fre 2014-11-28 klockan 10:28 + skrev Stephen Baynes:
Is WCCP supposed to work with Squid multiple workers?
In theory it should work.. but not sure it has been adapted for
multi-worker.
It works with 1 worker. If we change the number of workers from 1 to 2
we see it fail. The router no
tor 2014-11-27 klockan 01:59 -0800 skrev navari.lore...@gmail.com:
Consider using less REs ... is not possible.
if there is no other solution
i will break the files in many files with less then 100 entries.
Probably will have the same problem with black list.
How many REs do you need in
,
with various bits and pieces borrowed from the Apache Foundation and
other well-run open source non-profits. You can find our bylaws and
other documents at
http://www.squid-cache.org/Foundation/archive/
The Foundation is currently being run by three volunteers: Henrik
Nordstrom, Amos Jeffries
lör 2010-03-27 klockan 10:43 +0200 skrev Mr. Issa(*):
Dear mates, I hope you enjoy your weekend... :)
I did compile/install Squid2.7Stable9 and i noticed something
/dev/sdc1 1.8T 355G 1.4T 21% /cache1
/dev/sdd1 1.8T 352G 1.4T 21% /cache2
the /cache1 cache2
fre 2010-04-02 klockan 20:30 +0100 skrev a...@gmail:
My http_port settings are
Nothing obviously odd there, except that you should not need the 3128
port.
So keep a close eye on access.log of both Squid and your web server when
seeing the problem.
I have this in my cache.log but I don't know
fre 2010-04-02 klockan 19:00 -0300 skrev Marcus Kool:
I use this Squid at home and it lightly used so maybe it does have
the same FDs allocated after a restart...
Seems not. So we have to wait until you see the problem again to match
up with cachemgr filedescriptor page.
Regards
Henrik
fre 2010-04-02 klockan 17:57 -0500 skrev Johnson, S:
Ok, I see what you mean.
Yes, I tried the https://www.openssl.org and it worked a-ok but it's still
not showing in my squid log.
using wget or your browser?
Is your browser configured to use the proxy?
Regards
Henrik
lör 2010-04-03 klockan 17:10 +0200 skrev Krist van Besien:
This worked before I enabled https on both sides of the link. But
without https the password that the local proxy uses to authenticate
to the remote proxy gets send in the clear, which I don't want.
Therefore I configured ssl.
With
tis 2010-03-30 klockan 09:07 -0300 skrev Leonardo Carneiro - Veltrac:
I keep hearding that squid 3.0 is no speed demon, but the new squid
3.1.1 is said to be much faster. Have anyone benchmarked the 3.1.1
against the 2.7?
Not sure there has been any recent benchmarks, but 3.1 is no expected
mån 2010-03-29 klockan 05:46 -0700 skrev Ricardo Newbery:
I get the following error when trying to build 2.7.STABLE9 on OSX
10.5.8. Any suggestions?
your error seem similar to an error we have been seeing with 3.0 in the
built test farm, where it seems that some OS:es have trouble with that
sön 2010-03-28 klockan 21:14 +0900 skrev Mikio Kishi:
Hi, Amos
I'm sorry in the old topic.
In this case, I'd also like to use authentication.
You can't on intercepted request. Does not matter by which method you
intercept the requests.
For authentication the browser MUST be configured to
sön 2010-03-28 klockan 08:49 +1000 skrev HC Barfield:
forgot to say that my cache manager had THREE fields instead of the four
fields that you have. cache server was just a drop down box where i could
only select 'localhost' there was no Port text box, and i had manager name
and password.
sön 2010-03-14 klockan 19:34 +0530 skrev jayesh chavan:
Hi,
I have to use redirect program only as it is requirement of my
project.So please tell me how should be request forwarded to apache
using redirect program only.It is giving error that access is not
allowed.
What does your
fre 2010-03-12 klockan 14:28 -0800 skrev Maykeen:
I want to know, if squid is able to survive if it suddenly loses access to
its cache directories, for example, stop caching requests and just serving
as a proxy. Is there a way to do this, instead of squid termintaing when
this happens?
Squid
fre 2010-03-12 klockan 18:37 -0500 skrev seph:
acl app_webservices dstdom_regex -i ^host.example.com$
acl app_webservices dst 10.1.0.0/23
You need to split this in two acls and combine them in http_access.
Regards
Henrik
lör 2010-03-13 klockan 09:12 +0530 skrev jayesh chavan:
Hi,
I want to direct all my squid cache miss to my local web-server
apache.How to configure squid for that purpose?
What do you mean?
Do you want Squid to use your Apache server as a parent, fetching all
cache misses from it?
Or do
lör 2010-03-13 klockan 21:34 +0530 skrev jayesh chavan:
Hi,
No,I want to store some paticular static web pages in apache which
can be delivered upon request for that web page.so apache can be used
as peer to squid to deliver such pages.
See cache_peer + never_direct + cache_peer_access
lör 2010-03-13 klockan 17:30 +0100 skrev Eric:
I'm using Squid v. 2.7.STABLE7 in an ipcop server (v.1.4.21). I'm facing
problem with http upload through squid.
I often get 2 error's messages when i try to upload a file on my website
using an amazing upload script (OpenUpload) :
What is
fre 2010-03-12 klockan 16:25 +0100 skrev Riccardo Castellani:
If I understood, Squid search 'host' header in the client request but if
client fails to send this header, Squid assumes the domain specified by
defaultsite.
correct
But when client fails to send 'host' header ? And if I delete
fre 2010-03-12 klockan 11:48 + skrev GIGO .:
I want a way that any requests for my local web servers located in
(10.0.0.0/8) does not go to internet so proxy should bypass them
otherwise to use my local web servers i have to do the settings in all
the web browsers that dont use squid
fre 2010-03-12 klockan 14:32 +0100 skrev Guillaume 4:
Hi there,
Can't figure out something that looks easy.
I'd like the squid to preserve client ip address. Is there an easy way to do
that?
Squid does in the form of the X-Forwarded-For header.
But I guess you are looking for this:
fre 2010-03-12 klockan 16:27 +0100 skrev Dieter Bloms:
Hi,
on the side http://squid.sourceforge.net/follow_xff/
there is a patch to follow the X-Forwarded-For ips.
It is generated against the squid3 devel (I think 3.1) and doesn't
apply to the squid3.0.STABLE24 source.
I don't think
fre 2010-03-12 klockan 15:33 + skrev GIGO .:
if squid is by default using the local time?
Squid by default is using the OS configured timezone in acl matching,
but UTC in error messages etc.
Regards
Henrik
fre 2010-03-12 klockan 23:36 +0800 skrev dave jones:
My question is I want to offline browse the index.html of foo.com,
but there are many http://us.rd.foo.com/referurl/news/index/realtime/*;
in index.html, would anyone tell me how do I solve that referer url to direct
the correct one, like
fre 2010-03-12 klockan 16:46 +0100 skrev Riccardo Castellani:
What means 'temporary disabling (Not Found) digest from HOSTXXX' ?
That your Squid is configured with digest based peering, but that peer
did not provide a digest object on request..
How can I fix it ?
If the peer do not support
tor 2010-03-11 klockan 11:42 +1300 skrev Amos Jeffries:
His trace earlier showed squid receiving the whole list of and A,
then running through them in the proper order marking each bad as it went.
Reporting error after the last IPv4 had been tried.
Are you sure?
while there was lots of
tor 2010-03-11 klockan 02:18 +0100 skrev Henrik Nordstrom:
tor 2010-03-11 klockan 11:42 +1300 skrev Amos Jeffries:
His trace earlier showed squid receiving the whole list of and A,
then running through them in the proper order marking each bad as it went.
Reporting error after
mån 2010-03-08 klockan 11:47 + skrev GIGO .:
In our setup ISA is being used as parent peer. The problem is that clients
cannot browse https Sites.(All http/ftp sites works fine)
You need
never_direct allow all
Without that Squid will attempt to go direct when using a parent do not
make
mån 2010-03-08 klockan 19:56 +0800 skrev Dong-Yuan Shih:
when i start my squid proxy
the traffic is via ppp0 to internet
but url filter rule is notworking !
Is there anything in access.log?
Regards
Henrik
sön 2010-03-07 klockan 10:02 +0530 skrev jayesh chavan:
Hi,
I am installing a squid proxy on a windows machine which has
parent proxy at 192.168.7.253.My ip address is 192.168.7.232.My prixy
listens on port 8080 and parent proxy listens on port 3128.But its not
working.Below are all
fre 2010-03-05 klockan 18:26 -0600 skrev Luis Daniel Lucio Quiroz:
Wow,
Thanx, just few questions
will be a patch for 3.0 and 3.1? I see only for 3.2.HEAD
In some time both will appear in the supported squid releases.
About this:
lör 2010-03-06 klockan 12:23 +0100 skrev Henrik Nordstrom:
fre 2010-03-05 klockan 18:26 -0600 skrev Luis Daniel Lucio Quiroz:
Wow,
Thanx, just few questions
will be a patch for 3.0 and 3.1? I see only for 3.2.HEAD
In some time both will appear in the supported squid releases
lör 2010-03-06 klockan 14:46 +0100 skrev David Touzeau:
my goal is the ICAP server is an antivirus but send Big Files to ICAP
server will reduce dramatically performances.
These ACL are used to deny SQUID to send some files to the ICAP server
antivirus.
Unfortunately this is not currently
tor 2010-03-04 klockan 12:25 +1100 skrev Michael Bowe:
I think you have the hash stuff wrong, isn't service 80 meant to be
src_ip_hash and service 90 meant to be dst_ip_hash?
no, 80 is usually the normal www service interception, which is a
dst_ip_hash.
but it doesn't matter very much as long
tor 2010-03-04 klockan 12:50 +0100 skrev Riccardo Castellani:
I'm using Squid both as http proxy and as http accelerator on different port
but I got this message in cache.log:
Failed to select source for 'http://pag kista.do?codCentro=50311'
2010/03/04 12:41:04| always_direct = 0
ons 2010-03-03 klockan 07:37 -0600 skrev Luis Daniel Lucio Quiroz:
Yes I did
that's why i realize of that, i did tcpdump -s0 -X so I'm pretty sure I got
whole packet.
And it's not the preview, waiting for a 100-continue from the icap
server?
Is there a Preview: header in the ICAP header?
ons 2010-03-03 klockan 11:27 + skrev Nick Cairncross:
Henrik,
Thanks for the pointers - I have added the missing dependencies. Now I
receive the following. The results of ./configure are at the bottom of the
email also. I must be missing some other dependencies?
Seem to be missing
ons 2010-03-03 klockan 13:09 +0100 skrev Jaap Cammeraat:
Hi,
I'm using squid-3.0.STABLE20
And running squidGuard 1.4
When I do a test in my shell I get the answer I want:
sh-3.2# echo http://playboy.com 127.0.0.1/ - - GET |
/usr/local/squidGuard/bin/squidGuard -c
ons 2010-03-03 klockan 21:37 +0100 skrev Thomas Klein:
squid is caching the result of the query in any way (or another
component, that did the query perhaps?), because if i remove a user from
all groups, the access is still possible through squid.
Groups are cached in many places
a) Squid.
ons 2010-03-03 klockan 09:54 -0500 skrev Rick Coloccia:
I've added these things to squid.conf:
acl dontlog url_regex -i
^http://dont.log.this.com/components/com_livechat/sync.php
cache_access_log /var/log/squid/access.log squid !dontlog
cache_access_log none dontlog
should be
access_log
tis 2010-03-02 klockan 16:36 +0100 skrev Taco Walstra:
auth_param basic program /usr/sbin/squid_db_auth --user bla --password
bla --plaintext --persist
with additional lines as described on the website, but I only get access
denied as reply.
What additional lines did you add? ANd where?
tis 2010-03-02 klockan 17:34 + skrev Nick Cairncross:
It seems to be complaining about krb5.h.. it doesn't appear on my server
though I am successfully using Kerberos (configured using Samba).
You need the kerberos development libraries headers installed. Not
needed for using Kerberos
tis 2010-03-02 klockan 00:45 -0800 skrev akinf:
have implemnted a icap server, and configured squid to forward request to
this server.
