Hello experts
I have much trouble to get HAVP with Squid working in this case.
My HAVP listens to port 8080 and it is working correctly. Pointing my brwosers Proxy to proxy:8080 works fine.
Now I want to do it with a squid. So the config is Client -> Squid -> HAVP -> Internet.
I got this working on another machine already but on this one it does not work. Squid is NEVER using the HAVP, no matter what I try to configure. Even the debug messages of Squid didn't help me.
My Squid Config is as following (changing some Domainnames and external IPs):
more squid.conf | grep -v ^$ | grep -v "#"
cache_peer 141.1.1.1 parent 80 0 no-query
cache_peer 141.2.2.2 parent 8183 0 no-query
cache_peer 127.0.0.1 parent 8080 0 no-query no-digest no-netdb-exchange default
acl admin_net src 192.168.40.0/24
acl Scan_HTTP proto HTTP
never_direct allow Scan_HTTP
cache_peer_access 127.0.0.1 deny !Scan_HTTP
cache_peer_access 127.0.0.1 allow Scan_HTTP
cache_peer_access 127.0.0.1 allow admin_net
cache_peer_domain 141.1.1.1 test1.de
cache_peer_domain 141.2.2.2 test2.de
acl ffproxies dstdomain test3.de
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
acl JARFILE urlpath_regex \.jar
no_cache deny JARFILE
acl INTERN dstdomain mydomain.de mydomain-gmbh.de
no_cache deny INTERN
cache_mem 512 MB
cache_dir ufs /var/cache/squid 5000 16 256 read-only
cache_store_log none
ftp_user
nix@ueberhauptgarnix.com
redirect_program /usr/sbin/squidGuard -c /etc/squidguard.conf
redirect_children 30
refresh_pattern ^ftp: 60 20% 60
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl netmon src 172.16.11.106/32 192.168.12.5/32 192.168.12.7/32
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563 8443
acl CONNECT method CONNECT
acl netzgenhosts src "/etc/squid/squid.dnsok"
acl nosavhosts src "/etc/squid/squid.nosav"
acl mydomain_src src 172.16.0.0/12 192.168.0.0/16
acl mydomain_dst dst 172.16.0.0/12 192.168.0.0/16
acl local_adr dst 127.0.0.1/255.255.255.255
acl local_url dstdomain localhost
acl errortest dstdomain error.mydomain-test.de
acl denyusers src "/etc/squid/squid.deny"
acl allowdomains url_regex -i "/etc/squid/squid.allowurl"
acl nimdaWorm urlpath_regex -i \.eml$
acl w32gonera urlpath_regex -i gone.scr$
acl denydomains dstdom_regex -i "/etc/squid/squid.denyurl"
acl denypath urlpath_regex -i "/etc/squid/squid.denyurl"
acl denyips dst "/etc/squid/squid.denyips"
acl blockedtypereq req_mime_type -i ^application/x-msmetafile$
acl blockedtypereq req_mime_type -i application/x-msmetafile
acl blockedtyperep rep_mime_type -i ^application/x-msmetafile$
acl blockedtyperep rep_mime_type -i application/x-msmetafile
acl denyext url_regex -i \.wmf$
acl denydisp rep_header Content-Disposition -i filename.*\.wmf
http_access allow manager localhost
http_access allow manager netmon
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow ffproxies
http_access deny nimdaWorm
http_access deny w32gonera
http_access deny local_url
http_access deny local_adr
http_access deny errortest
http_access deny !mydomain_src
http_access deny !netzgenhosts
http_access deny denydomains
http_access deny denypath
http_access deny denyips
http_access deny denyext
http_access deny denydisp
http_access deny blockedtypereq
http_access deny blockedtyperep
http_access allow allowdomains
http_access allow mydomain_dst
http_access deny denyusers
http_access deny nosavhosts
http_access allow admin_net
http_access allow all
http_access deny all
http_reply_access allow all
icp_access allow all
cache_mgr
Hotline@mydomain.de
visible_hostname my-proxy
append_domain .mydomain.de
deny_info ERR_LOCAL_PROXY local_url
deny_info ERR_LOCAL_PROXY local_adr
deny_info ERR_NO_DNS netzgenhosts
deny_info ERR_NO_SAV nosavhosts
deny_info
http://wwwtest.mydomain-gmbh.de/ errortest
cachemgr_passwd disable shutdown
cachemgr_passwd none all
acl schnellsurfer src 0.0.0.0/0
always_direct deny ffproxies
always_direct allow mydomain_dst
always_direct allow schnellsurfer
always_direct deny all
never_direct allow ffproxies
never_direct deny mydomain_dst
never_direct deny schnellsurfer
never_direct allow all
header_access X-Forwarded-For deny !mydomain_dst
header_access Server deny !mydomain_dst
header_access Link deny !mydomain_dst
header_access Via deny !mydomain_dst
error_directory /usr/share/squid/errors/German
uri_whitespace encode
strip_query_terms off
coredump_dir /var/cache/squid
I have two network cards in my computer running SuSE Linux:
eth0 192.168.102.12
eth1 "an external IP"
Looking to /var/log/havp shows no errors in HAVP and only something in access.log when pointing the browser directly to 192.168.102.12:8080 and not to 192.168.102.12:3128 (where Squid is running). No errors in /var/log/messages or in /var/log/squid/access.log or /var/log/squid/cache.log
Squid simply does not care about HAVP...
I also tries the minimal config from
http://www.server-side.de/ideas.htm with ACL all in all places. Also tried tu use the IP of eth0 192.168.102.12 instead of localhost or 127.0.0.1 ...same result.
Help is really appreciated.
Regards,
Alexander