OT: squid a nefunkcnost internetbankingu

Petr Macek pm-conf at kostax.cz
Mon Dec 17 13:01:50 CET 2007


Zdravim,
omlouvam se za OT a rovnou priznavam, ze squid proste nemam rad a spatne
konfiguruji :-) Zakaznik pozadoval proxy s autorizaci, to jede, ale mam
problem s jednou bankou. Po restartu squidu se to prvnimu uzivateli pry
obcas povede, potom uz ne. Porad to jen zobrazuje autorizacni dialog. V
logu je tohle:

1195632938.606     62 10.10.110.59 TCP_DENIED/407 1851 GET
http://www.volksbank.cz/vb/jnp/cz/home/index.html - NONE/- text/html
1195632938.751    145 10.10.110.59 TCP_MISS/200 17043 GET
http://www.volksbank.cz/vb/jnp/cz/home/index.html test
DIRECT/195.39.69.100 text/html
1195632938.752      1 10.10.110.59 TCP_DENIED/407 1896 GET
http://www.volksbank.cz/vb/public/75/17/80/e/25_9356_general.css -
NONE/- text/html
1195632938.767      0 10.10.110.59 TCP_DENIED/407 1890 GET
http://www.volksbank.cz/vb/public/5c/21/1/ea/23_9389_print.css - NONE/-
text/html
1195632938.782     29 10.10.110.59 TCP_MISS/304 224 GET
http://www.volksbank.cz/vb/public/75/17/80/e/25_9356_general.css test
DIRECT/195.39.69.100 -

Temer defaultni konfigurace vypada takhle:
auth_param digest program /usr/local/libexec/squid/digest_pw_auth
/usr/local/etc/squid/squid_pass
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
acl password proxy_auth REQUIRED
http_access allow password
icp_access allow all
http_port 3128
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY
cache_dir ufs /usr/local/squid/cache 5000 16 256
access_log /usr/local/squid/logs/access.log squid
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern .               0       20%     4320
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
coredump_dir /usr/local/squid/cache


Jsem vdecny za jakoukoli radu

PM


-- 
# ---------------
# Petr Macek
# pm at kostax.cz
# icq: 87323239
# www.kostax.cz

# MySQL www client (PHP) ... try it!
# http://the.cz/mywwwatcher




More information about the Users-l mailing list