[squid-users] Question using deny_info
Hi ALL, I have here two acls that I would like to use with deny_info but I dont know how. As I tested here deny_info works without confusion (or I got confused ;)) when you put a http_access deny specifically to that acl(I mean only one acl) that you want to work with deny_info. For the first acl I know that deny_info works fine but I dont know how to use the second acl with deny_info and both of them together. Here follow the acls: acl ip_unico max_user_ip -s 1 acl ldap proxy_auth REQUIRED http_access deny ip_unico http_access allow ldap many thanks in advance, _ MSN Messenger: converse com os seus amigos online. http://messenger.msn.com.br
RE: [squid-users] Acl max_user_ip strange behavior?
All just one question, I had one acl that some URLs can be accessed without authentication, but when I put this acl before the acl max_user_ip users can go through without authentication but if I put it after squid just ignore acl and ask for authentication. Is that behavior right ? Users dont need to authenticate acl whitelist url_regex -i /usr/local/squid/etc/acls/whitelist acl ip_unico max_user_ip -s 1 http_access allow whitelist http_access deny ip_unico http_access allow !deny_range !blacklist !download ldapauth Users do need to authenticate acl whitelist url_regex -i /usr/local/squid/etc/acls/whitelist acl ip_unico max_user_ip -s 1 http_access deny ip_unico http_access allow whitelist http_access allow !deny_range !blacklist !download ldapauth Brgds, From: M J [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: RE: [squid-users] Acl max_user_ip Date: Fri, 02 Apr 2004 14:54:26 -0300 Using in this way it is working fine. Sorry for bothering, authenticate_ttl 3 hour authenticate_ip_ttl 60 seconds acl ip_unico max_user_ip -s 1 http_access deny ip_unico http_access allow !deny_range !blacklist !download ldapauthentication Brgds, From: M J [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [squid-users] Acl max_user_ip Date: Fri, 02 Apr 2004 12:31:54 -0300 Hi I´m trying to use max_user_ip acl but I am doing something wrong, because I had implemented it and tried to use the proxy from different ip. Well exactly after I use from my machine the different ip is denied, great this is what I need. Then I waited 300 seconds to try it again and I just can´t. Only from the first machine I can access even after waiting the authenticate_ip_ttl time. Here follow the the conf lines related to the problem (at least i think) authenticate_ttl 3 hour authenticate_ip_ttl 60 seconds acl ip_unico max_user_ip -s 1 http_access allow !deny_range !blacklist !download ip_unico ldapauthentication squid -v Squid Cache: Version 2.5.STABLE5-20040318 configure options: --enable-removal-policies=heap --enable-storeio=diskd,ufs --enable-default-err-language=English '--enable-err-languages=English Portuguese' --enable-basic-auth-helpers=LDAP When I put acl ip_unico max_user_ip -s 0 I can use from both machines at same time Many thanks in advance for your help, PS .: is the measurement time seconds right ? _ MSN Messenger: converse com os seus amigos online. http://messenger.msn.com.br _ MSN Messenger: converse com os seus amigos online. http://messenger.msn.com.br _ MSN Hotmail, o maior webmail do Brasil. http://www.hotmail.com
RE: [squid-users] Acl max_user_ip strange behavior?
