Исходное сообщение
"Помогите настроить Squid в OC FreeBSD 5.4" Отправлено Zekere, 22-Янв-06 21:41
Помогите мне "чайнику" пожалуйста настроить Squid чтобы он хотябы запустился. У меня две сети одна 192.168.0.0(локалка), а другая 82.207.xxx.24(инет). Что нужно раскоментировать в файле squid.conf чтобы программа заработала? squid.conf ----------------------------------------------------------------------------------------------------- # http_port 3128 # ssl_unclean_shutdown off # icp_port 3130 # htcp_port 4827 # udp_incoming_address 0.0.0.0 # udp_outgoing_address 255.255.255.255 #    cache_peer_domain cache-host domain [domain ...] #    cache_peer_domain cache-host !domain # #    For example, specifying # #        cache_peer_domain parent.foo.net    .edu # #    has the effect such that UDP query packets are sent to #    'bigserver' only when the requested object exists on a #    server in the .edu domain.  Prefixing the domainname #    with '!' means the cache will be queried for objects #    NOT in that domain. # #    NOTE:    * Any number of domains may be given for a cache-host, #          either on the same or separate lines. #        * When multiple domains are given for a particular #          cache-host, the first matched domain is applied. #        * Cache hosts with no domain restrictions are queried #          for all requests. #        * There are no defaults. #        * There is also a 'cache_peer_access' tag in the ACL #          section. # #Default: # none #  TAG: neighbor_type_domain #    usage: neighbor_type_domain neighbor parent|sibling domain domain ... # #    Modifying the neighbor type for specific domains is now #    possible.  You can treat some domains differently than the the #    default neighbor type specified on the 'cache_peer' line. #    Normally it should only be necessary to list domains which #    should be treated differently because the default neighbor type #    applies for hostnames which do not match domains listed here. # #EXAMPLE: #    cache_peer  parent cache.foo.org 3128 3130 #    neighbor_type_domain cache.foo.org sibling .com .net #    neighbor_type_domain cache.foo.org sibling .au .de # #Default: # none #  TAG: icp_query_timeout    (msec) #    Normally Squid will automatically determine an optimal ICP #    query timeout value based on the round-trip-time of recent ICP #    queries.  If you want to override the value determined by #    Squid, set this 'icp_query_timeout' to a non-zero value.  This #    value is specified in MILLISECONDS, so, to use a 2-second #    timeout (the old default), you would write: # #        icp_query_timeout 2000 # #Default: # icp_query_timeout 0 #  TAG: maximum_icp_query_timeout    (msec) #    Normally the ICP query timeout is determined dynamically.  But #    sometimes it can lead to very large values (say 5 seconds). #    Use this option to put an upper limit on the dynamic timeout #    value.  Do NOT use this option to always use a fixed (instead #    of a dynamic) timeout value. To set a fixed timeout see the #    'icp_query_timeout' directive. # #Default: # maximum_icp_query_timeout 2000 #  TAG: mcast_icp_query_timeout    (msec) #    For Multicast peers, Squid regularly sends out ICP "probes" to #    count how many other peers are listening on the given multicast #    address.  This value specifies how long Squid should wait to #    count all the replies.  The default is 2000 msec, or 2 #    seconds. # #Default: # mcast_icp_query_timeout 2000 #  TAG: dead_peer_timeout    (seconds) #    This controls how long Squid waits to declare a peer cache #    as "dead."  If there are no ICP replies received in this #    amount of time, Squid will declare the peer dead and not #    expect to receive any further ICP replies.  However, it #    continues to send ICP queries, and will mark the peer as #    alive upon receipt of the first subsequent ICP reply. # #    This timeout also affects when Squid expects to receive ICP #    replies from peers.  If more than 'dead_peer' seconds have #    passed since the last ICP reply was received, Squid will not #    expect to receive an ICP reply on the next query.  Thus, if #    your time between requests is greater than this timeout, you #    will see a lot of requests sent DIRECT to origin servers #    instead of to your parents. # #Default: # dead_peer_timeout 10 seconds #  TAG: hierarchy_stoplist #    A list of words which, if found in a URL, cause the object to #    be handled directly by this cache.  In other words, use this #    to not query neighbor caches for certain objects.  You may #    list this option multiple times. #We recommend you to use at least the following line. hierarchy_stoplist cgi-bin ? #  TAG: no_cache #    A list of ACL elements which, if matched, cause the request to #    not be satisfied from the cache and the reply to not be cached. #    In other words, use this to force certain objects to never be cached. # #    You must use the word 'DENY' to indicate the ACL names which should #    NOT be cached. # #We recommend you to use the following two lines. acl QUERY urlpath_regex cgi-bin \? no_cache deny QUERY # OPTIONS WHICH AFFECT THE CACHE SIZE # ----------------------------------------------------------------------------- #  TAG: cache_mem    (bytes) #    NOTE: THIS PARAMETER DOES NOT SPECIFY THE MAXIMUM PROCESS SIZE. #    IT ONLY PLACES A LIMIT ON HOW MUCH ADDITIONAL MEMORY SQUID WILL #    USE AS A MEMORY CACHE OF OBJECTS. SQUID USES MEMORY FOR OTHER #    THINGS AS WELL. SEE THE SQUID FAQ SECTION 8 FOR DETAILS. # #    'cache_mem' specifies the ideal amount of memory to be used #    for: #        * In-Transit objects #        * Hot Objects #        * Negative-Cached objects # #    Data for these objects are stored in 4 KB blocks.  This #    parameter specifies the ideal upper limit on the total size of #    4 KB blocks allocated.  In-Transit objects take the highest #    priority. # #    In-transit objects have priority over the others.  When #    additional space is needed for incoming data, negative-cached #    and hot objects will be released.  In other words, the #    negative-cached and hot objects will fill up any unused space #    not needed for in-transit objects. # #    If circumstances require, this limit will be exceeded. #    Specifically, if your incoming request rate requires more than #    'cache_mem' of memory to hold in-transit objects, Squid will #    exceed this limit to satisfy the new requests.  When the load #    decreases, blocks will be freed until the high-water mark is #    reached.  Thereafter, blocks will be used to store hot #    objects. # #Default: # cache_mem 8 MB #  TAG: cache_swap_low    (percent, 0-100) #  TAG: cache_swap_high    (percent, 0-100) # #    The low- and high-water marks for cache object replacement. #    Replacement begins when the swap (disk) usage is above the #    low-water mark and attempts to maintain utilization near the #    low-water mark.  As swap utilization gets close to high-water #    mark object eviction becomes more aggressive.  If utilization is #    close to the low-water mark less replacement is done each time. # #    Defaults are 90% and 95%. If you have a large cache, 5% could be #    hundreds of MB. If this is the case you may wish to set these #    numbers closer together. # #Default: # cache_swap_low 90 # cache_swap_high 95 #  TAG: maximum_object_size    (bytes) #    Objects larger than this size will NOT be saved on disk.  The #    value is specified in kilobytes, and the default is 4MB.  If #    you wish to get a high BYTES hit ratio, you should probably #    increase this (one 32 MB object hit counts for 3200 10KB #    hits).  If you wish to increase speed more than your want to #    save bandwidth you should leave this low. # #    NOTE: if using the LFUDA replacement policy you should increase #    this value to maximize the byte hit rate improvement of LFUDA! #    See replacement_policy below for a discussion of this policy. # #Default: # maximum_object_size 4096 KB #  TAG: minimum_object_size    (bytes) #    Objects smaller than this size will NOT be saved on disk.  The #    value is specified in kilobytes, and the default is 0 KB, which #    means there is no minimum. # #Default: # minimum_object_size 0 KB #  TAG: maximum_object_size_in_memory    (bytes) #        Objects greater than this size will not be attempted to kept in #        the memory cache. This should be set high enough to keep objects #        accessed frequently in memory to improve performance whilst low #        enough to keep larger objects from hoarding cache_mem . # #Default: # maximum_object_size_in_memory 8 KB #  TAG: ipcache_size    (number of entries) #  TAG: ipcache_low    (percent) #  TAG: ipcache_high    (percent) #    The size, low-, and high-water marks for the IP cache. # #Default: # ipcache_size 1024 # ipcache_low 90 # ipcache_high 95 #  TAG: fqdncache_size    (number of entries) #    Maximum number of FQDN cache entries. # #Default: # fqdncache_size 1024 #  TAG: cache_replacement_policy #    The cache replacement policy parameter determines which #    objects are evicted (replaced) when disk space is needed. # #        lru       : Squid's original list based LRU policy #        heap GDSF : Greedy-Dual Size Frequency #        heap LFUDA: Least Frequently Used with Dynamic Aging #        heap LRU  : LRU policy implemented using a heap # #    Applies to any cache_dir lines listed below this. # #    The LRU policies keeps recently referenced objects. # #    The heap GDSF policy optimizes object hit rate by keeping smaller #    popular objects in cache so it has a better chance of getting a #    hit.  