Hello,
On Sat, May 11, Vilmondes Queiroz wrote:
> deny_info http://example.com !authorized_ips
does it works, if you add the http status code like:
deny_info 307:http://example.com !authorized_ips
--
Regards
Dieter
--
I do not get viruses because I do not use MS software.
If you use
Hello Amos,
thank you for your answer!
I opened a bugreport https://bugs.squid-cache.org/show_bug.cgi?id=5353
with some debug infos attached.
On Thu, Mar 14, Amos Jeffries wrote:
>
> On 12/03/24 04:31, Dieter Bloms wrote:
> > Hello,
> >
> > after an upgrade f
Hello,
after an upgrade from squid6.6 to squid6.8 on a debian bookworm we have a lot
of messages from type:
ICAP_ERR_GONE/000
ICAP_ERR_OTHER/200
ICAP_ERR_OTHER/408
ICAP_ERR_OTHER/204
and some of our users claim about bad performance and some get "empty
pages".
Unfortunately it is not
Hello Rob,
On Mon, Feb 05, Rob van der Putten wrote:
> After upgrading Squid from 3 to 5 the percentage of IPv6 reduced from 61% to
> less then 1%.
> Any ideas?
yes, since squid5 the happy eyeball algorithm as described in rfc 8305
is used.
If your ipv4 connectivity is better than ipv6 than
Hello,
I would like to run the squid in a Kubernetes environment.
I can simply send the access.log outside the container with the syslog module.
I have tried it with the cache.log, but unfortunately I don't see any log
entries from the cache.log. The access.log lines are transmitted:
--snip--
#
Hello,
I stumbled across this page
https://joshua.hu/squid-security-audit-35-0days-45-exploits and wonder
if all these security holes are really still there.
Can someone from the developers give a status?
Thank you very much.
--
Regards
Dieter
--
I do not get viruses because I do not use
Hello,
we are currently using the Squid with an ICAP virus scanner, which is capable
of trickling.
There are many manufacturers who support the ICAP protocol but not trickling.
Therefore, in my opinion, it would make sense if squid supported trickeling as
ICAP client.
Then you could use any
Hello,
is it possible to restrict the use of websockets for seurity reason like
prevent long-lived Websocket communication or define a limit for total size
of transfered payload?
--
Regards
Dieter
--
I do not get viruses because I do not use MS software.
If you use Outlook then please do
Hello,
I've enabled sslbump and configured the following outgoing tls options:
tls_outgoing_options min-version=1.2 options=NO_TLSv1:NO_TLSv1_1
cipher=TLSv1.2:+aRSA:+SHA384:+SHA256:+DH:-kRSA:!PSK:!eNULL:!aNULL:!DSS:!AESCCM:!CAMELLIA:!ARIA
so for me it looks like squid must not use TLS1.1 or
Hello,
does squid 5.7 support the HTTP/2.0 protocol?
>From https://wiki.squid-cache.org/Features/HTTP2 it seem some work seems
to be done, but not all.
But sometimes the docu is outdated, so I hope it is outdated and squid
does support HTTP/2
--
Regdards
Dieter
--
I do not get viruses
Hello Amos,
On Sat, Nov 12, Amos Jeffries wrote:
> On 12/11/2022 2:49 am, Dieter Bloms wrote:
> > Hello,
> >
> > I'm using squid 5.7 with enabled sslbump and can't reach the website
> > https://www.ilo.org/global/lang--en/index.htm
> > I get an error of
Hello,
I'm using squid 5.7 with enabled sslbump and can't reach the website
https://www.ilo.org/global/lang--en/index.htm
I get an error of type ERR_INVALID_RESP, but when I disable sslbump the
webcontent is shown in the browser.
Can anybody confirm this and can tell me what causes this problem
Hello Alex,
thank you for the quick answer!
On Mon, Oct 10, Alex Rousskov wrote:
> On 10/10/22 04:05, Dieter Bloms wrote:
>
> > since squid 5.7 I get the error page of type ERR_READ_ERROR, when a dns
> > label can not be resolved (for example https://dnslabeldoesnotexist.c
Hello,
since squid 5.7 I get the error page of type ERR_READ_ERROR, when a dns
label can not be resolved (for example https://dnslabeldoesnotexist.com/).
I expect the error page of type ERR_DNS_FAIL instead of ERR_READ_ERROR.
