularly crashing, and I don’t know how to interpret the errors in cache.log. It crashes if we disable caching too.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Any insight is appreciated—I’ve inherited this responsibility and more a cloud engineer than a network specialist.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Thanks in advance!<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Typical error sequence in cache.log<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">2019/02/20 09:42:32 kid1| FD 12, 10.5.11.12 [Stopped, reason:Listener socket closed job1]: (14) Bad address<o:p></o:p></p>
<p class="MsoNormal">2019/02/20 09:42:32 kid1| FD 12, 10.5.11.12 [Stopped, reason:Listener socket closed job1]: (14) Bad address<o:p></o:p></p>
<p class="MsoNormal">2019/02/20 09:42:32 kid1| FD 12, 10.5.11.12 [Stopped, reason:Listener socket closed job1]: (14) Bad address<o:p></o:p></p>
<p class="MsoNormal">2019/02/20 09:42:32 kid1| FD 12, 10.5.11.12 [Stopped, reason:Listener socket closed job1]: (14) Bad address<o:p></o:p></p>
<p class="MsoNormal">2019/02/20 09:42:32 kid1| FD 12, 10.5.11.12 [Stopped, reason:Listener socket closed job1]: (14) Bad address<o:p></o:p></p>
<p class="MsoNormal">2019/02/20 09:42:32 kid1| FD 12, 10.5.11.12 [Stopped, reason:Listener socket closed job1]: (14) Bad address<o:p></o:p></p>
<p class="MsoNormal">2019/02/20 09:42:32 kid1| FD 12, 10.5.11.12 [Stopped, reason:Listener socket closed job1]: (14) Bad address<o:p></o:p></p>
<p class="MsoNormal">2019/02/20 09:42:33 kid1| FD 12, 10.5.11.12 [Stopped, reason:Listener socket closed job1]: (14) Bad address<o:p></o:p></p>
<p class="MsoNormal">2019/02/20 09:42:33 kid1| FD 12, 10.5.11.12 [Stopped, reason:Listener socket closed job1]: (14) Bad address<o:p></o:p></p>
<p class="MsoNormal">2019/02/20 09:42:33 kid1| FD 12, 10.5.11.12 [Stopped, reason:Listener socket closed job1]: (14) Bad address<o:p></o:p></p>
<p class="MsoNormal">2019/02/20 09:42:33 kid1| FD 12, 10.5.11.12 [Stopped, reason:Listener socket closed job1]: (14) Bad address<o:p></o:p></p>
<p class="MsoNormal">2019/02/20 09:42:33 kid1| FD 12, 10.5.11.12 [Stopped, reason:Listener socket closed job1]: (14) Bad address<o:p></o:p></p>
<p class="MsoNormal">2019/02/20 09:42:33 kid1| comm_poll: poll failure: (14) Bad address<o:p></o:p></p>
<p class="MsoNormal">2019/02/20 09:42:33 kid1| Select loop Error. Retry 1<o:p></o:p></p>
<p class="MsoNormal">2019/02/20 09:42:33 kid1| comm_poll: poll failure: (14) Bad address<o:p></o:p></p>
<p class="MsoNormal">2019/02/20 09:42:33 kid1| Select loop Error. Retry 2<o:p></o:p></p>
<p class="MsoNormal">2019/02/20 09:42:33 kid1| comm_poll: poll failure: (14) Bad address<o:p></o:p></p>
<p class="MsoNormal">2019/02/20 09:42:33 kid1| Select loop Error. Retry 3<o:p></o:p></p>
<p class="MsoNormal">2019/02/20 09:42:33 kid1| comm_poll: poll failure: (14) Bad address<o:p></o:p></p>
<p class="MsoNormal">2019/02/20 09:42:33 kid1| Select loop Error. Retry 4<o:p></o:p></p>
<p class="MsoNormal">2019/02/20 09:42:33 kid1| comm_poll: poll failure: (14) Bad address<o:p></o:p></p>
<p class="MsoNormal">2019/02/20 09:42:33 kid1| Select loop Error. Retry 5<o:p></o:p></p>
<p class="MsoNormal">2019/02/20 09:42:33 kid1| comm_poll: poll failure: (14) Bad address<o:p></o:p></p>
<p class="MsoNormal">2019/02/20 09:42:33 kid1| Select loop Error. Retry 6<o:p></o:p></p>
