[squid-users] Squid 2.5S4 crashing with no matter what redirector running
Dear listmember, I have a squid 2.5S4 running on Solaris 8 box (latest patch). Everything is worked fine. I need a url-based redirector. So I tried several like: squidGuard (yes I know its not primary a redirector, but it does a good job) and urlredir. The setup worked for all of them. But after a while squid is crashing. At the crash there are no special circumstances I noticed yet like cpu/ram exhaustion, load spikes... Here are the cache.log part of one crash: 2004/05/03 08:15:59| WARNING: All redirector processes are busy. 2004/05/03 08:15:59| WARNING: 5 pending requests queued 2004/05/03 08:15:59| storeDirWriteCleanLogs: Starting... 2004/05/03 08:15:59| WARNING: Closing open FD7 2004/05/03 08:15:59| 65536 entries written so far. 2004/05/03 08:15:59|131072 entries written so far. 2004/05/03 08:16:00|196608 entries written so far. 2004/05/03 08:16:00| Finished. Wrote 251018 entries. 2004/05/03 08:16:00| Took 1.2 seconds (201234.9 entries/sec). FATAL: Too many queued redirector requests Squid Cache (Version 2.5.STABLE4): Terminated abnormally. CPU Usage: 404714.640 seconds = 383892.340 user + 20822.300 sys Maximum Resident Size: 0 KB Page faults with physical i/o: 1119425 2004/05/03 08:16:23| Starting Squid Cache version 2.5.STABLE4 for sparc-sun-solaris2. 8... And then squids starts up gain. Notice the 5 queued requests. For urlredir I can only have one redirector, for squidGuard I can have as many as I want to. I had alot of redirectors using squidGuard, but squid kept crashing. Is there anything Iam missing here? Why squid chrashes while queueing requests? Thanks alot for any advise! Rg. -- NEU : GMX Internet.FreeDSL Ab sofort DSL-Tarif ohne Grundgebühr: http://www.gmx.net/dsl
[squid-users] Squid Question
Hi all, as a Squid-Newbie, I have a problem with a Website not correctly displayed by Squid. I am using Squid2.5 Stable4 on a SuSE Linux 9.0 Professional. While displaying the Website www.exxonmobil.com/pdssearch/search.asp, I recieve an error in my Internet-Explorer. When I try to search some content on this site, no results are displayed, but the Site, where I began my search is displayed again. Is there any possibility to get this site, which is trusted, around the squid to be displayed directly ? Could anyone out there help with this problem? Thanks Best regards [EMAIL PROTECTED] -- Mit freundlichem Gruß Christian Bunk DV - Kontor Königsfeld Christian Bunk Burgstraße 31 35444 Biebertal Tel: 06409 / 80180 Fax: 06409 / 80133 http://www.dvkontor.de [EMAIL PROTECTED]
RE: [squid-users] Squid Question
Hi all, as a Squid-Newbie, I have a problem with a Website not correctly displayed by Squid. I am using Squid2.5 Stable4 on a SuSE Linux 9.0 Professional. While displaying the Website www.exxonmobil.com/pdssearch/search.asp, I recieve an error in my Internet-Explorer. What is the error in your internet explorer ? M. When I try to search some content on this site, no results are displayed, but the Site, where I began my search is displayed again. Is there any possibility to get this site, which is trusted, around the squid to be displayed directly ? Could anyone out there help with this problem? Thanks Best regards [EMAIL PROTECTED] -- Mit freundlichem Gruß Christian Bunk DV - Kontor Königsfeld Christian Bunk Burgstraße 31 35444 Biebertal Tel: 06409 / 80180 Fax: 06409 / 80133 http://www.dvkontor.de [EMAIL PROTECTED]
RE: [squid-users] Squid Question
Dear Marc, my Internet-Explorer displays an error like, Line 776, Error: Objekt erwartet. C. -Ursprüngliche Nachricht- Von: Elsen Marc [EMAIL PROTECTED] Gesendet: Monday, 03. May 2004 10:19 An: Christian Bunk [EMAIL PROTECTED], [EMAIL PROTECTED] Betreff: RE: [squid-users] Squid Question Hi all, as a Squid-Newbie, I have a problem with a Website not correctly displayed by Squid. I am using Squid2.5 Stable4 on a SuSE Linux 9.0 Professional. While displaying the Website www.exxonmobil.com/pdssearch/search.asp, I recieve an error in my Internet-Explorer. What is the error in your internet explorer ? M. When I try to search some content on this site, no results are displayed, but the Site, where I began my search is displayed again. Is there any possibility to get this site, which is trusted, around the squid to be displayed directly ? Could anyone out there help with this problem? Thanks Best regards [EMAIL PROTECTED] -- Mit freundlichem Gruß Christian Bunk DV - Kontor Königsfeld Christian Bunk Burgstraße 31 35444 Biebertal Tel: 06409 / 80180 Fax: 06409 / 80133 http://www.dvkontor.de [EMAIL PROTECTED] -- Mit freundlichem Gruß Christian Bunk DV - Kontor Königsfeld Christian Bunk Burgstraße 31 35444 Biebertal Tel: 06409 / 80180 Fax: 06409 / 80133 http://www.dvkontor.de [EMAIL PROTECTED]
Re: [squid-users] Squid SSL reverse help need
Please describe in more detail what you want to do - Protocol uses on each side of the proxy - If authentication is to the proxy, or to your backend web server Regards Henrik On Mon, 3 May 2004, [iso-8859-2] Hegedüs Ervin wrote: hello all, i would like to build an SSL reverse proxy, with Squid. is possible to find some example, how to do that? (i did it for native HTTP, but HTTPS doesn't work. at this time i can't login to host, and can't send any info... sorry) thank you, and sorry for the question. a.
