Re: [squid-users] Minor Errors In Squid.Conf (attached) That I Would Like Reviewed

From: Neil A. Hillard <hillardn@dont-contact.us>
Date: Tue, 04 Apr 2006 14:20:14 +0100

Hi,

Vadim Pushkin wrote:
> Hello;
>
> I've attached my condensed (without comments) squid.conf that is giving
> me some trouble. My problems are as follows:
>
> 1. I am unable to connect to the cachemgr.cgi from machines in
> "Bldg_One" or "Bldg_Two". I am trying to connect to cachemgr.cgi via
> webmin.
>
> 2. My disk space allocated seems to get used up within about three
> months and I am not sure how to properly set up my config to expire my
> cache sooner, don't even know what it is expiring at now for that
> matter. When my allocated disk space is met, squid dies. The last time
> that this happened I ran a clear and rebuild cache, this was a terrible
> mistake as it had taken an entire day to run.
>
> 3. I am able to connect using ports that I thought I had forbidden using
> "CONNECT". Is my ordering wrong?
>
> 4. I have at my disposal another 64GB partition contained in this
> machine and I would like to get some suggestions for the best way to use
> it. I.e, shall I just newfs this other partition and initialize it so
> as to pre-stage a new cache in case my hard drive dies? Or, can I just
> use it alongside what I have now and have squid continue to work even if
> one of the two partitions dies?
>
> As you can see from my attached config file, I have come a long way, but
> I am not completely aware of all that squid can do.

OK, remember that the order of rules is important (OK, very important).
  The reason that you can connect to any port is that the following
rules come _after_ the rules that grant access from your SRCs

http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports

They therefore are never evaluated. You need to put these first and
then test once again. Do you really need those http_reply_access lines
at all?

HTH,

                                Neil. 

-- 
Neil Hillard                    hillardn@whl.co.uk
Westland Helicopters Ltd.       http://www.whl.co.uk/
Disclaimer: This message does not necessarily reflect the
             views of Westland Helicopters Ltd.
Received on Tue Apr 04 2006 - 07:20:26 MDT

This archive was generated by hypermail pre-2.1.9 : Mon May 01 2006 - 12:00:02 MDT