, they can have
access to the cache.
This is in the FAQ.
See http://squid.nlanr.net/Squid/FAQ/FAQ-19.html#ss19.6 with some minor
obvious changes... (compare with comments in squid.conf).
---
Henrik Nordstrom
Spare time Squid hacker
miss_access allowed it you'd like to fetch stuff from
siblings..
---
Henrik Nordstrom
Spare time Squid hacker
the last (second) one. Squid does not understand this
syntax.
---
Henrik Nordstrom
Spare time Squid hacker
_domains dstdomain example.com example.net ...
http_access allow limited_access_domains limited_access_users
acl limited_access_servers dst server1.example.org server2.example.org
http_access allow limited_access_servers limited_access_users
# Deny all else.
acl all src 0.0.0.0/0
http_access deny a
-parent allow ftp?
It should work if your goal is:
* send http traffic to junkbuster
* send ftp traffic to ftp-parent
* use neither of them for other protocols
---
Henrik Nordstrom
Spare time Squid hacker
...
That is an "limitation" of the OS used, and not Squid. Some OS:es
refuses to dump core on daemon processes that have changed user id
(started as root, then switched to another user id). Some strict ones
even refuses to dump core if there is no associated terminal.
---
Henrik Nordstrom
Spare time Squid hacker
paramenters when
filesystems are build on early patchlevels of 2.6).
---
Henrik Nordstrom
Spare time Squid hacker
Rob Merkwitza wrote:
I am hoping somebody can help me. I am running Sun 2.6 with Squid 2.1
RELEASE. It has been running fine for 2 months but now it tells me that my
cache is full
e swithces are embedded in
configure. Run configure --help to get a list of all switches and their
descriptions.
---
Henrik Nordstrom
Spare time Squid hacker
is available in the RedHat contrib area I think,
but it is very easy to rebuild Squid from source as well).
Error templates by default in install-dir/etc/errors (usually
/usr/local/squid/etc/errors)
---
Henrik Nordstrom
Spare time Squid hacker
cache1_domain
---
Henrik Nordstrom
Spare time Squid hacker
with the HTTP specifications for proxies.
---
Henrik Nordstrom
Spare time Squid hacker
Can you run dnsserver manually?
Can the user you have configured Squid to run as run dnsserver manually?
To test dnsserver manually, start it without arguments and then type a
host name. You should receive back a record with the IP information for
that host.
---
Henrik Nordstrom
Spare time
this.
This will be especially true if using Squid 2.2 since false hits are now
supposedly handled properly. The sucking parent can now be denied
miss_access on all peers to avoid risking wasting any external bandwidth
on this procedure, and some simple never_direct rules stops the parent
from going direct.
---
Henrik
starting squid, when I run squid -k check I still
get the error message "no ruuning copy".
Then it is probably not running. See squid/logs/cache.log (or ps
listing)
---
Henrik Nordstrom
Spare time Squid hacker
mailinglist.
--
Henrik Nordstrom
Spare time Squid hacker
. The client program distributed with
Squid can be used to send these requests.
---
Henrik Nordstrom
Spare time Squid hacker
, and to ask on squid-users if
unsure. Most things not enabled by default are either experimental,
under development or point features not interesting for common setups.
Others are for enabling it to build on platforms not yet supported (this
is especially --enable/disable-poll).
--
Henrik
is a sign of
improvement from Sun rather than something to blaim on someone, as it
now is supposed to handle fragmented filesystems better without the need
of manual tuning to space optimization.
--
Henrik Nordstrom
Spare time Squid hacker
on the least filled 3/4 disks (those marked as selected in
cachemgr).
---
Henrik Nordstrom
Spare time Squid hacker
redirect traffic destinated for us
ipfwadm -I -a accept -D this.server.name accept
# Redirect port 80 to Squid on all other interfaces
ipfwadm -I -a accept -P tcp -D 0.0.0.0/0 80 -r 9688
---
Henrik Nordstrom
Spare time Squid hacker
# this:
#
# X-Forwarded-For: 192.1.2.3
#
# If you disable this, it will appear as
#
# X-Forwarded-For: unknown
#
#forwarded_for on
---
Henrik Nordstrom
Spare time Squid hacker
as
more requests are processed.
---
Henrik Nordstrom
Spare time Squid hacker
ling from being sent to a sibling. These loops are
quite harmless but clutters up the log files and may cause a tiny
performance degration.
---
Henrik Nordstrom
Spare time Squid hacker
Fre de Vries wrote:
Is there a way to log all client ip's and destination url's that are
actually blocked when someone try's to access one of the blocked url's
It is in you access log. HTTP code TCP_DENIED/403
---
Henrik Nordstrom
Spare time Squid Hacker
/squid.nlanr.net -
Note that the HTTP code above is 304 ("Not modified"). What you are
seeing above is a downstream cache (child proxy or browser cache) has
the object cached and validates it's cache. Squid can't currently cache
these replies unless it already has the full object in cache.
he network. All hits which hasn't recently
(cache_mem LRU) been fetched from the network is always sent from disk.
---
Henrik Nordstrom
Spare time Squid hacker
S Ramakrishnan wrote:
Are there other lightweight protocol redirectors available
that I may use for HTTP?
If your goal is to relay HTTP requests to another proxy then even a
simple TCP plug daemon will do the task fine as long as the proxy is up
and running..
---
Henrik Nordstrom
Spare time
Socrates Tatunay wrote:
Hi again! how about Y2k compliance...who's the governing body for the
y2k compliance of SQUID...specifically SQUIDv1.1.21? Tnx!
1.1.21 has some known minor Y2K issues. Please consider upgrading to a
supported release.
---
Henrik Nordstrom
Spare time Squid hacker
Jens-S. Voeckler wrote:
Hmm, I didn't see any difference for MISSes when I activated the Solaris
"forcedirectio" mount option (since 2.6) which is said to transfer from
user memory to io without a kernel copy. But then, (a) it was a lab
environment and (b) I didn't look at the effects on
somewhere, but you
are most likely better off upgrading to Squid 2 (even if you don't use
delay pools) unless you have very specific reasons to why you should use
Squid 1.X.
---
Henrik Nordstrom
Spare time Squid hacker
.
---
Henrik Nordstrom
Spare time Squid hacker
.
---
Henrik Nordstrom
Spare time Squid hacker
like most URL related issues this can be solved by using a
redirector or a PAC script. No need to add special cases to Squid for
handling a non-standard URL format rarely used for any legal / relevant
information.
---
Henrik Nordstrom
Spare time Squid hacker
in client_side.c, but there are a lot of complications when
altering the object data..
---
Henrik Nordstrom
Spare time Squid hacker
allow acl1 acl2 acl3
http_access deny acl4 acl5
http_access allow acl6 acl7
is
allow if acl1 AND acl2 AND acl3
OR
deny if acl4 AND acl5
OR
allow if acl6 AND acl7
OR
deny
---
Henrik Nordstrom
Spare time Squid hacker
Irfan Akber wrote:
I have the following entry in cache.log
1998/12/08 21:15:21| pumpRestart: NO: mem-inmem_lo == 1387
What does it mean. I am using squid2.0.PATCH2
That a POST/PUT request failed and Squid could not retry the request
since it had already processed some of it.
---
Henrik
Chris Joyce wrote:
both as parents and this works , but I'd like to cache local ,
can I do this ?
It does this by default unless you tell it not to (by using the no_cache
or proxy-only directives).
---
Henrik Nordstrom
Spare time Squid hacker
Chris Joyce wrote:
It does this by default unless you tell it not to (by using the no_cache
or proxy-only directives).
Other parameters affecting caching is cache_mem, and of course the size
of your cache_dir..
---
Henrik Nordstrom
Spare time Squid hacker
transparent proxy setup. It should not redirect requests sent by Squid
back to Squid.
---
Henrik Nordstrom
Spare time Squid hacker
Fre de Vries wrote:
I install squid-2.1-2.i386.rpm on RedHat5.2 with rpm -i as usual.
Perhaps the old setresuid buisness with RedHat is back..
try
env ac_cv_func_setresuid=no ./configure --prefix=...
make clean
make install
---
Henrik Nordstrom
Spare time Squid hacker
explicit
expiration times as much as possible.
