Peer your proxy with MetaNet users!
See WPAD to figure out how to make your LAN clients automatically pick up the proxy server.
Any domain without a dot in it will get that domain prepended to it; everything works nicely all of a sudden.
probably means that squid has run out of disk space...
sarg is a log file analyser for squid. It's partially useful.
Sarg is a reasonably nice tool for generating nice reports for your squid logs. I have only two problems with it currently.
SRG is a fast and flexible log analyser written in C/C++, it was written by MattBrown while working for CRCnet because none of the existing log analysation programs such as sarg were adequate. In particular SRG allows you to generate reports right down to the level of each file requested from a site, and reports can be generated in plain html or using PHP to allow you to easily integrate with your squid authentication system to restrict access to all or parts of the report. Another useful feature of SRG is the ability to generate an email every time a report is generated summarising the traffic used during the reporting period.
SRG is released under the GPL and is under active development.
Find out more about srg at http://www.crc.net.nz/software/srg.php
To set things up so that your web browsers auto detect your proxy server, investigate WPAD, the Web Proxy Auto Detection script.
Microsoft InternetExplorer 6 SP 1 has a bug where if you are using "Basic" auth (eg, with squid), the first page afterwards will display an "Unable to load page" error. This is because MSIE tries to reuse an already closed TCP connection. See KB:331906
ACLs in squid
When specifying ACLs, dont set more than one type of acl on a single acl line. Squid ignores them.
eg: acl lab proxy_auth labuser src 192.168.2.0/32 acl denylab proxy_auth labuser .... http_access allow lab http_access deny denylab
will do the trick.
URL Blocking
acl restrictedmachine src ip.ad.dr.ess/255.255.255.255 acl restrictedmachinesites dstdomain "/etc/squid/list-of-sites"
http_access allow restrictedmachine restrictedmachinesites http_access deny restrictedmachine
list-of-sites takes the form
host.domain.com
- or
.domain.com
- for everything in domain.com
Content Blocking
Investigate the following blacklists:
(Note from Daniel Barron, DG author: the SG clause is in violation of the GPL and thus is invalid. The DG license is fully 100% within the GPL. What is asked for is that commercial users pay to download DG. I just thought I'd clarify the FUD.)
Here are some other notes on Squid, SNMP and MRTG. This shows sample MRTG config options for graphing some of the info. Note that you can get MRTG to talk directly to Squid's nonstard SNMP port.
3 pages link to ProxyServerNotes: