Re: [squid-users] squid cache problem

Wed, 15 Apr 2009 11:15:46 -0700 

Luciano Sousa wrote:

hello.

i'm having a problem with idiot.
at least once every two days I have to clear the cache of my squid,
because it begins to deny all access, probably because it is full ...
Your cache.log (/usr/local/squid/logs/cache.log) might give more information on what's going on. 


my squid.conf

http_port 3128
icp_port 3128
hierarchy_stoplist cgi-bin ?
cache_mem 500 MB
cache_swap_low 90
cache_swap_high 95
maximum_object_size 4096 KB
ipcache_size 1024
ipcache_low 90
ipcache_high 95
cache_dir ufs /usr/local/squid/cache 1500 32 256
cache_access_log /usr/local/squid/logs/access.log
pid_filename /usr/local/squid/logs/squid.pid
acl manager proto cache_object
cache_log /usr/local/squid/logs/cache.log
cache_store_log /usr/local/squid/logs/store.log

logformat logluciano IP do cliente: %>a - Username: %un - Horario:
[%tl] - Metodo: %rm - URL: %ru - Status HTTP: %Hs - Status Squid: %Ss
- Porta: %>p
cache_access_log /usr/local/squid/logs/logteste.log logluciano

auth_param ntlm program /usr/bin/ntlm_auth domain/pdc
--helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 5
auth_param basic children 5
auth_param basic realm Digite o LOGIN/SENHA
auth_param basic credentialsttl 1 minute
auth_param basic casesensitive off

external_acl_type nt_group %LOGIN /usr/local/squid/etc/wbinfo_group.pl
acl AllowedWindowsGroups external nt_group testnet
http_access allow AllowedWindowsGroups

acl localhost src 127.0.0.1/255.255.255.255
acl redelocal src 192.168.1.0/24
acl SSL_ports port 443 563
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443 563     # https, snews
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl Safe_ports port 6959        #mirc
acl Safe_ports port 900         #mirc
acl Safe_ports port 23          #smtp
acl Safe_ports port 143         #imap

acl CONNECT method CONNECT
acl acesso proxy_auth REQUIRED

http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow acesso
http_access allow redelocal
For what it's worth, you are allowing unauthenticated requests from your local network. Authentication is requested, the client is allowed if authentication is provided (but not denied if it's not). The next step checks the client's source IP and allows based on that (with an implicit deny following). Perhaps that's to plan, but I thought it might be worth a mention. 


icp_access allow all
debug_options ALL,1 33,2


thank's.


Chris

Reply via email to