[squid-users] POST fails when Parent proxy is used.
We've got a test install of win32 2.6.stable10 on a remote site. For general internet access we pass the requests on to a parent proxy hosted by the ISP. The following two entries in the squid.conf relates to the proxy setup. cache_peer proxy1.emirates.net.ae parent 80803130no-query cache_peer_domain proxy1.emirates.net.ae !roxar.com This should pass all traffic on to the ISP proxy apart from requests to *.roxar.com sites. This part works as expected, but once we access an external site that has a form using POST, the following is logged in the access.log, which to me indicates that it no longer uses the parent proxy when submitting the form via POST 1175675571.750 16 127.0.0.1 TCP_CLIENT_REFRESH_MISS/000 0 GET http://www.crossley-nilsen.com/brage/include/htmlarea/htmlarea.css - FIRST_UP_PARENT/proxy1.emirates.net.ae - 1175675642.797 63891 127.0.0.1 TCP_MISS/503 1613 POST http://www.crossley-nilsen.com/brage/index.php - DIRECT/195.47.247.65 text/html I assume this isn't normal behaviour, or did I miss something in the config? Best Regards, Thomas Nilsen Linux - The ultimate Windows service pack DISCLAIMER: This message contains information that may be privileged or confidential and is the property of the Roxar Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorised to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message.
RE: [squid-users] Regex url lists and DNS blacklist acls
Thanks for the reply Henrik. As utils like squidguard/dansguardian are able to handle regex files with good performance, I was hoping to achieve the same with asqredir or similar light tools. I assume Squid caches any external regex_url file? I'll go ahead and see if I can get dnsbl_redir and perhaps asqredir to work as external ACL helpers and do some testing to see if there is any performance gain from it. Thanks again. Regards, Thomas -Original Message- From: Henrik Nordstrom [mailto:[EMAIL PROTECTED] Sent: Friday, September 01, 2006 12:07 AM To: Thomas Nilsen Cc: squid-users@squid-cache.org Subject: Re: [squid-users] Regex url lists and DNS blacklist acls tor 2006-08-31 klockan 15:06 +0200 skrev Thomas Nilsen: The shadowserver.org and bleedingsnort.com lists could easily be integrated as dstdomain acl, but the malware.com.br is a regex_url list and I don't want to take the performance hit using a regex_url acl. So the idea was to try and use a redirector like asqredir for the regex_url files. regex performance is about the same I am afraid.. the problem is not where they are implemented but the fact that regex patterns is not well structured so the whole list must be searched all the time... I also want to use the dnsbl_redir to check dns blacklists (which potentially could replace the dstdomain acl as well if that is of any performance benefit). I would recommend implementing that using an external ACL instead of of a redirector. Much better performance. Problem is to use the two redirectors at the same time. Not really a problem. Look in the archives (search for Open2). But I wouldn't recommend it in this case as an external acl is much better design. I expect the dnsbl_redir has a lower overhead as a helper application than asqredir would if changed into a external acl helper, or does that not matter? Have anyone tried this? external acls have a very noticeable performance benefit compared to redirectors at large thanks to the lookup cache available in the external acl construct. Regards Henrik DISCLAIMER: This message contains information that may be privileged or confidential and is the property of the Roxar Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorised to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message.
RE: [squid-users] swap.log size continuing to grow?
You need to change the squid port as well (http_port) of course, so both don't listen to 8080 - unless interscan and squid bind to different interfaces. Apart from that it should be fine. Thomas -Original Message- From: wangzicai [mailto:[EMAIL PROTECTED] Sent: Friday, September 01, 2006 8:22 AM To: Thomas Nilsen Cc: squid-users@squid-cache.org Subject: RE: [squid-users] swap.log size continuing to grow? Thanks If : In the I changed the Interscan`s working port to 8080,and change the squid`s configuration the line: cache_peer 127.0.0.1 parent 8080 3130 no-query It will be work? Regards garlic -Original Message- From: Thomas Nilsen [mailto:[EMAIL PROTECTED] Sent: Friday, September 01, 2006 1:56 PM To: squid-users@squid-cache.org Subject: RE: [squid-users] swap.log size continuing to grow? You can't with that setup. If you want the users details logged in squid, you need to swap it around so that squid uses Interscan as its parent. As long as Interscan is passing the request on to Squid, squid is always going to log the server IP. Regards, Thomas -Original Message- From: wangzicai [mailto:[EMAIL PROTECTED] Sent: Friday, September 01, 2006 2:54 AM To: squid-users@squid-cache.org Subject: RE: [squid-users] swap.log size continuing to grow? Hello everyone I have a proxy server machine.I am using squid-2.5.stable14 with InterScan VirusWall for Unix in a same computer.the port of InterScan VirusWall for Unix is 80 and the port of squid is 8080. __ __ _ | user|---| InterScan |--- | squid | |_||_| |_| In the user`s internet I input the server`s ip and 80. Now ,in the access.log I can not get the user`s access record. The ip is the server1s ip. Like this 127.0.0.1 - - [24/Aug/2006:12:53:53 +0800] GET http://www.google.co.jp/ HTTP/1.0 200 4328 TCP_MISS\:FIRST_UP_PARENT . How can I solve it. Regards garlic DISCLAIMER: This message contains information that may be privileged or confidential and is the property of the Roxar Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorised to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message.
RE: [squid-users] swap.log size continuing to grow?