Once again, many thanks for your help, now I think I understood the concept. Not trying to abuse, but is there a way to put it into just one line or max_user_ip must be alone? Example that is working: authenticate_ttl 3 hour authenticate_ip_ttl 60 seconds acl ip_unico max_user_ip -s 1 http_access deny ip_unico http_access allow !deny_range !blacklist !download ldapauthentication Replacement that I have tried but didnt work http_access allow !deny_range !blacklist !download !ip_unico ldapauthentication Regards, From: Henrik Nordstrom [EMAIL PROTECTED] To: M J [EMAIL PROTECTED] CC: [EMAIL PROTECTED] Subject: RE: [squid-users] Acl max_user_ip strange behavior? Date: Sat, 3 Apr 2004 15:36:59 +0200 (CEST) On Sat, 3 Apr 2004, M J wrote: I had one acl that some URLs can be accessed without authentication, but when I put this acl before the acl max_user_ip users can go through without authentication but if I put it after squid just ignore acl and ask for authentication. Is that behavior right ? It is. max_user_ip requires authentication as it needs the login name to determine how many IP addresses this user is using. Squid asks for authentication as soon as it reaches a acl requiring a login name. Not only from proxy_auth acls. proxy_auth acls is just an acl for matching the login name to a list of logins. Other acls requiring login names are: proxy_auth proxy_auth_regex max_user_ip external, using an external_acl_type with %LOGIN Regards Henrik _ MSN Messenger: converse com os seus amigos online. http://messenger.msn.com.br
RE: [squid-users] Squid-Sarg reports - Daily/weekly/monthly script
The main page of sarg is in Portuguese (my native language). You can find an egroup at yahoogroups, If you want to know about new releases and/or changes, subscribe to my Email list. Once on, you can send messages to the group: [EMAIL PROTECTED] But follow links to the scripts: Sarg users implementations Jeremy Lahners Weekly report script http://web.onda.com.br/orso/weekly.html Leuchter, Lars Daily, weekly and monthly report scripts http://web.onda.com.br/orso/enhancements.html Ugo Viti Daily/weekly/monthly Squid usage report generation tool http://www.i-synapse.it/public/sarg.reports Dont forget to apply index sort patch and if you use Red Hat you have to export LC_ALL=C before you run sarg. In time sarg is a very useful tool to generate reports using squid native log, but if you have a large amount of log (more than 1G) it will crash sarg. It seems that Pedro Orso is not developing sarg anymore as I see many users complaining about that is takes too long to generate Report and if you have a big log sarg crashes. But in my point of view it is still the best tool to generate Reports of squid users. From: GG BB [EMAIL PROTECTED] To: squid users [EMAIL PROTECTED] Subject: [squid-users] Squid-Sarg reports - Daily/weekly/monthly script Date: Thu, 18 Mar 2004 12:03:15 +0100 (CET) Hi all! I've successfully installed SARG for Squid log analyses, and that's exactly what I was looking for :) but I can't understand how to have daily-weekly-monthly reports generated ... looking at Sarg users implementations scripts on 'http://web.onda.com.br/orso/' Sarg Home Page.. but I'm not able to find out HOW to have those scripts working .. thanks for the help, ;) __ Yahoo! Mail: 6MB di spazio gratuito, 30MB per i tuoi allegati, l'antivirus, il filtro Anti-spam http://it.yahoo.com/mail_it/foot/?http://it.mail.yahoo.com/ _ MSN Hotmail, o maior webmail do Brasil. http://www.hotmail.com
[squid-users] REPOST: HELP! WARNING: failed to unpack meta data
