Blog, Linux, Squid, freeBSD•
on September 17th, 2007•
Add this to squid.conf
#Port Lists
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
# Deny requests to unknown ports
http_access deny !Safe_ports
# Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports
or
# Port Lists
acl SSL_ports port 443 563
acl Safe_ports port 80 21 443 70 210 1025-65535 280 488 591 777
# Deny requests to unknown ports
http_access deny !Safe_ports
# Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports
Your browser will show an error page users in your network remote server using non standard HTTP/S ports are not listed in squid.conf
ERRORThe requested URL could not be retrieved
_____
While trying to retrieve the URL: http://xxx.xxx.xxx.xxx:1000 (this is an example)
The following error was encountered:
* Access Denied.
Access control configuration prevents your request from being allowed at this time. Please contact your service provider if you feel this is incorrect.
Your cache administrator is webmaster.
Ports restriction help limit unauthorized request.
Blog, Linux, Squid, freeBSD•
on September 9th, 2007•
Reboot and squid -k says it can not send stop signal again, it means that squid.pid is missing
Check squid.pid in the system, when it is missing :
1. Look into a previous post in this website.
2. Shutdown squid
squid -k shutdown
Create squid.pid (squid.pid location in same directory with log files)
touch squid.pid
squid.pid chmod permission
-rw-r--r--
squid.pid chown permission
root : squid
We should make Squid to rewrite a squid.pid file
Create Squid swap directories
squid -z
Run Squid
squid
3. Reboot your computer
Blog, Linux, Squid, freeBSD•
on September 9th, 2007•
The squid.pid file is missing or unreadable makes squid -k command don’t work (says it can not send stop signal). We kill Squid manually by finding the process ID with ps.
ps ax | grep squid
If there are more than one Squid process, be sure to kill the one that shows up as (squid).
example
500 ?? Is 0:00.01 squid -sD
505 ?? S 0:00.27 (squid) -sD (squid)
then kill it
kill -TERM 505
How to fix this? I learn that with a help from Squid Faq
Run squid again
squid
then do ps again
ps ax | grep squid
find squid process that shows up as (squid)
example : if the process id 82675 (remember this is example)
Create the PID file and put the process id number there
echo 82675 > /usr/local/squid/logs/squid.pid
note : /usr/local/squid/logs/squid.pid (location of squid.pid, this is probably different in your computer)
Then find the Squid process id. Send the process a HUP signal, which is the same as squid -k reconfigure
kill -HUP 82675
The reconfigure process creates a new PID file automatically.
Fave Design