i am using authenticate_ip_ttl 20 minutes
and max_user_ip -s 1 but the problem persists.
what could be wrong?
--- Li Wei [EMAIL PROTECTED] wrote: you seem
to miss the authenticate_ip_ttl setting
And, for max_user_ip, you'd better add -s option.
- Original Message -
From: Ola
Hi guys
Do you know how to configure Squid in order to forward
incoming traffic (with TCP port 8080 defined in the
clients browsers) to an other Cache. The traffic has
to be forwared on port 8080
I know the following commands
. edit the /etc/squid/squid.conf file with the
following lines :
I know I know I know that technically this is not a Squid question but if
anybody has managed to get AdZapper to work with Windoze then please post
the details here. I use the installer package from here
http://albaweb.albacom.net/acmeconsulting.it/download/squid.htm and use PERL
from
please help me how to let squid read a certain file
say:
acl myaclname ??? /usr/local/squid/etc/myfile.txt
what i want to do is to put all userid in myfile.txt
and allow them to access the net only on mondays. the
others will have no restrictions.
i am using NCSA authentication
thanks for the
tor 2003-07-10 klockan 10.23 skrev patrick deroudilhe:
Hi guys
Do you know how to configure Squid in order to forward
incoming traffic (with TCP port 8080 defined in the
clients browsers) to an other Cache. The traffic has
to be forwared on port 8080
Squid FAQ 4.9 How do I configure Squid
tor 2003-07-10 klockan 12.39 skrev rem mek:
please help me how to let squid read a certain file
say:
acl myaclname ??? /usr/local/squid/etc/myfile.txt
acl myaclname ??? /usr/local/squid/etc/myfile.txt
Regards
Henrik
--
Donations welcome if you consider my Free Squid support helpful.
tor 2003-07-10 klockan 10.26 skrev Carolyn Longfoot:
I know I know I know that technically this is not a Squid question but if
anybody has managed to get AdZapper to work with Windoze then please post
the details here. I use the installer package from here
i am using authenticate_ip_ttl 20 minutes
and max_user_ip -s 1 but the problem persists.
what could be wrong?
The items you include from your squid.conf look good
(though a little over-complex). Could you post your
entire squid.conf (minus comments, of course)?
Adam
---
Outgoing mail is
Try the wrapzap script that is mentioned on the Ad Zapper
page: http://adzapper.sourceforge.net/
Rick
-Original Message-
From: Carolyn Longfoot [mailto:[EMAIL PROTECTED]
Sent: Thursday, July 10, 2003 3:26 AM
To: [EMAIL PROTECTED]
Subject: [squid-users] AdZapper with Win NT
I
Hi,
I'd like to use Squid for filtering java applets.
Any idea how to realise it?
Yes, Squid is a proxy cache, not a police man, but maybe someone knows
an add-on or an http proxy specialized for java applet filtering could
be contacted upwards.
Regards
Bernie
Bernie,
I'd like to use Squid for filtering java applets.
Any idea how to realise it?
Yes, Squid is a proxy cache, not a police man, but maybe someone knows
an add-on or an http proxy specialized for java applet filtering could
be contacted upwards.
One way of achieving this is to use
Hi all,
We currently use Squid 2.5 STABLE1 running on Red Hat Linux 7 with a pretty
much
default squid.conf. A number of our users access their Yahoo and Hotmail
accounts from the office and since we started using Squid, they receive
errors like the following once they are logged into the site:
here is my squid configuration -
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_dir ufs /usr/cache 100 16 256
debug_options ALL,1 33,2
auth_param ntlm program /etc/squid3/libexec/ntlm_auth
hq/dc01
auth_param ntlm children 3
auth_param ntlm
Squid-2.5 URL encodes the login and password to be able to deal with
complex passwords. Beacuse of this any auth helpers used with Squid-2.5
or later should be designed for use with Squid-2.5 and later (needs to
URL-decode the login and password fields).
I would recommend you rewrite this section:
acl me src 192.168.0.0/24
http_access deny !me
acl authenticated proxy_auth REQUIRED
http_access deny !authenticated
acl onlyonce max_user_ip 1
http_access deny onlyonce
http_access allow authenticated
http_access deny all
to this:
[other acl lines]
Hello,
I have some users here that cannot access some pages, and I´d like to
redirect the page (e.g. when he type www.download.com, goto http://intranet
). Squid does it just with a redirector installed
Which one do you recommend ? Wich one is more stable and more easy to
configure
Simon Rae wrote:
Hi all,
We currently use Squid 2.5 STABLE1 running on Red Hat Linux 7 with a pretty
much
default squid.conf. A number of our users access their Yahoo and Hotmail
accounts from the office and since we started using Squid, they receive
errors like the following once they
I am wondering if having cache_dir drives on a RAID controller that has
Read/Write cache turned on might cause problems? I'm fairly sure that
Squid manages the latency, etc of its cache_dir drives. The drives that
my Squids use are all on RAID controllers as single volumes. However I
tor 2003-07-10 klockan 15.39 skrev Simon Rae:
Hi all,
We currently use Squid 2.5 STABLE1 running on Red Hat Linux 7 with a pretty
much
default squid.conf. A number of our users access their Yahoo and Hotmail
accounts from the office and since we started using Squid, they receive
errors
tor 2003-07-10 klockan 16.02 skrev Adam Aube:
This makes your squid.conf easier to read and a
little more efficient. However, I do not see any
reason why you are having the problem you report.
I am of the opposite opiniton. I find it easier to read rules where acl
lines only relevant to one
tor 2003-07-10 klockan 16.05 skrev Alex Carlos Braga Antão:
Hello,
I have some users here that cannot access some pages, and I´d like to
redirect the page (e.g. when he type www.download.com, goto http://intranet
). Squid does it just with a redirector installed
This does not even
Are you running Squid as a transparent proxy? If so, try using it as a
normal proxy and disable the interception rules in your firewall.
Regards
Henrik
--
Donations welcome if you consider my Free Squid support helpful.
https://www.paypal.com/xclick/business=hno%40squid-cache.org
Please
Hi All -
I have a quick question about how Squid handles objects with no
Last-Modified timestamp. The options (as I see them) are (1) cache the
object, but always refresh it with an If-Modified-Since or (2) never cache
the item. Can anyone tell me what policy Squid uses? I've peeked at the
code
On Thursday 10 July 2003 17.10, Leeann BENT wrote:
I have a quick question about how Squid handles objects with no
Last-Modified timestamp. The options (as I see them) are (1) cache
the object, but always refresh it with an If-Modified-Since or (2)
never cache the item. Can anyone tell me
On Thursday 10 July 2003 16.17, Peter Smith wrote:
I am wondering if having cache_dir drives on a RAID controller that
has Read/Write cache turned on might cause problems?
Depends on the RAID level and the load you plan on putting on the
RAID.
I'm fairly sure that Squid manages the latency,
Hi,
Some clients are using proxy servers in DMZ for Intranet access.
In other words they hardcode proxy in browser in use.
Is it anyway I notify, transparently, client's browser/application to go directly to
web server rather than hitting proxy server.
I am looking for solution better than deny,
On Thursday 10 July 2003 18.02, Zand, Nooshin wrote:
Hi,
Some clients are using proxy servers in DMZ for Intranet access.
In other words they hardcode proxy in browser in use.
Is it anyway I notify, transparently, client's browser/application
to go directly to web server rather than hitting
curiously, if i login as domainname\username on both
machines, it works perfectly i.e i can only login as a
username from one machine, the other is denied but by
default, Windows shows the username as
machine\username and on supplying same password, squid
allows a login (i.e domainname\username
I have a Linux server with Red Hat 7.3 and Squiq 2.4.
In IE 6 SP1 the authentication show the message: The Server Not Found,
but, i reloaded the page then functions.
In Squid 2.5 STABLE3 this function fully works?
Thanks
PEREIRA
On Wed, 2003-07-09 at 18:07, Adam wrote:
Stephen wrote:
We can't seem to get Squid to connect to
http://wxd.slu.edu:8900/SCRIPT/NR_N50020/scripts/serve_home
Found it. It wasn't the acls or the organizational firewall, but the
iptables firewall on the proxy box. Thanks for the hints!
I have a requirement to dump the contents of a webcache into viewable files.
My question: Is their any software that will strip the headers off the cached
files and rename them to their original filenames?
