RE: [squid-users] Access http server

> I configured Apache um my squid server, but I did get > access , the error in squid access.log is: > 1068132264.745 3 192.168.5.9 TCP_MISS/503 1011 GET > http://192.168.2.1/ - NONE/- - A request denied by Squid would be TCP_DENIED. The 503 means "service unavailable". Do you a correspondin

RE: [squid-users] Using files instead of adding more lines

> is there a way to put addresses in a files called > direct.conf acl direct_sites dstdomain "/path/to/direct.conf" I believe this is documented in squid.conf.default. Adam

RE: [squid-users] Logging only

> Has anyone configured squid as a logging only server? I just want to > monitor Internet access without caching or forwarding of > traffic. See the FAQ - "Can I make Squid proxy only, without caching anything?" http://www.squid-cache.org/Doc/FAQ/FAQ-4.html#ss4.20 Adam

RE: [squid-users] Traffic Accounting per user

> What I want is to divide the bandwidth on IP base, so that > user A and B would equally get 50 percent of the full > bandwidth. See the Squid FAQ on Delay Pools: http://www.squid-cache.org/Doc/FAQ/FAQ-19.html#ss19.8 You'll probably want a class 2 or 3 pool (depending on the size of the address

RE: [squid-users] Logging only

>>> Has anyone configured squid as a logging only server? I >>> just want to monitor Internet access without caching or >>> forwarding of traffic. >> See the FAQ > Actually, the answer is no, you can't have squid log without > at least proxying (forwarding) your web traffic. Correct. I just gue

RE: [squid-users] IE auth against squid

> When a user autenticates using IE the first time the user > gets an error message. By pressing the reload button he > gets the requested page. This is a bug in various versions of IE (particulary IE 6). Microsoft has a fix for IE 6 - check the list archives for a KB # or link. Adam

RE: [squid-users] no_cache help

> I have a squid running in a machine but i don´t want make > cache of one WebServer that i have in Intranet. > I put the Tag: acl webserver dst mywebserver.pt > no_cache deny webserver It looks like you are using the hostname of your webserver. The dst acl type uses the IP addre

RE: [squid-users] no_cache help

> Why when i put in browser do not use proxy server for > addresses de address of mywebserver.pt nothing is > tranfer to Temporary Internet Files? Any decision about what is and is not put in Temporary Internet Files is made by IE, not Squid. If you want to know why IE does or does not do somethin

RE: [squid-users] Squid crashes right after start!

> finally I got samba 2.2.8a running. > But if I gonna start squid now, it crashes after about 10 sec Is there anything in cache.log? Adam

Re: [squid-users] memory hit ratio

On Friday 07 November 2003 08:36 pm, [EMAIL PROTECTED] wrote: > Could someone please give me an idea of what am I doing wrong on the > squid.conf ?, I can't get more percentage on "Request Memory Hit Ratios": I wouldn't worry about Memory Hit Ratios - you're better off worrying about Request and

[squid-users] Samba 3 ntlm_auth does not work with Win9x (Solution)

After upgrading to Samba 3 over the weekend, we discovered that our Windows 98 clients could not use NTLM auth. This problem came up once before on the list, and the response was that this is a Samba problem and the Samba list should be consulted. After some research, I discovered a solution to

RE: [squid-users] Squid crashes right after start!

> Ok, I fixed it! It was a permission problem. > But now the squid gives all NT users access to the internet. > I used in my squid.conf: > external_acl_type NT_global_group %LOGIN > /usr/local/squid/libexec/wb_group > acl ProxyUsers external NT_global_group Internet2 > acl password proxy_auth REQU

RE: [squid-users] Squid crashes right after start!

> How can I set up a squid.init in /etc/init.d/? > Or can someone send me his? Just do what I did - copy another init.d script from your OS, then edit it as needed. Adam

RE: [squid-users] Another issue from ntlm_auth samba3 shipped.

