facebook_videos
It seems like it blocks only a few.
any idea?
is it possible with squid ?
--
cat /etc/motd
Thank you
Indunil Jayasooriya
http://www.theravadanet.net/
http://www.siyabas.lk/sinhala_how_to_install.html - Download Sinhala
Fonts
On Wed, Jul 25, 2012 at 3:04 PM, Indunil Jayasooriya
induni...@gmail.com wrote:
Can your squid box to go to internet ? ( Pls check /etc/resolv.conf file )
How many interfaces does your squid box have?
1 or 2 ?
in /etc/sysctl.conf file , pls check net.ipv4.ip_forward parameter? try
ACCEPT
--
Thank you
Indunil Jayasooriya
Error 4:Attempted to connect using the (TLS V1.0 | SSL V3.0)
protocol(s). The server rejected the connection
--
Thank you
Indunil Jayasooriya
hi,
I need expert advice
we cant access
www.go2uti.com form our squid 2.6.STABLE6 on CentOS 5
this is the log .
TCP_NEGATIVE_HIT/403 659 GET
http://www.go2uti.com/ - NONE/- text/html
we can access it without squid. what could be the issue... ?
--
Thank you
Indunil Jayasooriya
get below error on the web browser
Forbidden
You don't have permission to access / on this server.
Additionally, a 500 Internal Server Error error was encountered while
trying to use an ErrorDocument to handle the request.
could you pls help me to solve this issue ?
--
Thank you
Indunil
has negative_ttl 5 minutes
but, it is commented in this way.
#negative_ttl 5 minutes
--
Thank you
Indunil Jayasooriya
On Tue, Apr 19, 2011 at 1:05 PM, Indunil Jayasooriya
induni...@gmail.com wrote:
Now, we have to use
divert-to instead of rdr-to in pf.conf
Pls read below URL where you get the real thing in regard to it. It
was replied by OpenBSD developer Reyk Floeter.
http://www.mail-archive.com/misc
-transparent properly detects and
handles the version of PF available. Are you able to find out how I could do
that please?
Will I have to do something from my end ?
--
Thank you
Indunil Jayasooriya
21:03 ..
drwxr-xr-x 46 root wheel 2560 Apr 11 17:29 errors
drwxr-xr-x 3 root wheel512 Apr 11 17:29 icons
-rw-r--r-- 1 root wheel 30845 Apr 11 17:29 mib.txt
--
Thank you
Indunil Jayasooriya
?
--
Thank you
Indunil Jayasooriya
the
./configure --enable-ipfw-transparent option to Squid.
so, I configured with
./configure --enable-ipfw-transparent
here's the URL where We discussed
http://www.mail-archive.com/squid-users@squid-cache.org/msg78526.html
But, still no success.
Where have I gone wrong?
--
Thank you
Indunil
/in.h
#endif
#if HAVE_ARPA_INET_H
#include arpa/inet.h
#endif
#endif /* _SQUID_OPENBSD_ */
#endif /* SQUID_OS_OPENBSD_H */
That's all for that patch. I think U r ok.
anyway. for the /dev/pf thing, I will come back with an update
--
Thank you
Indunil Jayasooriya
to it. It
was replied by OpenBSD developer Reyk Floeter.
http://www.mail-archive.com/misc@openbsd.org/msg101469.html
I am home now, I am going to office on monday. then, I will do
accordingly and update you.
--
Thank you
Indunil Jayasooriya
/pf
crw--- 1 root wheel 73, 0 Apr 1 19:30 /dev/pf
--
Thank you
Indunil Jayasooriya
| storeLateRelease: released 0 objects
That's all I can tell you. sorry for the long mail. I think step by
step info may be very helpful.
anyway, Pls let me know how to patch. I love it, then, for next
releases on OpenBSD, I can try.
hope 2 hear from you.
--
Thank you
Indunil Jayasooriya
for transparency with PF
pass in log on $int_if proto tcp from $lan_net to any port 80 \
rdr-to 127.0.0.1 port 3128
pass out log on $ext_if inet proto tcp from $ext_if to any \
port 80
--
Thank you
Indunil Jayasooriya
).
*** Error code 1
Stop in /root/software/squid-3.2.0.6/lib (line 708 of Makefile).
*** Error code 1
Stop in /root/software/squid-3.2.0.6 (line 433 of Makefile).
--
Thank you
Indunil Jayasooriya
?
Thanks
/Leslie
--
Thank you
Indunil Jayasooriya
internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
http_access allow localnet
--
Thank you
Indunil Jayasooriya
checked that there's none.
pass in log on $int_if proto tcp from $internal_net to any port
$proxy_services rdr - $proxy port 8080
Pls replace like this and see.
pass in log on $int_if proto tcp from $internal_net to any port
80 rdr - $proxy port 8080
--
Thank you
Indunil Jayasooriya
In both cases, when I use my browser in my LAN (whichever PC I use), I
get:
(101) Network is unreachable
Have you added DNS in your PCs ? try to add and see
--
--
Thank you
Indunil Jayasooriya
: www.debian.org
Addresses: 86.59.118.148, 82.195.75.97
F.
in squid.con file , Pls search dns_nameservers directive and add like this.
dns_nameservers 172.16.16.254
--
Thank you
Indunil Jayasooriya
should expire in a period (let's say 5
months). before that, it should be informed to users.
Could you pls let me know the software we need to achieve the above
said requirements?
What about the Squid Users Manager pkg?
--
Thank you
Indunil Jayasooriya
I try with Cuteftp , filezilla , these worked very well. Only IE and
Firefox
How did you access?
Pls try below method
ftp://user:p...@www.domain.com
Amos, i want to access www.icuh2009.org. Am using Filezilla. Not sure
what you mean by the connect method!
Pls try below via firefox or IE
ftp://user:p...@www.icuh2009.org/
--
Thank you
Indunil Jayasooriya
of
audio/video streaming rather then blocking websites(that are increasing
day-by-day)
Regards
-ms
--
Thank you
Indunil Jayasooriya
use?
--
Thank you
Indunil Jayasooriya
for me. ALL went fine with iproute2 pkg.
I am also seeking a TC expert to help several users already needing to use
it with TPROXYv4 and/or WCCP setups.
I am NOT a tc expert. just a guy with an interest.
--
Thank you
Indunil Jayasooriya
I'm using HAVP as a cache peer and it is working quite nicely:
oh, yeah, I also tested several times. it worked very well.
--
Thank you
Indunil Jayasooriya
do
in squid.conf file , pls type
visible_hostname yourhostname
then, type below command
squid -k reconfigure
That's it
--
Thank you
Indunil Jayasooriya
.
What about ACLs like below ?
acl ftp proto FTP
acl noftpips src 192.168.1.2 192.168.1.4 192.168.1.10
http_access allow ! noftpips
Your ideas ?
--
Thank you
Indunil Jayasooriya
--
Thank you
Indunil Jayasooriya
exclude ftp access to some ip addresses?
Pls grant your advice.
--
Thank you
Indunil Jayasooriya
:192.1.54.65
--
Thank you
Indunil Jayasooriya
, It works fine. This is a streaming video site.
But, remember, There is NO firewall running. All ports are open.
ANY ADVICE
--
Thank you
Indunil Jayasooriya
for it.
Anyway, This is squid version , Pls see below
Squid Cache: Version 2.6.STABLE6
Your Idead expected
--
Thank you
Indunil Jayasooriya
Hi,
Pls fill below varable with yours.
$LAN= Lan ip range. example- 192.168.0.0/24
$INTERFAZ_INT= Interface connects to the Internet
$INTERFAZ_LAN= Interface conncects to Lan
$LAN_IP of the squid box = Lan ip. example- 192.168.0.1
I use below rules for tranceparent interception on Linux.
://markmail.org/message/5d7rtqbhwwcivkkx?q=transparent+httpspage=1refer=vhkzezxg7n643ik2
http://markmail.org/message/mkgy5jjr6wdthi5k?q=transparent+httpspage=1refer=vhkzezxg7n643ik2
--
Thank you
Indunil Jayasooriya
.
I think below may help you
http://wiki.squid-cache.org/Features/SslBump?highlight=%28C%7B1%7DategoryWish%29%7C%28C%7B1%7DategoryFeature%29%7C%28completed%29%7C%28Version...%3A.%2A3.1%29%7C%28Status...%3A%29%7C%28ETA...%3A%29
Happy Squiding
--
Thank you
Indunil Jayasooriya
Also i saw that this is a commercial product. Do you know any free
software like this ?
What about this?
Pls try
http://www.shallalist.de/
--
Thank you
Indunil Jayasooriya
idea?
--
Thank you
Indunil Jayasooriya
,
It works.
--
Thank you
Indunil Jayasooriya
/200708/0069.html
Hope , it may help
--
Thank you
Indunil Jayasooriya
. It will NOT work.
Is it normal?
Without DNS sentires in Clients Pcs. Is it possible to work?
Hope to hear from you.
--
Thank you
Indunil Jayasooriya
you
Indunil Jayasooriya
no, it´s now possible without dns ... browser need to resolve address
to ip to start connections
Thanks for your quick responce. How Can I achieve it.
All clinets use IE and firefox.
Hope to hear from you.
--
Thank you
Indunil Jayasooriya
of routing am i making this protocols (iptables and squid)?
Do you want to route port 80 (web) traffic via one ADSL line?
the rest of traffcie via the other?
if so, iptables and ip route2 can do it.
then, you nerd policy routing.
--
Thank you
Indunil Jayasooriya
the word allow as follows
http_access allow pc101 whitelist
Happy squiding
--
Thank you
Indunil Jayasooriya
allow mynet
restart squid
Happy Squiding
--
Thank you
Indunil Jayasooriya
still do not know. I think it is good to send another mail with the
subject of restrict access log to a short period (say 1 hour)
Then, squid developers might be able to answer you.
go ahead to bring this to an end
Happy Squiding.
--
Thank you
Indunil Jayasooriya
this
Difficult to say.
--
Thank you
Indunil Jayasooriya
/enhancements.php
http://sarg.sourceforge.net/zhaolei.txt
Happy Squiding
--
Thank you
Indunil Jayasooriya
seem to behave as I would expect. I get far less traffic
reported than I would expect over the period. I can't find any way to check
that it is reporting all the relevant trafic.
Thanks
Richard.
--
Thank you
Indunil Jayasooriya
to get them?
Or maybe there's another package that's preferred to make use of RRD for
Squid?
--
Thank you
Indunil Jayasooriya
#Redirecting traffic destined to port 80 to port 3128
iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 80 -j REDIRECT
--to-port 3128
for more, pls visit below URL
http://wiki.squid-cache.org/SquidFaq/InterceptionProxy
Happy Squiding
--
Thank you
Indunil Jayasooriya
Need some help on how to improve the performance of squid proxy.
My problem is when I access any site directly it is faster but when used
proxy its slow.
Pls try below command and ses its output
squidclient mgr:info
--
Thank you
Indunil Jayasooriya
.
Is it there somewhere in one of the report - or do I need some additional
reporting tool?
Thanks for the help.
Richard.
--
Thank you
Indunil Jayasooriya
Hope to hear from you.
Happy squiding
--
Thank you
Indunil Jayasooriya
being allowed
at this time. Please contact your service provider if you feel this is
incorrect.
have you added ACL in squid.conf
something like this.
acl our_networks src 192.168.1.0/24
http_access allow our_networks
Pls try it out
--
Thank you
Indunil Jayasooriya
parent 3128 0 no-query default
acl all src 0.0.0.0/0.0.0.0
never_direct allow all
May I get your network set up with ips, if possible?
I think it is like this.
clients --- 2ndsquidproxy --- 1stsquidproxy(its ip is 10.10.10.1)
-- Your firewall
Hope to hear from you.
--
Thank you
Indunil
Indunil Jayasooriya
http_access allow lan
never_direct allow all
--
Thank you
Indunil Jayasooriya
to hear from you.
--
Thank you
Indunil Jayasooriya
10.10.10.1 parent 3128 0 no-query default
acl all src 0.0.0.0/0.0.0.0
never_direct allow all
--
Thank you
Indunil Jayasooriya
will have to redirect to www2.example.com:8098/login.aspx there.
Hope to hear from you.
--
Thank you
Indunil Jayasooriya
When I take off transparent mode, the result is the same, it does not
access (time out)
without squid, When you access www.example.com, does it redirect to
www2.example.com:8098/login.aspx ?
If yes, Webserver www.example.com is OK.
Hope to hear from you.
Thank you
Indunil Jayasooriya
www.example.com via squid.
--
Thank you
Indunil Jayasooriya
need the output of below 2 apache logs of www.example.com
at the same time?
tail -f /var/log/httpd/access_log
tail -f /var/log/httpd/error_log
I think it is the easiest way to see what is going on there?
--
Thank you
Indunil Jayasooriya
is via squid proxy. Then, It does not work.
What is this PATH?
I want to see reverse path filtering.
hope to hear form you.
-
Thank you
Indunil Jayasooriya
ms13 ms13 ms 10.43.8.20
Trace complete.
C:\Documents and Settings\edd
On Mon, Jun 2, 2008 at 3:25 PM, Indunil Jayasooriya [EMAIL PROTECTED] wrote:
No other logging for it.
Thanks for your logs. I think that 10.43.8.20 is the server where
www2.example.com.
So far, We checked
have?
I think this is something that belongs to routing...
--
Thank you
Indunil Jayasooriya
that other
domain) in front of my own DNS server in resolv.conf, it now works
through squid.
Thank you again for all your help, and I apologize if I wasted your time.
On Mon, Jun 2, 2008 at 4:18 PM, Indunil Jayasooriya [EMAIL PROTECTED] wrote:
my laptop IP is 10.1.15.57.
10.1.15.240
[EMAIL PROTECTED] ~]# htpasswd /etc/squid/squid_passwd user1
New password:
Re-type new password:
Adding password for user user1
finally, Pls restart squid server.
That's it
Happy squiding
--
Thank you
Indunil Jayasooriya
REDIRECT --to-port 8098
--
Thank you
Indunil Jayasooriya
I am runnig squid servers on firewalls and on DMZ. no issue at all.
--
Thank you
Indunil Jayasooriya
Hi,
Is there a good guide detailing how to set this digest up with openLdap?
http://yajith.blogspot.com/2007/12/squid-ldap-and-active-directory.html
--
Thank you
Indunil Jayasooriya
in this incoming message.
Checked by AVG.
Version: 7.5.524 / Virus Database: 269.23.21/1458 - Release Date:
5/21/2008 7:21 AM
No virus found in this outgoing message.
Checked by AVG.
Version: 7.5.524 / Virus Database: 269.23.21/1458 - Release Date: 5/21/2008
7:21 AM
--
Thank you
Indunil
polices. then, You need another rule like this.
iptables -A INPUT -p tcp --dport 3128 -j ACCEPT
Pls try these.
GOOD LUCK
Is there anything am missing on here
--
Thank you
Indunil Jayasooriya
users' usage of the server.
I'm sure it's a very common task for Squid
admins. Why there is no tool in the
distribution kit, I don't understand.
So, what will you advise me?
--
Thank you
Indunil Jayasooriya
Indunil Jayasooriya
] ~]# /etc/cron.weekly/sarg
[EMAIL PROTECTED] ~]# /etc/cron.monthly/sarg
Now, Browse as follows.
http://192.168.101.25/sarg
That's it.
GOOD LUCK
On Thu, 08 May 2008 Indunil Jayasooriya wrote :
Pls use sarg. It is good.
Anyway, Redhat 9 is quite old. Pls use Cenos 5x instead
RPM can
website trying to access: http://www.fiakc.com
I get the dialog box from here.
