Hello all
recentilly I installed squid on debian box and recive the followin error on
certain web sites. for example yahoo page is show the version of movile
1265227900.962 10 192.168.157.100 TCP_MISS/504 1678 GET
http://l.yimg.com/i/i/uk/metro/pill2.jpg - DIRECT/l.yimg.com text/html
1265227900.968 6 192.168.157.100 TCP_MISS/504 1674 GET
http://l.yimg.com/i/i/es/hp/minir1.jpg - DIRECT/l.yimg.com text/html
1265227900.972 3 192.168.157.100 TCP_MISS/504 1678 GET
http://l.yimg.com/i/i/uk/metro/pill1.jpg - DIRECT/l.yimg.com text/html
1265227901.026 9 192.168.157.100 TCP_MISS/504 1674 GET
http://l.yimg.com/i/i/es/hp/besos3.jpg - DIRECT/l.yimg.com text/html
1265227901.028 1 192.168.157.100 TCP_MISS/504 1674 GET
http://l.yimg.com/i/i/es/hp/maran1.jpg - DIRECT/l.yimg.com text/html
squid.conf
squid -v
Squid Cache: Version 2.7.STABLE3
configure options: '--prefix=/usr' '--exec_prefix=/usr'
'--bindir=/usr/sbin' '--sbindir=/usr/sbin' '--libexecdir=/usr/lib/squid'
'--sysconfdir=/etc/squid' '--localstatedir=/var/spool/squid'
'--datadir=/usr/share/squid' '--enable-async-io' '--with-pthreads'
'--enable-storeio=ufs,aufs,coss,diskd,null' '--enable-linux-netfilter'
'--enable-arp-acl' '--enable-epoll' '--enable-removal-policies=lru,heap'
'--enable-snmp' '--enable-delay-pools' '--enable-htcp'
'--enable-cache-digests' '--enable-underscores' '--enable-referer-log'
'--enable-useragent-log' '--enable-auth=basic,digest,ntlm,negotiate'
'--enable-negotiate-auth-helpers=squid_kerb_auth' '--enable-carp'
'--enable-follow-x-forwarded-for' '--with-large-files' '--with-maxfd=65536'
'i386-debian-linux' 'build_alias=i386-debian-linux'
'host_alias=i386-debian-linux' 'target_alias=i386-debian-linux'
'CFLAGS=-Wall -g -O2' 'LDFLAGS=' 'CPPFLAGS='
# WELCOME TO SQUID 2.7.STABLE3
# ----------------------------
# OPTIONS FOR AUTHENTICATION
# -----------------------------------------------------------------------------
auth_param digest program /usr/lib/squid/digest_pw_auth -c
/etc/apache2/passwd
auth_param digest children 16
auth_param digest realm Linux-Squid-Proxy-Server
auth_param digest nonce_garbage_interval 5 minutes
auth_param digest nonce_max_duration 30 minutes
auth_param digest nonce_max_count 50
authenticate_cache_garbage_interval 1 minute
authenticate_ttl 1 minute
authenticate_ip_ttl 60 seconds
authenticate_ip_shortcircuit_ttl 0 seconds
###############################################################################
redirect_program /usr/bin/squidGuard -c /etc/squid/squidGuard.conf
redirect_children 8
redirector_bypass on
# ACCESS CONTROLS
# -----------------------------------------------------------------------------
acl all src 0.0.0.0/0.0.0.0
acl administrador src "/etc/squid/privilegiados"
acl Autenticados proxy_auth REQUIRED
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 # https
acl SSL_ports port 563 # snews
acl SSL_ports port 873 # rsync
acl Safe_ports port 80 # http
acl Safe_ports port 8080 # http
acl Safe_ports port 3128 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # SWAT
acl purge method PURGE
acl CONNECT method CONNECT
#=========================================================================================
# http_access deny all
#
# Only allow cachemgr access from localhost
http_access allow manager localhost
http_access deny manager
# Only allow purge requests from localhost
http_access allow purge localhost
http_access deny purge
# Deny requests to unknown ports
http_access deny !Safe_ports
# Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports
#
http_access deny to_localhost