It achieves a lower byte hit rate than LFUDA though since #    it evicts larger (possibly popular) objects. # #    The heap LFUDA policy keeps popular objects in cache regardless of #    their size and thus optimizes byte hit rate at the expense of #    hit rate since one large, popular object will prevent many #    smaller, slightly less popular objects from being cached. # #    Both policies utilize a dynamic aging mechanism that prevents #    cache pollution that can otherwise occur with frequency-based #    replacement policies. # #    NOTE: if using the LFUDA replacement policy you should increase #    the value of maximum_object_size above its default of 4096 KB to #    to maximize the potential byte hit rate improvement of LFUDA. # #    For more information about the GDSF and LFUDA cache replacement #    policies see http://www.hpl.hp.com/techreports/1999/HPL-1999-69.html #    and http://fog.hpl.external.hp.com/techreports/98/HPL-98-173.html. # #Default: # cache_replacement_policy lru #  TAG: memory_replacement_policy #    The memory replacement policy parameter determines which #    objects are purged from memory when memory space is needed. # #    See cache_replacement_policy for details. # #Default: # memory_replacement_policy lru # LOGFILE PATHNAMES AND CACHE DIRECTORIES # ----------------------------------------------------------------------------- #  TAG: cache_dir #    Usage: # #    cache_dir Type Directory-Name Fs-specific-data [options] # #    You can specify multiple cache_dir lines to spread the #    cache among different disk partitions. # #    Type specifies the kind of storage system to use. Only "ufs" #    is built by default. To eanble any of the other storage systems #    see the --enable-storeio configure option. # #    'Directory' is a top-level directory where cache swap #    files will be stored.  If you want to use an entire disk #    for caching, this can be the mount-point directory. #    The directory must exist and be writable by the Squid #    process.  Squid will NOT create this directory for you. # #    The ufs store type: # #    "ufs" is the old well-known Squid storage format that has always #    been there. # #    cache_dir ufs Directory-Name Mbytes L1 L2 [options] # #    'Mbytes' is the amount of disk space (MB) to use under this #    directory.  The default is 100 MB.  Change this to suit your #    configuration.  Do NOT put the size of your disk drive here. #    Instead, if you want Squid to use the entire disk drive, #    subtract 20% and use that value. # #    'Level-1' is the number of first-level subdirectories which #    will be created under the 'Directory'.  The default is 16. # #    'Level-2' is the number of second-level subdirectories which #    will be created under each first-level directory.  The default #    is 256. # #    The aufs store type: # #    "aufs" uses the same storage format as "ufs", utilizing #    POSIX-threads to avoid blocking the main Squid process on #    disk-I/O. This was formerly known in Squid as async-io. # #    cache_dir aufs Directory-Name Mbytes L1 L2 [options] # #    see argument descriptions under ufs above # #    The diskd store type: # #    "diskd" uses the same storage format as "ufs", utilizing a #    separate process to avoid blocking the main Squid process on #    disk-I/O. # #    cache_dir diskd Directory-Name Mbytes L1 L2 [options] [Q1=n] [Q2=n] # #    see argument descriptions under ufs above # #    Q1 specifies the number of unacknowledged I/O requests when Squid #    stops opening new files. If this many messages are in the queues, #    Squid won't open new files. Default is 64 # #    Q2 specifies the number of unacknowledged messages when Squid #    starts blocking.  If this many messages are in the queues, #    Squid blocks until it receives some replies. Default is 72 # #    When Q1 < Q2 (the default), the cache directory is optimized #    for lower response time at the expense of a decrease in hit #    ratio.  