On Wed, 2010-12-08 at 18:19 +1300, Amos Jeffries wrote:
On 08/12/10 16:51, Rodolfo Alcazar Portillo wrote:
With Firefox, TCP_MEM_HIT:
1291778947.206 0 127.0.0.1 TCP_MEM_HIT/200 626 GET
http://www.elpais.com/css/i_portadillas.css? - NONE/- text/css
...
The VERY SAME PAGE with Google
Hello list we have
two squid SERVERS (sibling) running Squid 2.7.STABLE9
Serving almost all our static content
From what I can see squid is performing well considering the amount of
traffic (*)
Our only problem is that we have too many time wait conn..
63110 TIME_WAIT
12 CLOSE_WAIT
108 CLOSING
On 09/12/10 23:14, karj wrote:
Hello list we have
two squid SERVERS (sibling) running Squid 2.7.STABLE9
Serving almost all our static content
From what I can see squid is performing well considering the amount of
traffic (*)
Our only problem is that we have too many time wait conn..
On 09/12/10 19:43, Tom Tux wrote:
Hi
We moved our W2K3-Domaincontrollers to W2K8-DC's. The active-directory
operational mode is still 2003.
We're using kerberos-authentication against the active-directory.
Nightly runs the msktutil --auto-update on the squid-proxy. One day,
this updated the
On 09/12/10 15:07, Rich Rauenzahn wrote:
I'm not convinced I have peering configured correctly. Here is my environment:
These are internal specialized squid servers for serving internal web
sites/deliverables. The main squid server at corporate is intended to
accelerate a few sites. At
I recognized, that the values in the AD-computer-object (attribut
msDS-SupportedEncryption-Type) has to match the client-kerberos-ticket
(session-key) and the settings made in /etc/krb5.conf. On all three
parts, the aes-256value must be set.
If not, there's not authentication possible.
Is it
It is technically impossible to hide your WAN IP.
There are low level OS calls to retrieve the address of
the other party.
Marcus
Tony wrote:
I was told that this is all I need to get this to work. I'm using
the latest version of squid 3.1.9 My browser proxy setting is set
to localhost 3128
Thank you!
I did some checking and I was able to set 'forwarded_for' to 'transparent'
in 2.7STABLE9. I was still able to get espn3.
I really appreciate this thread. Not that I'd ever watch espn3 at work...
.
.
Does 'transparent' offer any extra security over setting 'forwarded_for' to
'off'?
Awesome linky amos. Thanks it is just what I'm looking for. I'm going to try
to work that into my squid.conf file and I'll report back here any problems.
--
View this message in context:
http://squid-web-proxy-cache.1019090.n4.nabble.com/authentication-problems-tp3072735p3080564.html
Sent from
AWESOME it is working mostly flawlessly!!
I notice that the whitelist file (/etc/squid3/whitelist1.sites) doesn't take
comments or duplications or reduntant info. Like .ftp.debian.org when there
is already a .debian.org. It errors and don't work. But once I got over that
it seems to be working
Hi Tom,
What does klist -ekt squid.keytab show ? Does it have an entry for AES ?
Did you use --enctypes 28 with msktutil as described here
http://wiki.squid-cache.org/ConfigExamples/Authenticate/Kerberos#Create_keytab ?
Markus
Tom Tux tomtu...@gmail.com wrote in message
Hi,
I'm using 3 cache_dir with coss for fallback.
I noticed that on peak hours, squid crashed and cache.log showed:
2010/12/09 16:55:10| storeCossCreateMemBuf: Maximum number of full
buffers reached on /usr/local/var/cache/coss2/stripe. You may need to
increase the maxfullbuffers option for
Hi Markus
In the meantime, the klist -etk /etc/krb5.keytab have AES entries:
AES-128 CTS mode with 96-bit SHA-1 HMAC
AES-256 CTS mode with 96-bit SHA-1 HMAC
But they were made by the nightly msktutil --auto-update job (after
30 days were passed). And during this step, that
I am running squid on a Debian machine, Version: 3.0.STABLE8-3+lenny3
I have a situation where ubuntu updates are corrupted. The end users
get a message about hash sum mismatches. If they re-try the update,
squid delivers the same corrupted file.
Yesterday they reported to me three
Greetings squid users,
I recently installed squid 3.1.9 on an RHEL 5 server, with no options when
running ./configure.
We have a proprietary tool that sends files from one machine to another over
HTTP, and I wanted to have squid always cache the files to help improve
transfer times when the
Doh! I feel like a moron.
Read up on the refresh_pattern command, and it seems that first 0 on the last
line was causing everything to be marked as not fresh right away.
