Hi ,
You can check out the linux policy based routing.
the url is this
http://www.lartc.org/lartc.html
--- info [EMAIL PROTECTED] wrote:
Dear Sir/madam,
i have 2 internet connection.1-via lised line (2way)
2- recive only by
satellite with some valid IP.
now my users ues of lieasd line and
If your proxy server only runs squid then an easy way to deny access by IP
address is to place the lines
route add ip address lo
into /etc/rc.d/rc.local
This makes sure that a proxy abuser does not access squid at all.
Simple one liner instead of a two line acl or a more complex IP tables
Lizzy Dizzy wrote:
Really?
Really!
Almost all the request for windowsupdate results in a TCP_MISS/206:
TCP_MISS/206 2440 GET
http://download.windowsupdate.com/msdownload/update/v3-19990518/cabpool/WindowsXP-KB825119-x86-ENU_1b9f23b64b002d1e9d1eaba62f5f8fd.exe
- DIRECT/211.39.137.158
On Mon, 19 Jul 2004 [EMAIL PROTECTED] wrote:
hi scott, i think i have good news for everyone dealing with the problem of
trying to compile ip_wccp for RHESv3. you see, a co-worker started playing
around with the module and here is what he did:
original:
#if LINUX_VERSION_CODE =
The ip_wccp.c linked from the Squid FAQ should work on Linux-2.6 without
modifications.
Regards
Henrik
On Mon, 5 Jul 2004, Mark Tinka wrote:
hi all..
does anyone know of the updated ip_wccp module for
2.6.5...?.. i am trying to compile the current one for
2.6.5 using
On Mon, Jul 19, 2004 at 06:34:07AM -0300, Khawar Nehal wrote:
If your proxy server only runs squid then an easy way to deny access by IP
address is to place the lines
route add ip address lo
into /etc/rc.d/rc.local
This makes sure that a proxy abuser does not access squid at all.
On Tue, 22 Jun 2004, unixware wrote:
Dear all
i want to patch Fedora 2 kernel with wccp v 1 support
i download the module at
http://www.squid-cache.org/WCCP-support/Linux/ip_wccp.c
but i dont know correct GCC lines to compile as in
kerenl 2.6.5 lines has been location changed .
A
On Tue, 6 Jul 2004, Mark Tinka wrote:
however, when i configure squid and my router for
wccp, i get nothing... cache.log says squid is
accepting wccp connections on port 2048:
have you set up the required interception firewall rules (iptables)?
i've tried juggling the configuration around
On Wed, 7 Jul 2004, Mark Tinka wrote:
i've managed to compile my ip_wccp.o module for
kernel-2.6.5, and also got my router to see squid via
wccp.. but there's still no action..
could it be because i haven't setup gre?
No, ip_wccp automatically accepts any WCCP encapsulated packets and
On Wed, 28 Apr 2004, Andrew Ivins wrote:
Quick question about ip_wccp's v2 support if I may. I'm using it with a
Cisco 2600 to redirect outbound HTTP to squid. This works very well. The
router is also able to push spoofed return traffic back to the cache via
WCCP. Is this something that is
On Sat, 17 Jul 2004, Luis Miguel R. wrote:
If you want the ability to match on the MIME filename (something like a
(rep|rep)_mime_name acl), then either write a patch or submit a feature
request bug. If it means a great deal to your organization, perhaps they
would consider sponsoring a
what is the squivalent of
authenticate_ip_ttl_is_strict on in squid2.5?
thanks
__
Do you Yahoo!?
Vote for the stars of Yahoo!'s next ad campaign!
http://advision.webevents.yahoo.com/yahoo/votelifeengine/
On Fri, 16 Jul 2004, Lizzy Dizzy wrote:
Does this helps?
TCP_MISS/206 2417 GET
http://download.windowsupdate.com/msdownload/update/v3-19990518/cabpool/IE6.0sp1-KB823353-x86-ENU_5ee60d6c9b9464c7ddf332147ebd16f.exe
- DIRECT/210.184.108.125 application/x-msdownload
TCP_MISS/206 2441 GET
On Mon, 19 Jul 2004, rem mek wrote:
what is the squivalent of
authenticate_ip_ttl_is_strict on in squid2.5?
The max_user_ip acl.
Regards
Henrik
On Thu, 15 Jul 2004 [EMAIL PROTECTED] wrote:
I have some problems when I try to visit some intranet web sites with User
and Password. I think they are IIS site with NTLM authorization.
NTLM authorization can not work via proxies.
