Change are not taking

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Change are not taking

Patrick Flaherty

Hi,

 

I am making changes to my squid.conf, yet they don’t seem to take. Is there something I’m missing? Any help appreciated

 

# Squid Proxy Configuration

 

# Network(s) where proxy traffic is originating

# acl localnet src 10.0.0.0/8          # RFC1918 possible internal network

# acl localnet src 172.16.0.0/12   # RFC1918 possible internal network

# acl localnet src 192.168.0.0/16 # RFC1918 possible internal network

acl localnet src all

 

# acl and http_access ("rmsc.txt")

acl whitelist dstdomain  "c:/squid/etc/squid/rmsc.txt"

http_access        allow     whitelist

 

acl http      proto      http

acl https     proto      https

acl SSL_ports port 443

acl Safe_ports port 80                    # http

acl Safe_ports port 443                  # https

acl CONNECT method CONNECT

 

# rules allowing proxy access

http_access allow http  Safe_ports whitelist localnet

http_access allow https SSL_ports whitelist localnet

 

# Deny requests to certain unsafe ports

http_access deny !Safe_ports

 

# Deny CONNECT to other than secure SSL ports

http_access deny CONNECT !SSL_ports

 

# Lastly deny all other access to this proxy

http_access deny all

 

# Listens to port 3128

http_port 3128

 

# DNS servers (Change dns_nameservers to client dns servers for consistency and better performance)

dns_nameservers 8.8.8.8 8.8.4.4

 

# Roll log file daily and keep 30 days

logfile_rotate 30

 

# Access log format

logformat squid %tl %6tr %>a %Ss/%03>Hs %<st %rm %ru %un %Sh/%<A %mt

 

# Debug (Only used by Rave Service Personnel)

# debug_options             ALL,2

 

# Use IPv4 based DNS first

dns_v4_first on

 

# Log definitions

access_log stdio:c:/Squid/var/log/squid/access.log

cache_store_log stdio:c:/Squid/var/log/squid/store.log

buffered_logs on


_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Change are not taking

dijxie
W dniu 19.05.2017 o 19:13, Patrick Flaherty pisze:

Hi,

 

I am making changes to my squid.conf, yet they don’t seem to take. Is there something I’m missing? Any help appreciated

 

# Squid Proxy Configuration

 

# Network(s) where proxy traffic is originating

# acl localnet src 10.0.0.0/8          # RFC1918 possible internal network

# acl localnet src 172.16.0.0/12   # RFC1918 possible internal network

# acl localnet src 192.168.0.0/16 # RFC1918 possible internal network

acl localnet src all

 

# acl and http_access ("rmsc.txt")

acl whitelist dstdomain  "c:/squid/etc/squid/rmsc.txt"

http_access        allow     whitelist

 

acl http      proto      http

acl https     proto      https

acl SSL_ports port 443

acl Safe_ports port 80                    # http

acl Safe_ports port 443                  # https

acl CONNECT method CONNECT

 

# rules allowing proxy access

http_access allow http  Safe_ports whitelist localnet

http_access allow https SSL_ports whitelist localnet

 

# Deny requests to certain unsafe ports

http_access deny !Safe_ports

 

# Deny CONNECT to other than secure SSL ports

http_access deny CONNECT !SSL_ports

 

# Lastly deny all other access to this proxy

http_access deny all

 

# Listens to port 3128

http_port 3128

 

# DNS servers (Change dns_nameservers to client dns servers for consistency and better performance)

dns_nameservers 8.8.8.8 8.8.4.4

 

# Roll log file daily and keep 30 days

logfile_rotate 30

 

# Access log format

logformat squid %tl %6tr %>a %Ss/%03>Hs %<st %rm %ru %un %Sh/%<A %mt

 

# Debug (Only used by Rave Service Personnel)

# debug_options             ALL,2

 

# Use IPv4 based DNS first

dns_v4_first on

 

# Log definitions

access_log stdio:c:/Squid/var/log/squid/access.log

cache_store_log stdio:c:/Squid/var/log/squid/store.log

buffered_logs on



_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users

But what changes are you making?
Are you aware that you must reapply squid.conf after changing it by restarting or reloading? At linux, it's squid -k reconfigure; dunno how to do that on Windows, the same way i guess...

-- 
Greets, Dijx

_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Change are not taking

Amos Jeffries
Administrator
In reply to this post by Patrick Flaherty
On 20/05/17 05:13, Patrick Flaherty wrote:
>
> Hi,
>
> I am making changes to my squid.conf, yet they don’t seem to take. Is
> there something I’m missing? Any help appreciated
>

 From the changes below it looks like you are attempting to configure a
reverse-proxy. Relevant changes below:

> # Squid Proxy Configuration
>
> # Network(s) where proxy traffic is originating
>
> # acl localnet src 10.0.0.0/8          # RFC1918 possible internal network
>
> # acl localnet src 172.16.0.0/12   # RFC1918 possible internal network
>
> # acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
>
> acl localnet src all
>

Remove the above change.

> # acl and http_access ("rmsc.txt")
>
> acl whitelist dstdomain "c:/squid/etc/squid/rmsc.txt"
>
> http_access        allow     whitelist
>
Move this section down to the place marked below.

> acl http      proto      http
>
> acl https     proto      https
>
> acl SSL_ports port 443
>
> acl Safe_ports port 80                    # http
>
> acl Safe_ports port 443                  # https
>
> acl CONNECT method CONNECT
>
> # rules allowing proxy access
>
> http_access allow http  Safe_ports whitelist localnet
>
> http_access allow https SSL_ports whitelist localnet
>

Remove the above http_access lines.

