ons 2009-09-02 klockan 12:21 -0500 skrev SecureSoft - Daniel Merino:
> I’m looking for instructions about how to authenticate my squid with two
> Active Directories. I could authenticate it with one AD with ntlm. Thanks
> for answering
Set up a trust relation between the two.
Regards
Henrik
ons 2009-09-02 klockan 09:27 -0500 skrev Luis Daniel Lucio Quiroz:
> Is there any reason to know why squid suddenly reports 1024 file descriptors,
> if i restart it it goes normal to 64k descriptors.
Someone may have restarted it before with a low ulimit..
Regards
Henrik
ons 2009-09-02 klockan 14:38 +0600 skrev Yuri Vorobyev:
> > acl ident ident REQUIRED
> > http_access deny ident_aware_hosts ident !all
>
> Unfortunately it doesn't work.
Which Squid version?
Regards
Henrik
ons 2009-09-02 klockan 12:24 +0600 skrev Yuri Vorobyev:
> It is possible to limit bandwidth to users, based on ident acl's?
> I'm upgraded to version 3.0.18 and trying this:
For this to work reliably you probably need to refer to an ident acl in
http_access, making Squid wait a little for the id
tis 2009-09-01 klockan 20:17 -0700 skrev xetorthio:
> Hi everyone!
> I ran today to a really strange behavior of squid.
> My application (A) opened by mistake a lot of persistent connection to
> another application (C) going through a squid (B) for caching purposes.
> When I saw the connections I c
tis 2009-09-01 klockan 02:15 -0700 skrev Truth Seeker:
> Really thanks for your effort... i was not able to get back to you, just bcoz
> there were so many unexpected issues on the proxy...
>
> Now your resolution didnt worked for me...
>
> I didnt even got the
> http://balancer.netdania.com/S
tis 2009-09-01 klockan 17:07 +0530 skrev Tejpal Amin:
> My aim is to stop users not logging onto my AD domain from accessing
> the internet.
I am afraid that is not possible. At the HTTP level (what Squid sees)
there is no difference between clients logging on automatically due to
having cached c
tis 2009-09-01 klockan 02:07 -0700 skrev pokeman:
> Hello
> can i use StoreUrlRewrite + url_rewrite_program at the same time ?
Yes.
url_rewrite_program takes place before store url rewrites.
Regards
Henrik
tis 2009-09-01 klockan 11:41 +0400 skrev Дмитрий Нестеркин:
> I'm trying to configure Kerberos authentication for Squid 2.7 (Debian
> Lenny, MIT kerberos; Windows Server 2003 no service packs), but no
> luck :(
Have you set the env variable telling squid_kerb_auth which keytab to
use?
Do the use
mån 2009-08-31 klockan 21:04 -0500 skrev Luis Daniel Lucio Quiroz:
> 2009/08/31 20:45:40| AuthConfig::CreateAuthUser: Unsupported or
> unconfigured/inactive proxy-auth scheme, 'Bdigest_pw_auth(LDAP_backend)
> WARNING, LDAP error 'No such object'
Looks like a mix between an error from Squid and d
mån 2009-08-31 klockan 14:36 -0700 skrev ant2ne:
> Do web browsers have a way of auto discovering squid and configuring
> themselves? If so how do I turn that feature off?
Only if announced by your domain via DHCP and/or DNS. See WPAD.
Regards
Henrik
mån 2009-08-31 klockan 09:21 -0700 skrev Trevor Merrill:
> I am currently testing squid in a reverse proxy configuration with JBoss
> Portal backend servers. My goal is to phase out Apache and mod_proxy and
> gain some speed with squid. I have a basic reverse proxy configuration
> working for ww
lör 2009-08-29 klockan 08:09 -0700 skrev pokeman:
> no answer ?
