Hi,
I have read the mailing lists and am aware (from old mailing list
emails) that if squid receives the request it has to pass on an error
page in certain circumstances.
I was wondering though if it would all be possible to not pass on an
error page (maybe in a future version) if an error is
On Tue, Sep 18, 2007, Ian wrote:
Hi,
I have read the mailing lists and am aware (from old mailing list
emails) that if squid receives the request it has to pass on an error
page in certain circumstances.
Its not quite true - there's a send TCP RST on certain errors option
somewhere.
I was
Just a reminder to copy in the squid-users group, otherwise you're not
going to get much of a response ;)
Paul Cocker
IT Systems Administrator
IT Security Officer
01628 81(6647)
TNT Post (Doordrop Media) Ltd.
1 Globeside Business Park
Fieldhouse Lane
Marlow
Bucks
SL7 1HY
-Original
Hi Henrik,
thanks for your insightful response. However, the
object is a .flv file that hasn't changed in months.
The origin server certainly doesn't want the object
cached, but I want to. Any leads that can help me
achieve this?
Regards,
solomon.
--- Henrik Nordstrom [EMAIL PROTECTED]
wrote:
Hi
I have got the vast majority of this working reading the FAQ etc. I have
set this up on RPC over HTTP SBS 2003 boxes so am confident that the
exchange server is setup correctly.
When I try to connect in I get the following error:
2007/09/18 09:35:38| httpReadReply: Request not yet fully
On Tue, Sep 18, 2007, Solomon Asare wrote:
Hi Henrik,
thanks for your insightful response. However, the
object is a .flv file that hasn't changed in months.
The origin server certainly doesn't want the object
cached, but I want to. Any leads that can help me
achieve this?
* set your
I have noticed that when ever a url contains a port squid does not allow it.
For example the webpage http://www.sns2.dns2go.com:81/helpdesk/
is there a way to allow all pages when a port is specified in the link?
Hi,
Pages served via our reverse proxy squid seem to have a blank line
pre-pended to them. Is this normal? We are trying to validate mobile
XHTML and this is causing us issues.
Version 2.6.STABLE6 on Centos
Thanks,
J
On Tue, 2007-09-18 at 03:23 -0700, Nadeem Semaan wrote:
I have noticed
Hi,
Please disregard, the issue is being caused by an web server module.
J
On Tue, 2007-09-18 at 11:57 +0100, John Moylan wrote:
Hi,
Pages served via our reverse proxy squid seem to have a blank line
pre-pended to them. Is this normal? We are trying to validate mobile
XHTML and this is
On Tue, Sep 18, 2007, John Moylan wrote:
Hi,
Pages served via our reverse proxy squid seem to have a blank line
pre-pended to them. Is this normal? We are trying to validate mobile
XHTML and this is causing us issues.
Got a test case you can stuff into bugzilla?
Adrian
Version
Sorry to bother you, but I don't get it.
We have a SuSE 10.1 system and have our www-traffic going through squid.
Since upgrade from 2.5 to version 2.6 STABLE5-30 (SuSE versions) we notice
that Squid is behaving strange. After running normally a while Squid seems
to go DIRECT only and the
Hi,
I've just installed squid on OpenSuse 10.2 installation.
I have configured squid and Suse to use samba and have added it to the
Windows Active Directory network successfully.
The problem I am now facing is ACL's - nothing seems to work and I can
get the error messages that I should
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi Philipp,
On Tue, 18 Sep 2007 14:50:54 +0200
Philipp Rusch [EMAIL PROTECTED] wrote:
Sorry to bother you, but I don't get it.
We have a SuSE 10.1 system and have our www-traffic going through squid.
Since upgrade from 2.5 to version 2.6
Hello,
I have pretty much redundant question but I would like some opinions
before I venture into this possible solution.
I have 4 sites on an MPLS network that access the internet via 1
location, at this 1 location there is already a firewall. What I would
like to do is start blocking web sites
My Squid version is 2.6.STABLE11. I have problem when i browse some pages with
submit button (mail.ru, icq.com). When i press such button i recieve error
message. Ex:
ERROR
The requested URL could not be retrieved
While trying to retrieve the URL: http://win.mail.ru/cgi-bin/auth
The following
On mån, 2007-09-17 at 16:30 -0500, [EMAIL PROTECTED]
wrote:
Could spyware or addware cause the store.log to fill up very quickly?
Another tech has had troubles with this in the last couple of days and was
asking. He says that they can clear it out and in no time (not sure how
long, but
On tis, 2007-09-18 at 18:09 +0400, Fedor Trusov wrote:
My Squid version is 2.6.STABLE11. I have problem when i browse some pages
with submit button (mail.ru, icq.com). When i press such button i recieve
error message.
