this patch
> to be able to rollout sp1 for ms-interet explorer after that.
>
> But I keep searching for quite a long time now.
>
> Does anybody of you have a number or name for that patch from
> microsoft, which fixes the problem with the broken auth for ms-ie?
>
>
uid connection..
Regards
Henrik
tor 2003-01-23 klockan 17.04 skrev Sander Winkel:
> Hello,
>
> Is it possible to use radius authentication with CHAP or an another
> encrypted protocol?
> I don't want to send my password unencrypted over the LAN.
>
> Sander Winkel
> The
certain privileged and confidential
> information, or information which is otherwise protected from
> disclosure. If you are not the intended recipient, you must not
> copy,distribute or take any action in reliance on this information
> **
--
Henrik Nordstrom <[EMAIL PROTECTED]>
MARA Systems AB, Sweden
. Or if that does not ring a bell Microsoft Proxy? or Microsoft
IAS?
--
Henrik Nordstrom <[EMAIL PROTECTED]>
MARA Systems AB, Sweden
On Friday 24 January 2003 13.43, Fritze, Stefan wrote:
> There is a Option called "Show friendly HTTP errors"
> This is enabled by default and you have to diaable it.
Which is generally a good thing to disable anyway... I really hate
that feature.. If the server gives an error message then the u
Upgrading to a more recent Squid version might be a good idea.
Squid-2.4 is end-of-life as far as the Squid developers is
concerned..
Regards
Henrik
On Friday 24 January 2003 16.03, Reinhold Seifert wrote:
> Hi all,
>
> we are running several squids 2.4STABLE1 on linux/i386 boxes for
> quite s
On Friday 24 January 2003 17.41, Kenn Murrah wrote:
> Is there any way to ensure that the proxy is not being bypassed?
Yes, firewalling, denying your users to go directly to port 80 on the
Internet.
Regards
Henrik
On Friday 24 January 2003 19.19, Kenn Murrah wrote:
> I guess I should have supplied more details ... i AM running a
> transparent proxy, but that simply saves me from having to
> configure everyone's browser .. they can STILL hit the gateway
> directly if they know the address ... isn't that right
Try this
# Deny everyone but our own network
http_access deny !mynetwork
# Allow access to authenticated users
http_access allow domainusers
# And finally deny everything else to be on the safe side
http_access deny all
You can also try
http_access allow mynetwork domainusers
Whichever app
Not until someone contributes the code needed to teach Squid how to
use FTP proxies.
However, Some kind of FTP proxies can be used simply with the help of
a redirector. If the FTP proxy works by user@host proxy scheme then
you can use a redirector like this
#!/usr/bin/perl -p
BEGIN { $|=1; }
s
If you post a diff to the FAQ SGML sources to
[EMAIL PROTECTED] then it has a very high chance of getting
included.
Regards
Henrik
On Saturday 25 January 2003 00.22, Gerard Eviston wrote:
> > 32-bit processes on AIX 4.2.1 and later are restricted by default
> > to a maximum of 11 shared memory
On Saturday 25 January 2003 07.09, Gerard Eviston wrote:
> On Sat, 25 Jan 2003 11:46, Henrik Nordstrom wrote:
> > If you post a diff to the FAQ SGML sources to
> > [EMAIL PROTECTED] then it has a very high chance of
> > getting included.
>
> I didn't realise the SG
There is three main cases to why Squid does not cache all http
request:
a) The server has marked the reply as not cacheable. See the
cacheability check engine (linked from Related Software).
b) The client requests a fresh copy not from cache.
c) The server did not provide any relevant expiry i
How much bandwidth do you have? (not much I suppose, as you say you
are using dial-up).
How have you configured squid.conf?
What do you get in Squid's access.log?
As you are using Dial-up my first guess would be that one of your
clients is hogging all the available bandwidth. Maybe due to a v
e wrong ? Please help
>
> Regards,
> Michael Fuller,
> Network Administrator - RAILNET,
> Signal and Telecommunication Department,
> Southern Railway,
> Park Town, Chennai - 600 003.
> India.
> Phone: +91-44-25331962, +91-44-25348123 / 627
> E-Mail : [EMAIL PROTECTED]
--
Henrik Nordstrom <[EMAIL PROTECTED]>
MARA Systems AB, Sweden
Administration
> Magic Internet Services, Inc.
> (701) 838-1265
> (701) 857-0238 (voicemail)
> [EMAIL PROTECTED]
> http://www.minot.com
--
Henrik Nordstrom <[EMAIL PROTECTED]>
MARA Systems AB, Sweden
ne
of the support providers.
--
Henrik Nordstrom <[EMAIL PROTECTED]>
MARA Systems AB, Sweden
all good,
> but now we have a new connection with other provider, then we added a card
> of network to the Linux-squid server, I need that when the requests come
> from a network x.x.x.x it removes I deal by the new interface. How can I do
> it?
>
> Thanks in advanced,
>
&
On Sunday 26 January 2003 04.56, Brendan Macmillan wrote:
> > > However, one deep problem is you can't delete files on the ftp
> > > server...
> >
> > DELETE is not hard to implement in Squids ftp:// gateway if there
> > is a client using it.
>
> I see what you mean - client is the problem, not Squ
On Saturday 25 January 2003 23.51, Tesla 13 wrote:
> Hello Folks,
>
> This issue is fixed by Rob/Henrik. Latest CVS builds successfully.
> Don't forget to issue 'squid3' to cvs: cvs checkout squid3
>
> For CVS info, please see: http://www.squid-cache.org/Devel/cvs.html
A word from the developers:
Yes, most of our products have more than one NIC for firewalling
purposes.
Squid does not really care how many NICs your box have. It is the
responsibility of the OS to configure NIC addresses and routing,
Squid just makes use of what you have.
To aid the OS in this use Squid can specify which
On Sunday 26 January 2003 13.46, Kambiz Nasehi wrote:
> Dear users
>
> I want to know if there is a way that the squid don't change
> clients IP when pass the requests to the Internet?
Not really.
The only network layout where this ever would be possible in a sane
manner is when the clients are
On Sunday 26 January 2003 09.29, éÌØÑ ûÉÐÉÃÉÎ wrote:
> I don't want certain objects to be cached (even if were previously
> cached!) so I tried two combinations of "no_cache"
>
> 1) acl QUERY urlpath_regex cgi-bin \?
>acl DrWeb urlpath_regex drweb
>no_cache deny QUERY
>no_cache deny Dr
On Monday 27 January 2003 01.25, PeterKorman wrote:
> My apologies for late arrival on this thread.
> suppose the SQUID server has a public IP
> address that is running NAT to pipe traffic
> on and off of the internet transparently for
> the web server but the webserver has
> 192.168.x.y. a privat
in http://... form to https///... form ?
>
> Regards,
--
Henrik Nordstrom <[EMAIL PROTECTED]>
MARA Systems AB, Sweden
t nat -L PREROUTING -v -n
report?
Also, are you sure this is the gateway used by your clients to reach the
Internet?
--
Henrik Nordstrom <[EMAIL PROTECTED]>
MARA Systems AB, Sweden
AN network wise speaking) a single
100Mbps NIC is way more than sufficient I would say. Adding more NICs
won't give you better performance here.
--
Henrik Nordstrom <[EMAIL PROTECTED]>
MARA Systems AB, Sweden
uid-2.5 can use the NTLM authentication scheme.
See the Squid FAQ chapter on authentication, specifically the section on
how to set up Squid to use winbind.
--
Henrik Nordstrom <[EMAIL PROTECTED]>
MARA Systems AB, Sweden
1 GB RAM
> 1 36 GB SCSI
>
> thanks
--
Henrik Nordstrom <[EMAIL PROTECTED]>
MARA Systems AB, Sweden
On Monday 27 January 2003 16.03, Schelstraete Bart wrote:
> Quoting [EMAIL PROTECTED]:
> > I was having that same problem. A few differences but generally
> > the same thing. I just dropped into google and searched for:
> > (Without the quotes)
> >
> > "Squid Parent: child process exited due to s
On Monday 27 January 2003 21.18, Robert Collins wrote:
> On Tue, 2003-01-28 at 02:18, Alex Short wrote:
> > One of my users complained that these two files magically
> > appeared on their desktop one day. They use a squid proxy using
> > an automagic proxy url, http://domain/proxy.pac
> >
> > Just
On Monday 27 January 2003 21.10, Viaris wrote:
> Hi all,
>
> Ok, now I am using routing with iproute en my linux box, I have a
> route table to use my two interfaces.
>
> My question is: Do I need to make changes in the squid
> configuration?
Normally not, but it depends on what you actually want
This just is how IE works. Nothing Squid can do about it.
Hmm.. thinking aloud here.. is't there a advanced internet options
parameter controlling when/how IE opens new sessions (which requires
a new login)? I do not have any IE browsers around currently..
Regards
Henrik
On Monday 27 January
Most likely the document was not modified in ages (or clocks are out
of synch) when Sqiud originally requested the object.
As for how to tune how Squid behaves see the refresh_pattern directive
in squid.conf.
Regards
Henrik
On Monday 27 January 2003 15.08, [EMAIL PROTECTED] wrote:
> Hi all,
>
Try this:
1. iptables-save > working
2. reboot
3. iptables-save > bad
4. disable the transparent proxy and re-enable it.
Then compare "working" and "bad" to see if there is any difference. If
there is a difference, try to figure out from where this difference
arised.
Regards
Henrik
On Mon
The free ram as reported by top should only be a few MB when a server
has been in use for a while. What is not used by applications should
be used by bufffer/cache.
See the output of free for a better reading of "free" ram.
What to watch is the swap usage. On a Squid server the swap usage
shou
http_access works by which acl the request was denied by, not which
acl the request was allowed by...
I think you want
http_access deny !quota
Regards
Henrik
On Tuesday 28 January 2003 03.59, Piccoli, Lucio wrote:
> hi all,
>
> I have having trouble configuring the custom error pages for when
YOu have to talk to the webmaster of this site to have them explain
how/when they use the X-Forwarded-For header. Seems they for some
unknown reason only use this header for certain browser types.
Regards
Henrik
On Tuesday 28 January 2003 10.09, Laurent HENRY wrote:
> Hi,
> you are right.
On Tuesday 28 January 2003 10.41, Andrey Voitenko wrote:
> Does anyone know, how to configure Squid to redirect all queries to
> ISVW to obtain a chain
> (user)---(Squid)---(ISVW)---(Inet)?
As per the Squid FAQ on using squid within a proxy based firewall:
cache_peer no-query
never_direct a
help if you can advise machine and squid configuration
>
> Regards
>
> ------ Original Message ---
> From: Henrik Nordstrom <[EMAIL PROTECTED]>
> To: HBK <[EMAIL PROTECTED]>
> Sent: 27 Jan 2003 15:11:32 +0100
> Subject: Re: [squid-users] squid with
On Tuesday 28 January 2003 03.25, Kwan Chee Kin wrote:
>
> The infected host will try to make at least 100 hits/minute to the
> bogus URL through the Squid. This affect the squid logs -
> access.log and store.log. It grew to a few Gigs within hours.
>
> My question will be is there any solu
the following:
>
> acl allowed_iplist src 192.168.0.0/255.255.255.0
> acl denied_host1 src 192.168.0.10/255.255.255.0
You want
acl denied_host1 src 192.168.0.10
Regards
Henrik
--
Henrik Nordstrom <[EMAIL PROTECTED]>
MARA Systems AB, Sweden
tis 2003-01-28 klockan 11.02 skrev Guilherme G. Felix:
>Does squid support a Include tag? I would like to use a third-part acl
> file.
Each acl line can include the members of that acl, such as
acl our_networks src "/path/to/file/listing/local/networks"
--
Henrik N
to work (I've not tested Windows Update yet) but in my
> access.log file my connection is logged as originated directly by the
> proxy address.
Are you using transparent interception or manyally configured proxy
settings?
