OS2.org - Forum - HelpDesk

Site Index - Feedback - Impressum

News

Software

Hardware

Projekte

Forum

Tipps

Links

Verschiedenes

Editorial

Diskussion

HelpDesk

Umfrage

in nach (Erweiterte Suche)

( Archiv )

( Neues Thema )

( Zeige die Threadübersicht )

( Zur Startübersicht )

23.12.2004

oops proxy-server schlägt fehl (von: Christian/2, 18:40:05)

Hallo Leute,

wer kennt sich mit dem neuen OOPS-Proxy server aus?

Hätte ich installiert und gestartet, im Mozilla eingetragen....
doch wenn ich eine Webseite aufrufe bekomme ich folgende Meldung:

"Here is result of your request:
Access denied
Probably the requested site doesn't answer or it timed out. Check the address or try again.
Administrator

Generated by oops at MYHOSTNAME:3128"

Jemand eine Idee?
[ Leser: 77 ]

24.12.2004

Re: oops proxy-server schlägt fehl (von: Christian/2, 08:18:12)
huhu? Bin ich der Einzige, der mal was neues ausprobiert? FAQ auf http://www.oops-cache.org/ brachte mir leider nichts.

Re: oops proxy-server schlägt fehl (von: Jan, 10:31:06)
Tach ich kenne den Proxyserver nicht. Aber "Access denied" sieht mir doch stark danach aus, das du im config file noch angeben must wer den Server benutzten darf. Weil wenn default alles offen wäre, könnte jeder aus dem bösen Internet dein Proxy benutzten. Und das sollte man doch stark vermeiden Jan

oops Config-File (von: Christian/2, 23:46:13)

Also,
kann jemand was mit folgender Config-file was anfangen? Was müßte ich verändern?

PS: Squid und Smartcache habe ich noch gebacken bekommen.... aber oops... da ist momentan bei mir der Wurm drin.

