Dave Coventry wrote:
I believe that this is the thing that is defeating me at the moment.
I'm not sure how easy it would be to get the post to your cgi to work.
You'll need to post absolutely (action=http://;) rather than
relatively.
But I think what you would be better to use the
On Wed, Mar 5, 2008 at 11:20 AM, Michael Graham wrote:
deny_info http://myhost/login.cgi?url=%s ipauthACL
then the login page will be your cgi script and as an added bonus you'll
get url set as the original url that caused the deny. Then you can
redirect to it after a successful login.
Dave Coventry wrote:
1:#!/usr/bin/perl
2:$| = 1;
3:$ip=STDIN;
4:$ip=chomp($ip);
5:$ipfile='/var/www/apache2-default/cgi-bin/ips/'.$ip;
6:#print $ipfile;
7:if (-e $ipfile){print OK;}
8:else {print ERR : .$ip;}
This appears in the cache.log:
2008/03/05 11:33:44| WARNING: ipauth #1 (FD 7) exited
Thanks, Mick.
On Wed, Mar 5, 2008 at 12:08 PM, Michael Graham wrote:
(Sorry Dave I keep hitting reply and not reply to list)
Yes, I keep doing that :)
External helps are not supposed to exit once they have completed a
request. Your perl script should read from stdin then write OK/ERR then
Uhm, try:
#!/usr/bin/perl -w
use strict; # (because you should!)
$| = 1;
while () {
chomp;
my ($ip) = $_;
# XXX should verify IP is an IP and not something nasty!
...
}
The question then is how to query a cgi from a helper. I'd try the LWP stuff
in Perl to talk
There's no (one) piece of software that does this yet. A combination of
various bits of free software can do all of this.
Adrian
On Wed, Mar 05, 2008, piyush joshi wrote:
Dear All,
Can anyone suggest me any free software to monitor squid
which will show all information like
Hi friends
Try Webmin
http://freshmeat.net/projects/webmin/
You can manage a lot o things through a graphic console.
Hope it helps.
Regards,
Luis Claudio Botelho
Chefe de Tecnologia e Redes
Coordenadoria Geral de Informática
Centro Universitário da FEI
São
Thanks Adrian,
On Wed, Mar 5, 2008 at 1:31 PM, Adrian Chadd wrote:
Uhm, try:
#!/usr/bin/perl -w
use strict; # (because you should!)
Point taken.
$| = 1;
while () {
chomp;
my ($ip) = $_;
# XXX should verify IP is an IP and not something nasty!
...
On Wed, Mar 05, 2008, Dave Coventry wrote:
The question then is how to query a cgi from a helper. I'd try the LWP
stuff
in Perl to talk to a cgi-bin ; what you've doen there is try to read a
file,
not call a cgi-bin. :)
My understanding is that Squid checks the helper to carry
To find out about the Performance of squid install cache manager.
To monitor the surfing habits install sarg.
On Wed, Mar 5, 2008 at 1:09 PM, piyush joshi [EMAIL PROTECTED] wrote:
Dear All,
Can anyone suggest me any free software to monitor squid
which will show all information
piyush joshi wrote:
Dear All,
Can anyone suggest me any free software to monitor squid
which will show all information like CPU usage, Memory Usage, No of
hite, IP address where from request is coming top users, Top sites,
Top Bandwith . Please reply to me i will be grateful to you
Hi,
I want to create an authenticator in perl - I don't want people
to have to manually type usernames and passwords, I just
hope to grab their usernames from the NTLM and trust that
they haven't installed a browser that can't supply the
credentials automatically like IE.
There is a number of
Kaddu, Patrick wrote:
I have set up Squid3 with SSL as a Reverse Proxy, SSL work as expected,
but when a backendserver have hardcoded links inside a webapplikation
like http://bla.bla.bla , the url change when the user click on this
link and you have no more ssl, only http!
Can you force to
You want something like this:
http_port 80 defaultsite=www.example.com vhost
https_port 443 cert=example.crt key=example.key
defaultsite=www.example.com vhost
#
acl example_sites dstdomain www.example.com example.com
acl example_ssl proto HTTPS
#
cache_peer 127.0.0.1 parent 1443 0 no-query
You are correct, this appears to be what is happening.