> I've read in samba mailing that persistent connection > must be active when using NTLM auth Correct. > But now I'm wondering which squid.conf options and what > parameter must be set. client_persistent_connections on Adam

RE: [squid-users] msn6 and squid

> I have squid 2.5.1 Stable and the msn6 no worksmsn5 works! > If i quit the proxy of browser and try to connect > worksbut with proxy not! Then either it doesn't support an HTTP proxy, or you haven't configured it to use a proxy. > In the acl put a rule allow port 1863, but no works

RE: [squid-users] IE Hang 2.5 Stable 4

> Having a problem with IE 6.0.2800.1106 and squid 2.5 stable 4. > The problem is IE appears to hang while using the proxy. > I've replicated the problem on several machines inside and outside > the local network. Windows 2000 and XP boxes. All these boxes have same version of IE? Can you duplic

RE: [squid-users] msn6 and squid

> but, why msn5 works? > And haven't configured it to use a proxy. Maybe MSN 5 uses the Internet connection settings from IE, and MSN 6 doesn't? I honestly don't know, but I do know this isn't a Squid problem, so you should ask Microsoft. They can give you better answers about how their products

RE: [squid-users] msn6 and squid

> Before i use squid without auntentication and MSN6 works!!! > But nowwith ncsa_auth no works!! How are we supposed to help you when you leave out important details? "Doesn't work when I use authentication" is very different from "doesn't work at all". In that case it is almost certainly n

RE: [squid-users] recompiling squid

> If Squid is self-contained in this binary, then it should not matter > whether the same configure flags are used - it should still > work just fine, correct? More or less correct. Remember that the new Squid binary will be using the squid.conf of the old Squid binary, so you want to make sure th

RE: [squid-users] ntlm_auth does not work

> I am using ntlm_auth from samba-3.0.0 with squid 2.5.STABLE3. > And neither Win2k clients can authenticate, nor win98 ones. Then you likely have a problem with your Samba install. Did you run the wbinfo tests as specified in the Squid FAQ? If so, what was the output? If not, run them and post th

RE: [squid-users] Group Authentication (NT4 Domain)

> I need to make a group authentication via proxy, set up > samba, authentication of user by Samba 3 works (groups as well). > Although there must be an error, for squid reports errors in > the ntlm_auth.c when starting, so it even doesn't start. Could you post the error you see on startup? Adam

RE: [squid-users] Delay pool mark from redirector decision.

> How to delay client's requests from redirector decision? > So the decision is make from time and URL. You can control what requests get put into a delay pool using standard Squid acls and the delay_access parameter (similar to http_access). So if you can write a Squid acl to match it, you can co

RE: [squid-users] Group Authentication (NT4 Domain)

> I get the following error: > > utils/ntlm_auth.c: manage_squid_request(1042) > fgets() failed! dying. errno=0 (Erfolg) > > after that squid dies. This looks like the "error" the ntlm_auth helpers give when Squid closes the connection between them. > Is there a way to redirect the stdo

RE: [squid-users] one computer, two squids that route differently

> we want to add another router that will be connected to > another internet line and have a part of our internal > IPs browsing through this new connection. Then you'll want to use the tcp_outgoing_address directive to set the source IP for the outgoing packets based on Squid acls. It works simil

RE: Re[2]: [squid-users] Delay pool mark from redirector decision.

> Could you give an example of such acl for Check your squid.conf.default for information on the url_regex and time acls, and see the Squid FAQ on access controls. http://www.squid-cache.org/Doc/FAQ/FAQ-10.html Adam

RE: [squid-users] NCSA Authent ...

> How to make with authentification NCSA so that certain users > have certain rights and others not ? Use the proxy_auth and/or proxy_auth_regex acl types. REQUIRED is just a special wildcard for proxy_auth; one or more specific usercodes can be specified instead. This will work with any form of

RE: [squid-users] NCSA Authent ...

> Like This ? Yes, that's the general idea. Remember that a generic "http_access allow" (as all authenticated users, your entire address space, etc) later in the chain could ruin what you're trying to accomplish. Are you trying to allow certain sites to only certain users, or allow certain users

Re: AW: [squid-users] Group Authentication (NT4 Domain)

On Wednesday 12 November 2003 05:25 pm, Henrik Nordstrom wrote: > I know the Squid provided winbind helpers incorrecly gave warnings like > the above when Squid shut down. Maybe the Samba ntlm_auth helper does as > well.. As a user of Samba 3 and ntlm_auth, I can confirm that it does. Adam

Re: [squid-users] Squid closing connection in mid stream

On Wednesday 12 November 2003 08:20 pm, Dave Hahn wrote: > I'm using Squid 2.5 Stable 4 with a rather basic config. Everything is > working as it should, with the exception of one site > (www.hcmuscle.com). The site loaded fine for me - Squid 2.5 STABLE4, IE 5.5 SP2 on Win2k SP3. What client bro

RE: [squid-users] scanning through proxy

> We notice there is a surge in port 80 scanning through proxy > servers in the past few days. > Below is a sample of the scan request That is just a request for the root of the document tree on the server itself - it does not appear to be a request for a document on another server. I see nothing

RE: [squid-users] Monitoring Linux Squid from NT Client?

> is there a possibility for monitoring squid running on > linux from a NT client? Monitoring Squid itself, or monitoring users accessing Squid? You can use Cache Manager to monitor Squid itself from any client with a web browser (so long as you provide access in squid.conf). Adam

RE: [squid-users] filter ssl traffic

> I want the SSL connection to terminate at the squid, so all > the traffic will be inspected as regular HTTP traffic. Only if Squid is being used in accelerator mode - the design of SSL prevents it in any other setup. Adam

FW: [squid-users] NCSA Authent ...

>> Are you trying to allow certain sites to only certain >> users, or allow certain users only certain sites? > Allow certain sites to only certain users. Then after you allow access to a group of sites for a specific group of users, you'll want to immediately deny access to that group of sites t

FW: [squid-users] Squid closing connection in mid stream

>>> I'm using Squid 2.5 Stable 4 with a rather basic config. >>> Everything is working as it should, with the exception >>> of one site (www.hcmuscle.com). >> The site loaded fine for me - Squid 2.5 STABLE4, IE 5.5 SP2 >> on Win2k SP3. What client browser/OS are you using? > IE 6, Windows 2K Pro.

RE: [squid-users] Cachemgr

> I have noticed that the cachemgr.cgi that came with Squid/RedHat > and installed it succefully. > Is there a web page/faq that inform about the more important > info to check. A good place to start is the General Runtime Information page. If you have further questions about a specific page or

RE: [squid-users] ntlm_auth does not work

>> Then you likely have a problem with your Samba install. Did you run >> the wbinfo tests as specified in the Squid FAQ? If so, what was the >> output? If not, run them and post the output. > Squid FAQ says: > "As Samba-3.x has it's own authentication helper there is no need to > build any of the

RE: [squid-users] disclosing an intranet site.

> I want explorers coming from the > 164.111.141.141/255.255.255.248 network to authenticate. > (don't mind the ipadress and mask they're made up.) > Or should I make an acl like this : > acl pipo1 src 164.111.141.141/255.255.255.248 > acl pipo2 proxy auth REQUIRED > http_acces allow pipo1 pipo2

RE: [squid-users] Squid and NTLM issue...

> SO why does squid support NTLM? So clients can use it to authenticate to the proxy. If the proxy supports NTLM auth, IE running on a station logged into a domain will authenticate to the proxy automatically. This is a big convenience factor for end users. > and i see some people already succes

RE: [squid-users] Squid and NTLM issue...

> My Major issue is that there is an internal website > (intranet) which has to use Windows integrated > authentication In that case, you need to configure the browser to not use the proxy for that site. Adam

Re: [squid-users] Squid NT vs. Squid Linux

On Friday 14 November 2003 10:33 pm, Cafe Admin wrote: > I'm currently running 2.5-Stable3 on a dedicated RH9 box, and I know my > hardware is being underutlized (2.0GHz Xeon , 2x10k RPM SCSI, 640MB, > 1000Mbps NIC). I'm thinking about converting the machine to Windows File > Server/PDC/SquidNT. I

Re: [squid-users] Configure squid to first try NTLM auth then fall back to BASIC?

