Sorry for coming to you guys with something that has a wealth of google results, but the problem is that either a bunch of what I find on google for Squid is either outdated or just plain wrong. Their documentation doesn't seem to fit the way my mind works either.
I'm trying to set up a web proxy for the school that I work at. My goal is to be as transparent as possible so as to not inconvenience anyone. I have a SonicWall that supports passing web traffic to a proxy with just IP/port. I know some of you have experience with Squid and you guys speak my language. I have three questions.
Google fails to load only when passed through firewall to proxy, not when configured via firefox to proxy. Error is "Invalid URL." I suspect something along the lines of http redirected to https. The error says possible problems are as follows:
Missing or incorrect access protocol (should be http:// or similar)
Illegal double-escape in the URL-Path
Illegal character in hostname; underscores are not allowed.
Do you know how to disable cache or, if possible, create a list of websites to cache? I'd like to avoid potential caching issues while still saving a little bit of bandwidth, or just not cache altogether. The real goal here is detailed usage logs.
Any suggestions or tips for optimization? I just want logs. Saving bandwidth through selective caching would be a bonus, but I would sacrifice https logs for a reliable pass through of secure websites.
Well I hope this helps
Sounds like its not in transparent proxy mode, try adding vhost to the http_port option in the config.
to just have direct connections use "always_direct allow all"
heres the help page with more info
i still havent figured out how to deal with ssl with a transparent proxy
Hmm vhost ended with a 404 all around. Thanks for the advice, squid is a little overwhelming as the last proxy server I ran was AnalogX after Leo Laporte recommended it on ZDTV...
Has it fixed yet? If not, have you checked this part?
Or, I can just paste the whole squid3 config I use in my private proxy
First one sounds like it might have something to do with Squid getting confused by the protocol-lacking absolute URL format Google's pretty fond of using.
I pretty much set all that to allow. It's completely internal so I really don't care what passes through it, rather block unwanted ports from the firewall. Even most secure sites seemed to work fine. Saw the green bar on Catalyst, got the SSL on facebook. Just that darn google.
Would be awesome if you don't mind sharing. Having never configured this before, I could be missing the most obvious and vital of settings.
Darn Google always messing with stuff :P
Maybe this helps:
Anonymous Proxy Using SQUID 3 On Ubuntu Server – with web based auth!!
1- setup ubuntu server
2- apt-get install squid3
3- backup original config
mv /etc/squid3/squid.conf /etc/squid3/squid.conf.backup
4- nano /etc/squid3/squid.conf
and paste below text:
!! Do not forget to change ip 18.104.22.168 with your own ip!!
Recommended minimum configuration:
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access deny all
icp_access deny all
htcp_access deny all
hierarchy_stoplist cgi-bin ?
access_log /var/log/squid3/access.log squid
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern (cgi-bin|\?) 0 0% 0
refresh_pattern . 0 20% 4320
auth_param basic program /usr/lib/squid3/ncsa_auth /etc/squid3/squid_passwd
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
acl ncsaauth proxy_auth REQUIRED
http_access allow ncsaauth
acl ip1 myip 22.214.171.124
tcp_outgoing_address 126.96.36.199 ip1
request_header_access Allow allow all
request_header_access Authorization allow all
request_header_access WWW-Authenticate allow all
request_header_access Proxy-Authorization allow all
request_header_access Proxy-Authenticate allow all
request_header_access Cache-Control allow all
request_header_access Content-Encoding allow all
request_header_access Content-Length allow all
request_header_access Content-Type allow all
request_header_access Date allow all
request_header_access Expires allow all
request_header_access Host allow all
request_header_access If-Modified-Since allow all
request_header_access Last-Modified allow all
request_header_access Location allow all
request_header_access Pragma allow all
request_header_access Accept allow all
request_header_access Accept-Charset allow all
request_header_access Accept-Encoding allow all
request_header_access Accept-Language allow all
request_header_access Content-Language allow all
request_header_access Mime-Version allow all
request_header_access Retry-After allow all
request_header_access Title allow all
request_header_access Connection allow all
request_header_access Proxy-Connection allow all
request_header_access User-Agent allow all
request_header_access Cookie allow all
request_header_access All deny all
ctrl+x to save
5- touch /etc/squid3/squid_passwd
6- htpasswd /etc/squid3/squid_passwd yourproxyusername
7- service squid3 restart
Proxy port will be 3128
Please do change the ip 188.8.131.52 with your own ip in config
After you activate it in any browser it will ask for u/p
enter what you give at step6...