Hi all,
When i change SELINUX from permissive mode to Enforcing mode. My multiple
instance setup fail to start. Please guide how to overcome this.
---Excerpts from cache.log-
2010/05/18 10:31:51| TCP connection to 127.0.0.1/3128 failed
2010/05/18
mån 2010-05-17 klockan 06:30 +0100 skrev Markus Moeller:
OpenDirecttory or eDirectory is just ldap and has nothing to do with
Kerberos (as far as I know).
eDirectory can trust Kerberos for authentication. But does not in itself
provide Kerberos KDC. Novell also have a Kerberos KDC product
mån 2010-05-17 klockan 20:45 -0500 skrev Luis Daniel Lucio Quiroz:
Not much, about 4-6 users,
62 hits / min
That's sufficient.
I ask because the % statistics gets very sensitive when there is very
little load (no active users).
It's normal that one or two requests every now and then uses a
Dear All,
Your guidance is required. Please help.
It looks that squid process run by default as a confined process whether its a
compiled version or a version that come with the linux distro. It means that
the squid software is SELINUX aware.Am i right?
[r...@squidlhr ~]# ps -eZ | grep
Hello Team,
Does anybody know any free reporting tool for squid web proxy?
We have around 300 users using Squid proxy and we need
To generate couple of report.
* IP from the session began
* Visited Sites
* Access Date
* Bandwidth consumption
* If possible the user name
Thanks,
\Subhankar
Le Tue, 18 May 2010 14:16:12 +0530,
Subhankar Sengupta subhankar.subscr...@gmail.com a écrit :
Hello Team,
Does anybody know any free reporting tool for squid web proxy?
We have around 300 users using Squid proxy and we need
To generate couple of report.
* IP from the session began
*
On 18/05/2010 04:11, Luis Daniel Lucio Quiroz wrote:
Le lundi 17 mai 2010 19:35:49, vous avez écrit :
On 18/05/2010 01:49, Luis Daniel Lucio Quiroz wrote:
Le lundi 17 mai 2010 18:38:54, David Touzeau a écrit :
Dear
I would like to know how to force squid to create more cache from
specific
David Touzeau wrote:
On 18/05/2010 01:35, Henrik Nordström wrote:
mån 2010-05-17 klockan 21:31 +0200 skrev David Touzeau:
I would to get cached objects especially the websites name stored into
squid cache.
Not easily done as the Squid cache index is just MD5(URL).
But see the purge tool.
On 18/05/2010 11:14, Amos Jeffries wrote:
David Touzeau wrote:
On 18/05/2010 01:35, Henrik Nordström wrote:
mån 2010-05-17 klockan 21:31 +0200 skrev David Touzeau:
I would to get cached objects especially the websites name stored into
squid cache.
Not easily done as the Squid cache
David Touzeau wrote:
On 18/05/2010 11:14, Amos Jeffries wrote:
David Touzeau wrote:
On 18/05/2010 01:35, Henrik Nordström wrote:
mån 2010-05-17 klockan 21:31 +0200 skrev David Touzeau:
I would to get cached objects especially the websites name stored into
squid cache.
Not easily done
Hello All,
I want to use the redirect_url_program when there is a change ip address of my
system.
Is it possible to detect the change in ip using squid proxy?
Thanks
Hi all,
I am running multiple instances of squid on the same machine. One instance is
taking the clients request and forwarding to its parent peer at 127.0.0.1. All
is going well. However there is a confusion related to reporting through sarg.
To capture the client activity sarge is parsing
Hi all,
I've noticed that a few users have reported problems when uploading files to
certain sites. For example upload.youtube.com. When a video is selected for
upload the upload progress moves along to completion but it never succeeds,
eventually timing out. Tracing the client in access.log I
Hi,
ps -Z = squid_t and getenforce = enforcing
squid is started with selinux
Redhat/centos platform:
If squid is installed with yum, squid will be started with a squid_t
selinux context.
If you compile your squid and installed it, you will have to change
squid files contexts manually.
As i see
Yes i am using a compiled version. I have used this command chcon -t
unconfined_exec_t /usr/sbin/squid and its working now. Is this a security issue?
regards,
Bilal
Date: Tue, 18 May 2010 14:26:06 +0200
From: tiery.de...@gmail.com
To:
On May 17, 2010, at 11:33 AM, Rich Winkel wrote:
Could someone explain the organization of this blacklist? There's a BL
directory
which includes the same categories as the top-level directory (and more) but
the overlapping categories seem to have more entries. Is this for differing
okay,
I have also worked on a similar project (squid/kerberos/selinux).
