On 5/23/2013 8:42 AM, Brett Lymn wrote:
One problem with using L2 is that you then lose the ability to log the
client IP address, everything appears to come from the load balancer.
Using L7 you can, at least on some load balancers, insert a
X-FORWARDED-FOR header with the client IP in it so you
Hello,
I have the next configuration:
- Ubuntu 12.04 with 2 interfaces eth0 (local) and eth1 (internet access)
- IPtables 1.4.12
- Squid 3.3.4 with Tproxy
With Iptables I have configured the proxy to forward the traffic from the
local LAN (eth0) to the outside world (eth1). The configuration
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph { margin-top:0in;
margin-right:0in; margin-bottom:0in; margin-left:.5in; margin-bottom:.0001pt; }
p.MsoListParagraphCxSpFirst, li.MsoListParagraphCxSpFirst,
div.MsoListParagraphCxSpFirst, p.MsoListParagraphCxSpMiddle,
Thank you for the update advice everyone, and for the squid.repo suggestion,
that worked very nicely to update squid using yum.
I'm now using the latest version (3.3.5) however it seems a few of the lines
in the rest of my squid.conf are obsolete - so although squid starts with
the current
I was testing an external_acl_type and set ttl=3 so my script would be called
often enough to see what was happening. This seemed to result in the acl
logging as denied fairly regularly, even though it definitely returns OK.
Putting ttl up to 30 seconds seems to make all the problems go away.
Chiming in here about the kemps
I used the kemps because they were available for this project. They have
worked quite well and as very easy to manage. HA works fine. Troubleshooting
is OK too (its looks like a BSD box under the hood).
L7 so that (as noted by Brett), I see to see the client IPs.
Referencing that Kerberos-load-balancer-and-AD thread, yes it does work :-).
A user is created in AD, and an SPN with the lB FQDN points to that user.
That user is then used to create the keytab on each proxy.
Sean
On 22 May 2013 22:41, SPG spggps...@gmail.com wrote:
Hi,
then, with this
Hi,
I use squid 3.3.5 with the ssl-bump feature.
My private key is crypted and I want to enter the password at start time.
Since 3.3.5 squid wants to execute a program even I haven't configured
sslpassword_program and start squid with the -N option.
--snip--
idvhttpsproxy01:~ # squid -f
Hi guys,
I am using squid 3.1.10.
I have this in my squid.conf:
acl Senior proxy_auth rafael.gomes
delay_pools 1
delay_class 1 4
delay_parameters 1 -1/-1 -1/-1 -1/-1 -1/-1
delay_access 1 allow Senior
But when I tried to use that proxy using rafael.gomes user, my
navigation is very slow. What
On 05/23/2013 08:27 AM, Dieter Bloms wrote:
Hi,
I use squid 3.3.5 with the ssl-bump feature.
My private key is crypted and I want to enter the password at start time.
Since 3.3.5 squid wants to execute a program even I haven't configured
sslpassword_program and start squid with the -N
i am using HAProxy, with Kerberos auth and have no issues. Once i
figured out the keytab bit, where you make one keytab file and put that
one keytab file on all proxies in the load balanced pool, i was off and
running. My relevant HAProxy configs:
global
log 127.0.0.1 local1
Question regaring cache.log in newer versions of squid, where are my
logs??
I usually parse/grep the output from /var/log/output.log when I am
processing blacklists for errors, now, squid is no longer placing those
errors there, if I am lucky, Ill get a single entry when there are
multiple
12 matches
Mail list logo