[squid-users] skype connection problem

Nicolas Valera nvalera at gmail.com
Tue Oct 25 14:25:35 UTC 2016


Amos, thanks for the tips!
any idea about my skype problem?

regards

On 10/25/2016 08:13 AM, Amos Jeffries wrote:
> On 25/10/2016 5:19 a.m., Nicolas Valera wrote:
>> Hi Yuri, thanks for the answer!
>>
>> we don't have the squid in transparent mode in this network.
>> the squid configuration is very basic. here is the conf:
>>
>> -------------------------------------------------------------------------
>> http_port 1280 connection-auth=off
>> forwarded_for delete
>> httpd_suppress_version_string on
>> client_persistent_connections off
>>
>> cache_mem 16 GB
>> maximum_object_size_in_memory 8 MB
>>
>> url_rewrite_program /usr/bin/squidGuard
>
> These...
>
>> url_rewrite_children 10
>> url_rewrite_access allow all
>
> ... are redundant. That is the default values for those directives.
>
>>
>> acl numeric_IPs dstdom_regex
>> ^(([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)|(\[([0-9a-f]+)?:([0-9a-f:]+)?:([0-9a-f]+|0-9\.]+)?\])):443
>>
>> acl Skype_UA browser ^skype
>>
>> acl SSL_ports port 443 563 873 1445 2083 8000 8088 10017 8443 5443 7443
>> 50001
>> acl Safe_ports port 80 82 88 182 210 554 591 777 873 1001 21 443 70 280 488
>> acl Safe_ports port 1025-65535  # unregistered ports
>>
>> acl CONNECT method CONNECT
>> acl safe_method method GET
>> acl safe_method method PUT
>> acl safe_method method POST
>> acl safe_method method HEAD
>> acl safe_method method CONNECT
>> acl safe_method method OPTIONS
>> acl safe_method method PROPFIND
>> acl safe_method method REPORT
>> acl safe_method method MERGE
>> acl safe_method method MKACTIVITY
>> acl safe_method method CHECKOUT
>
> Whats the point of this ACL ?
>
>
>>
>> http_access deny !Safe_ports
>> http_access allow CONNECT localnet numeric_IPS Skype_UA
>> http_access deny CONNECT !SSL_ports
>> http_access deny !safe_method
>> http_access allow localnet
>> http_access allow localhost
>> http_access deny all
>>
>> refresh_pattern ^ftp:        1440    20%    10080
>> refresh_pattern ^gopher:    1440    0%    1440
>> refresh_pattern -i (/cgi-bin/|\?) 0    0%    0
>> refresh_pattern Packages\.tar$ 0       20%    4320 refresh-ims
>> ignore-no-cache
>> refresh_pattern Packages\.bz2$ 0       20%    4320 refresh-ims
>> ignore-no-cache
>> refresh_pattern Sources\.bz2$  0       20%    4320 refresh-ims
>> ignore-no-cache
>> refresh_pattern Release\.gpg$  0       20%    4320 refresh-ims
>> refresh_pattern Release$       0       20%    4320 refresh-ims
>> refresh_pattern -i
>> microsoft.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 4320 80%
>> 43200 reload-into-ims ignore-no-cache
>> refresh_pattern -i
>> windowsupdate.com/.*\.(esd|cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip)
>> 4320 80% 43200 reload-into-ims ignore-no-cache
>> refresh_pattern -i
>> windows.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 4320 80%
>> 43200 reload-into-ims ignore-no-cache
>> refresh_pattern -i
>> live.net/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 4320 80% 43200
>> reload-into-ims ignore-no-cache
>> refresh_pattern .        0    20%    4320
>>
>
> All those "ignore-no-cache" are not useful. Run "squid -k parse" and it
> should mention they are no longer supported.
>
> Amos
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>


More information about the squid-users mailing list