Re: [squid-users] NTLMAuth: We want to be prompted for a password but are not.
On Mon, 3 May 2004, BenM wrote: I have NTLM setup with Samba3 + Squid 2.5Stable5 . Is there a simple way I can make NTLM prompt ? Instead of doing it seamlessly ? Yes. The simplest way is by using Basic instead of NTLM. NTLM should prompt if the user is not member of a domain trusted by the server, but I think this depends a little on the security profile of the client station.. Regards Henrik
[squid-users] squid BUG?
Greetings, I've checked this with a couple of different stock 2.5s5 the following URL under squid returns a truncated html response: http://www.elunatic.host.sk/toolbar.html hints welcomed -- Alexandros C. Couloumbis Network Operations Center Technical Chamber of Greece
RE: [squid-users] squid BUG?
Greetings, I've checked this with a couple of different stock 2.5s5 What do you mean by 'different stock 2.5s5'. There's only one way of life,euh... Sorry there is only ONE 2.5S5. the following URL under squid returns a truncated html response: http://www.elunatic.host.sk/toolbar.html What do you understand or define under 'truncated html' ? Thx for all explanations. M.
[squid-users] Squid Authentication
Hi, I am using squid authentication (i.e having username and password) , is it possible to bypass authentication on some machines without bypassing the proxy server Thanks in advance __ Do you Yahoo!? Win a $20,000 Career Makeover at Yahoo! HotJobs http://hotjobs.sweepstakes.yahoo.com/careermakeover
Re: [squid-users] squid BUG?
Elsen Marc wrote: Greetings, I've checked this with a couple of different stock 2.5s5 What do you mean by 'different stock 2.5s5'. There's only one way of life,euh... Sorry there is only ONE 2.5S5. on different sites, ie: eexi.gr, ntua.gr, tee.gr with a stock squid 2.5s5 (it can only be one :) the following URL under squid returns a truncated html response: http://www.elunatic.host.sk/toolbar.html What do you understand or define under 'truncated html' ? broken, doesn't display the page the way it's displayed without squid (proxy) Thx for all explanations. M. best, --alex
Re: [squid-users] squid BUG?
For me the html page is truncated even without using squid, but at a different location. Using wget. /Andreas - Original Message - From: Alexandros C. Couloumbis [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, May 03, 2004 1:18 PM Subject: [squid-users] squid BUG? Greetings, I've checked this with a couple of different stock 2.5s5 the following URL under squid returns a truncated html response: http://www.elunatic.host.sk/toolbar.html hints welcomed -- Alexandros C. Couloumbis Network Operations Center Technical Chamber of Greece
Re: [squid-users] Squid Authentication
Yes. Specify your machines in an acl and do a http_access allow before the authentication. /Andreas - Original Message - From: s s [EMAIL PROTECTED] I am using squid authentication (i.e having username and password) , is it possible to bypass authentication on some machines without bypassing the proxy server
Re: [squid-users] Squid Authentication
hello, I am using squid authentication (i.e having username and password) , is it possible to bypass authentication on some machines without bypassing the proxy server it depends on what is your auth scheme. i.e. SMB_AUTH, NTLM, MSNT, or mysql_auth can. (and many other) NCSA or any local-password-based auth scheme can't. did you think about his? a.
RE: [squid-users] squid BUG?
broken, doesn't display the page the way it's displayed without squid (proxy) ... I tend to believe there's a problem or bug with the Java script being used. IE repors for me : loaded with errors. Mozilla does seem to load incomplete indeed, but the IE error is indicative. As someone else just responded, probably not SQUID related. M.
