'Re: [squid-users] Squid configuration sanity check'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       squid-users
Subject:    Re: [squid-users] Squid configuration sanity check
From:       "Eliezer Croitoru" <eliezer () ngtech ! co ! il>
Date:       2018-05-16 22:08:00
Message-ID: 0c2f01d3ed62$5abf22d0$103d6870$ () ngtech ! co ! il
[Download RAW message or body]

This is a multipart message in MIME format.

[Attachment #2 (multipart/related)]
This is a multipart message in MIME format.

[Attachment #4 (multipart/alternative)]


And..

If there are objects you don't want to be served from the proxy directly you can try \
to edit the templates.

 

Eliezer

 

----

 <http://ngtech.co.il/lmgtfy/> Eliezer Croitoru
Linux System Administrator
Mobile: +972-5-28704261
Email: eliezer@ngtech.co.il



 

From: squid-users <squid-users-bounces@lists.squid-cache.org> On Behalf Of Alex K
Sent: Wednesday, May 16, 2018 21:08
To: Amos Jeffries <squid3@treenet.co.nz>
Cc: squid-users@lists.squid-cache.org
Subject: Re: [squid-users] Squid configuration sanity check

 

Ok, clear.

Thank you Amos. 

Alex

 

On Wed, May 16, 2018 at 3:33 PM, Amos Jeffries <squid3@treenet.co.nz \
<mailto:squid3@treenet.co.nz> > wrote:

On 16/05/18 18:17, Alex K wrote:
> Hi again,
> 
> With this config I get:
> 
> ERROR: No forward-proxy ports configured.
> 
> I am wondering if I could just add a dummy entry:
> 
> http_port 3130
> 
> to suppress this error.
> 
> But not sure how this is useful when reading:
> 
> https://wiki.squid-cache.org/KnowledgeBase/NoForwardProxyPorts
> 

As the wiki page says Squid generates URLs sometimes which require the
client to contact the proxy directly for something(s). That cannot be
done through a port used for TPROXY or NAT interception traffic.

The port 3130 (if you choose that over the well-known 3128 port) should
not be a "dummy" that does nothing. Squid *will* open and listen for
traffic there. Clients will at times be told to fetch URLs from the
Squid machines public hostname at that port.

You can firewall the port off from all access if you really want to.
Just be aware that will add error messages about the proxy port not
being accessible to whatever problem the client is having that required
direct contact with Squid in the first place (usually trying to display
an error page).

Amos

 


[Attachment #7 (text/html)]

