Squid and streaming apps

BESTYALL · May 27, 2022, 7:19am


2022/05/27 04:13:37| Startup: Initializing Authentication Schemes ...
2022/05/27 04:13:37| Startup: Initialized Authentication.
2022/05/27 04:13:37| Processing Configuration File: /etc/squid/squid.conf (depth 0)
2022/05/27 04:13:37| Processing: acl localhost src 192.168.1.0/24
2022/05/27 04:13:37| Processing: acl localhost src 2804:14d:4c86:8d92::/64
2022/05/27 04:13:37| Processing: acl localnet src 192.168.1.0/24
2022/05/27 04:13:37| Processing: acl localnet src 2804:14d:4c86:8d92::/64
2022/05/27 04:13:37| Processing: http_port 3128 intercept
2022/05/27 04:13:37| Starting Authentication on port [::]:3128
2022/05/27 04:13:37| Disabling Authentication on port [::]:3128 (interception enabled)
2022/05/27 04:13:37| Processing: http_port 80 accel
2022/05/27 04:13:37| Processing: http_port 443 accel
2022/05/27 04:13:37| Processing: dns_packet_max 9000 bytes
2022/05/27 04:13:37| Processing: acl localnet src 0.0.0.1-0.255.255.255  # RFC 1122 "this" network (LAN)
2022/05/27 04:13:37| Processing: acl localnet src 10.0.0.0/8             # RFC 1918 local private network (LAN)
2022/05/27 04:13:37| Processing: acl localnet src 100.64.0.0/10          # RFC 6598 shared address space (CGN)
2022/05/27 04:13:37| Processing: acl localnet src 169.254.0.0/16         # RFC 3927 link-local (directly plugged) machines
2022/05/27 04:13:37| Processing: acl localnet src 172.16.0.0/12          # RFC 1918 local private network (LAN)
2022/05/27 04:13:37| Processing: acl localnet src fc00::/7               # RFC 4193 local private network range
2022/05/27 04:13:37| Processing: acl localnet src fe80::/10              # RFC 4291 link-local (directly plugged) machines
2022/05/27 04:13:37| Processing: acl SSL_ports port 443
2022/05/27 04:13:37| Processing: acl Safe_ports port 80         # http
2022/05/27 04:13:37| Processing: acl Safe_ports port 21         # ftp
2022/05/27 04:13:37| Processing: acl Safe_ports port 443                # https
2022/05/27 04:13:37| Processing: acl Safe_ports port 70         # gopher
2022/05/27 04:13:37| Processing: acl Safe_ports port 210                # wais
2022/05/27 04:13:37| Processing: acl Safe_ports port 1025-65535 # unregistered ports
2022/05/27 04:13:37| Processing: acl Safe_ports port 280                # http-mgmt
2022/05/27 04:13:37| Processing: acl Safe_ports port 488                # gss-http
2022/05/27 04:13:37| Processing: acl Safe_ports port 591                # filemaker
2022/05/27 04:13:37| Processing: acl Safe_ports port 777                # multiling http
2022/05/27 04:13:37| Processing: acl CONNECT method CONNECT
2022/05/27 04:13:37| Processing: http_access allow localhost manager
2022/05/27 04:13:37| Processing: http_access deny manager
2022/05/27 04:13:37| Processing: http_access allow localnet
2022/05/27 04:13:37| Processing: http_access allow localhost
2022/05/27 04:13:37| Processing: http_access deny all
2022/05/27 04:13:37| Processing: cache_dir diskd /tmp/squid 400 16 226 Q1=64 Q2=72
2022/05/27 04:13:37| Processing: minimum_object_size 0 bytes
2022/05/27 04:13:37| Processing: maximum_object_size 32 MB
2022/05/27 04:13:37| Processing: cache_swap_low 90
2022/05/27 04:13:37| Processing: cache_swap_high 95
2022/05/27 04:13:37| Processing: cache_mem 16 MB
2022/05/27 04:13:37| Processing: maximum_object_size_in_memory 524288 bytes
2022/05/27 04:13:37| Processing: refresh_pattern -i \.(3gp|7z|ace|asx|avi|bin|cab|dat|deb|divx|dvr-ms)      10800 80% 10800
2022/05/27 04:13:37| Processing: refresh_pattern -i \.(rar|jar|gz|tgz|bz2|iso|m1v|m2(v|p)|mo(d|v))          10800 80% 10800
2022/05/27 04:13:37| Processing: refresh_pattern -i \.(jp(e?g|e|2)|gif|pn[pg]|bm?|tiff?|ico|swf|css|js)     10800 80% 10800
2022/05/27 04:13:37| Processing: refresh_pattern -i \.(mp(e?g|a|e|1|2|3|4)|mk(a|v)|ms(i|u|p)|og(x|v|a|g)|rar|rm|r(a|p)m|snd|vob|wav) 10800 80% 10800
2022/05/27 04:13:37| Processing: refresh_pattern -i \.(pp(s|t)|wax|wm(a|v)|wmx|wpl|zip|cb(r|z|t))     10800 80% 10800
2022/05/27 04:13:37| Processing: refresh_pattern ^ftp:          1440    20%    10080
2022/05/27 04:13:37| Processing: refresh_pattern ^gopher:       1440    0%     1440
2022/05/27 04:13:37| Processing: refresh_pattern -i (/cgi-bin/|\?) 0    0%     0
2022/05/27 04:13:37| Processing: refresh_pattern .              0       20%    4320
2022/05/27 04:13:37| Processing: cache_effective_user squid
2022/05/27 04:13:37| Processing: access_log none  # daemon:/tmp/squid_access.log
2022/05/27 04:13:37| Processing: cache_log /dev/null  # /tmp/squid_cache.log
2022/05/27 04:13:37| Initializing https:// proxy context

