Re: [squid-users] High load problem with a broken client (Nokia app)

El 20/09/2012 5:55, Amos Jeffries escribió: > Welcome to the real world. Software all has capacity limits. Someone is > performing a *DoS* on your proxy using an internal link with higher > capacity than your service software. What do you do about that? > * close the hole (fix the app, disable it

[squid-users] High load problem with a broken client (Nokia app)

Hi friends, I have a weird problem of saturation due to a broken client and I don't know how fix it (I can force user to disable the app who cause the problem, but I think that should be a solution for avoid that a bad client can overload the server and affect to proxy service by itself). I have

Re: [squid-users] X-Forwarded-For Header

El 29/04/2012 3:23, escribió: > Sorry for the top post. > > Firstly that website is broken. Xff is a list header and always has > been. > > Secondly 3.0 is an extremely old Squid version which only supports > on/off for the forwarded_for directive. You need to upgrade. > > Amos Thank you ver

[squid-users] X-Forwarded-For Header

Hi friends, I'm using squid/3.0.STABLE25 and I have a problem for access to a webpage that checks the X-Forwarded-For header. It looks like the web requires that X-Forwarded-For header contains only the IP of my client, but my squid proxy are sending this header: forwarded_for on --> X-Forwarded

[squid-users] Kerberos: Problem for generate keytab file

Hi friends, I have a problem for implement kerberos authentication on my squid server. I'm using this article of the squid wiki: http://wiki.squid-cache.org/ConfigExamples/Authenticate/WindowsActiveDirectory My server is Red Hat Enterprise Linux (minimal) 6.2 (all package updated), with the offic

[squid-users] Kerberos: Problems for generate the keytab file

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi friends, I have a problem for implement kerberos authentication on my squid server. I'm using this article of the squid wiki: http://wiki.squid-cache.org/ConfigExamples/Authenticate/WindowsActiveDirectory My server is Red Hat Enterprise Linux (m

Re: [squid-users] Allow full access during a limited time period

El 15/04/2011 16:34, Eliezer Croitoru escribió: you can mange to do it using a simple auth helper or acl helper that has some daily database and if a user flag the login it will mark this hour and every time the user will try to access the site the helper will check the last time the flag was r

Re: [squid-users] Allow full access during a limited time period

would be the _first_ occurrence of a "auth_users" lookup in the ACL ordering, but this type of ordering would be required to accomplish what you are looking for. This could also have the side effect of displaying the USERID of the person trying to visit a BLOCKED site, via Squid ACL, unless this

[squid-users] Allow full access during a limited time period

Hi, I have a doubt: Can I setup squid for allow full and free access during a limited time period (for example, 15 minutes per day) for users can access to any site without restrictions? I don't like prohibit access to some popular sites, but I can't open it permanently, since this is an off

Re: [squid-users] Why need this for get "auth-sync" between squid and dansguardian?

El 03/04/2011 9:22, Amos Jeffries escribió: On 02/04/11 01:12, Fran Márquez wrote: I'm modifying the squid.conf file of my proxy server for replace "basic auth" for "ntlm auth". Please consider going straight to Negotiate/Kerberos. NTLM is officially deprecated an

[squid-users] Why need this for get "auth-sync" between squid and dansguardian?

I'm modifying the squid.conf file of my proxy server for replace "basic auth" for "ntlm auth". All work fine in squid, but when I use dansguardian, I've noticed that dansguardian doesn't get the username if I remove this lines from squid.conf: ---

Re: [squid-users] Slow performance when enable NTLM auth

I've fixed the problem using my other DC in samba configuration. Probably the main DC is busy due to other process/applications auth petitions and is the cause of this poor performance. Regards, F.J El 24/03/2011 14:45, Amos Jeffries escribió: On 24/03/11 22:56, Francisco José Márquez Gómez w

[squid-users] Performance: Negotiate or NTLM?

Hi, Is the Negotiate auth protocol faster than NTLM or it also increase (x2 or x3) the http traffic when is used? Regards, F.J

Re: [squid-users] Squid parent: child process exited due to signal 6

Ok, thank you for the reply and your great work. El 29/03/2011 14:09, Amos Jeffries escribió: On 30/03/11 00:53, Fran Márquez wrote: Hello, When I use NTLM auth (Samba 3.0, package from RHEL5.6) with squid 3.2 (latest version) compiled from source, I get this in /var/log/messages: Mar 29 13

[squid-users] Squid parent: child process exited due to signal 6

Hello, When I use NTLM auth (Samba 3.0, package from RHEL5.6) with squid 3.2 (latest version) compiled from source, I get this in /var/log/messages: Mar 29 13:47:13 localhost squid[2511]: Squid Parent: child process 2597 exited due to signal 6 with status 0 Mar 29 13:47:16 localhost squid[25

[squid-users] Best Filesystem and partitioning for squid

Hello, Which Filesystem is the best for squid use? And respect to partitions, Is better use traditional partitions instead of logical volumes? Regards and thank you.

[squid-users] Compile from scratch with same config that original RHEL5.5 package

Hi, How can I compile latest version of squid, but maintaining same directory structure that original package of Red Hat Enterprise Linux 5.5? I've compiled version 3.2.0.5 of squid and all its files are inside of: /usr/local/squid, not respecting the correct directory structure of general l

Re: [squid-users] Slow performance when enable NTLM auth

El 24/03/2011 14:45, Amos Jeffries escribió: On 24/03/11 22:56, Francisco José Márquez Gómez wrote: Hi friends, I'm suffering a speed problem when I use NTLM for auth users. If I use basic auth, all work fine and webpages load almost instantaneous, but when I enable NTLM, same webpages can took