configuration squid sous ubuntu

**imen1986** · 10/07/2009, 11h01

bonjour à tous;
je suis entrain d'installer un serveur proxy squid pour une entreprise. j'ai configuré kerberos et samba.tout va bien. mais pour la configuration de squid il y'a un problème.Il me retourne ceci:

aclPARSEaccessLine:Access line contains no ACL's,skipping

j'ai essayer de modifier plusieurs paramètres mais rien ne marche.
Quelqu'un peut m'aider.
merci d'avance.

**Sawn_** · 10/07/2009, 11h10

Tu peux nous fournir ton squid.conf stp ?
Sinon ça va être un peu dur de t'aider

**imen1986** · 13/07/2009, 11h11

Envoyé par Sawn_

Tu peux nous fournir ton squid.conf stp ?
Sinon ça va être un peu dur de t'aider

merci swan.voici mon squid.conf:

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
append_domain .mondomaine.INT
visible_hostname = squid
emulate_httpd_log on
http_port 3128  
icp_port 1
#https_port 0.0.0.0:3128 cert=/etc/gadminsquid/certificate.pem
#visible_hostname host.example.org
httpd_suppress_version_string off
client_netmask 255.255.255.0
icp_query_timeout 0
maximum_icp_query_timeout 2000
mcast_icp_query_timeout 2000
dead_peer_timeout 10 seconds
hierarchy_stoplist cgi-bin ?
cache_mem 8 MB
cache_swap_low 90
cache_swap_high 95
maximum_object_size 4096 KB
minimum_object_size 0 KB
maximum_object_size_in_memory 8 KB
ipcache_size 1024
ipcache_low 90
ipcache_high 95
fqdncache_size 1024
cache_replacement_policy lru
memory_replacement_policy lru
cache_dir ufs /var/spool/squid 100 16 256
access_log /var/log/squid/access.log squid
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
pid_filename /var/run/squid.pid
hosts_file /etc/hosts
diskd_program /usr/lib/squid/diskd-daemon
unlinkd_program /usr/lib/squid/unlinkd
log_ip_on_direct on
debug_options ALL,1 20,9
ftp_user Squid@
ftp_list_width 32
ftp_passive on
ftp_sanitycheck on
ftp_telnet_protocol on
dns_retransmit_interval 5 seconds
dns_timeout 2 minutes
dns_defnames off
authenticate_cache_garbage_interval 1 hour
authenticate_ttl 1 hour
authenticate_ip_ttl 0 seconds
#wais_relay_port 0
request_header_max_size 20 KB
request_body_max_size 0 KB
quick_abort_min 16 KB
quick_abort_max 16 KB
quick_abort_pct 95
read_ahead_gap 16 KB
negative_ttl 5 minutes
positive_dns_ttl 6 hours
negative_dns_ttl 1 minute
range_offset_limit 0 KB
collapsed_forwarding off
refresh_stale_hit 0 seconds
forward_timeout 4 minutes
connect_timeout 1 minute
peer_connect_timeout 30 seconds
read_timeout 15 minutes
request_timeout 5 minutes
persistent_request_timeout 1 minute
client_lifetime 1 day
half_closed_clients on
pconn_timeout 120 seconds
ident_timeout 9 second
shutdown_lifetime 30 seconds
acl_uses_indirect_client on
delay_pool_uses_indirect_client on
log_uses_indirect_client on
reply_header_max_size 20 KB
cache_mgr root
mail_from <a href="mailto:squid@example.org">squid@example.org</a>
mail_program mail
cache_effective_user squid
#cache_effective_group squid
cache_effective_group root
umask 027
announce_period 0 hour
announce_host tracker.ircache.net
announce_port 3131
httpd_accel_no_pmtu_disc off
logfile_rotate 0
memory_pools on
memory_pools_limit 5 MB
via on
forwarded_for on
log_icp_queries on
icp_hit_stale off
minimum_direct_hops 4
minimum_direct_rtt 400
store_avg_object_size 13 KB
store_objects_per_bucket 20
client_db on
netdb_low 900
netdb_high 1000
netdb_ping_period 5 minutes
query_icmp off
test_reachability off
buffered_logs off
reload_into_ims off
icon_directory /usr/share/squid/icons
global_internal_static on
short_icon_urls off
error_directory /usr/share/squid/errors/English
maximum_single_addr_tries 1
retry_on_error off
snmp_port 0
snmp_incoming_address 0.0.0.0
snmp_outgoing_address 255.255.255.255
as_whois_server whois.ra.net
wccp_router 0.0.0.0
wccp_version 4
wccp2_rebuild_wait on
wccp2_forwarding_method 1
wccp2_return_method 1
wccp2_assignment_method 1
wccp2_service standard 0
wccp2_weight 10000
wccp_address 0.0.0.0
wccp2_address 0.0.0.0
#incoming_icp_average 6
#incoming_http_average 4
#incoming_dns_average 4
#min_icp_poll_cnt 8
#min_dns_poll_cnt 8
#min_http_poll_cnt 8
max_open_disk_fds 0
offline_mode off
uri_whitespace strip
nonhierarchical_direct on
prefer_direct off
strip_query_terms on
coredump_dir none
coredump_dir /var/spool/squid
redirector_bypass off
ignore_unknown_nameservers on
digest_generation on
digest_bits_per_entry 5
digest_rebuild_period 1 hour
digest_rewrite_period 1 hour
digest_swapout_chunk_size 4096 bytes
digest_rebuild_chunk_percentage 10
client_persistent_connections on
server_persistent_connections on
persistent_connection_after_error off
detect_broken_pconn off
balance_on_multiple_ip on
pipeline_prefetch off
request_entities off
high_response_time_warning 0
high_page_fault_warning 0
high_memory_warning 0
store_dir_select_algorithm least-load
ie_refresh off
vary_ignore_expire off
sleep_after_fork 0
minimum_expiry_time 60 seconds
relaxed_header_parser on
max_filedesc 1024
cache_vary on
#auth_param negotiate program <uncomment and complete this line to activate>
#auth_param negotiate children 5
#auth_param negotiate keep_alive on
#auth_param ntlm program <uncomment and complete this line to activate>
#auth_param ntlm keep_alive on
#auth_param digest program <uncomment and complete this line>
#auth_param digest children 5
#auth_param digest realm Squid proxy-caching web server
#auth_param digest nonce_garbage_interval 5 minutes
#auth_param digest nonce_max_duration 30 minutes
#auth_param digest nonce_max_count 50
#auth_param basic program <uncomment and complete this line>
#auth_param basic realm Squid proxy-caching web server
#auth_param basic casesensitive off
auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
auth_param basic credentialsttl 2 hours
auth_param basic realm Squid mezzocc
auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic
auth_param basic children 5
auth_param ntlm children 5
auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp --require-membership-of=MEZZOCC.INT\\mezzocc
auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic --require-membership-of=MEZZOCC.INT\\mezzocc
acl all src 0.0.0.0/0.0.0.0
acl our_networks src 192.168.0.0/24 192.168.1.0/24
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl manager proto cache_object
acl QUERY urlpath_regex cgi-bin \?
acl apache rep_header Server ^Apacheauth_param basic program
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
acl localnetwork src 172.29.0.0/255.255.255.0
acl mezzocc src 172.30.0.0/255.255.0.0
acl ntlm proxy_auth REQUIRED
http_access allow ntlm
http_access allow localhost
http_reply_access allow all
broken_vary_encoding allow apache
icp_access allow all
miss_access allow all
reply_body_max_size 0 allow all
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny to_localhost
follow_x_forwarded_for deny all
ident_lookup_access allow all localhost mezzocc
cache deny QUERY
http_access allow localnetwork
http_access deny all
snmp_access deny all
logformat squid %ts.%03tu %6tr %>a %Ss/%03Hs %<st %rm %ru %un %Sh/%<A %mt
logformat squidmime %ts.%03tu %6tr %>a %Ss/%03Hs %<st %rm %ru %un %Sh/%<A %mt [%>h] [%<h]
logformat common %>a %ui %un [%tl] "%rm %ru HTTP/%rv" %Hs %<st %Ss:%Sh
logformat combined %>a %ui %un [%tl] "%rm %ru HTTP/%rv" %Hs %<st "%{Referer}>h" "%{User-Agent}>h" %Ss:%Sh
refresh_pattern ^ftp:		1440	20%	10080
refresh_pattern ^gopher:	1440	0%	1440
refresh_pattern .		0	20%	4320
#dns_nameservers 172.29.10.40 10.0.0.2
#mcast_groups 239.128.16.128 224.0.1.20
#mime_table /etc/squid/mime.conf
#ssl_unclean_shutdown off
#ssl_engine none
#sslproxy_client_certificate none
#sslproxy_client_key none
#sslproxy_version 1
#sslproxy_options none
#sslproxy_cipher none
#sslproxy_cafile none
#sslproxy_capath none
#sslproxy_flags none
#sslpassword_program none
 