You may have a better luck in a tproxy related list/forum. Your problem
is with the tproxy kernel component, not Squid.
https://lists.balabit.hu/mailman/listinfo/tproxy
Regards
Henrik
fre 2009-08-28 klockan 20:08 -0400 skrev Chris Richardson:
> Hi guys i am in the process of setting up squid and i chose
> squid_kerb_auth so i could do SSO with out samba but i can not figure
> out how to do group based acls using it is it possible? doesn any one
> have any suggestions or links to
lör 2009-08-29 klockan 15:10 +0930 skrev Brett Lymn:
> Yes, that was the problem only I had some always_direct allow lines
> later in the config that must have been overriding the never_direct -
> I put some explicit denies in the always_direct lines and it worked
> correctly. Thanks for your hel
fre 2009-08-28 klockan 11:35 +0100 skrev Dayo Adewunmi:
> Henrik Nordstrom wrote:
> > fre 2009-08-28 klockan 09:44 +0100 skrev Dayo Adewunmi:
> >
> >> users? Is there a way to make an ACL that would limit the upload of just
> >> a subset
> >> of my ne
fre 2009-08-28 klockan 22:53 +0930 skrev Brett Lymn:
> On Fri, Aug 28, 2009 at 11:58:35AM +0200, Henrik Nordstrom wrote:
> > fre 2009-08-28 klockan 15:22 +0930 skrev Brett Lymn:
> >
> > > I should qualify that - I get an "Invalid request" trying to go to the
fre 2009-08-28 klockan 10:32 +0300 skrev pent 5971:
> I can scroll the log squid log archives with tail command but
> sometimes i want to get some information from it from its coloumns.
> like getting the IP addresses from the logs and take it to an other
> file as list.
awk is a great tool for
fre 2009-08-28 klockan 09:44 +0100 skrev Dayo Adewunmi:
> users? Is there a way to make an ACL that would limit the upload of just
> a subset
> of my network?
It can be done as an external acl based on the source IP and
Content-Length request header.
Regards
Henrik
fre 2009-08-28 klockan 15:22 +0930 skrev Brett Lymn:
> I should qualify that - I get an "Invalid request" trying to go to the
> "acclerated" host - caching access works fine.
What does access.log say?
Regards
Henrik
fre 2009-08-28 klockan 15:14 +0930 skrev Brett Lymn:
'
> I did:
>
> http_port 80
> cache_peer 127.0.0.1 parent 81 0 name=squid no-query originserver
> acl accel_site dstdomain squid.my.domain
> cache_peer_access squid allow accel_site
> never_direct allow accel_site
>
> But I get an "Invalid requ
fre 2009-08-28 klockan 15:22 +0930 skrev Brett Lymn:
> On Fri, Aug 28, 2009 at 03:14:52PM +0930, Brett Lymn wrote:
> > On Fri, Aug 28, 2009 at 03:33:50AM +0200, Henrik Nordstrom wrote:
> > >
> > > Then no accelerator options should be used on your http_port, jus
tor 2009-08-27 klockan 16:24 -0700 skrev Lu, Roy:
> Hi List,
>
> I tried to download the purge tool in the 'related software' page, but
> the links seem to be broken. The last version on page
> http://www.wa.apana.org.au/~dean/squidpurge/ is
> purge-20040201-src.tar.gz, however, all the download l
fre 2009-08-28 klockan 09:54 +0930 skrev Brett Lymn:
> proxy. The current set up is the proxy is running on port 80, the web
> server on port 81. I set up squid with http_accel_host pointing to
> itself, the http_accel_port as 81, httpd_accel_single_host on and
> httpd_accel_with_proxy on.
Then
tor 2009-08-27 klockan 16:41 +0200 skrev Lutze Benjamin [STEMMER IMAGING
GmbH]:
> i am using squid 2.7 as a reverse proxy
>
> is it possible to let squid simply return a cached
>
> page if it cannot reach the webserver?