RE: [squid-users] Squid Authentication
sure there is. look at the acl directives where you can specifically allow some machines. There are other acls as well like srcdomain, srcdom_regex etc For eg acl my_allowed_networks src 192.168.0.0/24 acl my_auth_networks src 10.0.0.0/24 acl user_passwords proxy_auth REQUIRED http_access allow my_allowed_networks http_access allow user_passwords my_auth_networks something like that -Original Message- From: s s [mailto:[EMAIL PROTECTED] Sent: 03 May 2004 12:25 To: [EMAIL PROTECTED] Subject: [squid-users] Squid Authentication Hi, I am using squid authentication (i.e having username and password) , is it possible to bypass authentication on some machines without bypassing the proxy server Thanks in advance __ Do you Yahoo!? Win a $20,000 Career Makeover at Yahoo! HotJobs http://hotjobs.sweepstakes.yahoo.com/careermakeover
RE: [squid-users] Squid Authentication
Thanks , i will try this By the way i am using ldap authentication --- Prash [EMAIL PROTECTED] wrote: sure there is. look at the acl directives where you can specifically allow some machines. There are other acls as well like srcdomain, srcdom_regex etc For eg acl my_allowed_networks src 192.168.0.0/24 acl my_auth_networks src 10.0.0.0/24 acl user_passwords proxy_auth REQUIRED http_access allow my_allowed_networks http_access allow user_passwords my_auth_networks something like that -Original Message- From: s s [mailto:[EMAIL PROTECTED] Sent: 03 May 2004 12:25 To: [EMAIL PROTECTED] Subject: [squid-users] Squid Authentication Hi, I am using squid authentication (i.e having username and password) , is it possible to bypass authentication on some machines without bypassing the proxy server Thanks in advance __ Do you Yahoo!? Win a $20,000 Career Makeover at Yahoo! HotJobs http://hotjobs.sweepstakes.yahoo.com/careermakeover __ Do you Yahoo!? Win a $20,000 Career Makeover at Yahoo! HotJobs http://hotjobs.sweepstakes.yahoo.com/careermakeover
Re: [squid-users] squid BUG?
Andreas Pettersson wrote: For me the html page is truncated even without using squid, but at a different location. Using wget. /Andreas Lynx Version 2.8.4rel.1 (17 Jul 2001) libwww-FM 2.14, SSL-MM 1.4.1, OpenSSL 0.9.7d Built on linux-gnu Mar 21 2004 04:03:05 lynx --source http://www.elunatic.host.sk/toolbar.html gets the whole page for me with no squid and gets a truncated one when using squid mozilla 1.6 also gets the full html without squid while the page gets truncated when using squid hints welcomed --alex
[squid-users] Filter ACLs with IPs
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I have working fine with the version of Squid.2.4-STABLE7-4 and I have the following problem: At the moment we filter the accesses to internet with ACLs, in the following way: group.newspapers-- where the users that have access full place sites.newspapers-- where we place the sites where the users of the group.newspapers can enter. they have requested me that them of access to a place web that doesn't have name (ej: www.anysite.com) but an address IP. As I place that address IP in the text file (sites.newspapers)? It should be this way: www.trumpet.com 123.123.123.123 etc... Thank you pd: sorry my english [ Lucas Beber ] Seguridad Informática Nuevo Banco de Entre Rios S.A. [EMAIL PROTECTED] Tel.: 0343-4201432 Fax : 0343-4201329 -BEGIN PGP SIGNATURE- Version: PGPfreeware 6.0.2i iQA/AwUBQJY6tDO7/bRht+vuEQJ08ACgnKwWFnRtAwz8tsUUnLIoQYIIALkAoOUb RChnZVbrGYFGU2WD5r6iKtNz =hf3e -END PGP SIGNATURE-
Re: [squid-users] Authentication to Active Directory
In my opinion I don't need the NTLM stuff when I use the AD system Is this correct ? No. When a client does not recognize Kerberos (Win 9X, NT) it falls back to NTLM (My area of knowledge is MS, not Linux) I think Squid will act like a MS client that dos not support Kerberos
[squid-users] Antwort: Re: [squid-users] squid BUG?
Are you sure this is a squid problem ? I had the same effect with IE and squid, but it turned out that squid used an Interscan Viruswall as parents proxy and it was a configuration isssue on the viruswall, not squid. (The viruswall has a trickle option that sends some Bytes to the client while it scans the page. As soon as IE had received a large enough part of HTML code it rendered the page and closed the connection. Apparently this is a feature in IE enabling it to render incorrect HTML ...) Alexandros C. Couloumbis An: Andreas Pettersson [EMAIL PROTECTED] [EMAIL PROTECTED]Kopie: [EMAIL PROTECTED] Thema: Re: [squid-users] squid BUG? 03.05.2004 14:04 Andreas Pettersson wrote: For me the html page is truncated even without using squid, but at a different location. Using wget. /Andreas Lynx Version 2.8.4rel.1 (17 Jul 2001) libwww-FM 2.14, SSL-MM 1.4.1, OpenSSL 0.9.7d Built on linux-gnu Mar 21 2004 04:03:05 lynx --source http://www.elunatic.host.sk/toolbar.html gets the whole page for me with no squid and gets a truncated one when using squid mozilla 1.6 also gets the full html without squid while the page gets truncated when using squid hints welcomed --alex Disclaimer Diese E-Mail kann vertrauliche und/oder rechtlich geschützte Informationen enthalten. Wenn Sie nicht der beabsichtigte Empfänger sind oder diese E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den Absender tele- fonisch oder per E-Mail und löschen Sie diese E-Mail aus Ihrem System. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser Mail ist nicht gestattet. Wir haften nicht für die Unversehrtheit von E-Mails, nachdem sie unseren Einflussbereich verlassen haben. This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately by call or e-mail and destroy this e-mail. Any unauthorised copying, disclosure or distribution of the material in this e-mail is strictly forbidden. We are not responsible for the integrity of e-mails after they have left our sphere of control.