reinerotto · May 27, 2022, 7:20am

This is not valid. Wondering, that you do not get an error during start-up of squid. Might be a warning, only, though.
Ah, looks like squid-4.14 is more foregiving than documented. So, ignore my critics. Anyway, you are intercepting http only, and caching it. Which seems to have some positive effect in your environment.

BESTYALL · May 27, 2022, 7:24am


2022/05/27 04:23:03| Startup: Initializing Authentication Schemes ...
2022/05/27 04:23:03| Startup: Initialized Authentication.
2022/05/27 04:23:03| Processing Configuration File: /etc/squid/squid.conf (depth 0)
2022/05/27 04:23:03| Processing: acl localhost src 192.168.1.0/24
2022/05/27 04:23:03| Processing: acl localhost src 2804:14d:4c86:8d92::/64
2022/05/27 04:23:03| Processing: acl localnet src 192.168.1.0/24
2022/05/27 04:23:03| Processing: acl localnet src 2804:14d:4c86:8d92::/64
2022/05/27 04:23:03| Processing: http_port 3128 transparent
2022/05/27 04:23:03| Starting Authentication on port [::]:3128
2022/05/27 04:23:03| Disabling Authentication on port [::]:3128 (interception enabled)
2022/05/27 04:23:04| Processing: http_port 80 accel
2022/05/27 04:23:04| Processing: http_port 443 accel
2022/05/27 04:23:04| Processing: dns_packet_max 9000 bytes
2022/05/27 04:23:04| Processing: acl localnet src 0.0.0.1-0.255.255.255  # RFC 1122 "this" network (LAN)
2022/05/27 04:23:04| Processing: acl localnet src 10.0.0.0/8             # RFC 1918 local private network (LAN)
2022/05/27 04:23:04| Processing: acl localnet src 100.64.0.0/10          # RFC 6598 shared address space (CGN)
2022/05/27 04:23:04| Processing: acl localnet src 169.254.0.0/16         # RFC 3927 link-local (directly plugged) machines
2022/05/27 04:23:04| Processing: acl localnet src 172.16.0.0/12          # RFC 1918 local private network (LAN)
2022/05/27 04:23:04| Processing: acl localnet src fc00::/7               # RFC 4193 local private network range
2022/05/27 04:23:04| Processing: acl localnet src fe80::/10              # RFC 4291 link-local (directly plugged) machines
2022/05/27 04:23:04| Processing: acl SSL_ports port 443
2022/05/27 04:23:04| Processing: acl Safe_ports port 80         # http
2022/05/27 04:23:04| Processing: acl Safe_ports port 21         # ftp
2022/05/27 04:23:04| Processing: acl Safe_ports port 443                # https
2022/05/27 04:23:04| Processing: acl Safe_ports port 70         # gopher
2022/05/27 04:23:04| Processing: acl Safe_ports port 210                # wais
2022/05/27 04:23:04| Processing: acl Safe_ports port 1025-65535 # unregistered ports
2022/05/27 04:23:04| Processing: acl Safe_ports port 280                # http-mgmt
2022/05/27 04:23:04| Processing: acl Safe_ports port 488                # gss-http