Are you inside a parent proxy firewall? If so see the FAQ...
Regards
I have a general purpose box that acts as a caching firewall for a small
LAN, and also it reverse proxies (httpd accel) for apache on the
localhost to the web.
I don not use transparent, users load a proxy.pac file.
In 2.5 my config was:
acl accel_host dst 127.0.0.1/32 an.ip.address/32
acl
On tis, 2007-09-18 at 16:12 +0100, Craig Skinner wrote:
And can get inbound requests from the Internet working with the above
plus, but it kills local outbound access as all requests are sent to apache:
http_port 3128 vhost (packet filter redirect)
cache_peer 127.0.0.1 parent 80 0 no-query
On tis, 2007-09-18 at 14:29 +0800, Adrian Chadd wrote:
I've thought about it. I jotted down some brainstorming ideas when
thinking about how to handle asymmetric TCP flows during transparent
interception - http://www.creative.net.au/node/72 - it'd possibly
also solve your issues. I don't
On tis, 2007-09-18 at 10:00 +0100, Gordon McKee wrote:
When I try to connect in I get the following error:
2007/09/18 09:35:38| httpReadReply: Request not yet fully sent RPC_IN_DATA
https://www.optimalprofit.com/rpc/rpcproxy.dll?nt-opro-h3.gdmckee.home:6002;
This message is seen if the
On tis, 2007-09-18 at 02:55 -0700, Solomon Asare wrote:
This is the exact problem I have that I am trying to
resolve, not querry string issues. If only I can
overide the lack of Last-Modified, Etag and not
meeting minimum_expiry_time conditions.
There would be no use doing so. All you would
On tis, 2007-09-18 at 03:23 -0700, Nadeem Semaan wrote:
I have noticed that when ever a url contains a port squid does not allow it.
For example the webpage http://www.sns2.dns2go.com:81/helpdesk/
is there a way to allow all pages when a port is specified in the link?
See the Safe_Ports ACL.
On tis, 2007-09-18 at 14:50 +0200, Philipp Rusch wrote:
Sorry to bother you, but I don't get it.
We have a SuSE 10.1 system and have our www-traffic going through squid.
Since upgrade from 2.5 to version 2.6 STABLE5-30 (SuSE versions) we notice
that Squid is behaving strange. After running
Hi Henrik,
since you say so, I have rather been toying with the
idea of saving these supposedly expired objects in an
apache document root and using the url_rewrite of the
squid to fetch the objects from my apache server. I
hope the bandwidth savings will justify the bandwidth
cost in repopulating
We use LVS (load balancer) to send traffic to multiple Squid 2.5 servers
in reverse proxy mode. We want to put multiple Squid instances on one
box and have successful done that by changing: http_port 80 to http_port
192.168.60.7:80 in the squid.conf file. We tested to that instance of
squid and
Last week (Thursday/Friday) my organisation moved from SquidNT 2.5 to
SquidNT 2.6 STABLE 14. We use a Java applet which generates parcel tags
and prints them off. It was working fine... until today. We are running
Java 6 Update 2 and users connect using NTLM passthrough authentication,
squid looks
I use a similar setup, what you want to do is have multiple
squid.conf files for each instance, with each instance listening on a
different http_port and icp_port, then point your real servers at the
appropriate instances. It's worked out very well for me.
--Dave
On Sep 18, 2007, at 2:42
Hi
I have switched off http in on port 80 to make sure https reverse proxy is
working. This must be the problem!!
I have exported the certificate from iis and used the instructions below:
http://www.petefreitag.com/item/16.cfm
Now I get :
2007/09/18 20:21:51| Detected DEAD Parent: opls
Under the advise of the 3rd party I have added the following to
squid.conf
acl Java browser Java/1.4 Java/1.5 Java/1.6
http_access allow Java
This appears to resolve the issue. However I would like to better
understand it the above line, and whether it is an acceptable full-time
On tis, 2007-09-18 at 09:25 -0700, Solomon Asare wrote:
Hi Henrik,
since you say so, I have rather been toying with the
idea of saving these supposedly expired objects in an
apache document root and using the url_rewrite of the
squid to fetch the objects from my apache server. I
hope the
On tis, 2007-09-18 at 17:38 +0100, Gordon McKee wrote:
After a bit debug switching on, I have found out that squid is not passing
https traffic correctly.
Or your server is not accepting it from an https frontend...
Would a cache_peer 443 entry work and drop the auto frontend?
Most likely.
On tis, 2007-09-18 at 20:31 +0100, Gordon McKee wrote:
19: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate
verify failed (1/-1/0)
Your Squid is not trusting the CA that has issued the server certificate
of the web server.
As you have already exported the certificate the
Hi Antonio,
Antonio Pereira wrote:
Hello,
I have pretty much redundant question but I would like some opinions
before I venture into this possible solution.