Is that problem already solved ? Because I have exactly the same problem here. CHeers, Leon. From: Mark Pelkoski [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [squid-users] RE:RE: [squid-users] REPOST: HELP! WARNING: failed to unpack meta data Date: Mon, 15 Mar 2004 16:36:11 -0700 -Original Message- From: Mark Pelkoski Sent: Monday, March 15, 2004 4:35 PM To: 'Duane Wessels' Duane, Thank you for your response! I have a 34% hit rate. About the same for the server that is not producing these errors. We can start to narrow it down with the attached patch. Apply the patch and recompile and restart Squid. You should see additional lines with the failed to unpack meta data message. Duane W. Thanks for the patch. Here is the additional output: 2004/03/15 16:32:17| WARNING: failed to unpack meta data 2004/03/15 16:32:17| store_swapmeta.c:126: first character not STORE_META_OK, buf[0]=0 2004/03/15 16:32:17| WARNING: failed to unpack meta data 2004/03/15 16:32:17| store_swapmeta.c:126: first character not STORE_META_OK, buf[0]=0 2004/03/15 16:32:17| WARNING: failed to unpack meta data 2004/03/15 16:32:22| store_swapmeta.c:126: first character not STORE_META_OK, buf[0]=0 2004/03/15 16:32:22| WARNING: failed to unpack meta data 2004/03/15 16:32:22| store_swapmeta.c:126: first character not STORE_META_OK, buf[0]=0 2004/03/15 16:32:22| WARNING: failed to unpack meta data 2004/03/15 16:32:22| store_swapmeta.c:126: first character not STORE_META_OK, buf[0]=0 2004/03/15 16:32:22| WARNING: failed to unpack meta data 2004/03/15 16:32:22| store_swapmeta.c:126: first character not STORE_META_OK, buf[0]=0 2004/03/15 16:32:22| WARNING: failed to unpack meta data 2004/03/15 16:32:22| store_swapmeta.c:126: first character not STORE_META_OK, buf[0]=0 2004/03/15 16:32:22| WARNING: failed to unpack meta data 2004/03/15 16:32:22| store_swapmeta.c:126: first character not STORE_META_OK, buf[0]=0 2004/03/15 16:32:22| WARNING: failed to unpack meta data 2004/03/15 16:32:22| store_swapmeta.c:126: first character not STORE_META_OK, buf[0]=0 2004/03/15 16:32:22| WARNING: failed to unpack meta data 2004/03/15 16:32:23| store_swapmeta.c:126: first character not STORE_META_OK, buf[0]=0 2004/03/15 16:32:23| WARNING: failed to unpack meta data 2004/03/15 16:32:23| store_swapmeta.c:126: first character not STORE_META_OK, buf[0]=0 2004/03/15 16:32:23| WARNING: failed to unpack meta data -Mark _ MSN Messenger: converse com os seus amigos online. http://messenger.msn.com.br
[squid-users] REPOST: HELP! WARNING: failed to unpack meta data
OK, many thanks for your answer. If you need some help, I am not that experienced of a user but I am willing to help. I use slackware 9.1 with kernel .2.4.25 squid -v Squid Cache: Version 2.5.STABLE4-20040123 configure options: --enable-removal-policies=heap --enable-storeio=diskd,ufs --enable-default-err-language=English '--enable-err-languages=English Portuguese' --enable-basic-auth-helpers=LDAP --enable-ssl --enable-snmp Hardware Proliant ML 350. If it is really, a hardware related problem maybe know the scsi driver help. I use SYM53C8XX Version 2 SCSI support. I will install Daily auto-generated release today to see if the problem persists but It only appears when I restart squid. Cheers, Leon. From: Mark Pelkoski [EMAIL PROTECTED] To: M J [EMAIL PROTECTED],[EMAIL PROTECTED] Subject: RE: [squid-users] REPOST: HELP! WARNING: failed to unpack meta data Date: Wed, 17 Mar 2004 07:44:43 -0700 Is that problem already solved ? Because I have exactly the same problem here. CHeers, Leon. Nope. We got into some really heaving T-shooting, too much for the list. Trying to get some useful debugging, but having a hard time trying to make sense of it. I suspect I may have a hardware issue, being I have a another sever built exactly like the one producing errors. If we find out the root cause, I will post it to the list. -Mark Duane, Thank you for your response! I have a 34% hit rate. About the same for the server that is not producing these errors. We can start to narrow it down with the attached patch. Apply the patch and recompile