On Saturday 15 November 2003 07:00 pm, Matthew Richards wrote: > I wish to configure Squid so that it challenges users for authentication, > first with NTLM and if the user agent does not support that then offer > BASIC. After unpacking the Squid source, run ./configure --help. There is an option

Re: [squid-users] Redirect unauthenticated users to a local web page

On Sunday 16 November 2003 04:25 am, hasan shatty wrote: > We need to redirect all users to an intranet web page before they > authenticate , then authentication will hapen in that page. This can be done, but it takes a bit of work - no one is known to have already implemented this and made it av

RE: [squid-users] ACL problems

> I keep getting this error with Squid (i fully admit I'm a novice) > Access Denied. > I've setup the ACL to allow client addresses from > 192.168.0.15-192.168.0.150/255.255.255.0 Have you read the Access Controls FAQ? http://www.squid-cache.org/Doc/FAQ/FAQ-10.html If, after reading this, you

Re: [squid-users] AW: Access Denied

On Wednesday 19 November 2003 07:52 am, Altrock, Jens wrote: > that's the cache log, I dunno why these messages appear when closing squid > Anyway, using RedHat 9 with Samba 3.0.0 and Squid 2.5stable4 > [2003/11/19 14:45:26, 1] utils/ntlm_auth.c:manage_squid_request(1042) > fgets() failed! dying

Re: [squid-users] Samba 3-ntlm_auth, Squid-2.5Stable4 and W2K3 Authentication options

On Wednesday 19 November 2003 01:58 pm, Dave Augustus wrote: > I can't get the darn thing to authenticate to a W2k3 AD server due > to changes in Samba that haven't migrated to Squid. I get a compile > error with the -with-samba-sources directive. It fails Yes, it would - you don't do that with Sa

Re: [squid-users] 207.46.110.*

On Wednesday 19 November 2003 04:56 pm, root wrote: > I've used calamaris for look squid statistics and the higuest > "request-destination" is : 207.46.110.* > > I don't know what that "request-destination" is. $ dig +short -x 207.46.110.1 -x 207.46.110.5 -x 207.46.110.25 baym-gw1.msgr.hotmail.c

Re: [squid-users] Samba 3-ntlm_auth, Squid-2.5Stable4 and W2K3 Authentication options

On Wednesday 19 November 2003 07:48 pm, Dave Augustus wrote: > Thanks for the responses, > > BUT > > I have tried all the methods mentioned in this thread and Squid simply > crashes with the message "Aborted." Ok. Let's start from the ground up. Show us the output of : 1) wbinfo -t 2) wbinfo -a u

RE: [squid-users] question about rule to user

> I have a user that have all internet access past 14:00 > hs. but i want that the user can access to "one" URL in > other times without loss the primary permission. Just create an acl matching this domain (using dstdomain or url_regex as appropriate), and allow that user access to that url in htt

RE: [squid-users] reply_body_max_size causes squid to crash

> I have squid 2.5 Stable 1 running on a Red Hat 9 box. It > crashes whenever I put the following acls in squid.conf Can you duplicate this using the most current STABLE release (currently 2.5 STABLE4)? Adam

RE: [squid-users] Re: limits receiving bandwidth, need more enlightment

> If I have delay parameter like this "2 64000/15 > 6400/15", I know this part "64000 or 6400" is for > my clients, so which class is used for squid to > connect to/from internet? > Is this some kind of what squid gives equal what squid > gets? How if we prefer to differ that, I mean what

RE: [squid-users] Blocking all addresses except a handful

> In looking at the FAQ > http://www.squid-cache.org/Doc/FAQ/FAQ-10.html#ss10.11, > I was wondering if its possible to substitute IP > addresses for domains. If you want to match by domain instead of IP address, use the dstdomain acl type. Adam