Can somebody confirm this behavior ?
--
Regards
Dieter Bloms
Hello,
I did an upgrade from squid 4.16 and got many messages like: assertion failed:
Transients.cc:221: "old == e"
and it seems, that the childs crash and restart:
--snip--
2021/09/20 04:37:47 kid2| assertion failed: Transients.cc:221: "old == e"
current master transaction: master368193
Hello,
I want to implement user authentication (kerberos) on an already existing
proxysystem without user authenticaion.
But I know that there are clients, which can't do any authentication.
So is it possible to configure squid, that it ask for proxy
authentication credentials, but if the
Hello,
I use squid 4.15 and want to configure it to connect to some destinations
via IPv4.
I know about the tcp_outgoing_address option, but my outgoing ipv4 and
ipv6 addresses changes every day.
So is there an option like:
acl myipv4onlydest dstdomain .example1.com .example2.com
Hello Alex,
thank yout for the fast response.
On Thu, May 20, Alex Rousskov wrote:
> On 5/20/21 8:12 AM, Dieter Bloms wrote:
>
> > I've a working setup with squid 4.14 and enabled sslbump under debian
> > buster.
> > But when I try destinations like https:/
Hello,
I've a working setup with squid 4.14 and enabled sslbump under debian buster.
But when I try destinations like https://1.1.1.1/ I get an error
ERR_CERT_COMMON_NAME_INVALID
The alternate DNS Names in the certificate of the original webserver is:
X509v3 Subject Alternative Name:
5-28704261
> Email: ngtech1...@gmail.com
> Zoom: Coming soon
>
>
> -Original Message-
> From: squid-users On Behalf Of
> Dieter Bloms
> Sent: Wednesday, January 20, 2021 1:26 PM
> To: squid-users@lists.squid-cache.org
> Subject: [squid-users] chromium based browsers
Hello,
I use squid 4.13 with enabled sslbump.
Chromium based browsers like chrome and edge don't play this video
https://admin.wissen-ad.de/storage/TEST/Big_Buck_Bunny_1080_10s_30MB.mp4
The firefox browser and the old internet explorer have no problems.
When I disable sslbumping for this
Hello Amos,
On Thu, Jan 14, Amos Jeffries wrote:
> On 13/01/21 11:27 pm, Dieter Bloms wrote:
> > Hello,
> >
> > the wiki of squid cache project (wiki.squid-cache.org) has an incomplete
> > certificate chain.
> > I can't access the website with enabled sslbump
add the intermediate
certificate.
More infos can be see here:
https://www.ssllabs.com/ssltest/analyze.html?d=wiki.squid%2dcache.org
--
Regards
Dieter Bloms
--
I do not get viruses because I do not use MS software.
If you use Outlook then please do not put my email address in your
address
Hello Matus,
thank you for your answer.
On Tue, Jul 21, Matus UHLAR - fantomas wrote:
> On 21.07.20 09:41, Dieter Bloms wrote:
> > we use the sslbump feature and it works very well.
> > But some sites can't be reached because of missing intermediate
> > certificate.
>
?
--
Regards
Dieter Bloms
--
I do not get viruses because I do not use MS software.
If you use Outlook then please do not put my email address in your
address-book so that WHEN you get a virus it won't use my address in the
From field.
___
squid-users
Hello,
more and more clients aren't browser but are programs, which call a
restapi through our squid proxy.
Those clients aren't able to show the errorpage (ERR_*) from proxy in
case the request wasn't successful for any reason.
I added %err_code and %err_detail, but %err_detail is filled with
--
--
Regards
Dieter Bloms
--
I do not get viruses because I do not use MS software.
If you use Outlook then please do not put my email address in your
address-book so that WHEN you get a virus it won't use my address in the
From field.
___
squid-users
t; > Van: squid-users
> > [mailto:squid-users-boun...@lists.squid-cache.org] Namens Dieter Bloms
> > Verzonden: woensdag 8 april 2020 13:37
> > Aan: squid-users@lists.squid-cache.org
> > Onderwerp: [squid-users] sometimes intermediate certificates
> > were not downloaded w
much.
--
Best regards
Dieter Bloms
--
I do not get viruses because I do not use MS software.
If you use Outlook then please do not put my email address in your
address-book so that WHEN you get a virus it won't use my address in the
From field
Hello,
I have a working setup with openssl, which use softhsm as pkcs11
backend.
