Discussion:
[squid-users] Squid proxy not working when upgrade from 27 to 3.5
Angus J.
2018-10-23 03:28:01 UTC
Permalink
Squid proxy not working when upgrade from 27 to 3.5

Squid proxy not working when upgrade to 3.5 and it will not caching anything

----------------------------------------------------------------------------

#Default:
# windows_ipaddrchangemonitor on

visible_hostname oul163.hkbb.edu.hk
http_port 3128 accel vhost defaultsite=oul163.hkbb.edu.hk
https_port 80 accel cert=/etc/squid/certs/ouhk.crt
key=/etc/squid/certs/ouhk.key defaultsite=oul163.hkbb.edu.hk vhost
protocol=https options=NO_SSLv3:NO_SSLv2
https_port 8000 accel cert=/etc/squid/certs/ouhk.crt
key=/etc/squid/certs/ouhk.key defaultsite=oul163.hkbb.edu.hk vhost
protocol=https options=NO_SSLv3:NO_SSLv2
#https_port 8004 accel cert=/etc/squid/certs/ouhk.crt
key=/etc/squid/certs/ouhk.key defaultsite=oul163.hkbb.edu.hk vhost
protocol=https options=NO_SSLv3:NO_SSLv2
https_port 8004 accel cert=/etc/squid/certs/ouhk2.crt
key=/etc/squid/certs/ouhk2.key defaultsite=oul163.hkbb.edu.hk vhost
protocol=https options=NO_SSLv3:NO_SSLv2
#https_port 8005 accel cert=/etc/squid/certs/ouhk.crt
key=/etc/squid/certs/ouhk.key defaultsite=oul163.hkbb.edu.hk vhost
protocol=https options=NO_SSLv3:NO_SSLv2
https_port 8005 accel cert=/etc/squid/certs/ouhk3.crt
key=/etc/squid/certs/ouhk3.key defaultsite=oul163.hkbb.edu.hk vhost
protocol=https options=NO_SSLv3:NO_SSLv2
#ssl_bump allow all
# Disable the following one
#ssl_bump options=NO_SSLv3
#always_direct allow all
# Disable the following one
#sslproxy_cert_error allow all
sslproxy_options NO_SSLv3:NO_SSLv2
access_log /var/log/squid/access.log squid
cache_effective_user squid
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log

# the proxy-only indicates that caching will not be performed.
cache_peer 192.168.31.113 parent 8001 0 proxy-only name=prdhrms
cache_peer_domain prdhrms prdhrms.hkbb.edu.hk
cache_peer 192.168.31.134 parent 8005 0 ssl sslflags=DONT_VERIFY_PEER
proxy-only name=uathrms ssloptions=NO_SSLv3:NO_SSLv2
#cache_peer 192.168.31.134 parent 8005 0 ssl sslflags=DONT_VERIFY_DOMAIN
proxy-only name=uathrms ssloptions=NO_SSLv3:NO_SSLv2
cache_peer_domain uathrms uathrms.hkbb.edu.hk
cache_peer 192.168.31.134 parent 8004 0 ssl sslflags=DONT_VERIFY_PEER
proxy-only name=sithrms ssloptions=NO_SSLv3:NO_SSLv2
cache_peer_domain sithrms sithrms.hkbb.edu.hk
cache_peer 192.168.31.134 parent 8000 0 ssl sslflags=DONT_VERIFY_PEER
proxy-only name=devhrms ssloptions=NO_SSLv3:NO_SSLv2
#cache_peer 192.168.31.134 parent 8000 0 proxy-only originserver
name=devhrms ssll sslcafile=/certs/star_ouhk_edu_hk.crt
cache_peer_domain devhrms devhrms.hkbb.edu.hk

# Create an additional ACL for local network access
acl localip src 192.168.31.0/24

# access control list
acl hrmsacl dstdomain .hkbb.edu.hk
http_access allow hrmsacl
#acl hrmsacl2 dstdomain devhrms.hkbb.edu.hk
#cache_peer_access devhrms allow hrmsacl2
cache_peer_access prdhrms allow hrmsacl
cache_peer_access uathrms allow hrmsacl
cache_peer_access sithrms allow hrmsacl
cache_peer_access devhrms allow hrmsacl
#cache_peer_access secure allow SSL_ports

# Additional ACL definitions
acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
acl purge method PURGE
acl CONNECT method CONNECT

# Restrictions
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny all

# Disable caching
cache deny all

logfile_rotate 10

oul163:/etc/squid # vi squid.conf
cache_peer 192.168.31.113 parent 8001 0 proxy-only name=prdhrms
cache_peer_domain prdhrms prdhrms.hkbb.edu.hk
cache_peer 192.168.31.134 parent 8005 0 ssl sslflags=DONT_VERIFY_PEER
proxy-only name=uathrms ssloptions=NO_SSLv3:NO_SSLv2
#cache_peer 192.168.31.134 parent 8005 0 ssl sslflags=DONT_VERIFY_DOMAIN
proxy-only name=uathrms ssloptions=NO_SSLv3:NO_SSLv2
cache_peer_domain uathrms uathrms.hkbb.edu.hk
cache_peer 192.168.31.134 parent 8004 0 ssl sslflags=DONT_VERIFY_PEER
proxy-only name=sithrms ssloptions=NO_SSLv3:NO_SSLv2
cache_peer_domain sithrms sithrms.hkbb.edu.hk
cache_peer 192.168.31.134 parent 8000 0 ssl sslflags=DONT_VERIFY_PEER
proxy-only name=devhrms ssloptions=NO_SSLv3:NO_SSLv2
#cache_peer 192.168.31.134 parent 8000 0 proxy-only originserver
name=devhrms ssll sslcafile=/certs/star_ouhk_edu_hk.crt
cache_peer_domain devhrms devhrms.hkbb.edu.hk

# Create an additional ACL for local network access
acl localip src 192.168.31.0/24

# access control list
acl hrmsacl dstdomain .hkbb.edu.hk
http_access allow hrmsacl
#acl hrmsacl2 dstdomain devhrms.hkbb.edu.hk
#cache_peer_access devhrms allow hrmsacl2
cache_peer_access prdhrms allow hrmsacl
cache_peer_access uathrms allow hrmsacl
cache_peer_access sithrms allow hrmsacl
cache_peer_access devhrms allow hrmsacl
#cache_peer_access secure allow SSL_ports

# Additional ACL definitions
acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
acl purge method PURGE
acl CONNECT method CONNECT

# Restrictions
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny all

# Disable caching
cache deny all

logfile_rotate 10





--
Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html
Amos Jeffries
2018-10-23 07:05:49 UTC
Permalink
Post by Angus J.
Squid proxy not working when upgrade from 27 to 3.5
Please run "squid -k parse" with the new Squid version. It is especially
important when jumping many versions like a 2.x to 3.5 does.

All issues it highlights as FATAL and ERROR must be fixed before you can
expect Squid to run properly. Anything labeled WARNING should also be
looked into and fixed where possible to avoid odd or annoying behaviours.

Have you checked the release notes for all the skipped Squid-3.x versions?
While Squid operates mostly the same there have been some significant
changes to both HTTP and TLS/SSL in the last decade that result in some
very different visible behaviours at times.



If the problem(s) remain after doing the above please explain "not working".

What you do see _exactly_ which makes you think something is going
wrong? we need details of the problem to provide any useful help.
Post by Angus J.
Squid proxy not working when upgrade to 3.5 and it will not caching anything
The lack of caching is easily explained by reading the comments in your
Post by Angus J.
# Disable caching
cache deny all
and
Post by Angus J.
# the proxy-only indicates that caching will not be performed.
cache_peer ... proxy-only ...
You display two config files below. How does this relate to your Squid?
are you running two proxies and how are they related?
Post by Angus J.
----------------------------------------------------------------------------
# windows_ipaddrchangemonitor on
visible_hostname oul163.hkbb.edu.hk
http_port 3128 accel vhost defaultsite=oul163.hkbb.edu.hk
https_port 80 accel cert=/etc/squid/certs/ouhk.crt
key=/etc/squid/certs/ouhk.key defaultsite=oul163.hkbb.edu.hk vhost
protocol=https options=NO_SSLv3:NO_SSLv2
Port 80 is a reserved port for HTTP traffic. Not for HTTPS traffic.
Post by Angus J.
https_port 8000 accel cert=/etc/squid/certs/ouhk.crt
key=/etc/squid/certs/ouhk.key defaultsite=oul163.hkbb.edu.hk vhost
protocol=https options=NO_SSLv3:NO_SSLv2
#https_port 8004 accel cert=/etc/squid/certs/ouhk.crt
key=/etc/squid/certs/ouhk.key defaultsite=oul163.hkbb.edu.hk vhost
protocol=https options=NO_SSLv3:NO_SSLv2
https_port 8004 accel cert=/etc/squid/certs/ouhk2.crt
key=/etc/squid/certs/ouhk2.key defaultsite=oul163.hkbb.edu.hk vhost
protocol=https options=NO_SSLv3:NO_SSLv2
#https_port 8005 accel cert=/etc/squid/certs/ouhk.crt
key=/etc/squid/certs/ouhk.key defaultsite=oul163.hkbb.edu.hk vhost
protocol=https options=NO_SSLv3:NO_SSLv2
https_port 8005 accel cert=/etc/squid/certs/ouhk3.crt
key=/etc/squid/certs/ouhk3.key defaultsite=oul163.hkbb.edu.hk vhost
protocol=https options=NO_SSLv3:NO_SSLv2
FYI: Squid does understands line wrapping in the config. For very long
lines you can end a line with slash '\' and start the next with
whitespace to make it easier to read.
Post by Angus J.
#ssl_bump allow all
# Disable the following one
#ssl_bump options=NO_SSLv3
#always_direct allow all
# Disable the following one
#sslproxy_cert_error allow all
sslproxy_options NO_SSLv3:NO_SSLv2
access_log /var/log/squid/access.log squid
cache_effective_user squid
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
# the proxy-only indicates that caching will not be performed.
cache_peer 192.168.31.113 parent 8001 0 proxy-only name=prdhrms
cache_peer_domain prdhrms prdhrms.hkbb.edu.hk
cache_peer 192.168.31.134 parent 8005 0 ssl sslflags=DONT_VERIFY_PEER
proxy-only name=uathrms ssloptions=NO_SSLv3:NO_SSLv2
#cache_peer 192.168.31.134 parent 8005 0 ssl sslflags=DONT_VERIFY_DOMAIN
proxy-only name=uathrms ssloptions=NO_SSLv3:NO_SSLv2
cache_peer_domain uathrms uathrms.hkbb.edu.hk
cache_peer 192.168.31.134 parent 8004 0 ssl sslflags=DONT_VERIFY_PEER
proxy-only name=sithrms ssloptions=NO_SSLv3:NO_SSLv2
cache_peer_domain sithrms sithrms.hkbb.edu.hk
cache_peer 192.168.31.134 parent 8000 0 ssl sslflags=DONT_VERIFY_PEER
proxy-only name=devhrms ssloptions=NO_SSLv3:NO_SSLv2
#cache_peer 192.168.31.134 parent 8000 0 proxy-only originserver
name=devhrms ssll sslcafile=/certs/star_ouhk_edu_hk.crt
cache_peer_domain devhrms devhrms.hkbb.edu.hk
NP: cache_peer_domain is deprecated and has been removed from Squid-4
and later. You should replace these with cache_peer_access lines in
Squid-3 to avoid further problems on later upgrades.


Also, you are using reverse-proxy ports (accel vhost) but do not have
originserver set for any of the enabled cache_peer.

This is one of the major changes between HTTP/1.0 (Squid-2.x) and
HTTP/1.1 (Squid-3.x) that the origin servers have different syntax to
proxy traffic. Squid should be told accurately what type of peer it is
communicating with to properly optimize traffic performance and protocol
behaviours for the channel.
Post by Angus J.
# Create an additional ACL for local network access
acl localip src 192.168.31.0/24
Squid-3 and later configs define the above as an ACL called "localnet".
Post by Angus J.
# access control list
acl hrmsacl dstdomain .hkbb.edu.hk
http_access allow hrmsacl
#acl hrmsacl2 dstdomain devhrms.hkbb.edu.hk
#cache_peer_access devhrms allow hrmsacl2
cache_peer_access prdhrms allow hrmsacl
cache_peer_access uathrms allow hrmsacl
cache_peer_access sithrms allow hrmsacl
cache_peer_access devhrms allow hrmsacl
#cache_peer_access secure allow SSL_ports
# Additional ACL definitions
acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
acl purge method PURGE
acl CONNECT method CONNECT
All of the above common ACL definitions are now built-in to Squid and
can be removed from the config file. They were incrementally changed
though, so see the output of squid -k parse for which ones in your
particular release.
Post by Angus J.
# Restrictions
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny all
These can be simplified to:

http_access deny !localhost
http_access allow manager
http_access allow purge
http_access deny all
Post by Angus J.
# Disable caching
cache deny all
logfile_rotate 10
The logfile_rotate default value is 10 unless your Squid has explicitly
been patched to use a different value (eg. as done by Debian/Ubuntu).

In Squid-3 and later there is no need to define anything to its default
value. So the above line can probably be removed.


The below appears to be a different config file, but contains all the
same issues with cache_peer.
Post by Angus J.
oul163:/etc/squid # vi squid.conf
cache_peer 192.168.31.113 parent 8001 0 proxy-only name=prdhrms
cache_peer_domain prdhrms prdhrms.hkbb.edu.hk
cache_peer 192.168.31.134 parent 8005 0 ssl sslflags=DONT_VERIFY_PEER
proxy-only name=uathrms ssloptions=NO_SSLv3:NO_SSLv2
#cache_peer 192.168.31.134 parent 8005 0 ssl sslflags=DONT_VERIFY_DOMAIN
proxy-only name=uathrms ssloptions=NO_SSLv3:NO_SSLv2
cache_peer_domain uathrms uathrms.hkbb.edu.hk
cache_peer 192.168.31.134 parent 8004 0 ssl sslflags=DONT_VERIFY_PEER
proxy-only name=sithrms ssloptions=NO_SSLv3:NO_SSLv2
cache_peer_domain sithrms sithrms.hkbb.edu.hk
cache_peer 192.168.31.134 parent 8000 0 ssl sslflags=DONT_VERIFY_PEER
proxy-only name=devhrms ssloptions=NO_SSLv3:NO_SSLv2
#cache_peer 192.168.31.134 parent 8000 0 proxy-only originserver
name=devhrms ssll sslcafile=/certs/star_ouhk_edu_hk.crt
cache_peer_domain devhrms devhrms.hkbb.edu.hk
# Create an additional ACL for local network access
acl localip src 192.168.31.0/24
# access control list
acl hrmsacl dstdomain .hkbb.edu.hk
http_access allow hrmsacl
#acl hrmsacl2 dstdomain devhrms.hkbb.edu.hk
#cache_peer_access devhrms allow hrmsacl2
cache_peer_access prdhrms allow hrmsacl
cache_peer_access uathrms allow hrmsacl
cache_peer_access sithrms allow hrmsacl
cache_peer_access devhrms allow hrmsacl
#cache_peer_access secure allow SSL_ports
# Additional ACL definitions
acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
acl purge method PURGE
acl CONNECT method CONNECT
# Restrictions
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny all
# Disable caching
cache deny all
logfile_rotate 10
Amos
Angus J.
2018-10-23 08:52:08 UTC
Permalink
The result of squid -k parse

