> Its not currently possible to block such requests in Squid because
> the funny characters are a part of the "login" component of the
> URL. Squid doesn't have any ACLs that use or care about the login
> data. It should be pretty easy to come up with a patch that does.
The attached patch adds a
> Is this telling me that my redirectors are dying from an error in the
> redirector code, or what?
Make sure that the Squid userid is able to execute the redirector
program. Check file and directory permissions.
Duane W.
Hello,
I have redirector_children 10 in my config file, but I keep getting the
entry below, over and over again in my cache.log when I go to
http://money.cnn.com/best/bplive:
2003/12/18 23:01:30| Starting Squid Cache version 3.0-PRE3-CVS for
i686-pc-linux-gnu...
2003/12/18 23:01:30| Process ID 6
On Thu, 18 Dec 2003 [EMAIL PROTECTED] wrote:
> This problem occurs with some other Groups in MSAD, but, for the majority of
> the Groups, the lookup runs ok !!!
>
> Have anyone run into this problem before?
You may want to ask this question on the appropriate Samba forum..
Regards
On Thu, 18 Dec 2003, Victor Souza Menezes wrote:
> how can i bind to a specific user?
By using the -D command line option (don't forget the -x option). You also
need to specify a password via -W or -w.
Regards
Henrik
On Thu, 18 Dec 2003, Keppner, Christoph wrote:
> I know so far, that squid_ldap_group is the right program, but how do i use
> it? In a mail from Henrik Nordstrom, there was this description:
squid_ldap_group is used via the external_acl_type directive. See the
manual (yes there is a manual for s
On Thu, 18 Dec 2003, Ampugnani, Fernando wrote:
> Can squid + smb_auth works with windows 2000 Active Directory.?
Most likely.
> If can´t what I might use to authenticate MSAD.
The LDAP helpers for sure work (squid_ldap_auth + squid_ldap_group)
Regards
Henrik
There are several better options than smb_auth for use against Active Directory:
* LDAP (reliable) - The FAQ has info on configuring LDAP helpers
* Samba Winbind (a little more complicated - but using NTLM authentication IE users
won't need to type in a username/password - it'll pull it directly).
On Thu, 18 Dec 2003, Eric Geater 12/12/03 wrote:
> I read an article in EWeek that explained how to create a misleading web
> link or link in email by typing the acceptable http address, followed by
> "%01%00@" and the actual destination address. I showed it to my boss,
> who didn't like what
Hi Again !!
I was checking wbinfo, and found out the the Group that I have chosen to
test can´t be looked up by wbinfo, although it exists in MSAD.
This problem occurs with some other Groups in MSAD, but, for the majority of
the Groups, the lookup runs ok !!!
Have anyone run into this probl
Hi Again !!
I was checking wbinfo, and found out the the Group that I have chosen to
test can´t be looked up by wbinfo, although it exists in MSAD.
This problem occurs with some other Groups in MSAD, but, for the majority of
the Groups, the lookup runs ok !!!
Have anyone run into this probl
Hi,
i'm trying to restrict access to my squid cache to users of a special group
"ProxyUsers" in Active Directory. I have Debian Testing (Sarge) with
squid-2.5Stable4 installed.
First i tried with the ldap_auth command:
/usr/lib/squid/ldap_auth -b dc=dhc-gmbh,dc=com -R -D [EMAIL PROTECTED] -w
SeC
I read an article in EWeek that explained how to create a misleading web
link or link in email by typing the acceptable http address, followed by
"%01%00@" and the actual destination address. I showed it to my boss,
who didn't like what she saw.
Is it possible to create an ACL in Squid that speci
On Wed, 17 Dec 2003, Cavanagh, Kevin B wrote:
>
> Hi there,
>
> Please forgive me if this question has been asked/answered before (I
> searched the FAQs but quickly became too confused by all the various
> postings regarding load balancing, etc).
>
> We currently have six RedHat Linux V8.0 serv
Hi!!
We are using wbinfo_group.pl in order to build acls based on Windows groups,
but we are facing the following problem:
We have built a test acl, with a USER that we know that belongs to a
specific Group.
Wbinfo_group.pl is called by Squid, with the correct parameters, but it
returns "E
Hi!!
We are using wbinfo_group.pl in order to build acls based on Windows groups,
but we are facing the following problem:
We have built a test acl, with a USER that we know that belongs to a
specific Group.
Wbinfo_group.pl is called by Squid, with the correct parameters, but it
returns "E
> and actually configuration:
>
> cache_mem 64 MB
> cache_swap_low 85
> cache_swap_high 90
> maximum_object_size 65536 KB
> maximum_object_size_in_memory 24 KB
> cache_replacement_policy heap LFUDA
> memory_replacement_policy heap GDSF
> cache_dir diskd /var/cache/spool/0 28000 96 256 Q1=72 Q2=64
>
Hi all,
Can squid + smb_auth works with windows 2000 Active Directory.?, If
can´t what I might use to authenticate MSAD.