[squid-users] different delay pools for direct and parent
Hello everybody, due to our setup I have a problem using delay pools to equalize bandwith usage. All our clients connect to a debian-box running squid 2.4.6, which is basically running as a child proxy (if this is the right term) with DIRECT fallback. All requests (even when noncacheables) are forwarded through a firewall to a default parent, which is connected to a cheap ADSL line. If the ADSL line or the parent is down, the child is allowed to fetch the request directly using a second line. This line is not fast enough to handle all the traffic from the proxy and some bandwith must be reserved for other purposes (web, vpn). Using delay pools and no-delay with the parent, this situation is under control. When the parent goes down, the delay pools prevent an overload nicely. When the parent is up again, back to unlimited. But now I have a second problem. Some users are overloading the big ADSL-Line as well with huge downloads. Denying big files would be easy, but out of the question. I need to scale the bandwith which every user gets depending on a direct or parent fetch. After two weeks of reading through the docs and the mailing-lists I doubt if this is possible. IMHO the best solution would be to use different delay pools for parent and direct connects. This would require an acl which matches only if the request is fetched from a parent. AFAIK there is no such acl. I could use delay pools on the parent, but only with an acl which matches the reply-body-size to sort them in two class 1 - pools. AFAIK there is no such acl. A patch which turns the no-delay in to a scaling factor would be great. I even took a look in the source-code, but without usable results. I thought about switching to 2.5.5 to use an external acl with a helper which checks if the parent is reachable, but this doesn't look like a good solution. Any help would be highly appreciated. Best regards Hendrik
[squid-users] DNS problems?
I'm seeing 'fqdncacheParse: No PTR record' in cache.log quite frequently. The DNS section of cachemgr has the following and the squid process has just died. We've been seeing slowdowns and I wonder if this is all related. I saw a couple of things in the archives about the PTR record thing indicating bad DNS config but I see nothing about what the long list below means. Squid Cache: Version 2.5.STABLE5 configure options: --prefix=/usr --exec-prefix=/usr --sysconfdir=/etc/squid --libexecdir=/usr/libexec/squid --sharedstatedir=/var/squid/com --localstatedir=/var/squid --libdir=/usr/lib/squid --enable-gnuregex --enable-storeio=ufs,aufs,diskd --with-pthreads --enable-removal-policies=lru,heap --enable-icmp --enable-delay-pools --enable-useragent-log --enable-referer-log --enable-xmalloc-statistics --enable-kill-parent-hack --enable-snmp --enable-cachemgr-hostname=squid.lpsd.local --enable-htcp --enable-ssl --enable-cache-digests --enable-linux-netfilter --enable-auth=basic,ntlm --enable-basic-auth-helpers=getpwnam,LDAP,MSNT,NCSA,PAM,SMB,winbind --enable-ntlm-auth-helpers=fakeauth,no_check,SMB,winbind --enable-ntlm-fail-open --enable-x-accelerator-vary --enable-carp This is my first attempt at compiling squid from source. Have I missed something? What part of squid.conf might you need? We're running as a transparent proxy with 67 squidGuard redirectors ( at the suggestion of squid itself in cache.log). Internal DNS Statistics: The Queue: DELAY SINCE ID SIZE SENDS FIRST SEND LAST SEND -- - -- - 0x0161 45 2 17.304 0.514 0x0160 45 2 17.304 0.514 0x0140 44 5 18.537 0.514 0x013f 44 5 18.537 0.514 0x0134 44 4 19.091 0.514 0x012e 45 5 19.136 0.514 0x012d 45 5 19.136 0.514 0x0115 44 5 19.924 0.514 0x0114 44 5 19.924 0.514 0x00be 45 2 20.468 0.514 0x00bd 45 2 20.468 0.514 0x00a6 45 2 20.536 0.514 0x00a5 45 2 20.536 0.514 0x008d 45 5 20.963 0.514 0x008c 45 5 20.963 0.514 0x008b 45 5 21.082 0.514 0x008a 45 5 21.082 0.514 0x0089 44 4 21.089 0.514 0x0088 46 7 21.089 0.514 0x0087 46 7 21.089 0.514 0x0086 45 8 21.089 0.514 0x0085 45 8 21.089 0.514 0x005a 45 4 23.090 0.514 0x0059 45 4 23.090 0.514 0xfe26 46 8 34.088 0.514 0xfe25 46 8 34.088 0.514 0xfe24 45 8 34.088 0.514 0xfe23 45 8 34.088 0.514 0xfcc8 45 8 41.828 0.514 0xfc1b 45 8 43.825 0.514 0x02a5 46 2 0.514 0.514 0x02a4 46 2 0.514 0.514 0x02a3 44 2 0.514 0.514 0x02a2 44 2 0.514 0.514 0x02a1 45 5 0.514 0.514 0x02a0 45 5 0.514 0.514 0x029d 45 6 0.545 0.545 0x029c 45 6 0.545 0.545 0x029b 45 2 0.545 0.545 0x029a 45 2 