oul163:/etc/squid # squid -k parse
2018/10/23 16:51:05| Startup: Initializing Authentication Schemes ...
2018/10/23 16:51:05| Startup: Initialized Authentication Scheme 'basic'
2018/10/23 16:51:05| Startup: Initialized Authentication Scheme 'digest'
2018/10/23 16:51:05| Startup: Initialized Authentication Scheme 'negotiate'
2018/10/23 16:51:05| Startup: Initialized Authentication Scheme 'ntlm'
2018/10/23 16:51:05| Startup: Initialized Authentication.
2018/10/23 16:51:05| Processing Configuration File: /etc/squid/squid.conf
(depth 0)
2018/10/23 16:51:05| Processing: acl localnet src 10.0.0.0/8
2018/10/23 16:51:05| Processing: acl localnet src 172.16.0.0/12
2018/10/23 16:51:05| Processing: acl localnet src 192.168.0.0/16
2018/10/23 16:51:05| Processing: acl localnet src fc00::/7
2018/10/23 16:51:05| Processing: acl localnet src fe80::/10
2018/10/23 16:51:05| Processing: acl localnet src 192.168.31.0/24
2018/10/23 16:51:05| WARNING: (A) '192.168.31.0/24' is a subnetwork of (B)
'192.168.0.0/16'
2018/10/23 16:51:05| WARNING: because of this '192.168.31.0/24' is ignored
to keep splay tree searching predictable
2018/10/23 16:51:05| WARNING: You should probably remove '192.168.31.0/24'
from the ACL named 'localnet'
2018/10/23 16:51:05| Processing: acl SSL_ports port 443 8000 8004 8005
2018/10/23 16:51:05| Processing: acl Safe_ports port 80
2018/10/23 16:51:05| Processing: acl Safe_ports port 21
2018/10/23 16:51:05| Processing: acl Safe_ports port 443
2018/10/23 16:51:05| Processing: acl Safe_ports port 70
2018/10/23 16:51:05| Processing: acl Safe_ports port 210
2018/10/23 16:51:05| Processing: acl Safe_ports port 1025-65535
2018/10/23 16:51:05| Processing: acl Safe_ports port 280
2018/10/23 16:51:05| Processing: acl Safe_ports port 488
2018/10/23 16:51:05| Processing: acl Safe_ports port 591
2018/10/23 16:51:05| Processing: acl Safe_ports port 777
2018/10/23 16:51:05| Processing: acl CONNECT method CONNECT
2018/10/23 16:51:05| Processing: access_log /var/log/squid/access.log
2018/10/23 16:51:05| Processing: http_access allow localnet
2018/10/23 16:51:05| Processing: http_access allow localhost
2018/10/23 16:51:05| Processing: http_port 3128
2018/10/23 16:51:05| Processing: coredump_dir /var/cache/squid
2018/10/23 16:51:05| Processing: refresh_pattern ^ftp: 1440 20 10080
2018/10/23 16:51:05| Processing: refresh_pattern ^gopher: 1440 0 1440
2018/10/23 16:51:05| Processing: refresh_pattern -i (/cgi-bin/|\?) 0 0 0
2018/10/23 16:51:05| Processing: refresh_pattern . 0 20 4320
2018/10/23 16:51:05| Processing: cache_dir ufs /var/cache/squid 100 16 256
2018/10/23 16:51:05| Processing: cache_log /var/log/squid/cache.log
2018/10/23 16:51:05| Processing: cache_mem 8 MB
2018/10/23 16:51:05| Processing: cache_mgr webmaster
2018/10/23 16:51:05| Processing: cache_replacement_policy lru
2018/10/23 16:51:05| Processing: cache_store_log /var/log/squid/store.log
2018/10/23 16:51:05| Processing: cache_swap_high 95
2018/10/23 16:51:05| Processing: cache_swap_low 90
2018/10/23 16:51:05| Processing: client_lifetime 1 days
2018/10/23 16:51:05| Processing: connect_timeout 2 minutes
2018/10/23 16:51:05| Processing: error_directory /usr/share/squid/errors/en
2018/10/23 16:51:05| Processing: ftp_passive on
2018/10/23 16:51:05| Processing: maximum_object_size 4096 KB
2018/10/23 16:51:05| Processing: memory_replacement_policy lru
2018/10/23 16:51:05| Processing: minimum_object_size 0 KB
2018/10/23 16:51:05| Processing: visible_hostname oul299.ouhk.edu.hk
2018/10/23 16:51:05| Processing: http_port 3128 accel vhost
defaultsite=oul163.ouhk.edu.hk
2018/10/23 16:51:05| Processing: https_port 80 accel
cert=/etc/squid/certs/ouhk.crt key=/etc/squid/certs/ouhk.key
defaultsite=oul163.ouhk.edu.hk vhost protocol=https
options=NO_SSLv3:NO_SSLv2
2018/10/23 16:51:05| Processing: https_port 8000 accel
cert=/etc/squid/certs/ouhk.crt key=/etc/squid/certs/ouhk.key
defaultsite=oul163.ouhk.edu.hk vhost protocol=https
options=NO_SSLv3:NO_SSLv2
2018/10/23 16:51:05| Processing: https_port 8004 accel
cert=/etc/squid/certs/ouhk2.crt key=/etc/squid/certs/ouhk2.key
defaultsite=oul163.ouhk.edu.hk vhost protocol=https
options=NO_SSLv3:NO_SSLv2
2018/10/23 16:51:05| Processing: https_port 8005 accel
cert=/etc/squid/certs/ouhk3.crt key=/etc/squid/certs/ouhk3.key
defaultsite=oul163.ouhk.edu.hk vhost protocol=https
options=NO_SSLv3:NO_SSLv2
2018/10/23 16:51:05| Processing: sslproxy_options NO_SSLv3:NO_SSLv2
2018/10/23 16:51:05| Processing: access_log /var/log/squid/access.log squid
2018/10/23 16:51:05| Processing: cache_effective_user squid
2018/10/23 16:51:05| Processing: cache_log /var/log/squid/cache.log
2018/10/23 16:51:05| Processing: cache_store_log /var/log/squid/store.log
2018/10/23 16:51:05| Processing: cache_peer 192.168.31.113 parent 8001 0
proxy-only name=prdhrms
2018/10/23 16:51:05| Processing: cache_peer_domain prdhrms
prdhrms.ouhk.edu.hk
2018/10/23 16:51:05| Processing: cache_peer 192.168.31.134 parent 8005 0 ssl
sslflags=DONT_VERIFY_PEER proxy-only name=uathrms
ssloptions=NO_SSLv3:NO_SSLv2
2018/10/23 16:51:05| Processing: cache_peer_domain uathrms
uathrms.ouhk.edu.hk
2018/10/23 16:51:05| Processing: cache_peer 192.168.31.134 parent 8004 0 ssl
sslflags=DONT_VERIFY_PEER proxy-only name=sithrms
ssloptions=NO_SSLv3:NO_SSLv2
2018/10/23 16:51:05| Processing: cache_peer_domain sithrms
sithrms.ouhk.edu.hk
2018/10/23 16:51:05| Processing: cache_peer 192.168.31.134 parent 8000 0 ssl
sslflags=DONT_VERIFY_PEER proxy-only name=devhrms
ssloptions=NO_SSLv3:NO_SSLv2
2018/10/23 16:51:05| Processing: cache_peer_domain devhrms
devhrms.ouhk.edu.hk
2018/10/23 16:51:05| Processing: acl localip src 192.168.31.0/24
2018/10/23 16:51:05| Processing: acl hrmsacl dstdomain .ouhk.edu.hk
2018/10/23 16:51:05| Processing: http_access allow hrmsacl
2018/10/23 16:51:05| Processing: cache_peer_access prdhrms allow hrmsacl
2018/10/23 16:51:05| Processing: cache_peer_access uathrms allow hrmsacl
2018/10/23 16:51:05| Processing: cache_peer_access sithrms allow hrmsacl
2018/10/23 16:51:05| Processing: cache_peer_access devhrms allow hrmsacl
2018/10/23 16:51:05| Processing: acl all src all
2018/10/23 16:51:05| WARNING: (B) '::/0' is a subnetwork of (A) '::/0'
2018/10/23 16:51:05| WARNING: because of this '::/0' is ignored to keep
splay tree searching predictable
2018/10/23 16:51:05| WARNING: You should probably remove '::/0' from the ACL
named 'all'
2018/10/23 16:51:05| Processing: acl manager proto cache_object
2018/10/23 16:51:05| UPGRADE: ACL 'manager' is now a built-in ACL. Remove it
from your config file.
2018/10/23 16:51:05| Processing: acl localhost src 127.0.0.1/32
2018/10/23 16:51:05| WARNING: (B) '127.0.0.1' is a subnetwork of (A)
'127.0.0.1'
2018/10/23 16:51:05| WARNING: because of this '127.0.0.1' is ignored to keep
splay tree searching predictable
2018/10/23 16:51:05| WARNING: You should probably remove '127.0.0.1' from
the ACL named 'localhost'
2018/10/23 16:51:05| WARNING: (B) '127.0.0.1' is a subnetwork of (A)
'127.0.0.1'
2018/10/23 16:51:05| WARNING: because of this '127.0.0.1' is ignored to keep
splay tree searching predictable
2018/10/23 16:51:05| WARNING: You should probably remove '127.0.0.1' from
the ACL named 'localhost'
2018/10/23 16:51:05| Processing: acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
2018/10/23 16:51:05| WARNING: (B) '127.0.0.0/8' is a subnetwork of (A)
'127.0.0.0/8'
2018/10/23 16:51:05| WARNING: because of this '127.0.0.0/8' is ignored to
keep splay tree searching predictable
2018/10/23 16:51:05| WARNING: You should probably remove '127.0.0.0/8' from
the ACL named 'to_localhost'
2018/10/23 16:51:05| WARNING: (B) '0.0.0.0' is a subnetwork of (A) '0.0.0.0'
2018/10/23 16:51:05| WARNING: because of this '0.0.0.0' is ignored to keep
splay tree searching predictable
2018/10/23 16:51:05| WARNING: You should probably remove '0.0.0.0' from the
ACL named 'to_localhost'
2018/10/23 16:51:05| WARNING: (B) '0.0.0.0' is a subnetwork of (A) '0.0.0.0'
2018/10/23 16:51:05| WARNING: because of this '0.0.0.0' is ignored to keep
splay tree searching predictable
2018/10/23 16:51:05| WARNING: You should probably remove '0.0.0.0' from the
ACL named 'to_localhost'
2018/10/23 16:51:05| Processing: acl purge method PURGE
2018/10/23 16:51:05| Processing: acl CONNECT method CONNECT
2018/10/23 16:51:05| Processing: http_access allow manager localhost
2018/10/23 16:51:05| Processing: http_access deny manager
2018/10/23 16:51:05| Processing: http_access allow purge localhost
2018/10/23 16:51:05| Processing: http_access deny purge
2018/10/23 16:51:05| Processing: http_access deny all
2018/10/23 16:51:05| Processing: logfile_rotate 10
2018/10/23 16:51:05| Initializing https proxy context
2018/10/23 16:51:05| Initializing cache_peer uathrms SSL context
2018/10/23 16:51:05| Initializing cache_peer sithrms SSL context
2018/10/23 16:51:05| Initializing cache_peer devhrms SSL context
2018/10/23 16:51:05| Initializing https_port [::]:80 SSL context
2018/10/23 16:51:05| Using certificate in /etc/squid/certs/ouhk.crt
2018/10/23 16:51:05| Initializing https_port [::]:8000 SSL context
2018/10/23 16:51:05| Using certificate in /etc/squid/certs/ouhk.crt
2018/10/23 16:51:05| Initializing https_port [::]:8004 SSL context
2018/10/23 16:51:05| Using certificate in /etc/squid/certs/ouhk2.crt
2018/10/23 16:51:05| Initializing https_port [::]:8005 SSL context
2018/10/23 16:51:05| Using certificate in /etc/squid/certs/ouhk3.crt




--
Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html
Matus UHLAR - fantomas
2018-10-23 10:00:39 UTC
Permalink
What does mean "Squid proxy not working"?
Post by Angus J.
The result of squid -k parse
did you read this output?
did you do other thing Amos has recommended to you?

according to logs down, squid DOES listen for connections.
Post by Angus J.
oul163:/etc/squid # squid -k parse
2018/10/23 16:51:05| Processing: acl localnet src 192.168.0.0/16
2018/10/23 16:51:05| Processing: acl localnet src 192.168.31.0/24
2018/10/23 16:51:05| WARNING: (A) '192.168.31.0/24' is a subnetwork of (B)
'192.168.0.0/16'
2018/10/23 16:51:05| WARNING: because of this '192.168.31.0/24' is ignored
to keep splay tree searching predictable
2018/10/23 16:51:05| WARNING: You should probably remove '192.168.31.0/24'
from the ACL named 'localnet'
... there's no point in adding 192.168.0.0/16 and 192.168.31.0/24 both
- squid recommends you to remove 192.168.31.0/24
Post by Angus J.
2018/10/23 16:51:05| Processing: acl all src all
2018/10/23 16:51:05| WARNING: (B) '::/0' is a subnetwork of (A) '::/0'
2018/10/23 16:51:05| WARNING: because of this '::/0' is ignored to keep
splay tree searching predictable
2018/10/23 16:51:05| WARNING: You should probably remove '::/0' from the ACL
named 'all'
acl "all" is built-in, you don't have to define it.
Post by Angus J.
2018/10/23 16:51:05| Processing: acl manager proto cache_object
2018/10/23 16:51:05| UPGRADE: ACL 'manager' is now a built-in ACL. Remove it
from your config file.
...the same applies for "manager" acl.
Post by Angus J.
2018/10/23 16:51:05| Processing: acl localhost src 127.0.0.1/32
2018/10/23 16:51:05| WARNING: (B) '127.0.0.1' is a subnetwork of (A)
'127.0.0.1'
2018/10/23 16:51:05| WARNING: because of this '127.0.0.1' is ignored to keep
splay tree searching predictable
2018/10/23 16:51:05| WARNING: You should probably remove '127.0.0.1' from
the ACL named 'localhost'
seems that you have localhost defined two times.
Post by Angus J.
2018/10/23 16:51:05| Processing: acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
2018/10/23 16:51:05| WARNING: (B) '127.0.0.0/8' is a subnetwork of (A)
'127.0.0.0/8'
2018/10/23 16:51:05| WARNING: because of this '127.0.0.0/8' is ignored to
keep splay tree searching predictable
2018/10/23 16:51:05| WARNING: You should probably remove '127.0.0.0/8' from
the ACL named 'to_localhost'
... and same applies to to_localhost
--
Matus UHLAR - fantomas, ***@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
My mind is like a steel trap - rusty and illegal in 37 states.
Angus J.
2018-10-23 10:13:14 UTC
Permalink
Hi