oops.cfg:
##
## You can insert include statement at top level config, so that config can
## be combined from several files. 'include' can be nested (maximum depth 10)
##
#include <filename>
##
# nameservers. Use your own, not our.
##
nameserver 192.168.0.64
# nameserver 193.219.193.130
##
# Ports and address to use for HTTP and ICP
##
#bind ip_addr|hostname
http_port 3128
icp_port 3130
##
## Change euid to that user
##
## WARNING: if you use 'userid, then you 'reconfigure will not be able to
## open new sockets on reserved (< 1024) ports and will not be able
## to return to original userid.
##
##
## Change root directory. If don't know exactly what are you doing -
## leave commented.
#chroot ???
##
# Logfile - just debug output
# When used in form 'filename [{N S}] [[un]buffered]'
# will be rotated automatically (up to N files up to S bytes in size)
##
#logfile /dev/tty
logfile ./logs/oops.log { 30 1m } unbuffered
##
# Accesslog - the same as for squid. Re rotating - see note for logfile
##
#accesslog /dev/tty
accesslog ./logs/access.log { 30 1m } unbuffered
##
# Pidfile. for kill -1 `cat oops.pid` and for locking.
##
pidfile ./logs/oops.pid
##
# Statistics file - once per minute flush some statistics to this file
##
statistics ./logs/oops_statfile
##
# icons - where to find link.gif, dir.gif, binary.gif and so on (for
# ftp lists). If omitted - name of running host will be used. But
# using explicit names is better way.
##
#icons-host ss5.paco.net
#icons-port 80
#icons-path icons
##
# When total object volume in memory grow over this (this mean
# that cachable data from network came faster then we can save on disk)
# drop objects (without attempt to save on disk).
##
mem_max 4m
##
# Hint, how much cached objects keep in memory.
# When total amount become larger then this limit - start
# swaping cachable objects to disk
##
lo_mark 2m
##
# start random early drop when number of clients reach some level.
# this can protect you against attacks and against situation when
# oops cant handle too much connections. By default - 0 (or no limits).
##
#start_red 0
##
# refuse any connection when number of already connected clients reach some
# level. By default - 0 (or no limits).
##
#refuse_at 0
##
# if document contain no Expires: then expire after (in days)
# ftp-expire-value - expire time for ftp (in days)
##
default-expire-value 7
ftp-expire-value 7
##
# While connecting to public FTP resource, use this string as password
##
#anon_ftp_passw oops@localhost
##
# if you want expirestart and run only at some time intervals,
# then use next instruction
##
#expiretime Sun:Sat 0100:0700
##
# Maximum expite time - doc will not keep in cache more then
# this number of days (except if defaiult-expire-value used for this documeny)
##
max-expire-value 30
##
# in which proportion time passed since last document modification
# will accounted in expire time. For example, if last-modified-factor=5
# and there was passed 10 days since document modification, then expiration
# will be setted to 2 days in future (but no nore then max-expire-value)
##
last-modified-factor 5
##
# If you want not cache replies without Last-Modified:
# uncomment next line.
##
#dont_cache_without_last_modified
# run expire every ( in hours )
##
default-expire-interval 1
##
# negative_cache - how long cache 404 answer from server
##
#negative_cache 0
##
# icp_timeout - how long to wait icp reply from peer (in ms, e.g 1000 = 1sec)
##
icp_timeout 1000
##
# start disk cache cleanup when free space will be (in %%)
# As on the very large storages 1% is large space (1% from 9G is
# 90M), then on such storages you can set both disk-low-free and
# disk-ok-free to 0. Oops will start cleanup if it have less then 256
# free blocks(1M), and stop when it reach 512 bree blocks(2M).
##
disk-low-free 3
##
# stop disk cache cleanup when free space will be (in %%)
##
disk-ok-free 5
##
# Force_http11 - turn on http/1.1 for each request to document server
# This option required if module 'vary' used.
##
force_http11
##
# Always check document freshness, even it is not stale or expired
# This force Oops behave like squid - first check cached doc, then send
##
#always_check_freshness
##
# If user-requestor aborted connection to proxy, but there was received more
# then some percent ot the document - then continue.
# default value - 75%
##
force_completion 75
##
# maximum size of the object we will cache
##
maxresident 1m
##
# minimum size of the object we will cache
##
#minresident 0
insert_x_forwarded_for yes
insert_via yes
##
# Load documents as fast as we can, or as fast as client can download
# First method will save number of opened sockets
# Second - save your bandwidth and memory.
# Use "yes".
##
fetch_with_client_speed yes
##
# If host have several interfaces or aliases, use exactly
# this name when connecting to server:
##
#connect-from proxy.paco.net
