<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=utf-8"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Verdana;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
span.EmailStyle19
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-US link=blue vlink=purple style='word-wrap:break-word'><div class=WordSection1><p class=MsoNormal>Hey Acid,<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>I created as an example scripts the next:<o:p></o:p></p><p class=MsoNormal><a href="https://github.com/elico/squid-external-matchers">https://github.com/elico/squid-external-matchers</a><o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>The bash script is the pseudo and the ruby are production grade services.<o:p></o:p></p><p class=MsoNormal>I have use these services in production for a very long time and it works great.<o:p></o:p></p><p class=MsoNormal>Auto reloads the files as you append the content/domains/urls/sni.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>All The Bests,<o:p></o:p></p><p class=MsoNormal>Eliezer<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>----<o:p></o:p></p><p class=MsoNormal>Eliezer Croitoru<o:p></o:p></p><p class=MsoNormal>Tech Support<o:p></o:p></p><p class=MsoNormal>Mobile: +972-5-28704261<o:p></o:p></p><p class=MsoNormal>Email: <a href="mailto:ngtech1ltd@gmail.com">ngtech1ltd@gmail.com</a><o:p></o:p></p><p class=MsoNormal>Zoom: Coming soon<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><o:p> </o:p></p><div style='border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal><b>From:</b> NgTech LTD <ngtech1ltd@gmail.com> <br><b>Sent:</b> Tuesday, March 30, 2021 11:08 PM<br><b>To:</b> acidflash acidflash <acidflash_@linuxmail.org><br><b>Cc:</b> Squid Users <squid-users@lists.squid-cache.org><br><b>Subject:</b> Re: [squid-users] [SPAM] Squid stops serving requests after squid -k reconfigure<o:p></o:p></p></div><p class=MsoNormal><o:p> </o:p></p><div><p class=MsoNormal>Hey Acid,<o:p></o:p></p><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>First you should try 4.x latest.<o:p></o:p></p></div><div><p class=MsoNormal>a reload of 50 domains every 10 second doesn't make sense.<o:p></o:p></p></div><div><p class=MsoNormal>I don't understand the config and the setup.<o:p></o:p></p></div><div><p class=MsoNormal>for 50 sites you just need a basic script and even one in bash will work dor you with grep.<o:p></o:p></p></div><div><p class=MsoNormal>I wrote an example in ruby a while ago, I will try to find it in the next week.<o:p></o:p></p></div><div><p class=MsoNormal>Maybe the server is overloaded.<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>I will try to give you an example later on.<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>Eliezer<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div></div><p class=MsoNormal><o:p> </o:p></p><div><div><p class=MsoNormal><span lang=HE dir=RTL>בתאריך יום ג׳, 30 במרץ 2021, 20:41, מאת</span><span dir=LTR></span><span dir=LTR></span><span dir=LTR></span><span dir=LTR></span> acidflash acidflash <span dir=RTL></span><span dir=RTL></span><span lang=HE dir=RTL><span dir=RTL></span><span dir=RTL></span></span><span dir=LTR></span><span dir=LTR></span><span dir=LTR></span><span dir=LTR></span><<a href="mailto:acidflash_@linuxmail.org">acidflash_@linuxmail.org</a>>:<o:p></o:p></p></div><blockquote style='border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-right:0in'><div><div><div><p class=MsoNormal><span style='font-size:9.0pt;font-family:"Verdana",sans-serif'> <o:p></o:p></span></p></div><div><p class=MsoNormal><span style='font-size:9.0pt;font-family:"Verdana",sans-serif'>Hi Eliezer,<br><br>I hope your doing ok. Thanks for the reply. Yeah currently what I am doing is:<br><br>include /etc/squid/blockedsites.list<br>and adding the ACL's and the denies in the list file. What version do you recommend I upgrade to, and is this a known issue? The list is actually pretty small, probably no more than 50 sites or so, and thats split across 4 or 5 groups (different ACL's). I'll look into ufdbguard and the other projects as well, does this sound familiar though? If you think that the best path forward is to alleviate the burden off of squid to some external tool, I could probably think up a few hacks to for that, but would obviously prefer to keep it all within squid. Is this occurance common with squid -k reconfigure and dstdomain matching? Thanks for your time. Stay safe. <o:p></o:p></span></p><div><p class=MsoNormal><span style='font-size:9.0pt;font-family:"Verdana",sans-serif'> <o:p></o:p></span></p><div style='border:none;border-left:solid #C3D9E5 1.5pt;padding:0in 0in 0in 8.0pt;margin-left:7.5pt;margin-top:7.5pt;margin-right:3.75pt;margin-bottom:3.75pt' name=quote><div style='margin-bottom:7.5pt'><p class=MsoNormal><b><span