PDA

Archiv verlassen und diese Seite im Standarddesign anzeigen : squid.conf



siegpes
02.04.06, 17:55
hallo leute!

habe suse10 64bit squid 2.5 konfiguriert!
kann mal wer nachschauen ob das so richtig ist? bitte!

es funktioniert alles nur wenn ich bei den client pc´s den browser aufmache dauert es bis sichg die erste seite geladen hat! wenn man zu einer anderen seite wechselt dauert es auch länger! egal ob einer im internet ist oder mehrere!

es sind 12 client pc´s die darauf zugreifen!





http_port 3128
# ssl_unclean_shutdown off
# icp_port 3130
# htcp_port 0
# udp_incoming_address 0.0.0.0
# udp_outgoing_address 255.255.255.255
# icp_query_timeout 0
# maximum_icp_query_timeout 2000
# mcast_icp_query_timeout 2000
# dead_peer_timeout 10 seconds
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_mem 256 MB
# cache_swap_low 90
# cache_swap_high 95
# maximum_object_size 4096 KB
# minimum_object_size 0 KB
# maximum_object_size_in_memory 8 KB
# ipcache_size 1024
# ipcache_low 90
# ipcache_high 95
# fqdncache_size 1024
# cache_replacement_policy lru
# memory_replacement_policy lru
cache_dir ufs /var/cache/squid 1000 16 256
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
emulate_httpd_log off
# log_ip_on_direct on
# mime_table /etc/squid/mime.conf
# log_mime_hdrs off
# pid_filename /var/run/squid.pid
# debug_options ALL,1
# log_fqdn off
client_netmask 255.255.255.0
# ftp_user Squid@
# ftp_list_width 32
# ftp_passive on
# ftp_sanitycheck on
# ftp_telnet_protocol on
# cache_dns_program /usr/sbin/dnsserver
# dns_children 5
# dns_retransmit_interval 5 seconds
# dns_timeout 2 minutes
# dns_defnames off
# none
# hosts_file /etc/hosts
# diskd_program /usr/sbin/diskd
# unlinkd_program /usr/sbin/unlinkd
# pinger_program /usr/sbin/pinger
# redirect_children 5
# redirect_rewrites_host_header on
#Recommended minimum configuration:
#auth_param digest program <uncomment and complete this line>
#auth_param digest children 5
#auth_param digest realm Squid proxy-caching web server
#auth_param digest nonce_garbage_interval 5 minutes
#auth_param digest nonce_max_duration 30 minutes
#auth_param digest nonce_max_count 50
#auth_param ntlm program <uncomment and complete this line to activate>
#auth_param ntlm children 5
#auth_param ntlm max_challenge_reuses 0
#auth_param ntlm max_challenge_lifetime 2 minutes
#auth_param ntlm use_ntlm_negotiate off
#auth_param basic program <uncomment and complete this line>
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off

