D
D
dscsqrl2019-06-26 07:53:43
Squid
dscsqrl, 2019-06-26 07:53:43

Why doesn't squid work after changing parameters?

Why does squid stop working when the parameter is changed to more or less
delay_parameters 2 -1/-1 300000/300000 300000/300000
Installed on WINDOWS SERVER.

in logs
1561524147.401      1 192.168.1.170 TCP_DENIED/403 4631 GET http://legoapp.ev3.education.112.2o7.net/b/ss/legoapp.ev3.education/0/CS-1.4.2-SL2/s56196590366864? - HIER_NONE/- text/html
1561524147.827      1 192.168.1.165 TCP_DENIED/403 4547 GET http://legoapp.ev3.education.112.2o7.net/b/ss/legoapp.ev3.education/0/CS-1.4.2-SL2/s55015904761392? - HIER_NONE/- text/html
1561524148.155      1 192.168.1.165 TCP_DENIED/403 4547 GET http://legoapp.ev3.education.112.2o7.net/b/ss/legoapp.ev3.education/0/CS-1.4.2-SL2/s53031037632856? - HIER_NONE/- text/html
1561524149.983   2798 192.168.1.183 TCP_MISS/206 66027 GET http://au.download.windowsupdate.com/d/msdownload/update/software/defu/2019/06/am_delta_f160d51790d3c1326cab50b5ebd408cb1f26a9e1.exe - HIER_DIRECT/23.62.2.114 application/octet-stream
1561524149.985   2724 192.168.1.183 TCP_MISS/206 66027 GET http://au.download.windowsupdate.com/d/msdownload/update/software/defu/2019/06/am_delta_f160d51790d3c1326cab50b5ebd408cb1f26a9e1.exe - HIER_DIRECT/23.62.2.114 application/octet-stream
1561524150.225  37745 192.168.1.177 TCP_TUNNEL/200 3359 CONNECT tiles.services.mozilla.com:443 - HIER_DIRECT/52.34.132.219 -
1561524150.225  37568 192.168.1.177 TCP_TUNNEL/200 3359 CONNECT tiles.services.mozilla.com:443 - HIER_DIRECT/52.34.132.219 -
1561524150.225  37517 192.168.1.177 TCP_TUNNEL/200 6020 CONNECT snippets.cdn.mozilla.net:443 - HIER_DIRECT/52.85.243.55 -
1561524150.225  37509 192.168.1.177 TCP_TUNNEL/200 560006 CONNECT yandex.ru:443 - HIER_DIRECT/213.180.193.56 -
1561524150.225  36935 192.168.1.177 TCP_TUNNEL/200 4709680 CONNECT safebrowsing.googleapis.com:443 - HIER_DIRECT/173.194.73.95 -
1561524150.225  24377 192.168.1.177 TCP_TUNNEL/200 138343 CONNECT static-mon.yandex.net:443 - HIER_DIRECT/87.250.251.92 -
1561524150.225  36665 192.168.1.177 TCP_TUNNEL/200 152951 CONNECT firefox.settings.services.mozilla.com:443 - HIER_DIRECT/52.85.241.47 -
1561524150.225  36613 192.168.1.177 TCP_TUNNEL/200 439 CONNECT tiles.services.mozilla.com:443 - HIER_DIRECT/52.34.132.219 -
1561524150.225  36283 192.168.1.177 TCP_TUNNEL/200 20319 CONNECT favicon.yandex.net:443 - HIER_DIRECT/77.88.21.36 -
1561524150.225  32964 192.168.1.177 TCP_TUNNEL/200 6734 CONNECT backend.messenger.yandex.ru:443 - HIER_DIRECT/213.180.204.250 -
1561524150.225  36262 192.168.1.177 TCP_TUNNEL/200 2776171 CONNECT im0-tub-ru.yandex.net:443 - HIER_DIRECT/213.180.204.60 -
1561524150.225  27990 192.168.1.177 TCP_TUNNEL/200 8017 CONNECT im2-tub-com.yandex.net:443 - HIER_DIRECT/213.180.204.60 -
1561524150.225  15575 192.168.1.177 TCP_TUNNEL/200 5089 CONNECT static-mon.yandex.net:443 - HIER_DIRECT/87.250.251.92 -
1561524150.225  36138 192.168.1.177 TCP_TUNNEL/200 514675 CONNECT avatars.mds.yandex.net:443 - HIER_DIRECT/87.250.247.182 -
1561524150.225  19350 192.168.1.177 TCP_TUNNEL/200 5120 CONNECT csp.yandex.net:443 - HIER_DIRECT/87.250.251.242 -
1561524150.225  35509 192.168.1.177 TCP_TUNNEL/200 11263 CONNECT mc.yandex.ru:443 - HIER_DIRECT/87.250.250.119 -
1561524150.225  35335 192.168.1.177 TCP_TUNNEL/200 6204 CONNECT backend.messenger.yandex.ru:443 - HIER_DIRECT/213.180.204.250 -
1561524150.225  35128 192.168.1.177 TCP_TUNNEL/200 15956 CONNECT content-signature.cdn.mozilla.net:443 - HIER_DIRECT/52.85.241.77 -
1561524150.228  38395 192.168.1.177 TCP_TUNNEL/200 3865 CONNECT push.services.mozilla.com:443 - HIER_DIRECT/34.209.30.112 -
config:
#Список внутренних IP-сетей, которым разрешен доступ в интернет

