-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello!
Are there any plans to implement the X-Forwarded-For feature in Squid3?
We had to use Squid3 due to some ICAP project stuff and we will need the
X-Forwarded-For feature for some other stuff too...
Greetings,
Matthias
-BEGIN PGP
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Amos Jeffries wrote:
Yes. It is already done and in Squid 3.1.
We've had a fair number of annoyances found with the 3.1.0.2 packages
not including everything they needed for the new code. One more in
todays snapshot. So for testing I'd advise
Hello there!
Is there any date when Squid 3.1 will be official released?
Thanks in advance!
-- Matthias
Francois Cami wrote:
On Tue, Mar 3, 2009 at 8:32 AM, Silamael silam...@coronamundi.de wrote:
Is there any date when Squid 3.1 will be official released?
Thanks in advance!
http://wiki.squid-cache.org/ReleaseProcess#head-eea0e990c0003af12917552175691a5120980cdd
Thanks for the reply
Amos Jeffries wrote:
We don't exactly date things here. With everyone working on voluntary
time its unpredictable. Though there has been a fairly regular 4-week
cycle for new X.Y.0.z beta releases.
For planning and upgrade testing, 3.1.0.6 is a fairly stable point to
begins with.
Back
Hello!
Is there any possibility at moment to use DNSSEC in Squid?
We want to present a special error page if a DNS answer is received
which fails the DNSSEC check.
Are there any built-in features, patches or anything else to realize this?
Thanks in advance!
Greetings,
Matthias
Hello,
Is there a possibility to run Squid without using a disk cache?
Former versions had the null module for storeio which could be used for
that. Now there is no such null module.
Thanks in advance!
-- Matthias
Amos Jeffries wrote:
Hello,
Is there a possibility to run Squid without using a disk cache?
Former versions had the null module for storeio which could be used for
that. Now there is no such null module.
Thanks in advance!
Running without disk cache is now the default :)
A Squid-3.1
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello there,
Will the paths on the HTTP-Server also change?
- -- Matthias
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Zeller, Jan wrote:
Hi Amos,
thank you very much for your patch ! Great !
Applied it like this :
$ patch -p0 b9052.patch
patching file src/client_side.cc
Hunk #1 succeeded at (offset 81 lines).
$ make make install - this time is
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Zeller, Jan wrote:
Hi Amos,
I now explicitly enabled
--enable-stacktraces Enable automatic call backtrace on fatal errors
during the build and added CFLAGS=-g -ggdb in front of ./configure
but the result seems to be the same...
#
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello together,
Squid 3.1.0.12 runs pretty well except this assertion problem i've also
seen on the mailing list for Squid 3.0 Stable17.
Every time the assertion fails, before following is logged:
... HttpMsg.cc(157) parse: first line of HTTP
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Thomas Jackowski wrote:
Hi,
Squid crashes with this message in cache.log:
2009/08/11 06:54:31| assertion failed: store_client.cc:430:
STORE_DISK_CLIENT == getType()
2009/08/11 06:54:35| Starting Squid Cache version 3.0.STABLE8 for
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello everyone,
We're running Squid version 3.1.0.12 with the fix for the DoS
vulnerability applied and have from time to time crashes due to this
assertion:
assertion failed: src/store_client.cc:430: STORE_DISK_CLIENT == getType()
I searched in
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello everyone!
We're running a Squid version 3.1.12 with a cache peer configured.
Furthermore Squid is configured to forward every request directly to the
cache peer. Nevertheless Squid is doing a DNS query for every requests
received. At this point
Amos Jeffries wrote:
This is usually a configuration problem.
Please provide your squid.conf file contents (minus empty and comment
lines)
Amos
Hello Amos,
Here is our configuration.
Thank you for your help.
-- Matthias
#
# WARNING: Do not edit this file, it has been automatically
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Silamael wrote:
Amos Jeffries wrote:
This is usually a configuration problem.
Please provide your squid.conf file contents (minus empty and comment
lines)
Amos
No one has some idea what's wrong with our configuration?
- --Matthias
-BEGIN
Amos Jeffries wrote:
...
anything resolving to 127.0.0.1 on this host is not necessarily
resolving to 127.0.0.1 on any other host (ie the parent proxy)
NP: having a DNS server resolve 127.0.0.1 for anything public is very
nasty.