I have revised the squid.conf

oul163:/etc/squid # squid -k parse
2018/10/23 18:12:35| Startup: Initializing Authentication Schemes ...
2018/10/23 18:12:35| Startup: Initialized Authentication Scheme 'basic'
2018/10/23 18:12:35| Startup: Initialized Authentication Scheme 'digest'
2018/10/23 18:12:35| Startup: Initialized Authentication Scheme 'negotiate'
2018/10/23 18:12:35| Startup: Initialized Authentication Scheme 'ntlm'
2018/10/23 18:12:35| Startup: Initialized Authentication.
2018/10/23 18:12:35| Processing Configuration File: /etc/squid/squid.conf
(depth 0)
2018/10/23 18:12:35| Processing: acl localnet src 10.0.0.0/8
2018/10/23 18:12:35| Processing: acl localnet src 172.16.0.0/12
2018/10/23 18:12:35| Processing: acl localnet src 192.168.0.0/16
2018/10/23 18:12:35| Processing: acl localnet src fc00::/7
2018/10/23 18:12:35| Processing: acl localnet src fe80::/10
2018/10/23 18:12:35| Processing: acl SSL_ports port 443 8000 8004 8005
2018/10/23 18:12:35| Processing: acl Safe_ports port 80
2018/10/23 18:12:35| Processing: acl Safe_ports port 21
2018/10/23 18:12:35| Processing: acl Safe_ports port 443
2018/10/23 18:12:35| Processing: acl Safe_ports port 70
2018/10/23 18:12:35| Processing: acl Safe_ports port 210
2018/10/23 18:12:35| Processing: acl Safe_ports port 1025-65535
2018/10/23 18:12:35| Processing: acl Safe_ports port 280
2018/10/23 18:12:35| Processing: acl Safe_ports port 488
2018/10/23 18:12:35| Processing: acl Safe_ports port 591
2018/10/23 18:12:35| Processing: acl Safe_ports port 777
2018/10/23 18:12:35| Processing: acl CONNECT method CONNECT
2018/10/23 18:12:35| Processing: access_log /var/log/squid/access.log
2018/10/23 18:12:35| Processing: http_access allow localnet
2018/10/23 18:12:35| Processing: http_access allow localhost
2018/10/23 18:12:35| Processing: http_port 3128
2018/10/23 18:12:35| Processing: coredump_dir /var/cache/squid
2018/10/23 18:12:35| Processing: refresh_pattern ^ftp: 1440 20 10080
2018/10/23 18:12:35| Processing: refresh_pattern ^gopher: 1440 0 1440
2018/10/23 18:12:35| Processing: refresh_pattern -i (/cgi-bin/|\?) 0 0 0
2018/10/23 18:12:35| Processing: refresh_pattern . 0 20 4320
2018/10/23 18:12:35| Processing: cache_dir ufs /var/cache/squid 100 16 256
2018/10/23 18:12:35| Processing: cache_log /var/log/squid/cache.log
2018/10/23 18:12:35| Processing: cache_mem 8 MB
2018/10/23 18:12:35| Processing: cache_mgr webmaster
2018/10/23 18:12:35| Processing: cache_replacement_policy lru
2018/10/23 18:12:35| Processing: cache_store_log /var/log/squid/store.log
2018/10/23 18:12:35| Processing: cache_swap_high 95
2018/10/23 18:12:35| Processing: cache_swap_low 90
2018/10/23 18:12:35| Processing: client_lifetime 1 days
2018/10/23 18:12:35| Processing: connect_timeout 2 minutes
2018/10/23 18:12:35| Processing: error_directory /usr/share/squid/errors/en
2018/10/23 18:12:35| Processing: ftp_passive on
2018/10/23 18:12:35| Processing: maximum_object_size 4096 KB
2018/10/23 18:12:35| Processing: memory_replacement_policy lru
2018/10/23 18:12:35| Processing: minimum_object_size 0 KB
2018/10/23 18:12:35| Processing: visible_hostname oul299.ouhk.edu.hk
2018/10/23 18:12:35| Processing: http_port 3128 accel vhost
defaultsite=oul163.ouhk.edu.hk
2018/10/23 18:12:35| Processing: https_port 80 accel
cert=/etc/squid/certs/ouhk.crt key=/etc/squid/certs/ouhk.key
defaultsite=oul163.ouhk.edu.hk vhost protocol=https
options=NO_SSLv3:NO_SSLv2
2018/10/23 18:12:35| Processing: https_port 8000 accel
cert=/etc/squid/certs/ouhk.crt key=/etc/squid/certs/ouhk.key
defaultsite=oul163.ouhk.edu.hk vhost protocol=https
options=NO_SSLv3:NO_SSLv2
2018/10/23 18:12:35| Processing: https_port 8004 accel
cert=/etc/squid/certs/ouhk2.crt key=/etc/squid/certs/ouhk2.key
defaultsite=oul163.ouhk.edu.hk vhost protocol=https
options=NO_SSLv3:NO_SSLv2
2018/10/23 18:12:35| Processing: https_port 8005 accel
cert=/etc/squid/certs/ouhk3.crt key=/etc/squid/certs/ouhk3.key
defaultsite=oul163.ouhk.edu.hk vhost protocol=https
options=NO_SSLv3:NO_SSLv2
2018/10/23 18:12:35| Processing: sslproxy_options NO_SSLv3:NO_SSLv2
2018/10/23 18:12:35| Processing: access_log /var/log/squid/access.log squid
2018/10/23 18:12:35| Processing: cache_effective_user squid
2018/10/23 18:12:35| Processing: cache_log /var/log/squid/cache.log
2018/10/23 18:12:35| Processing: cache_store_log /var/log/squid/store.log
2018/10/23 18:12:35| Processing: cache_peer 192.168.31.113 parent 8001 0
proxy-only name=prdhrms
2018/10/23 18:12:35| Processing: cache_peer_domain prdhrms
prdhrms.ouhk.edu.hk
2018/10/23 18:12:35| Processing: cache_peer 192.168.31.134 parent 8005 0 ssl
sslflags=DONT_VERIFY_PEER proxy-only name=uathrms
ssloptions=NO_SSLv3:NO_SSLv2
2018/10/23 18:12:35| Processing: cache_peer_domain uathrms
uathrms.ouhk.edu.hk
2018/10/23 18:12:35| Processing: cache_peer 192.168.31.134 parent 8004 0 ssl
sslflags=DONT_VERIFY_PEER proxy-only name=sithrms
ssloptions=NO_SSLv3:NO_SSLv2
2018/10/23 18:12:35| Processing: cache_peer_domain sithrms
sithrms.ouhk.edu.hk
2018/10/23 18:12:35| Processing: cache_peer 192.168.31.134 parent 8000 0 ssl
sslflags=DONT_VERIFY_PEER proxy-only name=devhrms
ssloptions=NO_SSLv3:NO_SSLv2
2018/10/23 18:12:35| Processing: cache_peer_domain devhrms
devhrms.ouhk.edu.hk
2018/10/23 18:12:35| Processing: acl localip src 192.168.31.0/24
2018/10/23 18:12:35| Processing: acl hrmsacl dstdomain .ouhk.edu.hk
2018/10/23 18:12:35| Processing: http_access allow hrmsacl
2018/10/23 18:12:35| Processing: cache_peer_access prdhrms allow hrmsacl
2018/10/23 18:12:35| Processing: cache_peer_access uathrms allow hrmsacl
2018/10/23 18:12:35| Processing: cache_peer_access sithrms allow hrmsacl
2018/10/23 18:12:35| Processing: cache_peer_access devhrms allow hrmsacl
2018/10/23 18:12:35| Processing: acl purge method PURGE
2018/10/23 18:12:35| Processing: acl CONNECT method CONNECT
2018/10/23 18:12:35| Processing: http_access deny all
2018/10/23 18:12:35| Processing: logfile_rotate 10
2018/10/23 18:12:35| Initializing https proxy context
2018/10/23 18:12:35| Initializing cache_peer uathrms SSL context
2018/10/23 18:12:35| Initializing cache_peer sithrms SSL context
2018/10/23 18:12:35| Initializing cache_peer devhrms SSL context
2018/10/23 18:12:35| Initializing https_port [::]:80 SSL context
2018/10/23 18:12:35| Using certificate in /etc/squid/certs/ouhk.crt
2018/10/23 18:12:35| Initializing https_port [::]:8000 SSL context
2018/10/23 18:12:35| Using certificate in /etc/squid/certs/ouhk.crt
2018/10/23 18:12:35| Initializing https_port [::]:8004 SSL context
2018/10/23 18:12:35| Using certificate in /etc/squid/certs/ouhk2.crt
2018/10/23 18:12:35| Initializing https_port [::]:8005 SSL context
2018/10/23 18:12:35| Using certificate in /etc/squid/certs/ouhk3.crt




--
Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html
Amos Jeffries
2018-10-23 11:06:29 UTC
Permalink
Post by Angus J.
Hi
I have revised the squid.conf
But still no hints about what "not working" means?


Amos
Angus J.
2018-10-24 03:15:49 UTC
Permalink
This error in IE browser when the connection is go through the squid proxy
server


This site can’t be reached
uathrms.oubb.edu.hk refused to connect.
Try:

Checking the connection
Checking the proxy and the firewall
ERR_CONNECTION_REFUSED



--
Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html
Angus J.
2018-10-24 03:25:22 UTC
Permalink
oul163:/etc/squid # squid -k parse
2018/10/24 11:24:38| Startup: Initializing Authentication Schemes ...
2018/10/24 11:24:38| Startup: Initialized Authentication Scheme 'basic'
2018/10/24 11:24:38| Startup: Initialized Authentication Scheme 'digest'
2018/10/24 11:24:38| Startup: Initialized Authentication Scheme 'negotiate'
2018/10/24 11:24:38| Startup: Initialized Authentication Scheme 'ntlm'
2018/10/24 11:24:38| Startup: Initialized Authentication.
2018/10/24 11:24:38| Processing Configuration File: /etc/squid/squid.conf
(depth 0)
2018/10/24 11:24:38| Processing: acl localnet src 10.0.0.0/8
2018/10/24 11:24:38| Processing: acl localnet src 172.16.0.0/12
2018/10/24 11:24:38| Processing: acl localnet src 192.168.0.0/16
2018/10/24 11:24:38| Processing: acl localnet src fc00::/7
2018/10/24 11:24:38| Processing: acl localnet src fe80::/10
2018/10/24 11:24:38| Processing: acl SSL_ports port 443 8000 8004 8005
2018/10/24 11:24:38| Processing: acl Safe_ports port 80
2018/10/24 11:24:38| Processing: acl Safe_ports port 21
2018/10/24 11:24:38| Processing: acl Safe_ports port 443
2018/10/24 11:24:38| Processing: acl Safe_ports port 70
2018/10/24 11:24:38| Processing: acl Safe_ports port 210
2018/10/24 11:24:38| Processing: acl Safe_ports port 1025-65535
2018/10/24 11:24:38| Processing: acl Safe_ports port 280
2018/10/24 11:24:38| Processing: acl Safe_ports port 488
2018/10/24 11:24:38| Processing: acl Safe_ports port 591
2018/10/24 11:24:38| Processing: acl Safe_ports port 777
2018/10/24 11:24:38| Processing: acl CONNECT method CONNECT
2018/10/24 11:24:38| Processing: access_log /var/log/squid/access.log
2018/10/24 11:24:38| Processing: http_access deny !Safe_ports
2018/10/24 11:24:38| Processing: http_access deny CONNECT !SSL_ports
2018/10/24 11:24:38| Processing: http_access allow localhost manager
2018/10/24 11:24:38| Processing: http_access deny manager
2018/10/24 11:24:38| Processing: http_access allow localnet
2018/10/24 11:24:38| Processing: http_access allow localhost
2018/10/24 11:24:38| Processing: http_access deny all
2018/10/24 11:24:38| Processing: http_port 3128
2018/10/24 11:24:38| Processing: coredump_dir /var/cache/squid
2018/10/24 11:24:38| Processing: refresh_pattern ^ftp: 1440 20 10080
2018/10/24 11:24:38| Processing: refresh_pattern ^gopher: 1440 0 1440
2018/10/24 11:24:38| Processing: refresh_pattern -i (/cgi-bin/|\?) 0 0 0
2018/10/24 11:24:38| Processing: refresh_pattern . 0 20 4320
2018/10/24 11:24:38| Processing: cache_dir ufs /var/cache/squid 100 16 256
2018/10/24 11:24:38| Processing: cache_log /var/log/squid/cache.log
2018/10/24 11:24:38| Processing: cache_mem 8 MB
2018/10/24 11:24:38| Processing: cache_mgr webmaster
2018/10/24 11:24:38| Processing: cache_replacement_policy lru
2018/10/24 11:24:38| Processing: cache_store_log /var/log/squid/store.log
2018/10/24 11:24:38| Processing: cache_swap_high 95
2018/10/24 11:24:38| Processing: cache_swap_low 90
2018/10/24 11:24:38| Processing: client_lifetime 1 days
2018/10/24 11:24:38| Processing: connect_timeout 2 minutes
2018/10/24 11:24:38| Processing: error_directory /usr/share/squid/errors/en
2018/10/24 11:24:38| Processing: ftp_passive on
2018/10/24 11:24:38| Processing: maximum_object_size 4096 KB
2018/10/24 11:24:38| Processing: memory_replacement_policy lru
2018/10/24 11:24:38| Processing: minimum_object_size 0 KB
2018/10/24 11:24:38| Processing: visible_hostname oul163.ouhk.edu.hk
2018/10/24 11:24:38| Processing: http_port 3128 accel vhost
defaultsite=oul163.ouhk.edu.hk
2018/10/24 11:24:38| Processing: https_port 80 accel
cert=/etc/squid/certs/ouhk.crt key=/etc/squid/certs/ouhk.key
defaultsite=oul163.ouhk.edu.hk vhost protocol=https
options=NO_SSLv3:NO_SSLv2
2018/10/24 11:24:38| Processing: https_port 8000 accel
cert=/etc/squid/certs/ouhk.crt key=/etc/squid/certs/ouhk.key
defaultsite=oul163.ouhk.edu.hk vhost protocol=https
options=NO_SSLv3:NO_SSLv2
2018/10/24 11:24:38| Processing: https_port 8004 accel
cert=/etc/squid/certs/ouhk2.crt key=/etc/squid/certs/ouhk2.key
defaultsite=oul163.ouhk.edu.hk vhost protocol=https
options=NO_SSLv3:NO_SSLv2
2018/10/24 11:24:38| Processing: https_port 8005 accel
cert=/etc/squid/certs/ouhk3.crt key=/etc/squid/certs/ouhk3.key
defaultsite=oul163.ouhk.edu.hk vhost protocol=https
options=NO_SSLv3:NO_SSLv2
2018/10/24 11:24:38| Processing: sslproxy_options NO_SSLv3:NO_SSLv2
2018/10/24 11:24:38| Processing: cache_peer 192.168.31.113 parent 8001 0
proxy-only name=prdhrms
2018/10/24 11:24:38| Processing: cache_peer_domain prdhrms
prdhrms.ouhk.edu.hk
2018/10/24 11:24:38| Processing: cache_peer 192.168.31.134 parent 8005 0 ssl
sslflags=DONT_VERIFY_PEER proxy-only name=uathrms
ssloptions=NO_SSLv3:NO_SSLv2
2018/10/24 11:24:38| Processing: cache_peer_domain uathrms
uathrms.ouhk.edu.hk
2018/10/24 11:24:38| Processing: cache_peer 192.168.31.134 parent 8004 0 ssl
sslflags=DONT_VERIFY_PEER proxy-only name=sithrms
ssloptions=NO_SSLv3:NO_SSLv2
2018/10/24 11:24:38| Processing: cache_peer_domain sithrms
sithrms.ouhk.edu.hk
2018/10/24 11:24:38| Processing: cache_peer 192.168.31.134 parent 8000 0 ssl
sslflags=DONT_VERIFY_PEER proxy-only name=devhrms
ssloptions=NO_SSLv3:NO_SSLv2
2018/10/24 11:24:38| Processing: cache_peer_domain devhrms
devhrms.ouhk.edu.hk
2018/10/24 11:24:38| Processing: acl localip src 192.168.31.0/24
2018/10/24 11:24:38| Processing: acl hrmsacl dstdomain .ouhk.edu.hk
2018/10/24 11:24:38| Processing: http_access allow hrmsacl
2018/10/24 11:24:38| Processing: cache_peer_access prdhrms allow hrmsacl
2018/10/24 11:24:38| Processing: cache_peer_access uathrms allow hrmsacl
2018/10/24 11:24:38| Processing: cache_peer_access sithrms allow hrmsacl
2018/10/24 11:24:38| Processing: cache_peer_access devhrms allow hrmsacl
2018/10/24 11:24:38| Initializing https proxy context
2018/10/24 11:24:38| Initializing cache_peer uathrms SSL context
2018/10/24 11:24:38| Initializing cache_peer sithrms SSL context
2018/10/24 11:24:38| Initializing cache_peer devhrms SSL context
2018/10/24 11:24:38| Initializing https_port [::]:80 SSL context
2018/10/24 11:24:38| Using certificate in /etc/squid/certs/ouhk.crt
2018/10/24 11:24:38| Initializing https_port [::]:8000 SSL context
2018/10/24 11:24:38| Using certificate in /etc/squid/certs/ouhk.crt
2018/10/24 11:24:38| Initializing https_port [::]:8004 SSL context
2018/10/24 11:24:38| Using certificate in /etc/squid/certs/ouhk2.crt
2018/10/24 11:24:38| Initializing https_port [::]:8005 SSL context
2018/10/24 11:24:38| Using certificate in /etc/squid/certs/ouhk3.crt




--
Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html
Angus J.
2018-10-24 03:33:03 UTC
Permalink
https://uathrms.oubb.edu.hk:8005/OA_HTML/AppsLogin

8005 port is not working ?