Thanks in advance.
Fernando Ampugnani
EDS Argentina - Software, Storage & Network
Global Operation Solution Delivery
Tel: 5411 4704 3428
Mail: [EMAIL PROTECTED]
how can i bind to a specific user?
On Wed, 17 Dec 2003, Victor Souza Menezes wrote:
> Hello everybody, I can't solve my problems with squid_ldap_auth. I followed
> the manual instructions and putted the following line in squid.conf:
>
> auth_param basic program /usr/lib/squid/squid_ldap_auth -p -R -b "dc=tre-pb,
> dc=gov, dc=br"
On Thu, 18 Dec 2003, Bruno Marcondes wrote:
> It doesnt matter how I set cache_mem , kernel keeps caching
> (file cache?) till it uses all memory , leaving only 10Mb, thus the
> server keeps swapping all the time !
If is normal that all free memory is used for cache. This is how the
kernel shoul
On Thu, 18 Dec 2003, Alex Sharaz wrote:
> Increasing the logging I can now see
>
> 2003/12/18 17:29:21| The request CONNECT loginnet.passport.com:443 i
> ecause it matched 'from_hullnet'
> FATAL: Received Segment Violation...dying.
> 2003/12/18 17:29:21| Not currently OK to rewrite sw
On Thu, 18 Dec 2003, Northweb Squid wrote:
> How can I enable read and write access for ftp via proxy.
By using a client supporting FTP file uploads via HTTP proxies. So far
only Netscape 4.x is known to support this.
> I want to connect to an ftp site, the remote ftp site is set up for read an
On 18 Dec 2003, Elton S. Fenner wrote:
> Is it possible to configure squid to authenticate user from both domains
> without users typing username and pass?
Only if there is a trust between the domains.
Regards
Henrik
Hi all,
I hope you can help me:
I'm trying to authenticate squid users against a MS Active directory but i am
having problems. I've already tried all the statements tha are in the
squid_ldap_auth manual.
the MS Active directory is under the following domain:
tre-pb.gov.br
I created some users
Hi folks,
I'm having a problem of memory shortage on my squid server.
The server is an Compaq DL350 G3 with 2G of ram with linux RH7 /
kern. 2.4.22 .
It doesnt matter how I set cache_mem , kernel keeps caching (file
cache?) till it uses all memory , leaving only 10Mb, thus t
Hi,
At 19.00 18/12/2003, Emilio Salgari wrote:
Is there something similar to Squid, but running on Windows?
Yes, Squid .
http://www.acmeconsulting.it/SquidNT/
Really your name is Emilio Salgari ?
Regards
Guido
I'm looking for an open source (or freeware) and highly reliable proxy
server
Is there something similar to Squid, but running on Windows?
I'm looking for an open source (or freeware) and highly reliable proxy
server that can run on my windows 2000 machine.
Any ideas?
Thanks!
_
MSN Extra Storage: piena libe
Increasing the logging I can now see
2003/12/18 17:29:21| The request CONNECT loginnet.passport.com:443 i
ecause it matched 'from_hullnet'
FATAL: Received Segment Violation...dying.
2003/12/18 17:29:21| Not currently OK to rewrite swap log.
2003/12/18 17:29:21| storeDirWriteCleanLogs:
hi all,
Got a small problem here with squid running in conjunction with squid2mysql
on a linux box.
Config is
RH 9 system running as squid cache with a back end mysql database runnning
on another machine.
Perl 5.08 installed with dbi module, mysql drivers and perl::ldap
Created a special file
Hi,
How can I enable read and write access for ftp via proxy.
I want to connect to an ftp site, the remote ftp site is set up for read and
write, but i get an error if I go via squid that only read access is
enabled. so how can I enable write access?
Regards,
Willem Pretorius
NorthWeb ISP
Hello,
within a situation like in the subject, there is some site that seems to
not receives perfectly some cooky.
I'm a squid beginner, and the two squid.conf files was not edited by me.
Do you have some hint or tip? Which are the options where I have to
focus my attention?
I was forgotting...
Hello,
within a situation like in the subject, there is some site that seems to
not receives perfectly some cooky.
I'm a squid beginner, and the two squid.conf files was not edited by me.
Do you have some hint or tip? Which are the options where I have to
focus my attention?
Thank you,
Daniele
| Hi all,
|
| this is my squid.conf line
| acl password proxy_auth REQUIRED
| http_access allow password
|
| how do write the squid.conf so that certain IP addresses
can pass thru the
| proxy without being prompt for authentication?
| currently, all users who access the proxy have to be
authenticat
On Thu, 18 Dec 2003, Daniele Ricci wrote:
> with helper LDAP the files are: ldap.h and lber.h
Then you are missing the OpenLDAP development headers and libraries.
> with helper PAM the file is: pam_appl.h
Then you are missing the PAM development headers and libraries.
