[squid-users] Change are not taking
Amos Jeffries
squid3 at treenet.co.nz
Sat May 20 11:30:46 UTC 2017
Sorry I missed one part...
On 20/05/17 23:22, Amos Jeffries wrote:
> On 20/05/17 05:13, Patrick Flaherty wrote:
>>
>> Hi,
>>
>> I am making changes to my squid.conf, yet they don’t seem to take. Is
>> there something I’m missing? Any help appreciated
>>
>
> From the changes below it looks like you are attempting to configure a
> reverse-proxy. Relevant changes below:
>
>> # Squid Proxy Configuration
>>
>> # Network(s) where proxy traffic is originating
>>
>> # acl localnet src 10.0.0.0/8 # RFC1918 possible internal
>> network
>>
>> # acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
>>
>> # acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
>>
>> acl localnet src all
>>
>
> Remove the above change.
>
>> # acl and http_access ("rmsc.txt")
>>
>> acl whitelist dstdomain "c:/squid/etc/squid/rmsc.txt"
>>
>> http_access allow whitelist
>>
> Move this section down to the place marked below.
>
>> acl http proto http
>>
>> acl https proto https
>>
>> acl SSL_ports port 443
>>
>> acl Safe_ports port 80 # http
>>
>> acl Safe_ports port 443 # https
>>
>> acl CONNECT method CONNECT
>>
>> # rules allowing proxy access
>>
>> http_access allow http Safe_ports whitelist localnet
>>
>> http_access allow https SSL_ports whitelist localnet
>>
>
> Remove the above http_access lines.
>
>> # Deny requests to certain unsafe ports
>>
>> http_access deny !Safe_ports
>>
>> # Deny CONNECT to other than secure SSL ports
>>
>> http_access deny CONNECT !SSL_ports
>>
>
> This is where the whiltelist lines should be placed.
Also, add cache_peer and cache_peer_access entries for each of your servers.
>
>> # Lastly deny all other access to this proxy
>>
>> http_access deny all
>>
>> # Listens to port 3128
>>
>> http_port 3128
>>
>
> Add this line:
> http_port 80 accel
>
>> # DNS servers (Change dns_nameservers to client dns servers for
>> consistency and better performance)
>>
>> dns_nameservers 8.8.8.8 8.8.4.4
>>
>
> NP: Google DNS server farm design causes DNS results to churn on every
> single request. This breaks HTTP/1.x connection persistence, pipeline
> and multiplexing performance features. If you want these performance
> enhancing features to work properly you should run your own local DNS
> resolver and have Squid and the LAN use that.
>
>> # Roll log file daily and keep 30 days
>>
>> logfile_rotate 30
>>
>> # Access log format
>>
>> logformat squid %tl %6tr %>a %Ss/%03>Hs %<st %rm %ru %un %Sh/%<A %mt
>>
>>
>
> Do not re-define the "squid" default logformat the result will not be
> what you want.
> If you need something that is not provided by one of the default
> formats use a format name of your own choosing name.
>
>> # Debug (Only used by Rave Service Personnel)
>>
>> # debug_options ALL,2
>>
>> # Use IPv4 based DNS first
>>
>> dns_v4_first on
>>
>> # Log definitions
>>
>> access_log stdio:c:/Squid/var/log/squid/access.log
>>
>> cache_store_log stdio:c:/Squid/var/log/squid/store.log
>>
>> buffered_logs on
>>
>>
>
> .. and finally as Dijixie mentioned dont forget to reload Squid.
>
> PS: If you are using Squid-3 on one of the latest Linux with systemd
> that may need to be a full stop/start cycle to make sure it works due
> to problems systemd has with services like Squid-3.
>
> Amos
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
More information about the squid-users
mailing list