Provided the page can be validated and not restricted by Cache-Control:
mus
tor 2009-08-27 klockan 03:02 -0700 skrev Evguen:
>
> Henrik Nordstrom-5 wrote:
> >
> > See refresh_pattern. Allows override of most things.
> >
>
> Absolutely right, thanks!
>
> I've done this by commenting following lines :
> #acl QUERY url
Your trace ends with the login credentials being sent to your basic auth
helper for validation.
1. An unauthenticated request being denied with 407.
2. Client coming back with login credentials.
3. Squid seeing the %LOGIN requirement and sends the login credentials
to your basic auth helper for
ons 2009-08-26 klockan 22:34 -0700 skrev pokeman:
> Hello
> can anyone post list of available squidclient mgr: options available
squidclient mgr:
gives you a list. (or actually squid gives you the list..)
Regards
Henrik
tor 2009-08-27 klockan 09:40 +0930 skrev Brett Lymn:
> Yes. Actually the proxy and the destination server are on the same
> machine, but, regardless, our DNS is consistent.
And the clients are accessing the machine as a proxy or as a web server
when requesting these sites?
Regards
Henrik
ons 2009-08-26 klockan 13:44 +0930 skrev Brett Lymn:
> On Wed, Aug 26, 2009 at 01:17:16PM +1200, Amos Jeffries wrote:
>
> Yes, that is the intended reason but all the clients are internal too
> - the original idea was to accelerate serving some internal web
> content. In all honesty, I don't thi
tis 2009-08-25 klockan 13:39 -0700 skrev Evguen:
> I would like to know if there is a way to force Squid to cache "uncachable"
> pages.
See refresh_pattern. Allows override of most things.
Regards
Henrik
tis 2009-08-25 klockan 10:08 -0700 skrev Evguen:
> Hello,
>
> I have just installed Squid and made few tests.
> When I execute several times the following command :
> $> /usr/sbin/squidclient http://en.wikipedia.org/wiki/Squid
wikipedia is very cache-unfriendly on their main content.. they only
tis 2009-08-25 klockan 17:14 +0200 skrev Maik Kündig:
> Hello,
>
> I need some help to debug a external_acly_type problem. Which debug options
> to set? Where can I find more output?
What are you looking for?
"squid -k debug" enables full debug output.
Regards
Henrik
sön 2009-08-23 klockan 15:08 +0530 skrev Avinash Rao:
> I couldn't find any document that shows me how to enable wb_info for squid.
> Can anybody help me?
external_acl_type NT_Group %LOGIN /usr/local/squid/libexec/wbinfo_group.pl
acl group1 external NT_Group group1
then use group1 whenever you
fre 2009-08-21 klockan 10:30 +0100 skrev Dayo Adewunmi:
> Nevermind, I figured it out after all:
>
> http_access allow noaccess !academic
> http_access deny noaccess
Or if your next rules also allow access to these:
http_access deny academic noaccess
Regards
Henrik
fre 2009-08-21 klockan 12:47 -0400 skrev Bear:
> No, empty.
Odd. Somewhat out of ideas here..
Anything in the system logs? Particularly kernel logs?
(usually /var/log/messages)
Can you connect to Squid using squidclient?
squidclient mgr:
(assuming you have the default http_port)
Regards
He
fre 2009-08-21 klockan 16:33 +0200 skrev Riccardo Castellani:
> >The browser will send that as
> >
> >GET /LicroPS.sav.1/mkLicro.do?codCenter=22101 HTTP/1.1
> >Host: 1.2.3.4
> >[more headers]
>
>
> It means that, If I had defaultsite=... and 'Host Header' value in client
> request was missed, Sq
tor 2009-08-20 klockan 11:29 -0400 skrev Bear:
> OK, it uses no more than 1% when this happens, 12.4% of memory. Once I
> restart squid cpu jumps
> to 40% then idles down to 1-8%, memory drops to 0.5% and slowly increases.
Anything in cache.log?
