I tried with this guide but it still not work. Have you ever tried this?
http://kb.papercutsoftware.com/Main/ConfiguringSquidProxyToAuthenticateWithActiveDirectory
An excellent guide. I tried it and it works with our AD setup. Using
ldap_group took a while to debug and get working.
You
On Mon, 2005-06-13 at 12:27 +0530, ansari imtiyaz ahmed khadim husain
wrote:
Hi all...
Can any one tell me
if a user is already browsing with his/her name in the
authentication then I don't want to allow the same username to
brows from other machine
1) till he logs out.
2) only
kdv wrote:
I found an error in FAQ (it's just spelling). Whom should I tell about
it?
And if I'll find more errors, maybe I should join the developers
group, how can I do that?
I always can hear, Open Source developers need more hands.
So I want to help with squid's FAQ.
Do you need my
cable linux wrote:
Hi,
As i already told you is that my squid is working
fine, how can i enable arp in squid, i mean to say how
i can create arp availability in INSTALLED squid.
regards
cablelinux
As you were already told, you can't, you need to get the source and
recompile with the
On 14.06 11:43, John Halfpenny wrote:
We have a site which doesn't like to go through two instances of squid for
some reason. Is there a way I can bypass a parent for a particular url?
Our setup goes
LAN Squid[i] Squid[ii]w/DansGuardian Net
Ideally, I would like to set Squid[i] to go
On 14.06 19:31, Nuno Ferreira wrote:
And how can i set up that file ? the Squid and Apache server is
also a dnscache server (to resolve hosts to squid) and ig I put the
hosts on the hosts file it doesn't work...
see the hosts_file directive.
-Original Message-
From: Matus
On 15.06 10:51, kdv wrote:
kdv wrote:
I found an error in FAQ (it's just spelling). Whom should I tell about
it? And if I'll find more errors, maybe I should join the developers
group, how can I do that?
I don't think it's important, they will probably listen to you even.
I always can hear,
On 14.06 11:39, Jason Williams wrote:
I do have a 'desktop' type box with the following specs on it:
-1.8ghz Athlon CPU
-1gig DDR Ram
-1 80 gig IDE drive.
Nothing fancy, but it might work. I'd like a 1U solution, but if this
fits the bill, it is something I definitely could work with.
On 14.06 23:22, Pedro Pessoa wrote:
Is is possible that squid changes mime type text/html into text/plain?
I don't think so.
I have a website which is running on Apache 2.x.
On another network a Squid is in place (which I don't control) and I
must go through it to get to my website.
When I
Ah yes, reading up on it that looks just the ticket, Emilio- I'll try it when I
get the new [i] box installed!
Thanks for your help
John
--- On Tue 06/14, Emilio Casbas [EMAIL PROTECTED] wrote:
From: Emilio Casbas [mailto: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Cc:
I have installed squid/3.0-PRE3-20050614 with no problem as http accelerator.
It runs fine but when I access a web page through squid, it won't work.
I get
Unable to forward this request at this time
and says
The cache administrator does not allow this cache to make direct connections to
Thanks :)
That did the trick :)
Nuno Ferreira
-Original Message-
From: Matus UHLAR - fantomas [mailto:[EMAIL PROTECTED]
Sent: Wednesday, June 15, 2005 5:10 PM
To: squid-users@squid-cache.org
Subject: Re: [squid-users] Squid + web server on same machine
On 14.06 19:31, Nuno Ferreira
Thank you to everyone who responded.
Regards,
Joshua
From: S.M.H. Hamidi [EMAIL PROTECTED]
Date: 2005/06/15 Wed AM 01:25:17 EDT
To: [EMAIL PROTECTED]
CC: squid-users@squid-cache.org
Subject: Re: Re: [squid-users] Logfile Analysis
Yes, It has a nice web interface with many features.
On Fri, 24 Jun 2005, Carinus Carelse wrote:
I have installed the new version of squid 2.5 but i would like to test it
under load and I want to use the cache_peer to forward all requests to the
new proxy for a few days just to test everything. I would like it to just
forward the login
On Tue, 24 May 2005, Binaya Joshi wrote:
Earlier, everything was smooth. But recently I am facing a weird
problem.The router detect the cache and also forwards the queries. But in
the access log of one of the caches, I can see only ICP queries coming into.
With it, when I turn on this
I want to replace tinyproxy with squid. Thus I need a MINIMAL config
that just binds squid to localhost:port, accepts ALL requests from
localhost and sends them out into the internet. It doesn't need to
cache on disk or anthing. Anybody got such a config ready?
Otherwise I'll just think of
SARG is nice...I like squidalyser also because you can view images
downloaded. Also, once the data is parsed into mysql, you can do reporting
from SQL.
Thank you to everyone who responded.
Regards,
Joshua
From: S.M.H. Hamidi [EMAIL PROTECTED]
Date: 2005/06/15 Wed AM 01:25:17 EDT
To:
Ralf Hildebrandt wrote:
I want to replace tinyproxy with squid. Thus I need a MINIMAL config
that just binds squid to localhost:port, accepts ALL requests from
localhost and sends them out into the internet. It doesn't need to
cache on disk or anthing. Anybody got such a config ready?
* kdv [EMAIL PROTECTED]:
The default squid.conf would be good enough for you.
You may only need to change TAG http_port to something like this
http_port 8080.
Then just run 'squid -z' and 'squid'.
I went for:
http_port localhost:
cache_dir null /tmp
ftp_list_width 80
Does the cache_dir null directive turn caching off?
Also, the forwarded_for on directive, is it required for the cache_dir
directive set to null?
If you are using acl's, will they still be parsed if you don't cache? For
example if I deny particular addresses.
Thanks,
Sam
-Original
Sam Reynolds wrote:
Does the cache_dir null directive turn caching off?
Yes,
cache_dir null /tmp
Also, the forwarded_for on directive, is it required for the cache_dir
directive set to null?
no
If you are using acl's, will they still be parsed if you don't cache? For
example if
Matus UHLAR - fantomas wrote:
On 14.06 11:39, Jason Williams wrote:
I do have a 'desktop' type box with the following specs on it:
-1.8ghz Athlon CPU
-1gig DDR Ram
-1 80 gig IDE drive.
Nothing fancy, but it might work. I'd like a 1U solution, but if this
fits the bill, it is something I
On Tue, 24 May 2005, sasa wrote:
Hi, I use squid 2.5-stable 3 on fc1 (with redirect to squidguard), on some web
site it isn't possible to visualize some images with link towards other
addresses, for example:
Is there any difference if you disable SquidGuard?
10.0.0.15 - -
On Wed, 25 May 2005, Rost Werner ZFBE GMT-ISN wrote:
I am using squid with basic authentication. If a user the first time access
internet he is asked for login information.
Now there is a strange situation with the following link:
On Wed, 25 May 2005, Matteo Villari wrote:
Is there a way to make caching two URLs, which differ from only for one
parameter posted, as the same URL? I explane better: for squid these 2
following URL
On Wed, 25 May 2005, Peter Zechmeister wrote:
when the problem comes up pages which are still in cache are still fast.
new pages are slow at the first time and don't get faster with the next
request.
i have no idea, what causes the problem.
Usually the cause to this kind of problem is
* Sam Reynolds [EMAIL PROTECTED]:
Does the cache_dir null directive turn caching off?
That's what I found on the net.
Also, the forwarded_for on directive, is it required for the
cache_dir directive set to null?
No that's just what I want.
If you are using acl's, will they still be
Hi !!
I have posted this message yesterday, but, as I received no answer, I am trying
again. As the problem is really bad here, I would kindly ask the list members to
tell me any experiences regarding this issue, like ways to set up squid (or
samba)
to use ntlm v1 or ntlm v2.
Thanks again,
On Fri, 27 May 2005, Jan Engelhardt wrote:
can anyone shortly describe the difference between the transparent and
accel flags for the http_port option? (For Squid 3 (20050524))
transparent is when you transparently intercept port 80 requests by
firewall port redirection or similar forcing
On Thu, 26 May 2005, Jon Howe wrote:
As you can probably tell by me posting this, I have a problem. I want
to have users authenticate only for port 80 traffic. For all other
ports I want traffic to pass through as there were no proxy.
To make the traffic pass throught without going via
On Thu, 26 May 2005, Manoj Kumar Neelapareddy wrote:
I have a OWA server which requires NTLM auth.
I am going through squid to reach OWA.
NTLM won't work via proxies unless the server is a https server, and the
proxy is a normal Internet proxy (not accelerator / reverse proxy).
This is
On Fri, 27 May 2005, Jan Engelhardt wrote:
Can Squid3 spoof the IP when it connects to the parent cache? This would
work in practice, because the network is laid out for such, that all packets
have to pass the intermediate squid.
There is two ways of doing this:
a) Linux TPROXY, with
On Fri, 27 May 2005, Gary Hostetler wrote:
I'm working here trying to get ntlm with squid working. I can get ntlm_auth
--username to work and it asks for a password and that works. I mistype the
password and it tells me so. So I think that part is working. When I fire up
./squid -NCd1 that is
On Sat, 28 May 2005, kashif Mazhar wrote:
From few weeks i m searching for squid statup script for Solaris but
not got succeeded even i try to edit my squid.sh file from linux box
but it also don't work.
contrib/squid.rc
should work on Solaris and most other UNIX like OS:es.
To make it
On Sun, 29 May 2005, ashkan almaspour wrote:
when i connect with PRTG Program, show this message:
can not found MIB2 on this device.
The Squid MIB is in enterprises.NLANR.Squid
Regards
Henrik
On Sun, 29 May 2005, Ross Slade wrote:
My main reason for running Squid is bandwidth (I have a 31.2k connection to
the 'net) - can anyone care to recommend changes aimed at squeezing every bit
out of my lousy connection?
There is some refresh_pattern suggestions floating around for this kind
On Sun, 29 May 2005, Ronny wrote:
Both has very strict requirements on your networking setup as all return
traffic must go via the proxy even if the destination IP is the client IP.
You are right all traffic passes through the proxy.Is it okay if I do the
NATING on the same box as squid or
On Sun, 29 May 2005, Florian Effenberger wrote:
is it possible to only permit SSL traffic on CONNECT? When I have CONNECT on
443 open, a user could theoretically open up its own server listening on port
443 and tunnel through my proxy...
Squid doesn't care today.
In theory you could look
On Mon, 30 May 2005, R. V. Somani wrote:
We have configured Squid 2.5 STABLE 10 on Redhat ES3.0, tested basic
configuration and working fine.
We are unable to access SSL ports no 9000 8443 when we enable
squid_ldap_group authentication, we are accessing oracle apps through ports
9000 8443.
On Mon, 30 May 2005, ashkan almaspour wrote:
i want deny access to web page that contain xxx word in body.
Squid acls doesn't look into the body contents of the returned objects,
only requested URL and request + response headers.
Regards
Henrik
On Mon, 30 May 2005, Matthias Wessendorf wrote:
Is there a roadmap when Squid will be HTTP/1.1 conform?
When there is someone paying developers for having Squid to be HTTP/1.1
compliant.
The current active developer resources is not sufficient for full HTTP/1.1
compliance in any timeframe
On Mon, 30 May 2005, [ISO-8859-1] Ángel Prieto wrote:
Yeah, sure it's by typing them on my keyboard, but how do I say it logon with
a user.
When I type i.e. user prueba1, it says ERR too.
/path/to_squid_ldap_auth arguments...
validusername validpassword
[OK]
validusername badpassword
[ERR]
On Mon, 30 May 2005, Michael Scheibel wrote:
I've noticed some strange tags in the Squid configuration files of the
IRCache project, namely 'ignore_only_if_cached' and 'icp_false_hit_ratio'.
Example:
http://www.ircache.net/Configuration/squid.conf.sd
Is this undocumented magic?
it is
On Tue, 31 May 2005, Ric Lonsdale wrote:
Is there a way to stop the space, as per test%20user below, appearing in the
access logs.
What do you want to appear in the logs then?
There is always ways, but first one must know what is desired.
Regards
Henrik
On Tue, 31 May 2005 [EMAIL PROTECTED] wrote:
Proxy server: Squid Cache: Version 2.5.STABLE6-CVS
2005/05/31 15:42:08| WARNING: icapReqModReadIcapPart() did not find
'Encapsulated' header
2005/05/31 15:42:08| assertion failed: icap_reqmod.c:399:
icap-enc.req_hdr == 0
You may want to try with
On Tue, 31 May 2005, Carlos Eduardo Gomes Marins wrote:
May 30 16:11:08 SquidServer (squid): nss_ldap: reconnecting to LDAP
server...
May 30 16:11:08 SquidServer (squid): nss_ldap: reconnected to LDAP
server after 1 attempt(s)
May 30 17:04:21 SquidServer (squid): nss_ldap: reconnecting to LDAP
On Tue, 31 May 2005, Geoff Varney wrote:
I am running SquidNT 2.5STABLE7. I recently deployed the SmoothWall IDT
client and have told Squid to log IDENT. What I'm seeing is that computers
are providing the ident info but it's inconsistent. I can even see the same
computer logging a username
On Tue, 31 May 2005, jmarin wrote:
and when I add in squid.conf
never_direct allow all
the dynamic pages can be seen, but squidGuard does not work.
Some suggestion to solve my problem?
Odd. never_direct does not change the use of redirectors.