--
Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html
Matus UHLAR - fantomas
2018-10-24 07:23:10 UTC
Permalink
Post by Angus J.
This error in IE browser when the connection is go through the squid proxy
server
This site can’t be reached
uathrms.oubb.edu.hk refused to connect.
Checking the connection
Checking the proxy and the firewall
ERR_CONNECTION_REFUSED
1. How is squid confdigured in windows (IE uses windows proxy settings)?
2. whats's in squid access and cache logs?
3. we have repeatedly asked you: why do you insist on using port 80 for
HTTPS, when port 80 is HTTP non-SSL port?
--
Matus UHLAR - fantomas, ***@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Fucking windows! Bring Bill Gates! (Southpark the movie)
Angus J.
2018-10-25 09:19:34 UTC
Permalink
1. How is squid confdigured in windows (IE uses windows proxy settings)?
NO

2. whats's in squid access and cache logs?
-rw-r----- 1 squid squid 0 Oct 22 12:21 access.log
-rw-r----- 1 squid squid 0 Oct 22 13:02 netdb.state
-rw-r----- 1 squid squid 6498 Oct 24 11:29 store.log
-rw-r----- 1 squid squid 141946 Oct 24 11:29 cache.log

2018/10/24 11:27:34 kid1| Swap maxSize 102400 + 8192 KB, estimated 8507
objects
2018/10/24 11:27:34 kid1| Target number of buckets: 425
2018/10/24 11:27:34 kid1| Using 8192 Store buckets
2018/10/24 11:27:34 kid1| Max Mem size: 8192 KB
2018/10/24 11:27:34 kid1| Max Swap size: 102400 KB
2018/10/24 11:27:34 kid1| Rebuilding storage in /var/cache/squid (dirty log)
2018/10/24 11:27:34 kid1| Using Least Load store dir selection
2018/10/24 11:27:34 kid1| Set Current Directory to /var/cache/squid
2018/10/24 11:27:34 kid1| Finished loading MIME types and icons.
2018/10/24 11:27:34 kid1| HTCP Disabled.
2018/10/24 11:27:34 kid1| commBind: Cannot bind socket FD 24 to [::1]: (99)
Cannot assign requested address
2018/10/24 11:27:34 kid1| commBind: Cannot bind socket FD 25 to [::1]: (99)
Cannot assign requested address
2018/10/24 11:27:34 kid1| ERROR: Failed to create helper child read FD:
UDP[::1]
2018/10/24 11:27:34 kid1| Configuring Parent 192.168.31.113/8001/0
2018/10/24 11:27:34 kid1| Configuring Parent 192.168.31.134/8005/0
2018/10/24 11:27:34 kid1| Configuring Parent 192.168.31.134/8004/0
2018/10/24 11:27:34 kid1| Configuring Parent 192.168.31.134/8000/0
2018/10/24 11:27:34 kid1| Squid plugin modules loaded: 0
2018/10/24 11:27:34 kid1| Adaptation support is off.
2018/10/24 11:27:34 kid1| Accepting HTTP Socket connections at
local=[::]:3128 remote=[::] FD 18 flags=9
2018/10/24 11:27:34 kid1| Accepting reverse-proxy HTTP Socket connections at
local=[::]:3128 remote=[::] FD 19 flags=9
2018/10/24 11:27:34 kid1| Accepting reverse-proxy HTTPS Socket connections
at local=[::]:80 remote=[::] FD 20 flags=9
2018/10/24 11:27:34 kid1| Accepting reverse-proxy HTTPS Socket connections
at local=[::]:8000 remote=[::] FD 21 flags=9
2018/10/24 11:27:34 kid1| Accepting reverse-proxy HTTPS Socket connections
at local=[::]:8004 remote=[::] FD 22 flags=9
2018/10/24 11:27:34 kid1| Accepting reverse-proxy HTTPS Socket connections
at local=[::]:8005 remote=[::] FD 23 flags=9
2018/10/24 11:27:34 kid1| Done reading /var/cache/squid swaplog (0 entries)
2018/10/24 11:27:34 kid1| Store rebuilding is 0.00% complete
2018/10/24 11:27:34 kid1| Finished rebuilding storage from disk.
2018/10/24 11:27:34 kid1| 0 Entries scanned
2018/10/24 11:27:34 kid1| 0 Invalid entries.
2018/10/24 11:27:34 kid1| 0 With invalid flags.
2018/10/24 11:27:34 kid1| 0 Objects loaded.
2018/10/24 11:27:34 kid1| 0 Objects expired.
2018/10/24 11:27:34 kid1| 0 Objects cancelled.
2018/10/24 11:27:34 kid1| 0 Duplicate URLs purged.
2018/10/24 11:27:34 kid1| 0 Swapfile clashes avoided.
2018/10/24 11:27:34 kid1| Took 0.02 seconds ( 0.00 objects/sec).
2018/10/24 11:27:34 kid1| Beginning Validation Procedure
2018/10/24 11:27:34 kid1| ERROR: listen( FD 19, [::] [ job2], 1024): (98)
Address already in use
2018/10/24 11:27:34 kid1| Completed Validation Procedure
2018/10/24 11:27:34 kid1| Validated 0 Entries
2018/10/24 11:27:34 kid1| store_swap_size = 0.00 KB
2018/10/24 11:27:35 kid1| storeLateRelease: released 0 objects
2018/10/24 11:29:31| Set Current Directory to /var/cache/squid
2018/10/24 11:29:31 kid1| Killing master process, pid 8464
2018/10/24 11:29:31 kid1| Preparing for shutdown after 0 requests
2018/10/24 11:29:31 kid1| Waiting 30 seconds for active connections to
finish
2018/10/24 11:29:31 kid1| Closing HTTP port [::]:3128
2018/10/24 11:29:31 kid1| Closing HTTP port [::]:3128
2018/10/24 11:29:31 kid1| Closing HTTPS port [::]:80
2018/10/24 11:29:31 kid1| Closing HTTPS port [::]:8000
2018/10/24 11:29:31 kid1| Closing HTTPS port [::]:8004
2018/10/24 11:29:31 kid1| Closing HTTPS port [::]:8005
2018/10/24 11:29:32 kid1| Set Current Directory to /var/cache/squid
2018/10/24 11:29:32 kid1| Starting Squid Cache version 3.5.21 for
x86_64-suse-linux-gnu...
2018/10/24 11:29:32 kid1| Service Name: squid
2018/10/24 11:29:32 kid1| Process ID 8497
2018/10/24 11:29:32 kid1| Process Roles: worker
2018/10/24 11:29:32 kid1| With 4096 file descriptors available
2018/10/24 11:29:32 kid1| Initializing IP Cache...
2018/10/24 11:29:32 kid1| DNS Socket created at [::], FD 6
2018/10/24 11:29:32 kid1| DNS Socket created at 0.0.0.0, FD 7
2018/10/24 11:29:32 kid1| Adding domain ouhk.edu.hk from /etc/resolv.conf
2018/10/24 11:29:32 kid1| Adding nameserver 192.207.91.2 from
/etc/resolv.conf
2018/10/24 11:29:32 kid1| Adding nameserver 192.207.91.1 from
/etc/resolv.conf
2018/10/24 11:29:32 kid1| Logfile: opening log /var/log/squid/access.log
2018/10/24 11:29:32 kid1| WARNING: log name now starts with a module name.
Use 'stdio:/var/log/squid/access.log'
2018/10/24 11:29:32 kid1| Unlinkd pipe opened on FD 14
2018/10/24 11:29:32 kid1| Local cache digest enabled; rebuild/rewrite every
3600/3600 sec
2018/10/24 11:29:32 kid1| Logfile: opening log /var/log/squid/store.log
2018/10/24 11:29:32 kid1| WARNING: log name now starts with a module name.
Use 'stdio:/var/log/squid/store.log'
2018/10/24 11:29:32 kid1| Swap maxSize 102400 + 8192 KB, estimated 8507
objects
2018/10/24 11:29:32 kid1| Target number of buckets: 425
2018/10/24 11:29:32 kid1| Using 8192 Store buckets
2018/10/24 11:29:32 kid1| Max Mem size: 8192 KB
2018/10/24 11:29:32 kid1| Max Swap size: 102400 KB
2018/10/24 11:29:32 kid1| Rebuilding storage in /var/cache/squid (dirty log)
2018/10/24 11:29:32 kid1| Using Least Load store dir selection
2018/10/24 11:29:32 kid1| Set Current Directory to /var/cache/squid
2018/10/24 11:29:32 kid1| Finished loading MIME types and icons.
2018/10/24 11:29:32 kid1| HTCP Disabled.
2018/10/24 11:29:32 kid1| commBind: Cannot bind socket FD 24 to [::1]: (99)
Cannot assign requested address
2018/10/24 11:29:32 kid1| commBind: Cannot bind socket FD 25 to [::1]: (99)
Cannot assign requested address
2018/10/24 11:29:32 kid1| ERROR: Failed to create helper child read FD:
UDP[::1]
2018/10/24 11:29:32 kid1| Configuring Parent 192.168.31.113/8001/0
2018/10/24 11:29:32 kid1| Configuring Parent 192.168.31.134/8005/0
2018/10/24 11:29:32 kid1| Configuring Parent 192.168.31.134/8004/0
2018/10/24 11:29:32 kid1| Configuring Parent 192.168.31.134/8000/0
2018/10/24 11:29:32 kid1| Squid plugin modules loaded: 0
2018/10/24 11:29:32 kid1| Adaptation support is off.
2018/10/24 11:29:32 kid1| Accepting HTTP Socket connections at
local=[::]:3128 remote=[::] FD 18 flags=9
2018/10/24 11:29:32 kid1| Accepting reverse-proxy HTTP Socket connections at
local=[::]:3128 remote=[::] FD 19 flags=9
2018/10/24 11:29:32 kid1| Accepting reverse-proxy HTTPS Socket connections
at local=[::]:80 remote=[::] FD 20 flags=9
2018/10/24 11:29:32 kid1| Accepting reverse-proxy HTTPS Socket connections
at local=[::]:8000 remote=[::] FD 21 flags=9
2018/10/24 11:29:32 kid1| Accepting reverse-proxy HTTPS Socket connections
at local=[::]:8004 remote=[::] FD 22 flags=9
2018/10/24 11:29:32 kid1| Accepting reverse-proxy HTTPS Socket connections
at local=[::]:8005 remote=[::] FD 23 flags=9
2018/10/24 11:29:32 kid1| Done reading /var/cache/squid swaplog (0 entries)
2018/10/24 11:29:32 kid1| Store rebuilding is 0.00% complete
2018/10/24 11:29:32 kid1| Finished rebuilding storage from disk.
2018/10/24 11:29:32 kid1| 0 Entries scanned
2018/10/24 11:29:32 kid1| 0 Invalid entries.
2018/10/24 11:29:32 kid1| 0 With invalid flags.
2018/10/24 11:29:32 kid1| 0 Objects loaded.
2018/10/24 11:29:32 kid1| 0 Objects expired.
2018/10/24 11:29:32 kid1| 0 Objects cancelled.
2018/10/24 11:29:32 kid1| 0 Duplicate URLs purged.
2018/10/24 11:29:32 kid1| 0 Swapfile clashes avoided.
2018/10/24 11:29:32 kid1| Took 0.02 seconds ( 0.00 objects/sec).
2018/10/24 11:29:32 kid1| Beginning Validation Procedure
2018/10/24 11:29:32 kid1| ERROR: listen( FD 19, [::] [ job2], 1024): (98)
Address already in use
2018/10/24 11:29:32 kid1| Completed Validation Procedure
2018/10/24 11:29:32 kid1| Validated 0 Entries
2018/10/24 11:29:32 kid1| store_swap_size = 0.00 KB
2018/10/24 11:29:33 kid1| storeLateRelease: released 0 objects
2018/10/24 11:29:34| Set Current Directory to /var/cache/squid
2018/10/24 11:29:34 kid1| Killing master process, pid 8495
2018/10/24 11:29:34 kid1| Preparing for shutdown after 0 requests
2018/10/24 11:29:34 kid1| Waiting 30 seconds for active connections to
finish
2018/10/24 11:29:34 kid1| Closing HTTP port [::]:3128
2018/10/24 11:29:34 kid1| Closing HTTP port [::]:3128
2018/10/24 11:29:34 kid1| Closing HTTPS port [::]:80
2018/10/24 11:29:34 kid1| Closing HTTPS port [::]:8000
2018/10/24 11:29:34 kid1| Closing HTTPS port [::]:8004
2018/10/24 11:29:34 kid1| Closing HTTPS port [::]:8005
2018/10/24 11:29:34 kid1| Set Current Directory to /var/cache/squid
2018/10/24 11:29:34 kid1| Starting Squid Cache version 3.5.21 for
x86_64-suse-linux-gnu...
2018/10/24 11:29:34 kid1| Service Name: squid
2018/10/24 11:29:34 kid1| Process ID 8525
2018/10/24 11:29:34 kid1| Process Roles: worker
2018/10/24 11:29:34 kid1| With 4096 file descriptors available
2018/10/24 11:29:34 kid1| Initializing IP Cache...
2018/10/24 11:29:34 kid1| DNS Socket created at [::], FD 6
2018/10/24 11:29:34 kid1| DNS Socket created at 0.0.0.0, FD 7
2018/10/24 11:29:34 kid1| Adding domain ouhk.edu.hk from /etc/resolv.conf
2018/10/24 11:29:34 kid1| Adding nameserver 192.207.91.2 from
/etc/resolv.conf
2018/10/24 11:29:34 kid1| Adding nameserver 192.207.91.1 from
/etc/resolv.conf
2018/10/24 11:29:34 kid1| Logfile: opening log /var/log/squid/access.log
2018/10/24 11:29:34 kid1| WARNING: log name now starts with a module name.
Use 'stdio:/var/log/squid/access.log'
2018/10/24 11:29:34 kid1| Unlinkd pipe opened on FD 14
2018/10/24 11:29:34 kid1| Local cache digest enabled; rebuild/rewrite every
3600/3600 sec
2018/10/24 11:29:34 kid1| Logfile: opening log /var/log/squid/store.log
2018/10/24 11:29:34 kid1| WARNING: log name now starts with a module name.
Use 'stdio:/var/log/squid/store.log'
2018/10/24 11:29:34 kid1| Swap maxSize 102400 + 8192 KB, estimated 8507
objects
2018/10/24 11:29:34 kid1| Target number of buckets: 425
2018/10/24 11:29:34 kid1| Using 8192 Store buckets
2018/10/24 11:29:34 kid1| Max Mem size: 8192 KB
2018/10/24 11:29:34 kid1| Max Swap size: 102400 KB
2018/10/24 11:29:34 kid1| Rebuilding storage in /var/cache/squid (dirty log)
2018/10/24 11:29:34 kid1| Using Least Load store dir selection
2018/10/24 11:29:34 kid1| Set Current Directory to /var/cache/squid
2018/10/24 11:29:34 kid1| Finished loading MIME types and icons.
2018/10/24 11:29:34 kid1| HTCP Disabled.
2018/10/24 11:29:34 kid1| commBind: Cannot bind socket FD 24 to [::1]: (99)
Cannot assign requested address
2018/10/24 11:29:34 kid1| commBind: Cannot bind socket FD 25 to [::1]: (99)
Cannot assign requested address
2018/10/24 11:29:34 kid1| ERROR: Failed to create helper child read FD:
UDP[::1]
2018/10/24 11:29:34 kid1| Configuring Parent 192.168.31.113/8001/0
2018/10/24 11:29:34 kid1| Configuring Parent 192.168.31.134/8005/0
2018/10/24 11:29:34 kid1| Configuring Parent 192.168.31.134/8004/0
2018/10/24 11:29:34 kid1| Configuring Parent 192.168.31.134/8000/0
2018/10/24 11:29:34 kid1| Squid plugin modules loaded: 0
2018/10/24 11:29:34 kid1| Adaptation support is off.
2018/10/24 11:29:34 kid1| Accepting HTTP Socket connections at
local=[::]:3128 remote=[::] FD 18 flags=9
2018/10/24 11:29:34 kid1| Accepting reverse-proxy HTTP Socket connections at
local=[::]:3128 remote=[::] FD 19 flags=9
2018/10/24 11:29:34 kid1| Accepting reverse-proxy HTTPS Socket connections
at local=[::]:80 remote=[::] FD 20 flags=9
2018/10/24 11:29:34 kid1| Accepting reverse-proxy HTTPS Socket connections
at local=[::]:8000 remote=[::] FD 21 flags=9
2018/10/24 11:29:34 kid1| Accepting reverse-proxy HTTPS Socket connections
at local=[::]:8004 remote=[::] FD 22 flags=9
2018/10/24 11:29:34 kid1| Accepting reverse-proxy HTTPS Socket connections
at local=[::]:8005 remote=[::] FD 23 flags=9
2018/10/24 11:29:34 kid1| Done reading /var/cache/squid swaplog (0 entries)
2018/10/24 11:29:34 kid1| Store rebuilding is 0.00% complete
2018/10/24 11:29:34 kid1| Finished rebuilding storage from disk.
2018/10/24 11:29:34 kid1| 0 Entries scanned
2018/10/24 11:29:34 kid1| 0 Invalid entries.
2018/10/24 11:29:34 kid1| 0 With invalid flags.
2018/10/24 11:29:34 kid1| 0 Objects loaded.
2018/10/24 11:29:34 kid1| 0 Objects expired.
2018/10/24 11:29:34 kid1| 0 Objects cancelled.
2018/10/24 11:29:34 kid1| 0 Duplicate URLs purged.
2018/10/24 11:29:34 kid1| 0 Swapfile clashes avoided.
2018/10/24 11:29:34 kid1| Took 0.02 seconds ( 0.00 objects/sec).
2018/10/24 11:29:34 kid1| Beginning Validation Procedure
2018/10/24 11:29:34 kid1| ERROR: listen( FD 19, [::] [ job2], 1024): (98)
Address already in use
2018/10/24 11:29:34 kid1| Completed Validation Procedure
2018/10/24 11:29:34 kid1| Validated 0 Entries
2018/10/24 11:29:34 kid1| store_swap_size = 0.00 KB
2018/10/24 11:29:35 kid1| storeLateRelease: released 0 objects




3. we have repeatedly asked you: why do you insist on using port 80 for
HTTPS, when port 80 is HTTP non-SSL port? I will use 8005 for https



--
Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html
Amos Jeffries
2018-10-25 09:56:03 UTC
Permalink
Post by Matus UHLAR - fantomas
1. How is squid confdigured in windows (IE uses windows proxy settings)?
NO
2. whats's in squid access and cache logs?
-rw-r----- 1 squid squid 0 Oct 22 12:21 access.log
-rw-r----- 1 squid squid 0 Oct 22 13:02 netdb.state
-rw-r----- 1 squid squid 6498 Oct 24 11:29 store.log
-rw-r----- 1 squid squid 141946 Oct 24 11:29 cache.log
2018/10/24 11:27:34 kid1| Swap maxSize 102400 + 8192 KB, estimated 8507
objects
2018/10/24 11:27:34 kid1| Target number of buckets: 425
2018/10/24 11:27:34 kid1| Using 8192 Store buckets
2018/10/24 11:27:34 kid1| Max Mem size: 8192 KB
2018/10/24 11:27:34 kid1| Max Swap size: 102400 KB
2018/10/24 11:27:34 kid1| Rebuilding storage in /var/cache/squid (dirty log)
2018/10/24 11:27:34 kid1| Using Least Load store dir selection
2018/10/24 11:27:34 kid1| Set Current Directory to /var/cache/squid
2018/10/24 11:27:34 kid1| Finished loading MIME types and icons.
2018/10/24 11:27:34 kid1| HTCP Disabled.
2018/10/24 11:27:34 kid1| commBind: Cannot bind socket FD 24 to [::1]: (99)
Cannot assign requested address
2018/10/24 11:27:34 kid1| commBind: Cannot bind socket FD 25 to [::1]: (99)
Cannot assign requested address
UDP[::1]
Hmm, that is odd. I expect there is something wrong with the pinger
install and/or its security permissions.