##
# ACLs - currently: urlregex, urlpath, usercharset
# port, dstdom, dstdom_regex, src_ip, time
# each acl can be loaded from file.
##
#acl CACHEABLECGI urlregex http://www\.topping\.com\.ua/cgi-bin/pingstat\.cgi\?072199131826
#acl WWWPACO urlregex www\.paco\.net
#acl NO_RLH urlregex zipper
#acl REWRITEPORTS urlregex (www.job.ru|www.sale.ru)
#acl REWRITEHOSTS urlregex (www.asm.ru|zipper\.paco)
#acl WINUSER usercharset windows-1251
#acl DOSUSER usercharset ibm866
#acl UNIXUSER usercharset koi8-r
#acl RUS dstdom ru su
#acl UKR dstdom ua
#acl BADPORTS port [0:79],110,138,139,513,[6000:6010]
#acl BADDOMAIN dstdom baddomain1.com baddomain2.com
#acl BADDOMREGEX dstdom_regex baddomain\.((com)|(org))
#acl LOCAL_NETWORKS src_ip include:./etc/acl_local_networks
#acl BADNETWORKS src_ip 192.168.10/24
## WARNING: acl dst_ip is applyed to destination hostname BEFORE
## any redirection used.
#acl LOCALDST dst_ip 192.168.10/24
##
#acl WORKTIME time Mon,Tue:Fri 0900:1800
#acl HTMLS content_type text/html
#acl USERS username joe
acl MSIE header_substr user-agent MSIE
acl ADMINS src_ip 127.0.0.1
acl PURGE method PURGE
acl CONNECT method CONNECT
acl SSLPORT port 443
##
# acl_deny [!]ACL [!]ACL ...
# deny access for combined acl
##
acl_deny PURGE !ADMINS
acl_deny CONNECT !SSLPORT
##
# Never cache objects with URL, containing next strings in path
##
stop_cache ?
stop_cache cgi-bin
##
# stop_cache_acl [!]ACL [!]ACL ...
# Stop cache using ACL
##
#stop_cache_acl WWWPACO
##
# refresh_pattern ACLNAME min percent max
# 'min' and 'max' are limits between Expite time will be assigned
# Iff document have no expire: header and have Last-Modified: header
# we will use 'percent' to estimate how far in the future document will
# be expired.
##
#refresh_pattern CACHEABLECGI 20 50% 200
#refresh_pattern WWWPACO 0 0% 0
##
# bind_acl {hostname|ip} [!]ACL [!]ACL ...
# bind to given address when connecting to server
# if request match ACLNAME
##
#bind_acl outname1 RUS
#bind_acl outname2 UKR
##
# Always check document freshness, but now on acl basis.
# You can have several such lines.
## This example will force to check freshness only for html documents.
#always_check_freshness_acl HTMLS
##
# line 'parent ....' will force all connections (except to destinations
# in local-domain or local-networks) go through parent host
##
#parent proxy.paco.net 3128
##
# parent_auth login:password
# if your parent require login/password from your proxy
##
#parent_auth login:password
# ICP peer's
#peer proxy.paco.net 3128 3130 {
## ^^^ peer name ^http port ^icp port
## icp port can be 0, in which case we assume this is non-icp
## proxy. We assume that non-icp peer act like parent which
## answer MISS all th etime. If this peer refused connection
## then it goes down for 60 seconds - it doesn't take part in
## any peer-related decisions.
# sibling ;
## if this peer require login/password from your proxy
# my_auth my_login:my_password;
## we will send requests for these domains
# allow dstdomain * ;
## we will NOT send requests for these domains
# deny dstdomain * ;
## we will send only requests matched to this acl
# peer_access [!]ACL1 [!]ACL2
## if (and only if) peer is not icp-capable, then , in case of fail we
## leave failed peer alone for the down_timeout interval (in seconds).
## Then we will try again
# down_timeout 60 ;
#}
#peer proxy.gu.net 80 3130 {
# parent ;
# allow dstdomain * ;
# deny dstdomain paco.net odessa.ua ;
#}
##
# Never use "parent" when connecting to server in these domains
##
local-domain odessa.ua od.ua
local-domain odessa.net paco.net netsy.net netsy.com te.net.ua
local-networks 192.168/16
#
# Groups
#
group mygroup {
networks 192.168.0/24;
http {
allow dstdomain *;
}
auth_mods passwd_file;
}
#group paco {
##
# You can describe group ip adresses here, or using src_ip acl's
# with networks_acl directive.
# networks_acl always have higher preference (checked first) and
# are checked in the order of appearance.
# If host wil not fall in any networks_acl - we check in networks.
# networks are ordered by masklen - longest masks(most specific networks)
# are checked first.
##
# networks 195.114.128/19 127/8 195.5.40.93/32 ;
# networks_acl LOCAL_NETWORKS !BAD_NETWORKS ;
# badports [0:79],110,138,139,513,[6000:6010] ;
# miss allow;
##
# denytime - when deny access to proxy server for this group
##
# denytime Sat,Sun 0642:1000
# denytime Mon,Thu:Fri,Sun 0900:2100
##
# Authentication modules for this group (seprated by space)
##
# auth_mods passwd_file;
# auth_mods pam;
##
# URL-Redirector (porno, ad. filtering) modules for this group (separate by
# space)
# NOTE: modules redir and fastredir can use several configs, one per group.
# use next form: redir_mods redir/1;
# and redir_mods redir/2;
# in the groups section.
# You also have to have correspondent module redir/1 {...} and
# redir/2 {...} sections.
##
# redir_mods redir;