I can sign csr requests with openssl command line tool.
Now I want to use this mechanism for squid ssl-bump.
Is it possible to use the pkcs11 mechanism with squid and openssl ?
I tried someting like:
http_port
Hello,
I use squid 4.9 with enabled sslbump and it works great for the most
websites.
There are some websites, which use websockets like web.whatsapp.com
and can not be reached with enabled sslbump.
When I exclude this destination from sslbump, I get the qrcode, which
can be scanned with the
Hello,
On Wed, Feb 06, Yann Girardin wrote:
> I am using ssl bump and it's work fine a lot of SSL sites, but some of
> those are misconfigured and squid won't succeed to get the correct
> certificate, and give me the following error :
> SEC_ERROR_UNKNOWN_ISSUER
>
> Looking on the internet I
Hello,
I've compiled squid 4.5 with openssl1.1 as shipped with debian9.
Sslbump works fine for all sides, but I can't access only one site
https://www.finanzamt.bayern.de/
and don't know the reason.
Ssllabs gives "A".
Here are the squid compile options:
--snip--
Squid Cache: Version 4.5
Service
Hello,
we use the sslbump feature of squid, and it works very well.
One of our http clients expect a CRL distribution point in the dynamic
generated certificate.
I've setup a http server, which delivers this crl list, but don't know
how to configure squid to set this distribution point in every
Hi,
I run squid4.1 for several days in production and have to say it works
pretty good.
It is stable and it downloads the missing intermediate certificates
automatically.
Great work!
Thank you very much for this version.
--
Regards
Dieter
--
I do not get viruses because I do not use MS
Hello,
On Tue, Jun 26, Gordon Hsiao wrote:
> checked the manual it seems I can only set dnsserver with a new IP, is it
> possible to make squid support non-standard DNS port, e.g. 5353?
maybe you can use a dns resolver like unbound, dnscache, dnsmasq,
which can be configure to listen on
Hello Alex,
thank you for your answer!
On Fri, Dec 15, Alex Rousskov wrote:
> On 12/15/2017 03:53 AM, Dieter Bloms wrote:
>
> > I use the native ftp support of squid-4.0.22 and it works well without proxy
> > authentication.
>
> > I want to enable the proxy authent
Hello,
I use the native ftp support of squid-4.0.22 and it works well without proxy
authentication.
I want to enable the proxy authentication, but don't know how to login
to the proxy with the native ftp client.
Without proxy authentication the string ftpuser@ftpserver works fine.
When I enable
Hello,
I used external helper with squid 3.5.xx several years without any
problem.
Now I tried to upgrade to squid 4.0.21 and squid seems to work fine, but
I get many logentries like:
--snip--
2017/09/14 07:43:12 kid3| WARNING: blockhostsdomain ACL is used in context
without an ALE state.
Hello,
I want to customize the time format for %t in my error pages.
For the logfiles it is in strftime format like %{%d.%m:%Y %H:%M:%S}tl,
but when I put it in my error page templates like %{%d.%m:%Y %H:%M:%S}t,
squid doesn't consider it.
Is there any way to define the timeformat for %t in the
Hi Ivan,
On Tue, Jun 06, Ivan Larionov wrote:
> We recently updated from squid v2 to v3 and now see huge increase in
> connections in TIME_WAIT state on our squid servers (verified that this is
> clients connections).
I can confirm that since 3.5.22 to our ICAP scanners.
with 3.5.21 we had no
Hello Alex,
On Thu, May 18, Alex Rousskov wrote:
> On 05/18/2017 03:17 AM, Dieter Bloms wrote:
>
> > I wrote some custom error pages and activated style sheets in the header of
> > the error pages like:
> >
> >
> > %l
> >
> >
> >
Hello,
I use squid 3.5.25 compiled with following options:
Squid Cache: Version 3.5.25
Service Name: squid
configure options: '--prefix=/usr' '--sysconfdir=/etc/squid'
'--bindir=/usr/sbin' '--sbindir=/usr/sbin' '--localstatedir=/var'
'--libexecdir=/usr/sbin' '--datadir=/usr/share/squid'
Hello,
I did an upgrade from 3.5.8 to 3.5.11 and now sometimes I get the
message:
assertion failed: client_side.cc:819: "areAllContextsForThisConnection()"
in cache.log and squid dies.