Hi Amos,
Thank you for your help. Meanwhile i did some
Amos Jeffries wrote:
That seems very strange. Very strange.
Squid using internal DNS resolver sends out UDP packets and waits for a
reply positive or negative. Using that.
The NXDOMAIN results make sense if we assume they come back with some
TTL so short Squid needs to run through the DNS
Hello together,
Is there any possiblity to realize a round robin scheduling for requests
sent to ICAP services? Goal is to forward each HTTP request to the next
available ICAP service due to load balancing issues.
As far as i read the configuration manual, there is no option to to
this. Can this
Silamael wrote:
Hello together,
Is there any possiblity to realize a round robin scheduling for requests
sent to ICAP services? Goal is to forward each HTTP request to the next
available ICAP service due to load balancing issues.
As far as i read the configuration manual, there is no option
Amos Jeffries wrote:
You have IPv6 disabled in your system somehow.
Squid opens IPv4/IPv6 hybrid sockets to receive and send both v4 and v6
traffic in one socket for simplicity and ease of transition. If that fails
like in your case it falls back to IPv4-only sockets.
I recommend
On 11/16/2009 01:45 PM, Werner Müller wrote:
The Problem is, that i cannot reach a Server over the IP:
with this cache_peer entry i get a failure:
cache_peer 1.1.1.1 parent 3128 0 default no-query no-digest
The localhost entry was only a test. But it's very strange that it
works with the
Hello together!
We're using the ICAP interface of Squid for some request filtering.
When the ICAP server denies access to a page, it responds with an 403
HTTP return code and some error page. Squid only forwards the return
code to the client but the body of the response is not forwarded.
Is
On 11/18/2009 01:59 AM, Amos Jeffries wrote:
Maybe yes, maybe no
What configuration are you referring too?
Is the ICAP server setting Content-Length correctly to the size of the
error page body?
Hello Amos,
As far as i can say, the Content-Length is set properly. I have some
On 11/18/2009 08:22 AM, Silamael wrote:
On 11/18/2009 01:59 AM, Amos Jeffries wrote:
Maybe yes, maybe no
What configuration are you referring too?
Is the ICAP server setting Content-Length correctly to the size of the
error page body?
Hello Amos,
As far as i can say, the Content-Length
On 11/23/2009 09:41 AM, Silamael wrote:
Hello Amos,
I found out that my test creates an invalid Encapsulated header. After
fixing it, squid dies with an assertion failure in
BodyPipe::undoCheckout().
Attached you find the cache.log of my test.
Greetings,
Matthias
Hello together,
I searched
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 02/02/2010 02:33 AM, The Doctor wrote:
Squid 3.1.16 is not working on my FreeBSD 7.2 Box.
not working is a quite helpfull problem description...
- -- Matthias
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG
Hello,
I just built the new version of Squid. When starting, Squid dies
instantly with an assertion failure in peer_select.cc, line 627.
Apparently in peer_select.cc PINNED is missing in the hier_strings.
PINNED is in enums.h but not in peer_select.cc, so the list of constants
and the string
Hello!
In Squid 3.1.0.16 the error file errors/ca/ERR_CACHE_ACCESS_DENIED is
completely empty.
Greetings,
Matthias
On 02/02/2010 11:38 AM, Amos Jeffries wrote:
Sorry about that. This was caught shortly after the release was
announced. The bundles have since been updated.
Please re-download and re-build your copy of 3.1.0.16. If you are using
a pre-packaged version please contact the package maintainer.
On 02/02/2010 11:53 AM, Amos Jeffries wrote:
Strange. I can't see anything obviously wrong with that languages source
files.
For now, copying templates/ERR_CACHE_ACCESS_DENIED to
ca/ERR_CACHE_ACCESS_DENIED will get around this.
I'll keep an eye on the snapshots and see if its broken there
Hello together,
Just build the new Squid 3.1.0.18 and noticed that now, Squid does an
HTTP/1.1 request to the server even if the client just sent an HTTP/1.0
request. Previous versions of Squid did not do that.
Is this intended or did i stumble over some minor bug?
-- Matthias
On 03/15/2010 01:37 PM, Amos Jeffries wrote:
RFC 2616 compliance has nearly been reached in 3.1.
Squid can now talk HTTP/1.1 to web servers. Upgrading requests like you
saw is the final requirement to be met in that area.