Everything works fine but, Squid opens too much icap connections and exhaust
my filedescriptors.
How many?
Is those connections all idle and Squid
mån 2010-03-01 klockan 19:03 -0600 skrev Luis Daniel Lucio Quiroz:
as we have a squid with ICAP we have a requirement to save all data sent. We
have a ICAP that does that, how ever when logging we can see
POST url
headers
but we dont see data that is sent by post, are we missing
ons 2010-02-17 klockan 21:40 -0800 skrev Tory M Blue:
And sorry sleeping was just my way of citing the box shows no load,
almost no IO 4-5 when I'm hitting it hard. I do not see this issue
with lesser threads, it's only when I turn up the juice. But with
turning up the connections per second
ons 2010-02-17 klockan 22:40 -0700 skrev Alex Rousskov:
On 02/16/2010 12:54 PM, Andres Salazar wrote:
Hello,
Iam still having issues with SSLBump .. apparently iam now getting
this error when I visit an https site with my browser explicity
configured to use the https_port .
tor 2010-02-11 klockan 10:39 +0100 skrev David C. Heitmann:
how can i connect throw the proxy with msn live messenger 2009 ?
What does access.log say?
REgards
Henrik
tor 2010-02-18 klockan 09:43 +0100 skrev Edgardo Ghibaudo:
If I disable the proxy SQUID (using IE6 or Firefox 3.5.7 with SSL
certication) the connection is very fast.
Using the proxy the connection is VERY slow ... and the log file reports
error 503
In the configuration file I don't have
ons 2010-02-17 klockan 11:09 +1300 skrev Amos Jeffries:
* authenticate_ttl - how often a user is questioned for their
credentials. To verify that the machine still is the same user.
No it's not. The client is always required to provide valid credentials,
even if they just did 0.002 seconds
None known short of not using authentication.
It's an internal error in the authentication subsystem. Full scope of
the error is not yet known, but it it suspected to affect all
authentication schemes or alternatively there is two bugs (one common,
one unique to digest)
Regards
Henrik
ons
fre 2009-11-27 klockan 09:08 -0600 skrev Jason Hodges:
The Web Content Provider that serves ringtones, games, etc to our
subscribers requires that we have an http header inserted as the users
surf their site. The header is x-msisdn. The value should be the
subscriber's phone number (mdn).
tor 2009-11-26 klockan 13:45 -0800 skrev Quin Guin:
Core was generated by `(squid)'.
Program terminated with signal 6, Aborted.
Your squid aborted with an internal error. cache.log SHOULD contain more
information on what the error was.
Regards
Henrik
fre 2009-11-27 klockan 16:34 +0300 skrev fedorischev:
I find that our Squid 3.0 STABLE16 using 80-90% CPU while serving clients,
who
using CONNECT method to downloading big files. In any case, standard HTTP
GET/POST didn't cause the same effect. Any suggestions ?
Odd..
can you set up a
tor 2009-11-26 klockan 22:55 +0100 skrev Sébastien WENSKE:
Is it something special to do, on the squid box?
You need to tell Squid that the backend web server is trusted with login
credentials (login=PASS argument to cache_peer)
Regards
Henrik
ons 2009-11-25 klockan 18:01 +0300 skrev fedorischev:
This behavior is typical for one client - he is always downloading something
from file sharing services e.g. rapidshare etc. In this example FDs
23,38,57,67 are occupied by him. I think (correct me if not right), that
loading is
ons 2009-11-25 klockan 05:51 -0800 skrev Landy Landy:
I also checked netstat -nat and noticed a lot about 1200 of ESTABLISHED
connections from one ip address.
I called this person and told me no one was using that machine.
echo 1 /proc/sys/net/ipv4/tcp_syncookies
Is this a virus?
ons 2009-11-25 klockan 23:20 +0800 skrev Ryan Chan:
Hi,
On Mon, Nov 23, 2009 at 9:59 AM, Henrik Nordstrom
hen...@henriknordstrom.net wrote:
sön 2009-11-22 klockan 21:57 +0800 skrev Ryan Chan:
See read_ahead_gap
..New directive to set the response buffer size.
