Firefox & Squid

LCLS-PROD03 Production version of Squid

• We use the rpm installed squid version provided by SCCS on lcls-prod03 
  • Squid Cache: Version 2.5.STABLE14
• /etc/init.d/squid  start/stop
• /etc/init.d/squid -z              -Creates Swap Directory

NOTES:

• profiles are located in the user's directory under .mozilla/firefox
• You can move profiles by tar'ing up the profile and untar'ing
• prefs.js has most of the preferences: and all the NoScript changes
  • /usr/local/admin/firefox/chkPrefs -Can copy our template prefs.js to all profiles
  • See Security check cronjob below
• places.sqlite and places.sqlite-journal are your bookmarks

OpenOffice:

1. If openoffice documents crash when launched
   1. rename the "user" profile in /home/physics/.openoffice.org/3/user
      1. This will force openoffice to create a new profile

SLAC Phone Search:

1. copy /usr/local/admin/firefox/searchplugins/slac-phone.xml to /usr/lib/firefox-3.0.11/searchplugins/
   1. Needs to be done on all servers

Security check cronjob:

• chkPrefs:  Cronjob to monitor the prefs.js file on all users firefox profiles
• Located on mccfs2  /etc/cron.daily (runs as root)
  • /usr/local/admin/firefox/chkPrefs
    • You can also uncomment a line to copy a new prefs.js to all profiles

How to find biggest objects in your cache:

• sort -r -n +4 -5 /var/log/squid/access.log | awk '{print $5, $7}' | head -25

To Speed up firefox:

1. Launch Firefox.
2. Enter 'about:config' in Firefox URL box.
   1. Add an integer
      1. content.notify.backoffcount     5

    

   1. Change pipeline as seen below
      1. 
         

To remove "start a new session" dialog:

1. about:config
   1. browser.sessionstore. resume_from_crash    false
      

Differences in the squid.config files:

< # LCLS- increased cache memory

< cache_mem 64 MB

< # LCLS - increased the amount of diskspace to 200MB

< cache_dir ufs /var/squid/cache 200 16 256

< # LCLS - DNS

< dns_nameservers 134.79.18.45 134.79.151.11 134.79.151.15

< # LCLS - Allow only LCLSCA network

< acl localnet src 172.27.8.0/22

< # LCLS - Setup acl's

< acl GoodSites dstdomain "/etc/squid/squid-noblock.acl"

< acl BadSites  dstdomain "/etc/squid/squid-block.acl"

< acl BadWords  url_regex -i "/etc/squid/squid-BlockWords.acl"

< acl deny_rep_mime_flashvideo rep_mime_type video/flv

<

< #LCLS: Allow localnet - which is defined in acl's as 172.27.8.0/22

< http_access deny BadWords

< http_access deny  BadSites

< http_access allow localnet

< http_access allow GoodSites

< #

< #LCLS-uncommented

< http_access deny to_localhost

---

> #http_access deny to_localhost

<

< # LCLS - deny MIME type (Flash video)

< http_reply_access deny deny_rep_mime_flashvideo

< # LCLS - Send Mail to sysadmins

< cache_mgr controls-system-admins

< # LCLS - user squid

< cache_effective_user squid

< # LCLS - define name

< visible_hostname LCLS-Proxy

< # LCLS - Domain

< append_domain .slac.stanford.edu

< #LCLS - private error pages

< error_directory /usr/share/squid/errors/lcls

Enabling the proxy web server in Firefox

• bring up firefox -> Edit -> Preferences
  • Click on Advanced tab
    • Click on Network -> Settings

Turn off the confirmation of certificates:

• Click on Encryption tab -> Validation
  • Uncheck the "Use the Online Certificate Status ......"

Install NoScript add-on to Firefox

• Downloaded noscript-1.9.5-fx+sm+fn.xpi
  • file is in /usr/local/admin/firefox/NoScript
• Install NoScript
  • Bring up Firefox and type: file://usr/local/admin/firefox/NoScript/noscript-1.9.5-fx+sm+fn.xpi
    • This will start the installation process
• Configuration
  • There will be a "S" on the bottom right-hand corner of Firefox:  
    • Left click and select "Options"

These web sites are all subject to change:

Took the defaults: