I have a similar but different requirement in which we need to be able to deny
access to a user at any time.
Your challenge is going to be that squid caches the users login (as does the
browser), and there's no good way to expire a users basic/digest auth
credentials in squid - the user must
for now.
Dave
-Original Message-
From: Amos Jeffries [mailto:squ...@treenet.co.nz]
Sent: Tuesday, July 26, 2011 3:41 PM
To: squid-users@squid-cache.org
Subject: RE: [squid-users] Authentication infinite loop
On Tue, 26 Jul 2011 15:05:22 -0700, David Parks wrote:
After some more testing I'm
to spam user username
with status TCP_DENIED as quickly as possible (notice that the log now shows
the username, not -)
Example auth helper script used:
#!/bin/bash
while read LINE; do
echo $LINE /tmp/output
echo ERR
done
-Original Message-
From: David Parks
In doing some dev work I see a situation where squid gets into an infinite
loop with the browser. The situation:
1) Browser attempts digest authentication against squid (running with a
custom auth helper)
2) auth helper fails user authentication
3) I believe squid caches the authentication
Is there any way to log the actual packet sizes rather than just the size of
the http request+headers that are found in the access log configuration?
I'm getting a segmentation fault error that I can't figure out.
If I remove the [auth_param digest realm Squid proxy-caching web server]
line it parses out just fine.
Squid 3.2.0.8 (and 3.2.0.7)
#
#
# Command:
#
#
./squid -X -d 9 -k parse
#
#
# Log (note segmentation fault at the end)
the
acl file on the fly.
So, I'd have 1 ncsa file with the username and passwords for all users.
Then 2 acl files with high speed users and low speed users?
--
From: David Parks davidpark...@yahoo.com
Sent: Sunday, November 21, 2010 10:02 AM
To: 'J
If you write a custom ACL helper you can match users against any criteria you
define, then implement the delay pools for users that matched your custom ACL
helper.
-Original Message-
From: J Webster [mailto:webster_j...@hotmail.com]
Sent: Saturday, November 20, 2010 9:01 PM
To:
Are you hosting squid on your home internet connection? Your upload bandwidth
is probably limited (25k bytes upstream is common) and too low to forward the
video traffic on to you.
-Original Message-
From: Héctor Andrés Urbina Saavedra [mailto:hau...@mail.usask.ca]
Sent: Sunday,
Hi Luke, Squid is a proxy server, it simply re-directs traffic like a broker
handles a transaction for a client so the client doesn't work directly with
the seller.
It can cache data like images so that when, for example, UserA goes to a
website, when UserB goes to that same website the images
Message-
From: Amos Jeffries [mailto:squ...@treenet.co.nz]
Sent: Wednesday, September 22, 2010 10:34 AM
To: squid-users@squid-cache.org
Subject: Re: [squid-users] SSL between squid and client possible?
On Tue, 21 Sep 2010 16:39:53 -0700, David Parks davidpark...@yahoo.com
wrote:
Can SSL
Message-
From: Henrik Nordström [mailto:hen...@henriknordstrom.net]
Sent: Tuesday, September 21, 2010 1:50 AM
To: David Parks
Cc: squid-users@squid-cache.org
Subject: RE: [squid-users] Interminted TCP_DENIED
mån 2010-09-20 klockan 18:27 -0700 skrev David Parks:
I was not able to reproduce
Can SSL be enabled between client and squid?
Example: An HTTP request to http://yahoo.com goes over SSL from client to
squid proxy, then standard HTTP from squid to yahoo and again secured from
squid to client on the way back?
It seems like this is only possible with reverse proxy setups, not
-users@squid-cache.org
Subject: Re: [squid-users] Interminted TCP_DENIED
On Sun, 19 Sep 2010 12:37:38 -0700, David Parks davidpark...@yahoo.com
wrote:
I've simplified things as far as I can think to and still get what
appear
to
be random TCP_DENIED/407 errors after I've been authenticated.
Using
So I fired up 3.2.0.2 today.
I was not able to reproduce the intermittent 407 problem in this version as
predicted by Amos.
However I did run into some other issues:
1) A bug with digest authentication -
Open a browser and authenticate. Now restart squid (don't close the browser)
Try
I've simplified things as far as I can think to and still get what appear to
be random TCP_DENIED/407 errors after I've been authenticated.
Using Squid 2.7 STABLE 9, I'm now just using the digest_pw_auth
authenticator with a single user pw file of test:test.
If I turn off authentication there's
I'm trying to debug a problem in dev:
- After performing digest authentication (using a custom authentication
helper), pages will load as expected.
- But when I hit large pages which load many resources (example yahoo or
latimes.com) sometimes they will load, but if I hit them a few times I'll
-Original Message-
From: David Parks [mailto:davidpark...@yahoo.com]
Sent: Wednesday, September 15, 2010 8:39 PM
To: squid-users@squid-cache.org
Subject: [squid-users] When is the url_rewrite_program called?
When is the url_rewrite_program called?
Is it before ACL matches occur? Or after
When is the url_rewrite_program called?
Is it before ACL matches occur? Or after the http_access tag is matched?
I'm just trying to figure out the flow of events that occur.
Looking for an answer like:
1) http_access is matched, if denied end
2) url_rewrite_program called
I have a simple ACL helper that fails whenever a user should no longer have
access (I need a way of dynamically blocking access to the proxy on a
per-user basis).
But when the ACL fails the request, the browser goes into a vicious cycle of
continuing to re-try the same request indefinitely and
authentication/acl helpers?
On Wed, 9 Jun 2010 18:49:22 -0600, David Parks davidpark...@yahoo.com
wrote:
Using 3.1.4, when I call squid -k rotate to rotate the logs, it
restarts
all the authentication and acl helpers.
Why is this? I have an ACL helper running for every request (very
quick
cryptic for those
wanting to extend the functionality.
Thanks,
David
-Original Message-
From: Henrik Nordström [mailto:hen...@henriknordstrom.net]
Sent: Thursday, June 10, 2010 1:57 PM
To: David Parks
Cc: squid-users@squid-cache.org
Subject: RE: [squid-users] Rotating logs restarts
Using 3.1.4, when I call squid -k rotate to rotate the logs, it restarts
all the authentication and acl helpers.
Why is this? I have an ACL helper running for every request (very quick),
and the reload of logs is causing it to be down for ~10 seconds.
I would like to be able to parse logs
[mailto:hen...@henriknordstrom.net]
Sent: Sunday, June 06, 2010 12:28 PM
To: David Parks
Cc: squid-users@squid-cache.org
Subject: Re: [squid-users] Digest authentication change from previous version?
sön 2010-06-06 klockan 09:35 -0600 skrev David Parks:
But since there's a change from what I
A while back I tested out squid with a custom Digest authenticator.
I found that squid was caching the authentication requests and not
re-requesting them from the auth-helper.
I don't recall what version I did the test on, but it might have been 2.7.
I am now using 3.0.25 and I see that my
Hi, the digest authentication helper protocol requires that the helper
return the encrypted digest authentication hash given the username and
realm.
The problem is, if I have 2 different realms which authenticate against the
same user credentials, if I store the credentials in a one-way
...@henriknordstrom.net]
Sent: Saturday, June 05, 2010 3:01 PM
To: David Parks
Cc: squid-users@squid-cache.org
Subject: Re: [squid-users] Digest authentication helper question
lör 2010-06-05 klockan 09:07 -0600 skrev David Parks:
Hi, the digest authentication helper protocol requires that the helper
return
From what it looks like Digest Authentication doesn't support concurrency
(sending multiple requests to a single helper). But Basic Auth, and ACL
Helpers do.
Seems odd so I just want to do a verification that I'm reading it right.
Squid 3.0 STABLE 25
Thanks,
David
I noticed that running squid -k reconfigure starts a new authentication
helper, but does not shut down the old one.
Is this normal behavior? Do I just need to monitor for the closing of the input
stream and shut down on that cue?
Just wanna make sure I'm on track.
Dave
p.s. if there are any
Just to make sure I read this correctly - the feature for logging to a UDP port
is not available until 3.2 (which doesn't have a release date in the near
future), correct?
As of now the only option is logging to a file correct?
Thanks,
David
Hi Adam, a few recommendations:
1) There are a number of consultancy and support organization that provide
dedicated support for squid. If you can't find the answer here or yourself (via
code or in docs), they might be an alternative you want to look into
2) The developers and people supporting
Just a thought - it's something I haven't implemented, but it might be worth
you looking into (and hey, if it's useful to you let me know):
I did read along the way that you can use SSH to do a port forward to the
proxy server (there are some write-ups on this indexed in google). This
allows you
I created my own authentication module, and tried setting nonce_max_duration
to 1 minutes (I also tried 1 minute, and 2 minutes to make sure there
wasn't something funky with the word minutes). My authentication module logs
every time it is called.
But when I sit there and hit refresh on the
: Monday, March 22, 2010 12:35 AM
To: squid-users@squid-cache.org
Subject: Re: [squid-users] Disable user accounts
David Parks wrote:
I will be monitoring squid usage logs and need to disable user
accounts from an external app (block them from making use of the proxy
after
I expect a lot of users from the same IP (NAT), is there a way to limit
concurrent connections by authenticated user rather than just by IP (acl
maxconn appears to do it only by IP)?
Thx,
David
I will be monitoring squid usage logs and need to disable user accounts from an
external app (block them from making use of the proxy after they are
authenticated).
I'm not quite following the FAQ on this
connection issue?
Thanks,
David
-Original Message-
From: Amos Jeffries [mailto:squ...@treenet.co.nz]
Sent: Friday, March 19, 2010 1:06 AM
To: squid-users@squid-cache.org
Subject: Re: [squid-users] Requests through proxy take 4x+ longer than
direct to the internet
David Parks wrote:
Hi, I set
Hi, I set up a dev instance of squid on my windows system.
I've configured 2 browsers (Chrome Firefox), chrome direct to the
internet, firefox through the locally running instance of squid.
I expected similar response times from the two browsers, but I consistently
see firefox (configured to
38 matches
Mail list logo