> # Deny requests to certain unsafe ports
>
> http_access deny !Safe_ports
>
> # Deny CONNECT to other than secure SSL ports
>
> http_access deny CONNECT !SSL_ports
>

This is where the whiltelist lines should be placed.

> # Lastly deny all other access to this proxy
>
> http_access deny all
>
> # Listens to port 3128
>
> http_port 3128
>

Add this line:
  http_port 80 accel

> # DNS servers (Change dns_nameservers to client dns servers for
> consistency and better performance)
>
> dns_nameservers 8.8.8.8 8.8.4.4
>

NP: Google DNS server farm design causes DNS results to churn on every
single request. This breaks HTTP/1.x connection persistence, pipeline
and multiplexing performance features. If you want these performance
enhancing features to work properly you should run your own local DNS
resolver and have Squid and the LAN use that.

> # Roll log file daily and keep 30 days
>
> logfile_rotate 30
>
> # Access log format
>
> logformat squid %tl %6tr %>a %Ss/%03>Hs %<st %rm %ru %un %Sh/%<A %mt
>
>

Do not re-define the "squid" default logformat the result will not be
what you want.
If you need something that is not provided by one of the default formats
use a format name of your own choosing name.

> # Debug (Only used by Rave Service Personnel)
>
> # debug_options             ALL,2
>
> # Use IPv4 based DNS first
>
> dns_v4_first on
>
> # Log definitions
>
> access_log stdio:c:/Squid/var/log/squid/access.log
>
> cache_store_log stdio:c:/Squid/var/log/squid/store.log
>
> buffered_logs on
>
>

.. and finally as Dijixie mentioned dont forget to reload Squid.

PS: If you are using Squid-3 on one of the latest Linux with systemd
that may need to be a full stop/start cycle to make sure it works due to
problems systemd has with services like Squid-3.

Amos

_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Change are not taking

Amos Jeffries
Administrator
Sorry I missed one part...


On 20/05/17 23:22, Amos Jeffries wrote:

> On 20/05/17 05:13, Patrick Flaherty wrote:
>>
>> Hi,
>>
>> I am making changes to my squid.conf, yet they don’t seem to take. Is
>> there something I’m missing? Any help appreciated
>>
>
> From the changes below it looks like you are attempting to configure a
> reverse-proxy. Relevant changes below:
>
>> # Squid Proxy Configuration
>>
>> # Network(s) where proxy traffic is originating
>>
>> # acl localnet src 10.0.0.0/8          # RFC1918 possible internal
>> network
>>
>> # acl localnet src 172.16.0.0/12   # RFC1918 possible internal network
>>
>> # acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
>>
>> acl localnet src all
>>
>
> Remove the above change.
>
>> # acl and http_access ("rmsc.txt")
>>
>> acl whitelist dstdomain "c:/squid/etc/squid/rmsc.txt"
>>
>> http_access        allow     whitelist
>>
> Move this section down to the place marked below.
>
>> acl http      proto      http
>>
>> acl https     proto      https
>>
>> acl SSL_ports port 443
>>
>> acl Safe_ports port 80                    # http
>>
>> acl Safe_ports port 443                  # https
>>
>> acl CONNECT method CONNECT
>>
>> # rules allowing proxy access
>>
>> http_access allow http  Safe_ports whitelist localnet
>>
>> http_access allow https SSL_ports whitelist localnet
>>
>
> Remove the above http_access lines.
>
>> # Deny requests to certain unsafe ports
>>
>> http_access deny !Safe_ports
>>
>> # Deny CONNECT to other than secure SSL ports
>>
>> http_access deny CONNECT !SSL_ports
>>
>
> This is where the whiltelist lines should be placed.

Also, add cache_peer and cache_peer_access entries for each of your servers.

>
>> # Lastly deny all other access to this proxy
>>
>> http_access deny all
>>
>> # Listens to port 3128
>>
>> http_port 3128
>>
>
> Add this line:
>  http_port 80 accel
>
>> # DNS servers (Change dns_nameservers to client dns servers for
>> consistency and better performance)
>>
>> dns_nameservers 8.8.8.8 8.8.4.4
>>
>
> NP: Google DNS server farm design causes DNS results to churn on every
> single request. This breaks HTTP/1.x connection persistence, pipeline
> and multiplexing performance features. If you want these performance
> enhancing features to work properly you should run your own local DNS
> resolver and have Squid and the LAN use that.
>
>> # Roll log file daily and keep 30 days
>>
>> logfile_rotate 30
>>
>> # Access log format
>>
>> logformat squid %tl %6tr %>a %Ss/%03>Hs %<st %rm %ru %un %Sh/%<A %mt
>>
>>
>
> Do not re-define the "squid" default logformat the result will not be
> what you want.
> If you need something that is not provided by one of the default
> formats use a format name of your own choosing name.
>
>> # Debug (Only used by Rave Service Personnel)
>>
>> # debug_options             ALL,2
>>
>> # Use IPv4 based DNS first
>>
>> dns_v4_first on
>>
>> # Log definitions
>>
>> access_log stdio:c:/Squid/var/log/squid/access.log
>>
>> cache_store_log stdio:c:/Squid/var/log/squid/store.log
>>
>> buffered_logs on
>>
>>
>
> .. and finally as Dijixie mentioned dont forget to reload Squid.
>
> PS: If you are using Squid-3 on one of the latest Linux with systemd
> that may need to be a full stop/start cycle to make sure it works due
> to problems systemd has with services like Squid-3.
>
> Amos
>
> _______________________________________________
> squid-users mailing list
> [hidden email]
> http://lists.squid-cache.org/listinfo/squid-users

_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users