ホーム » コンピュータ » Linux » Debian » squidの設定見直し

システム

最近の投稿

アーカイブ

カテゴリー

squidの設定見直し

logrotate時の警告メッセージで下記のようなものが出ていたので、 調べてみると、squid 2.7系から3.4以降に変更の際には /etc/squid/squid.conf の修正が必要な様子。

2015/09/13 07:47:16| WARNING: (B) '::/0' is a subnetwork of (A) '::/0'
2015/09/13 07:47:16| WARNING: because of this '::/0' is ignored to keep splay tree searching predictable
2015/09/13 07:47:16| WARNING: You should probably remove '::/0' from the ACL named 'all'
2015/09/13 07:47:16| WARNING: (B) '127.0.0.1' is a subnetwork of (A) '127.0.0.1'
2015/09/13 07:47:16| WARNING: because of this '127.0.0.1' is ignored to keep splay tree searching predictable
2015/09/13 07:47:16| WARNING: You should probably remove '127.0.0.1' from the ACL named 'localhost'
2015/09/13 07:47:16| WARNING: (B) '127.0.0.1' is a subnetwork of (A) '127.0.0.1'
2015/09/13 07:47:16| WARNING: because of this '127.0.0.1' is ignored to keep splay tree searching predictable
2015/09/13 07:47:16| WARNING: You should probably remove '127.0.0.1' from the ACL named 'localhost'
2015/09/13 07:47:16| WARNING: (B) '127.0.0.0/8' is a subnetwork of (A) '127.0.0.0/8'
2015/09/13 07:47:16| WARNING: because of this '127.0.0.0/8' is ignored to keep splay tree searching predictable
2015/09/13 07:47:16| WARNING: You should probably remove '127.0.0.0/8' from the ACL named 'to_localhost'
2015/09/13 07:47:16| WARNING: (B) '0.0.0.0' is a subnetwork of (A) '0.0.0.0'
2015/09/13 07:47:16| WARNING: because of this '0.0.0.0' is ignored to keep splay tree searching predictable
2015/09/13 07:47:16| WARNING: You should probably remove '0.0.0.0' from the ACL named 'to_localhost'
2015/09/13 07:47:16| WARNING: (B) '0.0.0.0' is a subnetwork of (A) '0.0.0.0'
2015/09/13 07:47:16| WARNING: because of this '0.0.0.0' is ignored to keep splay tree searching predictable
2015/09/13 07:47:16| WARNING: You should probably remove '0.0.0.0' from the ACL named 'to_localhost'
2015/09/13 07:47:16| ERROR: Directive 'hierarchy_stoplist' is obsolete.
2015/09/13 07:47:16| ERROR: Directive 'upgrade_http0.9' is obsolete.
2015/09/13 07:47:16| ERROR: Directive 'broken_vary_encoding' is obsolete.
2015/09/13 07:47:16| ERROR: Directive 'extension_methods' is obsolete.

Warningについては、localhost とか all は、ACL を squid.con で定義しなくて良いみたいなので、 コメントアウトする。後半のErrorについても、古い設定項目なので、同様にコメントアウト。

(( /etc/squid/squid.conf ))
#Recommended minimum configuration:
- acl all src all
+ # acl all src all
# acl manager proto cache_object # Commented out on upgrade to 3.4
- acl localhost src 127.0.0.1/32
- acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
+ # acl localhost src 127.0.0.1/32
+ # acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
- hierarchy_stoplist cgi-bin ?
+ # hierarchy_stoplist cgi-bin ?
# Don't upgrade ShoutCast responses to HTTP
- acl shoutcast rep_header X-HTTP09-First-Line ^ICY.[0-9]
- upgrade_http0.9 deny shoutcast
+ # acl shoutcast rep_header X-HTTP09-First-Line ^ICY.[0-9]
+ # upgrade_http0.9 deny shoutcast
# Apache mod_gzip and mod_deflate known to be broken so don't trust
# Apache to signal ETag correctly on such responses
- acl apache rep_header Server ^Apache
- broken_vary_encoding allow apache
+ # acl apache rep_header Server ^Apache
+ # broken_vary_encoding allow apache
#  TAG: extension_methods
#       Squid only knows about standardized HTTP request methods.
#       You can add up to 20 additional "extension" methods here.
- extension_methods REPORT MERGE MKACTIVITY CHECKOUT
+ # extension_methods REPORT MERGE MKACTIVITY CHECKOUT

Google 検索

My Google   Yahoo

Microsoft

ファンサイト