0.545 0.545 0x0299 43 2 0.545 0.545 0x0298 43 2 0.545 0.545 0x0295 46 2 10.09410.094 0x0294 46 2 10.09410.094 0x0293 46 2 10.09410.094 0x0292 46 2 10.09410.094 0x0290 44 1 10.27310.273 0x028f 44 1 10.27310.273 0x0283 44 1 10.80010.800 0x0282 44 1 10.80010.800 0x0281 45 4 10.91110.911 0x0280 45 4 10.91110.911 0x0272 45 4 11.50811.508 0x026e 45 4 11.68111.681 0x026c 43 1 11.71511.715 0x025e 43 1 12.06112.061 0x0238 44 1 13.18613.186 0x01fa 46 1 14.67814.678 0x01f9 46 1 14.67814.678 0x01f2 44 1 14.71414.714 0x01f1 44 1 14.71414.714 0x01e4 45 1 14.75914.759 0x01e3 45 1 14.75914.759 0x01d8 45 1 14.81814.818 0x01d7 45 1 14.81814.818 0x01d2 46 1 14.85914.859 0x01d1 46 1 14.85914.859 0x0172 44 4 16.54616.546 0x0171 44 4 16.54616.546 0x0169 43 1 16.83116.831 0x0168 43 1 16.83116.831 0xff7a 45 7 27.08716.930 0xff79 45 7 27.09116.930 0xff78 45 7 27.09116.930 0xff77 45 7 27.09116.930 0xff76 45 7 27.09116.930 0xff75 45 7 27.09116.930 0xff72 45 7 27.09116.930 0xff71 45 7 27.09116.930 Nameservers: IP ADDRESS # QUERIES # REPLIES --- - - 10.189.16.101 148165147570 10.189.16.1025656 5220 172.16.1.9 3040 2899 Rcode Matrix: RCODE ATTEMPT1 ATTEMPT2 ATTEMPT3 0 2949047 133 167 1000 2510445053450155
Re: [squid-users] Squid SSL reverse help need
On Mon, 3 May 2004, [iso-8859-2] Hegedüs Ervin wrote: here is an ascii art picture: client --- HTTPS --- [Squid outside - SQUID - Squid inside] --- HTTPS --- OWA/WEBDAV/anything servers where Squid outside is exactly one IP address, and the key is just for this hostname. user wants to use with IE, and doesn't want to all time accept the ssl-warning... Ok. This is a clear description. For this you need Squid-3 or Squid-2.5 + ssl update. Squid-2.5.STABLE as distributed can not initiate SSL connections to the backend systems as this functionality became available after 2.5.STABLE was released. You also need a redirector helper to clean up the accelerated URLs and map them accordingly. However, be warned that there is a ugly can of worms when mapping servers in this manner. OWA is notoriously picky in how it is called and the URL sent to OWA must exacly match what the user typed in his browser, including hostname. commercial plug If you want to avoid most of the pain in how to properly build and configure this kind of solution I would recommend looking into the eMARA product from MARA Systems AB [EMAIL PROTECTED]. This product is the origin of the SSL update and reworked accelerator functions of Squid-3 among many other things. /commercial plug Regards Henrik
Re: [squid-users] NTLM Auth without SAMBA
On Mon, 3 May 2004, Flavio Borup wrote: I'm not sure. In this customer (using NTLM with fakeauth): 1) When the browser is not configured to use a proxy, an error occur and You can not use authentication unless browser configured to use proxy. 2) When the login credentials are presented, even a correct root password does not work Do you get a two fields login+password, or three fields login+password+domain? If only two then NTLM is not used and your browser is doing a Basic HTTP authentication login. Regards Henrik
[squid-users] another problem
I have also noticed that my logs are filling with dozens of WARNING: Disk space over limit: 25195360 KB 24576000 KB messages. I noticed a thread about this in April but it didn't seem to have any conclusion other than that this shouldn't really happen. Squid Cache: Version 2.5.STABLE5 configure options: --prefix=/usr --exec-prefix=/usr --sysconfdir=/etc/squid --libexecdir=/usr/libexec/squid --sharedstatedir=/var/squid/com --localstatedir=/var/squid --libdir=/usr/lib/squid --enable-gnuregex --enable-storeio=ufs,aufs,diskd --with-pthreads --enable-removal-policies=lru,heap --enable-icmp --enable-delay-pools --enable-useragent-log --enable-referer-log --enable-xmalloc-statistics --enable-kill-parent-hack --enable-snmp --enable-cachemgr-hostname=squid.lpsd.local --enable-htcp --enable-ssl --enable-cache-digests --enable-linux-netfilter --enable-auth=basic,ntlm --enable-basic-auth-helpers=getpwnam,LDAP,MSNT,NCSA,PAM,SMB,winbind --enable-ntlm-auth-helpers=fakeauth,no_check,SMB,winbind --enable-ntlm-fail-open --enable-x-accelerator-vary --enable-carp When I rebuilt recently with this version of squid we changed from a single large cache_dir on a raid disk to discrete cache_dirs on multiple scsi disks. cache_dir diskd /mnt/cache1 12000 16 256 cache_dir diskd /mnt/cache2 12000 16 256 Thanks for the help. -- Mike Rambo [EMAIL PROTECTED]
Re: [squid-users] squid BUG?