Regards
Henrik
tor 2009-08-20 klockan 12:51 +0200 skrev jose luis sanchez:
> wget --proxy localhost:3128 "http://localhost:8080/MyApplication";
The correct way of using a proxy with wget is
env http_proxy=http://localhost:3128 wget http://localhost:8080/MyApplication
You normally do not need to specify the
tor 2009-08-20 klockan 12:03 +0100 skrev J Webster:
> Is there a squid.conf setting to remove the version id from squid error
> pages (squid/x.x.STABLExx) or do all the error pages have to be modified
> separately?
You mean httpd_suppress_version_string? Or even more removed than that?
Regards
tor 2009-08-20 klockan 15:40 +0700 skrev Hery Setiawan:
> I'm using squid 2.7 Stable 5, there is a problem with social
> networking site, that is mig33.
> does anyone have a solution???
Is there an URL where we can try?
Regards
Henrik
tor 2009-08-20 klockan 11:22 +0530 skrev Avinash Rao:
> ACL's have option to match the username, is there anything that can
> match a unix or a windows group? so, that i can put some users in a
> particular group and use that in squid ACL??
Yes. Look for wbinfo_group (shipped with Squid).
Regard
ons 2009-08-19 klockan 22:33 -0400 skrev Tom Webster:
> Is it possible to use Squid to perform an SSL3 "offload" where it handles all
> the encrypted traffic while passing the website data to the old clients using
> http on port 80?
Yes.
Either use an url_rewriter_program to rewrite the reques
tor 2009-08-20 klockan 13:54 +1200 skrev Amos Jeffries:
> On Thu, 20 Aug 2009 09:50:03 +0800, Jeff Pang wrote:
> > Where is the full list for the arguments after "squidclient mgr:"?
> > It seems there are many, but I know few about them,:)
> >
> > Thanks.
>
> squidclient mgr:menu
Or just
squid
tor 2009-08-20 klockan 11:59 +0300 skrev Juris Krumins:
> Following your suggestion I've captured traffic betwen ICAP and Squid.
> 11:11:05.864532 IP 127.0.0.1.49824 > 127.0.0.1.1345: P
> 2157719238:2157723337(4099) ack 2156830511 win 28786 1727787390 1727787383>
Squid sends data to the ICAP ser
ons 2009-08-19 klockan 14:04 -0500 skrev juanb:
> I still losing file descriptors in our caches running Fedora10 with
> the last suggested update squid-3.0-STABLE-18, but we have the same
> problem than STABLE-15
Odd..
what are these filedescriptors connected to? See cachemgr
filedescriptor pag
ons 2009-08-19 klockan 14:05 -0400 skrev Bear:
> Except for squid being unresponsive it behaves normally, all other
> processes continue to run as they should,
> top shows squid running as it does any other time.
How much CPU time is Squid using when this happens?
> An strace shows...
>
> ac
can you please file a bug report with this info.
It's quite clear what happened from the data you have collected so far.
ons 2009-08-19 klockan 10:54 +0200 skrev Thijs Stuurman:
> Squid-users,
>
> We have plenty of servers running all kinds of versions of Squid but one of
> the most stable ver
ons 2009-08-19 klockan 16:34 +0300 skrev Juris Krumins:
> Here is trace log from squid-3.1.0.13. The behavior is the same.
> Adaptation::Icap::Xaction::noteCommRead throwing exception, looks like
> because of loosing connection with ICAP server (as far as I can
> understand this situation).
wiresh
ons 2009-08-19 klockan 04:22 -0400 skrev Vivek:
> I am rotating the logs using " squid -k rotate ". In the crontab,
How long did the rotation take? See cache.log for details.
If you have a big cache then log rotation can take quite a bit of time
as it also performs cleanup of the on-disk cache i
ons 2009-08-19 klockan 08:59 +0200 skrev Matus UHLAR - fantomas:
> so you expect it to be mostly usefull on ufs cache_dirs?