I have 4 sites on an MPLS network that access the internet via 1
location, at this 1 location there is already a firewall. What I would
Ok Great.
I have a hardware based firewall.
What setup in the way of the squid box is best physically take the cable
from the firewall and put 2 nics on the squid box and plug 1 nic to the
firewall and the other to the backbone switch. Or just use 1 nic on the
squid box and put a rule in the
On tis, 2007-09-18 at 19:51 +0100, Paul Cocker wrote:
Last week (Thursday/Friday) my organisation moved from SquidNT 2.5 to
SquidNT 2.6 STABLE 14.
Java 6 Update 2 and users connect using NTLM passthrough authentication,
squid looks to see that they are a member of group X before allowing
On tis, 2007-09-18 at 23:13 +0100, Paul Cocker wrote:
How so? I didn't see anything in the change logs which jumped out at
me.
- Bug #2057: NTLM stop work in messengers after upgrade to 2.6.STABLE14
Regards
Henrik
signature.asc
Description: This is a digitally signed message part
Hate to respond to myself, but I wanted to add more info..
In a well duh moment I ran find and found objects going back to July.
find /cache -type f -mtime +30 -exec ls {} \;
If my headers from my web servers are set to expire in 2 weeks:
Cache-Control: max-age=1728000
Connection: close
Hello all
I have a few squid servers that seem to have gotten a bit out of control.
They are using up all the systems memory and starting to serve items slowly.
As near as I can tell, it seems to just want more memory than I have to serve
and manage all the objects in the cache.
i have increased value from
cache_dir ufs /usr/local/squid/var/cache 100 16 256
to
cache_dir ufs /usr/local/squid/var/cache 1000 16 256
i didn't see any changes other then cache dir got 10 times bigger,
among other reasons one of the main reason was to save traffic, most
of our users go to 1
1) I got pam_auth.c:74:31: error: security/pam_appl.h: No such file
or directory when compiling squid-2.6.STABLE16-20070916. I found a
nearly identical instance in the list archive more than a year ago.
That got me looking into the pam-devel on my host os--Mac OS X 10.4.
It turns out
Files aren't deleted when they expire.
Files are deleted when:
* A request occurs and squid checks the file for freshness, or
* Squid issues a validation requests and determines the local copy is stale, or
* Squid needs to make space (as the disk store is full) and starts running
the object
On 19-Sep-07 My Secret NSA Wiretap Overheard Adrian Chadd Saying :
Files aren't deleted when they expire.
Files are deleted when:
* A request occurs and squid checks the file for freshness, or
* Squid issues a validation requests and determines the local copy is stale,
or
* Squid needs
Hi,
What does your conf file look like?
On 9/18/07, Abd-Ur-Razzaq Al-Haddad [EMAIL PROTECTED] wrote:
Hi,
I've just installed squid on OpenSuse 10.2 installation.
I have configured squid and Suse to use samba and have added it to the
Windows Active Directory network successfully.
The
On Tue, Sep 18, 2007, Nicole wrote:
Thanks for the clarification, but Eeek!
Whats eek about it!
So then, I guess this raises the question: If you have plenty of disk, there
really is nothing from keeping ancient files hanging around, using up space
and enlarging your swap.state file?
Finally, question 5) that I've meant to ask for a long time: I find I
always have to issue squid -k shutdown at least twice, before squid
would shut down.
Not too surprisingly squid -k kill only needs to be issued once. I'm
curious what's causing squid's resiliency in the face of squid -k
Brad Taylor [EMAIL PROTECTED] writes:
We use LVS (load balancer) to send traffic to multiple Squid 2.5
servers in reverse proxy mode. We want to put multiple Squid instances
on one box and have successful done that by changing: http_port 80 to
http_port 192.168.60.7:80 in the squid.conf file.
Adrian Chadd [EMAIL PROTECTED] writes:
On Tue, Sep 18, 2007, Nicole wrote:
Thanks for the clarification, but Eeek!
Whats eek about it!
So then, I guess this raises the question: If you have plenty of
disk, there really is nothing from keeping ancient files hanging
around, using up
On Sep 19, 2007, at 12:00 AM, Ding Deng wrote:
Brad Taylor [EMAIL PROTECTED] writes:
We use LVS (load balancer) to send traffic to multiple Squid 2.5
servers in reverse proxy mode. We want to put multiple Squid
instances
on one box and have successful done that by changing: http_port 80
Hi Gang,
I need to set up a squid for the purpose of letting my friend visit sites
anonymously. I downloaded the WinXP port of Squid from Acme Consulting and have
Squid set up adequately to run as a proxy server, but I also want to slap on
some authentication so that only my friend can proxy
50 matches
Mail list logo