Seems it is used
tis 2009-11-24 klockan 15:06 +1100 skrev Robert Collins:
http://www.netbsd.org/docs/kernel/vfork.html has some interesting notes
from the BSD world about this.
vfork is fundamentally broken.
there is other alternatives coming, getting around the virtual memory
issue when starting new
ons 2009-11-25 klockan 09:07 +1100 skrev Robert Collins:
On Tue, 2009-11-24 at 13:45 +0100, Henrik Nordstrom wrote:
tis 2009-11-24 klockan 15:06 +1100 skrev Robert Collins:
http://www.netbsd.org/docs/kernel/vfork.html has some interesting notes
from the BSD world about this.
vfork
tis 2009-11-24 klockan 11:09 -0200 skrev Marcus Kool:
vfork will probably help but has side effects and I don't know
if the Squid code is suitable for vfork.
It's not. Not even suitable for posix_spawn in it's current form but
easier to adopt for that than vfork.
Regards
Henrik
ons 2009-11-25 klockan 00:52 -0200 skrev Marcus Kool:
Therefore I have just a silly question:
can we modify Squid to fork at a slower pace?
It would be interesting to see if a 0.2 second gap
between each fork gives the system a enough
http://www.squid-cache.org/Doc/config/sleep_after_fork/
sön 2009-11-22 klockan 21:32 -0500 skrev Riley E. Chandler:
I need to do a LDAP search for username based on source IP, I would
prefer to have Squid put it in the access.log. My other option is to
generate my own log file based off the access.log and to include the
LDAP info separately.
I am still trying to find time to look in more detail at this and
another digest auth issue in Squid-3. But my spare time available for
Squid has been somewhat short lately.
Regards
Henrik
mån 2009-11-23 klockan 11:14 +0530 skrev sankar m:
Dear Sir/Madam,
Please let me know the status of
/74.125.45.17 text/html
As you can see, it has: client's IP, URL, username and server IP.
I hope this helps,
Ildefonso Camargo
On Tue, Nov 24, 2009 at 5:06 AM, Henrik Nordstrom
hen...@henriknordstrom.net wrote:
sön 2009-11-22 klockan 21:32 -0500 skrev Riley E. Chandler:
I need to do a LDAP
mån 2009-11-23 klockan 15:34 +0100 skrev Sébastien WENSKE:
Sorry I've make a mistake, the url to get the original picture is
http://gallery.wenske.fr/wallpapers/holland_dream_2560x1600.jpg.html?zp=full-image
This will force the download of the picture.
That's a very very cache-unfriendly
mån 2009-11-23 klockan 17:41 +0100 skrev Sébastien WENSKE:
In my previous mail I explained that I'm using a squid reverse proxy
with high bandwidth to cache my apache at home. There are connected by
VPN, and I would know if it is possible to get original IP in my
apache logs.
Yes. You need
tis 2009-11-24 klockan 00:36 +0100 skrev Sébastien WENSKE:
Thanks both,
I will check the code and try to fix or remove these headers.
Whit witch bin do you get this below information? Squidclient?
squidclient is one way:
squidclient -m HEAD
mån 2009-11-23 klockan 19:30 -0500 skrev rchand...@ntelos.net:
The LDAP server is also a Radius server that does Auth for all
services. The time zones are different and our ips are pooled so we
get a lot of false positives when we corelate the log files. The LDAP
database stores the
sön 2009-11-22 klockan 14:44 -0500 skrev Brian Mearns:
I'm using squid as a reverse proxy for both secure and non-secure
connections to an origin server with several name-based vhosts. Is
there anyway to have squid present a different certificate (to
clients) depending on which host the client
sön 2009-11-22 klockan 21:57 +0800 skrev Ryan Chan:
Hello,
People said Squid can be used to handle slow HTTP client, right?
http://jeremy.zawodny.com/blog/archives/008496.html
Then, what parameters / settings are suggested? Seems difficult to
find a suitable one.
See read_ahead_gap
sön 2009-11-22 klockan 07:50 -0500 skrev Linda Messerschmidt:
In all cases, the steady state memory usage of squid at most times
is about double each machine's cache_mem setting.
What is your average object size?