##
# limit whole group to 8Kbytes per sec
##
# bandwidth 8k;
##
# limit each host 8Kbytes per sec
##
# per_ip_bw 8k;
##
# limit connections number from each host
##
# per_ip_conn 8;
##
# Connect from specified ip address for group.
# You can be use the ip address or host name.
##
# connect_from <ip-addr>;
##
# limit request rate from this group (requests per second). This is crude,
# and must be used as last resort
##
# maxreqrate 100;
##
# icp acl ...
##
# icp {
# allow dstdomain * ;
# }
##
# http acl
##
# http {
##
# http acls can be in form 'allow dstdomain domainname domainname ... domainname ;
# or in form 'allow dstdomain include:filename ;
# where filename - name of the file, which contain
# domainnames (one per line, # - comment line);
# the same rules for 'deny'
##
# allow dstdomain * ;
# }
#}
#group world {
# networks 0/0;
# badports [0:79],110,138,139,513,[6000:6010];
# http {
# deny dstdomain * ;
# }
# icp {
# deny dstdomain * ;
# }
#}
##
# Storage section
# Change this for your own situation. Oops can work without
# storages (using only in-memory cache).
##
##
# Storage description (can be several)
# path - filename of storage. can be raw device (be carefull!)
# size - size (of storage file). Can be smthng like 100k or 200m or 4g
# Size used only durig format process (oops -z).
##
storage {
path ./storages/oops_storage ;
# Size of the storage. Can be in bytes or 'auto'. Auto is
# usefull for pre-created storages or disk slices.
# NOTE: 'size auto' won't work for Linux on disk slices.
# To use large ( > 2G ) files run configure with --enable-large-files
size 100m ;
# You have to use 'offset' in the case your raw device (or slice)
# require that. For example if you use entire disk as storage
# under AIX and Soalris/Sparc - you have to skip first block
# which contain disk label (that is storage will start from
# next 512 sector.
# offset 512;
}
#storage {
# path ./storages/oops_storage1 ;
# size 600m ;
#}
module lang {
default_charset koi8-r
# Recode tables and other charset stuff
CharsetRecodeTable windows-1251 ./etc/tables/koi-win.tab
CharsetRecodeTable ISO-8859-5 ./etc/tables/koi-iso.tab
CharsetRecodeTable ibm866 ./etc/tables/koi-alt.tab
CharsetAgent windows-1251 AIR_Mosaic IWENG/1 MSIE WinMosaic (Windows (WinNT;
CharsetAgent windows-1251 (Win16; (Win95; (Win98; (16-bit) Opera/3.0
CharsetAgent ibm866 DosLynx Lynx2/OS/2
}
module err {
# error reporting module
# template
template ./etc/err_template.html
# Language to use when generate Error messages
lang ru
}
module passwd_file {
# password proxy-authentication module
#
# default realm, scheme and passwd file
# the only thing you really want to change is 'file' and 'template'
# you don't have to reconfigure oops if you only
# change content passwd file or template: oops authomatically
# reload file
realm oops
scheme Basic
file ./etc/passwd
template ./etc/auth_template.html
}
module pam {
realm oops
scheme Basic
service oops
template ./etc/auth_template.html
}
module passwd_pgsql {
# proxy authentication using postgresql
# "Ivan B. Yelnikov" <bahek@khspu.ru>
#
# host - host where database live,
# user,password - login and password for database access
# database - database name
# select - file with request body
# template - file with html doc which user will receive
# during authentication
scheme Basic
realm oops
host <host address/name>
user <database_user>
password <user_password>
database <database_name>
select ./etc/select.sql
template ./etc/auth_template.html
}
module passwd_mysql {
# proxy authentication usin mysql
# "Ivan B. Yelnikov" <bahek@khspu.ru>
#
# look passwd_pgsql description
#
scheme Basic
realm oops
host <host address/name>
user <database_user>
password <user_password>
database <database_name>
select ./etc/select.sql
template ./etc/auth_template.html
}
# You can several (up to 15) redir configs:
# module redir/1 {
# ...
# }
# module redir/2 {
# ...
# }
# ...
#
# Such names (redir/N) can be used in redir_mods statements in group
# description
module redir {
# file - regex rules.
# each line consist of one or two fields (separated with white space)
# 1. regular expression
# 2. redirect-location
# if requested (by client) url match regex then
# if we have redirect-url then we send '302 Moved Temporary' to
# redirect-location
# if we have no redirect-location (i.e. we have no 2-nd field)
# then we send template.html (%R will be substituted by rule)
# or some default message if we have no template.
# you don't have to reconfigure oops each time
# you edit rules or template, they will be reloaded authomatically
file ./etc/redir_rules
template ./etc/redir_template.html
## mode control will redir rewrite url or send Location: header
## with new location. Values are 'rewrite' or 'bounce'
# mode rewrite
# myport can have next form:
# myport [{hostname|ip_addr}:]port ...
# myport 3128
# it configure redir module to process requests on
# given port
myport 3128
# This module can process requests which come on http_port
# and/or on different port. For example, you wish oops
# bind on two ports - 3128 and 3129, and all requests which come on
# port 3129 must pass through filters, and requests which come on port
# 3128 (common http_port) - not. Then you have to uncomment next line
# myport 3129
# which means exactly: bind oops to additional port 3129 and process
# requests which come on this port.
# myport can be in the next form:
# myport [{hostname|ip_addr}:]port
}
module oopsctl {
# path to oopsctl unix socket
# under os/2, it must be "\socket\xxxx" (default is "\socket\oopsctl");
# name is case-sensitive.
socket_path \socket\oopsctl
