2015-02-18 15:22 GMT+02:00 Karl-Philipp Richter rich...@richtercloud.de:
Hi,
I'm quite new to advanced squid configuration and want to enhance my
HTTP cache expensive-bandwidth-cheap-storage setup where I'm mostly
interested in storing large downloads with a refresh_pattern, e.g.
Hi all,
Just wondering if anyone knows: has the squid package on Debian/Ubuntu
become orphaned or is there some other reason that it's still stuck at
3.1.20?
Thanks,
Eli
Hi all,
After digging through the squid-cache website and wiki but not finding
I'm turning to you.
I have been asked to create a new squid machine at work based on
freeBSD, currently FreeBSD ports doesn't have Squid-3.3 yet.
In general how long will Stable squid releases be supported, Squid-3.1
2012/11/2 Markus m.ferlit...@gmail.com:
Ok, I understand but I thought that sslbump realize it so that the encrypted
data from client will be decrypted and it will be encrypted before sending
the request to parent proxy (man-in-the-middle).
This also should word with https, shouldn't?
Can I
Hi,
I set up an adaptation_service_set on a test server and I would like
to see if it's working but I don't seem to be able to trigger use of
the second icap server in the pool by just browsing myself, any ideas
how I can test this conclusively?
Thanks,
Eli
2012/10/5 Amos Jeffries squ...@treenet.co.nz:
On 5/10/2012 4:36 a.m., E.S. Rosenberg wrote:
2012/10/1 Amos Jeffries:
On 01.10.2012 03:39, E.S. Rosenberg wrote:
2012/9/30 Amos Jeffries:
On 30/09/2012 12:43 p.m., Eliezer Croitoru wrote:
On 9/29/2012 9:38 PM, E.S. Rosenberg wrote:
I
2012/10/10 E.S. Rosenberg e...@g.jct.ac.il:
2012/10/5 Amos Jeffries squ...@treenet.co.nz:
On 5/10/2012 4:36 a.m., E.S. Rosenberg wrote:
2012/10/1 Amos Jeffries:
On 01.10.2012 03:39, E.S. Rosenberg wrote:
2012/9/30 Amos Jeffries:
On 30/09/2012 12:43 p.m., Eliezer Croitoru wrote:
On 9
2012/8/29 Amos Jeffries squ...@treenet.co.nz:
On 29.08.2012 13:21, Bambang Sumitra wrote:
Hi All,
Is there any ubuntu source repository for squid version 3.2?
i have found this link
https://launchpad.net/~yadi/+archive/ppa
but its only provide 3.1, and also i found this link
2012/10/4 muno m...@uninet.com.br:
Thanks Amos, but it doesn't work yet.
You need an authentiction test around about here somewhere
(with any ACL tests for non-auth'd visitors above it).
acl authenticated proxy_auth REQUIRED
http_access deny !authenticated
Now I get a Cache Access
2012/9/30 Amos Jeffries squ...@treenet.co.nz:
On 30/09/2012 8:42 a.m., E.S. Rosenberg wrote:
2012/9/29 Eliezer Croitoru elie...@ngtech.co.il:
On 9/27/2012 9:33 PM, E.S. Rosenberg wrote:
After I saw this:
http://squid-web-proxy-cache.1019090.n4.nabble.com/Delay-pool-problem-td4190396.html
2012/9/30 Amos Jeffries squ...@treenet.co.nz:
On 30/09/2012 12:43 p.m., Eliezer Croitoru wrote:
On 9/29/2012 9:38 PM, E.S. Rosenberg wrote:
I have A, B and C with a potential for quite a few more (not
necisarily ISPs but also browsing restrictions or lack thereof).
I guess I over-simplified
2012/9/29 Eliezer Croitoru elie...@ngtech.co.il:
On 9/27/2012 9:33 PM, E.S. Rosenberg wrote:
After I saw this:
http://squid-web-proxy-cache.1019090.n4.nabble.com/Delay-pool-problem-td4190396.html
I tried disabling icap by us and the problem also went away, is there
a way to use ICAP
2012/9/29 David Touzeau da...@touzeau.eu:
After many tests, i have found the right code that did not crash the script.
Issue was in php code not in squid.
while (!feof(STDIN)) {
$url = trim(fgets(STDIN));
if($urlnull){
WLOG($url. str:.strlen($url));
fwrite(STDOUT, OK\n);
}
}
2012/9/28 woitek woj...@dracul.kill.pl:
Hello,
I seem to have quite the same problem, except that it is happening with
Squid-2.7 and -3.2 (I tested the newest version yesterday) on the OpenBSD
operating system.
A couple days ago (over a week ago) users started complaining about
*sometimes*
# TAG: delay_initial_bucket_level (percent, 0-100)
# The initial bucket percentage is used to determine how much is put
# in each bucket when squid starts, is reconfigured, or first notices
# a host accessing it (in class 2 and class 3, individual hosts and
# networks
2012/9/27 E.S. Rosenberg esr+sq...@g.jct.ac.il:
I am experimenting with user based delay pools, I set up the following pool:
delay_pools 1
delay_class 1 4
delay_access 1 allow all
delay_parameters 1 -1/-1 -1/-1 -1/-1 29128/29128
(I realize the limit is very low, I am trying to get
2012/9/27 David Touzeau da...@touzeau.eu:
Dear i would like to know if somebody have encounter this issue with
Samba+squid
I'm using NTLM with Squid and connected Samba to my Active Directory 2008 R2
I mention that squid works perfectly but it seems this is a winbindd issue
or
2012/9/27 t...@raynersw.com t...@raynersw.com:
I don't think Eliezer meant reloading per se as much as my question
which was reloading every 5 minutes.
I reload very frequently as well- not on a timer but triggered by events, and
it can happen as often as every minute. I understand that it's
2012/9/27 Jenny Lee bodycar...@live.com:
Date: Thu, 27 Sep 2012 21:08:12 +0200
From: e...@g.jct.ac.il
To: t...@raynersw.com
CC: squid-users@squid-cache.org
Subject: Re: [squid-users] clarification of delay_initial_bucket_level
2012/9/27
Hi all,
I hope I'm not beating a dead horse with this one, I wrote a script
that regenerates user lists (acls) based on data in the LDAP if there
was a change since last run.
I run the script every 5 minutes, mid semester that should not cause
too many rewrites of acls but at the start of
2012/9/8 Amos Jeffries squ...@treenet.co.nz:
On 7/09/2012 10:53 a.m., E.S. Rosenberg wrote:
Hi all,
We have the following proxy structure at the moment:
Internet --- Squid cache1 --- Squid cache2 --- users
|
ICAP Anti Virus server
The documentation
Hi all,
We have the following proxy structure at the moment:
Internet --- Squid cache1 --- Squid cache2 --- users
|
ICAP Anti Virus server
The documentation of the AV server states clearly that they don't
recommend having a caching proxy behind it because
squid != squidguard afaik.
That said in your previous mail you write that you also have kerberos
configured but you aren't showing all of your auth_param
configuration.
As far as I understood things in the past squid replies to the user
with http/407 - proxy auth required at which point the user
2012/5/23 Diersen, Dustyn [DAS] dustyn.dier...@iowa.gov:
I have squid running with SquidGuard using Active Directory for LDAP
authentication. The problem I am seeing is the use of the AD attribute
sAMAccountName for both userName and computerName. I thought I had a fix by
adding
2012/5/7 Amos Jeffries squ...@treenet.co.nz:
On 06.05.2012 20:37, E.S. Rosenberg wrote:
Ah, so if I understand this correctly I can't do anything with the
usernames on the proxy that runs the external acl but by handing of
the usernames to a parent I can start implementing policies based
2012/5/6 Amos Jeffries squ...@treenet.co.nz:
On 6/05/2012 10:55 a.m., Amos Jeffries wrote:
On 6/05/2012 8:09 a.m., E.S. Rosenberg wrote:
2012/5/3 Eliezer Croitoruelie...@ngtech.co.il:
On 02/05/2012 14:53, E.S. Rosenberg wrote:
2012/5/2 E.S. Rosenberge...@g.jct.ac.il:
Hi,
I just thought
2012/5/3 Eliezer Croitoru elie...@ngtech.co.il:
On 02/05/2012 14:53, E.S. Rosenberg wrote:
2012/5/2 E.S. Rosenberge...@g.jct.ac.il:
Hi,
I just thought I'd share the script I have for the squid side, maybe
someone finds it useful.
I wrote in PHP because I wanted to use prepared statements
2012/5/5 Muhammad Yousuf Khan sir...@gmail.com:
right now i am handling 35 users with a squid having 512 MB ram and
it is on virtual server KVM linux, things are working fine. but for my
career growth i am looking for a good path to continue with squid.
like for example if i move to another
College of Technology Computer Center
by E.S. Rosenberg aka Keeper of the Keys
* 2012/5772
* Released on: 2/May/2012 - 10 Iyar 5772
* License: GNU GPLv2
* Short: external ACL helper for squid that allows associating
usernames in a database with IPs.
* Description:
* This script
2012/5/2 E.S. Rosenberg e...@g.jct.ac.il:
Hi,
I just thought I'd share the script I have for the squid side, maybe
someone finds it useful.
I wrote in PHP because I wanted to use prepared statements and am most
familiar with PDO.
Now my logs have usernames but squid does not allow me
So one thing that is not really clear to me, the external acl script
is running constantly and gets sent arguments on its' stdin or is
the script/program being called every time with the arguments you
define for it
Thanks,
Eli
2012/2/29 Amos Jeffries squ...@treenet.co.nz:
On 29.02.2012
2012/3/2 Yucong Sun (叶雨飞) sunyuc...@gmail.com:
I think what happens is the document seems to be wrong, the kernel
already has TPROXY compiled in , look for /boot/config- and
search for TPROXY, it should says m.
for the iptables rules, you will need to use mangle table, there's no
I'm just wondering if anyone ever wrote a tool to optimize the various
huge lists provided by different people or even self built lists...
What do I mean by optimize?
When the list is of type dstdomain and contains entries:
www.domain.ex
www2.domain.ex
www-dumb.domain.ex
x.www.domain.ex
2012/3/6 Amos Jeffries squ...@treenet.co.nz:
On 06.03.2012 11:42, E.S. Rosenberg wrote:
2012/3/2 Yucong Sun (叶雨飞):
I think what happens is the document seems to be wrong, the kernel
already has TPROXY compiled in , look for /boot/config- and
search for TPROXY, it should says m
2012/2/28 Amos Jeffries squ...@treenet.co.nz:
On 28/02/2012 9:07 p.m., Erwann Pencreach wrote:
Hi all,
here is what I've done in squid.conf :
external_acl_type loggeduser children=15 %DST %SRC
/etc/squid3/squid.d/loggeduser_acl.sh
acl isok external loggeduser
http_access allow isok
If
As far as I always understood from the docs (but I may be wrong) any
domain listed in a dstdomain list will also cover the IP associated
with the domain IF the IP has that domain related to it when you do a
reverse lookup on the IP.
So for most big websites/domains that will usually work but small
Hi all,
I would like to create a small external acl program for use in our
organization and I was wondering are there any code examples of
existing external acls in the public domain?
I have tried searching a bit but other than the spec I haven't really
found a lot.
The most promising bit I found
2012/2/27 Eliezer Croitoru elie...@ec.hadorhabaac.com:
On 27/02/2012 14:49, E.S. Rosenberg wrote:
Hi all,
I would like to create a small external acl program for use in our
organization and I was wondering are there any code examples of
existing external acls in the public domain?
I have
Yes, before you deny access to non-authenticated users have a rule
allowing access to certain websites regardless of authentication
status, this is also useful for updates that are being run by (local)
system users [which as a result lack ntlm tickets].
HTH,
Eli
2012/2/19 Matteo Cazzador
Hi,
For our windows computers we run a mostly AD environment except for
one faculty that is using Novell NetWare, for all other locations we
have switched to NTLM authentication (and are hoping to 'upgrade' that
to krb5 soon), non domain computers can also work in this setup just
that they are
With https the client is first trying to establish a secure connection
and that is failing, with normal http the client tries to connect and
gets an errorpage back instead
2012/2/19 Matteo Cazzador mcazza...@gmail.com:
Hello i've a strange problem on my linux gentoo server (squid 3.1.16 +
2012/2/16 Luis Daniel Lucio Quiroz luis.daniel.lu...@gmail.com:
Comments, behind...
Le 12 janvier 2012 06:53, E.S. Rosenberg e...@g.jct.ac.il a écrit :
2012/1/11 jeffrey j donovan dono...@beth.k12.pa.us:
On Jan 10, 2012, at 7:45 AM, E.S. Rosenberg wrote:
Hi,
We run a setup where our users
complicated, but maybe I can actually ask a
station in a problematic location to be moved to the ISP vlan and then
see how it behaves
Thanks,
Eli
Regards
Eliezer
On 17/02/2012 01:11, E.S. Rosenberg wrote:
2012/2/16 Luis Daniel Lucio Quirozluis.daniel.lu...@gmail.com:
Comments, behind
Hi all,
I'm a bit puzzled by some logs at the moment:
Last night we had a situation that caused one of our proxies to fill
up it's logging disk, squid went down (as expected), but in syslog it
looks like the squid parent is stil going and trying to create new
children to handle requests:
Jan 24
2012/1/11 jeffrey j donovan dono...@beth.k12.pa.us:
On Jan 10, 2012, at 7:45 AM, E.S. Rosenberg wrote:
Hi,
We run a setup where our users are passing through 0-2 proxies before
reaching the Internet:
- https 0
- http transparent 1 (soon also 2)
- http authenticated 2
Lately we
Hi,
We run a setup where our users are passing through 0-2 proxies before
reaching the Internet:
- https 0
- http transparent 1 (soon also 2)
- http authenticated 2
Lately we are experiencing some (extreme) slowness even-though the
load on the line is only about half the available bandwidth, we
2011/12/20 Henrik Nordström hen...@henriknordstrom.net
mån 2011-12-19 klockan 18:35 +0200 skrev E.S. Rosenberg:
Hi all,
We have a Cisco WLC controlling our local wireless network, I would
like it for squid to know which user is associated with the IP of the
wireless client, so that I can
Hi all,
We have a Cisco WLC controlling our local wireless network, I would
like it for squid to know which user is associated with the IP of the
wireless client, so that I can implement user based
restrictions/freedoms for our wireless network as well.
So far my searches haven't turned up
2011/12/19 Terry Dobbs tdo...@associatedbrands.com:
Hi All.
I just installed squid3 after running squid2.5 for a number of years. I
find after reloading squid3 and trying to access the internet on a proxy
client it takes about 2 minutes until pages load. For example, if I
reload squid3 and
Hi all,
While searching for a way to integrate squid with our apt-cacher in a
nice way I came across an article suggesting jesred, it looks very
interesting and I was wondering:
1. what are other peoples experiences with this redirector/url rewriter.
2. has anyone made a list of useful jesred
Firefox on windows machines that are not in the domain by us only
worked properly when we switched it to using it's own NTLM
implementation instead of the native one, this is done by setting
network.auth.force-generic-ntlm to true
I am no big NTLM/AD guru (my field is the linux/unix machines in
2011/10/19 Luis Daniel Lucio Quiroz luis.daniel.lu...@gmail.com:
2011/10/18 E.S. Rosenberg esr+sq...@g.jct.ac.il:
Hi all,
We currently have a setup with proxies that use NTLM authentication
(we hope to upgrade to kerberos in the future) and based on the
username send the user to one
2011/10/19 Amos Jeffries squ...@treenet.co.nz:
On Tue, 18 Oct 2011 13:53:18 +0200, E.S. Rosenberg wrote:
Hi all,
We currently have a setup with proxies that use NTLM authentication
(we hope to upgrade to kerberos in the future) and based on the
username send the user to one of several parent
2011/10/20 Ed W li...@wildgooses.com:
On 20/10/2011 18:11, E.S. Rosenberg wrote:
On the whole I just need the backend to know the username, or what
'browsing plan' the session is using, sometimes plans are also
determined based on src IP (ie. certain stations aren't allowed to
browse
Hi all,
We currently have a setup with proxies that use NTLM authentication
(we hope to upgrade to kerberos in the future) and based on the
username send the user to one of several parent proxies, to improve
caching we would like to instead route all traffic through one proxy
that is heavily
Hi,
We are running squid 3.1 with NTLM authentication and I would like it
if access.log were not logging the HTTP/407 responses sent by squid to
the browser on every single request.
Ideally the logging of the 407 would be something I turn on when I
want to know if a client is failing due to auth
Chillispot is/was kind of dead last time I checked but the project was
forked/continued by others:
http://coova.org/CoovaChilli/
Regards and good luck,
Eli
2011/7/21 Hasanen AL-Bana hasa...@gmail.com:
Try Chillispot , although it is old.
On Thu, Jul 21, 2011 at 8:26 PM, Mr Crack
Have a look at the dstdomain acl type, it is highly recommended to
only use regexes where you really need them.
http://wiki.squid-cache.org/SquidFaq/SquidAcl
Regards,
Eli
2011/7/18 a bv vbavbal...@gmail.com:
Hi,
I would like to block hotmail.com and some other web mail sites at
squid and im
Hi,
We recently switched to an NTLM based setup and tehre is one quite
annoying fluke for users that are not in the domain, when they open
their browser they get multiple auth requests.
