با سلام و عرض خسته نباشید خدمت تمامی دوستان گرامی
من کش اسکوئید رو کانفیگ کردم / این هم دیاگرام سناریوی من :
این هم کانفیگ کش اسکوئید من :
نقل قول :http_port 3128
icp_port 3130
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_mem 64 MB
memory_pools on
maximum_object_size 128 MB
minimum_object_size 0 KB
maximum_object_size_in_memory 128 KB
cache_dir diskd /var/spool/squid 100 16 256 Q1=64 Q2=72
coredump_dir /var/spool/squid
cache_access_log /var/log/squid/access.log
cache_store_log /var/log/squid/store.log
cache_log /var/log/squid/cache.log
ftp_user <!-- e --><a href="mailto:[email protected]">[email protected]</a><!-- e -->
refresh_pattern ^ftp: 1440 40% 10080
refresh_pattern ^gopher: 1440 20% 1440
refresh_pattern . 0 50% 4320
quick_abort_min 64 KB
quick_abort_max 512 KB
quick_abort_pct 70%
negative_ttl 5 minutes
connect_timeout 2 minutes
read_timeout 15 minutes
request_timeout 30 seconds
shutdown_lifetime 10 seconds
acl nimda1 urlpath_regex -i \.elm$
acl nimda2 urlpath_regex -i root.exe
acl nimda3 urlpath_regex -i cmd.exe
acl nimda4 urlpath_regex -i ^http://.*www
acl nimda5 urlpath_regex -i readme.exe
acl nimda6 urlpath_regex -i default.id
acl nimda7 urlpath_regex -i :25
#################################################
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl local src 217.219.225.0/24
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 901 # SWAT
acl purge method PURGE
acl CONNECT method CONNECT
#################################################
http_access deny nimda1
http_access deny nimda2
http_access deny nimda3
http_access deny nimda4
http_access deny nimda5
http_access deny nimda6
http_access deny nimda7
#################################################
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access allow local
http_access deny all
icp_access allow all
#################################################
cache_mgr <!-- e --><a href="mailto:[email protected]">[email protected]</a><!-- e -->
cache_effective_user squid
cache_effective_group squid
visible_hostname Cache
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_***** on
httpd_accel_uses_host_header on
logfile_rotate 3
forwarded_for on
emulate_httpd_log off
log_fqdn off
acl snmppublic snmp_community public
snmp_access allow snmppublic localhost
snmp_access deny all
snmp_incoming_address 0.0.0.0
snmp_outgoing_address 255.255.255.255
#################################################
redirect_rewrites_host_header off
refresh_pattern ^http://.*\.cnn\.com 360 50% 4320 override-lastmod override-expire ignore-reload
refresh_pattern ^http://news\.bbc\.co\.uk 360 50% 4320 override-lastmod override-expire ignore-reload
refresh_pattern microsoft 1080 150% 10080 override-expire override-lastmod override-expire
refresh_pattern msn\.com 4320 150% 10080 override-expire override-lastmod override-expire
refresh_pattern <!-- m --><a class="postlink" href="http://.*">http://.*</a><!-- m -->\.windowsupdate\.microsoft\.com/ 0 80% 20160 reload-into-ims
refresh_pattern <!-- m --><a class="postlink" href="http://office">http://office</a><!-- m -->\.microsoft\.com/ 0 80% 20160 reload-into-ims
refresh_pattern <!-- m --><a class="postlink" href="http://windowsupdate">http://windowsupdate</a><!-- m -->\.microsoft\.com/ 0 80% 20160 reload-into-ims
refresh_pattern <!-- m --><a class="postlink" href="http://w?xpsp">http://w?xpsp</a><!-- m -->[0-9]\.microsoft\.com/ 0 80% 20160 reload-into-ims
refresh_pattern <!-- m --><a class="postlink" href="http://w2ksp">http://w2ksp</a><!-- m -->[0-9]\.microsoft\.com/ 0 80% 20160 reload-into-ims
refresh_pattern <!-- m --><a class="postlink" href="http://download">http://download</a><!-- m -->\.microsoft\.com/ 0 80% 20160 reload-into-ims