If Q1 > Q2, the cache directory is optimized for #    higher hit ratio at the expense of an increase in response #    time. # #    The coss store type: # #    block-size=n defines the "block size" for COSS cache_dir's. #    Squid uses file numbers as block numbers.  Since file numbers #    are limited to 24 bits, the block size determines the maximum #    size of the COSS partition.  The default is 512 bytes, which #    leads to a maximum cache_dir size of 512<<24, or 8 GB.  Note #    you should not change the coss block size after Squid #    has written some objects to the cache_dir. # #    Common options: # #    read-only, this cache_dir is read only. # #    max-size=n, refers to the max object size this storedir supports. #    It is used to initially choose the storedir to dump the object. #    Note: To make optimal use of the max-size limits you should order #    the cache_dir lines with the smallest max-size value first and the #    ones with no max-size specification last. # #    Note that for coss, max-size must be less than COSS_MEMBUF_SZ #    (hard coded at 1 MB). # #Default: # cache_dir ufs /usr/local/squid/cache 100 16 256 #  TAG: cache_access_log #    Logs the client request activity.  Contains an entry for #    every HTTP and ICP queries received. To disable, enter "none". # #Default: # cache_access_log /usr/local/squid/logs/access.log #  TAG: cache_log #    Cache logging file. This is where general information about #    your cache's behavior goes. You can increase the amount of data #    logged to this file with the "debug_options" tag below. # #Default: # cache_log /usr/local/squid/logs/cache.log #  TAG: cache_store_log #    Logs the activities of the storage manager.  Shows which #    objects are ejected from the cache, and which objects are #    saved and for how long.  To disable, enter "none". There are #    not really utilities to analyze this data, so you can safely #    disable it. # #Default: # cache_store_log /usr/local/squid/logs/store.log #  TAG: cache_swap_log #    Location for the cache "swap.state" file. This log file holds #    the metadata of objects saved on disk.  It is used to rebuild #    the cache during startup.  Normally this file resides in each #    'cache_dir' directory, but you may specify an alternate #    pathname here.  Note you must give a full filename, not just #    a directory. Since this is the index for the whole object #    list you CANNOT periodically rotate it! # #    If %s can be used in the file name it will be replaced with a #    a representation of the cache_dir name where each / is replaced #    with '.'. This is needed to allow adding/removing cache_dir #    lines when cache_swap_log is being used. # #    If have more than one 'cache_dir', and %s is not used in the name #    these swap logs will have names such as: # #        cache_swap_log.00 #        cache_swap_log.01 #        cache_swap_log.02 # #    The numbered extension (which is added automatically) #    corresponds to the order of the 'cache_dir' lines in this #    configuration file.  If you change the order of the 'cache_dir' #    lines in this file, these log files will NOT correspond to #    the correct 'cache_dir' entry (unless you manually rename #    them).  We recommend you do NOT use this option.  It is #    better to keep these log files in each 'cache_dir' directory. # #Default: # none #  TAG: emulate_httpd_log    on|off #    The Cache can emulate the log file format which many 'httpd' #    programs use.  To disable/enable this emulation, set #    emulate_httpd_log to 'off' or 'on'.  The default #    is to use the native log format since it includes useful #    information Squid-specific log analyzers use. # #Default: # emulate_httpd_log off #  TAG: log_ip_on_direct    on|off #    Log the destination IP address in the hierarchy log tag when going #    direct. Earlier Squid versions logged the hostname here. If you #    prefer the old way set this to off. # #Default: # log_ip_on_direct on #  TAG: mime_table #    Pathname to Squid's MIME table. You shouldn't need to change #    this, but the default file contains examples and formatting #    information if you do. # #Default: # mime_table /usr/local/etc/squid/mime.conf #  TAG: log_mime_hdrs    on|off #    The Cache can record both the request and the response MIME #    headers for each HTTP transaction.  The headers are encoded #    safely and will appear as two bracketed fields at the end of #    the access log (for either the native or httpd-emulated log #    formats).  To enable this logging set log_mime_hdrs to 'on'. # #Default: # log_mime_hdrs off #  TAG: useragent_log # Note: This option is only available if Squid is rebuilt with the #       --enable-useragent-log option # #    Squid will write the User-Agent field from HTTP requests #    to the filename specified here.  