1,574
edits
Changes
From SME Server
Jump to navigationJump to search→Allow squid custom file descriptor limit
Squidguard Homepage: http://www.squidguard.org/
Squidguard Homepage: http://www.squidguard.org/
SME SquidGuard Howto: [[SquidGuard]]
SME SquidGuard Howto: [[SquidGuard]] or [[WebFiltering]]
===ProxyPass===
===ProxyPass===
refresh_pattern http://office\.microsoft\.com/ 0 80% 20160 reload-into-ims
refresh_pattern http://office\.microsoft\.com/ 0 80% 20160 reload-into-ims
# cache ubuntu updates
# cache ubuntu updates [check logs use COUNTRY SPECIFIC first line or generic below]
refresh_pattern http://.*\.archive\.ubuntu\.com 0 80% 20160 reload-into-ims
refresh_pattern http://.*\.archive\.ubuntu\.com 0 80% 20160 reload-into-ims
refresh_pattern http://archive\.ubuntu\.com 0 80% 20160 reload-into-ims
# add any site you want to cache below
# add any site you want to cache below
The number of second-level subdirectories to be created under each first-level cache directory; 256 Level-2
The number of second-level subdirectories to be created under each first-level cache directory; 256 Level-2
====Content Encoding Error ====
The problem here is squid that comes with SME Server 7.x is version 2.5 which has lack of HTTP/1.1 support. SME 8 has a later version of and solves this issue. See [[Bugzilla 6058]]
As a workaround you will need to create a few custom-templates and use squid's acl rules.
Create a file called 21BrokenHeader in the following directory (create if doesn't exist)
/etc/e-smith/templates-custom/etc/squid/squid.conf
Enter the following line in 21BrokenHeader
acl broken dstdomain www.maplin.co.uk
Save the file
If it does not already exist create a file called 40http_access75AllowLocal in the following directory
/etc/e-smith/templates-custom/etc/squid/squid.conf
Enter the following line in 40http_access75AllowLocal
header_access Accept-Encoding deny broken
Save and quit, next expand the files:
expand-template /etc/squid/squid.conf
and restart the squid service:
sv t /service/squid/
====How do I block access to (Facebook|Twitter|whatever) that runs on https?====
Nowadays many sites work only using https protocol; we can't filter their content but we can block access to them
From this post
* http://forums.contribs.org/index.php/topic,51474.msg261561.html#msg261561
Create the rigth path into /etc/e-smith/templates-custom/etc/squid/squid.conf
mkdir -p /etc/e-smith/templates-custom/etc/squid/squid.conf
move into the new path
cd /etc/e-smith/templates-custom/etc/squid/squid.conf
create a new fragment 20ACL40bannedsites
nano 20ACL40bannedsites
it's content must be (for example, to block Facebook)
acl bannedsites dstdomain .facebook.com
Domains to be blocked can be many, just put them in the same line, separated by a space
Save and exit with Ctrl-X, Y
create another fragment 40http_access15denyconnectBannedsites
nano 40http_access15denyconnectBannedsites
with this content
http_access deny CONNECT bannedsites
Save and exit with Ctrl-X, Y
Now, invoke proxy-update event
signal-event proxy-update
Tested and working on SME8.X and SME9
====Allow squid custom file descriptor limit====
The new default limit is 4096, and a custom value can be set with:
db configuration setprop squid MaxFileDesc 8192
expand-template /etc/squid/squid.conf
sv t /service/squid
----
----
[[Category:Howto]]
[[Category:Howto]]
[[Category:Administration]]