RE: [squid-users] Blocking all addresses except a handful

>> If you want to match by domain instead of IP address, >> use the dstdomain acl type. > I'm using Webmin for the configuration but I don't see > that as an option. Any idea if its called something > else? Squid calls it dstdomain. If webmin doesn't use the same name, then I have no idea what w

RE: [squid-users] Blocking all addresses except a handful

> Any idea what line I should uncomment and where I > should insert the URLs we only want to allow > access to? See the Squid FAQ for access controls: http://www.squid-cache.org/Doc/FAQ/FAQ-10.html There is also documentation in the comments in squid.conf.default. Adam

Re: [squid-users] again slow :(

On Tuesday 25 November 2003 05:48 pm, Maciej Wosko wrote: > I use squid to access WWW. But when I try to get to any page than I have to > wait about 20 second or more till anything appear in my browser ( Opera > 7.21 ). I have no idea why its like that. When I turn off squid and set > browser not t

Re: [squid-users] Using a proxy_auth acl to match active directory usernames

On Tuesday 25 November 2003 09:13 pm, Ken Thomson wrote: > I have a Squid v2.5 Stable 3 system which uses NTLM authentication to > authenticate users to an active directory domain. This works fine. > Only valid domain users can use the proxy. > > I also use delay pools to throttle bandwidth - this

[squid-users] Re: authenticate squid by novell eDirectory

[EMAIL PROTECTED] wrote: > In this implementation however, when the user opens the browser, they will > be prompted with a login box, no? Correct. This is the case with any basic auth helper, not just squid_ldap_auth. > Is there a way to make this happen behind the scenes, as with NTLM (using >

[squid-users] Re: Authenntication with a Transparent Proxy

Alan Hicks wrote: > I'm looking at installing free wireless internet access for the public > to use in the downtown Macon GA area. > The plan is to high-jack port 80 with a transparent proxy server > and serve up a default web page > Basically I want the users to only see this web page until th

[squid-users] Re: Re: Authenntication with a Transparent Proxy

Henrik Nordstrom wrote: > On Wed, 31 Mar 2004, Adam Aube wrote: > >> However, I have heard of an open source project that does exactly this - >> provide controlled access for public wireless service. > It is not possible do do HTTP proxy authentication in a transparent prox

[squid-users] Re: Can I use Squid for a web server?

Xavier Baez wrote: > I have a server that basically works to serve ad pages. > I thought it will be a good idea to install Squid so that users surfing > www.example.com will first pass through a proxy who caches contents. This is using Squid in HTTP Accelerator mode. For more info see: http://w

[squid-users] Re: a squid-users mailing list problem

Matus UHLAR - fantomas wrote: > I get two times every message that is sent to the squid-users list and to > me, that is, every message that is sent to squid-users list while I am in > To: or Cc: header. > Does anyone have the same problem? This is because people use "Reply-All" and don't take th

[squid-users] Re: Blocking access to port 10000

Gareth wrote: > I've set-up Squid to block access to port 1, to stop my users > accessing Webmin on our servers. It would be better to use firewall rules on the servers themselves, instead of relying on Squid to protect them. > This however doesn't work for http://server.ournetwork:1 or

[squid-users] Re: low cache hit ratio (was: Re: RE: squid array question)

Please don't ask a new question by replying to an existing thread - post a new message instead. aladakem wrote: > How best can I install Squid proxy to be able to have high hit rate? I > installed squdi2.5 stable 5 and running web polygraph with a target rate > of between 100 to 200/s, each time

[squid-users] Re: Two Problems/Authentication Prompting | Denying Specific Users to Specific Websites

Darwin L. Lambeth wrote: > I have succeeded at getting NTLM authentication to work, but > once in a while it will keep prompting my users for their passwords The usual cause of this is too few NTLM helpers - try increasing the number of NTLM helpers in squid.conf and running "squid -k reconfigure

[squid-users] Re: Busy Transparent Cache Causing Problems

Jay W. Reffner wrote: > I've got an OpenBSD box running Squid 2.5 Stable 5 that's pretty busy. > When it gets to around 30% squid process usage, my Layer 4 transparent > switch thinks that squid's down and kills my L4 redirection even though > it's not really. So what happens is when my L4 switch

