Re: [squid-users] Why is squid caching local intranet domains??

From: Eliezer Croitoru <eliezer_at_ngtech.co.il>
Date: Wed, 06 Jun 2012 18:51:02 +0300

you might have an accept rule before the redirect in iptalbes.

Eliezer
On 06/06/2012 18:17, bnichols wrote:
> One thing that ive noticed is that on machines being forwarded to my
> squidbox via my router, all other sites show up in the access.log and
> everything functions fine, however, when I try to access the webserver
> residing on the squid box there are no logs at all generated for those
> requests. I would expect to see DIRECT there.
>
> Equally of note, when I manually enter the proxy config into the
> browsers, I get access.log entries for the domain, along with cache
> hits of course.
>
> Just find it interesting that there is no log generation when the
> webserver is accessed from a machine on the lan being forwarded by my
> router.
>
>
> On Wed, 06 Jun 2012 18:05:49 +0300
> Eliezer Croitoru<eliezer_at_ngtech.co.il> wrote:
>
>> there was a bug on some old version of squid.
>> you better use the newest version.
>>
>> ELiezer
>> On 06/06/2012 18:01, mrnicholsb wrote:
>>> Im scratching my head here, Ive got an issue thats driving me
>>> bonkers...
>>>
>>> 1338994323.846 0 10.10.1.105 TCP_IMS_HIT/304 278 GET
>>> http://deviant.evil/ - NONE/- text/html
>>>
>>> Clearly this local site is being cached, what is frustrating is
>>> that I have the following meta tag on the page
>>>
>>> <meta http-equiv="Cache-control" content="no-cache">
>>>
>>> Yet squid is apparently ignoring that directive completely.
>>>
>>> Ok, no problem, so we set our conf up to always go direct for
>>> localnet acl right? No dice, still caching,
>>>
>>> Could one of you be so kind as to take a look at my conf and tell
>>> me why?
>>>
>>>
>>> ##############################################################
>>>
>>> #transparent because ddwrt is forwarding traffic to it
>>> http_port 3128 transparent
>>> #parent disabled due to location outside scope of firewall rules
>>> #cache_peer 192.168.1.205 parent 3128 3129 default
>>> # no-query no-digest
>>> never_direct deny all
>>>
>>> refresh_pattern ^ftp: 1440 20% 10080
>>> refresh_pattern ^gopher: 1440 0% 1440
>>> refresh_pattern (/cgi-bin/|\?) 0 0% 0
>>> refresh_pattern . 0 20% 4320
>>>
>>> dns_nameservers 10.10.1.1
>>> hosts_file /etc/hosts
>>> cache_swap_low 95
>>> cache_swap_high 98
>>> access_log /var/log/squid3/access.log
>>> cache_mem 320 MB
>>> memory_pools on
>>> maximum_object_size_in_memory 512 KB
>>> maximum_object_size 400 MB
>>> log_icp_queries off
>>> half_closed_clients on
>>> cache_mgr mrnicholsb_at_gmail.com
>>> cache_dir ufs /mnt/secondary/var/spool/squid3 30000 32 256
>>> visible_hostname deviant.evil
>>> shutdown_lifetime 1 second
>>>
>>> #icap_enable on
>>> #icap_send_client_ip on
>>> #icap_send_client_username on
>>> #icap_client_username_encode off
>>> #icap_client_username_header X-Authenticated-User
>>> #icap_preview_enable on
>>> #icap_preview_size 1024
>>> #icap_service service_req reqmod_precache bypass=1
>>> icap://127.0.0.1:1344/squidclamav
>>> #adaptation_access service_req allow all
>>> #icap_service service_resp respmod_precache bypass=1
>>> icap://127.0.0.1:1344/squidclamav
>>> #adaptation_access service_resp allow all
>>>
>>> acl manager proto cache_object
>>> acl localhost src 127.0.0.1/32
>>> acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
>>> acl localnet src 10.10.1.0/24
>>> acl blacklist dstdomain "/mnt/secondary/squid3/squid-block.acl"
>>>
>>> acl SSL_ports port 443
>>> acl Safe_ports port 80
>>> acl Safe_ports port 21 # http
>>> acl Safe_ports port 443 # ftp
>>> acl Safe_ports port 70 # https
>>> acl Safe_ports port 210 # gopher
>>> acl Safe_ports port 1025-65535 # wais
>>> acl Safe_ports port 280 # unregistered ports
>>> acl Safe_ports port 488 # http-mgmt
>>> acl Safe_ports port 591 # gss-http
>>> acl Safe_ports port 777 # filemaker
>>> acl CONNECT method CONNECT # multiling http
>>>
>>> always_direct allow localnet
>>>
>>> #icp_access allow localnet
>>> #icp_access deny all
>>>
>>> http_access deny blacklist
>>> http_access allow manager localhost
>>> http_access deny manager
>>> http_access deny !Safe_ports
>>> http_access deny CONNECT !SSL_ports
>>> http_access allow localhost
>>> http_access allow localnet
>>> http_access deny all
>>>
>>>
>>> #Thanks heaps in advance. Squid 3.1.6-1.2 Debian Squeeze
>>>
>>>
>>
>>
>

-- 
Eliezer Croitoru
https://www1.ngtech.co.il
IT consulting for Nonprofit organizations
eliezer <at> ngtech.co.il
Received on Wed Jun 06 2012 - 15:51:29 MDT

This archive was generated by hypermail 2.2.0 : Wed Jun 06 2012 - 12:00:03 MDT