Regards
Henrik
On Tue, 31 May 2005, Kia T. Vang wrote:
I am running squid as a reverse proxy. SQUID crashes with the following
cache_peer_access settings:
cache_peer 10.0.0.11 parent 8080 7 originserver no-query
front-end-https=auto name=www1 acl webmail dstdom_regex -i ^webmail\..*
cache_peer_access www1
On Thu, 2 Jun 2005, Abu Khaled wrote:
While I was planning to do this I asked my self if it was possible to
assign each client that connects to Squid a port range for the
outgoing request.
Possible yes, but it requires first implementing support for outgoing port
ranges in Squid (i.e.
On Thu, 2 Jun 2005, [gb2312] wrote:
the performance looks like has no improved, and the Squid Accelerator
Mode looks like has failure or no effect, what happend ? where i had do
wrong ? what can i correct it ?
First check with the cacheability check engine that your returned headers
is
On Thu, 2 Jun 2005, marcantonio wrote:
2005/06/02 16:08:34| clientSetKeepaliveFlag: method = GET
[2005/06/02 16:08:34, 1] utils/ntlm_auth.c:check_plaintext_auth(286)
Reading winbind reply failed! (0x01)
2005/06/02 16:08:34| The request GET
On Thu, 2 Jun 2005 [EMAIL PROTECTED] wrote:
Hello squid-users,
Sometimes I have in my logs about 10 such messages in a few seconds:
May 30 11:11:56 janon kernel: TCP: drop open request from 161.3.197.242/2693
May 30 11:12:01 janon kernel: NET: 787 messages suppressed.
Looks like you are
On Fri, 3 Jun 2005, squid squid wrote:
After uprading to Squid 2.5 Stable 10, I noticed that there are messages such
as httpReadReply: Request not yet full sent POST
http://myapps.intranet.com/app/selectID.do; appearing in cache.log file.
Kindly advise what is the meaning of such messages
On Fri, 3 Jun 2005, B wrote:
my intention is to have squid not tell the user what is going on in the
background. all acl stuff tells the user access denied because of blabla or
something similar. in some cases i would prefer the user simply to not being
able to log in.
You don't need to
On Mon, 6 Jun 2005, sasa wrote:
the problem is in SeLinux protection, in fact if disable this protetion for
squid demon all to start with success and this situation is present on all fc3.
Not much Squid can do about that. You will need to get your SeLinux policy
corrected.
Regards
Henrik
On Sat, 4 Jun 2005, Richard 'toast' Russo wrote:
I'm worried that by adding httpd_accel_with_proxy on, I may be opening my
servers up to proxy the world for everybody (especially if I don't write good
acls)
You should always write good ACLs.
httpd_accel_uses_host_header on
and
On Wed, 25 May 2005, Bill Mills-Curran wrote:
I want to add another backend web site that uses https. I've tried
many (too many) different configs, but I can't find the right
combination to make it work.
Squid-2.5 as reverse proxy does not support making HTTPS connections, only
accepting
On Mon, 6 Jun 2005 [EMAIL PROTECTED] wrote:
You are right; the error is because there is no blank line delineating
the response headers from the response body. What STABLE release
started to enforce this? It must be between STABLE6 and STABLE10.
On Tue, 7 Jun 2005, Mhd Indra Iskandar wrote:
Hi all,
I need help...
My squid box is succussful doing authentication with Windows 2000 AD,
and I already set to prevent user logging in more than one computer at
a time.
Every windows users has their own laptop, but not all can access internet.
On Thu, 9 Jun 2005, Anders Nordby wrote:
I'm using Squid as a web accelerator. Some users like to use addresses
with www., and some don't. Is it possible to make Squid recognize different
hostnames/subdomains having the same content?
It depends on your accelerator setup.
You need to make
On Fri, 10 Jun 2005, Geoff Varney wrote:
When I type /usr/sbin/squid with anything, -z, -v, etc I get NOTHING, just
back to the command prompt. It does try to start if I type service squid
start, but it fails, of course.
Another user reported similar problems recently, and it boiled down
On Tue, 14 Jun 2005, kdv wrote:
What can you say about honeypots?
That they should attract and isolate, not just attract.
What if I'm trying to configure a honeypot. If I'll permit a hacker to
hack any site, but will tell the hostmaster of that hacked site the IP
of the hacker.