#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
acl red_metro src "/etc/squid/redlocal"
# Extensiones de Archivos y ficheros denegados
#acl Extensiones_Denegadas urlpath_regex -i "/etc/squid/extensiones"
# Denegar el acceso a servidores basados en direcciones IP
#acl IPForHostname dstdom_regex ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$
# CONEXIONES MAXIMAS POR USUARIOS
acl MaxConnection maxconn 64
acl direccioneslocales dstdom_regex ^[192]+\.[168]+\.[157]+\.[0-9]+$
acl direccioneslocales dstdom_regex ^[192]+\.[168]+\.[158]+\.[0-9]+$
acl Max_IP max_user_ip -s 1
http_access allow administrador
http_access deny MaxConnection Max_IP !direccioneslocales
http_access allow Autenticados red_metro
# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
#http_access allow localnet
http_access allow localhost
# And finally deny all other access to this proxy
http_access deny all
http_reply_access allow all
#icp_access deny all
# htcp_access deny all
#
#Allow HTCP queries from local networks only
#htcp_access allow Autenticados red_metro
htcp_access deny all
##Allow HTCP CLR requests from trusted peers
#acl htcp_clr_peer src 172.16.1.2
#htcp_clr_access allow htcp_clr_peer
# htcp_clr_access deny all
# miss_access allow all
# ident_lookup_access deny all
# reply_body_max_size 0 allow all
# OPTIONS FOR X-Forwarded-For
# -----------------------------------------------------------------------------
# SSL OPTIONS
# -----------------------------------------------------------------------------
#ssl_unclean_shutdown off
# NETWORK OPTIONS
# -----------------------------------------------------------------------------
http_port 172.16.99.2:8080
# OPTIONS WHICH AFFECT THE NEIGHBOR SELECTION ALGORITHM
# -----------------------------------------------------------------------------
hierarchy_stoplist cgi-bin ?
# MEMORY CACHE OPTIONS
# -----------------------------------------------------------------------------
cache_mem 8 MB
maximum_object_size_in_memory 8 KB
memory_replacement_policy lru
# DISK CACHE OPTIONS
# -----------------------------------------------------------------------------
cache_replacement_policy lru
cache_dir ufs /var/spool/squid/squid1 100 16 256
cache_dir ufs /var/spool/squid/squid2 100 16 256
store_dir_select_algorithm least-load
max_open_disk_fds 0
minimum_object_size 0 KB
maximum_object_size 20480 KB
cache_swap_low 90
cache_swap_high 95
update_headers on
# LOGFILE OPTIONS
# -----------------------------------------------------------------------------
# TAG: logformat
# Usage:
#
# logformat <name> <format specification>
#
# Defines an access log format.
#
# The <format specification> is a string with embedded % format codes
#
# % format codes all follow the same basic structure where all but
# the formatcode is optional. Output strings are automatically escaped
# as required according to their context and the output format
# modifiers are usually not needed, but can be specified if an explicit
# output format is desired.
#
# % ["|[|'|#] [-] [[0]width] [{argument}] formatcode
#
# " output in quoted string format
# [ output in squid text log format as used by log_mime_hdrs
# # output in URL quoted format
# ' output as-is
#
# - left aligned
# width field width. If starting with 0 the
# output is zero padded
# {arg} argument such as header name etc
#
# Format codes:
#
# >a Client source IP address
# >A Client FQDN
# >p Client source port
# <A Server IP address or peer name
# la Local IP address (http_port)
# lp Local port number (http_port)
# oa Our outgoing IP address (tcp_outgoing_address)
# ts Seconds since epoch
# tu