I upped that value, and my cache is now filling up.
Nothing to see here=)
-Original Message-
From:
I have another related question:
I can see my cache filling up, but I'm sending about 7 gigs through the proxy,
and the cache doesn't even have 300 MB in it yet, and the transfer is at 62%.
Looking in the store.log, I see a mix of RELEASE and SWAPOUT lines. Also, none
of the files are 2 GB.
I noticed that the extensions of the files not being cached are not present in
the mime.conf that squid uses.
Is it correct to assume that all extensions must be present in the mime types
table in order for the file to be cached?
-Original Message-
From: Volker-Yoblick, Adam
Hmmm nevermind, that seemed to be incorrect.
Anyone have any ideas about why my cache only has 500 MB in it for a 7GB set of
files? I can provide snippets of logs if needed.
-Original Message-
From: Volker-Yoblick, Adam
Sent: Thursday, December 09, 2010 6:13 PM
To: Volker-Yoblick,
-Original Message-
From: Volker-Yoblick, Adam
I have another related question:
I can see my cache filling up, but I'm sending about 7 gigs through the proxy,
and the cache doesn't even have 300 MB in it yet, and the transfer is at 62%.
Looking in the store.log, I see a mix of RELEASE
On 10/12/10 11:21, Alex King wrote:
I am running squid on a Debian machine, Version: 3.0.STABLE8-3+lenny3
I have a situation where ubuntu updates are corrupted. The end users get
a message about hash sum mismatches. If they re-try the update, squid
delivers the same corrupted file.
Yesterday
On 10/12/10 05:05, soylentgreen wrote:
Thank you!
I did some checking and I was able to set 'forwarded_for' to 'transparent'
in 2.7STABLE9. I was still able to get espn3.
transparent for XFF does not exist in Squid-2.
Regarding its usage:
Use it only if you completely trust the XFF
No, none of the files are 2GB. I know that's a limitation, that's why I
mentioned it. =)
Anyone else know why the cache might not be populating correctly?
-Original Message-
From: Amos Jeffries [mailto:squ...@treenet.co.nz]
Sent: Thursday, December 09, 2010 9:39 PM
To:
On 10/12/10 07:16, ant2ne wrote:
AWESOME it is working mostly flawlessly!!
I notice that the whitelist file (/etc/squid3/whitelist1.sites) doesn't take
comments or duplications or reduntant info. Like .ftp.debian.org when there
is already a .debian.org. It errors and don't work. But once I got
On 10/12/10 08:02, jeff donovan wrote:
okay made a few changes to the conf file to bring up to 3.1 terminology. things
are still bogging down.
I just erased and reset the cache squid -z and my internet speeds are back
to normal.
ill run for 24 hours and see how things go. This jam up has
On 10/12/10 02:37, BASDarchive wrote:
On Dec 7, 2010, at 10:35 PM, Amos Jeffries wrote:
On Tue, 7 Dec 2010 19:35:08 -0500, BASDarchive
basdarch...@beth.k12.pa.us
wrote:
On Dec 7, 2010, at 5:13 PM, Amos Jeffries wrote:
On 08/12/10 05:32, donovan jeffrey j wrote:
greetings
i recently
On 10/12/10 03:40, Marcus Kool wrote:
It is technically impossible to hide your WAN IP.
There are low level OS calls to retrieve the address of
the other party.
Marcus
Well
Tony:
you can unplug your machine and power it down. That way it won't be
contacting anyone from that IP.
thanks for the feedback ..kinda defeats the purpose for adding those
request_header variable options and forwarded_for variable if they
don't do what is intended in the squid.conf file ..
On Thu, Dec 9, 2010 at 10:34 PM, Amos Jeffries squ...@treenet.co.nz wrote:
On 10/12/10 03:40, Marcus Kool
On 09/12/10 21:28, Rodolfo Alcazar Portillo wrote:
On Wed, 2010-12-08 at 18:19 +1300, Amos Jeffries wrote:
On 08/12/10 16:51, Rodolfo Alcazar Portillo wrote:
With Firefox, TCP_MEM_HIT:
1291778947.206 0 127.0.0.1 TCP_MEM_HIT/200 626 GET
http://www.elpais.com/css/i_portadillas.css? -
On 08/12/10 02:36, Dieter Bloms wrote:
Hello,
since an upgrade from 2.7STABLE9 to 3.1.9 I get several core dumps a day
after a logentry like:
assertion failed: AclProxyAuth.cc:229:
authenticateUserAuthenticated(Filled(checklist)-auth_user_request)
Ouch. You have been bitten by bug 2305.
30 matches
Mail list logo