By default useragent_log #    is disabled. # #Default: # none #  TAG: referer_log # Note: This option is only available if Squid is rebuilt with the #       --enable-referer-log option # #    Squid will write the Referer field from HTTP requests to the #    filename specified here.  By default referer_log is disabled. # #Default: # none #  TAG: pid_filename #    A filename to write the process-id to.  To disable, enter "none". # #Default: # pid_filename /usr/local/squid/logs/squid.pid #  TAG: debug_options #    Logging options are set as section,level where each source file #    is assigned a unique section.  Lower levels result in less #    output,  Full debugging (level 9) can result in a very large #    log file, so be careful.  The magic word "ALL" sets debugging #    levels for all sections.  We recommend normally running with #    "ALL,1". # #Default: # debug_options ALL,1 #  TAG: log_fqdn    on|off #    Turn this on if you wish to log fully qualified domain names #    in the access.log. To do this Squid does a DNS lookup of all #    IP's connecting to it. This can (in some situations) increase #    latency, which makes your cache seem slower for interactive #    browsing. # #Default: # log_fqdn off #  TAG: client_netmask #    A netmask for client addresses in logfiles and cachemgr output. #    Change this to protect the privacy of your cache clients. #    A netmask of 255.255.255.0 will log all IP's in that range with #    the last digit set to '0'. # #Default: # client_netmask 255.255.255.255 # OPTIONS FOR EXTERNAL SUPPORT PROGRAMS # ----------------------------------------------------------------------------- #  TAG: ftp_user #    If you want the anonymous login password to be more informative #    (and enable the use of picky ftp servers), set this to something #    reasonable for your domain, like wwwuser@somewhere.net # #    The reason why this is domainless by default is the #    request can be made on the behalf of a user in any domain, #    depending on how the cache is used. #    Some ftp server also validate the email address is valid #    (for example perl.com). # #Default: # ftp_user Squid@ #  TAG: ftp_list_width #    Sets the width of ftp listings. This should be set to fit in #    the width of a standard browser. Setting this too small #    can cut off long filenames when browsing ftp sites. # #Default: # ftp_list_width 32 #  TAG: ftp_passive #    If your firewall does not allow Squid to use passive #    connections, turn off this option. # #Default: # ftp_passive on #  TAG: ftp_sanitycheck #    For security and data integrity reasons Squid by default performs #    sanity checks of the addresses of FTP data connections ensure the #    data connection is to the requested server. If you need to allow #    FTP connections to servers using another IP address for the data #    connection turn this off. # #Default: # ftp_sanitycheck on #  TAG: ftp_telnet_protocol #    The FTP protocol is officially defined to use the telnet protocol #    as transport channel for the control connection. However, many #    implemenations are broken and does not respect this aspect of #    the FTP protocol. # #    If you have trouble accessing files with ASCII code 255 in the #    path or similar problems involving this ASCII code you can #    try setting this directive to off. If that helps, report to the #    operator of the FTP server in question that their FTP server #    is broken and does not follow the FTP standard. # #Default: # ftp_telnet_protocol on #  TAG: cache_dns_program # Note: This option is only available if Squid is rebuilt with the #       --disable-internal-dns option # #    Specify the location of the executable for dnslookup process. # #Default: # cache_dns_program /usr/local/libexec/squid/dnsserver #  TAG: dns_children # Note: This option is only available if Squid is rebuilt with the #       --disable-internal-dns option # #    The number of processes spawn to service DNS name lookups. #    For heavily loaded caches on large servers, you should #    probably increase this value to at least 10.  The maximum #    is 32.  