OT: squid a nefunkcnost internetbankingu
Petr Macek
pm-conf at kostax.cz
Mon Dec 17 13:01:50 CET 2007
Zdravim,
omlouvam se za OT a rovnou priznavam, ze squid proste nemam rad a spatne
konfiguruji :-) Zakaznik pozadoval proxy s autorizaci, to jede, ale mam
problem s jednou bankou. Po restartu squidu se to prvnimu uzivateli pry
obcas povede, potom uz ne. Porad to jen zobrazuje autorizacni dialog. V
logu je tohle:
1195632938.606 62 10.10.110.59 TCP_DENIED/407 1851 GET
http://www.volksbank.cz/vb/jnp/cz/home/index.html - NONE/- text/html
1195632938.751 145 10.10.110.59 TCP_MISS/200 17043 GET
http://www.volksbank.cz/vb/jnp/cz/home/index.html test
DIRECT/195.39.69.100 text/html
1195632938.752 1 10.10.110.59 TCP_DENIED/407 1896 GET
http://www.volksbank.cz/vb/public/75/17/80/e/25_9356_general.css -
NONE/- text/html
1195632938.767 0 10.10.110.59 TCP_DENIED/407 1890 GET
http://www.volksbank.cz/vb/public/5c/21/1/ea/23_9389_print.css - NONE/-
text/html
1195632938.782 29 10.10.110.59 TCP_MISS/304 224 GET
http://www.volksbank.cz/vb/public/75/17/80/e/25_9356_general.css test
DIRECT/195.39.69.100 -
Temer defaultni konfigurace vypada takhle:
auth_param digest program /usr/local/libexec/squid/digest_pw_auth
/usr/local/etc/squid/squid_pass
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
acl password proxy_auth REQUIRED
http_access allow password
icp_access allow all
http_port 3128
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY
cache_dir ufs /usr/local/squid/cache 5000 16 256
access_log /usr/local/squid/logs/access.log squid
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
coredump_dir /usr/local/squid/cache
Jsem vdecny za jakoukoli radu
PM
--
# ---------------
# Petr Macek
# pm at kostax.cz
# icq: 87323239
# www.kostax.cz
# MySQL www client (PHP) ... try it!
# http://the.cz/mywwwatcher
More information about the Users-l
mailing list