Hi Amos,
Thank you for the quick answer :)
-- Matthias
On 04/14/2010 04:02 PM, Boniforti Flavio wrote:
Hello list.
I'm on Debian SID and wanted to update squid3 to the latest 3.1.1-2
version. What happened is that dpkg returned me following error:
Configurazione di squid3 (3.1.1-2)...
sed: errore di lettura su stdin: Is a directory
dpkg:
Hello!
I'm getting some error when compiling Squid 3.1.3 on OpenBSD 4.6 due to
a redefinition of FD_SETSIZE in compat/fdsetsize.h.
Patch attached which fixed this for me.
Greetings,
Matthias
Fix redefinition error for FD_SETSIZE on OpenBSD 4.6.
--- compat/fdsetsize.h.orig Mon May 3
On 05/03/2010 02:04 PM, Amos Jeffries wrote:
Silamael wrote:
Hello!
I'm getting some error when compiling Squid 3.1.3 on OpenBSD 4.6 due to
a redefinition of FD_SETSIZE in compat/fdsetsize.h.
Patch attached which fixed this for me.
Greetings,
Matthias
Thanks for the thought
On 05/03/2010 02:04 PM, Amos Jeffries wrote:
Thanks for the thought, but...
Code in Squid is NOT permitted to include system headers before the
FD_* compat code. Kernel defines will be allocated with incompatible
size and overflows happen.
Can you provide a full compiler trace of the
On 05/04/2010 01:42 AM, Brett Lymn wrote:
On Mon, May 03, 2010 at 05:08:29PM +0200, Silamael wrote:
Fix include order to ensure that FD_SETSIZE from the compat/fdsetsize.h is
set
before it is set by sys/select.h (included by stdlib.h).
To be strictly correct about this, the problem
Hello!
Yesterday i tried to build the new version of Squid on OpenBSD 4.6.
Unfortunately there's some problem in src/mem.cc. new_pool_limit is of
type size_t which is a long unsigned int. In line 359 a -1 is written
into new_pool_limit. Newer g++ versions seems to accept this as valid
but
On 06/02/2010 08:54 AM, Silamael wrote:
Hello!
Yesterday i tried to build the new version of Squid on OpenBSD 4.6.
Unfortunately there's some problem in src/mem.cc. new_pool_limit is of
type size_t which is a long unsigned int. In line 359 a -1 is written
into new_pool_limit. Newer g
Hello!
We're using SquidGuard for blocking certain URLs. Now, the problem is
that SquidGuard redirects to some internal://.../error-access-denied
URL, but in this page this internal URL is shown as blocked URL instead
of the original URL.
Is that any configuration problem or did i stumble over
On 07/22/2010 03:24 PM, Beavis wrote:
looks like a config is missing. in my setup i have prepared the
internal access-denied page and put a fqdn on use an internal dns zone
you have to resolv it. squid does pretty good on filtering, and it
includes filter via IP. try to have the page with url
On 07/24/2010 06:10 AM, Amos Jeffries wrote:
Yes. This is why the interface is called URL re-write.
It alters the URL being fetched in-transit to whatever the re-writer
sends back. Squid then fetches that URL from the server in the Host:
header or a cache_peer.
Another catch is that all the
Hi there!
Yesterday i tried to compile the brand new version 3.1.6 on OpenBSD.
Got some compiler error on src/ip/tools.cc, line 70. Seems that at least
on OpenBSD the include of unistd.h is missing. If I add
#include unistd.h myself, tools.cc compiles fine.
-- Matthias
On 08/25/2010 04:34 PM, Leonardo wrote:
Hi all,
I am re-posting this as a separate thread so to handle one problem at once.
My aim is to use Squid with TPROXY capabilities enabled, so I am
trying to build the latest source (3.1.6) on Debian Lenny 5.0.5:
./configure
Hello,
I just debugged something i think it probably not working as intended:
I start Squid with some cache_dir option in its configuration file.
Afterwards i remove the cache_dir line from the config and send Squid a
SIGHUP (or do squid -k reconfigure).
When accessing further URLs after this, i
I together,
When compiling Squid 3.1.11 on the current OpenBSD, i get an error
because netinet/in.h is not included in include/util.h before including
arpa/inet.h.
Attached is a simple patch fixing this issue.