and restart Squid. You should see additional lines with the failed to unpack meta data message. Duane W. Thanks for the patch. Here is the additional output: 2004/03/15 16:32:17| WARNING: failed to unpack meta data 2004/03/15 16:32:17| store_swapmeta.c:126: first character not STORE_META_OK, buf[0]=0 2004/03/15 16:32:17| WARNING: failed to unpack meta data 2004/03/15 16:32:17| store_swapmeta.c:126: first character not STORE_META_OK, buf[0]=0 2004/03/15 16:32:17| WARNING: failed to unpack meta data 2004/03/15 16:32:22| store_swapmeta.c:126: first character not STORE_META_OK, buf[0]=0 2004/03/15 16:32:22| WARNING: failed to unpack meta data 2004/03/15 16:32:22| store_swapmeta.c:126: first character not STORE_META_OK, buf[0]=0 2004/03/15 16:32:22| WARNING: failed to unpack meta data 2004/03/15 16:32:22| store_swapmeta.c:126: first character not STORE_META_OK, buf[0]=0 2004/03/15 16:32:22| WARNING: failed to unpack meta data 2004/03/15 16:32:22| store_swapmeta.c:126: first character not STORE_META_OK, buf[0]=0 2004/03/15 16:32:22| WARNING: failed to unpack meta data 2004/03/15 16:32:22| store_swapmeta.c:126: first character not STORE_META_OK, buf[0]=0 2004/03/15 16:32:22| WARNING: failed to unpack meta data 2004/03/15 16:32:22| store_swapmeta.c:126: first character not STORE_META_OK, buf[0]=0 2004/03/15 16:32:22| WARNING: failed to unpack meta data 2004/03/15 16:32:22| store_swapmeta.c:126: first character not STORE_META_OK, buf[0]=0 2004/03/15 16:32:22| WARNING: failed to unpack meta data 2004/03/15 16:32:23| store_swapmeta.c:126: first character not STORE_META_OK, buf[0]=0 2004/03/15 16:32:23| WARNING: failed to unpack meta data 2004/03/15 16:32:23| store_swapmeta.c:126: first character not STORE_META_OK, buf[0]=0 2004/03/15 16:32:23| WARNING: failed to unpack meta data -Mark _ MSN Messenger: converse com os seus amigos online. http://messenger.msn.com.br _ MSN Hotmail, o maior webmail do Brasil. http://www.hotmail.com
Re: [squid-users] Problem with quick_abort_min -1 KB
OK I will use a quick_abort_pct of 50%, I think is better. Thanks for your Tip, From: Henrik Nordstrom [EMAIL PROTECTED] To: M J [EMAIL PROTECTED] CC: [EMAIL PROTECTED] Subject: Re: [squid-users] Problem with quick_abort_min -1 KB Date: Wed, 3 Mar 2004 22:11:33 +0100 (CET) On Wed, 3 Mar 2004, M J wrote: I have tried quick_abort_min -1KB and quick_abort_min -1.00 KB without success. What is the correct syntax if I want retrievals to always continue if they are being cached? quick_abort_min -1 KB is supposed to work, but seems to have been broken somewhere. The same effect can also be acheived by setting quick_abort_min to a very large value such as quick_abort_min 2 GB Most people prefer the opposite, to make Squid abort downloads immediately. This kind of continued downloads can easily chew up a considerable amount of bandwidth for a very log hit ratio. Regards Henrik _ MSN Hotmail, o maior webmail do Brasil. http://www.hotmail.com
[squid-users] Problem with quick_abort_min -1 KB
Hi all, Im using Squid Cache: Version 2.5.STABLE5-20040303 and Slackware 9.1 and kernel 2.4.25 When a set quick_abort_min -1 KB as it says in squid.conf squid doesnt start returning FATAL: Bungled squid.conf line 1520: quick_abort_min -1 KB Squid Cache (Version 2.5.STABLE5-20040303): Terminated abnormally. CPU Usage: 0.010 seconds = 0.010 user + 0.000 sys Maximum Resident Size: 0 KB Page faults with physical i/o: 298 Aborted I have tried quick_abort_min -1KB and quick_abort_min -1.00 KB without success. What is the correct syntax if I want retrievals to always continue if they are being cached? Many thanks, _ MSN Hotmail, o maior webmail do Brasil. http://www.hotmail.com
RE: [squid-users] Impossible keep-alive header