<html xmlns:v="urn:schemas-microsoft-com:vml" \
xmlns:o="urn:schemas-microsoft-com:office:office" \
xmlns:w="urn:schemas-microsoft-com:office:word" \
xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" \
xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type \
content="text/html; charset=utf-8"><meta name=Generator content="Microsoft Word 15 \
(filtered medium)"><!--[if !mso]><style>v\:* {behavior:url(#default#VML);} o\:* \
{behavior:url(#default#VML);} w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
	{font-family:"Cambria Math";
	panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
	{font-family:Calibri;
	panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
	{font-family:"Arial Rounded MT Bold";
	panose-1:2 15 7 4 3 5 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
	{margin:0in;
	margin-bottom:.0001pt;
	font-size:12.0pt;
	font-family:"Times New Roman",serif;}
a:link, span.MsoHyperlink
	{mso-style-priority:99;
	color:blue;
	text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
	{mso-style-priority:99;
	color:purple;
	text-decoration:underline;}
p.msonormal0, li.msonormal0, div.msonormal0
	{mso-style-name:msonormal;
	mso-margin-top-alt:auto;
	margin-right:0in;
	mso-margin-bottom-alt:auto;
	margin-left:0in;
	font-size:12.0pt;
	font-family:"Times New Roman",serif;}
span.hoenzb
	{mso-style-name:hoenzb;}
span.EmailStyle19
	{mso-style-type:personal-reply;
	font-family:"Calibri",sans-serif;
	color:#1F497D;}
.MsoChpDefault
	{mso-style-type:export-only;
	font-family:"Calibri",sans-serif;}
@page WordSection1
	{size:8.5in 11.0in;
	margin:1.0in 1.25in 1.0in 1.25in;}
div.WordSection1
	{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-US link=blue vlink=purple><div \
class=WordSection1><p class=MsoNormal><span \
style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'>And..<o:p></o:p></span></p><p \
class=MsoNormal><span \
style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'>If there are \
objects you don't want to be served from the proxy directly you can try to edit the \
templates.<o:p></o:p></span></p><p class=MsoNormal><span \
style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'><o:p>&nbsp;</o:p></span></p><p \
class=MsoNormal><span \
style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'>Eliezer<o:p></o:p></span></p><p \
class=MsoNormal><span \
style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'><o:p>&nbsp;</o:p></span></p><p \
class=MsoNormal><span style='font-size:11.0pt;font-family:"Arial Rounded MT \
Bold",sans-serif;color:#1F497D'>----<o:p></o:p></span></p><p class=MsoNormal><span \
style='font-size:11.0pt;font-family:"Arial Rounded MT \
Bold",sans-serif;color:#1F497D'><a href="http://ngtech.co.il/lmgtfy/"><span \
style='color:#0563C1'>Eliezer Croitoru</span></a><br>Linux System \
Administrator<br>Mobile: +972-5-28704261<br>Email: \
eliezer@ngtech.co.il<o:p></o:p></span></p><p class=MsoNormal><span \
style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'><img border=0 \
width=183 height=69 style='width:1.9062in;height:.7187in' id="Picture_x0020_1" \
src="cid:image002.png@01D3ED7B.7E8C98A0"><o:p></o:p></span></p><p \
class=MsoNormal><span \
style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'><o:p>&nbsp;</o:p></span></p><p \
class=MsoNormal><b><span \
style='font-size:11.0pt;font-family:"Calibri",sans-serif'>From:</span></b><span \
style='font-size:11.0pt;font-family:"Calibri",sans-serif'> squid-users \
&lt;squid-users-bounces@lists.squid-cache.org&gt; <b>On Behalf Of </b>Alex \
K<br><b>Sent:</b> Wednesday, May 16, 2018 21:08<br><b>To:</b> Amos Jeffries \
&lt;squid3@treenet.co.nz&gt;<br><b>Cc:</b> \
squid-users@lists.squid-cache.org<br><b>Subject:</b> Re: [squid-users] Squid \
configuration sanity check<o:p></o:p></span></p><p \
class=MsoNormal><o:p>&nbsp;</o:p></p><div><div><div><p class=MsoNormal>Ok, \
clear.<o:p></o:p></p></div><p class=MsoNormal style='margin-bottom:12.0pt'>Thank you \
Amos. <o:p></o:p></p></div><p class=MsoNormal>Alex<o:p></o:p></p></div><div><p \
class=MsoNormal><o:p>&nbsp;</o:p></p><div><p class=MsoNormal>On Wed, May 16, 2018 at \
3:33 PM, Amos Jeffries &lt;<a href="mailto:squid3@treenet.co.nz" \
target="_blank">squid3@treenet.co.nz</a>&gt; wrote:<o:p></o:p></p><blockquote \
style='border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in \
6.0pt;margin-left:4.8pt;margin-right:0in'><p class=MsoNormal>On 16/05/18 18:17, Alex \
K wrote:<br>&gt; Hi again,<br>&gt; <br>&gt; With this config I get:<br>&gt; <br>&gt; \
ERROR: No forward-proxy ports configured.<br>&gt; <br>&gt; I am wondering if I could \
just add a dummy entry:<br>&gt; <br>&gt; http_port 3130<br>&gt; <br>&gt; to suppress \
this error.<br>&gt; <br>&gt; But not sure how this is useful when reading:<br>&gt; \
<br>&gt; <a href="https://wiki.squid-cache.org/KnowledgeBase/NoForwardProxyPorts" \
target="_blank">https://wiki.squid-cache.org/KnowledgeBase/NoForwardProxyPorts</a><br>&gt; \
<br><br>As the wiki page says Squid generates URLs sometimes which require \
the<br>client to contact the proxy directly for something(s). That cannot be<br>done \
through a port used for TPROXY or NAT interception traffic.<br><br>The port 3130 (if \
you choose that over the well-known 3128 port) should<br>not be a &quot;dummy&quot; \
that does nothing. Squid *will* open and listen for<br>traffic there. Clients will at \
times be told to fetch URLs from the<br>Squid machines public hostname at that \
port.<br><br>You can firewall the port off from all access if you really want \
to.<br>Just be aware that will add error messages about the proxy port not<br>being \
accessible to whatever problem the client is having that required<br>direct contact \
with Squid in the first place (usually trying to display<br>an error page).<br><span \
style='color:#888888'><br><span \
class=hoenzb>Amos</span></span><o:p></o:p></p></blockquote></div><p \
class=MsoNormal><o:p>&nbsp;</o:p></p></div></div></body></html>


["image002.png" (image/png)]
[Attachment #9 (text/plain)]

_______________________________________________
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic