This is version 3.1.16.5 yes i tryed to contact qnap but no answare
> On 31.3.2014, at 23:02, Amos Jeffries <[email protected]> wrote: > >> On 2014-04-01 10:07, Elvar Sævarsson wrote: >> ? Please >>> Can any one help me get this working? >>> I have tryed everything. >>> I am trying to use squid on qnap to cache all files or at least >>> Facebook pictures and videos , webpages pictures( that works) videos and >>> ads. >>> Dowloads ( all dowloads iphone apps google play apps .exe .pdf or just all) > > What version of Squid is this? > Have you tried getting help from QNAP? > > FYI: current release of Squid cache all that content by default quite well. > > >>> This is my config file: >>> # The user name and group name Squid will operate as >>> cache_effective_user httpdusr >>> cache_effective_group everyone > > ?? Strange. But not related to the problem. > > FYI: We recommend leaving the group directive undefined and adding the > effective user account as a member of the group at the OS level. > > >>> # >>> # Recommended minimum configuration: >>> # >>> # Auth Method >>> #auth_param basic program >>> /share/MD0_DATA/.qpkg/Squid/opt/libexec/squid/ncsa_auth /etc/shadow >>> #auth_param basic children 5 >>> #auth_param basic realm Squid proxy-caching web server >>> #auth_param basic credentialsttl 2 hours >>> acl manager proto cache_object >>> acl localhost src 127.0.0.1/32 ::1 >>> acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1 >>> # Example rule allowing access from your local networks. >>> # Adapt to list your (internal) IP networks from where browsing >>> # should be allowed >>> acl localnet src 10.0.0.0/8 # RFC1918 possible internal network >>> acl localnet src 172.16.0.0/12 # RFC1918 possible internal network >>> acl localnet src 192.168.0.0/16 # RFC1918 possible internal network >>> acl localnet src fc00::/7 # RFC 4193 local private network range >>> acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines >>> acl SSL_ports port 443 >>> acl Safe_ports port 80 # http >>> acl Safe_ports port 21 # ftp >>> acl Safe_ports port 443 # https >>> acl Safe_ports port 70 # gopher >>> acl Safe_ports port 210 # wais >>> acl Safe_ports port 1025-65535 # unregistered ports >>> acl Safe_ports port 280 # http-mgmt >>> acl Safe_ports port 488 # gss-http >>> acl Safe_ports port 591 # filemaker >>> acl Safe_ports port 777 # multiling http >>> acl CONNECT method CONNECT >>> #acl ncsa_users proxy_auth REQUIRED >>> # >>> # Recommended minimum Access Permission configuration: >>> # >>> # Only allow cachemgr access from localhost >>> http_access allow manager localhost >>> http_access deny manager >>> # Deny requests to certain unsafe ports >>> http_access deny !Safe_ports >>> # Deny CONNECT to other than secure SSL ports >>> http_access deny CONNECT !SSL_ports >>> # We strongly recommend the following be uncommented to protect innocent >>> # web applications running on the proxy server who think the only >>> # one who can access services on "localhost" is a local user >>> #http_access deny to_localhost >>> # >>> # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS >>> # >>> # Example rule allowing access from your local networks. >>> # Adapt localnet in the ACL section to list your (internal) IP networks >>> # from where browsing should be allowed >>> http_access allow localnet >>> #http_access allow ncsa_users >>> # And finally deny all other access to this proxy >>> http_access deny all >>> # Squid normally listens to port 3128 >>> http_port 3128 >>> # We recommend you to use at least the following line. >>> hierarchy_stoplist cgi-bin ? >>> # Uncomment and adjust the following to add a disk cache directory. >>> cache_dir ufs /share/MD0_DATA/.qpkg/Squid/opt/var/squid/cache 40000 16 256 >>> cache_mem 125 MB >>> # Leave coredumps in the first cache dir >>> coredump_dir /share/MD0_DATA/.qpkg/Squid/opt/var/squid/ >>> access_log /share/MD0_DATA/.qpkg/Squid/opt/var/squid/logs/access.log squid >>> cache_log /share/MD0_DATA/.qpkg/Squid/opt/var/squid/logs/cache.log >>> cache_store_log /share/MD0_DATA/.qpkg/Squid/opt/var/squid/logs/store.log >>> # Add logfile rotated mechanism >>> logfile_rotate 7 >>> debug_options rotate=1 >>> # >>> mime_table /share/MD0_DATA/.qpkg/Squid/opt/etc/squid/mime.conf >>> pid_filename /share/MD0_DATA/.qpkg/Squid/opt/var/squid/run/squid.pid >>> diskd_program /share/MD0_DATA/.qpkg/Squid/opt/libexec/squid/diskd >>> unlinkd_program /share/MD0_DATA/.qpkg/Squid/opt/libexec/squid/unlinkd >>> icon_directory /share/MD0_DATA/.qpkg/Squid/opt/share/squid/icons >>> err_page_stylesheet /share/MD0_DATA/.qpkg/Squid/opt/etc/squid/errorpage.css >>> error_default_language en-us >>> error_directory /share/MD0_DATA/.qpkg/Squid/opt/share/squid/errors/en-us >>> # Add any of your own refresh_pattern entries above these. >>> refresh_pattern (get_video|videoplayback\?|videodownload|\.flv|\.webm) 0 0% >>> 0 > > NP: this will prevent caching whenever ".flv" exists in the URL. Which will > prevent several of the .flv patterns below being useful. > >>> refresh_pattern imeem.*\.flv 0 0% 0 override-lastmod override-expire > > ... like this one will never be used. > >>> refresh_pattern ^ftp: 40320 20% 40320 override-expire reload-into-ims >>> store-stale >>> refresh_pattern ^gopher: 1440 0% 1440 >>> # facebook >>> refresh_pattern ((facebook.com)|(85.131.151.39)).*\.(png|gif) 5259487 >>> 999999% 5259487 override-expire ignore-reload store-stale >>> refresh_pattern .fbcdn.net.*\.(jpg|gif|png) 5259487 999999% 5259487 >>> ignore-no-cache override-expire ignore-reload store-stale negative-ttl=0 >>> refresh_pattern -i >>> .facebook.com.*.(jpg|gif|png|swf|wav|mp(e?g|a|e|1|2|3|4)|3gp|flv|swf|wmv|zip|rar) >>> 12960 999999% 129600 override-lastmod reload-into-ims ignore-reload >>> ignore-no-cache ignore-auth store-stale > > NP: you already have the pattern facebook.com.*\.(png|gif) with different > parameters. > > NP: you also already have a pattern for .flv. There are other examples like > this one and the below. > >>> refresh_pattern -i >>> .fbcdn.net.*.(jpg|gif|png|swf|wav|mp(e?g|a|e|1|2|3|4)|3gp|flv|swf|wmv|zip|rar) >>> 12960 999999% 129690 ignore-no-cache ignore-no-store reload-into-ims >>> override-expire ignore-must-revalidate store-stale > > NP: you already have the pattern .fbcdn.net.*\.(jpg|gif|png) with different > parameters. > > >>> refresh_pattern -i >>> .zynga.com.*.(jpg|gif|png|swf|wav|mp(e?g|a|e|1|2|3|4)|3gp|flv|swf|wmv) 12960 >>> 999999% 129609 ignore-no-cache ignore-no-store reload-into-ims >>> override-expire ignore-must-revalidate store-stale >>> refresh_pattern -i >>> .crowdstar.com.*.(jpg|gif|png|swf|wav|mp(e?g|a|e|1|2|3|4)|3gp|flv|swf|wmv) >>> 12960 999999% 129609 ignore-no-cache ignore-no-store reload-into-ims >>> override-expire ignore-must-revalidate store-stale >>> refresh_pattern ^http://static.ak.fbcdn.net*.(jpg|gif...gp|flv|swf|wmv) >>> 129600 999999% 129600 ignore-no-cache ignore-no-store reload-into-ims >>> override-expire ignore-must-revalidate store-stale >>> refresh_pattern >>> ^http://videoxl.l[0-9].facebook.com/(.*)(3gp|flv|swf|wmv|mp(e?g|a|e|1|2|3|4)) >>> 129600 999999% 129600 ignore-no-cache ignore-no-store reload-into-ims >>> override-expire ignore-must-revalidate store-stale >>> refresh_pattern ^http://*.channel.facebook.com/(.*)(j...?g|a|e|1|2|3|4)) >>> 129600 999999% 129600 ignore-no-cache ignore-no-store reload-into-ims >>> override-expire ignore-must-revalidate store-stale negative-ttl=0 >>> refresh_pattern ^http://video.ak.facebook.com*.(3gp|f...?g|a|e|1|2|3|4)) >>> 129600 999999% 129600 ignore-no-cache ignore-no-store reload-into-ims >>> override-expire ignore-must-revalidate store-stale >>> refresh_pattern >>> ^http://photos-[a-z].ak.fbcdn.net/(.*)(css|swf|jpg|gif|png|mp(e?g|a|e|1|2|3|4)) >>> 129600 999999% 129600 ignore-no-cache ignore-no-store reload-into-ims >>> override-expire ignore-must-revalidate store-stale >>> refresh_pattern ^http://profile.ak.fbcdn.net*.(jpg|gif|png) 129600 999999% >>> 129600 ignore-no-cache ignore-no-store reload-into-ims override-expire >>> ignore-must-revalidate store-stale >>> refresh_pattern ^http://platform.ak.fbcdn.net/.* 720 100% 4320 >>> ignore-no-cache ignore-no-store reload-into-ims override-expire >>> ignore-must-revalidate store-stale > > Regex patterns start and end with an implicit ".*" sequence unless anchored > with ^ and $. The trailing .* is useless here. > > Also, facebook in recent times have become very cache friendly (apart from > the HTTPS usage). It will mostly likely start to cache better when you remove > these HTTP protocol violation options that are causing your Squid to ignore > caching parameters. > > >>> refresh_pattern ^http://creative.ak.fbcdn.net/.* 720 100% 4320 >>> ignore-no-cache ignore-no-store reload-into-ims override-expire >>> ignore-must-revalidate store-stale > > Multiple lines differing only in domain name prefix can be collapsed down to > one refresh_pattern to shorten the config and make it clearer what you are > doing. > > >>> refresh_pattern ^http://apps.facebook.com/.* 1200 100% 4320 ignore-no-cache >>> ignore-no-store reload-into-ims override-expire ignore-must-revalidate >>> store-stale >>> refresh_pattern ^http://static.ak.fbcdn.net*.(js|css|jpg|gif|png) 129600 >>> 999999% 129600 ignore-no-cache ignore-no-store reload-into-ims >>> override-expire ignore-must-revalidate store-stale >>> refresh_pattern ^http://statics.poker.static.zynga.co...?g|a|e|1|2|3|4)) >>> 129600 999999% 129600 ignore-no-cache ignore-no-store reload-into-ims >>> override-expire ignore-must-revalidate store-stale >>> refresh_pattern ^http://statics.poker.static.zynga.com/.* 720 100% 4320 >>> ignore-no-cache ignore-no-store reload-into-ims override-expire >>> ignore-must-revalidate store-stale >>> refresh_pattern ^http://*.zynga.com*.(swf|jpg|gif|png...?g|a|e|1|2|3|4)) >>> 129600 999999% 129600 ignore-no-cache ignore-no-store reload-into-ims >>> override-expire ignore-must-revalidate store-stale >>> refresh_pattern >>> ^.*(streamate.doublepimp.com.*\.js\?|utm\.gif|ads\?|rmxads\.com|ad\.z5x\.net|bh\.contextweb\.com|bst >>> ats\.adbrite\.com|a1\.interclick\.com|ad\.trafficmp\.com|ads\.cubics\.com|ad\.xtendmedia\.com|\.goog >>> lesyndication\.com|advertising\.com|yieldmanager|game-advertising\.com|pixel\.quantserve\.com|adperium\.com|doubleclick\.net|adserving\.cpxinteractive\.co >>> m|syndication\.com|media.fastclick.net).* 5259487 70% 5259487 >>> ignore-no-cache ignore-no-store ignore-private override-expire ignore-reload >>> ignore-auth ignore-must-revalidate store-stale negative-ttl=40320 >>> max-stale=1440 >>> refresh_pattern ^http://v\.okezone\.com/get_video\/([a-zA-Z0-9]) 129600 100% >>> 129600 ignore-no-cache ignore-no-store reload-into-ims override-expire >>> ignore-must-revalidate store-stale >>> #antivirus >>> refresh_pattern avast.com.*\.vpx 40320 50% 161280 store-stale >>> reload-into-ims >>> refresh_pattern (avgate|avira).*\.(idx|gz)$ 21900 90% 21900 ignore-reload >>> ignore-no-cache ignore-no-store store-stale ignore-must-revalidate >>> reload-into-ims >>> refresh_pattern kaspersky.*\.avc$ 5259487 999999% 5259487 ignore-reload >>> store-stale >>> refresh_pattern kaspersky 31900 80% 161280 ignore-no-cache store-stale >>> refresh_pattern mbamupdates.com.*\.ref 1440 50% 161280 reload-into-ims >>> store-stale >>> #situs lainnya >>> refresh_pattern \.rapidshare.*\/[0-9]*\/.*\/[^\/]* 161280 90% 161280 >>> ignore-reload store-stale >>> refresh_pattern (get_video\?|videoplayback\?|videodownload\?|\.flv?|webm) >>> 5259487 99999999% 5259487 override-expire ignore-reload store-stale >>> ignore-private negative-ttl=0 > > NP: this pattern is nearly a duplicate of the one at the top of the list, but > with different parameters. All it does is apply these parameters to URL with: > * the string "webm" but not with a '.' preceeding (eg ".webm"), > * the string ".fl" but not with a 'v' on the end (eg ".flv"), > > >>> refresh_pattern \.(ico|video-stats) 5259487 999999% 5259487 override-expire >>> ignore-reload ignore-no-cache ignore-no-store ignore-private ignore-auth >>> override-lastmod ignore-must-revalidate negative-ttl=10080 store-stale > > * ignore-auth does not do what you think. It *prevents* Squid from caching > any authenticated responses. HTTP/1.1 permits caching authenticated responses > provided strict revalidation is performed. > > * override-lastmod pretty much makes Squid drop the caching heuristics > depending on Last-Modified header. Again *reducing* caching for objects which > depend on it. > >>> refresh_pattern \.etology\? 5259487 999999% 5259487 override-expire >>> ignore-reload ignore-no-cache store-stale >>> refresh_pattern galleries\.video(\?|sz) 5259487 999999% 5259487 >>> override-expire ignore-reload ignore-no-cache store-stale >>> refresh_pattern brazzers\? 5259487 999999% 5259487 override-expire >>> ignore-reload ignore-no-cache store-stale >>> refresh_pattern \.adtology\? 5259487 999999% 5259487 override-expire >>> ignore-reload ignore-no-cache store-stale >>> refresh_pattern ^.*safebrowsing.*google 5259487 999999% 5259487 >>> override-expire ignore-reload ignore-no-cache ignore-no-store ignore-private >>> ignore-auth ignore-must-revalidate negative-ttl=10080 store-stale >>> refresh_pattern ^http://((cbk|mt|khm|mlt)[0-9]?)\.google\.co(m|\.id) 5259487 >>> 999999% 5259487 override-expire ignore-reload store-stale ignore-private >>> negative-ttl=10080 >>> refresh_pattern ytimg\.com.*\.(jpg|png) 5259487 999999% 5259487 >>> override-expire ignore-reload store-stale >>> refresh_pattern images\.friendster\.com.*\.(png|gif) 5259487 999999% 5259487 >>> override-expire ignore-reload store-stale >>> refresh_pattern garena\.com 5259487 999999% 5259487 override-expire >>> reload-into-ims store-stale >>> refresh_pattern photobucket.*\.(jp(e?g|e|2)|tiff?|bmp|gif|png) 5259487 >>> 999999% 5259487 override-expire ignore-reload store-stale >>> refresh_pattern vid\.akm\.dailymotion\.com.*\.on2\? 5259487 999999% 5259487 >>> ignore-no-cache override-expire override-lastmod store-stale >>> refresh_pattern ^http:\/\/images|openx|pics|thumbs[0-9]\. 5259487 999999% >>> 5259487 ignore-no-cache ignore-no-store ignore-reload override-expire >>> store-stale >>> refresh_pattern ^http:\/\/www.onemanga.com.*\/ 5259487 999999% 5259487 >>> reload-into-ims override-expire store-stale >>> refresh_pattern mediafire.com\/images.*\.(jp(e?g|e|2)|tiff?|bmp|gif|png) >>> 5259487 999999% 5259487 reload-into-ims override-expire ignore-private >>> store-stale > > NP: you do not have to escape '/' characters in patterns. > > >>> refresh_pattern speedtest.*\.(jp(e?g|e|2)|tiff?|bmp|gif|png|swf|txt|js) >>> 43800 90% 43800 store-stale negative-ttl=0 >>> refresh_pattern \.(jp(e?g|e|2)|tiff?|bmp|gif|png) 5259487 999999% 5259487 >>> ignore-no-cache ignore-no-store reload-into-ims override-expire >>> ignore-must-revalidate store-stale >>> refresh_pattern \.(z(ip|[0-9]{2})|r(ar|[0-9]{2})|jar|bz2|gz|tar|rpm|vpu) >>> 5259487 100% 5259487 override-expire reload-into-ims >>> refresh_pattern \.(mp3|wav|og(g|a)|flac|midi?|rm|aac|wma|mka|ape) 5259487 >>> 100% 5259487 override-expire reload-into-ims ignore-reload >>> refresh_pattern \.(exe|msi|dmg|bin|xpi|iso|swf|mar|psf|cab) 5259487 999999%% >>> 5259487 override-expire reload-into-ims ignore-no-cache >>> ignore-must-revalidate >>> refresh_pattern >>> \.(mpeg|ra?m|avi|mp(g|e|4)|mov|divx|asf|wmv|m\dv|rv|vob|asx|ogm|flv|3gp|on2|webm) >>> 5259487 100% 5259487 override-expire reload-into-ims >>> refresh_pattern -i (cgi-bin) 0 0% 0 > > This is incorrect. The pattern tuned for safety is: > refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 > >>> refresh_pattern \.(php|jsp|cgi|asx)\? 1900 30% 1800 >>> refresh_pattern -i (pull) 21400 70% 21400 reload-into-ims ignore-no-cache >>> ignore-must-revalidate store-stale negative-ttl=10080 > > ( and ) around a pattern like this are useless. > >>> refresh_pattern . 0 50% 161280 store-stale > > All refresh_pattern lines following one with the '.' pattern will have no > effect at all. These directives are order-dependent, only the first matching > pattern is applied and '.' matches everything that reaches it. > > Also, a lot of these google and facebook patterns will never match because of > HTTPS traffic. Unless you are decrypting the HTTPS traffic the path?query > portion of URLs is unavailable, and if you are then the URL will contain > either "https://"; and/or port ":443" parts which are not handled in most of > the above patterns. > > HTH > Amos