---
Henrik Nordstrom
Spare time Squid hacker
have a message in your
systems messages or syslog file, or on the console.
If the error is caused by (2) then Squid needs to be debugged but I have
not yet heard any other people reporting this with 2.1.PATCH1.
---
Henrik Nordstrom
Spare time Squid hacker
with Squid 2. See my Squid page for a alternative approach
http://hem.passagen.se/hno/squid/
---
Henrik Nordstrom
Spare time Squid hacker
Waseem Ashraf wrote:
Is there any way to specify another proxy address in squid,
so that our squid proxy can fetch data through an upstream proxy.
see cache_peer in squid.conf. (RTFM)
---
Henrik Nordstrom
Spare time Squid hacker
shness lifetime using a
heuristic. If the value is greater than 24 hours, the cache must
...
---
Henrik Nordstrom
Spare time Squid hacker
. Basically you
need to have miss_access on any siblings to never get this message.
Hopefully this gets resolved any time now.
---
Henrik Nordstrom
Spare time Squid hacker
is between ftpStart and ftpDataTransferDone or
ftpFail.
---
Henrik Nordstrom
Spare time Squid hacker
transparent proxying may seem to work for some it has some major
drawbacks, the primary one being that it makes a big mess of TCP/IP, the
secondary one is that end users are not aware that there is a proxy in
between them and the origin site.
---
Henrik Nordstrom
Spare time Squid hacker
polite
thing to do, and even worse if you'd like to hide it from your clients.
You can customise the error messages to look any way you like. See
squid/etc/errors/
---
Henrik Nordstrom
Spare time Squid hacker
what taking my bandwidth ?
Add the following to your squid.conf:
quick_abort_min 0
half_closed_clients off
In my opinion at least the first one should be the default setting, but
currently it isn't.
Please ask again if this does not help.
---
Henrik Nordstrom
Spare time Squid hacker
(and
preferably instructions on how to do so) then you do not need to bother
with any of these TCP/IP problems, and you would probably get about the
same amount of support calls if the page is designed properly.
---
Henrik Nordstrom
Spare time Squid hacker
to the origin site (or parent proxy if
not allowed to go direct).
CONNECT is a method browsers uses to open fully transparent tunnels to
origin servers for protocols not supported by the proxy (mainly SSL
which can't be proxied like HTTP).
---
Henrik Nordstrom
Spare time Squid hacker
.PATCH2) to get this working smoothly as the old Squid
1.X is a bit limited here (mostly all or nothing firewalled)..
---
Henrik Nordstrom
Spare time Squid hacker
distribution to one of the disks at a time.
---
Henrik Nordstrom
Spare time Squid hacker
Stephen Anderson wrote:
Simple question, hard answer:
1 System. 128 MB RAM 3 x 1 Gig Drives (independant controllers)
Which is best for performance? SW-Raid0, SW-Linear, or simply 3
cache-dirs? Thanks
normal.
---
Henrik Nordstrom
Spare time Squid hacker
.
---
Henrik Nordstrom
Spare time Squid hacker
(int) reply-expires,
- strBuf(reply-content_type) ? strBuf(reply-content_type) : "unknown",
+ strLen(reply-content_type) ? strBuf(reply-content_type) : "unknown",
reply-content_length,
(int) (mem-inmem_hi - mem-reply-hdr_sz),
RequestMethodStr[mem-m
Ethy H Brito wrote:
I can't get deny_info working as expected.
http_deny sex all
deny_info uses the last acl matched. In this case that is "all". You
probably want
http_access deny all sex
or simplified to
http_access deny sex
(having all in an access line is redundant..)
functioning.
---
Henrik Nordstrom
Spare time Squid hacker
.
---
Henrik Nordstrom
Spare time Squid hacker
Andres Konow wrote:
HTTP/1.0 200 OK
Date: Thu, 25 Feb 1999 05:25:45 GMT
Server: Apache/1.3.3 (Unix) mod_oas/4.61
Content-Type: text/html
Age: 0
X-Cache: MISS from myproxy.com
Proxy-Connection: close
...