-- Matthias
--- include/util.h.orig Thu Mar 3 14:04:15 2011
+++ include/util.h
On 04/05/2011 12:05 PM, Indunil Jayasooriya wrote:
Hi ALL,
I downloaded squid-3.2.0.6 from below URL
http://www.squid-cache.org/Versions/v3/3.2/squid-3.2.0.6.tar.gz
I ran (this is on OpenBSD 4.8 - 64 bit)
./configure
It went fine.
Then, ran
make
stoped at below error
Hello there,
We have some application encountering problems if it's communicating via
Squid:
- the application sends a HTTP/1.1 HEAD-Request with Proxy-Connection:
keep-alive set
- Squid then forwards the request to the server with Connection: keep-alive
- the server replies with the headers and
Hello!
Sometimes starting Squid in OpenBSD 4.9 fails with the following message
in cache.log:
diskHandleWrite: FD 10: disk write error: (14) Bad address
So far, I was unable to get some more information when enabling some
debug options. The only bit of information I was able to gather was a
On 11/03/2011 03:50 PM, Silamael wrote:
Hello!
Sometimes starting Squid in OpenBSD 4.9 fails with the following message
in cache.log:
diskHandleWrite: FD 10: disk write error: (14) Bad address
So far, I was unable to get some more information when enabling some
debug options. The only
On 11/03/2011 05:34 PM, Silamael wrote:
On 11/03/2011 03:50 PM, Silamael wrote:
Hello!
Sometimes starting Squid in OpenBSD 4.9 fails with the following message
in cache.log:
diskHandleWrite: FD 10: disk write error: (14) Bad address
Hello together,
I think i found the cause of said
On 12/06/2011 04:09 AM, Amos Jeffries wrote:
It is only affecting adaptation (ICAP/eCAP) builds, so if you can run
happily without those features use --disable, or comment out line 376 of
src/store.cc.
Thank you for the testing offer. We can replicate it already so the only
help needed is
Hello,
I have a simple question about refresh_pattern and TCP_MEM_HIT.
Given the following configuration:
refresh_pattern foo.example.org 0 0% 0
refresh_pattern . 0 20% 14400
Now, if i fetch something from foo.example.org i get a
TCP_CLIENT_REFRESH_MISS/200
The following request for the same
On 09/19/2012 02:12 AM, Amos Jeffries wrote:
On 19/09/2012 9:10 a.m., Eliezer Croitoru wrote:
On 9/18/2012 6:01 PM, Silamael wrote:
refresh_pattern foo.example.org 0 0% 0
refresh_pattern . 0 20% 14400
Now, if i fetch something from foo.example.org i get a
TCP_CLIENT_REFRESH_MISS/200
On 09/19/2012 10:12 AM, Amos Jeffries wrote:
On 19/09/2012 6:51 p.m., Silamael wrote:
Ok, so if a response contains valid headers concerning caching, these
are taken instead of using the matching refresh_pattern? So, if i want
some URLs being served completely without caching, i have to use
On 02/01/2013 01:09 AM, Amos Jeffries wrote:
Hmm. Yes the warning is new since we started adding debugs() about
failed system calls to display reviously hidden system errors.
Looking at all the documentation about setuid() and seteuid() I'm
wondering if this was supposed to be seteuid(0) -
Hi!
I just noticed that the squid -z command seems to fork and the child is
creating the cache directories. The parent immediatly returns with exit
code 0. There's a race for cases like: squid -z; squid
Is this behaviour intended?
Greetings,
Matthias
On 02/06/2013 02:05 AM, Amos Jeffries wrote:
Partially. The parent returning immediately is not agood thing. BUT,
squid -z ; squid is not a good way to do things even if it did. If
that were possible we would simply have made squid startup perform the
-z operations by default.
squid -z is
On 02/06/2013 10:42 PM, Alex Rousskov wrote:
Yes, it is. In old Squids, -z implied no-daemon mode. Then folks wanted
to use SMP macros in their configurations, including their cache_dir
lines. Those macros require SMP mode (each Squid kid gets its own set of
macro values) so we removed that
Hi there!
I just stumbled over the part in the release notes where it's said that
the ACL types myip and myport have been renamed to localip and
localport. But these new types do not work! In the source code it's
still myip and myport.
Greetings,
Matthias
Hi there!
