On Tue, 11 Oct 2005, Mark Jayson R. Alvarez wrote:
Can I have an ACL which says that http-connect method be allowed only on
trusted network? Our proxy allows connection of yahoo messenger but, not
limited to our network, someone tried it at home and it worked.
Yes. Your http_access rules are
Hello @all,
I have a problem concerning the combination of ntlm_auth Windows
Update. My scenario:
Squid 2.5.9-10sarge2 on Debian Sarge authenticates the users against MS
Active Directory with ntlm_auth with this squid.conf:
### squid.conf ###
client_netmask 255.255.255.0
Daniel Halbe wrote:
As you can see the proxy first says: Authentification required. Then the
client responds and sends an NTLM_AUTH challenge and the proxy permits
access. This works fine for every webpage but not for Windows Update :-(
312955 - Windows Update may Not work in Windows XP if an
Hi Odhiambo,
Thanks for the suggestions. I have checked out STABLE11
source code and I believe the behavior is the same. So,
do you think this is a bug? Is there any workaround you
are aware of? Any help will be greatly appreciated.
Thanks,
--Chris
} else if (r-flags.ims) {
Daniel Halbe wrote:
### squid.conf ###
client_netmask 255.255.255.0
dns_nameservers XXX.YYY.172.3
auth_param ntlm program /usr/bin/ntlm_auth
--helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 15
auth_param ntlm max_challenge_reuses 0
auth_param ntlm
I'm using squid as transparent proxy
this is my configuration, it works for Squid
2.5.STABLE9:
http_port 8000
http_port 8001
http_port 8002
http_port 8003
http_port 8004
..
acl port_0 myport 8000
acl port_1 myport 8001
acl port_2 myport 8002
acl port_3 myport 8003
acl port_4 myport 8004
..
Am Oct 11, 2005 09:56 AM schrieb Stefano Mason
[EMAIL PROTECTED]:
Daniel Halbe wrote:
### squid.conf ###
client_netmask 255.255.255.0
dns_nameservers XXX.YYY.172.3
auth_param ntlm program /usr/bin/ntlm_auth
--helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 15
I have squid listening of multiople ports, is there a way to pass
which of these ports the client connected on to an external acl?
Ben
Greetings.
Is there a way to block Internet radio or streaming audio? A typical
entry in my log looks like this:
http://64.236.34.196/stream/1006
and I'm not sure how to block it.
Any suggestions GREATLY appreciated.
Kenn
On Mon, 10 Oct 2005, Chris Fong wrote:
I am currently using squid 2.5.STABLE9. I noticed that if my request
has the if-modified-since header, server's 302 response becomes no
longer cacheable.
There is a lot odd things going on with cacheable 302 replies, not only
this. 302 is somewhat
On Tue, 11 Oct 2005, Chris Fong wrote:
Thanks for the suggestions. I have checked out STABLE11
source code and I believe the behavior is the same.
It is the same. Has been like this since at least 1998 and the question
has not come up until now.
So, do you think this is a bug?
Squid
Henrik,
thanks very much for the response.
Henrik Nordstrom wrote:
o FTP server issues:
125 Data connection already open; transfer starting.
Not OK. This should have been a
150 File status okay; about to open data connection.
125 is a very special case, only used if a prior
Not much, no.
Seems to me I found a couple compilation errors when I first tried to
install it.
It was no big deal or anything.
If you run into trouble, you can contact me off-list since it's probably
beyond the scope of this list.
Tim Rainier
Information Services, Kalsec, INC
[EMAIL
On Tue, 11 Oct 2005, Ben Sagal wrote:
I have squid listening of multiople ports, is there a way to pass
which of these ports the client connected on to an external acl?
Not implemented, but trivial to add. See src/external_acl.c.
I would suggest using the same names as used in the acl
On Tue, 11 Oct 2005 [EMAIL PROTECTED] wrote:
This is more of a filesystem question, then it is an operating
system/distro question.
Based on my research, the benchmarks on the web claim ReiserFS to provide
up to 15-20% faster results.
I've not had any time to do any benchmarking. My cache is
On Tue, 11 Oct 2005, gembel elit wrote:
delay pools didn't work if i use squid as transparent
proxy, but it worked if i set proxy in browser
setting.
The myport/myip acls by design does not work in transparent proxies.
Is this a bug? how to make it work in squid 3.