This breaks my initial assumptions about store.log entries, however -
instead of only logging objects either stored or removed from cache,
it's logging the disposition of each incoming request, showing
whether or not the request is
Still not working properly. Here is what my configuration looks like,
followed by what it is doing:
http_port 80 defaultsite=www.insideserver.com vhost
https_port 443 cert=/path/to/cert/example.crt
key=/path/to/key/example.key defaultsite=ssl.insideserver.com vhost
#
acl example_sites dstdomain
I have this line in access.log:
TCP_DENIED/400 1667 POST
http://idse.imss.gob.mx:-1/imss/servlet/gob.imss.idse.afilia.modelos.ModeloAfiliaMovimientos
- NONE/- text/html
and in my cache.log:
The reply for POST
Can you please do a tcpdump of the request from the client andsee if its really
asking
for a port -1?
Thanks,
Adrian
On Wed, Mar 05, 2008, Mario Salazar Ba?os wrote:
I have this line in access.log:
TCP_DENIED/400 1667 POST
Nick,
Try creating a seperate dstdomain acl for the ssl.insiderserver.com
and allow that for your cache_peer_access for the ssl connection
- Justin
On Wed, Mar 5, 2008 at 11:35 AM, Nick Duda [EMAIL PROTECTED] wrote:
Still not working properly. Here is what my configuration looks like,
Didn't seem to help, in fact with that I get Connection to example_ssl
failed. The system returned: (71) Protocol error
My config looks like this now:
http_port 80 defaultsite=www.insideserver.com vhost
https_port 443 cert=/path/to/cert/example.crt
key=/path/to/key/example.key
Think I solved it...I probably should have mentioned that I was using a
self-signed cert. If I use the sslflags=DON'T_VERIFY_PEER it works...now
I just need to use the SSLCAFILE= once I get the ca file.
- Nick
-Original Message-
From: Nick Duda
Sent: Wednesday, March 05, 2008 12:28 PM
Any pointers on how to properly convert the .p12 of a Windows Cert
Authority server to the .pem that sslcafile= wants? I tried doing this
conversion using openssl and got the .pem file from it, but it doesn't
work. I'm using sslflags for now, which I know is vul. to man in the
middle.
- Nick
So Nicholas, what exactly fixed your problem? I'm having an almost identical
problem as you were, except I'm trying to use a Cisco ASA5520 firewall
(which supports WCCPv2) with Squid 2.6. I have tried re-writing the
iptables in multiple was, but I don't think they ever get triggered. I
haven't
Hello all, I am having a problem with the client IP's being logged in
the access.log file.
I am using Squid with Dansguardian, and we would like to have Squid log
the IP's of each computer going through squid, but at the moment, all
traffic appears to go through 127.0.0.1 in the log. How do I
Hi,
At 15:57 05/03/2008, Adrian wrote:
Hi,
I want to create an authenticator in perl - I don't want people
to have to manually type usernames and passwords, I just
hope to grab their usernames from the NTLM and trust that
they haven't installed a browser that can't supply the
credentials
HI,
At 19:58 04/03/2008, Lazuardi Nasution wrote:
Hi,
I'm using Windows 2000 with Service Pack 4.
Server, right ?
If you think that it is a file
descriptor problem, why this problem apear when I install 3 Squid Services
but not happen on previous configuration which install one Squid
Adrian Chadd escribió:
Can you please do a tcpdump of the request from the client andsee if its really
asking
for a port -1?
Thanks,
Adrian
On Wed, Mar 05, 2008, Mario Salazar Ba?os wrote:
I have this line in access.log:
TCP_DENIED/400 1667 POST
On 05/03/2008, at 1:39 PM, Amos Jeffries wrote:
Well,
I am interested in speed, features and ICAP.
So I like -2 and -3 to merge.
It seems to me that for the sake of being polite with each other
we do not want to call the -2 / -3 issue a fork, but effectively
it really is a fork.