No the opposite, non-ufs cache dirs.
the ufs cache_dir type is very fast when using the OS filesystem cache
and do not benefit from this change (but is also the only thing
ons 2009-08-19 klockan 14:09 +0200 skrev Tom Penndorf:
> That was also my first thought, so i'd already copied the file, no
> change. Now, i've specified the dns-servers in the config, but the error
> remains the same. But after some strace, i've found the reason. You
> need to copy the /lib/l
ons 2009-08-19 klockan 13:34 +0200 skrev Tom Penndorf:
> Ok, I've copied mime.conf, icons and errors to root, also the unlinkd,
> resolv.conf and nsswitch.conf. Now i can start squid, but it can't do
> dns lookups, it repreats the following error on startup:
>
> 2009/08/19 13:26:23| Starting Sq
ons 2009-08-19 klockan 08:53 +0200 skrev Riccardo Castellani:
> Internet users reach my company site on IP address 1.2.3.244 where they find
> a certain section which contents 4 icons.
So users access http://1.2.3.4/ by IP? Not by some more friendly
hostname?
> These 4 icons (corresponding to 4
ons 2009-08-19 klockan 10:34 +0530 skrev Avinash Rao:
> A basic question. what is the use of installing squid in chroot,
it's a security measure just in case there is a security vulnerability
in Squid which may lead to remote execution of code. Makes life a lot
harder for those trying to exploit a
ons 2009-08-19 klockan 11:57 +0200 skrev Tom Penndorf:
> Ahh, ok, that makes sense. Do you know, where to find a list of required
> files in the chroot-directory for squid?
It depends a bit on what you are using.
If just Squid with aufs (or ufs, but not coss) then basically nothing is
needed in
tis 2009-08-18 klockan 22:06 +0200 skrev Youenn Boussard:
> 1 - do a transparent authentication in windows with squid (ntlm or
> kerberos).
Yes.
> 2 - append an http header after that to a backend server with user
> principal name (u...@domain) or an header domain\user ?
Yes.
tis 2009-08-18 klockan 15:51 -0400 skrev mic...@casa.co.cu:
> Hello
>
> Using squid "2.6.STABLE21 Version".
>
> I authenticate my users against active directory of windows. need to
> add another server to possible technical failures, if no response from
> the primary controller, then to consu
tis 2009-08-18 klockan 12:07 -0700 skrev twd:
> When users go on the road with laptops, all usage should still go through
> the Squid proxy back at the HQ. So I put the proxy settings in the browsers,
> lock the the settings so employees can't change them, and all works well,
> UNTIL the laptop is
tis 2009-08-18 klockan 15:42 -0400 skrev Daniel:
> Gentlemen,
>
> I realize that my question has morphed into a general SLES question,
> so I won't keep this chain going forever. Here's my last question to
> you guys before I start looking for outside help on our SLES 11
> implementation (ie
tis 2009-08-18 klockan 20:01 +0200 skrev Youenn Boussard:
> I try to purge request via HTTP with purge method. Squid cache
> request with a vary tag.
PURGE of Vary objects is still very poorly supported, and you can only
purge one variant at a time and need to get the URL cached again before
be
tis 2009-08-18 klockan 17:09 +0200 skrev Tom Penndorf:
> i trying to configure squid with chroot. When i start squid, i get the
> following error message:
> FATAL: MIME Config Table on//etc/squid3/mime.conf: (2) No such file or
> directory
> Squid Cache (Version 3.0.STABLE15): Terminated abnorma
tis 2009-08-18 klockan 17:02 +0200 skrev Riccardo Castellani:
> If I have squid on server A and Web server B, I wish using squid Accelerator
> on A to forward all requests to B. The requests are incoming from Internet
> to Squid port 80 where Squid Accelerator should have to forward them to
> machi
tis 2009-08-18 klockan 15:18 +0600 skrev Muhammad Sharfuddin:
> squid -z
> FATAL: Bungled squid.conf line 3: cache_dir diskd /var/cache/squid 4096
> 16 256 64 72
> Squid Cache (Version 2.7.STABLE5): Terminated abnormally.