[squid-users] Re: cache_dir size not been restrained

babar haq wrote: > I have fixed the cache to 5000 mb but it still goes up to 6.2G. > restarting squid show this: > 2004/04/07 00:58:31| Cache dir '/cache1' size remains unchanged at 512 > KB 512 KB < 5000 MB, so no problem there. > Can somebody help me find out whats going on??? Proba

[squid-users] Re: auth_param

Bernard PRE wrote: > auth_param ntlm program /etc/squid/mysql_auth.php > auth_param ntlm children 5 > auth_param ntlm max_challenge_reuses 0 > auth_param ntlm max_challenge_lifetime 20 minutes > > But if I launh two times IE, I always be asked for Username and Password > (each times) > > ==> I h

[squid-users] Re: HTTP PROXY

Priya Patil wrote: > Does Squid forward the data to destination in a separate thread? You mean separate TCP/IP connection, right? With proxies, there are two distinct TCP/IP connections - one between the client and the proxy, and one between the proxy and the remote server. The client and the re

[squid-users] Re: Re: HTTP PROXY

Priya Patil wrote: > Does the proxy use a separate thread to transfer data between the client > and remote server? Obviously you didn't mean "connection"... Squid is not multi-threaded, so the answer is no. The same process handles both client <-> proxy and proxy <-> remote server connections.

[squid-users] Re: HTTPS site

Montervino, Mariano wrote: > I´m using squid Version 2.5.STABLE5 and Samba 3.0.2a in a windows network. > If i configure IE to use "use http 1.1" plus "use http 1.1 through proxy > connection" options i couldn´t access somes site using ssl. The access.log > show that for thats sites the user does

[squid-users] Re: Re: HTTPS site

Henrik Nordstrom wrote: > Was a report some days ago indicating there is some kind of difference is > one enables/disables "Use HTTP/1.1 via proxies" option.. apparenly in one > mode IE worked, on the other messenger.. (or something like that, but > maybe it was MSN messenger..) That was the orig

[squid-users] RE: Re: HTTPS site

Montervino, Mariano wrote: > I try your suggestion but the problem persist. > Bellow is acl extract of the squid.conf [snipped] Unless you are using a cache heirarchy, you have no need of always_direct and never_direct. What I said to do was something like this: acl yahoo dstdomain .msg.yahoo

[squid-users] RE: RE: Re: HTTPS site

Montervino, Mariano wrote: > Thanks for your point but we are using cache heirarchy. Our configuration > is like this > Squid -> Dansguardian -> Squid Ok, that's fine - just put the yahoo line in http_access like I showed, and not in always_direct like you had it. Adam

[squid-users] Re: 401.2 Authentication Error

Ed Rodgers wrote: > I got Squid 2.5 STABLE5 up and running... and it runs well... > except I have problems when trying to access 1 site that is > business critical. > I think it has something to do with the fact that the site it is > accessing is an IIS site that allows no anonymous access, and >

[squid-users] RE: TCP_MEM_HIT performance

Francisco Lopez wrote: > There are 3000 requests, however only 10 different pages. So the total > size of objects in memory should be 500k. Anyway, this is not important. Actually, this is important. See below. > I think that on high load AUFS should perform better and 150 > users sending reques

[squid-users] Re: Re: cache_dir size not been restrained

babar haq wrote: > Ok I got the problem. I am rotating swap.log. This file is not supposed to > be rotated. Now how can I rectify the problem. Just remove the cache_swap_log setting in squid.conf. It will put it back into its default position (one in each cache directory). Be sure to run "squid

[squid-users] Re: Squid and Intranet

Sez Sez wrote: > I want that a user authentificate in intranet web > (server A). When the user want to see a mail, i want > connect to server B, without another authentificate if > is possible... > It's possible to do this with squid AFAIK, no - Squid does not provide SSO (single sign-on) fo

[squid-users] Re: Squid and Intranet

Henrik Nordstrom wrote: >> I want that a user authentificate in intranet web >> (server A). When the user want to see a mail, i want >> connect to server B, without another authentificate if >> is possible... > > If both web servers uses Basic HTTP authentication then this is possible. I didn't

[squid-users] Re: poor performance - what am i doing wrong?