<p class="MsoNormal">2019/02/20 09:42:33 kid1| comm_poll: poll failure: (14) Bad address<o:p></o:p></p>
<p class="MsoNormal">2019/02/20 09:42:33 kid1| Select loop Error. Retry 7<o:p></o:p></p>
<p class="MsoNormal">2019/02/20 09:42:33 kid1| comm_poll: poll failure: (14) Bad address<o:p></o:p></p>
<p class="MsoNormal">2019/02/20 09:42:33 kid1| Select loop Error. Retry 8<o:p></o:p></p>
<p class="MsoNormal">2019/02/20 09:42:33 kid1| comm_poll: poll failure: (14) Bad address<o:p></o:p></p>
<p class="MsoNormal">2019/02/20 09:42:33 kid1| Select loop Error. Retry 9<o:p></o:p></p>
<p class="MsoNormal">2019/02/20 09:42:33 kid1| comm_poll: poll failure: (14) Bad address<o:p></o:p></p>
<p class="MsoNormal">2019/02/20 09:42:33 kid1| Select loop Error. Retry 10<o:p></o:p></p>
<p class="MsoNormal">2019/02/20 09:42:33 kid1| Closing HTTP port 10.5.11.12:3128<o:p></o:p></p>
<p class="MsoNormal">FATAL: Event loop exited with failure.<o:p></o:p></p>
<p class="MsoNormal">Squid Cache (Version 3.5.28): Terminated abnormally.<o:p></o:p></p>
<p class="MsoNormal">CPU Usage: 12.640 seconds = 4.234 user + 8.406 sys<o:p></o:p></p>
<p class="MsoNormal">Maximum Resident Size: 5159680 KB<o:p></o:p></p>
<p class="MsoNormal">Page faults with physical i/o: 20341<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Squid restarts, and will often start erroring right away:<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">2019/02/20 09:42:33 kid1| storeDirWriteCleanLogs: Starting...<o:p></o:p></p>
<p class="MsoNormal">2019/02/20 09:42:33 kid1| Finished. Wrote 0 entries.<o:p></o:p></p>
<p class="MsoNormal">2019/02/20 09:42:33 kid1| Took 0.00 seconds ( 0.00 entries/sec).<o:p></o:p></p>
<p class="MsoNormal">2019/02/20 09:42:36 kid1| Set Current Directory to /cygdrive/e/squid/var/coredump<o:p></o:p></p>
<p class="MsoNormal">2019/02/20 09:42:36 kid1| Starting Squid Cache version 3.5.28 for x86_64-unknown-cygwin...<o:p></o:p></p>
<p class="MsoNormal">2019/02/20 09:42:36 kid1| Service Name: squid<o:p></o:p></p>
<p class="MsoNormal">2019/02/20 09:42:36 kid1| Process ID 2292<o:p></o:p></p>
<p class="MsoNormal">2019/02/20 09:42:36 kid1| Process Roles: worker<o:p></o:p></p>
<p class="MsoNormal">2019/02/20 09:42:36 kid1| With 3200 file descriptors available<o:p></o:p></p>
<p class="MsoNormal">2019/02/20 09:42:36 kid1| Initializing IP Cache...<o:p></o:p></p>
<p class="MsoNormal">2019/02/20 09:42:36 kid1| parseEtcHosts: /etc/hosts: (2) No such file or directory<o:p></o:p></p>
<p class="MsoNormal">2019/02/20 09:42:36 kid1| DNS Socket created at [::], FD 5<o:p></o:p></p>
<p class="MsoNormal">2019/02/20 09:42:36 kid1| DNS Socket created at 0.0.0.0, FD 6<o:p></o:p></p>
<p class="MsoNormal">2019/02/20 09:42:36 kid1| Adding nameserver 208.67.220.220 from squid.conf<o:p></o:p></p>
<p class="MsoNormal">2019/02/20 09:42:36 kid1| Adding nameserver 208.67.222.222 from squid.conf<o:p></o:p></p>
<p class="MsoNormal">2019/02/20 09:42:36 kid1| Logfile: opening log daemon:/var/log/squid/access.log<o:p></o:p></p>
<p class="MsoNormal">2019/02/20 09:42:36 kid1| Logfile Daemon: opening log /var/log/squid/access.log<o:p></o:p></p>
<p class="MsoNormal">2019/02/20 09:42:36 kid1| WARNING: no_suid: setuid(0): (22) Invalid argument<o:p></o:p></p>
<p class="MsoNormal">2019/02/20 09:42:36 kid1| Store logging disabled<o:p></o:p></p>