But seems not to be having too much impact on the proxy. So looking into
it can be delayed to later.
Post by Matus UHLAR - fantomas
2018/10/24 11:27:34 kid1| Configuring Parent 192.168.31.113/8001/0
2018/10/24 11:27:34 kid1| Configuring Parent 192.168.31.134/8005/0
2018/10/24 11:27:34 kid1| Configuring Parent 192.168.31.134/8004/0
2018/10/24 11:27:34 kid1| Configuring Parent 192.168.31.134/8000/0
2018/10/24 11:27:34 kid1| Squid plugin modules loaded: 0
2018/10/24 11:27:34 kid1| Adaptation support is off.
2018/10/24 11:27:34 kid1| Accepting HTTP Socket connections at
local=[::]:3128 remote=[::] FD 18 flags=9
2018/10/24 11:27:34 kid1| Accepting reverse-proxy HTTP Socket connections at
local=[::]:3128 remote=[::] FD 19 flags=9
Two http_port lines using port number 3128 ...
Post by Matus UHLAR - fantomas
2018/10/24 11:27:34 kid1| Accepting reverse-proxy HTTPS Socket connections
at local=[::]:80 remote=[::] FD 20 flags=9
2018/10/24 11:27:34 kid1| Accepting reverse-proxy HTTPS Socket connections
at local=[::]:8000 remote=[::] FD 21 flags=9
2018/10/24 11:27:34 kid1| Accepting reverse-proxy HTTPS Socket connections
at local=[::]:8004 remote=[::] FD 22 flags=9
2018/10/24 11:27:34 kid1| Accepting reverse-proxy HTTPS Socket connections
at local=[::]:8005 remote=[::] FD 23 flags=9
...
Post by Matus UHLAR - fantomas
2018/10/24 11:27:34 kid1| ERROR: listen( FD 19, [::] [ job2], 1024): (98)
Address already in use
FD 18 and FD 19 both conflicting over who gets to listen on port 3128
and what type of traffic is arriving there.

This port is a registered port for forward-proxy use. Reverse-proxy
(accel mode) traffic has a *different syntax* - the URLs and types of
message that can be delivered are different. So cannot be sharing a port
with forward-proxy traffic.


Log says "ERROR" but is actually something FATAL. That is a bug we need
to fix in the logging and error display.
Post by Matus UHLAR - fantomas
2018/10/24 11:29:31 kid1| Preparing for shutdown after 0 requests
2018/10/24 11:29:31 kid1| Waiting 30 seconds for active connections to
finish
2018/10/24 11:29:31 kid1| Closing HTTP port [::]:3128
2018/10/24 11:29:31 kid1| Closing HTTP port [::]:3128
2018/10/24 11:29:31 kid1| Closing HTTPS port [::]:80
2018/10/24 11:29:31 kid1| Closing HTTPS port [::]:8000
2018/10/24 11:29:31 kid1| Closing HTTPS port [::]:8004
2018/10/24 11:29:31 kid1| Closing HTTPS port [::]:8005
2018/10/24 11:29:32 kid1| Set Current Directory to /var/cache/squid
2018/10/24 11:29:32 kid1| Starting Squid Cache version 3.5.21 for
x86_64-suse-linux-gnu...
... and the auto-restart cycle continues.



Amos
Angus J.
2018-10-26 02:06:00 UTC
Permalink
Hi Amos

# Squid normally listens to port 3128
http_port 3128


http_port 3128 accel vhost defaultsite=oul163.ouhk.edu.hk


This two line of squid.conf , they will cause the ERROR" ?




--
Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html
Eliezer Croitoru
2018-10-26 07:08:56 UTC
Permalink
Hey Angus,

There are couple times of configuration "definition".
Some of them cannot overlap since they contain a full instruction.
When a http_port line is parsed by squid it's a fix setup of
configuration argument.
There are other services and/or servers that updates the configuration
argument with every line.
For specific instructions like "listen on *:3128" in squid there is only
one line that can be accepted.
If the service operator instruct's squid to do something which cannot be
done squid will not do that.
Maybe in the future someone will enhance squid to allow "progressive"
http_port configuration but I believe it's wrong.

All The Bests,
Eliezer
Post by Angus J.
Hi Amos
# Squid normally listens to port 3128
http_port 3128
http_port 3128 accel vhost defaultsite=oul163.ouhk.edu.hk
This two line of squid.conf , they will cause the ERROR" ?
--
http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html
_______________________________________________
squid-users mailing list
http://lists.squid-cache.org/listinfo/squid-users
--
----
Eliezer Croitoru
Linux System Administrator
Mobile: +972-5-28704261
Email: ***@ngtech.co.il
Angus J.
2018-10-26 07:26:54 UTC
Permalink
What's wrong of my squid.conf from 27 to 3.5?
The port 3128 issue has been fixed


# multiling http
acl localnet src 10.0.0.0/8
acl localnet src 172.16.0.0/12
acl localnet src 192.168.0.0/16
acl localnet src fc00::/7
acl localnet src fe80::/10
acl SSL_ports port 443 8000 8004 8005
acl Safe_ports port 80
acl Safe_ports port 21
acl Safe_ports port 443
acl Safe_ports port 70
acl Safe_ports port 210
acl Safe_ports port 1025-65535
acl Safe_ports port 280
acl Safe_ports port 488
acl Safe_ports port 591
acl Safe_ports port 777
acl CONNECT method CONNECT

access_log /var/log/squid/access.log

#
# Recommended minimum Access Permission configuration:
#
# Deny requests to certain unsafe ports
# Deny CONNECT to other than secure SSL ports
# Only allow cachemgr access from localhost
# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
# Allow localhost always proxy functionality
# And finally deny all other access to this proxy
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost manager
http_access deny manager
http_access allow localnet
http_access allow localhost
http_access deny all

# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on "localhost" is a local user
#http_access deny to_localhost

#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#

# Squid normally listens to port 3128
#http_port 3128

# Uncomment and adjust the following to add a disk cache directory.
#cache_dir aufs /var/cache/squid 100 16 256

# Leave coredumps in the first cache dir
coredump_dir /var/cache/squid

#
# Add any of your own refresh_pattern entries above these.
#
refresh_pattern ^ftp: 1440 20 10080
refresh_pattern ^gopher: 1440 0 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0 0
refresh_pattern . 0 20 4320

cache_dir ufs /var/cache/squid 100 16 256

cache_log /var/log/squid/cache.log

cache_mem 8 MB

cache_mgr webmaster

cache_replacement_policy lru

cache_store_log /var/log/squid/store.log

cache_swap_high 95

cache_swap_low 90

client_lifetime 1 days

connect_timeout 2 minutes

error_directory /usr/share/squid/errors/en

ftp_passive on

maximum_object_size 4096 KB

memory_replacement_policy lru

minimum_object_size 0 KB

visible_hostname oul163.ouhk.edu.hk
http_port 3128 accel vhost defaultsite=oul163.ouhk.edu.hk
#https_port 80 accel cert=/etc/squid/certs/ouhk.crt
key=/etc/squid/certs/ouhk.key defaultsite=oul163.ouhk.edu.hk vhost
protocol=https options=NO_SSLv3:NO_SSLv2
#https_port 8000 accel cert=/etc/squid/certs/ouhk.crt
key=/etc/squid/certs/ouhk.key defaultsite=oul163.ouhk.edu.hk vhost
protocol=https options=NO_SSLv3:NO_SSLv2
#https_port 8004 accel cert=/etc/squid/certs/ouhk.crt
key=/etc/squid/certs/ouhk.key defaultsite=oul163.ouhk.edu.hk vhost
protocol=https options=NO_SSLv3:NO_SSLv2
#https_port 8004 accel cert=/etc/squid/certs/ouhk2.crt
key=/etc/squid/certs/ouhk2.key defaultsite=oul163.ouhk.edu.hk vhost
protocol=https options=NO_SSLv3:NO_SSLv2
#https_port 8005 accel cert=/etc/squid/certs/ouhk.crt
key=/etc/squid/certs/ouhk.key defaultsite=oul163.ouhk.edu.hk vhost
protocol=https options=NO_SSLv3:NO_SSLv2
https_port 8005 accel cert=/etc/squid/certs/ouhk3.crt
key=/etc/squid/certs/ouhk3.key defaultsite=oul163.ouhk.edu.hk vhost
protocol=https options=NO_SSLv3:NO_SSLv2
#ssl_bump allow all
# Disable the following one
#ssl_bump options=NO_SSLv3
#always_direct allow all
# Disable the following one
#sslproxy_cert_error allow all
sslproxy_options NO_SSLv3:NO_SSLv2

# the proxy-only indicates that caching will not be performed.
#cache_peer 192.168.31.113 parent 8001 0 proxy-only name=prdhrms
#cache_peer_domain prdhrms prdhrms.ouhk.edu.hk
cache_peer 192.168.31.134 parent 8005 0 ssl sslflags=DONT_VERIFY_PEER
proxy-only name=uathrms ssloptions=NO_SSLv3:NO_SSLv2
#cache_peer 192.168.31.134 parent 8005 0 ssl sslflags=DONT_VERIFY_DOMAIN
proxy-only name=uathrms ssloptions=NO_SSLv3:NO_SSLv2
cache_peer_domain uathrms uathrms.ouhk.edu.hk
#cache_peer 192.168.31.134 parent 8004 0 ssl sslflags=DONT_VERIFY_PEER
proxy-only name=sithrms ssloptions=NO_SSLv3:NO_SSLv2
#cache_peer_domain sithrms sithrms.ouhk.edu.hk
#cache_peer 192.168.31.134 parent 8000 0 ssl sslflags=DONT_VERIFY_PEER
proxy-only name=devhrms ssloptions=NO_SSLv3:NO_SSLv2
#cache_peer 192.168.31.134 parent 8000 0 proxy-only originserver
name=devhrms ssll sslcafile=/certs/star_ouhk_edu_hk.crt
#cache_peer_domain devhrms devhrms.ouhk.edu.hk

# Create an additional ACL for local network access
acl localip src 192.168.0.0/24

# access control list
acl hrmsacl dstdomain .ouhk.edu.hk
http_access allow hrmsacl
#acl hrmsacl2 dstdomain devhrms.ouhk.edu.hk
#cache_peer_access devhrms allow hrmsacl2
cache_peer_access prdhrms allow hrmsacl
cache_peer_access uathrms allow hrmsacl
cache_peer_access sithrms allow hrmsacl
cache_peer_access devhrms allow hrmsacl
#cache_peer_access secure allow SSL_ports




--
Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html
Amos Jeffries
2018-10-26 09:25:57 UTC
Permalink
Post by Angus J.
What's wrong of my squid.conf from 27 to 3.5?
The port 3128 issue has been fixed
Yes that one is fixed. Now it is complaining about what you changed in
cache_peer lines.
Post by Angus J.
oul163:/etc/squid # squid -k parse...> 2018/10/26 10:14:14|
Processing: cache_peer 192.168.31.134 parent 8005 0 ssl
Post by Angus J.
sslflags=DONT_VERIFY_PEER proxy-only name=uathrms
ssloptions=NO_SSLv3:NO_SSLv2
2018/10/26 10:14:14| Processing: cache_peer_domain uathrms
uathrms.ouhk.edu.hk
2018/10/26 10:14:14| Processing: cache_peer_access prdhrms allow
hrmsacl> 2018/10/26 10:14:14| /etc/squid/squid.conf, line 154: No cache_peer
Post by Angus J.
'prdhrms'
2018/10/26 10:14:14| Processing: cache_peer_access uathrms allow hrmsacl
2018/10/26 10:14:14| Processing: cache_peer_access sithrms allow hrmsacl
2018/10/26 10:14:14| /etc/squid/squid.conf, line 156: No cache_peer
'sithrms'
2018/10/26 10:14:14| Processing: cache_peer_access devhrms allow hrmsacl
2018/10/26 10:14:14| /etc/squid/squid.conf, line 157: No cache_peer
'devhrms'
# the proxy-only indicates that caching will not be performed.
#cache_peer 192.168.31.113 parent 8001 0 proxy-only name=prdhrms
#cache_peer_domain prdhrms prdhrms.ouhk.edu.hk
cache_peer 192.168.31.134 parent 8005 0 ssl sslflags=DONT_VERIFY_PEER
proxy-only name=uathrms ssloptions=NO_SSLv3:NO_SSLv2
#cache_peer 192.168.31.134 parent 8005 0 ssl sslflags=DONT_VERIFY_DOMAIN
proxy-only name=uathrms ssloptions=NO_SSLv3:NO_SSLv2
cache_peer_domain uathrms uathrms.ouhk.edu.hk
#cache_peer 192.168.31.134 parent 8004 0 ssl sslflags=DONT_VERIFY_PEER
proxy-only name=sithrms ssloptions=NO_SSLv3:NO_SSLv2
#cache_peer_domain sithrms sithrms.ouhk.edu.hk
#cache_peer 192.168.31.134 parent 8000 0 ssl sslflags=DONT_VERIFY_PEER
proxy-only name=devhrms ssloptions=NO_SSLv3:NO_SSLv2
#cache_peer 192.168.31.134 parent 8000 0 proxy-only originserver
name=devhrms ssll sslcafile=/certs/star_ouhk_edu_hk.crt
#cache_peer_domain devhrms devhrms.ouhk.edu.hk
You commented out the cache_peer lines defining those peer connections
and Squid does not know what to peer the cache_peer_access definitions
are mentioning.

The only thing that needed removing/replacing was the
"cache_peer_domain" lines.
Post by Angus J.
# Create an additional ACL for local network access
acl localip src 192.168.0.0/24
# access control list
acl hrmsacl dstdomain .ouhk.edu.hk
http_access allow hrmsacl
#acl hrmsacl2 dstdomain devhrms.ouhk.edu.hk
#cache_peer_access devhrms allow hrmsacl2
cache_peer_access prdhrms allow hrmsacl
cache_peer_access uathrms allow hrmsacl
cache_peer_access sithrms allow hrmsacl
cache_peer_access devhrms allow hrmsacl
#cache_peer_access secure allow SSL_ports
FYI: These rules are far more lenient than what you had before with
cache_peer_domain.

The previous config let *only* certain domains to each individual peer.
These rules now allows *any* sub-domain to any peer.

I suggest keeping to the minimal change until you are happy with the new
proxy behaviour. The exact equivalent of these lines:

cache_peer 192.168.31.113 parent 8001 0 proxy-only name=prdhrms
cache_peer_domain prdhrms prdhrms.hkbb.edu.hk

cache_peer 192.168.31.134 parent 8005 ... name=uathrms
cache_peer_domain uathrms uathrms.hkbb.edu.hk

cache_peer 192.168.31.134 parent 8004 ... name=sithrms
cache_peer_domain sithrms sithrms.hkbb.edu.hk

cache_peer 192.168.31.134 parent 8000 ... name=devhrms
cache_peer_domain devhrms devhrms.hkbb.edu.hk


Are these lines:

cache_peer 192.168.31.113 parent 8001 0 proxy-only name=prdhrms
acl prdhrms-domain dstdomain prdhrms.hkbb.edu.hk
cache_peer_access prdhrms allow prdhrms-domain

cache_peer 192.168.31.134 parent 8005 ... name=uathrms
acl uathrms-domain dstdomain uathrms.hkbb.edu.hk
cache_peer_access uathrms allow uathrms-domain

cache_peer 192.168.31.134 parent 8004 ... name=sithrms
acl sithrms-domain dstdomain sithrms.hkbb.edu.hk
cache_peer_access sithrms allow sithrms-domain

cache_peer 192.168.31.134 parent 8000 ... name=devhrms
acl devhrms-domain dstdomain devhrms.hkbb.edu.hk
cache_peer_access devhrms allow devhrms-domain



Note that use of the exact sub-domain names remains in place rather than
opening everything to the wildcards midway during a proxy upgrade.

