Hi trying to configure transparent proxy with this rule any error?
#iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT
--to-port 3128
The requested URL could not be retrieved
While trying to retrieve the URL: /
The following error was encountered:
*
On Tue, 13 Jan 2004, Paul wrote:
I'd like to limit the total number of connections from anywhere,
and would like some clarification. For example, with the following:
acl connlimit maxconn 2
http_access deny all connlimit
http_access allow !connlimit
maxconn is appplied per source
With ca 98.9% probability this game application is not using HTTP for port
11999 and can not access this port via proxies.
What you need in such case is to set up your networking to allow direct
access to port 11999 from the client stations.
Regards
Henrik
On Wed, 14 Jan 2004, Fritz Mesedilla
Hello,
i have some questions about digest authentication and in particular on the
way communication beetween squid, the client and the helper takes place
(I'm testing digest_pw_auth).
1. Who does create the challenge for the user? Squid or the helper?
2. In the case it is Squid, what does it
Dear all,
I have a simple question about NTLM.
Does Squid support NTLMv2 authentication or just standard NTLM?
Regards,
Antonio Manfreda
Thank you very much for your reply, Henrik.
So a ulimit of 1000 ought to limit the total number
of connections to about 300+. Looks like under my
current 2.4 Linux kernel, maximum number of filedescriptors
possible is around 26K, but only 1024 allowed per process:
# sysctl fs.file-max
On Wed, 14 Jan 2004, Paul wrote:
Thank you very much for your reply, Henrik.
So a ulimit of 1000 ought to limit the total number
of connections to about 300+. Looks like under my
current 2.4 Linux kernel, maximum number of filedescriptors
possible is around 26K, but only 1024 allowed per
On Wed, 14 Jan 2004 [EMAIL PROTECTED] wrote:
1. Who does create the challenge for the user? Squid or the helper?
Squid.
2. In the case it is Squid, what does it pass to the helper on stdin?
3. And how does the helper reply? OK or ERR as usual?
2,3 is documented in the squid.conf comments
On Tue, 13 Jan 2004, Antonio Manfreda wrote:
Dear all,
I have a simple question about NTLM.
Does Squid support NTLMv2 authentication or just standard NTLM?
NTLM and LANMAN.
The Samba helper should support NTLMv2 and NTLM2 as well but is currently
limited by Squid.
Regards
Henrik
have you tried to set this option?
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
this option is needed if you want to configure transparent proxy.
.::DAMK::.
On Wed, 14 Jan 2004 09:47:06 +0300, Ronny [EMAIL PROTECTED] wrote:
Hi
Dear Henrik,
Yes it has retuned about 89 records that I found a lot of information about
my users in my AD. The only problem that I am trying so solve is the
argument that I should tell my Squid_ldap_auth to search my AD to
authenticate the user. Also about the authentication of the last argument
Hello,
thanks for the explanation about the communication strategy beetween Squid
and the helper. I missed it in the config file.
Anyway, I still can't find any direct reference to HHA1 in RCF2617. What
does it correspond to?
Thank you in advance.
Regards
Antonio Manfreda
Easynet srl c/o
I'm suddenly getting a lot of these errors. Here's an example:
2004/01/14 10:29:35| ctx: exit level 0
2004/01/14 10:29:35| ctx: enter level 0:
'http://www.squid-cache.org/Versions/v2/2.5/bugs/'
2004/01/14 10:29:35| httpProcessReplyHeader: Impossible keep-alive header
from
Hi all,
Caching is not happening the way I expected.
I am using Squid to cache the 'expensive' output of a Zope server. Due to increased
traffic on the site, I am getting many server errors (database conflict), so it is
urgent that objects be cached. I instructed Zope to insert a Cache-Control
Yup just downloaded the latest 2.5S4 snapshot and installed it on one of my
caches and they started. All the other caches are o.k.
alex
--On 14 January 2004 10:37 -0500 Steve Snyder [EMAIL PROTECTED]
wrote:
I'm suddenly getting a lot of these errors. Here's an example:
2004/01/14 10:29:35|
Dear Henrik,
Here is the sample of what is the reply of ldapsearch with this
argument:
###
/ldapsearch -h 192.168.2.2 -vx -b dc=hov,dc=butanegroup,dc=com
###
OUTPUT OF MY LDAP MACHINE
On Wed, 14 Jan 2004, Hamed Majnoonian wrote:
Yes it has retuned about 89 records that I found a lot of information about
my users in my AD. The only problem that I am trying so solve is the
argument that I should tell my Squid_ldap_auth to search my AD to
authenticate the user.
Look into the
On Wed, 14 Jan 2004, Hamed Majnoonian wrote:
The question is, is it looks good?
No. From what I can tell that only contained a few public entries added by
your DNS server, nothing about your users.
The second question is I am still trying to
Dear Henrik,
I have searched but I found name: my user ID, for example in the
output of LDAP. As much as I know I don't have any option about this in
squid_ldap_auth so how can I tell my squid_ldap_auth to search for a
special username? Could you provide any example?
Regards
Hamed
On Wed, 14 Jan 2004, Steve Snyder wrote:
I'm suddenly getting a lot of these errors. Here's an example:
2004/01/14 10:29:35| ctx: exit level 0
2004/01/14 10:29:35| ctx: enter level 0:
'http://www.squid-cache.org/Versions/v2/2.5/bugs/'
2004/01/14 10:29:35| httpProcessReplyHeader:
Thinking... OK, I think I know what the bug is in that patch.