<p class="MsoNormal">2019/02/20 09:42:36 kid1| Swap maxSize 262144 + 262144 KB, estimated 40329 objects<o:p></o:p></p>
<p class="MsoNormal">2019/02/20 09:42:36 kid1| Target number of buckets: 2016<o:p></o:p></p>
<p class="MsoNormal">2019/02/20 09:42:36 kid1| Using 8192 Store buckets<o:p></o:p></p>
<p class="MsoNormal">2019/02/20 09:42:36 kid1| Max Mem size: 262144 KB<o:p></o:p></p>
<p class="MsoNormal">2019/02/20 09:42:36 kid1| Max Swap size: 262144 KB<o:p></o:p></p>
<p class="MsoNormal">2019/02/20 09:42:36 kid1| Rebuilding storage in /cygdrive/e/squid/cache (clean log)<o:p></o:p></p>
<p class="MsoNormal">2019/02/20 09:42:36 kid1| Using Least Load store dir selection<o:p></o:p></p>
<p class="MsoNormal">2019/02/20 09:42:36 kid1| Set Current Directory to /cygdrive/e/squid/var/coredump<o:p></o:p></p>
<p class="MsoNormal">2019/02/20 09:42:36 kid1| Finished loading MIME types and icons.<o:p></o:p></p>
<p class="MsoNormal">2019/02/20 09:42:36 kid1| HTCP Disabled.<o:p></o:p></p>
<p class="MsoNormal">2019/02/20 09:42:36 kid1| Squid plugin modules loaded: 0<o:p></o:p></p>
<p class="MsoNormal">2019/02/20 09:42:36 kid1| Adaptation support is off.<o:p></o:p></p>
<p class="MsoNormal">2019/02/20 09:42:36 kid1| Accepting HTTP Socket connections at local=10.5.11.12:3128 remote=[::] FD 12 flags=9<o:p></o:p></p>
<p class="MsoNormal">2019/02/20 09:42:36 kid1| Done reading /cygdrive/e/squid/cache swaplog (0 entries)<o:p></o:p></p>
<p class="MsoNormal">2019/02/20 09:42:36 kid1| Store rebuilding is 0.00% complete<o:p></o:p></p>
<p class="MsoNormal">2019/02/20 09:42:36 kid1| Finished rebuilding storage from disk.<o:p></o:p></p>
<p class="MsoNormal">2019/02/20 09:42:36 kid1| 0 Entries scanned<o:p></o:p></p>
<p class="MsoNormal">2019/02/20 09:42:36 kid1| 0 Invalid entries.<o:p></o:p></p>
<p class="MsoNormal">2019/02/20 09:42:36 kid1| 0 With invalid flags.<o:p></o:p></p>
<p class="MsoNormal">2019/02/20 09:42:36 kid1| 0 Objects loaded.<o:p></o:p></p>
<p class="MsoNormal">2019/02/20 09:42:36 kid1| 0 Objects expired.<o:p></o:p></p>
<p class="MsoNormal">2019/02/20 09:42:36 kid1| 0 Objects cancelled.<o:p></o:p></p>
<p class="MsoNormal">2019/02/20 09:42:36 kid1| 0 Duplicate URLs purged.<o:p></o:p></p>
<p class="MsoNormal">2019/02/20 09:42:36 kid1| 0 Swapfile clashes avoided.<o:p></o:p></p>
<p class="MsoNormal">2019/02/20 09:42:36 kid1| Took 0.04 seconds ( 0.00 objects/sec).<o:p></o:p></p>
<p class="MsoNormal">2019/02/20 09:42:36 kid1| Beginning Validation Procedure<o:p></o:p></p>
<p class="MsoNormal">2019/02/20 09:42:36 kid1| Completed Validation Procedure<o:p></o:p></p>
<p class="MsoNormal">2019/02/20 09:42:36 kid1| Validated 0 Entries<o:p></o:p></p>
<p class="MsoNormal">2019/02/20 09:42:36 kid1| store_swap_size = 0.00 KB<o:p></o:p></p>
<p class="MsoNormal">2019/02/20 09:42:37 kid1| storeLateRelease: released 0 objects<o:p></o:p></p>
<p class="MsoNormal">2019/02/20 09:42:45 kid1| FD 12, 10.5.11.12 [ job1]: (14) Bad address<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Squid.conf<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"># Example rule allowing access from your local networks.<o:p></o:p></p>
<p class="MsoNormal"># Adapt to list your (internal) IP networks from where browsing<o:p></o:p></p>