I installed squid in /usr/local/squid but I had to modify
/etc/selinux/targeted/contexts/files/file_contexts and adapt it to my
squid directory.
/usr/local/squid/etc(/.*)? system_u:object_r:squid_conf_t:s0
Hello,
I'm about to ask a daft question, maybe.
Several proxy clients Will need to access a website that requires a
client certificate. In order to avoid deploying this certificate on
each client, we would like to install the certificate on squid so it
can pass it to the web server.
Is
You can leave your hat on, apmailist!
You are asking about man-in-the-middle ( mitm ) technique for proxying.
Squid is known to be uncapable of this: it does not parse the SSL requests. It
can proxify them as a vanilla sockets via the HTTP CONNECT method.
I use to implement sich a thing for
Peter Vereshagin wrote:
You can leave your hat on, apmailist!
You are asking about man-in-the-middle ( mitm ) technique for proxying.
Squid is known to be uncapable of this: it does not parse the SSL requests. It
can proxify them as a vanilla sockets via the HTTP CONNECT method.
I use to
tis 2010-05-18 klockan 20:00 +0100 skrev Markus Moeller:
BTW Would you be interested to include squid_kerb_ldap - my ldap
authorisation module with Kerberos authentication to an ldap server ?
Yes. Submissions are always welcome. Just post the merge request to
squid-dev.
Regards
Henrik
tis 2010-05-18 klockan 21:50 +1200 skrev Amos Jeffries:
It's a third-party app still.
http://www.wa.apana.org.au/~dean/squidpurge/
or
Thanks for this tool amos, but this is an old one
compilation break on Ubuntu server 10.04
Thats the most current I'm aware of.
I have a small
tis 2010-05-18 klockan 06:02 + skrev GIGO .:
2010/05/18 10:31:52| storeLateRelease: released 0 objects
2010/05/18 10:31:52| TCP connection to 127.0.0.1/3128 failed
setsebool -P squid_connect_any true
should help there.
Regards
Henrik
tis 2010-05-18 klockan 12:41 +0100 skrev Nick Cairncross:
Could anyone offer hints as to what might be causing it? Has anyone come
across this before?
How is the ICAP server responding?
Regards
Henrik
tis 2010-05-18 klockan 14:33 +1000 skrev Kris Glynn:
I would like to know if it is possible to deny/allow based on a specific OU
in Active Directory.
Yes. The squid_ldap_group helper can do this by simply searching for the
user again below that OU and denying access if found.
Thank you very much Henrik.
A few things I would like to mention.
1. You specify using external_acl_program but I assume you mean
external_acl_type
2. What does the X mean in this acl line acl ldap_service_accounts external
ldap_service_accounts X
Again, thanks for the prompt response.
ons 2010-05-19 klockan 10:54 +1000 skrev Kris Glynn:
Thank you very much Henrik.
A few things I would like to mention.
1. You specify using external_acl_program but I assume you mean
external_acl_type
Correct.
2. What does the X mean in this acl line acl ldap_service_accounts
Hello,
I am new to squid, and trying to run it on a windows machine so help is
limited.
I am hoping that other then the paths within the conf file that most of the
commands are the same.
I have successfully got squid running on windows provided I do not set any
auth requirements on it.
What I
Thanks for the info.
Can the same be achieved with the NTLM helper given this initial configuration ?
external_acl_type ldap_group ttl=300 children=40 %LOGIN
/usr/lib/squid/wbinfo_group.pl
Can we allow/deny users in a specific OU with NTLM ?
Regards
- Kris Glynn: (07) 3295 3987 - 0434602997
Thank you i will give it a try. However i am also thinking of running SELinux
in permissive mode for my proxy server. what do you say about it?
regards,
Bilal
Date: Tue, 18 May 2010 15:00:05 +0200
From: tiery.de...@gmail.com
To: gi...@msn.com
Mine is a compiled version of squid does it matter? Is it true that binaries
available through a distro by default run in confined domain and in case squid
is compiled it will run in unconfined domain.
So i assume that my squid will run in an unconfined domain however still it was
giving
Hi All,
Your guidance is required regarding compilation.
I had compiled squid-3.0.STABLE25 with the following options:
./configure --prefix=/usr --includedir=/usr/include --datadir=/usr/share
--bindir=/usr/sbin --libexecdir=/usr/lib/squid --localstatedir=/var
--sysconfdir=/etc/squid
32 matches
Mail list logo