style='font-size:9.0pt;font-family:"Verdana",sans-serif'>Sent:</span></b><span style='font-size:9.0pt;font-family:"Verdana",sans-serif'> Sunday, March 28, 2021 at 4:42 AM<br><b>From:</b> "Eliezer Croitoru" <<a href="mailto:ngtech1ltd@gmail.com" target="_blank">ngtech1ltd@gmail.com</a>><br><b>To:</b> <a href="mailto:squid-users@lists.squid-cache.org" target="_blank">squid-users@lists.squid-cache.org</a><br><b>Subject:</b> Re: [squid-users] [SPAM] Squid stops serving requests after squid -k reconfigure<o:p></o:p></span></p></div><div name=quoted-content><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:9.0pt;font-family:"Verdana",sans-serif'>Hey Acid,<o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:9.0pt;font-family:"Verdana",sans-serif'> <o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:9.0pt;font-family:"Verdana",sans-serif'>Haven’t seen you here for a very long time.<o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:9.0pt;font-family:"Verdana",sans-serif'>The first thing is to upgrade squid if possible…<o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:9.0pt;font-family:"Verdana",sans-serif'> <o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:9.0pt;font-family:"Verdana",sans-serif'>It’s better that you won’t use squid -kreconf for big blacklists.<o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:9.0pt;font-family:"Verdana",sans-serif'>Instead you should use some external software to match the blacklists.<o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:9.0pt;font-family:"Verdana",sans-serif'>The most recommended software these days is ufdbguard.<o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:9.0pt;font-family:"Verdana",sans-serif'>Depends on the size of your blacklist your might need to find the right solution.<o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:9.0pt;font-family:"Verdana",sans-serif'>The best solution would be to store the list in ram somehow.<o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:9.0pt;font-family:"Verdana",sans-serif'>Have you tried some kind of rbl server?<o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:9.0pt;font-family:"Verdana",sans-serif'> <o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:9.0pt;font-family:"Verdana",sans-serif'>At the time I wrote some code to and some of it was merged into:<o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:9.0pt;font-family:"Verdana",sans-serif'><a href="https://github.com/looterz/grimd" target="_blank">https://github.com/looterz/grimd</a><o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:9.0pt;font-family:"Verdana",sans-serif'> <o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:9.0pt;font-family:"Verdana",sans-serif'>It has a reload url so you can update the files on disk and send a reload.<o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:9.0pt;font-family:"Verdana",sans-serif'> <o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:9.0pt;font-family:"Verdana",sans-serif'>Another service I am using is:<o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:9.0pt;font-family:"Verdana",sans-serif'><a href="https://github.com/andybalholm/redwood" target="_blank">https://github.com/andybalholm/redwood</a><o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:9.0pt;font-family:"Verdana",sans-serif'> <o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:9.0pt;font-family:"Verdana",sans-serif'>Which has a “Classification Service” function.<o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:9.0pt;font-family:"Verdana",sans-serif'>It’s pretty easy to write a json http client that can run queries against this classification service.<o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:9.0pt;font-family:"Verdana",sans-serif'> <o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:9.0pt;font-family:"Verdana",sans-serif'>Also you’d better use a file In the dstdomain ac ie:<o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:9.0pt;font-family:"Verdana",sans-serif'>acl Blacklist dstdomain “/var/blacklists/xyx.list”<o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:9.0pt;font-family:"Verdana",sans-serif'>http_access deny Blacklist<o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:9.0pt;font-family:"Verdana",sans-serif'> <o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:9.0pt;font-family:"Verdana",sans-serif'>and inside the xyx.list file just add lines of domains like<o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:9.0pt;font-family:"Verdana",sans-serif'>.<a href="http://blacklisted-domain.com" target="_blank">blacklisted-domain.com</a><o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:9.0pt;font-family:"Verdana",sans-serif'>.<a href="http://example.com" target="_blank">example.com</a><o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:9.0pt;font-family:"Verdana",sans-serif'> <o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:9.0pt;font-family:"Verdana",sans-serif'>Etc..