acl localnet src 10.0.0.0/8	# RFC1918 possible internal network
acl localnet src 172.16.0.0/12	# RFC1918 possible internal network
acl localnet src 192.168.0.0/16	# RFC1918 possible internal network
acl localnet src fc00::/7       # RFC 4193 local private network range
acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machines
acl lan1 src 192.168.1.0/24

acl SSL_ports port 443
acl Safe_ports port 80		# http
acl Safe_ports port 21		# ftp
acl Safe_ports port 443		# https
acl Safe_ports port 70		# gopher
acl Safe_ports port 210		# wais
acl Safe_ports port 1025-65535	# unregistered ports
acl Safe_ports port 280		# http-mgmt
acl Safe_ports port 488		# gss-http
acl Safe_ports port 591		# filemaker
acl Safe_ports port 777		# multiling http
acl CONNECT method CONNECT

#custom_acl
acl blacklist url_regex -i "/etc/squid/blacklist.txt"
http_access deny blacklist
http_access allow lan1

# Разрешить доступ к cachemgr только с localhost
http_access allow localhost manager
http_access deny manager

# Запретить доступ к портам, отсутствующим в списке выше
http_access deny !Safe_ports

# Запретить метод CONNECT не на SSL-порт
http_access deny CONNECT !SSL_ports

# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on "localhost" is a local user
#http_access deny to_localhost

#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#

# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
http_access allow lan1
http_access allow localhost



# And finally deny all other access to this proxy
http_access deny all

delay_pools 2
delay_class 1 1
delay_class 2 3
delay_access 1 deny all
delay_access 2 allow lan1
delay_access 2 deny all
delay_parameters 1 -1/-1
delay_parameters 2 -1/-1 300000/300000 300000/300000

# Squid normally listens to port 3128
http_port 192.168.1.144:3128
#http_port 3128

# Uncomment the line below to enable disk caching - path format is /cygdrive/<full path to cache folder>, i.e.
#cache_dir aufs /cygdrive/d/squid/cache 3000 16 256

# Leave coredumps in the first cache dir
coredump_dir /var/cache/squid

# Add any of your own refresh_pattern entries above these.
refresh_pattern .*\.(jpg|png|pdf|zip|jpeg|mp4|flv|webm)		1440	20%	10080
refresh_pattern ^ftp:		1440	20%	10080
refresh_pattern ^gopher:	1440	0%	1440
refresh_pattern -i (/cgi-bin/|\?) 0	0%	0
refresh_pattern .		0	20%	4320

dns_nameservers 192.168.1.120 192.168.1.1

max_filedescriptors 3200

Answer the question

In order to leave comments, you need to log in

1 answer(s)
D
dscsqrl, 2019-06-26
@dscsqrl

I figured everything out, here some nonsense is written in these lines
delay_pools 2
delay_class 1 1
delay_class 2 3
delay_access 1 deny all
delay_access 2 allow lan1
delay_access 2 deny all
delay_parameters 1 -1/-1
delay_parameters 2 -1/-1 300000/300000 300000/300000
corrected for this, everything worked
delay_pools 1
delay_class 1 1
delay_access 1 allow lan1
delay_parameters 1 -1/-1 (set your own)

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question