>
> what should I do ? where I am doing the mistake ?
Bad syntax.
start w
tis 2009-08-18 klockan 03:23 -0500 skrev Bill Allison:
> For example, on a Windoze client (XP-SP3 at least) on VPN, the
> javascript function myIPAddress() will return the IP address of the
> *outside* of the tunnel
Yes, and a number of other similar situations as well.
My general recommendation
mån 2009-08-17 klockan 15:41 -0400 skrev Daniel:
> Amos,
>
> Thanks for your response. I have the following already installed:
>
> gssapi related:
> 'cyrus-sasl-gssapi'
> 'cyrus-sasl-gssapi-32bit'
> 'libgssglue1'
> 'librpcsecgss'
>
> krb related:
> 'krb5'
> 'krb5-32bit'
> 'krb5-client'
Wh
mån 2009-08-17 klockan 03:45 -0400 skrev hdyugoplastika hdyugoplastika:
'
> access.log on 2.7STABLE6-1
> xxx.xxx.xxx.xxx - - [12/Aug/2009:11:48:41 +0200] "POST
> https://webmail.XXXx.it/Microsoft-Server-ActiveSync?User=USER1&DeviceId=IMEIxxx&DeviceType=IMEIxxx&Cmd=Sync
mån 2009-08-17 klockan 12:15 +0200 skrev Riccardo Castellani:
> >That can be done through http_port and cache_peer directives with various
> >options on them.
> >The specific specification can be checked on Q&A section of squid website.
> >Ja-Ryeong Koo
>
>
> Well, I'll read these doc as you sug
mån 2009-08-17 klockan 10:42 +0200 skrev Matus UHLAR - fantomas:
> I say that again: by using such feature any client could poison your cache
> by connecting to IP address of a malicious/broken server, requesting _any_
> URI and your cache would remember the content provided by the server as if
>
mån 2009-08-17 klockan 10:28 +0200 skrev Matus UHLAR - fantomas:
> Is there any problem with current scheme where they are cached by underlying
> OS' cache?
Yes, there is a big difference in latency and CPU usage for very hot
objects, at least unless you use the ufs cache_dir type which on the
ot
mån 2009-08-17 klockan 14:26 +1200 skrev Amos Jeffries:
> The combined manual at http://www.squid-cache.org/Doc/config/ contains
> the defaults from the very latest Squid builds (3.HEAD/3.2 alpha
> currently). It may differ but changes should be noted in the version
> history area prefixing the
mån 2009-08-17 klockan 00:26 +0100 skrev J Webster:
> When something in the manual says it has a default setting,
> Suggested Config
>
> Does this mean that squid will operate with this value even when the line is
> commented out in the squid.conf ?
Yes.
> It seems there are a lot of settings i
mån 2009-08-17 klockan 00:23 +0100 skrev J Webster:
> If you use proxy authentication and the 'max_user_ip' ACL,
> this directive controls how long Squid remembers the IP
> addresses associated with each user. Use a small value
> (e.g., 60 seconds) if your users might change addresses
> quickly, a
mån 2009-08-17 klockan 10:45 +0200 skrev Olivier Sannier:
> // If specific URL needs to bypass proxy, send traffic direct.
> if (shExpMatch(url,"*domain1.com*") ||
> shExpMatch(url,"*domain2.com*"))
> return "DIRECT";
I think you meant to use host there, not
mån 2009-08-10 klockan 10:40 +0200 skrev Olivier Sannier:
> > Indeed.. and didn't I write such a script some many years ago? Or was it
> > someone else who posted one.. don't remember.
> >
> Well, I must not have used the proper search terms then. Would you have
> any clues as to what I shoul
fre 2009-08-07 klockan 13:12 +0200 skrev Matus UHLAR - fantomas:
> fixing in what way? to cache objects from disk in squid's memory in addition
> to disk cache?
