Re: [squid-users] Squid + ldap_auth + transparent
Hi! Please, read: http://wiki.squid-cache.org/Features/Authentication?action=showredirect=SquidFaq/ProxyAuthentication#Authentication_in_interception_and_transparent_modes You just can't authenticate in transparent mode. If you have an AD (or samba), you could centrally configure the proxy on all of the computers. Also, you could use wpad to auto-configure the browsers to use the proxy. I hope this helps, Ildefonso Camargo On Fri, Jan 29, 2010 at 6:31 AM, Ricardo Souza ricardo.so...@ti.cmtsp.com.br wrote: Hi, i configured a squid to auth at my Active directory. I was working fine when i set proxy manually. When i try to make it in production i got only TCP_DENIED. How can i configure it on transparent mode + ldap_auth This is my squid.conf: http://187.8.216.250/squid.conf thanks
[squid-users] kerberos authentication and ldap
We are getting some Win7 machines so I am migrating our ntlm setup to Kerberos. Looking at Markus Moeller's kerb guide, I see that it doesn't state how to control access after successful auth. Looking online, http://klaubert.wordpress.com/2008/01/09/squid-kerberos-authentication-and-ldap-authorization-in-active-directory/ suggests an ldap companion method but this involves a patch. Is that patch still needed, or does there exist a stock approach to facilitate this, as our access is done by group ad membership? Thanks, jlc
[squid-users] Absolute url links bypass Squid
Hi, Squid-users! I want to make a reverse proxy for a very bad web site. In this web site, all contents have absolute url address. I can only get its home page. When I click on any page on the home page, it will bypass Squid and show the backend web site to the browser. Say, the web site is http://www.example.com. It has http://www.example.com in front of all of its pages. Like, http://www.example.com/page1.html, http://www.example.com/page2.html. If I am the web site administrator, I would delete all http://www.example.com and let it be /page1.html, /page2.html. This will fix the problem, right? Unfornately, I am not. How to fix this problem for Squid? I failed to try with Apache mod_proxy and mod_proxy_html. And no luck with Squid+Squirm. Thanks a lot! Fulan Peng
Re: [squid-users] squid-3.1.0.15 and WCCPv1
Graham Keeling wrote: On Fri, Jan 29, 2010 at 03:59:29PM +, Graham Keeling wrote: On Fri, Jan 29, 2010 at 11:35:00AM +, Graham Keeling wrote: Hello, I am trying to upgrade my squid from 2.5 to 3.1. I have got all my old configuration working on 3.1, except... I am coming across a problem with WCCPv1. 172.16.13.56 is the address of the squid box. 172.16.13.2 is the address of the cisco router. I have wccp_router=172.16.13.2 in my squid.conf. squid-2.5 connects to UDP port 2048, I get replies, and everything else then works. Here is a tcpdump of the initial connection: 16:12:13.404466 IP 172.16.13.56.2048 172.16.13.2.2048: UDP, length 52 16:12:13.406764 IP 172.16.13.2.2048 172.16.13.56.2048: UDP, length 64 But, squid-3.1 looks like it is trying to connect to UDP port 0 on the cisco. Here is the equivalent tcpdump with squid-3.1: 15:59:10.093415 IP 172.16.13.56.2048 172.16.13.2.0: UDP, length 52 15:59:10.094423 IP 172.16.13.2 172.16.13.56: ICMP 172.16.13.2 udp port 0 unreachable, length I have looked at the src/wccp.c for squid-2.5, and it is clear that the port is being set to 2048 for the connection to the router. I have also looked at the source for 2.6, 2.7 and 3.0 (src/wccp.cc for this version). In all those, it appears to be setting the port on the outgoing connection. However, in the 3.1 source, it doesn't. Is this a bug? Has anybody got WCCPv1 working with squid-3.1? Further information: I've now tried squid-3.0.STABLE21, and WCCPv1 worked fine. Conclusion: WCCPv1 is broken in squid-3.1. Is this the correct list to be reporting this to? My squid-3.1 WCCPv1 appears to work with the attached patch that I just made. Um. No. squid-dev is the list for all that about beta releases. Particularly for patches. But nevermind, I've received the patch and added it to the next 3.1 release. Thank you. Amos -- Please be using Current Stable Squid 2.7.STABLE7 or 3.0.STABLE21 Current Beta Squid 3.1.0.15
Re: [squid-users] Check bandwidth
J. Webster wrote: Is there anyway to monitor the current bandwidth in use by a user (NCSA auth) on squid? Occasionally we get a user downloading too many videos at once, which blocks bandwidth to other users on the network. As I have no idea which user it is until the end of the day (SARG reports), we just restart the squid server to disconnect their downloads - not ideal. You can do all kinds of tricks with delay pools to kick the annoying uses down to slow-speed trickles and spread the bandwidth around better. If you can identify some criteria from the HTTP request which clearly only occurs in the annoying traffic you can use delay_pool_access to only place limitations on those requests. Amos -- Please be using Current Stable Squid 2.7.STABLE7 or 3.0.STABLE21 Current Beta Squid 3.1.0.15