--
Henrik Nordstrom <[EMAIL PROTECTED]>
MARA Systems AB, Sweden
cil as personal and will not be authorized by or sent on behalf of the
>Council. The sender will have sole responsibility for any legal actions or disputes
>that may arise.
--
Henrik Nordstrom <[EMAIL PROTECTED]>
MARA Systems AB, Sweden
G. Felix - Sys Admin - Internet by Sercomtel
> Phone: 43 3375-1547 , Fax: 43 3375-1512
> e-mail: [EMAIL PROTECTED]
> visit: http://www.sercomtel.com.br
>
> On 28 Jan 2003, Henrik Nordstrom wrote:
>
> > tis 2003-01-28 klockan 11.02 skrev Guilherme G. Felix:
> > >
acl2 AND ...
OR
... acl3 AND acl4 AND ...
Regards
Henrik
--
Henrik Nordstrom <[EMAIL PROTECTED]>
MARA Systems AB, Sweden
Tesla 13 wrote:
>
> It would be nice to eliminate the need for a web server in order to include
> custom images in squid error pages. Any way to do this?
Yes. Load them as dummy icons via mime.conf.
To figure out the icon URL syntax just open a FTP or Gopher direcorly
listing and study the URLs
Hélio Dubeux wrote:
>
> I read a whitepaper in squid´s web site and i would like to know if it´s
> possible to implement QoS per user with Squid. For example:
> Is i have a 1Mb Internet Link and i´d like to make ACLs so that when a user
> authenticate the system separate for him his speed, for exa
"Ryan Delany (TS-US)" wrote:
> I followed the steps and have attached the output from a diff on working and
> bad. There doesn't appear to be anything useful in this output that would
> indicate what the problem is. Can you see anything? I have this problem on
> two completely seperate systems
This error is/was seen if SSL failed to load the certificate.
Regards
Henrik
Adam Lewis wrote:
>
> Hi,
>
> I'm receiving the following error when attempting to connect to
> https://myserver. The error is from cache.log. I have compiled with
> option --enable-ssl and patched squid for ssl wit
Sander Winkel wrote:
>
> Hello,
>
> I've a strange problem with pam_radius authentication.
> I want to authenticate the user against our w2k domaincontroller.
> But the only way the authentication works is when the user is known at the
> squid server itselfs too.
This is usually the case when us
[EMAIL PROTECTED] wrote:
> 1 - In order to use ICP on an accelerator, you need to enable
> http_accel_with_proxy. Is this still the case?
Should not be needed.
> 2 - If it is the case, what is the best method for locking down Squid so
> that abitrary proxying through this accelerator is unavail
See the Squid FAQ for one possible cause to the first two entries..
REgards
Henrik
TSIOLAS KOSTAS wrote:
>
> > In my proxy RH7.3 Squid2.5st1 i get this lines in access log.
> >
> > 1043761343.085 4 192.168.60.70 NONE/400 1503 GET
> > http://GATE1:8080GATE1:8080 - NONE/- text/html
> > 10437
"Kundiger, Rick" wrote:
> When adding any text after the "no-query" (ie acl hq_intranet) and so on I
> crash on startup.
There is no cache_peer option called hq_intranet, but there is an option
called "no-query" which disables the use of ICP. See the cache_peer
documentation.
> If I separate the
To deny access, and use deny_info you should be using http_access deny
...
something like this should work I think
http_access allow auth_hosts quota
http_access deny auth_hosts
deny_info ERR_NO_AUTH quota
deny_info ERR_NO_QUOTA auth_hosts
or rearranged to make more sense in deny_info
http_a
Jay Turner wrote:
>
> Hi All,
>
> I am after some clarification regarding Squid-2.4.STABLE6-6.7.3 and the use
> of /etc/hosts.
Squid-2.4 does not read /etc/hosts when using the internal DNS client.
This feature is only available in Squid-2.5 and later.
To have Squid-2.4 use /etc/hosts it must b
Raja R wrote:
> my proxy should not cache say www.abc.com domain and all sublinks under that
> say www.abc.com/x www.abc.com/y and so on.
> I am using the following acl for that but does not seem to be very
> effective .. pls suggest or correct me..