> with helper SASL the fi
Hi Helpers
I have 2 domains:
domain1 ==> Windows 2000 with NT 4 compatibility
domain2 ==> NT 4
1 squid to authenticate users from this 2 domains.
With smb_auth it's working, but users have to type user and pass...
My question:
Is it possible to configure squid to authenticate user from both dom
Hello,
compiling squid (version 2.5.STABLE3) configured with
--enable-basic-auth-helpers= I receive compiling errors of type
"FATAL: .h not found"
with helper LDAP the files are: ldap.h and lber.h
with helper PAM the file is: pam_appl.h
with helper SASL the file is: sasl.h
I suppose I need some
The problem is the following:
We have approximately 700Reqs/sec distributed on
4 x Dell 2650 (sibling with digest) after a load balancer
each one with
2 x Xeon 1.8Ghz (HT disabled)
2GB Ram
PERC3/Di RAID controller
5 x 36GB HD SCSI 10k (2 RAID1 for os and swap, 3 for cache)
3 NIC, 1 internet, 1 intr
On Thu, 18 Dec 2003, vikram mohite wrote:
> To understand the problem we removed IPTABLES rules, cleared the cache again
> and put ethereal on client machine. When the problem reoccured we captured
> the entire TCP stream. We again cleared the cache and opened the page
> captured which immedia
On Thu, 18 Dec 2003 16:20:23 +0530, vikram mohite wrote:
> Hi,
>
> We are running two squid proxies one with RedHat 8.0 and the other RedHat
> 9.0 with default kernels.
>
> Interscan viruswall ver. 3.8 is also runnig on both the proxies and are
> acting as parent proxies for squid proxies.
May
On Thu, 18 Dec 2003 08:20:27 +0100, Henrik Nordstrom wrote:
> If you know which URLs you need to do this on then just make a
> urlpath_regex pattern matching which URLs this need to be done on (or not
> done on) and then use this in header_access when determining if the header
> should be replace
Hi,
We are running two squid proxies one with RedHat 8.0 and the other RedHat
9.0 with default kernels.
Interscan viruswall ver. 3.8 is also runnig on both the proxies and are
acting as parent proxies for squid proxies.
The squid version and config parameters are as given below.
# /usr/local
At 8:23 +0100 18/12/03, Henrik Nordstrom wrote:
On Thu, 18 Dec 2003, Jesse Reynolds wrote:
We have an array of squid servers acting as reverse proxy servers
(web accelerators). They also work as URL rewriters, via the
redirector interface, eg bouncing http to https in some cases, and
mapping c
Hello Henrik,
Thursday, December 18, 2003, 2:22:21 PM, you wrote:
> On Thu, 18 Dec 2003, zen wrote:
>> Hello squid-users,
>>
>> is it possible to limit the download file size per user or per ACL??
> It should. Have you tried using the proxy_auth acl in reply_body_max_size?
>> and also den
YES, THANK YOU
petre
On Thursday 18 December 2003 09:14 Anno Domini, Henrik Nordstrom wrote using
one of his keyboards:
> On Thu, 18 Dec 2003, Petre Bandac wrote:
> > I make a request, and tcpdump shows the following thing: packets go from
> > client to 5.6.7.8:3128, but there they go on the in
On Thu, 18 Dec 2003, Jesse Reynolds wrote:
> We have an array of squid servers acting as reverse proxy servers
> (web accelerators). They also work as URL rewriters, via the
> redirector interface, eg bouncing http to https in some cases, and
> mapping certain paths to different backend web ser
On Thu, 18 Dec 2003, zen wrote:
> Hello squid-users,
>
> is it possible to limit the download file size per user or per ACL??
It should. Have you tried using the proxy_auth acl in reply_body_max_size?
> and also denying certain file to be download such as mp3 and exe?
See http_access and t
On Thu, 18 Dec 2003, GouthamLabs wrote:
>Is there any way to create timing issues in
> squid so that we can restrict people to access
> internet
Yes, see the time acl.
Regards
Henrik
On Thu, 18 Dec 2003, melvin melvin wrote:
> how do write the squid.conf so that certain IP addresses can pass thru the
> proxy without being prompt for authentication?
By allowing these access BEFORE where you require authentication in
http_access. See the Squid FAQ chapter 10 Access controls.
On Thu, 18 Dec 2003, Gabriel Wicke wrote:
> On the xhtml content i set the Cache-control header as
> must-revalidate,max-age=0,s-maxage=36000.
> The browser will always check back for changes, squid will get a purge
> request if something changes.
>
> This breaks as soon as some transparent prox
On Thu, 18 Dec 2003, Petre Bandac wrote:
> I make a request, and tcpdump shows the following thing: packets go from
> client to 5.6.7.8:3128, but there they go on the internet via 1.2.3.4 (ie I
> access google.com, and tcpdump shows 2 pieces of the traffic - 1
> host-squid_IP, then address - 1.
51 matches
Mail list logo