Thanks in advance
S
On Thursday 10 July 2003 21.59, Jean Marcel Vosch wrote:
I have a Linux server with Red Hat 7.3 and Squiq 2.4.
In IE 6 SP1 the authentication show the message: The Server Not
Found, but, i reloaded the page then functions.
This is a IE6SP1 bug. See the Squid FAQ.
Regards
Henrik
Henrik,
The work-around seemed to work when persistent connections are required for forms.
However, it only solved half of the pages that die. The other pages, as stated before
are .jsp and .asp. Right now I am on Support.Nokia.com and cruising around in their
Secure Knowledge database. It is
Very Very Thanks
Works...
[]´s
- Original Message -
From: Henrik Nordstrom [EMAIL PROTECTED]
To: Jean Marcel Vosch [EMAIL PROTECTED]; Ola
[EMAIL PROTECTED]; Adam Aube [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Thursday, July 10, 2003 6:18 PM
Subject: [squid-users] Re: Squid with
Hi,
I currently have an ACL setup (using regex -i) to block certain files from
being viewed or downloaded (eg EXE, ZIP etc) which effects everyone using
the cache. I now have the requirement to allow certain users from accessing
some websites which require the unblocking of ZIP attachments so i
I currently have an ACL setup (using regex -i) to block certain
files from
being viewed or downloaded (eg EXE, ZIP etc) which effects everyone
using
the cache. I now have the requirement to allow certain users from
accessing
some websites which require the unblocking of ZIP attachments so
i
Thanks for your response.
I have worked it out with your help.
I just created 2 groups of users and 2 url_regex lines, popped them in the
config file in order and it works perfectly.
Thanks again..
Regards,
Greg
-Original Message-
From: Adam Aube [mailto:[EMAIL PROTECTED]
Sent:
Hi All,
I've got a beautifully working squid server with NTLM then BASIC auth so
windows automatically authenticates and Linux can use basic auth.
basically it's squid-2.5.STABLE3.tar.gz compiled with ntlm,basic support.
2 questions:
1. We have a number of users that use Adobe Web Capture
I've got a beautifully working squid server with NTLM then BASIC
auth so
windows automatically authenticates and Linux can use basic auth.
Sweet, isn't it?
1. We have a number of users that use Adobe Web Capture to PDF
file. with
basic auth only turned on it prompts for a password like it
Hi,
I am trying to get squid to prompt me for password before granting access to
the internet. But for every page I go to the password challenge is skipped.
winbind-auth-challenge is compiled in. I tried
wbinfo -a username%password
both a plaintext and challenge-response is successful. Sorry
a bug to Adobe? ok. sounds like a plan.
does anybody know how to use tcpdump to sniff what the browser is sending as
it's header?
thanks for that acl. problem is i've got say 6 or 8 people using Adobe PDF
capture. they're all on DHCP. i've got a similar acl for our servers which
obviously
I am trying to get squid to prompt me for password before granting
access
to the internet.
The whole point of NTLM auth is not having to enter the password.
If you want the password prompt, you need to use basic auth and
the wb_auth helper.
Adam
I don't want the password prompt, but i do want people with linux boxes that
NTLM won't work to still use basic. this also works if in the conf you have
ntlm first and then basic. very very nice.
just the adobe thing is the pain. that's why i was hoping for an acl that
says this is adobe, use
At Friday, 11 July 2003, [EMAIL PROTECTED] wrote:
I don't want the password prompt, but i do want people with linux
boxes that
NTLM won't work to still use basic. this also works if in the conf
you have
ntlm first and then basic. very very nice.
just the adobe thing is the pain. that's why
damn. sorry. aarrghhh. It's a friday here and i'm looking forward tothe
w/end.
-Original Message-
From: Adam Aube [mailto:[EMAIL PROTECTED]
Sent: Friday, July 11, 2003 10:39 AM
To: [EMAIL PROTECTED]
Subject: RE: [squid-users] ntlm won't prompt
At Friday, 11 July 2003, [EMAIL
For the record, in case there are other who may be / will be in the same
case as us; this solved the problem completely. No more issues with Windows
Update, and a host of other ssl-based sites now function properly.
Thank you for your assistance.
Nick Pappas
The Keyes Company
-Original
idiot me re: last message.
The IP of the client doesn't matter. All that matters is that you
put in the IP addresses of the Adobe PDF capture servers. This will
allow anyone to access those server's without having to go through
authentication.
It's a hack, but it works.
err. adobe PDF web
I am trying to get squid to prompt me for password before granting
access to the internet.
The whole point of NTLM auth is not having to enter the password.
If you want the password prompt, you need to use basic auth and
the wb_auth helper.
Please excuse my ignorance. Would passwords be
damn. sorry. aarrghhh. It's a friday here and i'm looking forward
tothe
w/end.
Don't worry about it - I did the same thing myself, once (though
not on this list).
Enjoy the upcoming weekend - it's only 9 PM Thursday here.
Adam
9pm? isn't it time you stopped working? :)thanks for the advice. i'll
post if i find the cure...
M
-Original Message-
From: Adam Aube [mailto:[EMAIL PROTECTED]
Sent: Friday, 11 July 2003 10:49 AM
To: [EMAIL PROTECTED]
Subject: RE: [squid-users] ntlm won't prompt
damn. sorry.
On Fri, 2003-07-11 at 11:27, [EMAIL PROTECTED] wrote:
err. adobe PDF web capture you basically start adobe and say capture a web
page and paste in a url and say grab. it's very very good at making A4 pdfs
out of fairly bad web pages. it doesn't go to 'capture servers' as
such. i may
Please excuse my ignorance. Would passwords be passed in clear text
using
basic auth? Is there an authentication scheme that works without
clear text.
There are 3 types of auth supported in Squid:
1) Basic auth
- Works with virutally any browser
- Password is sent in clear text
-
Hi Robert,
you can simply allow adobe based on a browser regex before your auth
triggering http_access lines.
that's what i'm hoping to do to get around this problem. have you managed
to do this? i've not experimented yet as i didn't know what adobe tells
squid what browser it is. i'm going
i don't think the developers if squid would agree with you on that one. :)
Quite frankly, if you can use NTLM auth, do it. That is the one feature
in IE that I wish other browsers would emulate.
http://devel.squid-cache.org/ntlm/client_proxy_protocol.html seems to think
that 'it couldn't get
Mozilla 1.4 claims to support NTLM authentication.
-Original Message-
From: Adam Aube [mailto:[EMAIL PROTECTED]
Sent: Friday, 11 July 2003 11:41
To: [EMAIL PROTECTED]
Subject: Re: [squid-users] Re: ntlm won't prompt
Please excuse my ignorance. Would passwords be passed in clear text
On Fri, 2003-07-11 at 11:45, SEMELE NAV for Microsoft Exchange wrote:
Recipient of the infected attachment: Eider Silva de Oliveira\Inbox
Subject of the message: RE: [squid-users] ACL Regex Browser - for Adobe Web
capture?
One or more attachments were quarantined.
Attachment was
On Fri, 2003-07-11 at 12:03, [EMAIL PROTECTED] wrote:
Hi Robert,
you can simply allow adobe based on a browser regex before your auth
triggering http_access lines.
that's what i'm hoping to do to get around this problem. have you managed
to do this? i've not experimented yet as i didn't
hehe. yep i mean basic. sorry.
ta for tcpdump.
interesting idea. i might put basic first and see if IE takes the best
option, not the last option in the list (if it makes a diference that is)
and then see if adobe takes the basic option. then i'll be set.
i'll follow it up with adobe
Mozilla 1.4 claims to support NTLM authentication.
That would rock. I hope it happens.
Adam
Mozilla 1.4 claims to support NTLM authentication.
That would rock. I hope it happens.
Should have checked the Mozilla site before responding - 1.4 has
been out for a week and a half.
Too bad it only works for Windows, but then it would probably be
very difficult to implement under Linux.
A
On Fri, 2003-07-11 at 12:49, Adam Aube wrote:
A good compromise would be for Mozilla to prompt for username, password,
and domain, then use that info to do NTLM. Wouldn't have all the
benefits of Windows NTLM, but would be more secure than basic and
wouldn't require cleartext password
Digest, per se, doesn't require clear text password storage.
Squids supplied helper uses cleartext, but that is simply -a-
implementation. Squid itself never needs the cleartext password.
Technically, yes - digest auth does not require the password to be
stored in cleartext. However, as you
62 matches
Mail list logo