The default is 5. # #    You must have at least one dnsserver process. # #Default: # dns_children 5 #  TAG: dns_retransmit_interval #    Initial retransmit interval for DNS queries. The interval is #    doubled each time all configured DNS servers have been tried. # # #Default: # dns_retransmit_interval 5 seconds #  TAG: dns_timeout #    DNS Query timeout. If no response is received to a DNS query #    within this time all DNS servers for the queried domain #    are assumed to be unavailable. # #Default: # dns_timeout 2 minutes #  TAG: dns_defnames    on|off # Note: This option is only available if Squid is rebuilt with the #       --disable-internal-dns option # #    Normally the 'dnsserver' disables the RES_DEFNAMES resolver #    option (see res_init(3)).  This prevents caches in a hierarchy #    from interpreting single-component hostnames locally.  To allow #    dnsserver to handle single-component names, enable this #    option. # #Default: # dns_defnames off #  TAG: dns_nameservers #    Use this if you want to specify a list of DNS name servers #    (IP addresses) to use instead of those given in your #    /etc/resolv.conf file. #    On Windows platforms, if no value is specified here or in #    the /etc/resolv.conf file, the list of DNS name servers are #    taken from the Windows registry, both static and dynamic DHCP #    configurations are supported. # #    Example: dns_nameservers 10.0.0.1 192.172.0.4 # #Default: # none #  TAG: hosts_file #    Location of the host-local IP name-address associations #    database.  Most Operating Systems have such a file: under #    Un*X it's by default in /etc/hosts.  MS-Windows NT/2000 places #    it in %SystemRoot%(by default #    c:\winnt)\system32\drivers\etc\hosts, while Windows 9x/ME #    places it in %windir%(usually c:\windows)\hosts # #    The file contains newline-separated definitions, in the #    form ip_address_in_dotted_form name [name ...] names are #    whitespace-separated.  lines beginnng with an hash (#) #    character are comments. # #    The file is checked at startup and upon configuration.  If #    set to 'none', it won't be checked.  If append_domain is #    used, that domain will be added to domain-local (i.e. not #    containing any dot character) host definitions. # #Default: # hosts_file /etc/hosts #  TAG: diskd_program #    Specify the location of the diskd executable. #    Note that this is only useful if you have compiled in #    diskd as one of the store io modules. # #Default: # diskd_program /usr/local/libexec/squid/diskd #  TAG: unlinkd_program #    Specify the location of the executable for file deletion process. # #Default: # unlinkd_program /usr/local/libexec/squid/unlinkd #  TAG: pinger_program # Note: This option is only available if Squid is rebuilt with the #       --enable-icmp option # #    Specify the location of the executable for the pinger process. # #Default: # pinger_program /usr/local/libexec/squid/pinger #  TAG: redirect_program #    Specify the location of the executable for the URL redirector. #    Since they can perform almost any function there isn't one included. #    See the FAQ (section 15) for information on how to write one. #    By default, a redirector is not used. # #Default: # none #  TAG: redirect_children #    The number of redirector processes to spawn. If you start #    too few Squid will have to wait for them to process a backlog of #    URLs, slowing it down. If you start too many they will use RAM #    and other system resources. # #Default: # redirect_children 5 #  TAG: redirect_rewrites_host_header #    By default Squid rewrites any Host: header in redirected #    requests.  If you are running an accelerator this may #    not be a wanted effect of a redirector. # #Default: # redirect_rewrites_host_header on #  TAG: redirector_access #    If defined, this access list specifies which requests are #    sent to the redirector processes.  By default all requests #    are sent. # #Default: # none #  TAG: auth_param #    This is used to define parameters for the various authentication #    schemes supported by Squid. # #    format: auth_param scheme parameter [setting] # #    The order in which authentication schemes are presented to the client is #    dependant on the order the scheme first appears in config file. IE #    has a bug (it's not rfc 2617 compliant) in that it will use the basic #    scheme if basic is the first entry presented, even if more secure #    schemes are presented. For now use the order in the recommended #    settings section below. If other browsers have difficulties (don't #    recognise the schemes offered even if you are using basic) either #    put basic first, or disable the other schemes (by commenting out their #    program entry). # #    Once an authentication scheme is fully configured, it can only be #    shutdown by shutting squid down and restarting. Changes can be made on #    the fly