Is this a known problem or shall I create a bugreport ?
--
Regards
Dieter
--
I do not get viruses
Hi,
On Fri, Nov 06, Fullyrealized LLC wrote:
> I have been trying to bolster my pfsense systems and found one
> difficulty with squid3. I cant figure out how to allow for support of
> tls 1.1 and 1.2. It supports tls 1 of course but the new reports from
> qualys give a "C" for such. I am
Hallo Marcus,
On Thu, Sep 17, Marcus Kool wrote:
> I just tried accessing https://banking.postbank.de/
> using Squid 3.5.8 and Chrome.
> I also got the ERR_CONNECTION_CLOSED error.
thank you for testing, so I think the fault is not my config.
May it be a bug in squid or openssl, or maybe the
Hello Amos,
thank you for your hints.
On Thu, Sep 17, Amos Jeffries wrote:
> > the relevant part ist:
> >
> > --snip--
> > acl nodecryptdomains dstdomain "/etc/squid/nodecrypt.domains"
> > http_port MYIP:8080 ssl-bump cert=/etc/squid/ca.pem key=/etc/squid/ca.key
> >
Hello Antony,
On Wed, Sep 16, Antony Stone wrote:
> On Wednesday 16 September 2015 at 15:39:35, Dieter Bloms wrote:
>
> > I did an upgrade of my squid from 3.4.13 to 3.5.8 and most sites are
> > accessible via HTTPS and sslbump enable.
> > But I can't get any a
:
sslproxy_flags No_Compression
but squid claims FATAL: Unknown ssl flag 'No_Compression'.
Is it possible to disable TLS compression for the connection from squid
to the webserver when sslbump is used ?
Thank you very much.
--
Regards
Dieter Bloms
--
I do not get viruses because I do not use MS software
Hello Amos,
On Sat, Dec 20, Amos Jeffries wrote:
When I do a http://ssl.ratsinfo-online.net/ the fallback from ipv6
to ipv4 works fine, but when I do a
https://ssl.ratsinfo-online.net/ squid tries ipv6 only and doesn't
do a fallback to ipv4.
I would be nice, if you can try it on
Hello,
we use squid 3.4.9 as proxy for our company with ipv4 and ipv6 dual
stack.
It works good, but if a destination has an A and record and the
webserver isn't reachable via ipv6, squid generates an error page
instead of trying a connection via ipv4.
One example is the url:
the intermediate certificate on it's own.
Is there any option to enable this behavior in squid, so squid can
validate a the certificate where the intermediate certificate is missing ?
Thank you for your help !
--
Regards
Dieter Bloms
--
I do not get viruses because I do not use MS software.
If you use
Hello,
I use squid 3.4.5 and sslbump works great for the most big sites like
google and facebook
There are some destinations, which share there ip with other virual
webserver, so the client gets a default certificate from the server with a
wrong CN. With SNI the client get the right
Hi,
I found http://wiki.squid-cache.org/Features/HTTP2 and I wonder if it is
the actual state, that SPDY is planned for squid 3.5, or is it allready
implemented in the actual version.
--
Regards
Dieter
--
I do not get viruses because I do not use MS software.
If you use Outlook then please
Hi,
we use ipv4 and ipv6 tcp protocol for our outgoing interface.
The most sides are accessable via ipv6, if a Record is available,
so ipv6 works great in most cases.
Some sides like http://www.hsp-steuer.de/ announce ipv6 records, but are
not accessable via ipv6.
Is it possible that squid
Hi Amos,
thank you for your quick answer.
On Thu, Jul 25, Amos Jeffries wrote:
On 25/07/2013 6:52 p.m., Dieter Bloms wrote:
Hi,
we use ipv4 and ipv6 tcp protocol for our outgoing interface.
The most sides are accessable via ipv6, if a Record is available,
so ipv6 works great in most
Hi Alex,
On Thu, May 23, Alex Rousskov wrote:
I use squid 3.3.5 with the ssl-bump feature.
My private key is crypted and I want to enter the password at start time.
Since 3.3.5 squid wants to execute a program even I haven't configured
sslpassword_program and start squid with the -N
Hi,
I use squid 3.3.5 with the ssl-bump feature.
My private key is crypted and I want to enter the password at start time.
