Hello
I am asking to sibling cache about a web site and it asks from its parent.
The parent thinks its a cache miss but the sibling says its a hit
SIBLING CACHE
1083136150.250104 130.232.138.155 TCP_REFRESH_HIT/304 369 GET
http://www.batili.com.tr/ - DEFAULT_PARENT/217.21.68.52 -
Hi,
some of my users using socks2http for http tunneling, they can pass my
squids acls by this way, so they can download blocked files, and connect to
p2p apps. i want to block and/or log their http tunnel like activities.
Any advice?
Kind Regards
Tolga
I searched in the mail list archives for the configuration
of AV viruswall trend micro with squid, but I have some doubt:
Case 1)
clients -- hiearchi proxy -- virus-wall -- internet
All the traffic to the internet go through to the virus wall.
Case 2)
Equal to case 1, but the
Hi,
some of my users using socks2http for http tunneling, they can pass my
squids acls by this way, so they can download blocked files,
and connect to
p2p apps. i want to block and/or log their http tunnel like
activities.
Any advice?
Even that 'solution' from your brave
On Tue, 27 Apr 2004, Xavier Baez wrote:
Should I recompile the linux kernel and patch it with Netfilter?
Won't do what you are looking for as netfilter only knows packets, not
HTTP or URLs.
But in theory it could be possible to combine the string match, connmark
and tc to shape certain types
Configuration Nr. 1 is the more secure option since all http traffic is
scanned by the viruswall (which also scans for stuff like javascript
malware).
Of course this affects performance, or rather the way users experience
their download. In order to scan a file (say a .zip-archive), the viruswall
On Tue, 27 Apr 2004, James MacLean wrote:
Any way to have squid-2.5.STABLE5 _not_ error out when an RTSP DESCRIBE
method is generated. We see Darwin/Apple servers out there setup for rtsp
over port 80. Squid replies with a 400 Bad Request and cache.log has:
You are running interception
On Tue, 27 Apr 2004, Elvis Presley wrote:
I am willing to run two instances of squid on my
firewall, one forward, one reverse, but I am not
interested in accelerating, caching, logging,
filtering, controlling... just proxy-ing, I mean, just
url resolution.
Is there a squid-lite?
All of
On Wed, 28 Apr 2004 [EMAIL PROTECTED] wrote:
Do you have any idea how to apply apache patches? I m running squid 2.4
stable 3 on a SuSE Linux platform.
What patches are you talking about, where?
Squid is not Apache.
I have also run squidGuard to prevent illegal websites. Is there a way
to
On Tue, 27 Apr 2004, Abdul Khader wrote:
Server Error
The following error occurred:
[code=RESOURCE_RECLAIMED] Internal error. Try again.
This error does not look like a Squid error..
if it is a Squid error then there should be a signature at the bottom of
the page indicating which version
Hi all,
Quick question about ip_wccp's v2 support if I may. I'm using it with a Cisco 2600 to
redirect outbound HTTP to squid. This works very well. The router is also able to push
spoofed return traffic back to the cache via WCCP. Is this something that is
inherently supported by ip_wccp or
On Wed, 28 Apr 2004, Tolga YAMAN wrote:
some of my users using socks2http for http tunneling, they can pass my
squids acls by this way, so they can download blocked files, and connect to
p2p apps. i want to block and/or log their http tunnel like activities.
You should be able to identify
Hi,
for sure I am not the only one having this problem and maybe it a rtfm-thing, but i
wasn't able to find it and I searched a lot.
I have a squid up and running with samba-3 using the fedora packages
(squid-2.5.STABLE3-1.fc1). authentication against the ads works fine from squid for
basic
Hi
My cache.log often says 'Detected DEAD Parent' and 'TCP connection to X.X.X.X/8080
failed'.
If my alert tool catches 'Detected DEAD Parent', that tool tells me this event.
But I can access to the internet through squid box.
I want to tweak timing of 'Detected DEAD Parent's logging , because
Hi,
I want to put access control on user's browsers. Can squid accept
requests only from Internet Explorer, Netscape Navigator and Opena ?
If a user allowed to use squid proxy installs on client PC a proxy
server like analogue-x, proxyi, winproxy or naviscope, his request
should be rejected. My
Hi,
Some documents in your discussion group are pointing to
http://itmanagers.net/postt10.html
(in regards to how to configure squid with access restrictions based on
group membership)
I am trying to get there and I can't.
did they change this link?