and activated with a reconfigure. I.E. You can change to a #    different helper, but not unconfigure the helper completely. # #    Please note that while this directive defines how Squid processes #    authentication it does not automatically activate authentication. #    To use authenticaiton you must in addition make use of acls based #    on login name in http_access (proxy_auth, proxy_auth_regex or #    external with %LOGIN used in the format tag). The browser will be #    challenged for authentication on the first such acl encountered #    in http_access processing and will also be rechallenged for new #    login credentials if the request is being denied by a proxy_auth #    type acl. # #    === Parameters for the basic scheme follow. === # #    "program" cmdline #    Specify the command for the external authenticator.  Such a program #    reads a line containing "username password" and replies "OK" or #    "ERR" in an endless loop. # #    By default, the basic authentication sheme is not used unless a #    program is specified. # #    If you want to use the traditional proxy authentication, jump over to #    the helpers/basic_auth/NCSA directory and type: #        % make #        % make install # #    Then, set this line to something like # #    auth_param basic program /usr/local/libexec/ncsa_auth /usr/local/etc/passwd # #    "children" numberofchildren #    The number of authenticator processes to spawn. #    If you start too few Squid will have to wait for them to process a #    backlog of usercode/password verifications, slowing it down. When #    password verifications are done via a (slow) network you are likely to #    need lots of authenticator processes. #    auth_param basic children 5 # #    "realm" realmstring #    Specifies the realm name which is to be reported to the client for #    the basic proxy authentication scheme (part of the text the user #    will see when prompted their username and password). #    auth_param basic realm Squid proxy-caching web server # #    "credentialsttl" timetolive #    Specifies how long squid assumes an externally validated #    username:password pair is valid for - in other words how often the #    helper program is called for that user. Set this low to force #    revalidation with short lived passwords.  Note that setting this high #    does not impact your susceptability to replay attacks unless you are #    using an one-time password system (such as SecureID). If you are using #    such a system, you will be vulnerable to replay attacks unless you #    also use the max_user_ip ACL in an http_access rule. #    auth_param basic credentialsttl 2 hours # #    "casesensitive" on|off #    Specifies if usernames are case sensitive. Most user databases are #    case insensitive allowing the same username to be spelled using both #    lower and upper case letters, but some are case sensitive. This #    makes a big difference for user_max_ip ACL processing and similar. #    auth_param basic casesensitive off # #    === Parameters for the digest scheme follow === # #    "program" cmdline #    Specify the command for the external authenticator.  Such a program #    reads a line containing "username":"realm" and replies with the #    appropriate H(A1) value base64 encoded or ERR if the user (or his H(A1) #    hash) does not exists.  See rfc 2616 for the definition of H(A1). # #    By default, the digest authentication scheme is not used unless a #    program is specified. # #    If you want to use a digest authenticator, jump over to the #    helpers/digest_auth/ directory and choose the authenticator to use. #    It it's directory type #            % make #            % make install # #    Then, set this line to something like # #    auth_param digest program /usr/local/libexec/digest_auth_pw /usr/local/etc/digpass --helper-protocol=squid-2.5-ntlmssp authentication #Recommended minimum configuration: #auth_param digest program <uncomment and complete this line> #auth_param digest children 5 #auth_param digest realm Squid proxy-caching web server #auth_param digest nonce_garbage_interval 5 minutes #auth_param digest nonce_max_duration 30 minutes #auth_param digest nonce_max_count 50 #auth_param ntlm program <uncomment and complete this line to activate> #auth_param ntlm children 5 #auth_param ntlm max_challenge_reuses 0 #auth_param ntlm max_challenge_lifetime 2 minutes #auth_param ntlm use_ntlm_negotiate off #auth_param basic program <uncomment and complete this line> auth_param basic children 5 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hours auth_param basic casesensitive off # authenticate_cache_garbage_interval 1 hour # authenticate_ttl 1 hour # wais_relay_port 0 # request_header_max_size 20 KB # request_body_max_size 0 KB refresh_pattern ^ftp:        1440    20%    10080 refresh_pattern ^gopher:    1440    0%    1440 refresh_pattern .        