I had the same problem using the following snapshot squid-2.5.STABLE4-20040123.tar.bz2. Henrik wasn´t the keep-alive.patch incorporeted in to the daily snapshot ? Many thanks in advance, Leon. From: Henrik Nordstrom [EMAIL PROTECTED] To: Mike Mitchell [EMAIL PROTECTED] CC: [EMAIL PROTECTED] Subject: RE: [squid-users] Impossible keep-alive header Date: Mon, 19 Jan 2004 18:48:29 +0100 (CET) On Mon, 19 Jan 2004, Mike Mitchell wrote: I've just installed the squid-2.5.STABLE4-20040119 snapshot and now I'm flooded with Impossible keep-alive header messages. I have a parent proxy of a Trend Micro Interscan Viruswall version 3.8 running on the same machine. Here's an example from the cache.log file: 2004/01/19 10:58:34| httpProcessReplyHeader: Impossible keep-alive header from 'http://wisapidata.weatherbug.com/WxAlertIsapi/WxAlertIsapi.cgi?GetAlert30Magic=1ZipCode=27519StationID=RALGHUnits=0RegNum=27560925Version=5.02t=1074526042lv=0' The patch has now been corrected to deal with this case. A incremental patch is attached to this message. Regards Henrik keep-alive.patch _ MSN Hotmail, o maior webmail do Brasil. http://www.hotmail.com
RE: [squid-users] Impossible keep-alive header
Sorry Henrik, I use one old topic that had the same problem / configuration as I do, but I now a realize that there is a lot of them, I m sorry. I ll give details. I was having a problem that the file cache.log was full of these warnings 2004/01/23 19:38:38| ctx: exit level 0 2004/01/23 19:38:38| ctx: enter level 0: 'http://applications.atpco.net/extranet/coresystems/pdf/fm_rules_n3_b.pdf' 2004/01/23 19:38:38| httpProcessReplyHeader: Impossible keep-alive header from 'http://applications.atpco.net/extranet/coresystems/pdf/fm_rules_n3_b.pdf' and I used one patch that you sent (keep-alive.patch ) and the warning decreased from 1 warning per 10 seconds to 1 warning per 4 or 5 hours (acceptble). Today I have compiled squid-2.5.STABLE4-20040123.tar.bz2 to know if the problem was solved but the cache.log file starts to increase those warnings. My topology: I have two proxies that work together on the same LAN as MASTER/BACKUP SERVERs using HeartBeat. For users we have just one Proxy but if something happens to him, the another one will promptly assume all traffic. As we have an average of 4500 users, I force Proxy 1 to use Proxy 2 as a parent proxy so Proxy 2 can full its cache. When I start doing this configuration I had a problem that a solved using this line at my squid.conf icp_query_timeout 2000 I dont know if this is the best configuration to do this kind of topology but is working and any comments suggestions are welcome!! Let me know if you need more details or configs. I use slackware 9.1 with kernel 2.4.24 two PROLIANT ML350 servers with 2 G of RAM and 30 G of cache. Many thanks in advance and congratulations for your great job, Leon. _ MSN Hotmail, o maior webmail do Brasil. http://www.hotmail.com
Re: [squid-users] kernel 2.6.1 and async-io
Hi Henrik, Regarding warning, 2004/01/19 14:58:18| ctx: exit level 0 2004/01/19 14:58:18| ctx: enter level 0: 'http://www.colpatria.com/LeftMenuNew.asp' 2004/01/19 14:58:18| httpProcessReplyHeader: Impossible keep-alive header from 'http://www.colpatria.com/LeftMenuNew.asp' that Unixware reported, i am using squid-2.5.STABLE4 from today daily snapshot no patch. i see this error mostly with urls which have cgi or asp in it Ok, then it is entirely possible the warning is correct. If in doubt then log_mime_hdrs can tell.. I have the same warning here and i am using squid-2.5.STABLE4 from squid-2.5.STABLE4-20040115.tar.bz2 daily snapshot no patch, I also noticed that if I use the squid-2.5.STABLE4-20040108.tar.gz I dont get this warning. My cache.log is increasing too fast because of this warning, how can I set my squid correctly ? I use Slackware 9.1 and kernel 2.4.24 Many thanks in advance, _ MSN Hotmail, o maior webmail do Brasil. http://www.hotmail.com