# authenticate_cache_garbage_interval 1 hour
# authenticate_ttl 1 hour
# authenticate_ip_ttl 0 seconds
# wais_relay_port 0
# request_header_max_size 20 KB
# request_body_max_size 0 KB
# Suggested default:
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
# quick_abort_min 16 KB
# quick_abort_max 16 KB
# quick_abort_pct 95
# negative_ttl 5 minutes
# positive_dns_ttl 6 hours
# negative_dns_ttl 1 minute
# range_offset_limit 0 KB
# connect_timeout 1 minute
# peer_connect_timeout 30 seconds
# read_timeout 15 minutes
# request_timeout 5 minutes
# persistent_request_timeout 1 minute
# client_lifetime 1 day
# half_closed_clients on
# pconn_timeout 120 seconds
# ident_timeout 10 seconds
# shutdown_lifetime 30 seconds
#Examples:
#acl macaddress arp 09:00:2b:23:45:67
#acl myexample dst_as 1241
#acl password proxy_auth REQUIRED
#acl fileupload req_mime_type -i ^multipart/form-data$
#acl javascript rep_mime_type -i ^application/x-javascript$
#
#Recommended minimum configuration:
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
#acl MSIE browser /internet explorer/MSIE 6.0
#acl pesal src 192.168.0.0/24
#acl gerald src 192.168.1.0/24
acl our_networks src 192.168.10.1-192.168.10.255
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
#http_access deny MSIE
http_access allow our_networks
http_access allow localhost
http_access deny all
http_reply_access allow all
icp_access allow all
# miss_access allow all
# ident_lookup_access deny all
# reply_header_max_size 20 KB
# reply_body_max_size 0 allow all
cache_mgr administrator
# mail_program mail
# cache_effective_user squid
# announce_period 0
# announce_period 1 day
# announce_host tracker.ircache.net
# announce_port 3131
# httpd_accel_port 80
# httpd_accel_single_host off
# httpd_accel_with_proxy off
# httpd_accel_uses_host_header off
# httpd_accel_no_pmtu_disc off
# dns_testnames netscape.com internic.net nlanr.net microsoft.com
logfile_rotate 0
# tcp_recv_bufsize 0 bytes
# memory_pools on
# memory_pools_limit 5 MB
forwarded_for off
# log_icp_queries on
# icp_hit_stale off
# minimum_direct_hops 4
# minimum_direct_rtt 400
# cachemgr_passwd secret shutdown
# cachemgr_passwd lesssssssecret info stats/objects
# cachemgr_passwd disable all
# store_avg_object_size 13 KB
# store_objects_per_bucket 20
# client_db on
# netdb_low 900
# netdb_high 1000
# netdb_ping_period 5 minutes
# query_icmp off
# test_reachability off
# buffered_logs off
# reload_into_ims off
# icon_directory /usr/share/squid/icons
# global_internal_static on
# short_icon_urls off
error_directory /usr/share/squid/errors/German
# maximum_single_addr_tries 1
# retry_on_error off
# snmp_port 3401
# snmp_access allow snmppublic localhost
# snmp_access deny all
# snmp_access deny all
# snmp_incoming_address 0.0.0.0
# snmp_outgoing_address 255.255.255.255
# as_whois_server whois.ra.net
# as_whois_server whois.ra.net
# wccp_router 0.0.0.0
# wccp_version 4
# wccp_incoming_address 0.0.0.0
# wccp_outgoing_address 255.255.255.255
# delay_pools 0
# delay_pools 2 # 2 delay pools
# delay_class 1 2 # pool 1 is a class 2 pool
# delay_class 2 3 # pool 2 is a class 3 pool
# delay_access 1 allow some_big_clients
# delay_access 1 deny all
# delay_access 2 allow lotsa_little_clients
# delay_access 2 deny all
# delay_parameters pool aggregate
# delay_parameters 1 -1/-1 8000/8000
# delay_parameters 2 32000/32000 8000/8000 600/8000
# delay_initial_bucket_level 50
#delay_pools 2
#delay_class 1 1
#delay_class 2 1
#delay_parameters 1 107000/213000
#delay_parameters 2 107000/213000
#delay_access 1 allow gerald
#delay_access 1 deny all
#delay_access 2 allow pesal
#delay_access 2 deny all
# incoming_icp_average 6
# incoming_http_average 4
# incoming_dns_average 4
# min_icp_poll_cnt 8
# min_dns_poll_cnt 8
# min_http_poll_cnt 8
# max_open_disk_fds 0
# offline_mode off
# uri_whitespace strip
# acl buggy_server url_regex ^http://....
# broken_posts allow buggy_server
# mcast_miss_addr 255.255.255.255
# mcast_miss_ttl 16
# mcast_miss_port 3135
# mcast_miss_encode_key XXXXXXXXXXXXXXXX
# nonhierarchical_direct on
# prefer_direct off
# strip_query_terms on
# coredump_dir none
coredump_dir /var/cache/squid
# redirector_bypass off
# ignore_unknown_nameservers on
# digest_generation on
# digest_bits_per_entry 5
# digest_rebuild_period 1 hour
# digest_rewrite_period 1 hour
# digest_swapout_chunk_size 4096 bytes
# digest_rebuild_chunk_percentage 10
# none
# client_persistent_connections on
# server_persistent_connections on
# balance_on_multiple_ip on
# pipeline_prefetch off
# request_entities off
# high_response_time_warning 0
# high_page_fault_warning 0
# high_memory_warning 0
# store_dir_select_algorithm least-load
# ie_refresh off
# vary_ignore_expire off
# sleep_after_fork 0
# relaxed_header_parser on


lg siegpes

sysop
02.04.06, 18:27
für die geschwindigkeit versuch den eintrag:
dns_nameservers xxx.xxx.xxx.xxx yyy.yyy.yyy.yyy

ausserdem würde ich den proxy-port an eine ip-adresse binden, damit du keinen open proxy erlaubst, also:
http_port 192.168.1.1:3128