The amount of metadata kept per cache_mem object is pretty large and not
fre 2009-11-20 klockan 12:35 -0700 skrev Gerardo Valdez Andrade:
there is support for RTSP protocol on Squid 2.6 STABLE14?
Squid is an HTTP proxy, so no.
You need either NAT with RTSP support or an RTSP proxy for
RTSP, if no direct connection is possible.
RTSP tunneled over HTTP works via
fre 2009-11-20 klockan 18:26 +1100 skrev Tim Bates:
Here's a question: Would Reply-To being set prevent people who post
getting a flood of user not found bounces back?
No.
If anything it may cause those bounces to hit the list instead.
When I posted my thoughts earlier, I got about 6
fre 2009-11-20 klockan 09:34 -0500 skrev Brian Mearns:
accidentally send it to the whole list. Clearly, there has been
significant debate over this.
It has, it's a very long discussion (30 years?)
My opinion:
All the tools are there, make use of them. If your mail client do not
support
tor 2009-11-19 klockan 13:21 +0800 skrev yaoxing zhang:
Hello everyone,
I'm using squid 3.0 stable 16 as a accelerator for my IIS 7.0 server.
And I find that squid does not enable gzip for compressing, which
increases a lot of internet traffic. I can't find any option with which
I can
tor 2009-11-19 klockan 17:03 +0800 skrev yaoxing zhang:
Sorry I'm not very clear about this. Do you mean Squid drops the request
from client, then generate another different request, which contains no
Accept-Encoding header, and send this request to IIS. As a result
response from IIS is not
fre 2009-11-13 klockan 11:44 -0500 skrev Brian Mearns:
Would it be possible for the admins of this mailing list to setup the
Reply-to header so hitting reply goes back to the mailing list? I
don't know how many times I've sent responses directly back to the
sender because I just started typing
mån 2009-11-16 klockan 10:21 +1100 skrev Howard Cock:
The problem we have is that this site often fails to load via our
squid proxies, clicking on links on the front page – specifically
different “answers” – one can wait a long time for a response. The
site does load fine if going direct.
tis 2009-11-10 klockan 22:06 -0400 skrev Gerson fserve Barreiros:
I want to block any file on the external network (internet) with
size bigger then 512 MB and do not block that for internal network.
tried that way:
acl internal_network dstdomain xxx.xxx.xxx.xxx
reply_body_max_size 512 MB
ons 2009-11-11 klockan 09:35 -0500 skrev Nick Duda:
I fixed it, and its working, but I have one issue. It's always using
the cert associated with the https_port directive, even when I get a
match on the correct cache peer using another cert.
That's right.
SSL can only support one cert per
sön 2009-11-08 klockan 19:23 -0800 skrev Kurt Buff:
Thanks for looking at it, and if you have any more thoughts, I'd love
to hear them.
Have you tried browsing from the proxy server but without using Squid?
Regards
Henrik
tis 2009-11-10 klockan 07:01 -0800 skrev Kurt Buff:
I'm going to try that this evening. I'll post the results back here.
It took a bit of convincing to get approval to open the firewall for
browsing without the proxy.
Browsing on the proxy without using the proxy is the same as going via
the
tis 2009-11-10 klockan 14:01 -0800 skrev Kurt Buff:
Browsing on the proxy without using the proxy is the same as going via
the proxy in terms of networking..
Yes.
But currently all users on the network are forced through squid to
browse the web.
Which is relevant to the case of
tis 2009-11-03 klockan 17:25 +1300 skrev Amos Jeffries:
MIB numbering should never change. Old numbers may cease to exists when
their data sources go away and new number appear as new info gets
published, but existing numbering should not change...
Converting IPv4 address fields to
sön 2009-11-01 klockan 11:41 +0700 skrev เทพประทีปคร้าบบบ:
Hi all,
i use squid 3.0.STABLE19, i configured to keep log by syslog to
centralized log server, but squid always generates 2 lines of syslog,
one has squid message, but the other has only header no message body
like this
This is a
ons 2009-10-28 klockan 08:36 -0400 skrev Brian J. Murrell:
It would be nice to have SNMP counters that tracked cache hits and
misses in terms of the number of bytes. This would allow me to see
effective my proxy was at avoiding network traffic.