delay_pools 0
#delay_pools 2      # 2 delay pools
#delay_class 1 2    # pool 1 is a class 2 pool
#delay_class 2 3    # pool 2 is a class 3 pool
#delay_access 1 allow some_big_clients
#delay_access 2 allow lotsa_little_clients
#delay_access 1 deny all
#delay_access 2 deny all
#delay_parameters pool aggregate
#delay_parameters pool aggregate individual
#delay_parameters pool aggregate network individual
#delay_parameters 1 -1/-1 8000/8000
#delay_parameters 2 32000/32000 8000/8000 600/8000
#delay_initial_bucket_level 50
#cache_peer parent.foo.net       parent    3128  3130  proxy-only
#cache_peer sib1.foo.net         sibling   3128  3130  proxy-only
#cache_peer sib2.foo.net         multicast 3128  3130  proxy-only
#cache_peer_domain parent.foo.net .net
#cache_peer_domain parent.bar.net !hello.org
#cache_peer  parent cache.foo.org 3128 3130
#neighbor_type_domain cache.foo.org sibling .com .net
#neighbor_type_domain cache.foo.org sibling .au .de
deny_info err_access_denied localnetwork
deny_info err_access_denied mezzocc
never_direct allow 
#redirect_program /usr/bin/squidGuard -c /etc/squid/squidGuard

je souhaite que ca peut aider un peu , je suis vraiment bloquée.

**OxYdAbLeS** · 29/07/2009, 17h33

Salut Imen,

Le "aclPARSEaccessLine:Access line contains no ACL's,skipping" veut dire que tu as une access line dans laquelle tu n'as pas declarée d'ACL. par exemple si je crée une ligne de conf "http_access allow" au lieu de "http_access allow MonACL".
J'ai parcourus rapidement ton fichier de conf et il se trouve que la ligne "never_direct allow" n'est pas complète. Ca devrait donner "never_direct allow MonACL" avec bien sûr MonACL défini au préalable. bon courage.

configuration squid sous ubuntu

Réseau

Discussions similaires

Partager

Partager