Should work in squid 3
Linux squid 2.6.12-1.1378_FC3smp #1 SMP Wed Sep 14 04:52:36 EDT 2005 i686
i686 i386 GNU/Linux
Squid Cache: Version 2.5.STABLE11
configure options: --program-prefix= --prefix=/usr --exec-prefix=/usr
--bindir=/usr/bin --sbindir=/usr/sbin --sysconfdir=/etc --datadir=/usr/share
Is starting at bootime with centos 4.1
--- Henrik Nordstrom [EMAIL PROTECTED] escribió:
On Fri, 7 Oct 2005, Daniel Navarro wrote:
After booting and squid start it lasts about 4-5
minutes until we can start browsing through it.
How are you starting Squid?
If you are using the -F
Does this file exist? - /var/log/squid/store.log
Does the user running squid have permission to write to it?
Basically, do an ls -lah /var/log/squid
and paste the output into the reply email.
Tim Rainier
Information Services, Kalsec, INC
[EMAIL PROTECTED]
Lucia Di Occhi [EMAIL PROTECTED]
Hi,
I am newbie on squid. I am using squid for logging without cache in Windows
2003. I want to setup squid as a Transparent Proxy. Can I do this in
Routing and Remote Access or how can I do? I didn't find port redirecting
in Windows 2003. Can Windows2003 redirect port 80 to port 3128?
Hi Henrik,
Thanks for the answer. Is it true that once 302 becomes
cacheable, the 304 response (if-modified-since = last-modified)
will become cacheable as well?
Thanks,
--Chris
-Original Message-
From: Henrik Nordstrom [mailto:[EMAIL PROTECTED]
Sent: Tuesday, October 11, 2005 5:53
Hi,
At 18.39 11/10/2005, Fatih Tolga Ata wrote:
Hi,
I am newbie on squid. I am using squid for logging without cache in
Windows 2003. I want to setup squid as a Transparent Proxy. Can I do
this in Routing and Remote Access or how can I do? I didn't find
port redirecting in Windows 2003.
Hi Henrik,
At 02.08 11/10/2005, Henrik Nordstrom wrote:
Hello:
We have seen that compressed objets (like javascripts) which are
cached by squid, are downloaded in blocks of 4 KB.
When we take a trace, we can see that the download is done in
blocks of three packets: two packets of 1500
Thank you brett, and all others for your help: It works !!!
I apply the SSL Patch for squid 2.5R11
But...
Unfortunately, I've another problem:
First:
When I start squid, it tells me :
FATAL: ipcache_init : DNS name lookup tests failed.
After reading the squid-users archive, it is fixed:
Sure it does and I keep 30 days worth of logs:
squid[~]ls -alh /var/log/squid/
total 12G
drwxr-x--- 2 squid squid 4.0K Oct 11 04:07 .
drwxr-xr-x 12 root root 4.0K Oct 9 04:04 ..
-rw-r--r-- 1 squid squid 365M Oct 11 14:28 access.log
-rw-r--r-- 1 squid squid 47M Oct 2 04:02
What if the squid cache is stored on the / partition?
Wouldn't that be a hideous mistake to set / to 'noatime' ?
Tim Rainier
Information Services, Kalsec, INC
[EMAIL PROTECTED]
Henrik Nordstrom [EMAIL PROTECTED] wrote on 10/11/2005 10:07:21 AM:
On Tue, 11 Oct 2005 [EMAIL PROTECTED] wrote:
Hi Cris,
Yes, I tried
redirect_rewrites_host_header off
with the same result.
It looks to me Squid is not rewriting the URL of the response to look like
that of the request. The Web/J2EE application is using lots of redirects
and whatever it receives from Squid server (
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Tuesday, October 11, 2005 10:27 AM
To: squid-users@squid-cache.org
Subject: Re: [squid-users] Which the best OS for Squid?
Henrik Nordstrom [EMAIL PROTECTED] wrote on 10/11/2005
10:07:21 AM:
On Tue, 11
On Tue, 11 Oct 2005, amit pasari wrote:
But any idea with TC class ?? some kind of packet marking etc.. ???
Is it possible ??
There is a patch in the squid-dev archives somewhere implementing ToS
marking of cache hits, this should help you build suitable tc classifier.
Regards
Henrik
On Tue, 11 Oct 2005, [iso-8859-1] Luis Fraz?o wrote:
Hi, I?ve been using the Squid for a short period of time.
I?m trying to run a transparent proxy with authentication.
This is not possible, period.
HTTP authentication is possible in an accelerator, but is impossible in an
transparent
First, and foremost, I would hesitate rotating the store log. Henrik and
probably several others, can verify that notion.
Second, do a `du -h` and email the output back.
