Re: [squid-users] deleting headers
On Sat, 24 Sep 2011 09:20:19 +0100, J. Webster wrote: Is it a bad idea to put this in the conf? Depends entirely on what you want. forwarded_for delete header_access From deny all header_access Referer deny all header_access Server deny all header_access User-Agent deny all header_access WWW-Authenticate deny all header_access Link deny all I accessed a What's my IP site and it knew that I was using a proxy, it even said squid 2.6. I believe some sites will block me base don the headers but won;t some sites block if headers do not exist? Sites which need those headers will block your use of them. Your choice whether to break such sites or allow them to use those details. Amos
Re: [squid-users] squid tproxy
Hi Amos, Thanks for your kind response.As per your reply ,i set rp_filter value 2 .But no luck. And then i tried for bridge mode in that i can see traffic in tproxy iptables rules, but i m not getting requests in squid access.log my os : fedora 15 64 bit kernel: 2.6.40.4-5.fc15.x86_64 squid : Squid Cache: Version 3.1.15 As per your before suggestions, i used latest kernel and latest squid version.But still same issue i am facing.Please please guide me to solve this problem. Regards, Benjamin On Sat, Sep 24, 2011 at 11:03 AM, Amos Jeffries squ...@treenet.co.nz wrote: On Fri, 23 Sep 2011 16:49:24 +0530, benjamin fernandis wrote: Hi All, I am trying to deploy squid with existing network for cache gain and tproxy feature.I configured squid properly there is no error.I can see traffic in access.log and iptables tproxy rule but at end users end they are getting squid error page with request time out. What could be the mistake behind this problem.? Is there anything remaining in squid? It has recently been brought to my attentino that the rp_filter system underwent a re-designe in kernel 2.6.32 and what we had in the wiki is doing the opposite (strict blocking) of what we wanted (loose checks default, none on the interface). Check your rp_filter values they should be 2 now where previously we were advising 1, and 0 on the interface where TPROXY is happening. reference : http://wiki.squid-cache.org/Features/Tproxy4 squid version: 3.1.15 os : fedora 15 Squid in network: ROUTER PBR CONFIGURATION ( FOR port 80 traffic pass to squid from bandwith shapper , for port 80 traffic pass internet to squid) | | SWITCH | | | | -SQUID BOX | BANDWITH SHAPPER | | END USERS Kindly guide me to solve this abnormal problem. Thanks, Benjamin
Re: [squid-users] Squid Session causing segmentation Fault
Hi Amos, Thanks for the answer, but where i have to put that parameter, in squid_session there is no concurrent parameter in squid_session --- NAME squid_session - Squid session tracking external acl group helper SYNOPSIS squid_session [-t idle_timeout] [-b dbpath] [-a] --- Thanks, Rino 2011/9/24 Amos Jeffries squ...@treenet.co.nz: On Fri, 23 Sep 2011 09:28:51 +0700, Rino M Nur wrote: Hi, we configuring our proxy to popup a windows using squid_session, when activated the squid process is terminated abnormally and log say externalAclLookup: 'session' queue overload (ch=0x866af10) snip squid,conf : #POP UP MESSAGE OR BANNER external_acl_type session ttl=60 %SRC /usr/lib64/squid/squid_session -t 7200 -b /etc/squid/session.db acl new_users external session deny_info http://someserver/server.html new_users http_access deny !new_users snip Is this a bug ? Yes, known and recently fixed. The session helper is concurrent in squid-3.x. Add concurrent=100 or similar to the parameters to avoid this. Amos
Re: [squid-users] Squid Session causing segmentation Fault
On Mon, 26 Sep 2011 08:09:47 +0700, Rino M Nur wrote: Hi Amos, Thanks for the answer, but where i have to put that parameter, in squid_session there is no concurrent parameter in squid_session --- NAME squid_session - Squid session tracking external acl group helper SYNOPSIS squid_session [-t idle_timeout] [-b dbpath] [-a] --- Thanks, In squid.conf. http://www.squid-cache.org/Versions/v3/3.1/manuals/squid_session.html#EXAMPLE Amos
Re: [squid-users] squid tproxy
Hi Amos, One input from my side. Current network is ISP network and they having BGP routed public ip pool.So does it has any conflict with them.? Because traffic comes into tproxy iptables rules means marking dones is good but requests are not coming into squid access.log. Best Regards, Benjamin On Sun, Sep 25, 2011 at 6:43 PM, benjamin fernandis benjo11...@gmail.com wrote: Hi Amos, Thanks for your kind response.As per your reply ,i set rp_filter value 2 .But no luck. And then i tried for bridge mode in that i can see traffic in tproxy iptables rules, but i m not getting requests in squid access.log my os : fedora 15 64 bit kernel: 2.6.40.4-5.fc15.x86_64 squid : Squid Cache: Version 3.1.15 As per your before suggestions, i used latest kernel and latest squid version.But still same issue i am facing.Please please guide me to solve this problem. Regards, Benjamin On Sat, Sep 24, 2011 at 11:03 AM, Amos Jeffries squ...@treenet.co.nz wrote: On Fri, 23 Sep 2011 16:49:24 +0530, benjamin fernandis wrote: Hi All, I am trying to deploy squid with existing network for cache gain and tproxy feature.I configured squid properly there is no error.I can see traffic in access.log and iptables tproxy rule but at end users end they are getting squid error page with request time out. What could be the mistake behind this problem.? Is there anything remaining in squid? It has recently been brought to my attentino that the rp_filter system underwent a re-designe in kernel 2.6.32 and what we had in the wiki is doing the opposite (strict blocking) of what we wanted (loose checks default, none on the interface). Check your rp_filter values they should be 2 now where previously we were advising 1, and 0 on the interface where TPROXY is happening. reference : http://wiki.squid-cache.org/Features/Tproxy4 squid version: 3.1.15 os : fedora 15 Squid in network: ROUTER PBR CONFIGURATION ( FOR port 80 traffic pass to squid from bandwith shapper , for port 80 traffic pass internet to squid) | | SWITCH | | | | -SQUID BOX | BANDWITH SHAPPER | | END USERS Kindly guide me to solve this abnormal problem. Thanks, Benjamin