On Tue, 13 Apr 2004, Santiago Montalvan wrote: > I am running Squid 2.5 STABLE3 on a RedHat 7.3 machine w/ a 400Mhz AMD K6-2, > 128MB of RAM, and a 15.7GB HD. That said I believe I can move on and > address some of the questions I have. > > 1) I would like to change the error messages to show the actual time and not > the GMT time but I cannot find how to do this.
See http://www.squid-cache.org/Doc/FAQ/FAQ-10.html#ss10.25 and http://www.squid-cache.org/Doc/FAQ/FAQ-19.html#custom-err-msgs referenced from there.. > So now I have decided I want to use the rules above but I don't want to > cache, do I need to add the following entries? > No_cache deny urls > No_cache deny ips > If the above is correct where do I add those two entries? http://www.squid-cache.org/Doc/FAQ/FAQ-4.html#ss4.20 or http://www.squid-cache.org/Doc/FAQ/FAQ-7.html#ss7.8 if you want detailed control of what gets cached. > And then I would do: > > Http_access allow pc1 urls > Http_access allow pc1 ips > Http_access allow pc2 urls > Http_access allow pc2 ips Looks reasonable, but you could join pc1 & pc2 into a single acl as they have the same level of access, thereby reducing the number of http_access rules you need. > 4) So now that I have the rules for pc1 and pc2 for urls and ips I want to > make sure I can use rules porn and porn1 for all computers. So now I am not > sure what the order of all this is supposed to be and also if my little > 400Mhz w/ 128MB of RAM can handle all requests from about 80 clients (again > I don't wanna cache anything). The basic rule is that you need to deny before you allow the same request. Squid looks for the first matching http_access rule to determine if the request is to be allowed or denied. So to deremine if a specific request is to be allowed or denied, just look at your http_access rules top-down starting with the first. As soon as you find a rule which matches the request (all acl elements are true) you know if it is allowed or denied. > > http_access allow pc1 pc2 urls > http_access allow pc1 pc2 ips These should go below the Safe_ports thing... and as said above you could join pc1 & pc2 into a single acl. > http_access deny !Safe_ports > http_access deny CONNECT !SSL_ports Where is the Safe_ports thing? Should be here.. > http_access allow localhost > no_cache deny urls > no_cache deny ips Try not to mix http_access and no_cache directives, this makes it harder to read the rules of each class. > http_access deny pc1 > http_access deny pc2 possible to join as above reference to pc1 & pc2.. > http_access allow al You reall should have more detailed control than this on what you allow. At a minimum acl my_clients src your.internal.lan/mask http_access allow my_clients http_access deny all Regards Henrik