Last week we had a problem that a cache peer's DNS resolved to 13 v6 and
13 v4 addresses but the system lacked IPv6 connectivity at all. While
debugging the problem (the solution was just to increase
forward_max_tries) I stumbled over a line in forward.cc where n_tries is
always checked
On 05/13/2013 10:22 AM, Amos Jeffries wrote:
Please submit your change for audit:
http://wiki.squid-cache.org/MergeProcedure#Submission_Format
Amos
Done :)
Hi,
One of our customers does constantly mirroring of some FTP directories
and noticed a huge memory consumption of Squid. As far as I can see with
squidclient mgr:mem, the 2K buffers are constantly increasing if Squid
is processing FTP requests like wget ftp://some.server/pub/ or wget -m
On 02/11/2015 11:10 AM, Yuri Voinov wrote:
Squid first saves object in memory. Then swapout object to cache. As usual:
This is no memory leaking, but normal cache behaviour. As documented.
You can play around with range_offset_limit and quick_abort_min parameters.
Or try to no cache this
On 02/12/2015 09:51 AM, Amos Jeffries wrote:
On 12/02/2015 9:03 p.m., Silamael Darkomen wrote:
I will file a proper bug report with debug output and such when I'm back
at work next monday.
Any idea what's wrong here? For me it seems that the index.html Squid is
generating for FTP requests
Hi there,
I'm updating from 3.4. to 3.5 and noticed that the following
redirect-URL from squidGuard no longer works:
internal://squid-internal-static/error-access-denied
As far as I can see, Squid no parses the rewrite answers through a
standard URL parser which results in the port being 0.
But
On 03/14/2016 02:16 PM, Kinkie wrote:
> Hi,
> .. has it ever? internal:// doesn't seem like a recognized protocol to me.
It worked till the update to Squid 3.5.
-- Matthias
___
squid-users mailing list
squid-users@lists.squid-cache.org
On 03/15/2016 12:10 AM, Amos Jeffries wrote:
> On 15/03/2016 2:22 a.m., Silamael wrote:
>>
>> On 03/14/2016 02:16 PM, Kinkie wrote:
>>> Hi,
>>> .. has it ever? internal:// doesn't seem like a recognized protocol to me.
>> It worked till the update t
On 03/15/2016 12:52 PM, Amos Jeffries wrote:
>> So, if i try this, i get a 404 response and the ERR_INVALID_REQ page.
>
> Okay. That is the correct behaviour for this situation.
> Squid does not normally load anything at the
> /squid-internal-static/error-access-denied path.
>
> A second bug /
On 04/05/2016 02:35 AM, Amos Jeffries wrote:
> On 5/04/2016 2:44 a.m., FredB wrote:
>>>
>>> Thanks I will test, I confirm the problem still present after a while
>>> Eg: this object seems never cleaned/fixed from cache
>>>
>>
>> No more success with fresh cache, after 5 minutes the messages
Hi there,
We're updating to Squid 3.5 under OpenBSD and have some issues with the
apparently new shared memory behavior:
1. Squid always creates three shared memory files and does not remove
these on shutdown
2. As we're running multiple complete different configuration on the
same machine on
On 03/07/2016 02:59 PM, Yuri Voinov wrote:
>
> Is there is any problems with this files?
If not, would I ask these questions? ;)
Yes, there are problems, first, for our testing environment. If user A
runs a Squid test, it creates these files. Now, no one else than user A
can run tests since the
On 27.06.2016 13:19, Amos Jeffries wrote:
> On 27/06/2016 9:16 p.m., Silamael wrote:
>> Hi,
>>
>> I'm playing around with the SMP feature on OpenBSD 5.9 and noticed that
>> Squid does not run due to hard coded limits for the receive and send
>> buffer sizes of
Hi,
I'm playing around with the SMP feature on OpenBSD 5.9 and noticed that
Squid does not run due to hard coded limits for the receive and send
buffer sizes of Unix Domain Sockets. In contrary to other OSes these
limits cannot be adjusted by a sysctl.
The attached patch adds some setsockopt()
On 19.09.2016 13:39, Silamael Darkomen wrote:
>
>
> On 16.09.2016 22:11, Markus Moeller wrote:
>> Hi Silamael,
>>
>> Can you perform a kinit u...@example.com ? Does the squid user
>> have read access to krb5.conf ?