Amos
Angus J.
2018-10-26 09:45:03 UTC
Permalink
oul163:/etc/squid # squid -k parse
2018/10/26 17:44:42| Startup: Initializing Authentication Schemes ...
2018/10/26 17:44:42| Startup: Initialized Authentication Scheme 'basic'
2018/10/26 17:44:42| Startup: Initialized Authentication Scheme 'digest'
2018/10/26 17:44:42| Startup: Initialized Authentication Scheme 'negotiate'
2018/10/26 17:44:42| Startup: Initialized Authentication Scheme 'ntlm'
2018/10/26 17:44:42| Startup: Initialized Authentication.
2018/10/26 17:44:42| Processing Configuration File: /etc/squid/squid.conf
(depth 0)
2018/10/26 17:44:42| Processing: acl localnet src 10.0.0.0/8
2018/10/26 17:44:42| Processing: acl localnet src 172.16.0.0/12
2018/10/26 17:44:42| Processing: acl localnet src 192.168.0.0/16
2018/10/26 17:44:42| Processing: acl localnet src fc00::/7
2018/10/26 17:44:42| Processing: acl localnet src fe80::/10
2018/10/26 17:44:42| Processing: acl SSL_ports port 443 8000 8004 8005
2018/10/26 17:44:42| Processing: acl Safe_ports port 80
2018/10/26 17:44:42| Processing: acl Safe_ports port 21
2018/10/26 17:44:42| Processing: acl Safe_ports port 443
2018/10/26 17:44:42| Processing: acl Safe_ports port 70
2018/10/26 17:44:42| Processing: acl Safe_ports port 210
2018/10/26 17:44:42| Processing: acl Safe_ports port 1025-65535
2018/10/26 17:44:42| Processing: acl Safe_ports port 280
2018/10/26 17:44:42| Processing: acl Safe_ports port 488
2018/10/26 17:44:42| Processing: acl Safe_ports port 591
2018/10/26 17:44:42| Processing: acl Safe_ports port 777
2018/10/26 17:44:42| Processing: acl CONNECT method CONNECT
2018/10/26 17:44:42| Processing: access_log /var/log/squid/access.log
2018/10/26 17:44:42| Processing: http_access deny !Safe_ports
2018/10/26 17:44:42| Processing: http_access deny CONNECT !SSL_ports
2018/10/26 17:44:42| Processing: http_access allow localhost manager
2018/10/26 17:44:42| Processing: http_access deny manager
2018/10/26 17:44:42| Processing: http_access allow localnet
2018/10/26 17:44:42| Processing: http_access allow localhost
2018/10/26 17:44:42| Processing: http_access deny all
2018/10/26 17:44:42| Processing: coredump_dir /var/cache/squid
2018/10/26 17:44:42| Processing: refresh_pattern ^ftp: 1440 20 10080
2018/10/26 17:44:42| Processing: refresh_pattern ^gopher: 1440 0 1440
2018/10/26 17:44:42| Processing: refresh_pattern -i (/cgi-bin/|\?) 0 0 0
2018/10/26 17:44:42| Processing: refresh_pattern . 0 20 4320
2018/10/26 17:44:42| Processing: cache_dir ufs /var/cache/squid 100 16 256
2018/10/26 17:44:42| Processing: cache_log /var/log/squid/cache.log
2018/10/26 17:44:42| Processing: cache_mem 8 MB
2018/10/26 17:44:42| Processing: cache_mgr webmaster
2018/10/26 17:44:42| Processing: cache_replacement_policy lru
2018/10/26 17:44:42| Processing: cache_store_log /var/log/squid/store.log
2018/10/26 17:44:42| Processing: cache_swap_high 95
2018/10/26 17:44:42| Processing: cache_swap_low 90
2018/10/26 17:44:42| Processing: client_lifetime 1 days
2018/10/26 17:44:42| Processing: connect_timeout 2 minutes
2018/10/26 17:44:42| Processing: error_directory /usr/share/squid/errors/en
2018/10/26 17:44:42| Processing: ftp_passive on
2018/10/26 17:44:42| Processing: maximum_object_size 4096 KB
2018/10/26 17:44:42| Processing: memory_replacement_policy lru
2018/10/26 17:44:42| Processing: minimum_object_size 0 KB
2018/10/26 17:44:42| Processing: visible_hostname oul163.ouhk.edu.hk
2018/10/26 17:44:42| Processing: http_port 3128 accel vhost
defaultsite=oul163.ouhk.edu.hk
2018/10/26 17:44:42| Processing: sslproxy_options NO_SSLv3:NO_SSLv2
2018/10/26 17:44:42| Processing: acl localip src 192.168.0.0/24
2018/10/26 17:44:42| Processing: acl hrmsacl dstdomain .ouhk.edu.hk
2018/10/26 17:44:42| Processing: http_access allow hrmsacl
2018/10/26 17:44:42| Processing: cache_peer 192.168.31.113 parent 8001 1
proxy-only name=prdhrms
2018/10/26 17:44:42| Processing: acl prdhrms-domain dstdomain
prdhrms.ouhk.edu.hk
2018/10/26 17:44:42| Processing: cache_peer_access prdhrms allow
prdhrms-domain
2018/10/26 17:44:42| Processing: cache_peer 192.168.31.134 parent 8005 0
name=uathrms
2018/10/26 17:44:42| Processing: acl uathrms-domain dstdomain
uathrms.ouhk.edu.hk
2018/10/26 17:44:42| Processing: cache_peer_access uathrms allow
uathrms-domain
2018/10/26 17:44:42| Processing: cache_peer 192.168.31.134 parent 8004 2
name=sithrms
2018/10/26 17:44:42| Processing: acl sithrms-domain dstdomain
sithrms.ouhk.edu.hk
2018/10/26 17:44:42| Processing: cache_peer_access sithrms allow
sithrms-domain
2018/10/26 17:44:42| Processing: cache_peer 192.168.31.134 parent 8000 3
name=devhrms
2018/10/26 17:44:42| Processing: acl devhrms-domain dstdomain
devhrms.ouhk.edu.hk
2018/10/26 17:44:42| Processing: cache_peer_access devhrms allow
devhrms-domain
2018/10/26 17:44:42| Initializing https proxy context




--
Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html
Angus J.
2018-10-26 09:46:26 UTC
Permalink
I have updated the squid.conf as below:

# access control list
acl hrmsacl dstdomain .ouhk.edu.hk
http_access allow hrmsacl
#acl hrmsacl2 dstdomain devhrms.ouhk.edu.hk
#cache_peer_access devhrms allow hrmsacl2
#cache_peer_access prdhrms allow hrmsacl
#cache_peer_access uathrms allow hrmsacl
#cache_peer_access sithrms allow hrmsacl
#cache_peer_access devhrms allow hrmsacl
#cache_peer_access secure allow SSL_ports
cache_peer 192.168.31.113 parent 8001 1 proxy-only name=prdhrms
acl prdhrms-domain dstdomain prdhrms.ouhk.edu.hk
cache_peer_access prdhrms allow prdhrms-domain

cache_peer 192.168.31.134 parent 8005 0 name=uathrms
acl uathrms-domain dstdomain uathrms.ouhk.edu.hk
cache_peer_access uathrms allow uathrms-domain

cache_peer 192.168.31.134 parent 8004 2 name=sithrms
acl sithrms-domain dstdomain sithrms.ouhk.edu.hk
cache_peer_access sithrms allow sithrms-domain

cache_peer 192.168.31.134 parent 8000 3 name=devhrms
acl devhrms-domain dstdomain devhrms.ouhk.edu.hk
cache_peer_access devhrms allow devhrms-domain




--
Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html
Angus J.
2018-10-26 09:49:46 UTC
Permalink
https://uathrms.ouhk.edu.hk:8005/OA_HTML/AppsLogin


the screen will shown

This site can’t be reached
uathrms.ouhk.edu.hk refused to connect.
Try:

Checking the connection
Checking the proxy and the firewall
ERR_CONNECTION_REFUSED



--
Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html
Amos Jeffries
2018-10-26 10:00:25 UTC
Permalink
Post by Angus J.
https://uathrms.ouhk.edu.hk:8005/OA_HTML/AppsLogin
the screen will shown
This site can’t be reached
uathrms.ouhk.edu.hk refused to connect.
Checking the connection
Checking the proxy and the firewall
ERR_CONNECTION_REFUSED
This time you removed the TLS/SSL settings from the cache_peer lines and
added port numbers to enable ICP communication between the proxies (are
the peer proxies?).

In that config snippet of my last email I used "..." to represent the
long set of config options on your previous peer lines. Leave all those
options set the way they were previously in your config.

Amos
Angus J.
2018-10-26 10:05:46 UTC
Permalink
oul163:/var/log/squid # squid -k parse
2018/10/26 18:04:25| Startup: Initializing Authentication Schemes ...
2018/10/26 18:04:25| Startup: Initialized Authentication Scheme 'basic'
2018/10/26 18:04:25| Startup: Initialized Authentication Scheme 'digest'
2018/10/26 18:04:25| Startup: Initialized Authentication Scheme 'negotiate'
2018/10/26 18:04:25| Startup: Initialized Authentication Scheme 'ntlm'
2018/10/26 18:04:25| Startup: Initialized Authentication.
2018/10/26 18:04:25| Processing Configuration File: /etc/squid/squid.conf
(depth 0)
2018/10/26 18:04:25| Processing: acl localnet src 10.0.0.0/8
2018/10/26 18:04:25| Processing: acl localnet src 172.16.0.0/12
2018/10/26 18:04:25| Processing: acl localnet src 192.168.0.0/16
2018/10/26 18:04:25| Processing: acl localnet src fc00::/7
2018/10/26 18:04:25| Processing: acl localnet src fe80::/10
2018/10/26 18:04:25| Processing: acl SSL_ports port 443 8000 8004 8005
2018/10/26 18:04:25| Processing: acl Safe_ports port 80
2018/10/26 18:04:25| Processing: acl Safe_ports port 21
2018/10/26 18:04:25| Processing: acl Safe_ports port 443
2018/10/26 18:04:25| Processing: acl Safe_ports port 70
2018/10/26 18:04:25| Processing: acl Safe_ports port 210
2018/10/26 18:04:25| Processing: acl Safe_ports port 1025-65535
2018/10/26 18:04:25| Processing: acl Safe_ports port 280
2018/10/26 18:04:25| Processing: acl Safe_ports port 488
2018/10/26 18:04:25| Processing: acl Safe_ports port 591
2018/10/26 18:04:25| Processing: acl Safe_ports port 777
2018/10/26 18:04:25| Processing: acl CONNECT method CONNECT
2018/10/26 18:04:25| Processing: access_log /var/log/squid/access.log
2018/10/26 18:04:25| Processing: http_access deny !Safe_ports
2018/10/26 18:04:25| Processing: http_access deny CONNECT !SSL_ports
2018/10/26 18:04:25| Processing: http_access allow localhost manager
2018/10/26 18:04:25| Processing: http_access deny manager
2018/10/26 18:04:25| Processing: http_access allow localnet
2018/10/26 18:04:25| Processing: http_access allow localhost
2018/10/26 18:04:25| Processing: http_access deny all
2018/10/26 18:04:25| Processing: coredump_dir /var/cache/squid
2018/10/26 18:04:25| Processing: refresh_pattern ^ftp: 1440 20 10080
2018/10/26 18:04:25| Processing: refresh_pattern ^gopher: 1440 0 1440
2018/10/26 18:04:25| Processing: refresh_pattern -i (/cgi-bin/|\?) 0 0 0
2018/10/26 18:04:25| Processing: refresh_pattern . 0 20 4320
2018/10/26 18:04:25| Processing: cache_dir ufs /var/cache/squid 100 16 256
2018/10/26 18:04:25| Processing: cache_log /var/log/squid/cache.log
2018/10/26 18:04:25| Processing: cache_mem 8 MB
2018/10/26 18:04:25| Processing: cache_mgr webmaster
2018/10/26 18:04:25| Processing: cache_replacement_policy lru
2018/10/26 18:04:25| Processing: cache_store_log /var/log/squid/store.log
2018/10/26 18:04:25| Processing: cache_swap_high 95
2018/10/26 18:04:25| Processing: cache_swap_low 90
2018/10/26 18:04:25| Processing: client_lifetime 1 days
2018/10/26 18:04:25| Processing: connect_timeout 2 minutes
2018/10/26 18:04:25| Processing: error_directory /usr/share/squid/errors/en
2018/10/26 18:04:25| Processing: ftp_passive on
2018/10/26 18:04:25| Processing: maximum_object_size 4096 KB
2018/10/26 18:04:25| Processing: memory_replacement_policy lru
2018/10/26 18:04:25| Processing: minimum_object_size 0 KB
2018/10/26 18:04:25| Processing: visible_hostname oul163.ouhk.edu.hk
2018/10/26 18:04:25| Processing: http_port 3128 accel vhost
defaultsite=oul163.ouhk.edu.hk
2018/10/26 18:04:25| Processing: sslproxy_options NO_SSLv3:NO_SSLv2
2018/10/26 18:04:25| Processing: acl localip src 192.168.0.0/24
2018/10/26 18:04:25| Processing: acl hrmsacl dstdomain .ouhk.edu.hk
2018/10/26 18:04:25| Processing: http_access allow hrmsacl
2018/10/26 18:04:25| Processing: cache_peer 192.168.31.113 parent 8001 1
proxy-only name=prdhrms
2018/10/26 18:04:25| Processing: acl prdhrms-domain dstdomain
prdhrms.ouhk.edu.hk
2018/10/26 18:04:25| Processing: cache_peer_access prdhrms allow
prdhrms-domain
2018/10/26 18:04:25| Processing: cache_peer 192.168.31.134 parent 8005 0
proxy-only name=uathrms
2018/10/26 18:04:25| Processing: acl uathrms-domain dstdomain
uathrms.ouhk.edu.hk
2018/10/26 18:04:25| Processing: cache_peer_access uathrms allow
uathrms-domain
2018/10/26 18:04:25| Processing: cache_peer 192.168.31.134 parent 8004 2
proxy-only name=sithrms
2018/10/26 18:04:25| Processing: acl sithrms-domain dstdomain
sithrms.ouhk.edu.hk
2018/10/26 18:04:25| Processing: cache_peer_access sithrms allow
sithrms-domain
2018/10/26 18:04:25| Processing: cache_peer 192.168.31.134 parent 8000 3
proxy-only name=devhrms
2018/10/26 18:04:25| Processing: acl devhrms-domain dstdomain
devhrms.ouhk.edu.hk
2018/10/26 18:04:25| Processing: cache_peer_access devhrms allow
devhrms-domain
2018/10/26 18:04:25| Initializing https proxy context




--
Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html
Angus J.
2018-10-26 10:08:11 UTC
Permalink
The squid.conf has been revised, i just want to 8005 port for ERP application
server.



acl localnet src 10.0.0.0/8
acl localnet src 172.16.0.0/12
acl localnet src 192.168.0.0/16
acl localnet src fc00::/7
acl localnet src fe80::/10
acl SSL_ports port 443 8000 8004 8005
acl Safe_ports port 80
acl Safe_ports port 21
acl Safe_ports port 443
acl Safe_ports port 70
acl Safe_ports port 210
acl Safe_ports port 1025-65535
acl Safe_ports port 280
acl Safe_ports port 488
acl Safe_ports port 591
acl Safe_ports port 777
acl CONNECT method CONNECT

access_log /var/log/squid/access.log

#
# Recommended minimum Access Permission configuration:
#
# Deny requests to certain unsafe ports
# Deny CONNECT to other than secure SSL ports
# Only allow cachemgr access from localhost
# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
# Allow localhost always proxy functionality
# And finally deny all other access to this proxy
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost manager
http_access deny manager
http_access allow localnet
http_access allow localhost
http_access deny all

# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on "localhost" is a local user
#http_access deny to_localhost

#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#

# Squid normally listens to port 3128
#http_port 3128

# Uncomment and adjust the following to add a disk cache directory.
#cache_dir aufs /var/cache/squid 100 16 256

# Leave coredumps in the first cache dir
coredump_dir /var/cache/squid

#
# Add any of your own refresh_pattern entries above these.
#
refresh_pattern ^ftp: 1440 20 10080
refresh_pattern ^gopher: 1440 0 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0 0
refresh_pattern . 0 20 4320

cache_dir ufs /var/cache/squid 100 16 256

cache_log /var/log/squid/cache.log

cache_mem 8 MB

cache_mgr webmaster

cache_replacement_policy lru

cache_store_log /var/log/squid/store.log

cache_swap_high 95

cache_swap_low 90

client_lifetime 1 days

connect_timeout 2 minutes

error_directory /usr/share/squid/errors/en

ftp_passive on

maximum_object_size 4096 KB

memory_replacement_policy lru

minimum_object_size 0 KB

visible_hostname oul163.ouhk.edu.hk
http_port 3128 accel vhost defaultsite=oul163.ouhk.edu.hk
sslproxy_options NO_SSLv3:NO_SSLv2


# Create an additional ACL for local network access
acl localip src 192.168.0.0/24

# access control list
acl hrmsacl dstdomain .ouhk.edu.hk
http_access allow hrmsacl
cache_peer 192.168.31.113 parent 8001 1 proxy-only name=prdhrms
acl prdhrms-domain dstdomain prdhrms.ouhk.edu.hk
cache_peer_access prdhrms allow prdhrms-domain

cache_peer 192.168.31.134 parent 8005 0 proxy-only name=uathrms
acl uathrms-domain dstdomain uathrms.ouhk.edu.hk
cache_peer_access uathrms allow uathrms-domain

cache_peer 192.168.31.134 parent 8004 2 proxy-only name=sithrms
acl sithrms-domain dstdomain sithrms.ouhk.edu.hk
cache_peer_access sithrms allow sithrms-domain

cache_peer 192.168.31.134 parent 8000 3 proxy-only name=devhrms
acl devhrms-domain dstdomain devhrms.ouhk.edu.hk
cache_peer_access devhrms allow devhrms-domain




--
Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html
Matus UHLAR - fantomas
2018-10-26 11:58:20 UTC
Permalink
Post by Angus J.
The squid.conf has been revised, i just want to 8005 port for ERP application
server.
- does it work noe?