(it seems to be pretty recent - maybe
Hi
My cache.log often says 'Detected DEAD Parent' and 'TCP
connection to X.X.X.X/8080 failed'.
If my alert tool catches 'Detected DEAD Parent', that tool
tells me this event.
But I can access to the internet through squid box.
I want to tweak timing of 'Detected DEAD Parent's logging
Hi,
Some documents in your discussion group are pointing to
http://itmanagers.net/postt10.html
(in regards to how to configure squid with access
restrictions based on
group membership)
I am trying to get there and I can't.
did they change this link?
(it seems to be pretty recent -
Thx, as I always keep my old configuration file, I hadn't seen this option.
I have modified my squid.conf and smb.conf to ensure NTLM v2 authentication.
It's up for a few minutes now ; I'm just waiting to see what's gonna happen.
Thx again.
Pierre-Emmanuel
-Message d'origine-
De
Hello,
I have a network with multiple locations connected over Frame relay.
Each location has also a DSL for internet access. Squid is running on
each router in transparent proxy mode right now. So far so good.
I would like to start authentication for some group of
people/workstations.
To
I need SSL update patch to Squid-2.5 Stable3 to handle HTTPS requests with
Squid Accelerator. Can someone tell me where I can exactly find it , please?
Which is URL ?!
best regards
Sampei
__
Social price: l'ADSL diventa per tutti
-- Mensaje original --
From: Roman Rathler [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Date: Wed, 28 Apr 2004 10:11:59 +0200 (METDST)
Subject: [squid-users] wb_group issues
Hi,
for sure I am not the only one having this problem and maybe it a rtfm-thing,
but i wasn't able to find it and I searched
However, I have not yet found any browser requiring this, nor
have I found any difference in the SSL handshakes.. the
Context ID field seems to be blank both with and without this
call. (using OpenSSL 0.9.7a with RedHat patches).
The patch as such looks valid, except that it was
However, I have not yet found any browser requiring this, nor
have I found any difference in the SSL handshakes.. the
Context ID field seems to be blank both with and without this
call. (using OpenSSL 0.9.7a with RedHat patches).
The patch as such looks valid, except that it was
On Wed, 28 Apr 2004, David Hajek wrote:
The scenario is: Enable client cert auth in https_port directive. Then open
mozilla 1.6/1.7rc1 and
check Ask every time when selecting certificate. When you then open page
behind reverse proxy,
you are being asked by Mozilla which certificate you want
On Wed, 28 Apr 2004, Roman Rathler wrote:
I have a squid up and running with samba-3 using the fedora packages
(squid-2.5.STABLE3-1.fc1). authentication against the ads works fine from squid for
basic and ntlm authentication. now i want to build some acls using groups from the
active
On Wed, 28 Apr 2004, Matthias Weigel wrote:
how much does squid performance benefit from the dir_index feature of ext2 / ext3?
Probably none.
What is the easiest way to actually test squid performance?
polygraph is a very good test if it is cache performance you want to
measure. Almost all
Hi,
When we visit the site www.terra.es and we try some link ejm: correo an error is
produced:
The requested URL could not be retrieved
While trying to retrieve the URL: http://http/www.terra.es/correo
The following error was encountered:
Unable to determine IP address from host
On Wed, 28 Apr 2004, Mr. S M Thakor wrote:
I want to put access control on user's browsers. Can squid accept
requests only from Internet Explorer, Netscape Navigator and Opena ?
Yes, as long as the user is not lying about what browser he is using. Se
the browser acl.
If a user allowed to
http://devel.squid-cache.org/
Regards
Henrik
On Wed, 28 Apr 2004 [EMAIL PROTECTED] wrote:
I need SSL update patch to Squid-2.5 Stable3 to handle HTTPS requests with
Squid Accelerator. Can someone tell me where I can exactly find it , please?
Which is URL ?!
best regards
Sampei
On Wed, 28 Apr 2004, Pascal DeMilly wrote:
How can I tell in the autoconf.pac what host the request came from, so I
can properly redirect to the appropriate (closest) proxy.
http://wp.netscape.com/eng/mozilla/2.0/relnotes/demo/proxy-live.html#isInNet
I kind of remember reading somewhere
Hi
My cache.log often says 'Detected DEAD Parent' and 'TCP
connection to X.X.X.X/8080 failed'.
If my alert tool catches 'Detected DEAD Parent', that tool
tells me this event.
But I can access to the internet through squid box.