This is probably because the browser issues multiple requests and
therefor gets multiple 407s back from squid,
2011/6/28 Amos Jeffries squ...@treenet.co.nz
On 28/06/11 23:23, E.S. Rosenberg wrote:
Hi,
We recently switched to an NTLM based setup and tehre is one quite
annoying fluke for users that are not in the domain, when they open
their browser they get multiple auth requests.
Well. Yes
Hi all,
Is there any way to see if the amount of authenticator child-processes
are being depleted (and therefor the children parameter should be
raised) slowing the proxy down or is it only possible to play with the
setting and through trial establish what setting works smoothest?
Thanks and
Hi,
Is dst easier/faster for squid then dstdomain to handle?
I'm asking this because I see a lot of the pre-made black/white lists
seem to be of the dst type while it seems to me that dstdomain is more
effective and easier to manage since you don't need to add an entry
for every single host on a
2011/6/3 Amos Jeffries squ...@treenet.co.nz:
On 02/06/11 23:10, E.S. Rosenberg wrote:
Hi all,
Does having different maximum sizes for objects in memory and objects
saved on the disk cache have a negative influence on performance or is
using squid that way good/recommended?
Only indirectly
Hi all,
Does having different maximum sizes for objects in memory and objects
saved on the disk cache have a negative influence on performance or is
using squid that way good/recommended?
The default squid.conf sets both to 4MB, but I'd like to also cache
larger objects (like smaller youtube
If you want them to have a direct connection to the internet you could
use always_direct (or never_direct) (which also exists in squid 2.x).
Something like this:
acl servers src [ips/fqdns]
acl direct_sites {dst|dstdomain} {ips/fqdns|fqdns/domains}
always_direct allow servers direct_sites
Hi,
I set up a authenticating proxy, and based on the username I want to
change properties of the connection.
According to the documentation the proxy_auth type acl is slow because
it relies on external helpers, no my question is is it slow only the
first instance that squid meets it (ie. when
2011/5/30 Amos Jeffries squ...@treenet.co.nz:
On Sun, 29 May 2011 22:46:10 +0300, E.S. Rosenberg wrote:
2011/5/29 Amos Jeffries squ...@treenet.co.nz:
On 29/05/11 23:29, E.S. Rosenberg wrote:
Hi all,
We would like to create a few cutom errors and have them exist in the
most common
Hi all,
We would like to create a few cutom errors and have them exist in the
most common languages on our campus, I added the custom page to the
templates folder, and I added a custom page to one of the languages,
however when I browse with auto negotiate set to the language I still
just get the
2011/5/29 Amos Jeffries squ...@treenet.co.nz:
On 29/05/11 23:29, E.S. Rosenberg wrote:
Hi all,
We would like to create a few cutom errors and have them exist in the
most common languages on our campus, I added the custom page to the
templates folder, and I added a custom page to one
2011/5/26 Amos Jeffries squ...@treenet.co.nz:
On Thu, 26 May 2011 00:27:16 +0300, E.S. Rosenberg wrote:
Hi all,
I was wondering if in the the official version of squid 3.1 it would
be possible to change body to body id=%c in the errorpages.
Of course on a technical level it is possible
2011/5/26 Amos Jeffries squ...@treenet.co.nz:
On 26/05/11 21:14, E.S. Rosenberg wrote:
2011/5/26 Amos Jeffriessqu...@treenet.co.nz:
On Thu, 26 May 2011 00:27:16 +0300, E.S. Rosenberg wrote:
Hi all,
I was wondering if in the the official version of squid 3.1 it would
be possible
Hi all,
I was wondering if in the the official version of squid 3.1 it would
be possible to change body to body id=%c in the errorpages.
Of course on a technical level it is possible and I have already
implemented this locally by us, so what is my reasoning?
Very simple, in our organization we
expressions and hosts) that blocks most of the ads out there.
Regards,
E.S. Rosenberg
to hear what you think of them.
Thanks for your time.
Regards,
E.S. Rosenberg
Hi,
Currently I am writing a website which will be capable of managing a
whitelist for squid, it is almost finished and uses php/mysql and ldap
for authentication.
When I put it online I will notify anyone who is interested, a preview
can be seen on http://cc.jct.ac.il/~elyahyu/projects/odp/
75 matches
Mail list logo