Yes.
Regards
Henrik
tor 2009-08-06 klockan 08:23 -0700 skrev Thibaut_:
> And sometimes, after a few unsucessfull tries, the site will just magically
> work and no TCP_MISS/500 is returned...
What do the returned error page say?
Note: If using MSIE then you need to go into internet options and
disable "Show friendly
sön 2009-08-16 klockan 02:13 +0100 skrev J Webster:
> Does auth_param basic credentials_ttl have to be set in conjunction with
> authenticate_cache_garbage_interval?
You can ignore the garbage_interval one. It's a memory usage tuning
option, with no visible operational effect.
Regards
Henrik
sön 2009-08-16 klockan 11:43 -0400 skrev fulan Peng:
> You may say, why do not make a Squid SSL reverse proxy Server <-->
> Another Squid SSL reverse proxy server. But as I know, Squid cannot do
> this.
Sure it can. a SSL reverse proxy is just like any other webserver.
i.e. something like the fo
lör 2009-08-15 klockan 14:56 + skrev Christian:
> Hi,
>
> the patches b9089, b9090, b9092 are declared as "changes since the last
> release", but they couldn't applied to squid3-3.0.STABLE18 because to be
> patched files are inexistent.
> Shouldn't this be fixed ?
You can safely ignore those
lör 2009-08-15 klockan 13:32 + skrev Christian:
> Hi,
>
> am I right that ntlm_auth (delivered with squid) supports only "LM" and
> neither "NTLM" nor "NTLMv2" ?
Correct. And is why the Squid bundled helper has been renamed to
ntlm_smb_lm_auth in later Squid versions to better reflect what it
lör 2009-08-15 klockan 07:45 +1000 skrev Nevil Thatcher:
> 2009/08/14 22:45:11| aclIpParseIpData: unknown first address in
> '127.0.0.1/32'
> FATAL: Bungled squid.conf line 2: acl localhost src 127.0.0.1/32
Sounds like inet_pton is broken in your MinGW install somehow.. or that
inet_pton is not
mån 2009-08-10 klockan 23:28 -0400 skrev mic...@casa.co.cu:
> This Script could be in Perl?
Yes, or any language you prefer.
Something like the following should do fine, leaving it to you to define
find_user_from_ip as suitable for your environment.
#!/usr/bin/perl -an
use URI::Escape;
BEGIN {
tor 2009-08-13 klockan 14:42 +0400 skrev Aleksey Samostrelov:
> Hello.
>
> Trying to install squid 3 stable 18 on AIX 5.3
>
> Configuration is successfull, but make produces an error:
>
> "util.c", line 76.21: 1506-162 (W) No definition was found for
> function default_failure_notify. Storage cl
fre 2009-08-14 klockan 16:40 -0400 skrev Daniel:
> If we choose to authenticate against LDAP, I know that we can use SSL/TLS
> and secure the traffic between our LDAP servers and the Squid servers.
> However, wouldn't the usernames/passwords still be sent basically clear-text
> from the Squid Clie
fre 2009-08-14 klockan 13:40 +0600 skrev Берсенев Виктор Сергеевич:
> Get squid-3.0.STABLE18 from
> http://www.squid-cache.org/Versions/v3/3.0/squid-3.0.STABLE18.tar.gz get
> patches
>
> cat bug2648.patch |patch -p0
> patching file src/helper.cc
You need this patch for 3.0.STABLE18:
http://www
fre 2009-08-14 klockan 10:21 +0200 skrev Riccardo Castellani:
> This acl 'rep_mime_type audio video' contains all mime type of video audio
> streams ?! I have to add ' req_mime_type audio video' too ?