--
Thank you
Indunil Jayasooriya
what version of squid are you using?
i see 2.6 does not have this problem but 2.5.6 does.
so i was wondering what patch level i need to be at in order to address the
issue or do i need the 2.6 version.
squid 2.5 is quite OLD. Pls use squid 2.6 instead.
--
Thank you
Indunil
appreciate the info.
What is the O/S u r using?
how have you installed squid? source or binary?
u r running squid 2.5.6. I think if you can update it to something
higher, there's a chance to get it worked.
GOOD LUCK
Thnans much.
Indunil Jayasooriya [EMAIL PROTECTED] 08-05-2008 12:08
.
--
Thank you
Indunil Jayasooriya
:[FAILED]
[EMAIL PROTECTED] squid]# tail -f /var/log/messages
May 5 11:37:20 mail squid: Bungled squid.conf line 76: http_port
192.1.54.101:80 accel defaultsite=your.main.websit
May 5 11:46:27 mail last message repeated 4 times
Hope to hear from you.
--
Thank you
Indunil
--
From: Indunil Jayasooriya [EMAIL PROTECTED]
Date: Mon, May 5, 2008 at 11:50 AM
Subject: Re: [squid-users] squid reverse proxy isssue
To: Paul Bertain [EMAIL PROTECTED]
Cc: squid-users squid-users@squid-cache.org
Can your Squid box resolve your http_port line? Whatever you have as the
actual
This is on RedHat EL 5 with default RPM squid-2.6.STABLE6-3.el5
Any advice to get it working.
--
Thank you
Indunil Jayasooriya
below URL may help.
http://blogs.techrepublic.com.com/networking/?p=308
On Wed, Apr 30, 2008 at 1:32 AM, Wilson A. Galafassi Jr.
[EMAIL PROTECTED] wrote:
Hello.
It´s possible to block msn under squid? Especially file transfer?
Thanks,
Wilson
--
Thank you
Indunil Jayasooriya
/transquid.html
--
Thank you
Indunil Jayasooriya
--
Thank you
Indunil Jayasooriya
Looks good.
If you have multiplewebsites hosted you may need both accel vhost
options on the http_port.
NOTED , Thanks
--
Thank you
Indunil Jayasooriya
On Thu, Apr 10, 2008 at 7:48 PM, Amos Jeffries [EMAIL PROTECTED] wrote:
Indunil Jayasooriya wrote:
Hi all,
I have 2 web servers . One is Primary and the other is Secondary.
Pls asssume
ip of primary is 1.2.3.4
ip of secondary 2.3.4.5
I want squid resverse proxy to forward
cache_peer ip.of.secondarywebserver parent 80 0 no-query originserver
acl our_sites dstdomain your.main.website
http_access allow our_sites
--
Thank you
Indunil Jayasooriya
banneddommains dstdomain /path/file.txt
http_access deny banneddommains
or how?
TIA
LD
--
Thank you
Indunil Jayasooriya
--
Thank you
Indunil Jayasooriya
, clients gateway is the ip of the firewall/NAT box. and also check
Dns in clients.
here's another useful urls
http://www.mail-archive.com/squid-users@squid-cache.org/msg53662.html
http://tldp.org/HOWTO/TransparentProxy-6.html
Good luck
--
Thank you
Indunil Jayasooriya
are added to a table called 2.
That's it.
--
Thank you
Indunil Jayasooriya
]:%
LegendI[cacheCpuUsage]: CPU Usagenbsp;
LegendO[cacheCpuUsage]:
Legend1[cacheCpuUsage]: CPU Usage
Legend2[cacheCpuUsage]:
pls change hostname, passsowrd and port number if nedded.
GOOD LUCK
--
Thank you
Indunil Jayasooriya
Also, does anyone know of any good *NIX firewall/proxy distro's
designed to keep the home clean of the crap?
I would also like to have OpenBSD's PF as the Firewall and squid as
trnaparent intercepting mode. that way is pretty good.
--
Thank you
Indunil Jayasooriya
1 - 100 of 155 matches
Mail list logo
