On tor, 2008-10-16 at 09:42 +0530, Paras Fadte wrote:
Hi Henrik,
In CARP setup, if one uses same weightage for all the parent caches
how would the requests be handled ? will the requests be equally
forwarded to all the parent caches ? if the weightages differ then
won't all the requests be
On ons, 2008-10-15 at 17:14 +0300, Henrik K wrote:
Avoid using regex based acls.
It's fine if you use Perl + Regexp::Assemble to optimize them. And link
Squid with PCRE. Sometimes you just need to block more specific URLs.
No it's not. Even optimized regexes is several orders of magnitude
On ons, 2008-10-15 at 16:42 -0400, Todd Lainhart wrote:
I've looked in the archives, site, and Squid book, but I can't find
the answer to what I'm looking to do. I suspect that it's not
supported.
It is.
My origin server accepts Basic auth over SSL (non-negotiable). I'd
like to stick a
On tor, 2008-10-16 at 09:01 +0530, Tharanga wrote:
I need to block team viewer (remote access software) on squid. I analyse the
connection establishmet . it goes through port 80 to teamviewer server ( ip
is dynamic).
Team viewer clinetport 80 -- Team viewer main server (dynamic
On tor, 2008-10-16 at 13:49 +0500, Anton wrote:
Hello!
was trying for a few hours to have a certain site
(http://www.nix.ru) to be not cacheable - but squid always
gives me an object which is in cache!
My steps:
acl DIRECTNIX url_regex ^http://www.nix.ru/$
no_cache deny DIRECTNIX
On tor, 2008-10-16 at 14:34 +0500, Anton wrote:
Just realized that i have
reload_into_ims on
this was making me to be not able to refresh the given page
or site, since refresh request was changed - but anyway -
it should not affect no_cache?
It doesn't.
Regards
Henrik
On tor, 2008-10-16 at 13:02 +0100, Robert Morrison wrote:
I've found lots of references online (in this list's archives, other
sites and the FAQ) to customising error pages in squid, but haven't
yet found reference to removing error pages completely.
You can't. Oce the request has reached the
On tor, 2008-10-16 at 14:39 +0100, James Cohen wrote:
I have two reverse proxy servers using each other as neighbours. The
proxy servers are load balanced (using a least connections
algorithm) by a Netscaler upstream of them.
Ok.
A small amount of URLs account for around 50% or so of the
On tor, 2008-10-16 at 19:06 +0200, lartc wrote:
hi all,
i've googled, but have been unable to find a simple sed command, or
otherwise to recover an object sitting in the web cache.
i know the filename(s) in the cache, however, there's a squid header
on top of a binary file(s), and I don't
On tor, 2008-10-16 at 17:01 +0100, Mr Lyphifco wrote:
It seems that the site http://squidnt.com/ is trying to masquerade as
an
official website for Mr Serassio's Windows port of Squid. It doesn't
explicitly state this, but the wording of the site contents strongly
implies
such a thing.
On tor, 2008-10-16 at 22:26 +0200, Phibee Network Operation Center
wrote:
Hi
We have a problems with our new squid server,
when we want add wbinfo_group.pl, he can't start it :
2008/10/14 06:07:39| WARNING: Cannot run
'/usr/lib/squid/wbinfo_group.pl' process.
Is wbinfo_group.pl
On tor, 2008-10-16 at 16:12 -0700, dukehoops wrote:
1. With what headers should the origin server respond in 3a) and 3b)? In
latter case, it seems like something like Cache-Control: must-revalidate,
not sure whether to use s-maxage=0 and/or maxage=0
You probably do not need or want
On tor, 2008-10-16 at 21:16 +0200, Guido Serassio wrote:
Please, do you can update again the Wikipedia page ?
Done.
Regards
Henrik
signature.asc
Description: This is a digitally signed message part
On fre, 2008-10-17 at 06:09 +0200, WRIGHT Alan [UK] wrote:
I could use ACL with request_header_access other deny, but this will
strip some other headers too which is not possible.
You should be able to use any header name in request_header_access. If
not file a bug report.
Regards
Henrik
On fre, 2008-10-17 at 06:06 +0100, Richard Wall wrote:
but I don't see anything evil in the server response headers
today. I guess the client may be sending no-cache headers...I'll
double check that later.
Is there some other case that I'm missing?
I think the missing partial object
On fre, 2008-10-17 at 14:40 +1300, Amos Jeffries wrote:
I have added a warning comment on their download page.
Which appears to have been moderated out of existence.
At least the three comments now present are all by 'admin' advertising
their downloads.
Suspected this would happen. Oh
On fre, 2008-10-17 at 10:01 -0700, dukehoops wrote:
Thanks for a prompt response. Unfortunatley, seems like we're still missing
something:
The origin server is including
CacheControl: max-age=0
ETag: etag-value
in it's response.
The problems are
1) Squid is not sending
On tor, 2008-10-16 at 10:56 -0400, Todd Lainhart wrote:
Could I do the same thing with SSL to the reverse proxy? That is, the
reverse proxy is the endpoint for the client, gets the creds, becomes
the endpoint for the server, decrypts and caches the origin response,
and then serves cached
On tor, 2008-10-16 at 12:02 +0300, Henrik K wrote:
Optimizing 1000 x www.foo.bar/randomstuff into a _single_
www.foobar.com/(r(egex|and(om)?)|fuba[rz]) regex is nowhere near linear.
Even if it's all random servers, there are only ~30 characters from which
branches are created from.
Right.
On lör, 2008-10-18 at 12:58 +0300, Henrik K wrote:
By doing it correctly, using ^hostname$ instead of plain hostname in regex
results in 1.2 seconds, that's 8+ hosts/sec..
The interesting pattern match to compare with is
s/^www\.// on the hostnames before making patterns
Then for each
On lör, 2008-10-18 at 14:26 +0300, Henrik K wrote:
Fair test would be reversing the hostname, which is very cheap operation. ;)
(^|\.)example\.com$ .. runtime 2.2 secs
^moc\.elpmaxe(\.|$) .. runtime 1.3 secs
Heh, and I should learn to read the whole thread before responding ;-)
Regards
On lör, 2008-10-18 at 04:50 -0700, Jeff Pang wrote:
--- On Fri, 10/17/08, netmail [EMAIL PROTECTED] wrote:
From: netmail [EMAIL PROTECTED]
Subject: [squid-users] Time on squid
To: squid-users@squid-cache.org
Date: Friday, October 17, 2008, 10:37 AM
Hi
When squid generate the
On lör, 2008-10-18 at 22:52 +0900, Mikio Kishi wrote:
Hi,
No, I'm using squid-3.0.STABLE9.
I recorded the http request size in access log (using st)
But, the value was always 0 .
In access_log.cc
785 case LFT_REQUEST_SIZE_TOTAL:
786 outint =
On sön, 2008-10-19 at 17:25 +1300, Amos Jeffries wrote:
The following trace shows up in the log 4 times one after the other, and in
all of them it is a success (returning 1):
What is the reason for that? Other acls in the file are invoked only once
(seen in the trace), but acls on
2.7.STABLE5 2.6.STABLE22 bugfix releases has been released and is
available for download.
2.7.STABLE5 is now the recommended version for users of the Squid-2
series.
Please note that 2.6 is a legacy release and is no longer actively
maintained by the Squid project. We encourage any users of
On sön, 2008-10-19 at 17:12 -0700, Elli Albek wrote:
It makes sense since setting always direct to this acl evaluates the acl
once (and also once on the always direct rule, but this is expected).
The four acl evaluations return success, so is it possible to configure squid
to stop at the
On mån, 2008-10-20 at 19:13 +1300, Amos Jeffries wrote:
You need to fix the VOD implementation to use cacheable URI. Or scream
at the vendors who wrote it so they fix it.
And most won't fix it as they regard this cache unfriendlyness as one of
the premium features of their system.
Regards
On mån, 2008-10-20 at 11:01 +0200, Malte Schröder wrote:
Hello,
I am seeing entries like below quite frequently. It looks to me as if the
Content-Language and Content-Location headers are not parsed correctly, since
I
cannot see this stuff in the traffic going to the squid. In this config
On mån, 2008-10-20 at 15:23 +0530, Aviral Pandey wrote:
When my client asks for Accept-Encoding: gzip, deflate, squid is sending
it raw content. Shouldn't it gzip and then send?
No, Content-Encoding (just as Content-Languate) is a task of webservers,
not semantically transparent proxies such
On mån, 2008-10-20 at 06:20 -0400, [EMAIL PROTECTED] wrote:
All the videos are cachable. Because the video's are maintained by us.
But the origin server not near by us. So i try to cache and serve to
customers quickly.
So fix the origin. Alternatively you can play games with a url rewriter
On mån, 2008-10-20 at 16:08 +0530, Aviral Pandey wrote:
Thanks Henrik...But I have seen vice-versa to be working i.e., server
sending a gzipped response and squid serving deflated one when client
asks for deflated content
This is not available in any Squid version.
But Squid do support
On mån, 2008-10-20 at 05:42 -0500, Jian Wang wrote:
I'm not sure how to do this. Is it externally changing the
configuration of the router? For example,
in the Squid external_acl_helper code, telnet to the router and add an
acl line to the configuration of router?
