Я уже неделю бражу в инете в поисках помощи, собираю документацию и всё что связано с Squid-ом, но всё тщетно. НЕРАБОТАЕТ! Помогите пожалуйста, что я делаю не так! Всё вродебы создал, путе все правильные, даже HTPASSWD утилитой пароли внес, но .... Даже и не пахнет работой...
Мне нужно, чтобы пользователи моей сети заходили каждый со своим поролем и именем в инет. Хотябы так для начала...
Или хотябы рабочий листинг вышлите на мыло мне для версии 2.5.
Вот мой листинг squid.conf
# WELCOME TO SQUID 2
# NETWORK OPTIONS
# #
#Default:
http_port 3128
# TAG: https_port
# Note: This option is only available if Squid is rebuilt with the
# OPTIONS WHICH AFFECT THE CACHE SIZE
#
#Default:
cache_mem 8 MB
# TAG: cache_swap_low (percent, 0-100)
# TAG: cache_swap_high (percent, 0-100)
#
#
#Default:
cache_dir ufs /usr/local/squid/var/cache 100 16 256
# TAG: cache_access_log
# Logs the client request activity. Contains an entry for
# every HTTP and ICP queries received. To disable, enter "none".
#
#Default:
cache_access_log /usr/local/squid/var/logs/access.log
# output, Full debugging (level 9) can result in a very large
# log file, so be careful. The magic word "ALL" sets debugging
# levels for all sections. We recommend normally running with
# "ALL,1".
#
#Default:
# debug_options ALL,1
# TAG: log_fqdn on|off
# Turn this on if you wish to log fully qualified domain names
# in the access.log. To do this Squid does a DNS lookup of all
# IP's connecting to it. This can (in some situations) increase
# latency, which makes your cache seem slower for interactive
# browsing.
#
#Default:
# log_fqdn off
# TAG: client_netmask
# A netmask for client addresses in logfiles and cachemgr output.
# Change this to protect the privacy of your cache clients.
# A netmask of 255.255.255.0 will log all IP's in that range with
# the last digit set to '0'.
#
#Default:
# client_netmask 255.255.255.255
# OPTIONS FOR EXTERNAL SUPPORT PROGRAMS
# -----------------------------------------------------------------------------
# TAG: ftp_user
# If you want the anonymous login password to be more informative
# (and enable the use of picky ftp servers), set this to something
# reasonable for your domain, like wwwuser@somewhere.net
#
# The reason why this is domainless by default is that the
# request can be made on the behalf of a user in any domain,
# depending on how the cache is used.
# Some ftp server also validate that the email address is valid
# (for example perl.com).
#
#Default:
# ftp_user Squid@
# TAG: ftp_list_width
# Sets the width of ftp listings. This should be set to fit in
# the width of a standard browser. Setting this too small
# can cut off long filenames when browsing ftp sites.
#
#Default:
# ftp_list_width 32
# TAG: ftp_passive
# If your firewall does not allow Squid to use passive
# connections, then turn off this option.
#
#Default:
# ftp_passive on
# TAG: ftp_sanitycheck
# For security and data integrity reasons Squid by default performs
# sanity checks of the addresses of FTP data connections ensure the
# data connection is to the requested server. If you need to allow
# FTP connections to servers using another IP address for the data
# connection then turn this off.
#
# === Parameters for the basic scheme follow. ===
#
# "program" cmdline
# Specify the command for the external authenticator. Such a
# program reads a line containing "username password" and replies
# "OK" or "ERR" in an endless loop. If you use an authenticator,
# make sure you have 1 acl of type proxy_auth. By default, the
# authenticate_program is not used.
#
# If you want to use the traditional proxy authentication,
# jump over to the ../auth_modules/NCSA directory and
# type:
# % make
# % make install
#
# Then, set this line to something like
#
auth_param basic program /usr/local/squid/libexec/ncsa_auth /usr/local/squid/etc/passwd