- if not, what is in the access log when you try to browse a site?
Post by Angus J.
access_log /var/log/squid/access.log
in this one.
--
Matus UHLAR - fantomas, ***@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Enter any 12-digit prime number to continue.
Angus J.
2018-10-29 01:46:23 UTC
Permalink
Hi Matus

The squid 3.5 cannot read the configure file of SUSE Linux 12 SP3

Regards
Angus



--
Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html
Angus J.
2018-10-29 02:02:41 UTC
Permalink
oul163:/etc/squid # squid -k parse
2018/10/29 10:01:46| Startup: Initializing Authentication Schemes ...
2018/10/29 10:01:46| Startup: Initialized Authentication Scheme 'basic'
2018/10/29 10:01:46| Startup: Initialized Authentication Scheme 'digest'
2018/10/29 10:01:46| Startup: Initialized Authentication Scheme 'negotiate'
2018/10/29 10:01:46| Startup: Initialized Authentication Scheme 'ntlm'
2018/10/29 10:01:46| Startup: Initialized Authentication.
2018/10/29 10:01:46| Processing Configuration File: /etc/squid/squid.conf
(depth 0)
2018/10/29 10:01:46| Processing: acl localnet src 10.0.0.0/8
2018/10/29 10:01:46| Processing: acl localnet src 172.16.0.0/12
2018/10/29 10:01:46| Processing: acl localnet src 192.168.0.0/16
2018/10/29 10:01:46| Processing: acl localnet src fc00::/7
2018/10/29 10:01:46| Processing: acl localnet src fe80::/10
2018/10/29 10:01:46| Processing: acl SSL_ports port 443 8000 8004 8005
2018/10/29 10:01:46| Processing: acl Safe_ports port 80
2018/10/29 10:01:46| Processing: acl Safe_ports port 21
2018/10/29 10:01:46| Processing: acl Safe_ports port 443
2018/10/29 10:01:46| Processing: acl Safe_ports port 70
2018/10/29 10:01:46| Processing: acl Safe_ports port 210
2018/10/29 10:01:46| Processing: acl Safe_ports port 1025-65535
2018/10/29 10:01:46| Processing: acl Safe_ports port 280
2018/10/29 10:01:46| Processing: acl Safe_ports port 488
2018/10/29 10:01:46| Processing: acl Safe_ports port 591
2018/10/29 10:01:46| Processing: acl Safe_ports port 777
2018/10/29 10:01:46| Processing: acl CONNECT method CONNECT
2018/10/29 10:01:46| Processing: access_log /var/log/squid/access.log
2018/10/29 10:01:46| Processing: http_access deny !Safe_ports
2018/10/29 10:01:46| Processing: http_access deny CONNECT !SSL_ports
2018/10/29 10:01:46| Processing: http_access allow localhost manager
2018/10/29 10:01:46| Processing: http_access deny manager
2018/10/29 10:01:46| Processing: http_access allow localnet
2018/10/29 10:01:46| Processing: http_access allow localhost
2018/10/29 10:01:46| Processing: http_access deny all
2018/10/29 10:01:46| Processing: coredump_dir /var/cache/squid
2018/10/29 10:01:46| Processing: refresh_pattern ^ftp: 1440 20 10080
2018/10/29 10:01:46| Processing: refresh_pattern ^gopher: 1440 0 1440
2018/10/29 10:01:46| Processing: refresh_pattern -i (/cgi-bin/|\?) 0 0 0
2018/10/29 10:01:46| Processing: refresh_pattern . 0 20 4320
2018/10/29 10:01:46| Processing: cache_dir ufs /var/cache/squid 100 16 256
2018/10/29 10:01:46| Processing: cache_log /var/log/squid/cache.log
2018/10/29 10:01:46| Processing: cache_mem 8 MB
2018/10/29 10:01:46| Processing: cache_mgr webmaster
2018/10/29 10:01:46| Processing: cache_replacement_policy lru
2018/10/29 10:01:46| Processing: cache_store_log /var/log/squid/store.log
2018/10/29 10:01:46| Processing: cache_swap_high 95
2018/10/29 10:01:46| Processing: cache_swap_low 90
2018/10/29 10:01:46| Processing: client_lifetime 1 days
2018/10/29 10:01:46| Processing: connect_timeout 2 minutes
2018/10/29 10:01:46| Processing: error_directory /usr/share/squid/errors/en
2018/10/29 10:01:46| Processing: ftp_passive on
2018/10/29 10:01:46| Processing: maximum_object_size 4096 KB
2018/10/29 10:01:46| Processing: memory_replacement_policy lru
2018/10/29 10:01:46| Processing: minimum_object_size 0 KB
2018/10/29 10:01:46| Processing: visible_hostname oul163.ouhk.edu.hk
2018/10/29 10:01:46| Processing: http_port 3128 accel vhost
defaultsite=oul163.ouhk.edu.hk
2018/10/29 10:01:46| Processing: sslproxy_options NO_SSLv3:NO_SSLv2
2018/10/29 10:01:46| Processing: acl localip src 192.168.0.0/24
2018/10/29 10:01:46| Processing: acl hrmsacl dstdomain .ouhk.edu.hk
2018/10/29 10:01:46| Processing: http_access allow hrmsacl
2018/10/29 10:01:46| Processing: cache_peer 192.168.31.113 parent 8001 1
proxy-only name=prdhrms
2018/10/29 10:01:46| Processing: acl prdhrms-domain dstdomain
prdhrms.ouhk.edu.hk
2018/10/29 10:01:46| Processing: cache_peer_access prdhrms allow
prdhrms-domain
2018/10/29 10:01:46| Processing: cache_peer 192.168.31.134 parent 8005 0
proxy-only name=uathrms
2018/10/29 10:01:46| Processing: acl uathrms-domain dstdomain
uathrms.ouhk.edu.hk
2018/10/29 10:01:46| Processing: cache_peer_access uathrms allow
uathrms-domain
2018/10/29 10:01:46| Processing: cache_peer 192.168.31.134 parent 8004 2
proxy-only name=sithrms
2018/10/29 10:01:46| Processing: acl sithrms-domain dstdomain
sithrms.ouhk.edu.hk
2018/10/29 10:01:46| Processing: cache_peer_access sithrms allow
sithrms-domain
2018/10/29 10:01:46| Processing: cache_peer 192.168.31.134 parent 8000 3
proxy-only name=devhrms
2018/10/29 10:01:46| Processing: acl devhrms-domain dstdomain
devhrms.ouhk.edu.hk
2018/10/29 10:01:46| Processing: cache_peer_access devhrms allow
devhrms-domain
2018/10/29 10:01:46| Initializing https proxy context



--
Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html
Amos Jeffries
2018-10-29 02:19:18 UTC
Permalink
That shows a clean parse of the config.

Though you still have the cache_peer configuration not doing any TLS/SSL
and the "deny all" access permission above your custom access controls.

Amos
Angus J.
2018-10-29 02:26:55 UTC
Permalink
Hi AMos

Thanks for your information

How to enable cache_peer configuration for any TLS/SSL for port 8005

and the "allow all" 192.168.0.0 and 172.18.0.0 access permission of custom
access controls?

Regards
Angus



--
Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html
Amos Jeffries
2018-10-29 20:50:44 UTC
Permalink
Post by Angus J.
Hi AMos
Thanks for your information
How to enable cache_peer configuration for any TLS/SSL for port 8005
Config line order is important to Squid.

Please *look* at the default squid.conf file provided here:
<https://wiki.squid-cache.org/SquidFaq/ConfiguringSquid#Squid-3.5_default_config>

Compare it to the layout of your config file.

Notice the line the which says "INSERT YOUR OWN RULE(S) HERE" is _above_
the line which says "http_access deny all". Your config has all its
custom peer rules _below_ the deny line - that difference will be
breaking access to the peers.


You have also added a "#" in front of the cache_peer lines with TLS/SSL
setting for the peers. Use the cache_peer lines you started with.
===> Here I mean *exactly* the lines starting with "#cache_peer" and
"cache_peer", not "cache_peer_domain" or "cache_peer_access".
Post by Angus J.
and the "allow all" 192.168.0.0 and 172.18.0.0 access permission of custom
access controls?
Those IPs are part of localnet and already allowed by your config.

HTH
Amos
Angus J.
2018-10-30 03:15:34 UTC
Permalink
Hi Amos

Can I just copy the all squid configure file at /etc/squid/ from 2.7 to 3.5
?

Regards
Angus



--
Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html
Amos Jeffries
2018-10-31 01:55:18 UTC
Permalink
Post by Angus J.
Hi Amos
Can I just copy the all squid configure file at /etc/squid/ from 2.7 to 3.5
?
Sometimes, but usually not *just* that.

The problem is that Squid-2.7 very old and also 2.6 & 2.7 was a fork of
the even older Squid-2.5 code. There have been quite a lot of changes to
squid.conf in the 12 years between 2.5 and 3.5, and v2.7 does some
things a bit differently to both.

The squid -k parse mechanism was added to help reduce the problems
encountered with upgrades. So you can have the squid-3 tell you what it
understands about the older config files.

As you should have noticed when I got you to run -k parse earlier there
were things coming up as FATAL and ERROR in your particular config file.
That means Squid will not even start until the config is changed to the
Squid-3.x settings.


FWIW: Marcus and I are trying to get you to the point where your Squid
will run and do what you have told us it is supposed to be doing. The
problems you are having in the latest few days are because you went and
changed other things (the cache_peer lines) beside what we pointed out -
which broken the proxy again in a different way.

It's okay that you don't know what you are doing. This list is in part
for helping people learn to operate Squid. Just try not to go too fast
of more breakage will occur.

Amos

Angus J.
2018-10-29 02:05:48 UTC
Permalink
#
# Recommended minimum configuration:
#

# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
# RFC1918 possible internal network
# RFC1918 possible internal network
# RFC1918 possible internal network
# RFC 4193 local private network range
# RFC 4291 link-local (directly plugged) machines
# http
# ftp
# https
# gopher
# wais
# unregistered ports
# http-mgmt
# gss-http
# filemaker
# multiling http
acl localnet src 10.0.0.0/8
acl localnet src 172.16.0.0/12
acl localnet src 192.168.0.0/16
acl localnet src fc00::/7
acl localnet src fe80::/10
acl SSL_ports port 443 8000 8004 8005
acl Safe_ports port 80
acl Safe_ports port 21
acl Safe_ports port 443
acl Safe_ports port 70
acl Safe_ports port 210
acl Safe_ports port 1025-65535
acl Safe_ports port 280
acl Safe_ports port 488
acl Safe_ports port 591
acl Safe_ports port 777
acl CONNECT method CONNECT

access_log /var/log/squid/access.log

#
# Recommended minimum Access Permission configuration:
#
# Deny requests to certain unsafe ports
# Deny CONNECT to other than secure SSL ports
# Only allow cachemgr access from localhost
# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
# Allow localhost always proxy functionality
# And finally deny all other access to this proxy
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost manager
http_access deny manager
http_access allow localnet
http_access allow localhost
http_access deny all

# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on "localhost" is a local user
#http_access deny to_localhost

#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#

# Squid normally listens to port 3128
#http_port 3128

# Uncomment and adjust the following to add a disk cache directory.
#cache_dir aufs /var/cache/squid 100 16 256

# Leave coredumps in the first cache dir
coredump_dir /var/cache/squid

#
# Add any of your own refresh_pattern entries above these.
#
refresh_pattern ^ftp: 1440 20 10080
refresh_pattern ^gopher: 1440 0 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0 0
refresh_pattern . 0 20 4320

cache_dir ufs /var/cache/squid 100 16 256

cache_log /var/log/squid/cache.log

cache_mem 8 MB

cache_mgr webmaster

cache_replacement_policy lru

cache_store_log /var/log/squid/store.log

cache_swap_high 95

cache_swap_low 90

client_lifetime 1 days

connect_timeout 2 minutes

error_directory /usr/share/squid/errors/en

ftp_passive on

maximum_object_size 4096 KB

memory_replacement_policy lru

minimum_object_size 0 KB

visible_hostname oul163.ouhk.edu.hk
http_port 3128 accel vhost defaultsite=oul163.ouhk.edu.hk
#https_port 80 accel cert=/etc/squid/certs/ouhk.crt
key=/etc/squid/certs/ouhk.key defaultsite=oul163.ouhk.edu.hk vhost
protocol=https options=NO_SSLv3:NO_SSLv2
#https_port 8000 accel cert=/etc/squid/certs/ouhk.crt
key=/etc/squid/certs/ouhk.key defaultsite=oul163.ouhk.edu.hk vhost
protocol=https options=NO_SSLv3:NO_SSLv2
#https_port 8004 accel cert=/etc/squid/certs/ouhk.crt
key=/etc/squid/certs/ouhk.key defaultsite=oul163.ouhk.edu.hk vhost
protocol=https options=NO_SSLv3:NO_SSLv2
#https_port 8004 accel cert=/etc/squid/certs/ouhk2.crt
key=/etc/squid/certs/ouhk2.key defaultsite=oul163.ouhk.edu.hk vhost
protocol=https options=NO_SSLv3:NO_SSLv2
#https_port 8005 accel cert=/etc/squid/certs/ouhk.crt
key=/etc/squid/certs/ouhk.key defaultsite=oul163.ouhk.edu.hk vhost
protocol=https options=NO_SSLv3:NO_SSLv2
#https_port 8005 accel cert=/etc/squid/certs/ouhk3.crt
key=/etc/squid/certs/ouhk3.key defaultsite=oul163.ouhk.edu.hk vhost
protocol=https options=NO_SSLv3:NO_SSLv2
#ssl_bump allow all
# Disable the following one
#ssl_bump options=NO_SSLv3
#always_direct allow all
# Disable the following one
#sslproxy_cert_error allow all
sslproxy_options NO_SSLv3:NO_SSLv2

# the proxy-only indicates that caching will not be performed.
#cache_peer 192.168.31.113 parent 8001 0 proxy-only name=prdhrms
#cache_peer_domain prdhrms prdhrms.ouhk.edu.hk
#cache_peer 192.168.31.134 parent 8005 0 ssl sslflags=DONT_VERIFY_PEER
proxy-only name=uathrms ssloptions=NO_SSLv3:NO_SSLv2
#cache_peer 192.168.31.134 parent 8005 0 ssl sslflags=DONT_VERIFY_DOMAIN
proxy-only name=uathrms ssloptions=NO_SSLv3:NO_SSLv2
#cache_peer_domain uathrms uathrms.ouhk.edu.hk
#cache_peer 192.168.31.134 parent 8004 0 ssl sslflags=DONT_VERIFY_PEER
proxy-only name=sithrms ssloptions=NO_SSLv3:NO_SSLv2
#cache_peer_domain sithrms sithrms.ouhk.edu.hk
#cache_peer 192.168.31.134 parent 8000 0 ssl sslflags=DONT_VERIFY_PEER
proxy-only name=devhrms ssloptions=NO_SSLv3:NO_SSLv2
#cache_peer 192.168.31.134 parent 8000 0 proxy-only originserver
name=devhrms ssll sslcafile=/certs/star_ouhk_edu_hk.crt
#cache_peer_domain devhrms devhrms.ouhk.edu.hk