>
> acl test_nocache urlpath_regex www.abc.co
Tesla 13 wrote:
> Do you mean loading them up as:
>
> SRC="http://proxy:3128/squid-internal-static/icons/some_custom_icon.gif";
Yes
> This won't work as required by me.
Why?
> Is there any other way of doing this without specifying the protocol?
SRC="/squid-internal-static/icons/some_custom_
You already said it: firewalling, limiting what kind of Internet
services your users may connect to without using the proxy.
Regards
Henrik
Michael wrote:
>
> Can anyone suggest good methods to block web traffic from my site that
> isn't through a proxy? I know this will deny a good majority of
Marc Elsen wrote:
> My tax advisor says : there are no stupid questions.
>
> I think 'Request Hit Radios' refer to object hit rates,
> while 'Byte Hit Ratios' refer to byte hit rate versus cache dir
> (sizes).
You are on the correct track, but cache dir sizes have nothing to do
with it exce
frank chibesakunda wrote:
>
> Hallo,
>
> I´m using Squid Proxy + Squidguard Filter + smb_auth Module. I want to
> check all the incomming traffic (Content Check) with an Antivirus Tool.
> Has anybody an idea what Virusscanner do I need?
One that supports server based scanning of HTTP traffic.
M
Please RTFM.
Regards
Henrik
ons 2003-01-29 klockan 11.29 skrev Raja R:
> So how will the acl look like ?
>
> thanks,raja.
>
>
>
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
> Henrik Nordstrom
> Sent: Wednesday,
???
Squid is not a web server. Squid is a proxy. If you have users using the
Squid proxy then each request sent by these users to the proxy will
result in a HTTP request sent by Squid.
Regards
Henrik
Devon Harding - GTHLA wrote:
>
> I noticed in my log, I have out going http request from my squ
es, and the Other Internet
protocols.
You are welcome to correct me if you find any errors in the above.
Regards
Henrik
--
Henrik Nordstrom <[EMAIL PROTECTED]>
MARA Systems AB, Sweden
h it's SSL over
> the authentication but when I'm authenticated it goes back to clear text.
> Am I missing an option in the config?
>
> Thanks,
>
> Adam
>
> - Original Message -
> From: "Henrik Nordstrom" <[EMAIL PROTECTED]>
> To: "Ada
ansparent proxy, iptables save, iptables restart,
> enable transparent proxy, iptables save, iptables restart and it starts
> working again.
I have been using iptables since the days of Linux-2.4.PRE, and never
seen anything like it.
Reboot systems almost daily in development..
--
Henrik Nordst
transparent proxying.
Also, to fully support transparent proxying on Linux-2.4 you must build
your Squid binary with support for linux netfiler. Also explained in the
FAQ.
--
Henrik Nordstrom <[EMAIL PROTECTED]>
MARA Systems AB, Sweden
udent group (192.168.1.194), I got
> 10kbps or below. Without using delay_pools I got
> 270kbps.
>
> Did I miss something? Would you please point me to
> the correct direction? Any help would be great.
>
> Best regards,
> zul
>
>
he browser complains about authorization failure and
> asks for username/password again, and again...
>
> Is there a way to deny the access for the sites without complains
> from the browser with authentication popup ??
You might be able to set up some ugly rules via referer_reg
GROUP authentication (whew) but am up
> > > against this issue, as we've deployed a bunch of machines with Win2k/IE6
> > >
> > > Any help would be appreciated!
> > >
> > > Rob
> >
> > Colin
> > --
> > Colin Campbell
> > Unix Support/Postmaster/Hostmaster
> > CITEC
> > +61 7 3227 6334
--
Henrik Nordstrom <[EMAIL PROTECTED]>
MARA Systems AB, Sweden
tion for
> wb_group to allow an popup to authenticate to access the proxy with another
> user??
Yes. Convince Microsoft that asking the user to provide new login
credentials to the proxy is a good thing if his NTLM credentials are
rejected.
Or do not use NTLM.
--
Henrik Nordstrom <[EMAIL
he value of reply_body_max_size to 0 I can access al sites as
> well.