And the log files show the TCP/200
but with
different ports. A peer is identified by its hostname and http port.
---
Henrik Nordstrom
on the
right of the directory listing. The default mime.conf provides a binary
download icon (;type=i) for all types which uses ASCII transfer mode.
---
Henrik Nordstrom
Spare time Squid hacker
easy
to know which log section to reduce.
To do that you have to change the code / debug macros used.
---
Henrik Nordstrom
Spare time Squid hacker
is selected, but the reply is from www-cache. The
second request (ftp) first selects www-cache, then selects junkbuster..
---
Henrik Nordstrom
Spare time Squid hacker
login.
What you can do, and what you proposed your self, is to make an
authenticator which remembers that the login has been used, and denies
access. This requires some small modifications to ncsa_auth, and a
appropriate tuning of authenticate_ttl.
---
Henrik Nordstrom
Spare time Squid hacker
squid to refresh or to reload one or more URLs
immediately in order to update the new IP of a web site ?
Do a forced reload of a object on the site (pragma: no-cache, -r option
to the Squid client program)
---
Henrik Nordstrom
Spare time Squid hacker
the wron error code when Squid is not allowed to
create the directories.
3. A squid bug?
---
Henrik Nordstrom
Spare time Squid hacker
s of Squid correctly sends the FTP servers error message
when FTP server refuses connections.
---
Henrik Nordstrom
Spare time Squid hacker
to the ethernet addresses to determine by which
path the packet arrived.
---
Henrik Nordstrom
Spare time Squid hacker
Ben Kohn wrote:
Ok, after doing some tcpdump, it looks like when the connection reset by
peer error occurs during transparent proxying the packets are moving, but
they aren't moving
d such request
from Netscape, result is depending of file size.
Yes, that is what I would expect. Many browsers only present error
messages it is successfully could sent the complete request to the
network.
---
Henrik Nordstrom
Spare time Squid hacker
objects) sent throught your Squid before the next top
level directory is used.
---
Henrik Nordstrom
Spare time Squid hacker
.
---
Henrik Nordstrom
Spare time Squid hacker
ransparent proxying on Linux or any
other OS where getsockname() returns the real destination IP address in
a transparent proxy setup.
---
Henrik Nordstrom
Spare time Squid hacker
mimetype to application/binary
3. or use the download icon for downloading the file if the browser
insist on CR/LF translation.
---
Henrik Nordstrom
Spare time Squid hacker
equest. -m is for selecting which method the client command uses. There
are a number of other methods where a request body is needed (POST is a
obvious example).
---
Henrik Nordstrom
Spare time Squid hacker
I have some more ideas on this issue.
You may have ACL lines which prevents the client from fetching the
icons. One likely case is that you have enabled the Safe_ports ACL in
the example squid.conf.
---
Henrik Nordstrom
Spare time Squid hacker
Juergen Obermann wrote:
Juergen Obermann wrote
(with the possible exception of when a user needs
something and makes sure it is done by paying someone to do it).
---
Henrik Nordstrom
Spare time Squid hacker
.
Redirectors can be used for global access control.
---
Henrik Nordstrom
Spare time Squid hacker
increases slightly as more and more objects get
stored to disk. This may be the reason why things looked good to begin
with, and now crashes.
See also the Squid FAQ for information on memory tuning, both Squid
tuning and operating system tuning.
---
Henrik Nordstrom
Spare time Squid hacker
the firewall instead.
---
Henrik Nordstrom
Spare time Squid hacker
l dst_word1_blocked dstdomain "/usr/local/squid/etc/word1.domains"
http_access deny dst_word1 dst_word1_blocked
Also make sure your domain list is NOT sorted on reverse domain name as
that would yield the worst splay tree. Have the domain list in
dictionary sorted order or random order.
---
Henrik Nordstrom
Spare time Squid hacker
IBLE_CGI_ERRORS reply_code 505
no_cache INVISIBLE_CGI_ERRORS
Errors are negatively cached. Set negative cache timeout to 0 and errors
will not be cached.