subsecond time (milliseconds)
# tl Local time. Optional strftime format argument
# default %d/%b/%Y:%H:%M:%S %z
# tg GMT time. Optional strftime format argument
# default %d/%b/%Y:%H:%M:%S %z
# tr Response time (milliseconds)
# >h Request header. Optional header name argument
# on the format header[:[separator]element]
# <h Reply header. Optional header name argument
# as for >h
# un User name
# ul User name from authentication
# ui User name from ident
# us User name from SSL
# ue User name from external acl helper
# Hs HTTP status code
# Ss Squid request status (TCP_MISS etc)
# Sh Squid hierarchy status (DEFAULT_PARENT etc)
# mt MIME content type
# rm Request method (GET/POST etc)
# ru Request URL
# rp Request URL-Path excluding hostname
# rv Request protocol version
# ea Log string returned by external acl
# <st Reply size including HTTP headers
# >st Request size including HTTP headers
# st Request+Reply size including HTTP headers
# sn Unique sequence number per log line entry
# % a literal % character
#
# The default formats available (which do not need re-defining) are:
#
#logformat squid %ts.%03tu %6tr %>a %Ss/%03Hs %<st %rm %ru %un %Sh/%<A %mt
#logformat squidmime %ts.%03tu %6tr %>a %Ss/%03Hs %<st %rm %ru %un %Sh/%<A
%mt [%>h] [%<h]
#logformat common %>a %ui %un [%tl] "%rm %ru HTTP/%rv" %Hs %<st %Ss:%Sh
#logformat combined %>a %ui %un [%tl] "%rm %ru HTTP/%rv" %Hs %<st
"%{Referer}>h" "%{User-Agent}>h" %Ss:%Sh
#
#Default:
# none
access_log /var/log/squid/access.log squid
logfile_daemon /usr/lib/squid/logfile-daemon
cache_log /var/log/squid/cache.log
cache_store_log none
emulate_httpd_log off
log_ip_on_direct on
mime_table /usr/share/squid/mime.conf
log_mime_hdrs off
pid_filename /var/run/squid.pid
debug_options ALL,1 33,2
log_fqdn off
client_netmask 255.255.255.255
# netdb_filename /var/spool/squid/logs/netdb.state
# OPTIONS FOR FTP GATEWAYING
# -----------------------------------------------------------------------------
ftp_user [email protected]
ftp_list_width 32
ftp_passive on
ftp_sanitycheck on
ftp_telnet_protocol on
# OPTIONS FOR EXTERNAL SUPPORT PROGRAMS
# -----------------------------------------------------------------------------
diskd_program /usr/lib/squid/diskd-daemon
unlinkd_program /usr/lib/squid/unlinkd
#pinger_program /usr/lib/squid/pinger
# OPTIONS FOR URL REWRITING
# -----------------------------------------------------------------------------
# OPTIONS FOR TUNING THE CACHE
# -----------------------------------------------------------------------------
# max_stale 1 week
#Suggested default:
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern (Release|Package(.gz)*)$ 0 20% 2880
refresh_pattern . 0 20% 4320
# quick_abort_min 16 KB
# quick_abort_max 16 KB
# quick_abort_pct 95
# read_ahead_gap 16 KB
# negative_ttl 5 minutes
# positive_dns_ttl 6 hours
# negative_dns_ttl 1 minute:
# range_offset_limit 0 KB
# minimum_expiry_time 60 seconds
# store_avg_object_size 13 KB
# store_objects_per_bucket 20
# HTTP OPTIONS
# -----------------------------------------------------------------------------
# request_header_max_size 20 KB
# reply_header_max_size 20 KB
# request_body_max_size 0 KB
# Don't upgrade ShoutCast responses to HTTP
acl shoutcast rep_header X-HTTP09-First-Line ^ICY\s[0-9]
upgrade_http0.9 deny shoutcast
# TAG: via on|off
# If set (default), Squid will include a Via header in requests and
# replies as required by RFC2616.
#
#Default:
# via on
# TAG: cache_vary
# When 'cache_vary' is set to off, response that have a
# Vary header will not be stored in the cache.
#
#Default:
# cache_vary on
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
# collapsed_forwarding off
# refresh_stale_hit 0 seconds
# ie_refresh off
# vary_ignore_expire off
# TAG: extension_methods
# Squid only knows about standardized HTTP request methods.
# You can add up to 20 additional "extension" methods here.
extension_methods REPORT MERGE MKACTIVITY CHECKOUT
# request_entities off
# relaxed_header_parser on
# server_http11 off
# TAG: ignore_expect_100 on|off
# This option makes Squid ignore any Expect: 100-continue header present
# in the request.
# Note: Enabling this is a HTTP protocol violation, but some client may
# not handle it well..
#
#Default:
# ignore_expect_100 off
# TIMEOUTS
# -----------------------------------------------------------------------------
forward_timeout 4 minutes
connect_timeout 1 minute
peer_connect_timeout 30 seconds
read_timeout 15 minutes
request_timeout 5 minutes
persistent_request_timeout 2 minutes
client_lifetime 1 day
half_closed_clients on
pconn_timeout 1 minute
ident_timeout 10 seconds
shutdown_lifetime 30 seconds
# ADMINISTRATIVE PARAMETERS
# -----------------------------------------------------------------------------
cache_mgr [email protected]
# mail_program mail
# cache_effective_user proxy
# httpd_suppress_version_string off
visible_hostname proxy-centro-informativo
unique_hostname proxy-centro-informativo
# umask 027
# OPTIONS FOR THE CACHE REGISTRATION SERVICE
# -----------------------------------------------------------------------------
# HTTPD-ACCELERATOR OPTIONS
# -----------------------------------------------------------------------------
# DELAY POOL PARAMETERS
# -----------------------------------------------------------------------------
# PERSISTENT CONNECTION HANDLING
# -----------------------------------------------------------------------------
client_persistent_connections on
server_persistent_connections on
# persistent_connection_after_error off
# detect_broken_pconn off
# CACHE DIGEST OPTIONS
# -----------------------------------------------------------------------------
digest_generation on
digest_bits_per_entry 5
digest_rebuild_period 1 hour
digest_rewrite_period 1 hour
digest_swapout_chunk_size 4096 bytes
digest_rebuild_chunk_percentage 10
# SNMP OPTIONS
# -----------------------------------------------------------------------------
snmp_port 3401
snmp_access deny all
snmp_incoming_address 0.0.0.0
snmp_outgoing_address 255.255.255.255
# ICP OPTIONS
# -----------------------------------------------------------------------------
# icp_port 3130
# htcp_port 0
#log_icp_queries on
udp_incoming_address 0.0.0.0
udp_outgoing_address 255.255.255.255
# icp_hit_stale off
# minimum_direct_hops 4
# minimum_direct_rtt 400
#mcast_icp_query_timeout 2000
# INTERNAL ICON OPTIONS
# -----------------------------------------------------------------------------
icon_directory /usr/share/squid/icons
# global_internal_static on
# ERROR PAGE OPTIONS
# -----------------------------------------------------------------------------
error_directory /usr/share/squid/errors/Spanish
# OPTIONS INFLUENCING REQUEST FORWARDING
# -----------------------------------------------------------------------------
# nonhierarchical_direct on
# prefer_direct off
# ignore_ims_on_miss off
# ADVANCED NETWORKING OPTIONS
# -----------------------------------------------------------------------------
# max_filedescriptors 0
tcp_recv_bufsize 0 bytes
incoming_rate 30
# DNS OPTIONS
# -----------------------------------------------------------------------------
check_hostnames on
allow_underscore on
# cache_dns_program /usr/lib/squid/dnsserver
#dns_children 5
dns_retransmit_interval 5 seconds
dns_timeout 2 minutes
dns_nameservers 200.55.128.4 200.55.128.3
#hosts_file /etc/hosts
# dns_testnames netscape.com internic.net nlanr.net microsoft.com
ignore_unknown_nameservers on
fqdncache_size 1024
# MISCELLANEOUS
# -----------------------------------------------------------------------------
# memory_pools on
# memory_pools_limit 5 MB
# forwarded_for on
client_db on
reload_into_ims off
maximum_single_addr_tries 1
retry_on_error off
offline_mode on
uri_whitespace strip
# Leave coredumps in the first cache dir
coredump_dir /var/spool/squid/squid1
balance_on_multiple_ip off
pipeline_prefetch off
high_response_time_warning 0
high_page_fault_warning 0
high_memory_warning 0 KB
sleep_after_fork 0
zero_buffers on
delay_pools 3
delay_class 1 1
delay_class 2 1
delay_class 3 1
delay_parameters 1 65536/1048576
delay_parameters 2 1000/5000
delay_parameters 3 5000/3000
#quite un cero
#
acl Gerentes src 192.168.99.81 192.168.99.100 192.168.157.100 192.168.157.61
acl Todos src 192.168.157.71 192.168.156.58 192.168.156.50 192.168.156.52
192.168.99.101 192.168.99.121 192.168.157.15
acl extensiones rep_mime_type "/etc/squid/ext_slow"
delay_access 1 allow Gerentes
delay_access 2 allow Todos
delay_access 3 deny Gerentes
delay_access 3 allow extensiones
