[tproxy] Squid is not caching
Jose Oliveira de Almeida Filho
jose.almeida-filho at serpro.gov.br
Wed Sep 16 13:50:05 CEST 2009
Rafael,
Vc está tentando colocar o proxy em modo bridge ou como gateway da rede?
Ele está fazendo cache mesmo ou só está passando pelo squid enquanto
está rodando?
*José Oliveira de Almeida Filho*
Analista de Redes
SERPRO/SUPRE/REPRO/RERCE
*(** *+55 0XX 81 2126 4016
*** _jose.almeida-filho at serpro.gov.br_
Rafael Moraes escreveu:
> Hello everyone,
>
> I'm using Patch cttproxy-2.6.18-2.0.6 + Squid 2.6-5 + Iptables 3.6.0 +
> Kernel 2.6.18-6. + Thundercache 2.1
>
> I've based my experience on
> http://web.suffieldacademy.org/ils/netadmin/docs/software/squid/#toc11
>
> The whole thing is working very well, I can cache videos from youtube
> and most of the video websites. The clients do everything on the
> internet with their own IP adresses.
> BUT, my squid cache is not working properly. It caches everything but
> when we try to use the cache it doesn't work.
>
> Please, check my squid.conf:
>
> /http_port 3128 tproxy transparent
> visible_hostname proxy
>
> cache_mem 20 MB
> maximum_object_size_in_memory 5 MB
> maximum_object_size 600 MB
> minimum_object_size 0 KB
> cache_swap_low 90
> cache_swap_high 95
> cache_dir ufs /cache01/squid 2048 16 256
> cache_access_log /var/log/squid/access.log
> refresh_pattern ^ftp: 15 20% 2280
> refresh_pattern ^gopher: 15 0% 2280
> refresh_pattern . 15 20% 2280
>
> acl all src 0.0.0.0/0.0.0.0 <http://0.0.0.0/0.0.0.0>
> acl manager proto cache_object
> acl localhost src 127.0.0.1/255.255.255.255
> <http://127.0.0.1/255.255.255.255>
> acl SSL_ports port 443 563
> acl Safe_ports port 21 80 443 563 70 210 280 488 59 777 901 1025-65535
> acl purge method PURGE
> acl CONNECT method CONNECT
>
> http_access allow manager localhost
> http_access deny manager
> http_access allow purge localhost
> http_access deny purge
> http_access deny !Safe_ports
> http_access deny CONNECT !SSL_ports
>
> acl redelocal src xxx.xxx.xxx..0/24
> acl externo src xxx.xxx.xxx.xxx
> http_access allow externo
> http_access allow localhost
> http_access allow redelocal
> http_access deny all
> acl local1 src xxx.xxx.xxx.0/24
>
>
> tcp_outgoing_address ip_squid local1
>
>
> url_rewrite_children 200
> acl store_rewrite_list url_regex -i "/etc/squid/thunder.lst"
> url_rewrite_access allow store_rewrite_list
> url_rewrite_access deny all
> url_rewrite_program /etc/squid/loader.php
>
>
> #url_rewrite_access allow store_rewrite_list
> #url_rewrite_access deny all
> #url_rewrite_program /etc/squid/loader.php
>
> #nega cache local, para não haver duplicação
> acl localcache dstdomain ip_squid
> cache deny localcache
>
> #Bloquear ICP e HTCP - Usado para conversar com outros caches
> Hierarquicamente
> icp_port 0
> htcp_port 0
> icp_access deny all
> htcp_access deny all
> #Desabilitar SNMP
> snmp_port 0
> snmp_access deny all
>
> cache_effective_user proxy
> cache_effective_group proxy
>
> #Extras
> detect_broken_pconn on
>
>
> pipeline_prefetch on
> ~ /
>
> --------------------------------------------------------------------------------------------------------------------------------
>
> Iptables Rule:
>
> iptables -t tproxy -A PREROUTING -p tcp -m tcp --dport 80 -j TPROXY
> --on-port 3128
>
>
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> tproxy mailing list
> tproxy at lists.balabit.hu
> https://lists.balabit.hu/mailman/listinfo/tproxy
>
"Esta mensagem do SERVIÇO FEDERAL DE PROCESSAMENTO DE DADOS (SERPRO), empresa pública federal regida pelo disposto na Lei Federal nº 5.615, é enviada exclusivamente a seu destinatário e pode conter informações confidenciais, protegidas por sigilo profissional. Sua utilização desautorizada é ilegal e sujeita o infrator às penas da lei. Se você a recebeu indevidamente, queira, por gentileza, reenviá-la ao emitente, esclarecendo o equívoco."
"This message from SERVIÇO FEDERAL DE PROCESSAMENTO DE DADOS (SERPRO) -- a government company established under Brazilian law (5.615/70) -- is directed exclusively to its addressee and may contain confidential data, protected under professional secrecy rules. Its unauthorized use is illegal and may subject the transgressor to the law's penalties. If you're not the addressee, please send it back, elucidating the failure."
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/tproxy/attachments/20090916/d8c46f6a/attachment.htm
More information about the tproxy
mailing list