# time to auto-refresh page (seconds)
html_refresh 300
}
##
## This module hadnle 'Vary' header - it was written to better support
## Russian Apache
##
module vary {
user-agent by_charset
accept-charset ignore
}
##
## WWW -accelerator. To use - add word accel to
## redir_mods line for
## the group 'world' description
## You will find more description of this module in supplied accel_maps file
##
#module accel {
# myport can have next form:
# myport [{hostname|ip_addr}:]port ...
# myport 80
##
# access can have next form:
# access [{hostname|ip_addr}:]port ...
# If this directive is set, then incoming packets will be checked
# for module "accel", according to this directive, not "myports".
# In this case "oops" will open sockets according to "myports"
# as well as when rule "access" is missed. This is needed when destination
# of incoming packet doesn't match "oops" bindings ,for example when we're
# forwarding packets using firewall.
#
# This allows us to produce the following construction :
# firewall: forward network 80-85 -> ip:80
# oops: myport ip:80
# oops: access 80 81 82 83 84 85
# (in this case "oops" will bind only to ip:80 according to rule "myports")
##
# access 80 81
#
##
# allow access to proxy through accel module.
# Deny will stop proxy through accel completely, regardless
# of any other access rules
##
# proxy_requests deny
#
##
# File with maps and other config directives
# Checked once per minute. No need to restart oops if maps changed
##
# file ./etc/accel_maps
#}
##
## Transparent proxy. To use - add word 'transparent' into
## redir_mods line for your group.
## in the your local (or any other) group description
##
#module transparent {
# myport can have next form:
# myport [{hostname|ip_addr}:]port ...
# myport 3128
# broken_browsers MSIE
#}
##
## %h - remote ip address
## %A - local ip address
## %d - ip address of source (peer or document server)
## %l - remote logname from identd (not suported now)
## %U - remote user (from 'Authorization' header)
## %u - remote user (from proxy-auth)
## %{format}t - time with optional {format} (for strftime)
## %t - time with standard format %d/%b/%Y:%T %Z
## %r - request line
## %s - status code
## %b - bytes received
## %{header}i - value of header in request
## %m - HIT/MISS
## %k - hierarchy (DIRECT/NONE/...)
##
## directive buffered can be followed by size of the buffer,
## like 'buffered 32000'
##
module customlog {
path ./logs/access_custom1
format "%h %l %u %t \"%r\" %>s %b"
# squid httpd mode log emulation
# format "%h %u %l %t \"%r\" %s %b %m:%k"
# buffered
# path /usr/local/oops/logs/access_custom2
# format "%h->%A %l %u [%t] \"%r\" %s %b \"%{User-Agent}i\""
}
module berkeley_db {
##
# dbhome - directory where all DB indexes reside. Use full path
# this directory must exist.
# dbname - filename for index file. Use just filename (no full path)
##
dbhome ./storages
dbname dburl
##
# This parameter specifies internal cache size of BerkeleyDB.
# Increase this parameter for best performance (if you have a lot of memory).
# For example: db_cache_mem 64m
# Default and minimum value: 4m
#
# This memory pool is not part of memory pool, specified by mem_max parameter.
# WARNING: the amount of RAM used by oops will be increased by the value of
# this parameter.
##
#db_cache_mem 4m
}
#module gigabase_db {
# This module enable GigaBASE as database engine.
# You can use berkeley_db or gigabase_db, not both.
# Also, important notice - indexes created with different modules
# are not compatible.
# ##
# # dbhome - directory where all DB indexes reside. Use full path
# # this directory must exist.
# # dbname - filename for index file. Use just filename (no full path)
# ##
#
# dbhome ./DB
# dbname gdburl
#
# ##
# # This parameter specifies internal cache size of BerkeleyDB.
# # Increase this parameter for best performance (if you have a lot of memory).
# # For example: db_cache_mem 64m
# # Default and minimum value: 4m
# #
# # This memory pool is not part of memory pool, specified by mem_max parameter.
# # WARNING: the amount of RAM used by oops will be increased by the value of
# # this parameter.
# ##
# #db_cache_mem 4m
#
#}
#module wccp2 {
# Cache identity.
# Ip address under which your cache will be visible.
# You should set it only in case oops can't determine it's IP in other other way
# identity proxy.yourdomain.tld
#
# Service group.
# Look Cisco documentation what service group is.
# In two words - this is group of caches and routers which handle transparently
# some kind of traffic. To intercept www requests from your users use
# next 'service-group' definition
#
# service-group web-cache
#
# Routers for this service group.
# Here you list ip-addresses of routers in service group.
# To avoid problems list addresses from which cisco will reply - that is
# address of interface which is directed to cache. You can describe several
# (up to 32) routers.
#
# router 10.10.10.1
#
#}
#module netflow {
#
# This module exports netflow v5 records to flow collector(s)
# Each record consists of source (document source, peer,...) address
# destination address (client requested document), bytes transferred.
# If you supply file with route prefix table and autonomouos system numbers,
# then source and desctination ASNs will also present in flow records
#
# file - path to the tile with prefixes (see file INSTALL).
#
# file ./prefix_table
#
# source - flow records source address and port.
#
# source 127.0.0.1:3333
#
# collector - address and port of collector
# you can have several lines(collectors).
#
# collector 127.0.0.1:6666
#}