Peter Matulis wrote: > I have installed the squeezer2 log analyzer and it > tells me I am saving only 1% bandwidth. > My host is a 450 MHz with 192 MB RAM. I am using 4 > fibre channel drive array. > Here is my simple config: Two lines from this are of interest: > cache_dir ufs /var/squid/cac

[squid-users] Re: "The cache was not able to resolve the hostname presented in the URL"

Tan, Kian Tiong wrote: > Currently I am having a child proxy to chain to parent proxy. However I > see errors when I test it on the web browser. > While trying to retrieve the URL: > The following error was encountered: > Unable to determine IP address from host name for

[squid-users] Re: To Have A /swap Partition, Or Not?

Bruno Marcondes wrote: > My squid server runs as a http accelerator, it is a HP/Compaq DL360 with > 2 Gb of memory, 4 squid process running as it has 2 hyperthread cpus. > It serves ~ 150 req/s (each process), its Linux RH9 kernel 2.4. > After some time running/serving , memory usage looks like

[squid-users] RE: SQUID and Welchia Worm (DoS)

pmquan wrote: >> Identify the offending IP addresses from access.log and then firewall >> these stations from using the proxy until they have been cleaned. > But it is impossible with me, i have more than 4'000 concurrent clients > infected with this virus. I cant firewall all of them and they ar

[squid-users] Re: A little help on delay_pools

Kenneth Oncinian wrote: > So I like to limit squid/Internet access to 128kbps only using delay > pools. (is my understanding correct about delay pools?) > acl mynetwork src 10.87.2.0/24-10.87.4.0/24 > delay_pools 1 > delay_class 1 1 > delay_access 1 allow all > delay_parameters 1 128000/128000 Y

[squid-users] Re: Windows Authentication

Sevcik Berndt wrote: > We want to use Squid as our proxy server with mainly Windows clients. The > problem is that our clients are not member of a domain. I have read a lot > about NTLM as a possibility but when I correctly understand it it requires > each client be a member of the domain (for exa

[squid-users] Re: Help, Squid ACL regex_url BYPASSS

Herman (ISTD) wrote: > Currently, I am preventing my users for downloading some files e.g file > with .bz2 extention. > In squid.conf I define as following : >acl BadUrl url_regex -i "/usr/local/squid/etc/data/BadUrlFile" > Add I add this entry to /usr/local/squid/etc/data/BadUrlFile :

[squid-users] Re: ntlm and granting certain user access to certain sites

Jim_Brouse/[EMAIL PROTECTED] wrote: > Is it possible to grant access in squid to certain sites based on a ntlm > username Use the proxy_auth acl - it matches on the authenticated username. See the default squid.conf for more details. Adam

[squid-users] Re: Delay Pool Config (Scenario)

Hakeem Mohammed Sadiq wrote: > I would like to implement Squid – Delay pool in the following scenario [details snipped] 1) Create 3 Class 1 delay pools, and limit each one to 512 Kbps 2) Deny the VIP acls in the first delay_access line for each delay pool 3) Add the subnets for each site to a de

[squid-users] Re: Squid authentication to Windows 2000 Active Directory

Herman (ISTD) wrote: > My question is that possible to configure squid to authenticate to Windows > 2000 Active Directory ? Yes. See the Winbind section of the Squid FAQ: http://www.squid-cache.org/Doc/FAQ/FAQ-23.html#ss23.5 Adam

[squid-users] Re: delay pools help

Payal Rathod wrote: > One software company some distance from us have agreed to share their > bandwidth with us for2 months. They will give us 128KBps. Who will enforce this 128kbps limit - the software company, or you? > I want to allow only few IPs (192.168.1.1 and 192.168.1.11) full use of >

[squid-users] Re: Re: delay pools help

Payal Rathod wrote: > Luckily it the software company which will enforce through their > router. > >> > I want to allow only few IPs (192.168.1.1 and 192.168.1.11) full use of >> > bandwidth, the rest should use only 64 KBps. >> >> If the software company enforces the limit, then it's easy. Just

[squid-users] Re: Re: delay pools help

Adam Aube wrote: > delay_parameters 1 8000/12000 #64 Kbps sustained; 96 Kbps burst A small correction - that comment should actually be: # 64 Kbps sustained; 12 KB initial burst (downloaded at full speed) This isn't how the delay pools actually work, but so long as the burst setting

[squid-users] Re: Re: Re: delay pools help

Payal Rathod wrote: > On Sat, Apr 17, 2004 at 09:44:05AM -0400, Adam Aube wrote: >> # 64 Kbps sustained; 12 KB initial burst (downloaded at full speed) > Does this mean that when say IP 192.168.1.99 starts browsing, first time > she will get speed of 12Kb but later it will be

[squid-users] Re: Re: Re: Re: delay pools help

Payal Rathod wrote: > Is there any other source of information where words like bucket, > delay_class and delay_parameters are explained in more detail? The term "bucket" is just a metaphor to try to explain how delay pools work. Beyond the FAQ and the default squid.conf, I don't know any good s

[squid-users] Re: Limiting the bandwidth of certain fyles

"Xavier Báez C." wrote: > Could anybody tell me how can I limit the transfer rate when my users > download files such as .rar, .exe, .zip... and prohibit downloads to > files with extensions such as: .mp3, .wma., .pif > > I've already read the following URL: > http://www.squid-cache.org/Doc/FAQ/F

[squid-users] Re: authenticate access to website using WEBMIN

novelit wrote: > When configuring webmin to authenticate access to website, i get this > error message > IGNORING: Proxy Auth ACL 'acl priv_auth proxy_auth REQUIRED' because no > authentication schemes are fully configured. The error message tells all - you haven't fully configured any authenti

[squid-users] Re: How to specific 2 Ip on one acl

Net Mail wrote: > how to for setup in 1 acl 2 single ip, for example: > acl adminIp src xxx.xxx.xxx.3 and xxx.xxx.xxx.43 ?? acl adminIp src x.x.x.3 x.x.x.43 This is documented in the Access Controls FAQ: http://www.squid-cache.org/Doc/FAQ/FAQ-10.html Adam

[squid-users] Re: Changing the TOS

Lizzy Dizzy wrote: > Need advice/hints on where I can modify the client_side.c such that the > TOS bits are marked on packets that is travelling from the proxy server to > the client. This can be done with iptables - see the TOS target. Adam

[squid-users] Re: Not caching a specific site

unixware wrote: >> I'm trying to configure squid to not cache a >> specific site. > you can also use > always_direct allow SomeSite always_direct and never_direct are used in cache heirarchies to control when Squid will fetch content directly from the remote server instead of from a parent proxy

[squid-users] Re: block only if part of a group

Jim_Brouse/[EMAIL PROTECTED] wrote: > With squid acl's I usually grant access if a user is part of group then > they have access to what that particular acl is about > Is there a way to say if you are part of this group then access is denied > to a particular acl, otherwise if you are not in the

[squid-users] RE: Re: Squid authentication to Windows 2000 Active Directory

Herman (ISTD) wrote: >> > Another thing, I am curious is it possible to relate the user >> > authentication with the delay pool instead of the conventional ip >> > address/subnet class ? >> You can use the login to control which pool the user will be assigned. >> Within that pool his usage will b

[squid-users] Re: Memory usage (I know it's been up before.. tricky business)

Martin Svensson wrote: > The problem I am experiencing is that the machine starts to swap > (performance is still good though). > No other memory intense applications are running on this server > It's running on RHEL 3.0. Try shrinking your swap partition or turning swap off altogether. Adam

<    1   2   3   4   5   6   7   8   9   10   >