On Mon, 3 May 2004, Alexandros C. Couloumbis wrote: Greetings, I've checked this with a couple of different stock 2.5s5 the following URL under squid returns a truncated html response: http://www.elunatic.host.sk/toolbar.html Broken server. The server lies about the size of the reply. It says the reply body is 2490 octets but then sends 3114 octets. Squid (correctly) thinks the reply is complete after reading 2490 octets. Regards Henrik
Re: [squid-users] Filter ACLs with IPs
On Mon, 3 May 2004, Lucas Beber wrote: they have requested me that them of access to a place web that doesn't have name (ej: www.anysite.com) but an address IP. As I place that address IP in the text file (sites.newspapers)? What kind of ACL is used in squid.conf? Generally it is best to split domains and IP addresses as Squid operates differently on the two (there is one acl type each). Regards Henrik
Re: [squid-users] Authentication to Active Directory
On Mon, 3 May 2004, Flavio Borup wrote: In my opinion I don't need the NTLM stuff when I use the AD system Is this correct ? It depends. If you want automatic login to the proxy then you need NTLM. No. When a client does not recognize Kerberos (Win 9X, NT) it falls back to NTLM And in addition Squid does not yet implement the SPNEGO over HTTP scheme, and Samba has some minor issues left to prune out before this is a reality to AD (for Squid). In squid you have the choices of NTLM, Basic or Digest authentication. NTLM and Basic can be connected to AD. Regards Henrik
[squid-users] problems with req_mime_type and never_direct
Hello, I would like have certain mimetypes scanned for viruses at another proxy (apache with mod_clamav). My config is like below: # apache + mod_clamav cache_peer 127.0.0.1 parent 80 0 default no-query # i would like to have all mime types # starting with application* (application/octet-stream, # application/x-zip-compressed etc) going through default parent acl scanned_req_mime_type req_mime_type ^application/* never_direct allow scanned_req_mime_type Unfortunately this does not work, I tried lots of different configurations with no success - everything seems to ge direct. Can anyone help me? -- T. -- Jeszcze lepsza oferta AlphaNet - nowe serwery wirtualne - nowy sklep internetowy - nowy wirtualny administrator Sprawdz www.alpha.pl
Re: [squid-users] DNS problems?
On 3 May 2004, Mike Rambo wrote: I'm seeing 'fqdncacheParse: No PTR record' in cache.log quite frequently. Most likely harmless. These indicates Squid tried to resolve the DNS name of an IP address but none was found. Now there is three cases where Suqid does this a) log_fqdn on b) srcdomain acl types. c) dstdomain acl type if user requested an IP address such as http://1.2.3.4/ The DNS section of cachemgr has the following and the squid process has just died. We've been seeing slowdowns and I wonder if this is all related. The slowdown may be indirectly related in the way that these type of DNS errors may be seen if you have clients infected by worms/viruses sending a lot of random requests by IP address. Check your access.log if you have very many TCP_MISS/000 or TCP_MISS/5xx requests for urls using IP addresses. If you do you know what the problem is. Regards Henrik
[squid-users] proxy_auth
I do have proxy auth working to access any page with the following: acl AuthorizedUsers proxy_auth REQUIRED http_access allow all AuthorizedUsers But when I comment that out http_access allow all AuthorizedUsers to allow out a particular user to access one site only I only get DENIED for the site listed in acl.dstdomain and all other domains. Below is the acl settings to allow only one user to one particular site. acl acl.dstdomain dstdomain /etc/squid/acl/acl.dstdomain acl acl.users proxy_auth/etc/squid/acl/acl.users http_access allow acl.dstdomain http_access allow acl.users http_access deny acl.users Jim
RE: [squid-users] VirusWall and Squid ACL
Norman, I have installed Interscan Viruswall and Squid on the same box. It worked perfectly though in Trial version, automatic virus pattern update cannot work. My squid is running on 3128 port, and my Interscan is running on 80 port. Just redirect squid request to Interscan using cache_peer 127.0.0.1 parent 80 7 default no-query. Make sure httpd is not running on port 80. Degradation in performance exists, but I think it is still acceptable. I am considering for trying another TrendMicro product IWSS, which use ICAP for communication with Squid. But this has to be installed on another box. Regards, herman -Original Message- From: Norman Zhang [mailto:[EMAIL PROTECTED] Sent: Tuesday, May 04, 2004 9:11 AM To: [EMAIL PROTECTED] Subject: [squid-users] VirusWall and Squid ACL Hi, TrendMicro recommends that I need to setup 2 Squid Proxies with VirusWall in order for it to work with Squid's ACL mechanism (http://kb.trendmicro.com/solutions/solutionDetail.asp?solutionID=8496). Client --- Proxy#1 (Squid) --- InterScan VirusWall --- Proxy#2 --- Internet But searching the archives, it looks like users are able to use VirusWall with just 1 Squid Proxy Server on the same box. May I ask what's which setup should I go for? I'm using squid-2.5.STABLE2-2mdk and Interscan VirusWall 3.81. Regards, Norman
