Hi ,
I want to know that is it possible for a single Squid server to serve
both as a transeparent INTERCEPTING proxy and a reverse proxy
simultaneously ?
--
Thank you
Indunil Jayasooriya
Hi,
At 12.49 15/10/2007, Paul Cocker wrote:
I'm seeing mswin_check_lm_group.exe Can't find DC for user's domain
'cdltd.co.uk' in the cache.log file.
You must use only netbios domain names, not FQDN domain names.
mswin_check_lm_group.exe is a Lan Manager based helper, so netbios
name
Indunil Jayasooriya wrote:
Hi ,
I want to know that is it possible for a single Squid server to serve
both as a transeparent INTERCEPTING proxy and a reverse proxy
simultaneously ?
Yes. I have all three modes operating here at present. Interceptiong,
forward, and accelerator/reverse.
Just
On 10/16/07, Amos Jeffries [EMAIL PROTECTED] wrote:
Indunil Jayasooriya wrote:
Hi ,
I want to know that is it possible for a single Squid server to serve
both as a transeparent INTERCEPTING proxy and a reverse proxy
simultaneously ?
Yes. I have all three modes operating here at
Hi there!
I asked this question in a former mail, but maybe someone who can help didn't
recoginzed it as it was part of a other main issue.
I just want to know whether there are (web based) filemanager for Squid out
there, which allow me to navigate through the cache content, delete selected
Ah, I forgot to mention that I already tested cachepurger by ISP Systems but
I am looking for an alternative as it seems to work not really correct.
Micha
On tis, 2007-10-16 at 17:27 +1300, Amos Jeffries wrote:
The default for all accesses (HTTP, ICP, HTCP, SNMP) is deny unless
allowed.
precisely. Simply flagging a peer as htcp is not enough to turn it on. As
now documented.
A requesting peer needs to be allowed by in
http_access
and
Hi,
Michael Jurisch wrote:
I asked this question in a former mail, but maybe someone who can
help didn't recoginzed it as it was part of a other main issue.
I just want to know whether there are (web based) filemanager for
Squid out there, which allow me to navigate through the cache
On tis, 2007-10-16 at 12:22 +0530, Indunil Jayasooriya wrote:
Hi ,
I want to know that is it possible for a single Squid server to serve
both as a transeparent INTERCEPTING proxy and a reverse proxy
simultaneously ?
Yes. But you need two http_access lines, and also remember to add a
On tis, 2007-10-16 at 14:36 +0530, Indunil Jayasooriya wrote:
to setup reverse proxy on squid 2.5 , http_port should be changed to
80, shouldn't it?
First of all you should upgrade to 2.6, then see the FAQ on how to
configure Squid for reverse proxy operation.
Regards
Henrik
signature.asc
Hi Hendrik,
We do appear to be using mod_deflate on our mediapool. Is it better to
exclude the file from this altogether?
Thanks
Henrik Nordstrom wrote:
On mån, 2007-10-15 at 18:41 +0100, Alex Smith wrote:
Hi,
Having weird issues with squid (Squid Cache: Version 2.6.STABLE6). It
seems
Dear All,
I am using Squid 2.6 Stable 4 and Sarg 2.2.2 for report generation.
there was no proper 'how to' for setting up the auto generation of the
sarg report, thus I have put sarg command in hourly cron to auto
generate the report, which is working fine. It is hourly update the
report.
but
On 10/16/07, Henrik Nordstrom [EMAIL PROTECTED] wrote:
On tis, 2007-10-16 at 14:36 +0530, Indunil Jayasooriya wrote:
to setup reverse proxy on squid 2.5 , http_port should be changed to
80, shouldn't it?
First of all you should upgrade to 2.6, then see the FAQ on how to
configure Squid
Hello,
I'm trying to configure a reverse proxy using Squid 2.6 to
serve pages from another server, using both http and https.
Lets say my cache server is mycache.net and I want to serve
both types of pages from cached.mycache.net. The result I'm
looking for is:
http://mycache.net/page -
You need to rotate the log file.
What you need to do is:
* squid -k rotate
* sleep for a few seconds to let squid do what it needs to
* run sarg on the old log file (access.log.0.)
As for the rest, I can't (easily) help you with. I don't run sarg.
Adrian
On Tue, Oct 16, 2007, Arun Shrimali
Hi!
You probably need to explain why you want to do this. For example - why
would you need to change the file permissions? If squid created the
file in the cache, it can read it back - why would you want to change
the permissions?
Ok, I try to keep it short:
We want to deliever specific
Indunil Jayasooriya wrote:
On 10/16/07, Amos Jeffries [EMAIL PROTECTED] wrote:
Indunil Jayasooriya wrote:
Hi ,
I want to know that is it possible for a single Squid server to serve
both as a transeparent INTERCEPTING proxy and a reverse proxy
simultaneously ?
Yes. I have all three modes
On Tue, Oct 16, 2007 at 01:55:10PM +0300, Taneli Leppä wrote:
I'm trying to configure a reverse proxy using Squid 2.6 to
serve pages from another server, using both http and https.
I can get the configuration working so that http and https
go to destination site's http or https port, but not
Michael Jurisch wrote:
Hi!
You probably need to explain why you want to do this. For example - why
would you need to change the file permissions? If squid created the
file in the cache, it can read it back - why would you want to change
the permissions?
Ok, I try to keep it short:
We want
Hello,
Michael Alger wrote:
My first question is, why do you want to do this?
We have our reasons. I agree it sounds strange.
My second question is, does squid actually do the SSL handshake
when you have it set up to connect to port 443 only? I've never
tried this so I have no idea if it
On tis, 2007-10-16 at 10:39 +0100, Alex Smith wrote:
Hi Hendrik,
We do appear to be using mod_deflate on our mediapool. Is it better to
exclude the file from this altogether?
It's hard to say what's best, short of having mod_deflate fixed..
whatever else you do there is tradeoffs.
The
On tis, 2007-10-16 at 15:47 +0530, Indunil Jayasooriya wrote:
If upgraded to squid 2.6, I think I need below lines taken from squid FAQ.
http_port 80 accel defaultsite=www.example.com
cache_peer ip.of.real.webserver parent 80 0 no-query originserver
acl our_sites dstdomain .example.com
Hi
Is it possible to host simple files using squid.
I am thinking in particular about using squid to host the proxy
autoconfiguration file, and using my dhcp server to point users to
http://192.168.1.1:3128/proxy.pac
Is this at all possible?
Craig Skinner wrote:
On Mon, Oct 15, 2007 at 12:04:41AM +1300, Amos Jeffries wrote:
It should work. What does cache.log / access.log say when (3) is used?
Thanks for the help, I'll work on dstdomains next, logs below:
###
acl our_networks src 127.0.0.1/32
Craig Skinner wrote:
On Mon, Oct 15, 2007 at 12:04:41AM +1300, Amos Jeffries wrote:
It should work. What does cache.log / access.log say when (3) is used?
Thanks for the help, I'll work on dstdomains next, logs below:
###
acl our_networks src 127.0.0.1/32
Sven Frommholz - Konexxo GmbH wrote:
Amos Jeffries wrote:
Sounds like a firewall problem. The fact squid isn't logging a
connection attempt makes it probable.
What error message are the clients showing when they drop the
connection?
Amos
Windows Firewall is completely turned off on all
On mån, 2007-10-15 at 04:20 -0400, Michael Alger wrote:
META HTTP-EQUIV=headername CONTENT=header-value
is equivalent to
headername: header-value
but not everything will parse these as if they were actual HTTP
headers.
This syntax should only be used for HTTP header IF the web server
On Tue, Oct 16, 2007, Chris Picton wrote:
Hi
Is it possible to host simple files using squid.
I am thinking in particular about using squid to host the proxy
autoconfiguration file, and using my dhcp server to point users to
http://192.168.1.1:3128/proxy.pac
Is this at all possible?
Amos Jeffries wrote:
I suggest adding defaultsite=mysite.example.net to those to help out
users with broken software.
Thanks for the suggestion!
add name=XX to the existing cache_peer
then add:
cache_peer cached.mycache.net parent 443 0 originserver name=YY
all cache_peer_access and
On tis, 2007-10-16 at 13:55 +0300, Taneli Leppä wrote:
Hello,
I'm trying to configure a reverse proxy using Squid 2.6 to
serve pages from another server, using both http and https.
http://mycache.net/page - http://cached.mycache.net/page
https://mycache.net/page -
On tis, 2007-10-16 at 14:02 +0200, Chris Picton wrote:
Hi
Is it possible to host simple files using squid.
I am thinking in particular about using squid to host the proxy
autoconfiguration file, and using my dhcp server to point users to
http://192.168.1.1:3128/proxy.pac
Is this at
Hi all,
I set squid 2.6 transparent proxy with default settings on P4 2000 RAM 512/
80GB HDD. I change only
cache_mem 128 MB
cache_dir ufs /usr/local/squid/cache 40960 16 256
Squid works normally and do caching. It takes 300Mb RAM, and about 3GB HDD
space, but it DOESNT use more space. Squid
Taneli Leppä wrote:
Amos Jeffries wrote:
I suggest adding defaultsite=mysite.example.net to those to help out
users with broken software.
Thanks for the suggestion!
add name=XX to the existing cache_peer
then add:
cache_peer cached.mycache.net parent 443 0 originserver name=YY
all
Chris Picton wrote:
Hi
Is it possible to host simple files using squid.
I am thinking in particular about using squid to host the proxy
autoconfiguration file, and using my dhcp server to point users to
http://192.168.1.1:3128/proxy.pac
Is this at all possible?
Not easily yet.
I've tried
Amos Jeffries wrote:
Just one last: are people going to be visiting mycache.net? or
cached.mycache.net?
They're going to be visiting mycache.net, so I guess it's
correct.
cache_peer should use a private domain name or even IP address so you
can later change public DNS without breaking squid.
For the ignorant among us can you clarify the meaning of devices?