Suggest you configure this in stages. 1. Get Interscan to work on port 8080 and pass it's request on the the parent proxy in the other company. Configure your browser to use your interscan server IP and port 8080 as proxy and test. 2. Once step 1 works. Configure squid to use parent proxy on localhost:8080 and make sure it works. I think there are some restrictions with running squid on port 80 (like you have to run as root to bind to it), so you might want to choose a different port - like 3128. But that's up to you. Thomas -Original Message- From: wangzicai [mailto:[EMAIL PROTECTED] Sent: Friday, September 01, 2006 8:49 AM To: Thomas Nilsen Cc: squid-users@squid-cache.org Subject: RE: [squid-users] swap.log size continuing to grow? Thanks I have changed the squid prot to 80 , but the server can not connect to the internet directly it must throw another proxy(server in another company). In the intrascan I set the proxy to that proxy and the port is also 8080 When I try to access the internet the error occers: InterScan Error InterScan HTTP Version 3.81-Build_1084 $Date: 04/06/2005 18:36:0048$ Can't connect to the original server: (any proxy server`s name):8080 -Original Message- From: Thomas Nilsen [mailto:[EMAIL PROTECTED] Sent: Friday, September 01, 2006 2:32 PM To: wangzicai Cc: squid-users@squid-cache.org Subject: RE: [squid-users] swap.log size continuing to grow? You need to change the squid port as well (http_port) of course, so both don't listen to 8080 - unless interscan and squid bind to different interfaces. Apart from that it should be fine. Thomas -Original Message- From: wangzicai [mailto:[EMAIL PROTECTED] Sent: Friday, September 01, 2006 8:22 AM To: Thomas Nilsen Cc: squid-users@squid-cache.org Subject: RE: [squid-users] swap.log size continuing to grow? Thanks If : In the I changed the Interscan`s working port to 8080,and change the squid`s configuration the line: cache_peer 127.0.0.1 parent 8080 3130 no-query It will be work? Regards garlic -Original Message- From: Thomas Nilsen [mailto:[EMAIL PROTECTED] Sent: Friday, September 01, 2006 1:56 PM To: squid-users@squid-cache.org Subject: RE: [squid-users] swap.log size continuing to grow? You can't with that setup. If you want the users details logged in squid, you need to swap it around so that squid uses Interscan as its parent. As long as Interscan is passing the request on to Squid, squid is always going to log the server IP. Regards, Thomas -Original Message- From: wangzicai [mailto:[EMAIL PROTECTED] Sent: Friday, September 01, 2006 2:54 AM To: squid-users@squid-cache.org Subject: RE: [squid-users] swap.log size continuing to grow? Hello everyone I have a proxy server machine.I am using squid-2.5.stable14 with InterScan VirusWall for Unix in a same computer.the port of InterScan VirusWall for Unix is 80 and the port of squid is 8080. __ __ _ | user|---| InterScan |--- | squid | |_||_| |_| In the user`s internet I input the server`s ip and 80. Now ,in the access.log I can not get the user`s access record. The ip is the server1s ip. Like this 127.0.0.1 - - [24/Aug/2006:12:53:53 +0800] GET http://www.google.co.jp/ HTTP/1.0 200 4328 TCP_MISS\:FIRST_UP_PARENT . How can I solve it. Regards garlic DISCLAIMER: This message contains information that may be privileged or confidential and is the property of the Roxar Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorised to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message.
[squid-users] Regex url lists and DNS blacklist acls
I'm looking at deploying Squid with filtering using malware blacklists from www.bleedingsnort.com www.malware.com.br www.shadowserver.org/cc.php and possibly some other limited blacklists. We will only be filtering for malware/spyware etc.. No other content filtering is required, so we want to avoid using SquidGuard or similar. The shadowserver.org and bleedingsnort.com lists could easily be integrated as dstdomain acl, but the malware.com.br is a regex_url list and I don't want to take the performance hit using a regex_url acl. So the idea was to try and use a redirector like asqredir for the regex_url files. I also want to use the dnsbl_redir to check dns blacklists (which potentially could replace the dstdomain acl as well if that is of any performance benefit). Problem is to use the two redirectors at the same time. If we used dnsbl_redir as an external_acl_type (after some modification) and leave asqredir as the redirector, we should be in business? I expect the dnsbl_redir has a lower overhead as a helper application than asqredir would if changed into a external acl helper, or does that not matter? Have anyone tried this? Both the asqredir and dnsbl_redir compile under cygwin, so it doesn't seem to be a problem to get the to work with the windows version of squid, which is a requirement for us (although we have only done some basic testing on it). Best Regards, Thomas Nilsen Linux - The umltimate Windows service pack DISCLAIMER: This message contains information that may be privileged or confidential and is the property of the Roxar Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorised to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message.
RE: [squid-users] swap.log size continuing to grow?
You can't with that setup. If you want the users details logged in squid, you need to swap it around so that squid uses Interscan as its parent. As long as Interscan is passing the request on to Squid, squid is always going to log the server IP. Regards, Thomas -Original Message- From: wangzicai [mailto:[EMAIL PROTECTED] Sent: Friday, September 01, 2006 2:54 AM To: squid-users@squid-cache.org Subject: RE: [squid-users] swap.log size continuing to grow? Hello everyone I have a proxy server machine.I am using squid-2.5.stable14 with InterScan VirusWall for Unix in a same computer.the port of InterScan VirusWall for Unix is 80 and the port of squid is 8080. __ __ _ | user|---| InterScan |--- | squid | |_||_| |_| In the user`s internet I input the server`s ip and 80. Now ,in the access.log I can not get the user`s access record. The ip is the server1s ip. Like this 127.0.0.1 - - [24/Aug/2006:12:53:53 +0800] GET http://www.google.co.jp/ HTTP/1.0 200 4328 TCP_MISS\:FIRST_UP_PARENT . How can I solve it. Regards garlic DISCLAIMER: This message contains information that may be privileged or confidential and is the property of the Roxar Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorised to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message.