Re: [squid-users] proxy_auth
On Mon, 3 May 2004 Jim_Brouse/[EMAIL PROTECTED] wrote: I do have proxy auth working to access any page with the following: acl AuthorizedUsers proxy_auth REQUIRED http_access allow all AuthorizedUsers Below is the acl settings to allow only one user to one particular site. acl acl.dstdomain dstdomain /etc/squid/acl/acl.dstdomain acl acl.users proxy_auth/etc/squid/acl/acl.users http_access allow acl.dstdomain http_access allow acl.users http_access deny acl.users I think you want http_access allow acl.dstdomain acl.users http_access deny acl.users See the Squid FAQ chapter 10 for details if unsure what the difference is. In addition you need quotes around the filenames.. if not Squid reads what you have wrote literally (i.e. the filename instead of the contents of the file). Regards Henrik
Re: [squid-users] problems with req_mime_type and never_direct
On Mon, 3 May 2004 [EMAIL PROTECTED] wrote: Hello, I would like have certain mimetypes scanned for viruses at another proxy (apache with mod_clamav). Ok. My config is like below: # apache + mod_clamav cache_peer 127.0.0.1 parent 80 0 default no-query # i would like to have all mime types # starting with application* (application/octet-stream, # application/x-zip-compressed etc) going through default parent acl scanned_req_mime_type req_mime_type ^application/* never_direct allow scanned_req_mime_type What do you refer to by mime types here? a) Mime type of the request send by the client to the web server. I.e. content of a new file to be published on the web server via the PUT WebDAV method (not form based file upload). b) Mime type of the response sent by the web server in response to the request. I.e. when the browser fetches an object from the web server. If the first then what you have done should work. This is however a very rare operation so I doubt this is what you is looking for. If the second then it can not work as the response mime type is only known when receiving the response, and to receive the response one must first forward the request.. Regards Henrik
[squid-users] HELP - WARNING: Disk space over limit
Hi everyone, Software: Squid Cache version 2.5.STABLE3 for i686-pc-linux-gnu, RedHat Linux v7.3 I've got a strange problem which just started this morning on one of our squid cache boxes. Squid is logging 'Disk space over limit' warnings. Samples of these messages are below: 2004/05/04 08:15:50| WARNING: Disk space over limit: -284891488 KB 4096 KB 2004/05/04 08:16:01| WARNING: Disk space over limit: -284891488 KB 4096 KB 2004/05/04 08:16:12| WARNING: Disk space over limit: -284891488 KB 4096 KB 2004/05/04 08:16:23| WARNING: Disk space over limit: -284891488 KB 4096 KB 2004/05/04 08:16:35| WARNING: Disk space over limit: -284891488 KB 4096 KB 2004/05/04 08:16:47| WARNING: Disk space over limit: -284891488 KB 4096 KB [restarted squid] 2004/05/04 12:16:09| WARNING: Disk space over limit: 1841096312 KB 4096 KB 2004/05/04 12:16:20| WARNING: Disk space over limit: 1841086216 KB 4096 KB 2004/05/04 12:16:31| WARNING: Disk space over limit: 1841074132 KB 4096 KB 2004/05/04 12:16:42| WARNING: Disk space over limit: 1841060244 KB 4096 KB 2004/05/04 12:16:54| WARNING: Disk space over limit: 1841052792 KB 4096 KB 2004/05/04 12:17:05| WARNING: Disk space over limit: 1840924988 KB 4096 KB 2004/05/04 12:17:16| WARNING: Disk space over limit: 1840914168 KB 4096 KB 2004/05/04 12:17:27| WARNING: Disk space over limit: 1840893048 KB 4096 KB 2004/05/04 12:17:38| WARNING: Disk space over limit: 1840881800 KB 4096 KB 2004/05/04 12:17:49| WARNING: Disk space over limit: 1840873072 KB 4096 KB 2004/05/04 12:18:00| WARNING: Disk space over limit: 1840862180 KB 4096 KB These are being constantly generated. An edited output from 'df -ah' showing the filesystem that the squid cache lives in is below: FilesystemSize Used Avail Use% Mounted on /dev/sdb1 68G 36G 32G 53% /data 'du -k' is reporting the following as the size of the squid cache directory: 34830385./squid_cache Squid conf has the following set: cache_dir aufs /data/squid_cache 4 60 256 I can't work out why Squid is reporting the warning. The current space usage of the squid cache is lower that the specified maximum size. The filesystem the cache lives on has plenty space. Looking at the warnings, it looks like something internally has overflowed. Does anyone have any suggestions on how I can fix or further diagnose this problem? Regards, Ken.