2022/05/27 04:23:04| Processing: acl Safe_ports port 591                # filemaker
2022/05/27 04:23:04| Processing: acl Safe_ports port 777                # multiling http
2022/05/27 04:23:04| Processing: acl CONNECT method CONNECT
2022/05/27 04:23:04| Processing: http_access allow localhost manager
2022/05/27 04:23:04| Processing: http_access deny manager
2022/05/27 04:23:04| Processing: http_access allow localnet
2022/05/27 04:23:04| Processing: http_access allow localhost
2022/05/27 04:23:04| Processing: http_access deny all
2022/05/27 04:23:04| Processing: cache_dir diskd /tmp/squid 400 16 226 Q1=64 Q2=72
2022/05/27 04:23:04| Processing: minimum_object_size 0 bytes
2022/05/27 04:23:04| Processing: maximum_object_size 32 MB
2022/05/27 04:23:04| Processing: cache_swap_low 90
2022/05/27 04:23:04| Processing: cache_swap_high 95
2022/05/27 04:23:04| Processing: cache_mem 16 MB
2022/05/27 04:23:04| Processing: maximum_object_size_in_memory 524288 bytes
2022/05/27 04:23:04| Processing: refresh_pattern -i \.(3gp|7z|ace|asx|avi|bin|cab|dat|deb|divx|dvr-ms)      10800 80% 10800
2022/05/27 04:23:04| Processing: refresh_pattern -i \.(rar|jar|gz|tgz|bz2|iso|m1v|m2(v|p)|mo(d|v))          10800 80% 10800
2022/05/27 04:23:04| Processing: refresh_pattern -i \.(jp(e?g|e|2)|gif|pn[pg]|bm?|tiff?|ico|swf|css|js)     10800 80% 10800
2022/05/27 04:23:04| Processing: refresh_pattern -i \.(mp(e?g|a|e|1|2|3|4)|mk(a|v)|ms(i|u|p)|og(x|v|a|g)|rar|rm|r(a|p)m|snd|vob|wav) 10800 80% 10800
2022/05/27 04:23:04| Processing: refresh_pattern -i \.(pp(s|t)|wax|wm(a|v)|wmx|wpl|zip|cb(r|z|t))     10800 80% 10800
2022/05/27 04:23:04| Processing: refresh_pattern ^ftp:          1440    20%    10080
2022/05/27 04:23:04| Processing: refresh_pattern ^gopher:       1440    0%     1440
2022/05/27 04:23:04| Processing: refresh_pattern -i (/cgi-bin/|\?) 0    0%     0
2022/05/27 04:23:04| Processing: refresh_pattern .              0       20%    4320
2022/05/27 04:23:04| Processing: cache_effective_user squid
2022/05/27 04:23:04| Processing: access_log none  # daemon:/tmp/squid_access.log
2022/05/27 04:23:04| Processing: cache_log /dev/null  # /tmp/squid_cache.log
2022/05/27 04:23:04| Initializing https:// proxy context

BESTYALL · May 27, 2022, 7:25am

I sent the 2 with transparent and with intercept

reinerotto · May 27, 2022, 7:33am

4.14 is forgiving config errors, obviously. Because "intercept" is correct only, according to docs.
Again, you are caching http traffic. And not touching https by any means. So, the caching has positive effects, obviously. To check firewall rules, would be next. Both for "trigger explicitly" and "intercept", in case different. Have to leave now, will be back later.

BESTYALL · May 27, 2022, 7:35am

Ok thx for your support ,i back later and put the firewall config