What does access.log say?
Regards
Henrik
On Wed, 14 Jan 2004, Alex Sharaz wrote:
Yup just downloaded the latest 2.5S4 snapshot and installed it on one of my
caches and they started. All the other caches are o.k.
alex
--On 14
Dear Henrik,
Here is your suggestion and the answer that machine has retruned.
Swordfish# ldapsearch -h 192.168.2.2 -vx -D
CN=administrator,CN=users,DC=hov,DC=butanegroup,DC=COM -W
ldap_init( 192.168.2.2, 0 )
Enter LDAP Password:
filter:
Hey people:
Maybe this is something I'm overlooking, a common noob error or a typo,
but the following few ACLs and access rules just aren't behaving like I
think they should...
I'm trying to grant unlimited web access to any authenticated user and
limited access to non-authenticated users.
Here
I'm using squid-3.0-PRE3-20040108.
Want to do:
Browser --SSL-- Squid --SSL-- OWA
Here's my config:
visible_hostname klinger.algorithmics.com
cache_mgr [EMAIL PROTECTED]
https_port 443 cert=/opt/squid/etc/torxm.algorithmics.com.crt
key=/opt/squid/etc/torxm.algorithmics.com.key
Dear Henrik,
I tried this and it seems I have the complete output information to be
debugged.
I gave this one:
###
ldapsearch -h 192.168.2.2 -vx -D
CN=Administrator,CN=Users,DC=hov,DC=butanegroup,DC=COM -w -b
dc=hov,dc=butanegroup,dc=com Output
###
And then I
On Wed, 14 Jan 2004, Hamed Majnoonian wrote:
I have searched but I found name: my user ID, for example in the
output of LDAP. As much as I know I don't have any option about this in
squid_ldap_auth so how can I tell my squid_ldap_auth to search for a
special username? Could you provide any
On Wed, 14 Jan 2004, Burnes, James wrote:
When I use this configuration it allows un-authenticated access to
www.mycompany.com, but on any other web page it tries to authenticate
the user. Great so far, but after authenticating the user it denies
them access to the page they requested.
If
On Wed, 14 Jan 2004, Derek Winkler wrote:
http_access allow all-dst
http_reply_access allow all
http_reply_access allow all-dst
Here's my access.log:
1074094727.641 4383 10.1.10.103 TCP_MISS/501 368 GET
https://torxm.algorithmics.com/dwinkler.htm - ANY_PARENT/torxm.algorithmics.com
On Wed, 14 Jan 2004, Henrik Nordstrom wrote:
Thinking... OK, I think I know what the bug is in that patch.
Confirmed. The logics on what keep-alive headers are impossible was a
little too broad, sometimes triggering on fully valid HTTP/1.0 replies.
The patch has been corrected, and attached
On Wed, 14 Jan 2004, Hamed Majnoonian wrote:
sAMAccountName: sharpknifeedge
userPrincipalName: XX
The above is a sample of my ID in the AD ...
So the question is how can I tell my squid_ldap_auth to check this
speficifc username when it wants to check the password with
Using 2.5.stable4
Using basic_auth with htpasswd files and would like to know if there's a
way to:
1.) Expire passwords in squid, somehow.
2.) Allow the users to change their passwords.
Thanx,
Tim Rainier
It is your server which requires authentication.
If your Squid is set up to require authentication then both the Squid
reverse proxy and the server must use the same authentication, and you
must be using Basic HTTP authentication on both. In addition the Squid
reverse proxy must be configured to
On Thu, 2004-01-15 at 05:08, Burnes, James wrote:
.
acl safedomains dstdomain .mycompany.com
acl authenticated_users proxy_auth
^^^ REQUIRED
Add that one word in, and it'll work.
Cheers,
Rob
--
GPG key available at: http://www.robertcollins.net/keys.txt.
On Thu, 2004-01-15 at 09:50, Antonio Manfreda wrote:
Hello,
I'm trying to make an offline calculation of the Request-Digest for an
authentication session beetween a client and Squid using
digest_pw_auth to see if I can reconstruct the response to the challenge.
I'm using md5sum on Linux to
Thank you very much for the clue.
How can I turn on auth debugging in squid and what file does it use for
logging?
Anyway, I don't understand why, following RFC specs, I cant build the digest
created by the client (after all it is a client side calculation). Is there
some base64 encoding I am
On Thu, 15 Jan 2004, Antonio Manfreda wrote:
Thank you very much for the clue.
How can I turn on auth debugging in squid and what file does it use for
logging?
Anyway, I don't understand why, following RFC specs, I cant build the digest
created by the client (after all it is a client side
On Thu, 2004-01-15 at 10:35, Antonio Manfreda wrote:
Thank you very much for the clue.
How can I turn on auth debugging in squid and what file does it use for
logging?
Anyway, I don't understand why, following RFC specs, I cant build the digest
created by the client (after all it is a
Hi,
how i'm going to block my users to download the exe files
---
Best Regards
Liew Toh Seng
Icq No: 36835809
MSN: [EMAIL PROTECTED]
* .--.
* |o_o |
* |:_/ |
* //
* (| | )
* /'\_ _/` The Internet Solution Company
*
In a message dated 1/14/04 5:33:19 AM Eastern Standard Time,
[EMAIL PROTECTED] writes:
1024 is the default limit of Linux and many other OS:es.
It can be raised or lowered if you like.
To raise the limit you must also recompile Squid with the limit raised.
Why is this? It seems
39 matches
Mail list logo