Re: [squid-users] how to pass all internet traffic through squid

From: Tarak Ranjan <[email protected]>
Date: Tue, 13 Nov 2007 17:26:06 +0530

Marcello Romani wrote:
> Tarak Ranjan ha scritto:
>> Hi List,
>> i have one squid 2.6 proxy server. current situation is as
>> per browser settings for proxy...
>>
>> Direct Connection: users are directly connecting to internet, no logs
>> are coming in access.log. not a single ACL is hitting for them
>>
>> Autodetect Proxy: same as Direct Connection
>>
>> Manual proxy: when anyone selecting manual proxy, that time only ACL
>> and logs everything is coming for the corresponding IP/user.
>>
>> What i want, WHAT EVER THE CLIENT HAS SELECTED IN THEIR BROWSER.
>> DIRECT/AUTO/MANUEL , ACL & LOG SHOULD COME. AND ALL THE INTERNET
>> ACCESS TRAFFIC SHOULD PASS THROUGH SQUID......
>>
>> HERE IS MY ACCESS.LOG.....THOSE WHO HAVE SELECTED MANUAL PROXY
>>
>> 1194864803.351 756 192.168.1.40 TCP_MISS/200 394 POST
>> http://mail.google.com/mail/channel/bind? - DIRECT/72.14.221.17 text/html
>> 1194864803.566 1414 192.168.1.23 TCP_MISS/200 515 GET
>> http://us.bc.yahoo.com/b? - DIRECT/203.84.204.69 image/gif
>> 1194864824.677 455 192.168.1.117 TCP_MISS/200 2744 GET
>> http://sb.google.com/safebrowsing/update? - DIRECT/72.14.217.91 text/html
>> 1194864827.772 669 192.168.1.108 TCP_MISS/200 2349 GET
>> http://rad.msn.com/ADSAdClient31.dll? - DIRECT/207.68.178.153 text/html
>> 1194864828.219 60561 192.168.1.154 TCP_MISS/200 668 POST
>> http://shttp.msg.yahoo.com/notify/ - DIRECT/216.155.194.239 text/plain
>> 1194864828.851 1079 192.168.1.108 TCP_MISS/200 3825 GET
>> http://ad.doubleclick.net/adj/N3977.MSN_homepage_in/B2559371;sz=234x60;ord=1511213470?
>> - DIRECT/216.73.87.74 application/x-javascript
>> 1194864828.910 58 192.168.1.108 TCP_IMS_HIT/304 321 GET
>> http://m1.2mdn.net/879366/flashwrite_1_2.js - NONE/-
>> application/x-javascript
>> 1194864829.167 257 192.168.1.108 TCP_MISS/304 317 GET
>> http://m1.2mdn.net/1234724/yahoo_dotcom_234x60.swf? -
>> DIRECT/125.252.226.32 application/x-shockwave-flash
>> 1194864829.436 225558 192.168.1.40 TCP_MISS/200 3260 GET
>> http://mail.google.com/mail/channel/bind? - DIRECT/72.14.221.17
>> text/plain
>>
>> HERE IS MY CONFIGURATION FOR THE REFERENCE:
>>
>> auth_param basic children 5
>> auth_param basic realm Squid proxy-caching web server
>> auth_param basic credentialsttl 2 hours
>> acl all src 0.0.0.0/0.0.0.0
>> acl manager proto cache_object
>> acl localhost src 127.0.0.1/255.255.255.255
>> acl to_localhost dst 127.0.0.0/8
>> acl blocksites dstdomain "/etc/squid/squid-block.acl"
>> acl blockfiles urlpath_regex -i "/etc/squid/multimedia.files.acl"
>> acl malware_block_list url_regex -i "/etc/squid/malware_block_list.txt"
>> acl SSL_ports port 443
>> acl CONNECT method CONNECT
>> http_access allow manager localhost
>> http_access deny manager
>> http_access deny blockfiles
>> http_access deny blocksites
>> http_access deny malware_block_list
>> http_access deny !Safe_ports
>> http_access deny CONNECT !SSL_ports
>> acl lk_network src 192.168.1.0/24
>> http_access allow lk_network
>> acl local-servers1 dstdomain liqwidkrystal.com
>> always_direct deny local-servers1
>> acl local-servers2 dstdomain lk.com
>> always_direct deny local-servers2
>> http_access allow localhost
>> http_access deny all
>> http_reply_access allow all
>> icp_access allow all
>> http_port 192.168.1.3:8080 transparent
>> hierarchy_stoplist cgi-bin ?
>> acl QUERY urlpath_regex cgi-bin \?
>> cache deny QUERY
>> cache_mem 8 MB
>> cache_dir ufs /var/spool/squid 100 16 256
>> access_log /var/log/squid/access.log squid
>> cache_log /var/log/squid/cache.log
>> cache_store_log none
>> logfile_rotate 7
>> pid_filename /var/run/squid.pid
>> log_fqdn off
>> ftp_passive on
>> refresh_pattern ^ftp: 1440 20% 10080
>> refresh_pattern ^gopher: 1440 0% 1440
>> refresh_pattern . 0 20% 4320
>> acl apache rep_header Server ^Apache
>> broken_vary_encoding allow apache
>> cache_mgr tarak.ranjan@liqwidkrystal.com
>> coredump_dir /var/spool/squid
>>
>>
>> ******* WHAT ARE THE NECESSARY CHANGES I HAVE TO TAKE TO WORK SQUID AS
>> I MENTIONED ABOVE.
>>
>
> You probably want to setup a transparent proxy...
> oh, and btw PLEASE DON'T SHOUT we hear you just fine in lowercase.
>
> thanks.
>
Sorry to post it again.... i haven't get the answer from the post....
give me some suggestions to make it out
Received on Tue Nov 13 2007 - 04:54:27 MST

This archive was generated by hypermail pre-2.1.9 : Sat Dec 01 2007 - 12:00:02 MST