Paul Cocker
IT Systems Administrator
IT Security Officer
-Original Message-
From: Adrian Chadd [mailto:[EMAIL PROTECTED]
Sent: 15 October 2007 10:28
To: Tek Bahadur Limbu
Cc: Haytham KHOUJA (devnull);
On Tue, Oct 16, 2007, Paul Cocker wrote:
For the ignorant among us can you clarify the meaning of devices?
Bluecoat. Higher end Cisco ACE appliances/blades. In the accelerator space,
stuff like what became the Juniper DX can SLB and cache about double what
squid can in memory.
Just so you know,
I have a number of users which are trying to access
http://www.todaysmilitary.com. However, they are not able to even pull up
the website on their browsers. I tail'ed the squid access log and noticed
TCP_MISS/OOO entries. I know that TCP_MISS usually means that the client
aborted the GET request
thanxs for that hint - it worked as a fix
i have addes this to my squid.conf
acl javaNtlmFix browser -i java
header_access Proxy-Authenticate deny javaNtlmFix
header_replace Proxy-Authenticate Basic realm=Internet Access
now any java-client (java web start, java or applets in browser) will only
Hi All,
I am running a squid reverse-proxy on solaris 10.
It runs smoothly most of the time, however, I have had 2 core dumps in last 3
months and had to restart squid manually.I have the core file but not
sure how to analyze
it.
Any help would be appreciated.
Thanks,
Hasib
On 10/15/07, Henrik Nordstrom [EMAIL PROTECTED] wrote:
Probably you have a TCP connection based load balancer instead of one
that balances on actual traffic, and the Netcaches have persistent
connections disabled..
See the client_persistent_connections and persistent_request_timeout
Hello All;
I have a rule which blocks the use of CONNECT based on the user calling an
IP address vs. FQDN, this works great!
I am able to specify allowed IP addresses by adding them into
/squid/etc/allow-ip-addresses.
I am in need of adding entire subnets, or parts of a network as well,
has anyone here encountered an issue with how squid handles web-based
emails? (gmail, yahoo, hotmail) Im running squid 2.6-stable16 on a
openbsd box. everytime i try to logged into gmail, yahoo or any other
web-based email service all i see is the page that reloads all the
time.. without ever
On tis, 2007-10-16 at 09:42 -0700, Tory M Blue wrote:
Client persistence in a reverse proxy environment makes no sens
I disagree. The TCP setup cost is a very large portion of the total page
load time, especially if you have users far away..
but it do place a different workload on the load
I was wondering if anyone knew a way to block access
to anonymous proxying sites. Some of our users have
worked out how to bypass the denied.list and as a
result we have no logging as to their surfing
activity
Yep, proxies are a _huge_ problem. There are thousands
of them: my personal list
Vadim Pushkin wrote
Hello All;
I have a rule which blocks the use of CONNECT based on the
user calling an
IP address vs. FQDN, this works great!
I am able to specify allowed IP addresses by adding them into
/squid/etc/allow-ip-addresses.
I am in need of adding entire subnets,
thanks for the reply alexandre ... i found what the issue was ..
there's something funked with the header_access options that a
collegue of mine put into the config file. he basically wanted squid
to act as a elite proxy, and not give away x-for and http-via keys. he
did succeed but it broke
On Wed, Oct 17, 2007 at 01:12:41AM +1300, Amos Jeffries wrote:
Doh!. I'm just going to go aside and kick myself a bit.
reP_mime_types is a REPLY acl.
it should be used with http_reply_access :-P
Beautie mate! Stupid of me!
acl our_networks src 127.0.0.1/32
http_access allow
We have been using squid in the following configuration since the end year 2000.
Outward facing public squid servers serve content for multiple hosts.
Behind the public servers is a middle layer of squid servers that hide
the real origin servers.
The real origin servers are various content
I have a number of users which are trying to access
http://www.todaysmilitary.com. However, they are not able to even pull up
the website on their browsers. I tail'ed the squid access log and noticed
TCP_MISS/OOO entries. I know that TCP_MISS usually means that the client
aborted the GET
We have been using squid in the following configuration since the end year
2000.
Outward facing public squid servers serve content for multiple hosts.
Behind the public servers is a middle layer of squid servers that hide
the real origin servers.
The real origin servers are various content
On Tue, Oct 16, 2007, Chuck Kollars wrote:
The list on http://proxy.org is the most complete one
I know of. If you can figure out a way to
automatically suck up their entire list _every_day_,
remove duplicates, and add all those to your banned
list, you can stop _much_ (but not anywhere near
and
dangerous content by MailScanner, and is
believed to be clean.
__ NOD32 2595 (20071016) Information __
This message was checked by NOD32 antivirus system.
http://www.eset.com
__ NOD32 2595 (20071016) Information __
This message was checked by NOD32 antivirus
Adrian Chadd disse na ultima mensagem:
On Tue, Oct 16, 2007, Paul Cocker wrote:
For the ignorant among us can you clarify the meaning of devices?
Bluecoat. Higher end Cisco ACE appliances/blades. In the accelerator
space,
stuff like what became the Juniper DX can SLB and cache about double
54 matches
Mail list logo