So here is
-Original Message-
From: Mark Nottingham [mailto:[EMAIL PROTECTED]
Well, that's a bit of a straw-man, isn't it? AIUI 3 *is* already 2 re-
coded into C++. Never mind the question of why that's necessary;
indeed, I think a lot of people's discomfort is centred on the fact
that large
On 05/03/2008, at 1:39 PM, Amos Jeffries wrote:
Well,
I am interested in speed, features and ICAP.
So I like -2 and -3 to merge.
It seems to me that for the sake of being polite with each other
we do not want to call the -2 / -3 issue a fork, but effectively
it really is a fork.
So
On Thu, Mar 06, 2008, Amos Jeffries wrote:
3.1 is about making up that failure plus some.
Is seamless IPv6, SSL control, and weighted round-robin not enough of a
killer app for you?
The trouble is Amos, I'm reasonably confident I can get sponsorship for
porting enough of those to Squid-2 for
On 06/03/2008, at 12:28 PM, Amos Jeffries wrote:
stale-if-error
stale-while-revalidate
- Um, so why did you (the sponsor for these two I believe) not also
request their addition in -3 for future-proofing your install app?
Because -3 isn't on our roadmap, for the reasons cited. If it appears
On Wed, Mar 05, 2008, Mario Salazar Ba?os wrote:
The reply for POST
http://idse.imss.gob.mx:-1/imss/servlet/gob.imss.idse.afilia.modelos.ModeloAfiliaMovimientos
is ALLOWED, because it matched 'all'
In my squid.conf I have an acl with all .gob.mx domain and http_access
allow to this
-Original Message-
From: Amos Jeffries [mailto:[EMAIL PROTECTED]
snip
3.0 was about parity with needs. It failed some in that regard.
3.1 is about making up that failure plus some.
Is seamless IPv6, SSL control, and weighted round-robin not enough of
a
killer app for you?
SSL
I have Squid set up as a Reverse Proxy listening on port 80. My backend
server (Apache) is running on port 8080. When Apache issues an automatic
redirect (such as when a visitor neglects a trailing slash on a directory
name), it adds port 8080 into the URL. How do I have Squid rewrite this
before
BTW, eCAP *is* interesting; it just looks really tentative at this
point, and the perf/stability issues overshadow it to some degree.
Now, if you released Python bindings for eCAP, *that* would be
interesting. Also, multi-core would make eCAP that much more powerful;
as it is, servers like
Folks,
I have a bit problem. I enabled the authentication in the squid as bellow.
However despite browser got 407 http response code, pop up window that to
fill in username/password didn't show up in the browser.
I also figured out that the response from the squid didn't include
WWW-authenticate
Dear all
At this moment, I have several squid servers for http
caching. Many duplicated objects have been found in
different servers. I would minimize to data storage
by installing a large centralized storage and the
squid servers mount to the storage as data disk.
Have anyone tried this
Hi,
Is there a utility that comes with squid 3.0 package that will
automatically
migrate any existing lower version squid configuration to reflect with the
new version? I know this sounds a lazy kind of administration technique,
but these will help a lot on proxy farms especially you have
Dear all
At this moment, I have several squid servers for http
caching. Many duplicated objects have been found in
different servers. I would minimize to data storage
by installing a large centralized storage and the
squid servers mount to the storage as data disk.
Have anyone tried this
On Thu, Mar 06, 2008, Siu Kin LAM wrote:
Dear all
At this moment, I have several squid servers for http
caching. Many duplicated objects have been found in
different servers. I would minimize to data storage
by installing a large centralized storage and the
squid servers mount to the
2008/3/6 Siu Kin LAM [EMAIL PROTECTED]:
Dear all
At this moment, I have several squid servers for http
caching. Many duplicated objects have been found in
different servers. I would minimize to data storage
by installing a large centralized storage and the
squid servers mount to the
Mark Nottingham wrote:
A killer app for -3 would be multi-core support (and the perf
advantages that it would bring), or something else that the
re-architecture makes possible that isn't easy in -2. AIUI, though,
that isn't the case; i.e., -3 doesn't make this significantly easier.
43 matches
Mail list logo