<p class="MsoNormal"># should be allowed<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">acl localnet src 10.0.0.0/8 # RFC1918 possible internal network<o:p></o:p></p>
<p class="MsoNormal">#acl localnet src 172.16.0.0/12 # RFC1918 possible internal network<o:p></o:p></p>
<p class="MsoNormal">#acl localnet src 192.168.0.0/16 # RFC1918 possible internal network<o:p></o:p></p>
<p class="MsoNormal">acl localnet src fc00::/7 # RFC 4193 local private network range<o:p></o:p></p>
<p class="MsoNormal">acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">acl SSL_ports port 443<o:p></o:p></p>
<p class="MsoNormal">acl Safe_ports port 80 # http<o:p></o:p></p>
<p class="MsoNormal">acl Safe_ports port 21 # ftp<o:p></o:p></p>
<p class="MsoNormal">acl Safe_ports port 443 # https<o:p></o:p></p>
<p class="MsoNormal">acl Safe_ports port 70 # gopher<o:p></o:p></p>
<p class="MsoNormal">acl Safe_ports port 210 # wais<o:p></o:p></p>
<p class="MsoNormal">acl Safe_ports port 1025-65535 # unregistered ports<o:p></o:p></p>
<p class="MsoNormal">acl Safe_ports port 280 # http-mgmt<o:p></o:p></p>
<p class="MsoNormal">acl Safe_ports port 488 # gss-http<o:p></o:p></p>
<p class="MsoNormal">acl Safe_ports port 591 # filemaker<o:p></o:p></p>
<p class="MsoNormal">acl Safe_ports port 777 # multiling http<o:p></o:p></p>
<p class="MsoNormal">acl CONNECT method CONNECT<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"># Only allow cachemgr access from localhost<o:p></o:p></p>
<p class="MsoNormal">http_access allow localhost manager<o:p></o:p></p>
<p class="MsoNormal">http_access deny manager<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"># Deny requests to certain unsafe ports<o:p></o:p></p>
<p class="MsoNormal">http_access deny !Safe_ports<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"># Deny CONNECT to other than secure SSL ports<o:p></o:p></p>
<p class="MsoNormal">http_access deny CONNECT !SSL_ports<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"># We strongly recommend the following be uncommented to protect innocent<o:p></o:p></p>
<p class="MsoNormal"># web applications running on the proxy server who think the only<o:p></o:p></p>
<p class="MsoNormal"># one who can access services on "localhost" is a local user<o:p></o:p></p>
<p class="MsoNormal">http_access deny to_localhost<o:p></o:p></p>
<p class="MsoNormal"># Example rule allowing access from your local networks.<o:p></o:p></p>
<p class="MsoNormal"># Adapt localnet in the ACL section to list your (internal) IP networks<o:p></o:p></p>
<p class="MsoNormal"># from where browsing should be allowed<o:p></o:p></p>
<p class="MsoNormal">http_access allow localnet<o:p></o:p></p>
<p class="MsoNormal">http_access allow localhost<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"># And finally deny all other access to this proxy<o:p></o:p></p>
<p class="MsoNormal">http_access deny all<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"># Squid normally listens to port 3128<o:p></o:p></p>
<p class="MsoNormal">http_port 10.5.11.12:3128<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"># Uncomment the line below to enable disk caching - path format is /cygdrive/<full path to cache folder>, i.e.<o:p></o:p></p>
<p class="MsoNormal">cache_dir aufs /cygdrive/e/squid/cache 256 8 64<o:p></o:p></p>
<p class="MsoNormal">#cache deny all<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"># Limit number of days to keep logs<o:p></o:p></p>
<p class="MsoNormal">logfile_rotate 2<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"># Coredump directory<o:p></o:p></p>
<p class="MsoNormal">coredump_dir /cygdrive/e/squid/var/coredump<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"># Add any of your own refresh_pattern entries above these.<o:p></o:p></p>
<p class="MsoNormal">refresh_pattern -i (/cgi-bin/|\?) 0 0% 0<o:p></o:p></p>
<p class="MsoNormal">refresh_pattern . 0 20% 4320<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">dns_nameservers 208.67.220.220 208.67.222.222<o:p></o:p></p>
<p class="MsoNormal">max_filedescriptors 3200<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Typical access.log<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">1550724138.034 213 10.27.18.220 TCP_TUNNEL/200 4301 CONNECT ac3d8ead-8d6e-423e-8f51-1beadafe281a.ods.opinsights.azure.com:443 - HIER_DIRECT/40.71.12.224 -<o:p></o:p></p>
<p class="MsoNormal">1550724153.063 122686 10.27.18.220 TCP_TUNNEL/200 8820 CONNECT eus2-jobruntimedata-prod-su1.azure-automation.net:443 - HIER_DIRECT/104.208.163.218 -<o:p></o:p></p>
<p class="MsoNormal">1550724155.287 635036 10.27.18.220 TCP_TUNNEL/200 11107 CONNECT 593a6510-ebfc-4d6b-a8f0-a0411dfee098.ods.opinsights.azure.com:443 - HIER_DIRECT/40.71.12.224 -<o:p></o:p></p>
<p class="MsoNormal">1550724155.299 455045 10.27.18.220 TCP_TUNNEL/200 9280 CONNECT 593a6510-ebfc-4d6b-a8f0-a0411dfee098.ods.opinsights.azure.com:443 - HIER_DIRECT/40.71.12.224 -<o:p></o:p></p>
<p class="MsoNormal">1550724158.005 187 10.27.18.220 TCP_TUNNEL/200 4301 CONNECT ac3d8ead-8d6e-423e-8f51-1beadafe281a.ods.opinsights.azure.com:443 - HIER_DIRECT/40.71.12.224 -<o:p></o:p></p>
<p class="MsoNormal">1550724178.345 505 10.27.18.220 TCP_TUNNEL/200 4301 CONNECT ac3d8ead-8d6e-423e-8f51-1beadafe281a.ods.opinsights.azure.com:443 - HIER_DIRECT/40.71.12.224 -<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal" style="text-autospace:none"><b><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:#002776">Andrew Van Order</span></b><span style="font-size:9.0pt;font-family:"Arial",sans-serif;color:#002776"><o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:8.0pt;font-family:"Arial",sans-serif;color:#002776">CTO | Application Delivery Services | Hosting Services – Monitoring and Configuration Services<o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:8.0pt;font-family:"Arial",sans-serif;color:#002776">Deloitte Services LP
<o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:8.0pt;font-family:"Arial",sans-serif;color:#002776">Tel/Direct: +1 615 882 7836 | Fax: +1 615 750 7836<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:8.0pt;font-family:"Arial",sans-serif;color:#002776"><a href="mailto:dvanorder@deloitte.com">dvanorder@deloitte.com</a> |
<a href="http://www.deloitte.com">www.deloitte.com</a><o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p>This message (including any attachments) contains confidential information intended for a specific individual and purpose, and is protected by law. If you are not the intended recipient, you should delete this message and any disclosure, copying, or distribution
of this message, or the taking of any action based on it, by you is strictly prohibited.<o:p></o:p></p>
<p>v.E.1<o:p></o:p></p>
</div>
</body>
</html>