> But I want to block downloads of more then 15MB, so I want to change this to
> zero.
>
> What to do?
> I'm using squid-2.5.stable1-20030109 @ suse 8.0
>
> Sander Winkel
--
Henrik Nordstrom <[EMAIL PROTECTED]>
MARA Systems AB, Sweden
seless people on the net.
>
> Tesla
>
>
> >From: Devon Harding - GTHLA <[EMAIL PROTECTED]>
> >To: 'Henrik Nordstrom' <[EMAIL PROTECTED]>
> >CC: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>,
> >"'[EMAIL PROTECT
configuration that would prevent squid from sending 2
> identical requests and wait for the first request to be served ?
>
> Thanks
--
Henrik Nordstrom <[EMAIL PROTECTED]>
MARA Systems AB, Sweden
ng some development-packages concerning
> "Array.c" or "socket.h"...
I would say you either have a very corrupt system with a corrupt
root/usr filesystem, or are out of diskspace...
--
Henrik Nordstrom <[EMAIL PROTECTED]>
MARA Systems AB, Sweden
--Original Message-
> From: Devon Harding - GTHLA
> Sent: Wednesday, January 29, 2003 12:26 PM
> To: 'Henrik Nordstrom'
> Cc: '[EMAIL PROTECTED]'
> Subject: RE: [squid-users] Outgoing http request?
>
> Fixed it!
> http://www.squid-cache.org/Doc/
and tied it with info on this page:
>
> http://group-ldap-auth.sourceforge.net/
>
> So its a bit of a guess.
>
> Whats wrong? Do I need the other basic_auth LDAP helper as well?
--
Henrik Nordstrom <[EMAIL PROTECTED]>
MARA Systems AB, Sweden
r cache administrator is webmaster.
>
> - Original Message -
> From: "Henrik Nordstrom" <[EMAIL PROTECTED]>
> To: "Adam Lewis" <[EMAIL PROTECTED]>
> Sent: Wednesday, January 29, 2003 1:12 PM
> Subject: Re: [squid-users] SSL error
>
> >
Normally Suqid sends a ICP query on each and every cache miss request
(not just page.. there is no such thing as "page" in HTTP).
If squid thinks your application is dead then it will stop sending ICP
queries for a short while to not waste bandwidth. A peer is declared
dead if no valid ICP respons
The Squid developers fully admit that many entries in the Squid FAQ is a
bit dated and needs a cleanup to exacly match the current versions.
However, most of the information is valid (even is minor details may
differ). Note: developers as we are we tend to spend most our available
time coding..
An
Daniel Barron wrote:
> > For information on how to configure Squid-2.5 see the documentation of
> > squid_ldap_auth and squid_ldap_group, both shipped with the Squid
> > sources.
>
> I have the squid 2.5S1 source and can only find a squid_ldap_group helpers
> dir. It contains only a man file whi
The faulty component is the web server (or webmaster) in this case.
headers is only valid if the web server hosting the
pages knows to parse the HTML and insert these headers into the HTTP
headers.
Unfortunately some web browsers stupidly enough also reads these
headers, making a mess of things
Frank Liu wrote:
> 2) is it possible to config quid to send a user defined IP (say
>the IP of the proxy server itself), rather than "unknown" ?
Should be possible to change the header to say whatever you feel like
via header_replace.
> on a related one, is it possible to "insert" an customer
Tim Bernhardson wrote:
>
> Simon:
>
> I have this running (squid 2.5Stable 1 base, squid_ldap_auth from
> 2.6DEVEL-20021212, stunnel 3.22 on Mandrake 8.1 talking to a Novell 5.1 box).
>
> Make the changes to squid_ldap_auth.c for
> *searchfilter = "(&cn=%s)(objectClass=person))"
> *binddn = "cn=
Frank Liu wrote:
> I actually tried that a few days ago (see my other post) and it didn't
> work, which made me believe "header_replace" would only work for
> headers set from the client, not for those headers set by squid itself.
