apt-get install g++ libecap3-dev zlib1g-dev pkg-config
./configure && make all install
– will install the library to /usr/local/lib
libecap
0.2.0 thus needs to be patched with patch from issue #8. Download libsquidgzip_1.3.0_i386.deb
.
acl GZIP_HTTP_STATUS http_status 200 ecap_service gzip_service respmod_precache 0 ecap://www.vigos.com/ecap_gzip loadable_modules /usr/lib/squid/ecap_adapter_gzip.so
See also:
ERROR: No forward-proxy ports configured
in /var/log/squid/cache.log
Squid needs at least one port to serve the error page, FTP and gopher icons, and other proxy-proxy communications from:
cachemgr.cgi
API can be accessed via HTTP or HTTPS protocol through this port.cache_peer
as the http-port
option. This gets used for all traffic fetched through that peer, including cache digests, netdb exchanges and background live/dead monitoring probes. Interception port mode now (3.2+) has security checks which cause problems for that traffic. The solution is to have Squid configured with forward-proxy port and transparent-proxy port:
http_port 3128 http_port 3129 intercept
and then (provided that internal network is connected via eth2
interface) forward the traffic to that port:
iptables -t nat -A PREROUTING -i eth2 -p tcp --dport 80 -j REDIRECT --to-port 3129
If eth2
is bridged, then use (see Using the iptables physdev match module):
iptables -t nat -A PREROUTING -p tcp -m physdev --physdev-in eth2 --dport 80 -j REDIRECT --to-port 3129
It is advised to close the interception port for direct access (it is important to perform it before nat
table, as otherwise it will be blocked also for port forwarding):
iptables -t mangle -A PREROUTING -p tcp --dport 3129 -j DROP
Too few redirector processes are running
When more then 50% of redirector helpers have crashed, Squid will shut down.
$ cat /var/log/squid/access.log | perl -p -e 's/^([0-9]*)/"[".localtime($1)."]"/e' | less
"Девица не хочет лезть в Окно" – device not compatible with Windows.