#
# === NTLM scheme options follow ===
#
# "program" cmdline
# Specify the command for the external ntlm authenticator.
# Such a program reads a line containing the uuencoded NEGOTIATE
# and replies with the ntlm CHALLENGE, then waits for the
# response and answers with "OK" or "ERR" in an endless loop.
# If you use an ntlm authenticator, make sure you have 1 acl
# of type proxy_auth. By default, the ntlm authenticator_program
# is not used.
#
# auth_param ntlm program /usr/local/squid/bin/ntlm_auth
#
# "children" numberofchildren
# The number of authenticator processes to spawn (no default).
# If you start too few Squid will have to wait for them to
# process a backlog of credential verifications, slowing it
# down. When crendential verifications are done via a (slow)
# network you are likely to need lots of authenticator
# processes.
# auth_param ntlm children 5
#
# "max_challenge_reuses" number
# The maximum number of times a challenge given by a ntlm
# authentication helper can be reused. Increasing this number
# increases your exposure to replay attacks on your network.
# 0 means use the challenge only once. (disable challenge
# caching) See max_ntlm_challenge_lifetime for more information.
# auth_param ntlm max_challenge_reuses 0
#
# "max_challenge_lifetime" timespan
# The maximum time period that a ntlm challenge is reused
# over. The actual period will be the minimum of this time
# AND the number of reused challenges.
# auth_param ntlm max_challenge_lifetime 2 minutes
#
#Recommended minimum configuration:
#auth_param digest program <uncomment and complete this line>
#auth_param digest children 5
#auth_param digest realm Squid proxy-caching web server
#auth_param digest nonce_garbage_interval 5 minutes
#auth_param digest nonce_max_duration 30 minutes
#auth_param digest nonce_max_count 50
#auth_param ntlm program <uncomment and complete this line to activate>
#auth_param ntlm children 5
#auth_param ntlm max_challenge_reuses 0
#auth_param ntlm max_challenge_lifetime 2 minutes
#auth_param basic program <uncomment and complete this line>
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
# TAG: authenticate_cache_garbage_interval
# The time period between garbage collection across the
# username cache. This is a tradeoff between memory utilisation
# (long intervals - say 2 days) and CPU (short intervals -
# say 1 minute). Only change if you have good reason to.
#
#Default:
# authenticate_cache_garbage_interval 1 hour
# TAG: authenticate_ttl
# The time a user & their credentials stay in the logged in
# user cache since their last request. When the garbage
# interval passes, all user credentials that have passed their
# TTL are removed from memory.
#
# used.
#
#Suggested default:
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
# Sets a upper limit on how far into the the file a Range request
# may be to cause Squid to prefetch the whole file. If beyond this
# limit then Squid forwards the Range request as it is and the result
# is NOT cached.
#
# This is to stop a far ahead range request (lets say start at 17MB)
# from making Squid fetch the whole object up to that point before
# sending anything to the client.
#
# A value of -1 causes Squid to always fetch the object from the
# beginning so that it may cache the result. (2.0 style)
#
# A value of 0 causes Squid to never fetch more than the
# client requested. (default)
#
#Default:
# range_offset_limit 0 KB
# shutdown_lifetime 30 seconds
# ACCESS CONTROLS
# -----------------------------------------------------------------------------
# TAG: acl
#acl javascript rep_mime_type -i ^application/x-javascript$
#
#Recommended minimum configuration:
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
# TAG: http_access
# Allowing or Denying access based on defined access lists
#
# Access to the HTTP port:
# http_access allow|deny [!]aclname ...
#
# NOTE on default values:
#
# If there are no "access" lines present, the default is to deny
# the request.
#
# If none of the "access" lines cause a match, the default is the
# opposite of the last line in the list. If the last line was
# deny, then the default is allow. Conversely, if the last line
# is allow, the default will be deny. For these reasons, it is a
# good idea to have an "deny all" or "allow all" entry at the end
# of your access lists to avoid potential confusion.
#
#Default:
# http_access deny all
#
#Recommended minimum configuration:
#
# Only allow cachemgr access from localhost
http_access allow manager localhost
http_access deny manager
# Deny requests to unknown ports
http_access deny !Safe_ports
# Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports
#
# We strongly recommend to uncomment the following to protect innocent
# web applications running on the proxy server who think that the only
# one who can access services on "localhost" is a local user
#http_access deny to_localhost
#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
# Exampe rule allowing access from your local networks. Adapt
# to list your (internal) IP networks from where browsing should
# be allowed
#acl our_networks src 192.168.1.0/24 192.168.2.0/24
#http_access allow our_networks
# And finally deny all other access to this proxy
http_access deny all
# TAG: http_reply_access
# Allow replies to client requests. This is complementary to http_access.
#
# http_reply_access allow|deny [!] aclname ...
#
# NOTE: if there are no access lines present, the default is to allow
# all replies
#
# If none of the access lines cause a match, then the opposite of the
# last line will apply. Thus it is good practice to end the rules
# with an "allow all" or "deny all" entry.
#
#Default:
# http_reply_access allow all
#
#Recommended minimum configuration:
#
# Insert your own rules here.
#
#
# and finally allow by default
http_reply_access allow all
#Allow ICP queries from everyone
icp_access allow all
# ie_refresh off
# TAG: vary_ignore_expire on|off
# Many HTTP servers supporting Vary gives such objects
# immediate expiry time with no cache-control header
# when requested by a HTTP/1.0 client. This option
# enables Squid to ignore such expiry times until
# HTTP/1.1 is fully implemented.
# WARNING: This may eventually cause some varying
# objects not intended for caching to get cached.
#
#Default:
# vary_ignore_expire off
# TAG: sleep_after_fork (microseconds)
# When this is set to a non-zero value, the main Squid process
# sleeps the specified number of microseconds after a fork()
# system call. This sleep may help the situation where your
# system reports fork() failures due to lack of (virtual)
# memory. Note, however, that if you have a lot of child
# processes, then these sleep delays will add up and your
# Squid will not service requests for some amount of time
# until all the child processes have been started.
#
#Default:
# sleep_after_fork 0
Люди добрые помогите, укажите на ошибки....!!!
СПАСИБО!
Вариант для распечатки
Настройка Squid и других прокси серверов (Public)
on
27-Янв-03, 15:41 (MSK)