Since 3.3.5 squid wants to execute a program even I haven't configured
sslpassword_program and start squid with the -N option.
--snip--
idvhttpsproxy01:~ # squid -f
Hi,
I run 3.2.7 squid successfully for some weeks now.
Yesterday I tried to upgrade to squid 3.3.3 and after a few minutes
squid exits and I get the following messages in my cache.log:
--snip--
2013/04/09 08:44:40| Starting Squid Cache version 3.3.3 for
x86_64-suse-linux-gnu...
2013/04/09
Hello Amm,
On Wed, Apr 10, Amm wrote:
- Original Message -
From: Dieter Bloms sq...@bloms.de
To: squid-users@squid-cache.org
Cc:
Sent: Wednesday, 10 April 2013 3:03 PM
Subject: [squid-users] assertion failed: Checklist.cc:287: !needsAsync
!matchFinished after upgrade from
Hi,
we use following constellation:
clients - squid - virusscanner - internet.
the virusscanner is avwebgate from avira configured as parent proxy.
The load is ~400 req/s.
With squid 3.1.20 we had no problems, but after upgrade to 3.2.3 our
virusscanner claims it is busy after a few seconds.
/2012 1:50 PM, Dieter Bloms wrote:
Hi,
we use following constellation:
clients - squid - virusscanner - internet.
the virusscanner is avwebgate from avira configured as parent proxy.
The load is ~400 req/s.
With squid 3.1.20 we had no problems, but after upgrade to 3.2.3 our
virusscanner
Hi,
I want to run squid with several workers and when I start squid without
-N option, then I see all the workers and it works as expected.
But I use the daemontools from Danial Bernstein to start and monitor the
proccesses. This tool requires, that the proccesses don't go in
background.
I think
Hi Nicolas,
On Wed, Aug 08, Nicolas Michels wrote:
I have squid installed with enable-ssl and enable-ssl-crtd
sbin/squid -v
Squid Cache: Version 3.0.STABLE26
configure options: '--enable-ssl' '--enable-ssl-crtd'
But when I try to run squid I get this error:
cache_cf.cc(346) squid.conf:19
very much.
--
Best regards
Dieter Bloms
--
I do not get viruses because I do not use MS software.
If you use Outlook then please do not put my email address in your
address-book so that WHEN you get a virus it won't use my address in the
From field.
Hi,
I went into the problem descriped in bug #3048
http://bugs.squid-cache.org/show_bug.cgi?id=3048
The patch is commited to 3.2 branch, but not to 3.1 as far as I can see.
Will the patch be applied to 3.1, too ?
--
Best regards
Dieter
--
I do not get viruses because I do not use MS
Hello,
since an upgrade from 2.7STABLE9 to 3.1.9 I get several core dumps a day
after a logentry like:
assertion failed: AclProxyAuth.cc:229:
authenticateUserAuthenticated(Filled(checklist)-auth_user_request)
I ran the squid on a SLES11 system compiled with:
Squid Cache: Version 3.1.9
Hello,
when a user canceled a download, I can't see it in the access.log and
cache.log.
Is it possible to log the reason, why the download is cancled.
In access.log file I see only the 200 HTTP status code.
--
Best regards
Dieter
--
I do not get viruses because I do not use MS software.
If
Hi,
On Thu, Apr 15, Yury Kuryakov wrote:
Hello everybody!
Can't find answer to my simple question in google and yandex:
how to find out what options squid binary was compiled with?
yes,
squid -v
--
Best regards
Dieter
--
I do not get viruses because I do not use MS software.
If you
?
Thank you for a hint
--
Best regards
Dieter Bloms
--
I do not get viruses because I do not use MS software.
If you use Outlook then please do not put my email address in your
address-book so that WHEN you get a virus it won't use my address in the
From field.
Hi,
On Wed, Mar 31, Dayo Adewunmi wrote:
How do I use `follow_x_forwarded_for` to allow X-Forwarded-For header for all
IP's in my LAN 192.168.0.0/21. They all go through the squid proxy,
192.168.0.1.
it depends on what you want.
Do you have an another proxy between the clients and squid, or
Hi,
On Wed, Mar 31, Dayo Adewunmi wrote:
There's no other proxy between clients and squid. I'm trying to get squid
to include LAN IPs for external servers. So, for that it's forwarded_for
on? Or do you mean follow_x_forwarded_for on?
from squid.conf
# TAG: forwarded_for on|off
#
.
--
Best regards
Dieter Bloms
--
I do not get viruses because I do not use MS software.
If you use Outlook then please do not put my email address in your
address-book so that WHEN you get a virus it won't use my address in the
From field.
Hi Michael,
On Mon, Feb 15, Michael Neumeier wrote:
I have a Windows 7 host machine with the IP 10.255.0.0/24. On this
Windows machine, I have VMWare 6 installed. In this VMWare, I am
running Debian 5.0.2 32bit with squid 3.0.Stable-3+lenny2. The IP of
this VM is 192.168.157.155
I think
Hi,
On Sun, Feb 07, J. Webster wrote:
Is there any problem with using opendns server as the dns_nameserver in squid?
Is it slower than using the local hosts namersevrers?
I have an issue with dns timeouts for 1 or 2 websites and am having to
restart the dns cache (nscd) every 6 hours to
Hi,
On Wed, Jan 27, Soporte Técnico AlemNet wrote:
How can i make cache_peer selection for blocks of ip of my network ?
Example.
192.168.0.xxx i want to use
cache_peer 172.16.1.1
192.168.1.xxx i want to use
cache_peer 172.16.1.2
192.168.1.xxx i want to use DIRECT
this has to be done
Hi,
On Tue, Dec 22, Matus UHLAR - fantomas wrote:
On 08.12.09 14:30, Ali Ahsan wrote:
Does forx provide authentication against ldap.Like we use in squid user
must authenticate before using proxy.
the FTP protocol does not support proxying, so you can't use proxy
authentication. You only
Hi,
On Thu, Dec 10, Arnold, Christian wrote:
I had to create a new machine which hosts our squid proxy. This new
machine is available under another IP than the last one. I sent out a
newsletter to all the users that they have to change the proxy
settings, but still some of them are using the
Hi,
On Tue, Aug 18, Muhammad Sharfuddin wrote:
squid -z
FATAL: Bungled squid.conf line 3: cache_dir diskd /var/cache/squid 4096
16 256 64 72
Squid Cache (Version 2.7.STABLE5): Terminated abnormally.
what should I do ? where I am doing the mistake ?
the line should look something like
smaller, but with a squid -k logrotate I get many
logfile.[0-9] files, which I don't want.
So is there a command line option to let squid compact the swap.state
file without logfile rotation and without restarting squid ?
Thank you very much.
--
Best regards
Dieter Bloms
--
I do not get
Hi Amos,
On Sun, Mar 15, Amos Jeffries wrote:
I use an url_rewrite_program, which seems to die after about 40
requests.
Squid starts 15 processes, which are enough, but after some time one
process after another die and at the end all processes where gone.
Is it possible to let squid
Hi,
I use an url_rewrite_program, which seems to die after about 40
requests.
Squid starts 15 processes, which are enough, but after some time one
process after another die and at the end all processes where gone.
Is it possible to let squid restart an url_rewrite_program, when it dies ?
Hi,
we have a commercial software, which provides the credentials to the
squid proxy, when we run the 3.0.STABLE9, but doesn't, when we run
2.7.STABLE6.
When we run 2.7.STABLE6, the client does the requests without
credentials, even when squid answers with 407 HTTP code.
the only difference I
Hi,
On Wed, Nov 12, julian julian wrote:
Ok, I'm using thunderbird and set the proxy manually, but when I try
to conect I get an error, should I make some special config in squid?
as Amos said, squid is an http proxy. You are looking for an imap proxy
like:
http://www.imapproxy.org/
--
Hi Ralf,
On Fri, Jul 04, Ralf Hildebrandt wrote:
ignore_expect_100 on
I added this. Let's see how it goes.
2.6.x behaved differently in this regard?
yes and 3.0 behaves differnt, too.
I had the same problem with 2.7 so I switched to 3.0
--
Gruß
Dieter
--
I do not get viruses
Hi,
On Sun, Apr 20, Anil Saini wrote:
generating 100s of request in a sec. . is that some virus problem with the
users(172.16.18.38)..machine or some other problem
1208689937.821 0 172.16.18.38 TCP_DENIED/403 1479 OPTIONS
http://127.0.0.6/ - NONE/- text/html 1208689937.858 0
it
Hi,
On Tue, Mar 25, paul cooper wrote:
so is this login stored in the cache somewhere ?