# Create an additional ACL for local network access
acl localip src 192.168.0.0/24

# access control list
acl hrmsacl dstdomain .ouhk.edu.hk
http_access allow hrmsacl
#acl hrmsacl2 dstdomain devhrms.ouhk.edu.hk
#cache_peer_access devhrms allow hrmsacl2
#cache_peer_access prdhrms allow hrmsacl
#cache_peer_access uathrms allow hrmsacl
#cache_peer_access sithrms allow hrmsacl
#cache_peer_access devhrms allow hrmsacl
#cache_peer_access secure allow SSL_ports
cache_peer 192.168.31.113 parent 8001 1 proxy-only name=prdhrms
acl prdhrms-domain dstdomain prdhrms.ouhk.edu.hk
cache_peer_access prdhrms allow prdhrms-domain

cache_peer 192.168.31.134 parent 8005 0 proxy-only name=uathrms
acl uathrms-domain dstdomain uathrms.ouhk.edu.hk
cache_peer_access uathrms allow uathrms-domain

cache_peer 192.168.31.134 parent 8004 2 proxy-only name=sithrms
acl sithrms-domain dstdomain sithrms.ouhk.edu.hk
cache_peer_access sithrms allow sithrms-domain

cache_peer 192.168.31.134 parent 8000 3 proxy-only name=devhrms
acl devhrms-domain dstdomain devhrms.ouhk.edu.hk
cache_peer_access devhrms allow devhrms-domain




--
Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html
Angus J.
2018-10-29 01:42:06 UTC
Permalink
Hi

oul163:/var/log/squid # ls -rlt
total 84
-rw-r----- 1 squid squid 0 Oct 22 12:21 access.log
-rw-r----- 1 squid squid 0 Oct 22 13:02 netdb.state
-rw-r----- 1 squid squid 17784 Oct 29 09:13 store.log
-rw-r----- 1 squid squid 55296 Oct 29 09:33 cache.log
oul163:/var/log/squid #


access.log is empty



--
Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html
Matus UHLAR - fantomas
2018-10-29 13:26:40 UTC
Permalink
Post by Angus J.
oul163:/var/log/squid # ls -rlt
total 84
-rw-r----- 1 squid squid 0 Oct 22 12:21 access.log
-rw-r----- 1 squid squid 0 Oct 22 13:02 netdb.state
-rw-r----- 1 squid squid 17784 Oct 29 09:13 store.log
-rw-r----- 1 squid squid 55296 Oct 29 09:33 cache.log
oul163:/var/log/squid #
access.log is empty
that means your browser is not using the proxy.
First configure the browser to use the proxy.

no, first stop repeatedly posting your squid config and output of "squid -k
parse", we have seen both multiple times and can find them in archives, e.g.
here:

http://lists.squid-cache.org/pipermail/squid-users/2018-October/019575.html
--
Matus UHLAR - fantomas, ***@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Due to unexpected conditions Windows 2000 will be released
in first quarter of year 1901
Amos Jeffries
2018-10-29 20:48:55 UTC
Permalink
Post by Matus UHLAR - fantomas
Post by Angus J.
oul163:/var/log/squid # ls -rlt
total 84
-rw-r----- 1 squid squid     0 Oct 22 12:21 access.log
-rw-r----- 1 squid squid     0 Oct 22 13:02 netdb.state
-rw-r----- 1 squid squid 17784 Oct 29 09:13 store.log
-rw-r----- 1 squid squid 55296 Oct 29 09:33 cache.log
oul163:/var/log/squid #
access.log is empty
that means your browser is not using the proxy.
First configure the browser to use the proxy.
This is a revere-proxy config.
Post by Matus UHLAR - fantomas
no, first stop repeatedly posting your squid config and output of "squid -k
parse", we have seen both multiple times and can find them in archives, e.g.
http://lists.squid-cache.org/pipermail/squid-users/2018-October/019575.html
To be fair he does keep changing things in the config randomly each time.

Amos
Angus J.
2018-10-26 02:09:10 UTC
Permalink
I have remarked this line , the port 3128 problem is solved?

# Squid normally listens to port 3128
#http_port 3128



oul163:/var/log/squid # cat cache.log
2018/10/26 10:06:47| Set Current Directory to /var/cache/squid
2018/10/26 10:06:47 kid1| Set Current Directory to /var/cache/squid
2018/10/26 10:06:47 kid1| Starting Squid Cache version 3.5.21 for
x86_64-suse-li
nux-gnu...
2018/10/26 10:06:47 kid1| Service Name: squid
2018/10/26 10:06:47 kid1| Process ID 16743
2018/10/26 10:06:47 kid1| Process Roles: worker
2018/10/26 10:06:47 kid1| With 4096 file descriptors available
2018/10/26 10:06:47 kid1| Initializing IP Cache...
2018/10/26 10:06:47 kid1| DNS Socket created at [::], FD 6
2018/10/26 10:06:47 kid1| DNS Socket created at 0.0.0.0, FD 7
2018/10/26 10:06:47 kid1| Adding domain ouhk.edu.hk from /etc/resolv.conf
2018/10/26 10:06:47 kid1| Adding nameserver 192.207.91.2 from
/etc/resolv.conf
2018/10/26 10:06:47 kid1| Adding nameserver 192.207.91.1 from
/etc/resolv.conf
2018/10/26 10:06:47 kid1| Logfile: opening log /var/log/squid/access.log
2018/10/26 10:06:47 kid1| WARNING: log name now starts with a module name.
Use '
stdio:/var/log/squid/access.log'
2018/10/26 10:06:47 kid1| Unlinkd pipe opened on FD 14
2018/10/26 10:06:47 kid1| Local cache digest enabled; rebuild/rewrite every
3600
/3600 sec
2018/10/26 10:06:47 kid1| Logfile: opening log /var/log/squid/store.log
2018/10/26 10:06:47 kid1| WARNING: log name now starts with a module name.
Use '
stdio:/var/log/squid/store.log'
2018/10/26 10:06:47 kid1| Swap maxSize 102400 + 8192 KB, estimated 8507
objects
2018/10/26 10:06:47 kid1| Target number of buckets: 425
2018/10/26 10:06:47 kid1| Using 8192 Store buckets
2018/10/26 10:06:47 kid1| Max Mem size: 8192 KB
2018/10/26 10:06:47 kid1| Max Swap size: 102400 KB
2018/10/26 10:06:47 kid1| Rebuilding storage in /var/cache/squid (dirty log)
2018/10/26 10:06:47 kid1| Using Least Load store dir selection
2018/10/26 10:06:47 kid1| Set Current Directory to /var/cache/squid
2018/10/26 10:06:47 kid1| Finished loading MIME types and icons.
2018/10/26 10:06:47 kid1| HTCP Disabled.
2018/10/26 10:06:47 kid1| commBind: Cannot bind socket FD 23 to [::1]: (99)
Cann
ot assign requested address
2018/10/26 10:06:47 kid1| commBind: Cannot bind socket FD 24 to [::1]: (99)
Cann
ot assign requested address
2018/10/26 10:06:47 kid1| ERROR: Failed to create helper child read FD:
UDP[::1]
2018/10/26 10:06:47 kid1| Configuring Parent 192.168.31.113/8001/0
2018/10/26 10:06:47 kid1| Configuring Parent 192.168.31.134/8005/0
2018/10/26 10:06:47 kid1| Configuring Parent 192.168.31.134/8004/0
2018/10/26 10:06:47 kid1| Configuring Parent 192.168.31.134/8000/0
2018/10/26 10:06:47 kid1| Squid plugin modules loaded: 0
2018/10/26 10:06:47 kid1| Adaptation support is off.
2018/10/26 10:06:47 kid1| Accepting reverse-proxy HTTP Socket connections at
loc
al=[::]:3128 remote=[::] FD 18 flags=9
2018/10/26 10:06:47 kid1| Accepting reverse-proxy HTTPS Socket connections
at lo
cal=[::]:80 remote=[::] FD 19 flags=9
2018/10/26 10:06:47 kid1| Accepting reverse-proxy HTTPS Socket connections
at lo
cal=[::]:8000 remote=[::] FD 20 flags=9
2018/10/26 10:06:47 kid1| Accepting reverse-proxy HTTPS Socket connections
at lo
cal=[::]:8004 remote=[::] FD 21 flags=9
2018/10/26 10:06:47 kid1| Accepting reverse-proxy HTTPS Socket connections
at lo
cal=[::]:8005 remote=[::] FD 22 flags=9
2018/10/26 10:06:47 kid1| Done reading /var/cache/squid swaplog (0 entries)
2018/10/26 10:06:47 kid1| Store rebuilding is 0.00% complete
2018/10/26 10:06:47 kid1| Finished rebuilding storage from disk.
2018/10/26 10:06:47 kid1| 0 Entries scanned
2018/10/26 10:06:47 kid1| 0 Invalid entries.
2018/10/26 10:06:47 kid1| 0 With invalid flags.
2018/10/26 10:06:47 kid1| 0 Objects loaded.
2018/10/26 10:06:47 kid1| 0 Objects expired.
2018/10/26 10:06:47 kid1| 0 Objects cancelled.
2018/10/26 10:06:47 kid1| 0 Duplicate URLs purged.
2018/10/26 10:06:47 kid1| 0 Swapfile clashes avoided.
2018/10/26 10:06:47 kid1| Took 0.02 seconds ( 0.00 objects/sec).
2018/10/26 10:06:47 kid1| Beginning Validation Procedure
2018/10/26 10:06:47 kid1| Completed Validation Procedure
2018/10/26 10:06:47 kid1| Validated 0 Entries
2018/10/26 10:06:47 kid1| store_swap_size = 0.00 KB
2018/10/26 10:06:48 kid1| storeLateRelease: released 0 objects
oul163:/var/log/squid #




--
Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html
Angus J.
2018-10-26 02:14:55 UTC
Permalink
oul163:/etc/squid # squid -k parse
2018/10/26 10:14:14| Startup: Initializing Authentication Schemes ...
2018/10/26 10:14:14| Startup: Initialized Authentication Scheme 'basic'
2018/10/26 10:14:14| Startup: Initialized Authentication Scheme 'digest'
2018/10/26 10:14:14| Startup: Initialized Authentication Scheme 'negotiate'
2018/10/26 10:14:14| Startup: Initialized Authentication Scheme 'ntlm'
2018/10/26 10:14:14| Startup: Initialized Authentication.
2018/10/26 10:14:14| Processing Configuration File: /etc/squid/squid.conf
(depth 0)
2018/10/26 10:14:14| Processing: acl localnet src 10.0.0.0/8
2018/10/26 10:14:14| Processing: acl localnet src 172.16.0.0/12
2018/10/26 10:14:14| Processing: acl localnet src 192.168.0.0/16
2018/10/26 10:14:14| Processing: acl localnet src fc00::/7
2018/10/26 10:14:14| Processing: acl localnet src fe80::/10
2018/10/26 10:14:14| Processing: acl SSL_ports port 443 8000 8004 8005
2018/10/26 10:14:14| Processing: acl Safe_ports port 80
2018/10/26 10:14:14| Processing: acl Safe_ports port 21
2018/10/26 10:14:14| Processing: acl Safe_ports port 443
2018/10/26 10:14:14| Processing: acl Safe_ports port 70
2018/10/26 10:14:14| Processing: acl Safe_ports port 210
2018/10/26 10:14:14| Processing: acl Safe_ports port 1025-65535
2018/10/26 10:14:14| Processing: acl Safe_ports port 280
2018/10/26 10:14:14| Processing: acl Safe_ports port 488
2018/10/26 10:14:14| Processing: acl Safe_ports port 591
2018/10/26 10:14:14| Processing: acl Safe_ports port 777
2018/10/26 10:14:14| Processing: acl CONNECT method CONNECT
2018/10/26 10:14:14| Processing: access_log /var/log/squid/access.log
2018/10/26 10:14:14| Processing: http_access deny !Safe_ports
2018/10/26 10:14:14| Processing: http_access deny CONNECT !SSL_ports
2018/10/26 10:14:14| Processing: http_access allow localhost manager
2018/10/26 10:14:14| Processing: http_access deny manager
2018/10/26 10:14:14| Processing: http_access allow localnet
2018/10/26 10:14:14| Processing: http_access allow localhost
2018/10/26 10:14:14| Processing: http_access deny all
2018/10/26 10:14:14| Processing: coredump_dir /var/cache/squid
2018/10/26 10:14:14| Processing: refresh_pattern ^ftp: 1440 20 10080
2018/10/26 10:14:14| Processing: refresh_pattern ^gopher: 1440 0 1440
2018/10/26 10:14:14| Processing: refresh_pattern -i (/cgi-bin/|\?) 0 0 0
2018/10/26 10:14:14| Processing: refresh_pattern . 0 20 4320
2018/10/26 10:14:14| Processing: cache_dir ufs /var/cache/squid 100 16 256
2018/10/26 10:14:14| Processing: cache_log /var/log/squid/cache.log
2018/10/26 10:14:14| Processing: cache_mem 8 MB
2018/10/26 10:14:14| Processing: cache_mgr webmaster
2018/10/26 10:14:14| Processing: cache_replacement_policy lru
2018/10/26 10:14:14| Processing: cache_store_log /var/log/squid/store.log
2018/10/26 10:14:14| Processing: cache_swap_high 95
2018/10/26 10:14:14| Processing: cache_swap_low 90
2018/10/26 10:14:14| Processing: client_lifetime 1 days
2018/10/26 10:14:14| Processing: connect_timeout 2 minutes
2018/10/26 10:14:14| Processing: error_directory /usr/share/squid/errors/en
2018/10/26 10:14:14| Processing: ftp_passive on
2018/10/26 10:14:14| Processing: maximum_object_size 4096 KB
2018/10/26 10:14:14| Processing: memory_replacement_policy lru
2018/10/26 10:14:14| Processing: minimum_object_size 0 KB
2018/10/26 10:14:14| Processing: visible_hostname oul163.ouhk.edu.hk
2018/10/26 10:14:14| Processing: http_port 3128 accel vhost
defaultsite=oul163.ouhk.edu.hk
2018/10/26 10:14:14| Processing: https_port 8005 accel
cert=/etc/squid/certs/ouhk3.crt key=/etc/squid/certs/ouhk3.key
defaultsite=oul163.ouhk.edu.hk vhost protocol=https
options=NO_SSLv3:NO_SSLv2
2018/10/26 10:14:14| Processing: sslproxy_options NO_SSLv3:NO_SSLv2
2018/10/26 10:14:14| Processing: cache_peer 192.168.31.134 parent 8005 0 ssl
sslflags=DONT_VERIFY_PEER proxy-only name=uathrms
ssloptions=NO_SSLv3:NO_SSLv2
2018/10/26 10:14:14| Processing: cache_peer_domain uathrms
uathrms.ouhk.edu.hk
2018/10/26 10:14:14| Processing: acl localip src 192.168.0.0/24
2018/10/26 10:14:14| Processing: acl hrmsacl dstdomain .ouhk.edu.hk
2018/10/26 10:14:14| Processing: http_access allow hrmsacl
2018/10/26 10:14:14| Processing: cache_peer_access prdhrms allow hrmsacl
2018/10/26 10:14:14| /etc/squid/squid.conf, line 154: No cache_peer
'prdhrms'
2018/10/26 10:14:14| Processing: cache_peer_access uathrms allow hrmsacl
2018/10/26 10:14:14| Processing: cache_peer_access sithrms allow hrmsacl
2018/10/26 10:14:14| /etc/squid/squid.conf, line 156: No cache_peer
'sithrms'
2018/10/26 10:14:14| Processing: cache_peer_access devhrms allow hrmsacl
2018/10/26 10:14:14| /etc/squid/squid.conf, line 157: No cache_peer
'devhrms'
2018/10/26 10:14:14| Initializing https proxy context
2018/10/26 10:14:14| Initializing cache_peer uathrms SSL context
2018/10/26 10:14:14| Initializing https_port [::]:8005 SSL context
2018/10/26 10:14:14| Using certificate in /etc/squid/certs/ouhk3.crt




--
Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html
Continue reading on narkive:
Loading...