---
Henrik Nordstrom
Spare time Squid hacker
Serguei V. Melekhov wrote:
acl sex dst www.penthouse.com penthouse.com www.playboy.com playboy.com
acl sex1 gives only two hosts but denies 4 hosts? Am I doing something
wrong?
If I am not mistaken the above is 2 hosts with 4 domain names (one name
and one alias for each host).
---
Henrik
proxy settings closely. Browsers considers two proxies with
different case (or different amount of local domain) as to different
proxies and asks for a new password.
---
Henrik Nordstrom
Spare time Squid hacker
See the Squid FAQ on transparent proxying.
In short:
httpd_accel_host virtual
httpd_accel_uses_host_header on
---
Henrik Nordstrom
Spare time Squid hacker
Mahmood Haq wrote:
While trying to retrieve the URL: /cgi-bin/cachemgr.cgi
The following error was encountered:
Invalid URL
would
recommend doing frequently if you have a large cache.
---
Henrik Nordstrom
Spare time Squid hacker
"Upload file" from the Netscape File menu to send
a file to the FTP server throught the proxy. The file appeared as
expected in the current directory on the FTP server.
---
Henrik Nordstrom
Spare time Squid hacker
Unfortunately proxy_auth is "broken" in Squid 2.1, and always accepts
all users with a valid password.
Patch available from http://hem.passagen.se/hno/squid/ or wait for Squid
2.2 to be released.
---
Henrik Nordstrom
Spare time Squid hacker
Ingo Neis wrote:
acl internet-users
[EMAIL PROTECTED] wrote:
gcc: installation problem, cannot exec `cc1plus': No such file or directory
make: *** [cache.o] Error 1
Looks like you haven't installed the C++ part(s) of your gcc compiler.
---
Henrik Nordstrom
Spare time Squid hacker
operations to
threads, requiring about 2 context switches per I/O operation).
---
Henrik Nordstrom
Spare time Squid hacker
selecting different authentication failure pages only works in
Squid 2.2 (when released). Earlier Squid versions used a hard coded
error page name for authentication.
---
Henrik Nordstrom
Spare time Squid hacker
ly contact the inner proxy for requests
to DMZ servers.
2c) Allow clients to fetch icons directly from the DMZ proxy.
---
Henrik Nordstrom
Spare time Squid hacker
this error message when a user tries to access
the proxy from the old dialin ports.
acl old_dial_in_port src 1.2.3.4/24
http_access deny old_dial_in_port
deny_info ERR_OLD_DIALIN_PORT old_dial_in_port
---
Henrik Nordstrom
Spare time Squid hacker
or invalid password in a proxy_auth ACL
processing as "not enought information to evaluate", and requests the
user to (re)authenticate themselves. No further ACL processing is done.
---
Henrik Nordstrom
Spare time Squid hacker
ion on any of the directories above the
files.
cd /usr/local/src/www/squid/etc/errors/
chmod a+rx .
cd ..
chmod a+rx .
... (repeated 5 times)
---
Henrik Nordstrom
Spare time Squid hacker
ncsa_auth with a "standard"
crypt() function, or change htpasswd to use the same method as your
system.
---
Henrik Nordstrom
Spare time Squid hacker
exits
the browser.
It is however theoretically possible to implement a system with
time-limits, by implementing the limit in the proxy_auth authentication
program (and use a "short" authentication TTL in squid.conf).
---
Henrik Nordstrom
Spare time Squid hacker
on
vsnprintf()? It that is the case, try using the (v)snprintf function
delivered with the Squid sources. (env ac_cv_func_vsnprintf=no
./configure ... ;make clean ; make install)
---
Henrik Nordstrom
Spare time Squid hacker
be worthwile to upgrade to latest Linux 2.2 + latest ac patch if
requiring a lot of filedescriptors.
---
Henrik Nordstrom
Spare time Squid hacker
alive again. This probe starts 30 seconds after the first failing
request and is repeated every 60 seconds until the peer answers. When
this probe succeds in establishing a TCP connection to the peer the HTTP
failure counter mentioned above is reset.
---
Henrik Nordstrom
Spare time Squid hacker
1 - 100 of 358 matches
Mail list logo