One more thing to confirm. I am using IP ranges of my subnet to allow
access to internet like this:
#following lines are put in a file named "gerrys_groups.acl" and
referenced in an ACL statement.
192.168.4.25-192.168.4.50
192.168.4.101-192.168.4.150
Is this valid and supported by squid?
Asim Ahmed @ Folio3 wrote:
> Hi,
>
> I am using smoothwall 3.0SP1-polar that comes with Squid2.7STABLE6
> built in. I configure the squid with following parameters. Problem is
> that squid works fine for 1 or 2 users but when I open it for whole
> subnet or range of IPs, it crashes down. I mean it start behaving
> wierdly like most of the time it does not respond to http requests and
> users have to keep pressing F5 several times to get the request done.
> Even access log does not show any requests coming in. In cache log i
> find many entries like "Invalid request" etc. Some times I also find
> "Cache DIRTY" words during restart of squid. My ACLs are as follows:
>
> SQUID-Settings
> ===========
>
> visible_hostname smoothwall
> acl localnetgreen src 192.168.4.0/255.255.255.0
> http_port 192.168.4.123:800 transparent
> cache_mem 1024 MB
> maximum_object_size_in_memory 32 KB
>
> cache_replacement_policy heap GDSF
> memory_replacement_policy heap GDSF
>
> half_closed_clients off
>
> cache_swap_high 100%
> cache_swap_low 95%
>
> shutdown_lifetime 5 seconds
> icp_port 0
>
> acl QUERY urlpath_regex cgi-bin \?
> no_cache deny QUERY
>
> cache_effective_user squid
> cache_effective_group squid
>
> pid_filename /var/run/squid.pid
>
> cache_access_log /var/log/squid/access.log
> cache_log /var/log/squid/cache.log
> cache_store_log none
> error_directory /usr/share/errors/English
> log_mime_hdrs off
>
> forwarded_for off
>
> acl all src 0.0.0.0/0.0.0.0
> acl localhost src 127.0.0.1/255.255.255.255
>
> acl SSL_ports port 445 443 441 563
> acl Safe_ports port 80 # http
> acl Safe_ports port 81 # smoothwall http
> acl Safe_ports port 21 # ftp
> acl Safe_ports port 445 443 441 563 # https, snews
> acl Safe_ports port 70 # gopher
> acl Safe_ports port 210 # wais
> acl Safe_ports port 1025-65535 # unregistered ports
> acl Safe_ports port 280 # http-mgmt
> acl Safe_ports port 488 # gss-http
> acl Safe_ports port 591 # filemaker
> acl Safe_ports port 777 # multiling http
> acl CONNECT method CONNECT
> #######################################
> # ACLs #
> #######################################
> acl super_users src "/var/smoothwall/proxy/f3_acls/super_users.acl"
> acl ISP1_users src "/var/smoothwall/proxy/f3_acls/gerrys_groups.acl"
> acl ISP2_users src "/var/smoothwall/proxy/f3_acls/netsat_groups.acl"
> acl managers src "/var/smoothwall/proxy/f3_acls/managers.acl"
> acl blocked_extensions urlpath_regex -i
> "/var/smoothwall/proxy/f3_acls/blocked_extensions.acl"
> acl blocked_sites url_regex -i
> "/var/smoothwall/proxy/f3_acls/blocked_sites.acl"
> acl blocked_request_mt req_mime_type -i
> "/var/smoothwall/proxy/f3_acls/blocked_mimetypes.acl"
> acl blocked_reply_mt rep_mime_type -i
> "/var/smoothwall/proxy/f3_acls/blocked_mimetypes.acl"
> acl gaming_sites url_regex -i
> "/var/smoothwall/proxy/f3_acls/gaming_sites.acl"
> acl server_machines src
> "/var/smoothwall/proxy/f3_acls/server_machines.acl"
> acl working_hours time MTWHF 09:00-12:30
> acl working_hours time MTWHF 14:00-18:30
> acl gaming_hours time MTWHF 21:00-23:59
> acl gaming_hours time MTWHF 01:00-07:00
> ########################################
> # HTTP_ACCESS #
> ########################################
> http_access allow super_users
> http_access deny blocked_sites working_hours
> http_access deny blocked_request_mt working_hours
> http_access deny blocked_reply_mt working_hours
> http_access deny gaming_sites !gaming_hours
> http_access allow managers
> #http_access deny blocked_extensions working_hours
> http_access allow ISP1_users
> #http_access allow ISP2_users
> http_access allow server_machines
> http_access deny localnetgreen
> umask 022
>
> maximum_object_size 4096 KB
> minimum_object_size 0 KB
>
> # Smoothwall does not allow this parameter to be changed. I can only
> change cache size
> cache_dir diskd /var/spool/squid/cache 10240 16 256
>
> request_body_max_size 0 KB
> reply_body_max_size 0 allow all
>
> logfile_rotate 0
>
> strip_query_terms off
>
> acl shoutcast rep_header X-HTTP09-First-Line ^ICY.[0-9]
> upgrade_http0.9 deny shoutcast
>
>
-- Regards, Asim Ahmed Khan IT Manager, Folio3 (Pvt.) Ltd. www.folio3.com Direct: 92-21-4323721-4 Ext 110 Email: aahmed_at_folio3.comReceived on Wed Dec 02 2009 - 05:19:28 MST
This archive was generated by hypermail 2.2.0 : Wed Dec 02 2009 - 12:00:01 MST