0    20%    4320 # quick_abort_min 16 KB # quick_abort_max 16 KB # quick_abort_pct 95 # negative_ttl 5 minutes # positive_dns_ttl 6 hours # negative_dns_ttl 1 minute # range_offset_limit 0 KB # forward_timeout 4 minutes # connect_timeout 1 minute # peer_connect_timeout 30 seconds # read_timeout 15 minutes # request_timeout 5 minutes # persistent_request_timeout 1 minute # client_lifetime 1 day # half_closed_clients on # pconn_timeout 120 seconds # ident_timeout 10 seconds # shutdown_lifetime 30 seconds #Recommended minimum configuration: acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 563 acl Safe_ports port 80        # http acl Safe_ports port 21        # ftp acl Safe_ports port 443 563    # https, snews acl Safe_ports port 70        # gopher acl Safe_ports port 210        # wais acl Safe_ports port 1025-65535    # unregistered ports acl Safe_ports port 280        # http-mgmt acl Safe_ports port 488        # gss-http acl Safe_ports port 591        # filemaker acl Safe_ports port 777        # multiling http acl CONNECT method CONNECT # http_access deny all http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports #acl our_networks src 192.168.1.0/24 192.168.2.0/24 #http_access allow our_networks http_access deny all # http_reply_access allow all http_reply_access allow all # icp_access deny all icp_access allow all # miss_access allow all # ident_lookup_access deny all # reply_header_max_size 20 KB # reply_body_max_size 0 allow all # cache_mgr webmaster # cache_effective_user squid # announce_period 0 #announce_period 1 day # announce_host tracker.ircache.net # announce_port 3131 # httpd_accel_port 80 # httpd_accel_single_host off # httpd_accel_with_proxy off # httpd_accel_uses_host_header off # httpd_accel_no_pmtu_disc off # logfile_rotate 10 # tcp_recv_bufsize 0 bytes # memory_pools on # memory_pools_limit 5 MB # forwarded_for on # log_icp_queries on # icp_hit_stale off # minimum_direct_hops 4 # minimum_direct_rtt 400 # store_avg_object_size 13 KB # store_objects_per_bucket 20 # client_db on # netdb_low 900 # netdb_high 1000 # netdb_ping_period 5 minutes # query_icmp off # test_reachability off # buffered_logs off # reload_into_ims off # icon_directory /usr/local/etc/squid/icons # short_icon_urls off # error_directory /usr/local/etc/squid/errors/English # retry_on_error off # snmp_port 3401 # snmp_access deny all # snmp_incoming_address 0.0.0.0 # snmp_outgoing_address 255.255.255.255 # as_whois_server whois.ra.net # wccp_router 0.0.0.0 # wccp_version 4 # wccp_incoming_address 0.0.0.0 # wccp_outgoing_address 255.255.255.255 # delay_pools 2      # 2 delay pools # delay_class 1 2    # pool 1 is a class 2 pool # delay_class 2 3    # pool 2 is a class 3 pool # delay_access 1 allow some_big_clients # delay_access 1 deny all # delay_access 2 allow lotsa_little_clients # delay_access 2 deny all #delay_parameters pool aggregate #delay_parameters pool aggregate individual #delay_parameters pool aggregate network individual #delay_parameters 1 -1/-1 8000/8000 #delay_parameters 2 32000/32000 8000/8000 600/8000 # delay_initial_bucket_level 50 # incoming_icp_average 6 # incoming_http_average 4 # incoming_dns_average 4 # min_icp_poll_cnt 8 # min_dns_poll_cnt 8 # min_http_poll_cnt 8 # max_open_disk_fds 0 # offline_mode off # uri_whitespace strip # mcast_miss_addr 255.255.255.255 # mcast_miss_ttl 16 # mcast_miss_port 3135 # mcast_miss_encode_key XXXXXXXXXXXXXXXX # nonhierarchical_direct on # prefer_direct off # strip_query_terms on coredump_dir /usr/local/squid/cache # redirector_bypass off # ignore_unknown_nameservers on # digest_generation on # digest_rebuild_period 1 hour # digest_rewrite_period 1 hour # digest_swapout_chunk_size 4096 bytes # digest_rebuild_chunk_percentage 10 # client_persistent_connections on # server_persistent_connections on # detect_broken_pconn off # balance_on_multiple_ip on # pipeline_prefetch off # request_entities off # high_response_time_warning 0 # high_page_fault_warning 0 # high_memory_warning 0 # store_dir_select_algorithm least-load # ie_refresh off # vary_ignore_expire off # sleep_after_fork 0 # relaxed_header_parser on -------------------------------------------------------------------------------------- или если это возможно покажите похожий squid.conf для такой сети.