[squid-users] command for authentification Basic
Hi friends. What command I need execute for add to user in my file password for do autentification in my squid proxy? for example peter charles fox etc etc... somebody can help me?. regards TOMAS
RE: [squid-users] command for authentification Basic
Try this to create new file htpasswd -cb /your/password/file username password only do that in first time, after that, just do: htpasswd -b /your/password/file username password -Original Message- From: Tomàs Rodriguez Orta [mailto:[EMAIL PROTECTED] Sent: Tuesday, May 04, 2004 10:32 AM To: List_squid Subject: [squid-users] command for authentification Basic Hi friends. What command I need execute for add to user in my file password for do autentification in my squid proxy? for example peter charles fox etc etc... somebody can help me?. regards TOMAS
[squid-users] VirusWall and Squid ACL
Hi, TrendMicro recommends that I need to setup 2 Squid Proxies with VirusWall in order for it to work with Squid's ACL mechanism (http://kb.trendmicro.com/solutions/solutionDetail.asp?solutionID=8496). Client --- Proxy#1 (Squid) --- InterScan VirusWall --- Proxy#2 --- Internet But searching the archives, it looks like users are able to use VirusWall with just 1 Squid Proxy Server on the same box. May I ask what's which setup should I go for? I'm using squid-2.5.STABLE2-2mdk and Interscan VirusWall 3.81. Regards, Norman
Re: [squid-users] problems with req_mime_type and never_direct
Henrik Nordstrom wrote: My config is like below: # apache + mod_clamav cache_peer 127.0.0.1 parent 80 0 default no-query # i would like to have all mime types # starting with application* (application/octet-stream, # application/x-zip-compressed etc) going through default parent acl scanned_req_mime_type req_mime_type ^application/* never_direct allow scanned_req_mime_type What do you refer to by mime types here? Well, basically I mean the last part of a line in Squid's access log: 1083600673.478201 195.143.49.115 TCP_MISS/302 565 GET http://twoje.konto.pl/cgi-bin/mmstdo.cgi? - DIRECT/212.106.140.12 application/octet-stream 1083600675.294 7147 195.143.49.115 TCP_MISS/200 1661 GET http://www.elunatic.host.sk/toolbar.html - DEFAULT_PARENT/127.0.0.1 text/html Above, what I refer to is text/html and application/octet-stream. I would like every application/* go through proxy 127.0.0.1. b) Mime type of the response sent by the web server in response to the request. I.e. when the browser fetches an object from the web server. If the first then what you have done should work. This is however a very rare operation so I doubt this is what you is looking for. If the second then it can not work as the response mime type is only known when receiving the response, and to receive the response one must first forward the request.. Then I assume it's b) What would you suggest then? Now that it's clear to me that I'm case b) the problem is: 1) .zip .exe .com .pif etc. - all may be infected 1a) scanning for just url_regex (...) .com is lame - i would scan google.com too... 1b) scanning for url_regex (...) .com$ would be lame too: I would not scan for all such files downloaded from webmails (http://some.server/file.com?download=userblahblah). How do I actually build url_regex for links like in 1b)? -- T.
[squid-users] Squid cache benchmarking / performance testing tool
Hi, I am planning to setup Squid cache engine on Suse linux. I would like to know about any open source tool using which I can check the performance of Squid cache engine. Any benchmarking tool to check squid caching capabilities Regards, Milind
[squid-users] RE: HELP - WARNING: Disk space over limit
Rebuilt the swap.state file and all is well. Must have got corrupted somehow. BTW - the old swap.state file was 4317888 bytes in size, the new one 119042256 bytes in size. Why the BIG increase in file size? Cheers, Ken.
RE: [squid-users] Squid cache benchmarking / performance testing tool
Hi, I am planning to setup Squid cache engine on Suse linux. I would like to know about any open source tool using which I can check the performance of Squid cache engine. Any benchmarking tool to check squid caching capabilities http://www.web-polygraph.org/ M.