To access the servers via proxy the server must be configured
On Fri, 16 Jul 2004, Chris Perreault wrote:
Any recommendations for ghosting a configured server?
My recommendation is documenting the install procedure on how to install
the OS, then replicate configuration files etc between the servers (and a
safe backup) using rsync.
This way you also have
On Sun, 18 Jul 2004, George Hong wrote:
But I found something weird and could not understand:
I removed the directories in cache_dir and issued squid -z to remake
them. The memory hit ratios is over 99%(via cachemanager). But when I
completed shutdown squid then started it again, the memory
On Sun, 18 Jul 2004, Barry Rumsey wrote:
I have set up ldap database but I don't know how to get it to auth or about
the acl's
Is there in doc's in plain simple english?
Start with the squid_ldap_auth and squid_ldap_group manuals (man pages,
shipped and installed with Squid).
Regards
On Fri, 16 Jul 2004, Pierluigi wrote:
When a client try to connetct to a domain of the list, squid doesn't
have to connect directly to internet but it has to redirect to another
squid (using username and password)
See never_direct, cache_peer and cache_peer_access.
Regards
Henrikm
We've got it all documented, now are just looking for a way to get an image
of the drive so it can be reproduced quickly on additional systems as well
as be used in case something happens to a drive on an existing system. I see
it taking longer to actually go through the system making sure it is
On Wed, 14 Jul 2004, Chris Perreault wrote:
Read up on the ACLs. If the destination is signup.com then you can REQUIRE
authentication, or not... !REQUIRED
acl newbies dst signup.com
acl authenticated proxy_auth REQUIRED
http_access allow newbies authenticated
This will require
On Mon, 12 Jul 2004, Tim Neto wrote:
Wouldn't a group LDAP check be required using squid_ldap_group?
Only if you want to use more than one group for different levels of
access, or if the user objects within your LDAP directory does not carry
information about group memberships.
If your user
On Mon, 12 Jul 2004, Martijn Moret wrote:
I solved the problem by creating a wrapper around the squid_ldap_auth as
the space in the OU Gebruikers Groepen will not parse (IMHO).
Odd.. it works just fine here using Squid-2.5. Just remember to quote the
arguments using double quotes ().
You can
On Fri, 2 Jul 2004 [EMAIL PROTECTED] wrote:
I configured the squid.conf file:
External_acl_type ldap_group %LOGIN /usr/local/squid/libexec/squid_ldap_group -b
OU=Groups,OU=department,OU=office,DC=my_domain -f (cn=%g) -B
OU=Users,OU=department,OU=office,DC=my_domain -F samaccountname=%u) -h
On Fri, 2 Jul 2004, laurent Schweizer wrote:
I want to install DansGuardian with Squid but before I need to know some
precisions:
If use DansGuardian with squid, can I also use:
ACL from squid with ldap and ldap_group authentication,
Yes.
Regards
Henrik
On Wed, 23 Jun 2004, Chris Perreault wrote:
I wondering if squid has a built in feature that passes the username down to
back end webservers.
See the login= cache_peer option.
Regards
Henrik
On Wed, 26 May 2004, Chris Perreault wrote:
The problem is that the authentication doesn't want to work in accelerated
mode.
Authentication not applicable on accelerated requests is the
authentication error I am getting.
Look in the archives for the solution to this.
Searching the web I
On Fri, 16 Jul 2004 [EMAIL PROTECTED] wrote:
I'm sorta wondering though...since there is an RFC for this...why couldn't
we do it with our equipment(popular, name brand, standard compliant)? not
that it matters because *THEY* won't let *US* even look at the %#$! router
configs...{deep
Although squid.conf has changed over the years and some adjustment have
been made; I am using, in essence, the same relatively simple squid.conf
file that I used in the mid-nineties. The last significant change was to
support load-balanced sibling servers. This wasn't a major change as it
was
On Thu, 15 Jul 2004, Luis Miguel wrote:
Hi all, I see squid supporting all acls types that squidguard have
Nearly, but not all. Squid does not have a good equivalence of the urllist
acl type in SquidGuard.
are there any good reason to use squidguard for filtering purposes
instead of squid
On Thu, 15 Jul 2004, Chris Perreault wrote:
In normal proxy mode a redirector can redirect users to an error page
whenever they attempt to reach a blacklisted site.
So can deny_info in squid.conf.
Regards
Henrik
On Wed, 14 Jul 2004 [EMAIL PROTECTED] wrote:
2004/07/14 13:45:09| WARNING: newer swaplog entry for dirno 0, fileno 0004
2004/07/14 13:45:09| WARNING: newer swaplog entry for dirno 0, fileno 0005
2004/07/14 13:45:09| WARNING: newer swaplog entry for dirno 0, fileno 001A
lots more
Hello,
i know that this point was discussed many times. I tried out all suggestions. The
reverse proxy works for Exchange 2003 but not for 2000. The situation is: squid 2.5 is
on a public ip adress with httpd_accel params (see below), forwarding to CA eTrust SCM
as parent cache (see below) and
in RedHat Cd..-:)
Use the Power of Google...any ways one link is
http://www.swelltech.com/support/squidpackages.html
--- Kashif Ali [EMAIL PROTECTED] wrote:
where can i find squid RPM installtion ???
=
Regards,
Mohsin Khan
CCNA ( Cisco Certified Network Associate 2.0 )
I am not aware of any option in squid like this, if
some one knows i would like to know that. For what
purpose you want to do that, one of my friend wanted
it cause he wants to block porn and still users were
able to access sites through IP address, so what I
recomend him to use, SquidGaurd or
On Mon, 19 Jul 2004, Merton Campbell Crockett wrote:
acl GDAIS .gd-ais.com
never_direct allow !GDAIS
For clarity you should probably use
never_direct deny GDAIS
never_direct allow all
or maybe (depending on what it is you are doing)
always_direct allow
On Mon, 19 Jul 2004, Mohsin Khan wrote:
in RedHat Cd..-:)
Use the Power of Google...any ways one link is
http://www.swelltech.com/support/squidpackages.html
Also linked from Binary Distributions on the Squid home page...
Regards
Henrik
On Thu, 15 Jul 2004, Kashif Ali wrote:
the problum is squid deny http access to mac1 and mac2
What does access.log say?
(and also repost your access rules)
Regards
Henrik
First of all sorry for my english.
Hello everybody
I need a help. I compiled the quid-cache with tranparent proxy on my
network-server. The first times it's working looks good. But days after
(2
weeks accurately) he slow down the conections.
Please help me.
My
On Thu, 15 Jul 2004, Brett Lymn wrote:
Not really. If your machine is set up to use DNS (that is,
/etc/resolv.conf is there) then, yes, they will use it but at least
Netscape and Mozilla will quite happily run without /etc/resolv.conf,
forwarding everything to the configured proxy.
And mine
On Thu, 15 Jul 2004 [EMAIL PROTECTED] wrote:
Maybe does 'squid -k rotate'' problem in cron, or wrong setting cache_mem 64 ?
I don't know why client can't connect squid service..
Does it work using the squidclient program from the proxy server?
squidclient mgr:
squidclient
On Wed, 23 Jun 2004 [EMAIL PROTECTED] wrote:
2004/06/22 13:00:06| chdir: /usr/local/squid-2.5.STABLE5//var/cache:
(2) No such file or directory
Are the 2 slashes // correct?
Quite normal due to how configure works... and
On Thu, 15 Jul 2004, Herman (ISTD) wrote:
I have located the winbind pipe directory, will try it later for winbind
authentication. However actually what is the function of the pipe ? I
think I cannot find this information on squid FAQ.
It is the communication channel to winbind.
Because NTLM
On Thu, 15 Jul 2004, Sunil S wrote:
May be directory integration.. with a lot of control on users using the
proxy.
With Novell NDS acessible using LDAP Squid integrates very well with NDS
or pretty much any other major directory server out there..
So we chose squid because it was a super
On Wed, 14 Jul 2004, Merton Campbell Crockett wrote:
What are those problems, then ?
Details, error messages e.d...
The detected DEAD parent/sibling messages in the cache log. Squid
records multiple IP addresses for several siblings and the parent in an
array. The [0] element of
On Fri, 16 Jul 2004, Costas Zacharopoulos wrote:
Can I install web polygraph on a slackware machine?
yes.
