Differences between current version and previous revision of ProxyServerNotes.
Other diffs: Previous Major Revision, Previous Author, or view the Annotated Edit History
| Newer page: | version 20 | Last edited on Thursday, June 24, 2004 5:47:10 pm | by CraigBox | |
| Older page: | version 19 | Last edited on Thursday, June 24, 2004 3:32:33 pm | by JohnMcPherson | Revert |
@@ -1,99 +1,9 @@
-Peer your
proxy with MetaNet users!
+Most of the
proxy servers in the world are running [Squid], so you're probably looking for SquidNotes.
------
-What good is a
proxy server if no-one uses it?
+! Peer your
proxy with MetaNet users
-See
[WPAD
] to figure out how
to make your LAN clients automatically pick up the proxy server
.
------
-!!! Squid
-! Resolving name problems
-Having problems that !http://brian/wherever/whatever doesn
't resolve in Squid? This
is caused by Squid running its own DNS resolver, instead of using gethostbyname
(3
). It pulls the IPs of the name servers out of resolv.conf(5). Add
a line like this
to your squid
.conf:
+If your proxy speaks
[ICP
] then you can configure it
to use other, local caches,
to retrieve data from
. If you
're on the MetaNet, and your metanet connection
is faster than your international connection
(or you pay for international traffic
) you might find value in doing this
. [#wlug] is probably
a good place
to ask
.
- append_domain .yourdomain.tla
+! What good is a proxy server if no-one uses it?
-Any domain without a dot in it will get that domain prepended to it; everything works nicely all of a sudden.
-
-! Always get Connection Refused for any website
-probably means that squid has run out of disk space...
-
-! Using authentication with [Squid]
-the SquidNotes page.
-
-! Log Analysis (sarg)
-sarg is a log file analyser for squid. It's partially useful.
-
-Sarg|http://web.onda.com.br/orso/index.html
] is a reasonably nice tool for generating nice reports for your squid logs. I have only two problems with it currently.
-* Dates on reports spanning weeks or months are often wrong - all the data is there but the title of the report says it only covers 2-5 days.
-* Only shows reports of the percentage of traffic that was/was not served from the cache. Does not give an actual byte count. Sure it is easy
to calculate it from the total but it would be even easier if it did it for me.
-
-! Log Analysis (srg)
-SRG is a fast and flexible log analyser written in C/C++, it was written by MattBrown while working for [CRCnet] because none of the existing log analysation programs such as sarg were adequate. In particular SRG allows you to generate reports right down to the level of each file requested from a site, and reports can be generated in plain html or using PHP to allow you
to easily integrate with
your squid authentication system to restrict access to all or parts of
the report. Another useful feature of SRG is the ability to generate an email every time a report is generated summarising the traffic used during the reporting period.
-
-SRG is released under the GPL and is under active development.
-
-Find out more about srg at http://www.crc.net.nz/software/srg.php
-
-----
-
-To set things up so that your web browsers auto detect your
proxy server, investigate [WPAD], the Web Proxy Auto Detection script.
-
-----
-
-[Microsoft] InternetExplorer 6 SP 1 has a bug where if you are using "Basic" auth (eg, with squid), the first page afterwards will display an "Unable to load page" error. This is because MSIE tries to reuse an already closed [TCP] connection. See KB:331906
-
-----
-! Filtering
-
-__ACLs in squid__
-
-When specifying ACLs, dont set more than one type of acl on a single acl line. Squid
-ignores them.
-
- eg:
- acl lab proxy_auth labuser src 192.168.2./32
- acl denylab proxy_auth labuser
- ....
- http_access allow lab
- http_access deny denylab
-
-doesn't work. instead:
-
- acl labuser proxy_auth labuser
- acl labmachines proxy_auth 192.168.2./32
- ....
- http_access allow labuser labmachines
- http_access deny labuser
-
-will do the trick.
-
-__URL Blocking__
-
-
- acl restrictedmachine src ip.ad.dr.ess/255.255.255.255
- acl restrictedmachinesites dstdomain "/etc/squid/list-of-sites"
-
- http_access allow restrictedmachine restrictedmachinesites
- http_access deny restrictedmachine
-
-list-of-sites takes the form
-
- # banned sites list
- host.domain.com
- # or
- .domain.com
- # for everything in domain.com
-
-__Content Blocking__
-
-Investigate the following blacklists:
-
-* DansGuardian (http://dansguardian.org) (GPL, but commercial users are asked to pay for DL)
-* SquidGuard (http://www.squidguard.org) (GPL but you can't sell it)
-
-(Note from Daniel Barron, DG author: the SG clause is in violation of the GPL and thus is invalid. The DG license is fully 100% within the GPL. What is asked for is that commercial users pay to __download__ DG. I just thought I'd clarify the [FUD].)
-
-----
-! More Info
-[Here|http://www.serassio.it/SquidNT/MRTG.htm] are some other notes on [Squid], [SNMP] and [MRTG]. This shows sample [MRTG] config options for graphing some of the info. Note that you can get MRTG to talk directly to Squid's nonstard SNMP port
.
-
-----
+See [WPAD
] to figure out how
to make
your LAN clients automatically pick up
the proxy server.
