From: "altlinux@aaanet.ru" <altlinux@aaanet.ru>
To: ALT Linux sysadmin discuss <sysadmins@lists.altlinux.org>
Subject: [Sysadmins] squid
Date: Thu, 20 Dec 2007 11:52:22 +0300
Message-ID: <476A2D46.5070202@aaanet.ru> (raw)
всем привет!
есть Squid Cache: Version 2.6.STABLE12
Периодически пишет доступ запрещен. В логах acces.log TCP_DENIED делаю
service squid reload и всё начинает работать. Такое происходит в
наиболее загруженное время.
Грешу на winbind но в логах ничего не могу найти.
Как отловить кто виноват? И вопрос по поводу url_rewrite_children 450
больше указать немогу, незагружается сервис, как сделать что бы больше
children можно было проставить?
настроен след. образом
[root@gate squid]# cat /etc/squid/squid.conf
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_access_log /var/log/squid/access.log
ftp_user anonymous
url_rewrite_program /usr/local/bin/samsredir
url_rewrite_children 450
debug_options auth_param,9
auth_param ntlm program /usr/bin/ntlm_auth
--helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 20
auth_param basic program /usr/bin/ntlm_auth
--helper-protocol=squid-2.5-basic
auth_param basic children 20
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
external_acl_type AD_global_group %LOGIN /usr/lib64/squid/wbinfo_group.pl
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl HTTP_Common external AD_global_group grphttp
acl HTTPS_Common external AD_global_group grphttps
acl ICQ_Common external AD_global_group grpicq
acl to_localhost dst 127.0.0.0/8
acl http_ftp_ports port 80 8080 21 1443 7778 # http
acl https_ports port 443 # https
acl http_icq dstdomain login.icq.com # icq
acl birga dstdomain etc.rndex.ru
acl CONNECT method CONNECT
http_access allow HTTP_Common http_ftp_ports
http_access allow HTTPS_Common https_ports
http_access allow ICQ_Common http_icq https_ports
http_access allow manager localhost
http_access deny manager
http_access allow localhost
http_access deny all
http_reply_access allow all
error_directory /usr/share/squid/errors/Russian-1251
reply other threads:[~2007-12-20 8:52 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=476A2D46.5070202@aaanet.ru \
--to=altlinux@aaanet.ru \
--cc=sysadmins@lists.altlinux.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
ALT Linux sysadmins discussion
This inbox may be cloned and mirrored by anyone:
git clone --mirror http://lore.altlinux.org/sysadmins/0 sysadmins/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 sysadmins sysadmins/ http://lore.altlinux.org/sysadmins \
sysadmins@lists.altlinux.org sysadmins@lists.altlinux.ru sysadmins@lists.altlinux.com
public-inbox-index sysadmins
Example config snippet for mirrors.
Newsgroup available over NNTP:
nntp://lore.altlinux.org/org.altlinux.lists.sysadmins
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git