>>
>> Markus
>
> He
On 20.09.2016 15:20, Silamael wrote:
> Ok, found one problem. Under OpenBSD I had some hack that the external
> helper was linked against libbind (the bind resolver library) instead of
> libc (as the helper uses some defines which have different names in the
> OpenBSD libc).
On 05.12.2016 13:58, Amos Jeffries wrote:
> On 5/12/2016 11:17 p.m., Silamael wrote:
>> This sounds somehow wrong to me, the ICAP service doesn't have a
>> problem, just the HTTP request being forwarded is borken. Therefor is no
>
> The ICAP service appears to be producing
On 09/04/2018 03:51 PM, Amos Jeffries wrote:
On 5/09/18 1:24 AM, Silamael wrote:
Hello,
I'm currently investigating a memory leak in with the Kerberos negotiate
authentication helper in Squid 3.5.27 under OpenBSD 6.3. It's a own port
with added Kerberos support since OpenBSD's port does
Hello,
I'm currently investigating a memory leak in with the Kerberos negotiate
authentication helper in Squid 3.5.27 under OpenBSD 6.3. It's a own port
with added Kerberos support since OpenBSD's port does not support
Kerberos at all.
As library Heimdal 7.5.0 is used. So far I had no luck
On 21-Apr-11 16:07, EzyMike wrote:
Indunil Jayasooriya wrote:
On Thu, Apr 21, 2011 at 1:54 PM, EzyMike lt;gpet...@actebis.atgt; wrote:
Hi!
I have a problem compiling squid 3.1.11 or 3.1.12 on a OpenBSD 4.8 box.
When preparing to replace a OpenBSD 4.6 box with a 4.8, the compilation
of
On 11.02.2015 21:05, Amos Jeffries wrote:
Some FTP files pointless to cache.
Sure, maybe some FTP files are not to be cached.
If it need just once. For what cache it?
I do not want to cache any. And I think a 'cache deny all' does that.
Correct.
Nevertheless, even with no caching
On 19.09.2016 14:08, L.P.H. van Belle wrote:
> Well thats strange.
> No i cant speak about openBSD, but below is pretty general.
>
> When you test, did you set this before the test.
> KRB5_KTNAME=/etc/squid/proxy.keytab
> And does that keytab contain the HTTP/SPN
> And test/check if you see
On 16.09.2016 22:11, Markus Moeller wrote:
> Hi Silamael,
>
> Can you perform a kinit u...@example.com ? Does the squid user
> have read access to krb5.conf ?
>
> Markus
Hello Markus,
Yes, the permissions are correctly set up so that Squid and it's
processes can read
On 16.09.2016 10:52, L.P.H. van Belle wrote:
> I think you forgot in your test, that you may need to modify the default
> kerberos ticket used.
>
>
>
>
>
> I suggest you change you config a bit to something like
>
>
>
> external_acl_type internet-win-allowed %LOGIN
>
Hello Amos,
Thank you for your quick reply.
Could you perhaps give me a short configuration example, how this should
lool like?
Thank you very much!
-- Matthias
On 07.04.2020 09:01, Amos Jeffries wrote:
> On 7/04/20 6:19 pm, Silamael Darkomen wrote:
>> Hello,
>>
>> Is
On 07.04.2020 16:52, Amos Jeffries wrote:
> It would be something like this:
>
> acl groupCheck external ...
> acl groupFoo note group foo
>
> http_access allow groupCheck
> ...
> cache_peer_access fooBar allow groupFoo
>
>
> Amos
Hi Amos,
Thank you again for the quick reply, seems to
Hello,
Is there any possibility to distribute a bunch of users to different
cache peers based on the user group in LDAP?
For older versions this was possible by using the slow external ACL
first for evaluation in the http_access clause and latter using the slow
external ACLs again in the
Hi,
Just trying to build the new Squid 4.11 with Heimdal as Kerberos5 library.
Unfortunately, the enctype fix made in
src/acl/external/kerberos_ldap_group/support_krb5.cc does not compile
with Heimdal.
Their krb5_creds structure does not have a keyblock member.
For now I disabled the fix with
On 23.04.2020 13:50, Amos Jeffries wrote:
> On 23/04/20 11:41 pm, Silamael Darkomen wrote:
>> Hi,
>>
>> Just trying to build the new Squid 4.11 with Heimdal as Kerberos5 library.
>> Unfortunately, the enctype fix made in
>> src/acl/external/kerberos_ldap_group
91 matches
Mail list logo