Tim Rainier
Information Services, Kalsec, INC
[EMAIL PROTECTED]
Lucia Di Occhi [EMAIL PROTECTED]
10/11/2005 02:29 PM
To
I realize that and agree. My situation was screwy because of the server
I'm running squid on.
It has several internal partitions that are used for bios/post which
disallowed me to set up partitions the
way I wanted to.
Not to mention the fact that this was really just a test squid box that I
People,
I'm getting lots of:
libsmb/ntlmssp.c:ntlmssp_update(252)
got NTLMSSP command 3, expected 1
When I get this error, the proxy asks me for a user and password.
This happens with IE6 and Mozilla 1.0.4.
Is there any fix? I've tried some dirty hacks, all of them failed:
Sorry. That's `df -h` as opposed to `du -h`.
Tim Rainier
Information Services, Kalsec, INC
[EMAIL PROTECTED]
[EMAIL PROTECTED]
10/11/2005 03:38 PM
To
squid-users@squid-cache.org
cc
Subject
Re: [squid-users] Crashed squid 2.5.STABLE11
First, and foremost, I would hesitate rotating the
On Tue, 11 Oct 2005, Chris Fong wrote:
Thanks for the answer. Is it true that once 302 becomes
cacheable, the 304 response (if-modified-since = last-modified)
will become cacheable as well?
No. The two are completely different issues.
304 is cacheable today, but only if the object as such
Yeah, that's what I meant. In order to make 304 cacheable in my
situation, the 302 needs to be first cached. I was just trying
to make sure there is no code path that 304 can only become
cacheable if the object is 200 but not 302 since that has never
been the case.
Thanks,
--Chris
Hi Stefano,
thank you for fast answering - you solved the problem :-)
Actually no, he didn't solve the problem, he masked the problem. The real
problem is that MS has done a poor job on the current WU implementation,
forcing it to go through proxies unauthenticated. A -real- solution would
be
What is it about browsing the web that's not fast enough?
It could simply be that authentication routines are slowing it down.
Part of the whole reason behind caching data is to prevent having to
download popular sites/images/files/etc more than once.
For example, if 20 people request the
[EMAIL PROTECTED] said:
What if the squid cache is stored on the / partition?
That's a bad idea. Your cache could potentially fill up the root partition.
Wouldn't that be a hideous mistake to set / to 'noatime' ?
Wouldn't it be a hideous mistake to put the cache on the same partition as
/?
When I start squid, it tells me :
FATAL: ipcache_init : DNS name lookup tests failed.
The DNS server you configured (either in squid.conf or in
/etc/resolv.conf) isn't working, or the dns_testnames you defined can't be
resolved by the DNS server you configured.
Joost
First off, there's no possible way my cache would fill the '/'
partition. There's a cache size directive in squid that's designed to
limit the amount of disk space usage.
Not to mention the fact that I have a utility script that runs every 15
minutes, which pages me if partitions are = to 90%
On 10/11/05, Covington, Chris [EMAIL PROTECTED] wrote:
This is more of a filesystem question, then it is an operating
system/distro question.
Let's say one is using Squid primarily for access control. What
benefits would a cache provide?
Serving any cacheable content out of a RAM cache
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Tuesday, October 11, 2005 1:20 PM
To: squid-users@squid-cache.org
Subject: Re: [squid-users] Which the best OS for Squid?
First off, there's no possible way my cache would fill the '/'
partition.
Hello,
I'd like cachemgr to talk to squid via SSL. I can configure acl's on squid
site, but cachemgr doesn't support this.
Any objections before I open bugreport? :)
--
Matus UHLAR - fantomas, [EMAIL PROTECTED] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this
Thirdly, can someone PLEASE answer my question about setting / to
'noatime', as opposed to avoiding it by telling me how and why what
I'm
doing
is stupid?
Once again, are there pitfalls to having '/' set to 'noatime'?
If your squid box is only used for Squid then there are *probably* no
Hi all,
I'm a linux newbie. My squid is running on Red Hat Enterprise Linux
4.0. I just wondering how to use dynamic delay pool patch (which is
downloaded from squid-dev mailing list) with current Squid release (
2.5 stable 11). I already read README file provided with the patch but
I cannot
Thank you for your answer;
1)My /etc/resolv.conf is working
2)I didn't specified a host name or a fqdn but IP adress either for my
squidHost and the internalHost (client -- squidHost -- InternalHost)
Note that the my aim is :
First : to make reverse proxy working
Second: to make it working for
47 matches
Mail list logo