Re: [squid-users] What are the options for deny_info in this scenario?
OK so a custom 407 is the right answer for this case. instead of proxy rejected the request page from firefox or any other browser. by a localhost I meant a localnet host..(which from the proxy point of view is a localhost). So for the same request response I would use another thing that deny_info. Is there a template or a file that I can relate about this 407 response page? Thanks, Eliezer On 02/23/2014 06:31 AM, Amos Jeffries wrote: Auth requires a 407 status. Redirect is a 30x status. With deny_info you can send a 407 status with custom template page to display OR, redirect to another URL (localhost?) using 30x. But not both in the same response message. NP: the new URL may do or require authentication itself, but that is not related to the deny_info action. Amos
Re: [squid-users] Question in adding banner for ads by squid ?!!
On 02/21/2014 07:55 AM, Dr.x wrote: I want an proxy server that can insert an banner (customizable, like an frame so I can insert an banner in flash, or an html code with js) on the top of all the web page. is that possible with squid ? Yes, it is possible with Squid, but there are caveats. One way to do this is to use an eCAP adapter that does the ad injection. There are production deployments doing that today AFAIK. However, please see the following page for a list of problems such a solution would face: FAQ: Can I inject ads into pages? https://answers.launchpad.net/ecap/+faq/1793 do i need to be programmer to do it , ? You need to write the ad injection adapter yourself or find somebody who can write/sell such a module for/to you. This is not rocket science, but it is not a simple task either (because of various complications and trade-offs mentioned at the above URL). HTH, Alex.
[squid-users] DANS guardian setup with squid
Dear all, I have very old squid running (squid-2.6.STABLE21-3.el5 ) . its a old setup with no filtering and or any url blocking etc I have a new setup using squid-3.1.10-20.el6_5.x86_64. and would like to implement it with DANSGuardin appreciate if someone can help me or advise me with a best link that could guide me too do the DANS guardian setup with optimul config i am running centos 6.5 64 bit regards simon -- - Network Administrator Kuwait Municipality!!! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
[squid-users] BUG 3279: HTTP reply without Date
Hi, I got my test deployment crashing two times in less then 24 hours with %subj: ===[cache.log]=== 2014/02/22 17:23:01 kid1| WARNING: swapfile header inconsistent with available data 2014/02/22 17:23:01 kid1| Could not parse headers from on disk object 2014/02/22 17:23:01 kid1| BUG 3279: HTTP reply without Date: 2014/02/22 17:23:01 kid1| StoreEntry-key: 1CF83983216D7E8BC023A7DD3D9B415C 2014/02/22 17:23:01 kid1| StoreEntry-next: 0x169fa1b88 2014/02/22 17:23:01 kid1| StoreEntry-mem_obj: 0x293662e90 2014/02/22 17:23:01 kid1| StoreEntry-timestamp: -1 2014/02/22 17:23:01 kid1| StoreEntry-lastref: 1393069981 2014/02/22 17:23:01 kid1| StoreEntry-expires: -1 2014/02/22 17:23:01 kid1| StoreEntry-lastmod: -1 2014/02/22 17:23:01 kid1| StoreEntry-swap_file_sz: 0 2014/02/22 17:23:01 kid1| StoreEntry-refcount: 1 2014/02/22 17:23:01 kid1| StoreEntry-flags: CACHABLE,DISPATCHED,PRIVATE,FWD_HDR_WAIT,VALIDATED 2014/02/22 17:23:01 kid1| StoreEntry-swap_dirn: -1 2014/02/22 17:23:01 kid1| StoreEntry-swap_filen: -1 2014/02/22 17:23:01 kid1| StoreEntry-lock_count: 3 2014/02/22 17:23:01 kid1| StoreEntry-mem_status: 0 2014/02/22 17:23:01 kid1| StoreEntry-ping_status: 2 2014/02/22 17:23:01 kid1| StoreEntry-store_status: 1 2014/02/22 17:23:01 kid1| StoreEntry-swap_status: 0 2014/02/22 17:23:02 kid1| assertion failed: store.cc:1876: isEmpty() snip 2014/02/23 13:46:40 kid1| WARNING: swapfile header inconsistent with available data 2014/02/23 13:46:40 kid1| Could not parse headers from on disk object 2014/02/23 13:46:40 kid1| BUG 3279: HTTP reply without Date: 2014/02/23 13:46:40 kid1| StoreEntry-key: 80036D9A20989162A7B8373943A0442D 2014/02/23 13:46:40 kid1| StoreEntry-next: 0x1a1872f68 2014/02/23 13:46:40 kid1| StoreEntry-mem_obj: 0xbafb97130 2014/02/23 13:46:40 kid1| StoreEntry-timestamp: -1 2014/02/23 13:46:40 kid1| StoreEntry-lastref: 1393143400 2014/02/23 13:46:40 kid1| StoreEntry-expires: -1 2014/02/23 13:46:40 kid1| StoreEntry-lastmod: -1 2014/02/23 13:46:40 kid1| StoreEntry-swap_file_sz: 0 2014/02/23 13:46:40 kid1| StoreEntry-refcount: 1 2014/02/23 13:46:40 kid1| StoreEntry-flags: CACHABLE,PRIVATE,FWD_HDR_WAIT,VALIDATED 2014/02/23 13:46:40 kid1| StoreEntry-swap_dirn: -1 2014/02/23 13:46:40 kid1| StoreEntry-swap_filen: -1 2014/02/23 13:46:40 kid1| StoreEntry-lock_count: 2 2014/02/23 13:46:40 kid1| StoreEntry-mem_status: 0 2014/02/23 13:46:40 kid1| StoreEntry-ping_status: 2 2014/02/23 13:46:40 kid1| StoreEntry-store_status: 1 2014/02/23 13:46:40 kid1| StoreEntry-swap_status: 0 2014/02/23 13:46:41 kid1| assertion failed: store.cc:1876: isEmpty() ===[cache.log]=== Is there anything I can do about it? It takes about 2:30 minutes for Squid to start serving requests again due to storage rebuilding and validation procedure. Squid 3.4, Ubuntu 12.4.04. Best, Niki
Re: [squid-users] DANS guardian setup with squid
On 2014-02-24 07:19, Simon Dcunha wrote: Dear all, I have very old squid running (squid-2.6.STABLE21-3.el5 ) . its a old setup with no filtering and or any url blocking etc I have a new setup using squid-3.1.10-20.el6_5.x86_64. and would like to implement it with DANSGuardin For what reason are you planning to use DansGuardian please? appreciate if someone can help me or advise me with a best link that could guide me too do the DANS guardian setup with optimul config Optimal config is *not* to use DG. Being a separate proxy it doubles the HTTP processing latency and overheads. Tried looking at the DansGuardian website for their how-to section for help? To Squid DG is just another client application and most cases nothing special in squid.conf is needed at all. Amos
RE: [squid-users] DANS guardian setup with squid
For what reason are you planning to use DansGuardian please? Optimal config is *not* to use DG. Being a separate proxy it doubles the HTTP processing latency and overheads. If DG is needed to perform web filtering a better alternative is to try one of available ICAP/eCAP servers. Raf
Re: [squid-users] Question in adding banner for ads by squid ?!!
On 2014-02-24 05:37, Alex Rousskov wrote: On 02/21/2014 07:55 AM, Dr.x wrote: I want an proxy server that can insert an banner (customizable, like an frame so I can insert an banner in flash, or an html code with js) on the top of all the web page. is that possible with squid ? Yes, it is possible with Squid, but there are caveats. One way to do this is to use an eCAP adapter that does the ad injection. There are production deployments doing that today AFAIK. However, please see the following page for a list of problems such a solution would face: FAQ: Can I inject ads into pages? https://answers.launchpad.net/ecap/+faq/1793 Note that second to last paragraph on non-technical problems... ** consult a good lawyer first**. http://www.benedelman.org/spyware/ http://www.benedelman.org/injectors/ (The legal aspects on the page above are mostly USA related, but there are equivalents in most countries signed up to the international Copyright agreements and BERN convention.) do i need to be programmer to do it , ? You need to write the ad injection adapter yourself or find somebody who can write/sell such a module for/to you. This is not rocket science, but it is not a simple task either (because of various complications and trade-offs mentioned at the above URL). I suggest you look at using portal pages instead. Much more accepted by end-users and do not encounter any of the legal or technical issues with altering others copyrighted content. The Squid session helper can do this with a timeout occasionally redirecting users to the portal page with advertising, or something slightly smarter can be made to only do it for certain user-visible requests (ie ignoring images, scripts, stylesheets, etc). Amos
[squid-users] Re: DANS guardian setup with squid
Besides the drawback of DG (double processing of http) I like the advantage of being completely independent from squid, besides the config as an upstream/downstream proxy to squid (parent). So it is very easy to be used together with squid. In case of thruput problems, it can be simply put onto another machine. -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/DANS-guardian-setup-with-squid-tp4664989p4664994.html Sent from the Squid - Users mailing list archive at Nabble.com.
[squid-users] Re: Question in adding banner for ads by squid ?!!
https://answers.launchpad.net/ecap/+faq/1793 very well describes a few of the obstacles, although solvable. I.e. a good solution should not rely on MIME-types, as stated in the article correctly, but do an analysis of the datastream itself, to identify HTML to be modified. Regarding legal issues, as I have a good working solution, at least in my country (not US) this issue is difficult to decide, according to the expertise of a special lawyer for internet and copyrights, as there is no court decision up to now. Of course, it would be a bad idea to inject an ad for a law consulting co into another lawyers web site :-) -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Question-in-adding-banner-for-ads-by-squid-tp4664976p4664995.html Sent from the Squid - Users mailing list archive at Nabble.com.
[squid-users] difficulty with Squid Ovidsp.ovid.com
Hi, I am trying to help a customer of Ovid who is using Squid (I know nothing about the squid software and configuration so this may be a very basic question). Can anyone help with recommendations to configure Squid to allow access to ovidsp.ovid.com and fix below error? Problem getting to Http://ovidsp.ovid.com ERROR received: == ERROR The requested URL could not be retrieved The following error was encountered while trying to retrieve the URL: http://ovidsp.ovid.com/autologin.html Unable to determine IP address from host name ovidsp.ovid.com The DNS server returned: Timeout This means that the cache was not able to resolve the hostname presented in the URL. Check if the address is correct. Your cache administrator is root. == Below are the recommendations for Ovid: Ovid recommends that you allow users to connect to all *.ovid.com domains, to ensure uninterrupted access for users. If that is not possible, we recommend that you allow access to the following service URLs, depending on which products you subscribe to. Ovid Resource Service URLs: These are the only entry-point addresses that should be bookmarked and distributed to users. http://ovidsp.ovid.com https://ovidsp.ovid.com http://pt.wkhealth.com https://pt.wkhealth.com http://gateway.ovid.com https://gateway.ovid.com (optional SSL access) http://ssolver.ovid.com http://clinicalresource.ovid.com http://stats.ovid.com http://linksolver.ovid.com http://clineguide.ovid.com http://nursing.ovid.com Below addresses should NOT be bookmarked or distributed to users. http://ovidsp.tx.ovid.com* http://ovidsp.uk.ovid.com* http://graphics.tx.ovid.com https://graphics.tx.ovid.com http://graphics.uk.ovid.com https://graphics.uk.ovid.com http://acs.tx.ovid.com https://acs.tx.ovid.com http://acs.uk.ovid.com https://acs.uk.ovid.com http://ovidfr.ovid.com http://ovidcn.ovid.com *If you wish to bookmark OvidSP, please use http://ovidsp.ovid.com only. Including tx or uk could compromise your access to OvidSP. Network traffic between Ovid and your site All network traffic from Ovid to your site should be in response to requests which users have generated. Thus, if your site is using a stateful packet inspection (SPI) firewall, you should not have to open any ports on your firewall. Email is the exception, and you should allow TCP/25 from the address ranges listed below. Should you use a non-SPI firewall, you will need to allow ephemeral (high numbered) TCP port access from the following IP address ranges. In order to allow Ovid the ability to expand/upgrade service without impacting connectivity, the entire range should be allowed. 160.109.106.x 160.109.107.x 160.109.108.x 160.109.109.x 160.109.112.x 160.109.113.x 160.109.114.x 160.109.98.x 194.66.22.128/26 (194.66.22.128 - 194.66.22.191) To ensure proper delivery of email, customers are encouraged to explicitly whitelist our mail server IP addresses and e-mail accounts: 160.109.98.52, 160.109.107.38, 194.66.22.174, 194.66.22.175, web...@ovid.com, auto...@ovid.com, wkh-nore...@wolterskluwer.com Best regards, Shirley Shirley Farquhar Dir. Customer Engagement (Asia/Pacific) Wolters Kluwer Health Medical Research Lippincott, Williams Wilkins Ovid Technologies Level 18, 9 Hunter Street Sydney, NSW 2000 Australia +61 (0)2 9276 tel +61 (0)2 9231 1255 fax supp...@ovid.com Need more help? To find a Freecall Number for your Country... please check here: http://ovid.com/PhoneTech For frequently asked Technical Support Questions/Answers... please check here: http://ovidsupport.custhelp.com + Free OvidSP Widget Do you want to: . Increase your usage on OvidSP? . Facilitate access from your website or intranet? . Jumpstart a user to a search session or browse in OvidSP? Contact Ovid Technical Support for a personalised widget created for your OvidSP institutional access! mailto:supp...@ovid.com Tell us how we did Confidentiality Notice: This email and its attachments (if any) contain confidential information of the sender. The information is intended only for the use by the direct addressees of the original sender of this email. If you are not an intended recipient of the original sender (or responsible for delivering the message to such person), you are hereby notified that any review, disclosure, copying, distribution or the taking of any action in reliance of the contents of and attachments to this email is strictly prohibited. If you have received this email in error, please immediately notify the sender at the address shown herein and permanently delete any copies of this email (digital or paper) in your possession.
[squid-users] Re: difficulty with Squid Ovidsp.ovid.com
The following error was encountered while trying to retrieve the URL: http://ovidsp.ovid.com/autologin.html Unable to determine IP address from host name ovidsp.ovid.com The DNS server returned: Timeout Looks like a DNS problem. I can access the URL from Thailand via my squid. So on your site, squid can not resolve ovidsp.ovid.com You might try first to ping ovidsp.ovid.com from the machine, squid is installed on. If that does not work, squid has no chance anyway, because the DNS-server used has a problem. If it works, then there is a problem in communication between squid and the DNS server. Posting squid.conf might give more insight. -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/difficulty-with-Squid-Ovidsp-ovid-com-tp4664996p4664997.html Sent from the Squid - Users mailing list archive at Nabble.com.