>
> Now I re-read the squid.conf, maybe I have to "header_access"
2.5.STABLE2 is planned when the developers are happy with the resolution
to bug #448 and when the changes relative to STABLE1 has received
sufficient amount of testing to be declated a STABLE release.
If you want to help speed up the process then please help with testing
the patches to bug #448 an
t; 165.76.120.115 - - [29/Jan/2003:11:37:40 -0500] "GET
> http://home.hanmir.com/~roninman/bijin0289.jpg HTTP/1.0" 504 1045
> TCP_MISS:NONE
>
> -Devon
>
> -Original Message-
> From: Henrik Nordstrom [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, January 28, 2003 9:23 PM
>
Raid2-5 is not good for Squid cache drives due to their high write
penalty for small random writes.
For the cache use either individual drives, or two RAID1 sets.
What was the reasoning to select RAID3?
reiserfs is a good filessytem candidate.
There is no benefit in performance to split the ca
Phil Oester wrote:
>
> I'd like to help, but since I only use Squid transparently, I can't
> help test the auth patch you mention.
Most of the tests should be done in a lab so it does not really matter
how you use Squid in production.
> I would, however, offer that the corruption problems which
Siew Wing Loon wrote:
>
> If we can make squid authenticate with AD, we still
> see the pop-up dialog box requesting for
> authentication, right?
Not if you use the NTLM scheme via winbind and MSIE browsers configured
to use Squid as a proxy..
Requires MSAD to be installed with support for NTLM
Yes, by denying by another acl than an authentication related acl..
Regards
Henrik
Olivier JAVAUX wrote:
>
> The rules are OK.
> My problem is that, when an URL is denied due to the rules,
> it is considered from the browser as an authentication failure,
> and the browsers asks for authenti
Ilker Gokhan wrote:
> Prefer SCSI disk instead of IDE disk (don't use RAID5 as well) If you
> have chance.
Modern IDE drives works quite well. With 4 IDE drives properly
configured for best performance you will quite likely run into other
limitations than disk I/O with Squid..
But RAID2-5 for th
busy and the spindles in sync.
Note: The transaction patterns reaching the controller is mostly the
same, regardless if you have one or many partitions. Because of this
there is no benefit in performance for Squid to have more than one cache
partition per set of drives in a RAID.
--
Henrik Nords
all sockets are owned by the single Squid user.
Regards
Henrik
--
Henrik Nordstrom <[EMAIL PROTECTED]>
MARA Systems AB, Sweden
e squid to be
> delivered with unlimited speed.
>
> Please let me know how to configure it?
>
> Best regards,
> zulkarnain
>
>
> --- Henrik Nordstrom <[EMAIL PROTECTED]> wrote:
> > What is the exact purpose of your "no_limit" acl?
> > Which reques
om/8080/0
> 2003/01/30 15:17:14| TCP connection to proxy.qqq.com/8080 failed
>
> My configuration:
> cache_peer proxy.qqq.comparent8080 0 default no-query
> cache_peer proxy.eee.fi parent8080 0 no-query
>
> peer_connect_timeout 30 seconds
>
&g
mum_object_size_in_memory 20 KB
> ipcache_size 4096
> fqdncache_size 4096
> cache_replacement_policy heap LFUDA
> memory_replacement_policy heap LFUDA
>
> cache_dir aufs /var/spool/squid/disk1 14000 16 256
> cache_dir aufs /var/spool/squid/disk2 14000 16 256
--
Henrik Nordstrom <[EMAIL PROTECTED]>
MARA Systems AB, Sweden
Your first step for improving performance would be to add some more ram
to bte box.. A PIII with only 128MB of ram is seriously underdimensioned
in RAM.. You should have no less than 256 MB with such CPU.
See also the Squid FAQ on memory usage. Gives you a good guide on how
much cache you can con
Marc Elsen wrote:
> cachemgr.cgi comes with squid, and you should install it in
> a cgi-bin of your webserver.
>
> It is called the instrumental interface to the cache and is invaluable
> for tracking these kind of problems.
Please d put cachemgr.cgi in a public without thought. It is not
1 - 100 of 13033 matches
Mail list logo