26.12.2004

Re: oops Config-File (von: Jan, 15:08:28)
hier muss man woll ein bischen readme lesen .... :) bei den acl muss du bestimmt was machen. cl LOCAL_NETWORKS src_ip include:./etc/acl_local_networks Jan

27.12.2004

sperrt mich noch immer aus (von: Christian/2, 12:32:59)
Danke @Jan. Das allein kanns wohl doch nicht sein. Oops sperrt mich noch immer aus. Probiere jetzt lieber Squid aus... da hatte ich schneller Erfolgserlebnis ;-))))

Re: sperrt mich noch immer aus (von: jan, 13:42:43)
dabei kann ich dir auch helfen :) Jan

squid: unbedingt zu beachten (von: Christian/2, 18:50:03)
@Jan Danke für Dein Angebot. Squid habe ich problemlos zum Laufen gekriegt... mit der sample.squid.conf. Greife Squid über 127.0.0.1:3128 ab. Gibt es hier Einstellungen, die ich unbedingt machen muß, damit System auch sicher ist? Nutze, wie gesagt, nur Standard-Conf.

Re: squid: unbedingt zu beachten (von: Jan, 20:20:46)
nope default darf nur der localhost, also 127.0.0.1 Jan

29.12.2004

@Jan: Squid-Kontrolle (von: Christian/2, 10:25:36)

Hallo Jan,

nochmal zur Kontrolle. Meine squid.conf sieht an den entscheidenden Stellen nun so aus:

#Recommended minimum configuration:
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT

# Default:
# http_access deny all
#
#Recommended minimum configuration:
#
# Only allow cachemgr access from localhost
http_access allow manager localhost
http_access deny manager
# Deny requests to unknown ports
http_access deny !Safe_ports
# Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports
#
# We strongly recommend to uncomment the following to protect innocent
# web applications running on the proxy server who think that the only
# one who can access services on "localhost" is a local user
#http_access deny to_localhost
#

Paßt hoffentlich so, oder?

BTW: Wie kann ich die Squid-Cache funktion am besten testen?
Bei mir kommt zwar Squid-Fehler-Bild, wenn Seite nicht existiert, und Cache bereich auf der Festplatte wird immer größer...
aber wie kann ich sicher gehen / kontrollieren, daß Squid Daten zuerst von Festplatte, nicht aus dem Internet holt?

( Zeige die Threadübersicht )

[ Version zum Drucken ]

( Zur Startübersicht )

Datum

Thema

09.01.2017

Name: *

eMail:

Benachrichtigung

Mit * markierte Felder müssen ausgefüllt werden !