<o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:9.0pt;font-family:"Verdana",sans-serif'> <o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:9.0pt;font-family:"Verdana",sans-serif'> <o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:9.0pt;font-family:"Verdana",sans-serif'>All The Bests,<o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:9.0pt;font-family:"Verdana",sans-serif'>Eliezer<o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:9.0pt;font-family:"Verdana",sans-serif'> <o:p></o:p></span></p><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:9.0pt;font-family:"Verdana",sans-serif'>----<o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:9.0pt;font-family:"Verdana",sans-serif'>Eliezer Croitoru<o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:9.0pt;font-family:"Verdana",sans-serif'>Tech Support<o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:9.0pt;font-family:"Verdana",sans-serif'>Mobile: +972-5-28704261<o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:9.0pt;font-family:"Verdana",sans-serif'>Email: <a href="mailto:ngtech1ltd@gmail.com" target="_blank">ngtech1ltd@gmail.com</a><o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:9.0pt;font-family:"Verdana",sans-serif'>Zoom: Coming soon<o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:9.0pt;font-family:"Verdana",sans-serif'> <o:p></o:p></span></p></div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:9.0pt;font-family:"Verdana",sans-serif'> <o:p></o:p></span></p><div><div style='border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><b><span style='font-size:9.0pt;font-family:"Verdana",sans-serif'>From:</span></b><span style='font-size:9.0pt;font-family:"Verdana",sans-serif'> squid-users <<a href="mailto:squid-users-bounces@lists.squid-cache.org" target="_blank">squid-users-bounces@lists.squid-cache.org</a>> <b>On Behalf Of </b>acidflash acidflash<br><b>Sent:</b> Saturday, March 27, 2021 10:55 AM<br><b>To:</b> <a href="mailto:squid-users@lists.squid-cache.org" target="_blank">squid-users@lists.squid-cache.org</a><br><b>Subject:</b> [SPAM] [squid-users] Squid stops serving requests after squid -k reconfigure<o:p></o:p></span></p></div></div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:9.0pt;font-family:"Verdana",sans-serif'> <o:p></o:p></span></p><div><p><span style='font-size:12.0pt;font-family:"Times New Roman",serif'>I have gone through the forums, and I haven't found an answer to the question, although it has been asked more than once.</span><span style='font-size:9.0pt;font-family:"Verdana",sans-serif'><o:p></o:p></span></p><p><span style='font-size:12.0pt;font-family:"Times New Roman",serif'>I am running squid 3.5.X on Centos 7, the compile options are:<br>"configure options: '--build=x86_64-redhat-linux-gnu' '--host=x86_64-redhat-linux-gnu' '--program-prefix=' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib64' '--libexecdir=/usr/libexec' '--sharedstatedir=/var/lib' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--disable-strict-error-checking' '--exec_prefix=/usr' '--libexecdir=/usr/lib64/squid' '--localstatedir=/var' '--datadir=/usr/share/squid' '--sysconfdir=/etc/squid' '--with-logdir=$(localstatedir)/log/squid' '--with-pidfile=$(localstatedir)/run/squid.pid' '--disable-dependency-tracking' '--enable-eui' '--enable-follow-x-forwarded-for' '--enable-auth' '--enable-auth-basic=DB,LDAP,MSNT-multi-domain,NCSA,NIS,PAM,POP3,RADIUS,SASL,SMB,SMB_LM,getpwnam' '--enable-auth-ntlm=smb_lm,fake' '--enable-auth-digest=file,LDAP,eDirectory' '--enable-auth-negotiate=kerberos' '--enable-external-acl-helpers=file_userip,LDAP_group,time_quota,session,unix_group,wbinfo_group,kerberos_ldap_group' '--enable-cache-digests' '--enable-cachemgr-hostname=localhost' '--enable-delay-pools' '--enable-epoll' '--enable-ident-lookups' '--enable-linux-netfilter' '--enable-removal-policies=heap,lru' '--enable-snmp' '--enable-ssl-crtd' '--enable-storeio=aufs,diskd,rock,ufs' '--enable-wccpv2' '--enable-esi' '--enable-ecap' '--with-aio' '--with-default-user=squid' '--with-dl' '--with-openssl' '--with-pthreads' '--disable-arch-native' 'build_alias=x86_64-redhat-linux-gnu' 'host_alias=x86_64-redhat-linux-gnu' 'CFLAGS=-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic -fpie' 'LDFLAGS=-Wl,-z,relro -pie -Wl,-z,relro -Wl,-z,now' 'CXXFLAGS=-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic -fpie' 'PKG_CONFIG_PATH=:/usr/lib64/pkgconfig:/usr/share/pkgconfig'"</span><span style='font-size:9.0pt;font-family:"Verdana",sans-serif'><o:p></o:p></span></p><p><span style='font-size:9.0pt;font-family:"Verdana",sans-serif'> <o:p></o:p></span></p><p><span style='font-size:9.0pt;font-family:"Verdana",sans-serif'>I have a service which adds domains to a blacklist file, and then calls squid -k reconfigure.<br>Instead of writing to the file, this service updates the file completely with new rules,<br>by deleting the old file, and creating a new one in its place, and then calling squid -k reconfigure.<br>After doing this, on odd occasions, squid will stop serving traffic completely,<br>until you do a squid stop, and squid start. After shutting down squid,<br>and starting squid up with the same rules, squid will continue to work normally.<br>Its probably worth mentioning that during the time that these events are taking place,<br>the server is under quite a bit of load, and clients don't stop sending requests via the server.<br>What these directives look like:<br><br>acl Porn dstdomain .<a href="http://xnxx.com" target="_blank">xnxx.com</a> .<a href="http://sex.com" target="_blank">sex.com</a> <br>acl Drugs dstdomain .<a href="http://drugs.com" target="_blank">drugs.com</a> .<a href="http://silkroad.eu" target="_blank">silkroad.eu</a> <br>http_access deny Porn<br>http_access deny Drugs<o:p></o:p></span></p><p><span style='font-size:9.0pt;font-family:"Verdana",sans-serif'> <o:p></o:p></span></p><p><span style='font-size:9.0pt;font-family:"Verdana",sans-serif'>This also seems to be amplified when there are several squid workers (child processes) running.<br>In regards to order, these ACL's are above any other ACL's in the list. We have a very basic squid conf file that looks like this:<br>## START OF FILE<br>http_port 3128<br>cache deny all<br>#<br>access_log /var/log/squid/access.log <br>cache_store_log none<br>cache_log /dev/null<br>logfile_rotate 4<br>#<br>auth_param basic program /usr/lib64/squid/basic_db_auth --dsn "DBI:mysql:host=XX.XX.XX.XX;port=XXXX;database=XXXXX" --user XXXXXX --password XXXXXXXX --plaintext --persist<br># <br>acl db-auth proxy_auth REQUIRED<br>auth_param basic credentialsttl 2 hours<br>auth_param basic casesensitive on<br>#<br>connect_timeout 55 minutes<br>#<br>request_header_access Allow allow all<br>request_header_access Authorization allow all<br>request_header_access WWW-Authenticate allow all<br>request_header_access Proxy-Authorization allow all<br>request_header_access Proxy-Authenticate allow all<br>request_header_access Cache-Control allow all<br>request_header_access Content-Encoding allow all<br>request_header_access Content-Length allow all<br>request_header_access Content-Type allow all<br>request_header_access Date allow all<br>request_header_access Expires allow all<br>request_header_access Host allow all<br>request_header_access If-Modified-Since allow all<br>request_header_access Last-Modified allow all<br>request_header_access Location allow all<br>request_header_access Pragma allow all<br>request_header_access Accept allow all<br>request_header_access Accept-Charset allow all<br>request_header_access Accept-Encoding allow all<br>request_header_access Accept-Language allow all<br>request_header_access Content-Language allow all<br>request_header_access Mime-Version allow all<br>request_header_access Retry-After allow all<br>request_header_access Title allow all<br>request_header_access Connection allow all<br>request_header_access Proxy-Connection allow all<br>request_header_access User-Agent allow all<br>request_header_access Cookie allow all<br>request_header_access All deny all<br>dns_v4_first on<br>via off<br>forwarded_for off<br>follow_x_forwarded_for deny all<br>dns_nameservers 8.8.8.8 8.8.4.4<br>## END OF FILE<o:p></o:p></span></p><p><span style='font-size:9.0pt;font-family:"Verdana",sans-serif'> <o:p></o:p></span></p><p style='margin-bottom:3.75pt'><span style='font-size:9.0pt;font-family:"Verdana",sans-serif'>Your help is greatly appreciated, maybe there has been some insight into this issue after 10+ years since the last time it was asked.<o:p></o:p></span></p><p style='margin-bottom:9.75pt'><span style='font-size:9.0pt;font-family:"Verdana",sans-serif'> <o:p></o:p></span></p></div></div><p class=MsoNormal><span style='font-size:9.0pt;font-family:"Verdana",sans-serif'>_______________________________________________ squid-users mailing list <a href="mailto:squid-users@lists.squid-cache.org" target="_blank">squid-users@lists.squid-cache.org</a> <a href="http://lists.squid-cache.org/listinfo/squid-users" target="_blank">http://lists.squid-cache.org/listinfo/squid-users</a><o:p></o:p></span></p></div></div></div></div></div></div></div><p class=MsoNormal>_______________________________________________<br>squid-users mailing list<br><a href="mailto:squid-users@lists.squid-cache.org" target="_blank">squid-users@lists.squid-cache.org</a><br><a href="http://lists.squid-cache.org/listinfo/squid-users" target="_blank">http://lists.squid-cache.org/listinfo/squid-users</a><o:p></o:p></p></blockquote></div></div></body></html>