I want to tweak timing of 'Detected DEAD Parent's
Hello there, yesterday one of our users going through the squid cache
machine (which is also our networks gateway) began attempting to connect
to random ip addresses what seemed randomly, and far faster then humanly
possible. We suspect he had either some sort of trojan or virus. The
problem
Sorry, I still don't understand. What change is being suggested here?
Are
you saying to increase the size of this error message file by adding
extraneous error message text to it? (The English version of this file
on my
2.5.STABLE2 source tree is 1069 bytes, in /usr/lib/squid/errors it is
Hi,
This is the second instance of issue that I encounter regarding https
via squid2.5STABLE5
Got error message Can not create SSL Socket: Socket Closed
Prematurely.
Please advise.
Regards,
nooshin
I'm looking at setting up a fairly large ( 20 machines) cluster of
Squid caches in an http-acceleration type setup. In some cases the
content we're caching will come from third parties (think of an
Akamai-type setup), so the ability to peer caches and avoid hits on
the origin server is key for
Thanks Joe, I may give that a shot, as well as increasing the file
descriptors, though I don't rightly how, as our squid was installed as a
binary rpm package.
This is cur from my cache.log when I tried to restart squid, does it
look like the kind of thing that may be helped by turning off
Yes. This is exactly the kind of thing that is helped by disabling
half_closed_clients. As I mentioned, I found it alleviated the need to
increase file descriptors in all cases, for my clients. It is still a
problem, however, in that the virus still causes an increased load on
the proxy.
Hello,
I am having a weird CPU usage problem here. Can anybody tell me whats
going on?
I just have upgraded my squid from squid-2.5.STABLE4-20040210 to
squid-2.5.STABLE5-20040425 and squid process cpu usage jumped from %8-%10
to %50-%60 in 2 machines...
I compiled both version with the same
I've given up on this design now Henrik as it does not solve my problems
and am rewriting the design doc to remove proxy auth and do all client
side custom GUI auth (perl/GTK maybe) against mysql.
But as a temporary fix I would kill the browser from the server doing an
ssh or something. Can you
Jason,
I added the following to my /etc/squid/squid.conf configuration file, when I
had similar problems with the squid proxy as you are having. I am using the
binary version of squid as well. Haven't had a problem in 6 months, and
consider the issue closed.
Simply add the following lines to
Hello,
The following is my ldif file of LDAP.
dn: dc=mydomain,dc=com
o: mydomain
objectclass: top
objectclass: organization
dn: cn=Manager, dc=mydomain, dc=com
cn: Manager
objectclass: top
objectclass: organizationalRole
dn: cn=Users,dc=mydomain,dc=com
cn: Users
objectclass: top
objectclass:
Dear Enrik,
I should like you to clear up this point please:
Why W.Update is unlikely to accept https_port directive ?
The client should reject this as the SSL certificate of the server does
nto match, but if you make your own CA trusted by the clients then it
may
be possible to work around
On 28 Apr 2004, Prashant Kumar wrote:
But as a temporary fix I would kill the browser from the server doing an
ssh or something. Can you tell me how many times an ext acl is called by
squid
Once per ttl and unique query to the helper.
See the external_acl_type directive for the ttl
Hi there,
We are running Squid V2.5 Stable on a Proliant DL380 G3 running Redhat Linux 8 (kernel
2.4.18-19). Servers have 2.5GB of RAM. We have a IPrism → Caching → AV
server chain setup (6 of each with 1:1 relationship). We’ve been in production
mode for
On Wed, 28 Apr 2004 [EMAIL PROTECTED] wrote:
How is'it possible making my own CA trusted by the clients ?
You need to get your CA certificate installed in each clients list of
trusted CAs.
Where can I get Windows Update SSL certificate to locate inside my squid
accelerator ?
You can't. You
On Wed, 28 Apr 2004, Zand, Nooshin wrote:
This is the second instance of issue that I encounter regarding https
via squid2.5STABLE5
Got error message Can not create SSL Socket: Socket Closed
Prematurely.
Anything in cache.log?
Regards
Henrik
On Wed, 28 Apr 2004, Cavanagh, Kevin B wrote:
Users attempting to get to either www.google.com or www.yahoo.com
get misdirected to other sites (usually inappropriate ones like
www.viewmya**.com, etc).
My question is how does one go about troubleshooting a problem like this and how do
On Wed, 28 Apr 2004, Will Lowe wrote:
If not, here are some questions:
1) Will squid be unhappy if the local machine has itself listed as a
peer? In this case I could put the SAME squid.conf on every machine
(via cfengine/rdist/whatever) and just list all 20 caches in it.