There is, kind of.
SavedBandwidth =
tis 2009-10-27 klockan 15:00 +1100 skrev Gerard Saunders:
I have a strange issue where one website in particular is typically never
being fully downloaded when accessing it via our squid proxy.
It doesn't matter which browser is used, and the behaviour can be simulated
using squidclient.
ons 2009-10-21 klockan 09:46 -0200 skrev Mariel Sebedio:
In this server I have a
# cat /proc/sys/net/ipv4/netfilter/ip_conntrack_count
2086
and ip_conntrack_max?
Regards
Henrik
ons 2009-11-04 klockan 18:25 +0100 skrev NOGUES Jean-Marc (EURIWARE):
Hi,
I say usually normal, because the client software should be aware of
that requirement and send the auth for as many requests as needed in the
session.
Sniffing between Squid and clients shows that clients
tis 2009-11-03 klockan 21:41 -0500 skrev Brian Mearns:
Well, I found a solution, though I'm not sure it's the correct way to
do it. In addition to adding a separate cache_peer the uses SSL and
connects on port 443, I also set up cache_peer_access rules that only
allow each cache_peer to be
ons 2009-11-04 klockan 09:59 -0200 skrev Marcus Kool:
A URL filter is definitely a good option and a doomed success.
Sorry if you got the impression that I think URL filters are a bad idea.
I do not. Just that implementing URL filters alone without also having a
policy of use is troublesome and
ons 2009-11-04 klockan 12:43 +0100 skrev Serge Fonville:
I was trying to build squid on x64 Windows.
Unfortunately I get tons of build errors.
Does anyone have experience with succesfully building Squid on x64 Windows?
I am not sure anyone have attempted a 64-bit windows build yet.
It's
tis 2009-11-03 klockan 09:55 + skrev Adam Binks:
external_acl_type session ttl=0 negative_ttl=0 children=10 concurrency=200
%SRC /usr/local/squid/libexec/squid_session -t 30
I assume the %SRC variable in the above string is what the session is based
on.
Is there away to add some
tis 2009-11-03 klockan 13:12 + skrev Adam Binks:
Ok... so would it be possible to also pass the %SRCPORT variable to
squid_session in addition to %SRC as this will probably be unique in
most cases ?
You could, but that would be almost unique per request, still not
identifying an user.
tis 2009-11-03 klockan 18:58 +0100 skrev Sergio Marchi:
If you have had connection errors with the software EMens ( released
by INPS) , connecting via squid 2.7, you should insert the parameter
ignore_expect_100 on in your squid.conf. The software works fine
with the previous squid versions.
tis 2009-11-03 klockan 19:44 + skrev Markus Moeller:
But how would that work if the guest uses his own machine e.g. Kerberos (no
ticket available) nor NTLM (no shared machine key available) can be used or
? and ISA (or squid) sends Negotiate as the first auth option ?
NTLM works
tis 2009-11-03 klockan 13:21 + skrev Markus Moeller:
Does anybody know how MS intends to deal with this (e.g. guests in a company
network) in a MS only environment with ISA proxy ?
Supposedly by having guest accounts in the Windows domain.
Regards
Henrik
tis 2009-11-03 klockan 07:43 -0800 skrev espoire20:
I have my Server proxy under Squid work very well but in the last time the
users start to use anonymous proxy that allow users to connect to the
Internet via an external site and bypass restrictions , so if you know some
blocking tools under
mån 2009-11-02 klockan 23:42 +1300 skrev Amos Jeffries:
IME, I think sending the correct realm or domain in the NTLM or
Negotiate auth headers may prevent clients attempting auth with a known
mechanism if they are not part of the domain.
If Microsoft had thought about using the required
mån 2009-11-02 klockan 23:47 +1300 skrev Amos Jeffries:
Make sure that the mib.txt you/mrtg are using came from the 3.1 source
code. There have been major changes to the MIB numbering in 3.1.
Hmm.. what kind of changes?
MIB numbering should never change. Old numbers may cease to exists when
1 - 100 of 11697 matches
Mail list logo