Using rep_mime_type in http_access is a no-op (will never match) as the
reply is not yet availab
tor 2009-08-13 klockan 12:11 -0500 skrev Rob Poe:
> So, I call up the webmaster of that website, and tell them their webserver is
> broken, and leave it at that?
Start there.
Regards
Henrik
ons 2009-08-12 klockan 22:19 -0500 skrev Terry:
> Here's an example of an image as seen from the client. I pulled this
> right out of my firefox memory cache:
> http://foo.domain.com/Image.aspx?i=db1edbcd-2375-4bae-b33f-a53ced60deed
If thai i argument is a session variable then you will need to
tor 2009-08-13 klockan 08:40 +0200 skrev Riccardo Castellani:
> I'm using Debian 5.0.1, but what fs do you suggest me for cache_dir ?
>
> aufs or ufs ?
aufs, as ufs performs very badly under load.
Regards
Henrik
ons 2009-08-12 klockan 17:36 -0400 skrev Rick Chisholm:
> putting login.yahoo.com in the domains whitelist, instead of a more
> specific URL in the URLs whitelist has fixed the problem.
YEs, you have to. For https sites all Squid knows is the hostname (and
port), as logged in access.log.
Regards
ons 2009-08-12 klockan 12:04 -0700 skrev Andy Litzinger:
> I may have solved my own issue. It looks like my acl should use 'myport'
> instead of 'port'
>
> e.g. acl our_http_port port 80
> should be:
> acl our_http_port myport 80
>
> I'm not sure I understand the difference or why this works s
ons 2009-08-12 klockan 13:54 -0500 skrev Rob Poe:
> We're using Squid 3.0STABLE18 (just upgraded to see if it would fix this
> problem - it did not). We have a website our uses have to go to -
> http://mprisk.org
>
> On the bottom right of the page, there's a "Quicklinks" that calls the
> foll
ons 2009-08-12 klockan 15:25 -0300 skrev Roberto O. Fernández Crisial:
> I'm currently deploying Squid 3.0 but I couldn't make it work as
> reverse-proxy.
>
> I used to work with 2.6 and http_accel_host/port, now I know those
> rules are not supported anymor on Squid3.0. Anyone has a link to help
ons 2009-08-12 klockan 10:03 -0700 skrev Andy Litzinger:
> Hi all,
> I'm banging my head on what I think should be a simple config. I want
> squid to receive requests on port 80 and forward them on to the origin server
> on port 80. I also want squid to receive requests on port 8081 and forwa
tis 2009-08-11 klockan 14:33 -0300 skrev Leonardo Carneiro:
> The question is: what i'm missing using a "dumb" solucion like this one
> instead of the rewriter/redirector?
Nothing?
The big part is to do what you have started.. building user awareness
that there is things they are not allowed to
tis 2009-08-11 klockan 13:00 -0400 skrev Mike Mitchell:
> Having squid return a reasonable error to the client may be a
> problem. It would probably be sufficient if squid did not cache
> the 301/302 return if the Location: field points to the requested
> URL. We'd still have the loop, but the r
tis 2009-08-11 klockan 13:02 -0700 skrev Hanxhi:
> Hi, I wanted to know if it's possible to view the contents of the cache
> directory. For example, browse the /var/spool/squid_cache_dir to search for
> (mostly), images.
Kind of. See the purge tool which can be used for some of these
things... (no
ons 2009-08-12 klockan 16:39 +1200 skrev Amos Jeffries:
> The "Excess data from" is due to some clients pushing more data down
> into Squid than they indicate in the HTTP headers. This is better known
> as a data smuggling attack. I suggest you find out which clients are
> doing this and why.
tis 2009-08-11 klockan 12:53 -0400 skrev Rick Chisholm:
> We are using squidGuard.
Then make sure you do not block CONNECT requests with a URL rewrite,
trying to rewrite the CONNECT host into a HTTP URL...
Blocking CONNECT requests with a browser redirect is sometimes fine, but
browsers are start
301 - 400 of 13033 matches
Mail list logo