Regards
Henrik
On Wed, 14 Jul 2004, Kent, Mr. John (Contractor) wrote:
The part I don't understand is the redirection: the page says:
To implement this solution your redirector script must output a URL where the
hostname part of the URL is a keyword which describes a pool of backend servers,
such as
Adam Aube wrote:
José Luis Castañeda wrote:
I have an application that accesses to ports above the 1024 and I have
configured the following thing
acl Safe_ports port 1025-65535 # unregistered ports
http_access deny !Safe_ports
http_access allow CONNECT Safe_ports
In the file acces.log
Thanks Henrik,
I must have missed the detail somewhere. I went from scouring the web, to
picking up the Squid the Definitive Guide, to joining this list, to
searching more, then finally deciding we were better off paying one of the
knowleable consultants out there (listed on squid-cache.org). We
I've spent a few hours on this, and don't get it. Any help would be
appreciated as to why this error is here. (other than the obvious fact that
too few redirector processes are running:))
Below is the cache log, my mostly uncommented squid.conf and the redirector
script I am using.
On a test
On Wed, 14 Jul 2004, Rick Whitley wrote:
I was setting up a proxy server to do the authentication and cacheing,
but have learned from the list that it is not going to behave the way I
expected. Users should only see the initial page once. I seem to be out
in left field as to how to implement
On Mon, 19 Jul 2004, Chris Perreault wrote:
I must have missed the detail somewhere. I went from scouring the web, to
picking up the Squid the Definitive Guide, to joining this list, to
searching more, then finally deciding we were better off paying one of the
knowleable consultants out there
On Mon, 19 Jul 2004, Chris Perreault wrote:
With the below setup, I can use squid (on the test box) and hit 3 back end
webservers in ssl mode, after being ldap auth'd, by basically going to
website.com/site1, website.com/site2, and website.com/site3 with the 3 sites
being 3 different
On Mon, 19 Jul 2004, Chris Perreault wrote:
I must have missed the detail somewhere.
In case someone else is looking for information on how to enable
authentication in Squid-2.X accelerators:
http://www.squid-cache.org/mail-archive/squid-users/199904/0581.html
Henrik Wrote:
Why do you use a redirector in this setup? None is needed. Just use
cache_peer_access to select which server to forward the request to.
You only need a redirector if you need to rewrite the URI while it is
forwarded to the backend server, not for selecting which backend server to
hello list,
i use a Squid 2.5S6, with external_acl_helper: ip_user.
here is the relevant part of config:
external_acl_type SRC_IP %SRC %LOGIN /usr/local/squid/libexec/ip_user_check -f
/usr/local/squid/libexec/ip_user_check.conf
...
acl srcip external SRC_IP
acl password proxy_auth REQUIRED
...
Squid 2.5STABLE5 on a Dual Xeon 2.8 w/ 2 gigs of memory running FreeBSD
4.10-STABLE. The OS is tuned properly for the load, but I still see a
LOT of these errors in the cache.log:
2004/07/19 15:35:36| comm_accept: FD 10: (53) Software caused
connection abort
2004/07/19 15:35:36| httpAccept:
On Mon, 19 Jul 2004, Chris Perreault wrote:
Ie: the user types in:
mysite.com/intranet and ends up at 10.x.y.1/intranet
mysite.com/extranet and ends up at 10.x.y.2/extranet
mysite.com/sales and ends up at 10.x.y.3/sales
Assuming there is a cache_peer for each server
acl url_intranet
Hi,
I have squid 2.5STABLE3 running on fedora core 1 patched. It is
configured as a transparent proxy, using iptables. I use squidGuard for
content filtering and access control.
Up until now, it has been working very well. This morning it will not
start up, and in the log file I get lots of
Have fixed it - the cache.log file was too large, and an strace of the
transient squid process (before its untimely death) indicated that it
was trying to open this file and couldn't coz it was too big.
ta, Gillian
On Tue, 2004-07-20 at 10:30, gillian bennett wrote:
Hi,
I have squid
Sorry, maybe just like to attach the returning header from MSdownload to
Squid:
HTTP/1.1 206 Partial Content..Date: Tue, 20 Jul 2004 01:17:47
GMT..Content-Type: application/x-
msdownload..ETag: 5e79ae08e5cc41:8037..Last-Modified: Sun, 27 Jun 2004
21:36:59 GMT..Accept-R
anges: bytes..Server:
Hi Henrik, no, we are'nt using download manager, but how exactly Microsoft
BIT (Background Intelligent Transfer) optimize the downloading is not clear.
I am currently using the default range_offset_limit 0 KB. Never seems to get
any hit for those
Squid 2.5STABLE5 on a Dual Xeon 2.8 w/ 2 gigs of memory
running FreeBSD
4.10-STABLE. The OS is tuned properly for the load, but I
still see a
LOT of these errors in the cache.log:
2004/07/19 15:35:36| comm_accept: FD 10: (53) Software caused
connection abort
2004/07/19
63 matches
Mail list logo