In many
On Mon, 13 Jun 2005, Markus Atteneder wrote:
I am using squid 2.5.7-2 and squidguard 1.2.0-5. When i add the line
client_netmask 255.255.255.0 to my squid.conf to mask the ip address
logged by squid the rules in squidguard do not longer work, because the
client ip address is passed to the
On Tue, 14 Jun 2005, Sam Reynolds wrote:
Thanks for the assistance, it was truly appreciated. I am still curious
if there is a maximum amount of entries for the acl's.
No, only the size of your memory.
Regards
Henrik
On Wed, 15 Jun 2005, Sam Reynolds wrote:
Does the cache_dir null directive turn caching off?
No, but it turns off the disk cache.
To completely disable caching you have to use the no_cache directive.
The two often goes together.
Also, the forwarded_for on directive, is it required for
On Tue, 14 Jun 2005, kido wrote:
I am using basic scheme to authenticate users. Is this method vulnerable to
sniffers?
Yes.
if so, is there another scheme which can protect privacy
(encryption...)?
Yes, digest or NTLM.
digest is standard, but hard to integrate with authentication
On Sat, 11 Jun 2005, Wennie V. Lagmay wrote:
It seems that my local page is not cache. can you help me to also cache my
local page?
Squid doesn't care much where a site is, at least not unless you have
expliticitly told it to not cache local servers via the no_cache
directive.
Assuming
On Wed, 8 Jun 2005, Ed W wrote:
Rabbit doesn't quite do what I want, in particular it doesn't easily let the
user change back and forward to higher quality versions. I want more control
over this and am quite prepared to write something. I also have other
requirements and will probably need
On Mon, 6 Jun 2005, Peter Zechmeister wrote:
- Squid must not cache pages, where Authorization Header is set, but it
does in the moment and so pages which have the same url but behave
different when entered anonymous or autorized are mixed up.
Can anybody tell me how to fix this?
This is a
On Mon, 13 Jun 2005, Alexandre Adao wrote:
Hello, I am kind of new on squid and I need some help.
I installed squid-3.0-PRE3-20050610
You know this is a development snapshot not suitable for production use,
right?
on FEDORA CORE 3 and I configured the squid.conf to the best of my
On Tue, 14 Jun 2005, kdv wrote:
Can anybody tell me, where can I find out what options are possible while
compiling squid.
./configure --help
Golden rule of thumb: Don't use options you don't know you need. Not all
options are nice (there usually is good reasons why something is not
On Wed, 15 Jun 2005, Matus UHLAR - fantomas wrote:
That can be result of invalid content-negotiation, however it might be a bug
of squid that is not HTTP/1.1 conmpliant and doesn't cache negotiated files
correctly...
My bet is on the first.
access.log with log_mime_hdrs on is a good start.
On Wed, 15 Jun 2005, Shin Imai wrote:
If I comment out the line never_direct allow all and take out # at the
line always_direct allow all, it works fine.
Then your problem is in the area of
cache_peer + cache_peer_access
or perhaps in what host name Squid used when reconstructing the
On Thu, 16 Jun 2005, Ric Lonsdale wrote:
I appreciate this is something SF need to sort at their end but would like
to rectify the problem via squid in the interim.
Then identify how smartfilter gets the login from Squid, and modify Squid
to take away those strange characters before..
I
Morning all,
Ive got ntlm_auth working without any problems at my site for PCs that
are a part of the same domain.
Obviously PCs that arent part of the domain prompt the user for their
username, password and domain. (This is actually the majority of our
clients atm)
What I need to know is, is
I'm using RedHat 9 and Squid2.5 withh ADSL conenection to ISP.
I can browsing anything web sites except yahoo mail, hotmail and webmail
Please help
Dear Squid Users; hi,
when I run dansguardian it quits or doesn't work.
my squid port is 8080, and I have given port number 3128 to filterport.
is anything wrong with my config?
Have I use dansguardian as redirector programe in my squid.conf?
Now I use addzap, I have to replace it?
regards
nima
Thanks for your advice.
I get this in access.log file.
192.168.12.35 - - [16/Jun/2005:12:49:18 +0900] GET http://www.localhost.com
HTTP/1.1 503 2490 TCP_MISS:NONE
In my hosts file, www.localhost.com is indicated to squid server but
actual www.localhost.com server is 192.168.12.123.
I can ping
Hello Shin,
Thursday, June 16, 2005, 8:09:54, Shin Imai wrote:
Thanks for your advice.
I get this in access.log file.
192.168.12.35 - - [16/Jun/2005:12:49:18 +0900] GET http://www.localhost.com
HTTP/1.1 503 2490 TCP_MISS:NONE
In my hosts file, www.localhost.com is indicated to squid
80 matches
Mail list logo