squidの設定見直し

logrotate時の警告メッセージで下記のようなものが出ていたので、 調べてみると、squid 2.7系から3.4以降に変更の際には /etc/squid/squid.conf の修正が必要な様子。

2015/09/13 07:47:16| WARNING: (B) '::/0' is a subnetwork of (A) '::/0'
2015/09/13 07:47:16| WARNING: because of this '::/0' is ignored to keep splay tree searching predictable
2015/09/13 07:47:16| WARNING: You should probably remove '::/0' from the ACL named 'all'
2015/09/13 07:47:16| WARNING: (B) '127.0.0.1' is a subnetwork of (A) '127.0.0.1'
2015/09/13 07:47:16| WARNING: because of this '127.0.0.1' is ignored to keep splay tree searching predictable
2015/09/13 07:47:16| WARNING: You should probably remove '127.0.0.1' from the ACL named 'localhost'
2015/09/13 07:47:16| WARNING: (B) '127.0.0.1' is a subnetwork of (A) '127.0.0.1'
2015/09/13 07:47:16| WARNING: because of this '127.0.0.1' is ignored to keep splay tree searching predictable
2015/09/13 07:47:16| WARNING: You should probably remove '127.0.0.1' from the ACL named 'localhost'
2015/09/13 07:47:16| WARNING: (B) '127.0.0.0/8' is a subnetwork of (A) '127.0.0.0/8'
2015/09/13 07:47:16| WARNING: because of this '127.0.0.0/8' is ignored to keep splay tree searching predictable
2015/09/13 07:47:16| WARNING: You should probably remove '127.0.0.0/8' from the ACL named 'to_localhost'
2015/09/13 07:47:16| WARNING: (B) '0.0.0.0' is a subnetwork of (A) '0.0.0.0'
2015/09/13 07:47:16| WARNING: because of this '0.0.0.0' is ignored to keep splay tree searching predictable
2015/09/13 07:47:16| WARNING: You should probably remove '0.0.0.0' from the ACL named 'to_localhost'
2015/09/13 07:47:16| WARNING: (B) '0.0.0.0' is a subnetwork of (A) '0.0.0.0'
2015/09/13 07:47:16| WARNING: because of this '0.0.0.0' is ignored to keep splay tree searching predictable
2015/09/13 07:47:16| WARNING: You should probably remove '0.0.0.0' from the ACL named 'to_localhost'
2015/09/13 07:47:16| ERROR: Directive 'hierarchy_stoplist' is obsolete.
2015/09/13 07:47:16| ERROR: Directive 'upgrade_http0.9' is obsolete.
2015/09/13 07:47:16| ERROR: Directive 'broken_vary_encoding' is obsolete.
2015/09/13 07:47:16| ERROR: Directive 'extension_methods' is obsolete.

Warningについては、localhost とか all は、ACL を squid.con で定義しなくて良いみたいなので、 コメントアウトする。後半のErrorについても、古い設定項目なので、同様にコメントアウト。

(( /etc/squid/squid.conf ))
  #Recommended minimum configuration:
- acl all src all
+ # acl all src all

  # acl manager proto cache_object # Commented out on upgrade to 3.4
- acl localhost src 127.0.0.1/32
- acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
+ # acl localhost src 127.0.0.1/32
+ # acl to_localhost dst 127.0.0.0/8 0.0.0.0/32

- hierarchy_stoplist cgi-bin ?
+ # hierarchy_stoplist cgi-bin ?

  # Don't upgrade ShoutCast responses to HTTP
- acl shoutcast rep_header X-HTTP09-First-Line ^ICY.[0-9]
- upgrade_http0.9 deny shoutcast
+ # acl shoutcast rep_header X-HTTP09-First-Line ^ICY.[0-9]
+ # upgrade_http0.9 deny shoutcast

  # Apache mod_gzip and mod_deflate known to be broken so don't trust
  # Apache to signal ETag correctly on such responses
- acl apache rep_header Server ^Apache
- broken_vary_encoding allow apache
+ # acl apache rep_header Server ^Apache
+ # broken_vary_encoding allow apache
 
  #  TAG: extension_methods
  #       Squid only knows about standardized HTTP request methods.
  #       You can add up to 20 additional "extension" methods here.
- extension_methods REPORT MERGE MKACTIVITY CHECKOUT
+ # extension_methods REPORT MERGE MKACTIVITY CHECKOUT
 

2017年2月

      1 2 3 4
5 6 7 8 9 10 11
12 13 14 15 16 17 18
19 20 21 22 23 24 25
26 27 28        

ウェブページ

アーカイブ

Webデータ

このブログ記事について

このページは、T-Saitohが2015年9月14日 12:18に書いたブログ記事です。

ひとつ前のブログ記事は「@TohruSaitohのつぶやき(09/13)」です。

次のブログ記事は「定期的にfull-upgrade」です。

最近のコンテンツはインデックスページで見られます。過去に書かれたものはアーカイブのページで見られます。