I need to flush the cache when i change user ?
squid caches the authentication results, I think the default is 2h.
Please have a look for the keywords in your default squid.conf:
max_user_ip and
Hi,
On Mon, Dec 17, Carlos Lima wrote:
So my questions are:
- Should Squid be taking only in consideration for large environments
with hundreds or even thousands of people accessing web?!
no, it can also be used in small enviroment.
- In these days a proxy like Squid for caching purposes
Hi,
On Mon, Dec 17, Nikolas wrote:
I am not using squidclient, is there any way to overcome this?
Thanks a lot
telnet, netcat, ..., make your own programm.
--
Gruß
Dieter
--
I do not get viruses because I do not use MS software.
If you use Outlook then please do not put my email
Hi,
what does tcpdump say ?
tcpdump -n -i outgoinginterface -s 0 -w /tmp/outdump
you can view the dump with wireshark.
On Wed, Aug 15, Mehmet, Levent (Accenture) wrote:
Hi
The company hosting the site have confirmed they are not having the
problem with any other client, apart from us:
Hi,
On Wed, Aug 08, Scott B. Anderson wrote:
The squid server is the lan router and the client default gateway so
any network issues would show up when proxy is off. I'm at a loss.
This is 2.6STABLE_13 on Fedora core 5 kernel 2.6.17-1.2174_FC5. This
became a problem only after switching from
Hi,
On Fri, Jun 15, pauloric wrote:
a) squid:~# /usr/lib/squid/ldap_auth -b dc=xxx,dc=com,dc=br -f uid=
% s -h 130.0.150.2
pauloric pauloric
OK
that's good.
squid# tail -f /var/log/squid/access.log| grep 130.0.150.2
1181911584.377 8 130.0.150.2 TCP_DENIED/407 1832 GET
Hi,
On Sat, May 19, lucas coudures wrote:
I got from some how-to a rule called cache-per and i set the followings
option:
cache_peer xxx.xxx.xxx.xxx parent 3128 0 default no-query (I seted the
3128 port in the NTLM as well)
did you have a line like:
never_direct allow all
to tell
Hi,
On Wed, May 16, Sathyan, Arjonan wrote:
I don't think this is an MSIE6 bug, since I am able to download the same
DVD ISO file without using Squid. (i.e., if directly connected to
internet)
This issue arises only when downloading through Squid Proxy...
the internet explorer has a
Hi,
On Mon, Jan 29, Vadim Pushkin wrote:
I would like to limit the use of CONNECT within my squid.conf to just a few
sites, for now the sites defined by the ACL App-Port-80. I am
considering doing this like this:
# Access to App-Port-80 uses port 80 for CONNECT
acl App-Port-80 dst
Hi,
On Mon, Jul 24, Steven wrote:
I had a similar problem under Linux where cache hits were really slow on a
server that was not busy. Switching to aufs fixed the problem for me (ie
just replace the word diskd with aufs on the cache_dir line).
I've tried it on my test system and yes, the
Hi,
On Fri, Mar 17, Jonathan Pauli wrote:
Is this a DNS timeout issue that can be changed in the squid config?
login to your squid box and type host hostname, and replace
hostname with the one witch timed out.
If this take a long time you have to correct your DNS config.
--
Gruß
Dieter
Hi,
On Fri, Mar 17, Linda W wrote:
Based off SuSE9.3 with some updates; linux kernel 2.6.15.5 on pentium3;
gcc=3.3.5 (20050117); glibc=2.3.4-23.4
Did you install some packages from other source ?
SuSE9.3 came with 2.6.11 kernel.
--snip--
ftp pwd
257
Hi,
On Fri, Jan 13, Meyerovich Aleksandr EB_NY wrote:
Are there any debugging switches for squid_ldap_auth to get something
more descriptive than ERR?
what's about dumping the tcp connection with
tcpdump -n -i interface -s 0 -w /tmp/tcpdump.ldap port 389
and have a look with ethereal.
--
Hi Paul,
On Tue, Dec 20, Paul Matthews wrote:
just i'm working on getting squid1 == DG == squid2 and wondering, how
do i disable caching in squid1?
it is documented in the configurationfile (section cache_peer):
--snip--
#use 'proxy-only' to specify objects fetched
#from this
1 - 100 of 118 matches
Mail list logo