2) Is there
On Thu, 29 Apr 2004, Hilal Afridi wrote:
Joe i still have not been able to take care of those TCP/MISS 000 requests.
I have been trying to post this question to the list by lord knows why it
aint getting there.
This question got to the list.
What TCP_MISS/000 problem is you having?
Btw,
Dear Henrik
Thanks for the info. I've subscribed to the dev mailing list.
| Won't do what you are looking for as netfilter only knows packets, not
HTTP or URLs.
But in theory it could be possible to combine the string match, connmark
and tc to shape certain types of http requests using
Has anybody experienced problem when users are downloading files (ex: .zip files,
specially with IE and WinXP) and the download is being cut in any point of the
transfer? Squid didn't helped me in that problem neither.
When I post a popular programs, it's virutally impossible for my end users
Henrik Nordstrom wrote:
On Thu, 29 Apr 2004, Hilal Afridi wrote:
Joe i still have not been able to take care of those TCP/MISS 000 requests.
I have been trying to post this question to the list by lord knows why it
aint getting there.
This question got to the list.
What TCP_MISS/000 problem
On Wed, 28 Apr 2004, Sureen L wrote:
dn: cn=Mur,cn=Users,dc=mydomain,dc=com
cn: Mur
uid: mur
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
userPassword: {SHA}dmMt8K4+dyKZqGTt90RZD4k=
dn: cn=zen,
But I think the answer to your questions is no on all three issues if you
are not prepared to do some coding to have the features implemented.
Well, I need to get (a first draft of this) implemented fairly
quickly, so I might have to live with lots of config files in the
short term. In the
On Wed, 28 Apr 2004, Karl Kopper wrote:
I'm running RH 7.3.
I just modified the file in /usr/lib/squid:
# ls -l /usr/lib/squid/errors/English/ERR_CACHE_ACCESS_DENIED
-rw-r--r--1 root root 9028 Apr 26 15:51
/usr/lib/squid/errors/English/ERR_CACHE_ACCESS_DENIED
# service
Nothing found in cache log.
Nothing found in tcpdump.
Same as other instance that I reported it is perfectly working on
squid2.4STABLE(X) version.
Regards,
nooshin
-Original Message-
From: Henrik Nordstrom [mailto:[EMAIL PROTECTED]
Sent: Wednesday, April 28, 2004 3:15 PM
To: Zand,
Spam detection software, running on the system gondor.local, has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or block
similar future email. If you have any questions, see
[EMAIL PROTECTED] for details.
On Wed, 28 Apr 2004, Will Lowe wrote:
short term. In the longer term I don't mind writing code at all. Of
the three ideas I suggested, is there one that people see as best?
Can you repeat them? (memory is short.. did not see them as exclusive of
each other)
Regards
Henrik
Hello,
I have 3 IPs configured on my box, while Squid is binded with IP B (it
only accepts requests on this IP), Squid show's up as IP A (which is
my main IP on this box) when doing a request on pages. Is it possible
to configure Squid to use as IP B when doing requests on pages?
Thank you.
- Original Message -
From: Joe Cooper [EMAIL PROTECTED]
To: Henrik Nordstrom [EMAIL PROTECTED]
Cc: Hilal Afridi [EMAIL PROTECTED]; [EMAIL PROTECTED]
Sent: Thursday, April 29, 2004 4:05 AM
Subject: Re: [squid-users] strange requests
Henrik Nordstrom wrote:
On Thu, 29 Apr 2004, Hilal
On Wed, 28 Apr 2004, Francisco Lopes wrote:
I have 3 IPs configured on my box, while Squid is binded with IP B (it
only accepts requests on this IP), Squid show's up as IP A (which is
my main IP on this box) when doing a request on pages. Is it possible
to configure Squid to use as IP B when
Dear all,
I am trying Trend Micro Interscan Viruswall for virus scanning. I
install the TrendMicro on the squid box, and the concept is like double
caching. So users request to squid, and squid forward the request to
TrendMicro service. In my opinion, this resulted in delay compared to
before
Hello,
I am using Squid-2.5-STABLE5 together with Samba 3.0.3rc1, Running on
Red Hat Linux 7.3. Recently, clients have been getting an authentication
popup with the proxy server listed as the domain. If this is replaced in
the userid field with the windows domain\userid, and the password is
64 matches
Mail list logo