refresh_pattern <!-- m --><a class="postlink" href="http://download">http://download</a><!-- m -->\.macromedia\.com/ 0 80% 20160 reload-into-ims
refresh_pattern <!-- m --><a class="postlink" href="ftp://ftp">ftp://ftp</a><!-- m -->\.nai\.com/ 0 80% 20160 reload-into-ims
refresh_pattern <!-- m --><a class="postlink" href="http://ftp">http://ftp</a><!-- m -->\.software\.ibm\.com/ 0 80% 20160 reload-into-ims
refresh_pattern ^http://.*\.doubleclick\.net 10080 300% 40320 override-expire override-lastmod override-expire ignore-reload
refresh_pattern ^http://.*FIDO 360 1000% 480
refresh_pattern \.phtml$ 240 200% 10080
refresh_pattern \.avi$ 10080 150% 40320
refresh_pattern \.mov$ 10080 150% 40320
refresh_pattern \.wav$ 10080 150% 40320
refresh_pattern \.mp3$ 10080 150% 40320
refresh_pattern \.qtm$ 10080 150% 40320
refresh_pattern \.mid$ 10080 150% 40320
refresh_pattern \.viv$ 10080 150% 40320
refresh_pattern \.mpg$ 10080 150% 40320
refresh_pattern \.jpg$ 10080 150% 40320
refresh_pattern \.rar$ 10080 150% 40320
refresh_pattern \.ram$ 10080 150% 40320
refresh_pattern \.pdf$ 10080 150% 40320
refresh_pattern \.ppt$ 10080 150% 40320
refresh_pattern \.dll$ 10080 150% 40320
refresh_pattern \.cab$ 10080 150% 40320
refresh_pattern \.bin$ 10080 150% 40320
refresh_pattern \.exe$ 10080 150% 40320
refresh_pattern \.ps$ 10080 150% 40320
refresh_pattern \.gz$ 10080 150% 40320
refresh_pattern \.tar$ 10080 150% 40320
refresh_pattern \.rm$ 10080 150% 40320
refresh_pattern \.ram$ 10080 150% 40320
refresh_pattern \.smi$ 10080 150% 40320
refresh_pattern \.iso$ 10080 150% 40320
refresh_pattern \.mpeg$ 10080 150% 40320
refresh_pattern \.wmv$ 10080 150% 40320
refresh_pattern \.ppt$ 10080 150% 40320
refresh_pattern \.r[0-9][0-0]$ 10080 150% 40320
refresh_pattern ^http://.*\.gif$ 1440 50% 20160
refresh_pattern ^http://.*\.jpg$ 1440 50% 20160
refresh_pattern ^http://.*\.jpeg$ 1440 50% 20160
refresh_pattern ^http://.*\.asis$ 1440 50% 20160
refresh_pattern \.gif$ 10080 300% 40320
refresh_pattern \.jpg$ 10080 300% 40320
refresh_pattern \.jpeg$ 10080 300% 40320
refresh_pattern \.txt$ 1440 100% 20160 override-lastmod
refresh_pattern \.zip$ 2880 200% 40320
refresh_pattern \.arj$ 2880 200% 40320
درخواست ها رو هم از سمت روتر ارسال میکنم به کش اسکوئید ! با رول زیر در میکروتیک :
نقل قول :ip firewall nat add action=dst-nat dst-port=80 protocol=tcp src-address="192.168.2.0/24" to-addresses="172.16.0.2" to-ports=3128 chain=dstnat
منتها سمت یوزر پیج باز نمیشه ! صفحه زیر برای یوزر نمایش داده میشه :
این هم محتویان فایل لاگ :
نقل قول :root@localhost ~]# tail -f /var/log/squid/access.log
1325439227.139 3 172.16.0.1 TCP_DENIED/400 2935 POST error:invalid-reques t - NONE/- text/html
1325440035.902 2 172.16.0.1 TCP_DENIED/400 1835 GET error:invalid-request - NONE/- text/html
1325440037.329 2 172.16.0.1 TCP_DENIED/400 2232 GET error:invalid-request - NONE/- text/html
1325440037.574 9 172.16.0.1 TCP_DENIED/400 1856 GET error:invalid-request - NONE/- text/html
1325440039.347 2 172.16.0.1 TCP_DENIED/400 1873 GET error:invalid-request - NONE/- text/html
1325440039.681 4 172.16.0.1 TCP_DENIED/400 1854 GET error:invalid-request - NONE/- text/html
1325440039.710 5 172.16.0.1 TCP_DENIED/400 1884 GET error:invalid-request - NONE/- text/html
1325440044.708 3 172.16.0.1 TCP_DENIED/400 2045 GET error:invalid-request - NONE/- text/html
1325440070.695 8 172.16.0.1 TCP_DENIED/400 1928 GET error:invalid-request - NONE/- text/html
1325440081.072 5 192.168.1.99 TCP_DENIED/400 1997 GET error:invalid-request - NONE/- text/html
مشکل از چیه ؟ لطفا راهنمایی کنید
با تشکر فراوان