Yes that's one way.
Isn't
On mån, 2008-10-20 at 11:21 +0100, Simon Waters wrote:
Apache will do this as a reverse proxy, but Apache as a reverse proxy is
interesting - most places I've seen it done it is sitting on the webserver on
port 80 forwarding to less capable webservers on another port. Although
Apache can
On mån, 2008-10-20 at 19:57 +0300, Monah Baki wrote:
Can I have my squid cache be a secondary cache to a bluecoat server?
Yes.
Regards
Henrik
signature.asc
Description: This is a digitally signed message part
On mån, 2008-10-20 at 16:02 -0700, BUI18 wrote:
Hi -
I have been trying to track down an issue with Squid 2.6 STABLE18 and
why users were getting TCP_REFRESH_MISS instead of TCP_REFRESH_HIT on
files that were recently cached. We first noticed that users were
getting misses when we expected
On mån, 2008-10-20 at 17:45 -0700, BUI18 wrote:
I not sure what you mean by a newer copy of the same URL? Can you elaborate
on that a bit?
The cache (i.e. Squid) performed a conditional request to the origin web
server, and the web server returned a new 200 OK object with full
content instead
On tis, 2008-10-21 at 11:30 +0900, [EMAIL PROTECTED] wrote:
Hello, I have a question.
Can I use Squid as a proxy of Streaming protocol such as WMV,RealMedia and
QuickTime?
Yes, by configuring the client for using an HTTP proxy. Works at least
for Real Quicktime clients..
Can I use Squid
On tis, 2008-10-21 at 13:14 -0400, [EMAIL PROTECTED] wrote:
*
This message has been scanned by IMSS NIT-Silchar
Dear All Squid USERS,
Of late it been realised that many users of our present facilty proxy
server are complaining that the net
On tis, 2008-10-21 at 14:55 +0200, Christian Tzolov wrote:
Hi all,
I would like to reduce the diversity of Accept-Encoding request header
values by replacing the header with a hardcoded value like:
gzip,deflated.
In Squid 2.6 there are two directives that seems sutible for the job:
?
Thanks in advance.
-Paras
On 10/16/08, Henrik Nordstrom [EMAIL PROTECTED] wrote:
On tor, 2008-10-16 at 09:42 +0530, Paras Fadte wrote:
Hi Henrik,
In CARP setup, if one uses same weightage for all the parent caches
how would the requests be handled ? will the requests
On tis, 2008-10-21 at 20:09 +0200, Christian Tzolov wrote:
Hi Henrik,
Thank you for the clarification.
Do you know any other approach (or tool) that can help me to replace the
accept-encoding header before it is processed by Squid?
Two Squids.
or
An ICAP server (together with
On tis, 2008-10-21 at 11:07 -0700, swb311 wrote:
For our workstations, I am setting the gateway to 192.168.0.13, and I would
like to figure out how to get iptables to forward everything besides the
port 80 traffic directly to the Router on .1.
Just configure it as default gateway (probably
Interesting, but is missing a crucial piece. There is nothign which
establishes trust. If the same server can be reached directly without
using the reverse proxy then security is bypassed, or if the module is
loaded on a server not using a reverse proxy.
This needs a configuration directive
On tis, 2008-10-21 at 19:57 -0500, Lou Lohman wrote:
I have been poking around the Internet and mailing lists and anything
else I can think of, for DAYS, to try to answer what I thought would
be a simple question, How can I configure Squid so that my authorized
Windows users (Members of the
On ons, 2008-10-22 at 14:35 -0700, BUI18 wrote:
Object is initially cached. Max age in squid.conf is set to 1 min.
Before 1 min passes, I request the object and Squid returns TCP_HIT.
After 1 min, I try to request for object again. Squid returns
TCP_REFRESH_HIT, which is what I expect. I
On ons, 2008-10-22 at 11:31 +0200, Malte Schröder wrote:
Hello,
Squid3 seems to keep a LOT (over a thousand) idle connections to its
parent proxy.
Not normal.
Squid version?
And how did you measure these? You are not counting TIME_WAIT sockets
are you?
Regards
Henrik
signature.asc
On ons, 2008-10-22 at 15:02 +0200, Francois Cartegnie wrote:
Le mercredi 22 octobre 2008, vous avez écrit :
Interesting, but is missing a crucial piece. There is nothign which
establishes trust. If the same server can be reached directly without
using the reverse proxy then security is
On ons, 2008-10-22 at 16:49 +0200, Jakob Curdes wrote:
.. I am trying to setup a RCPviaHTTP reverse proxy scenario as described in
http://wiki.squid-cache.org/ConfigExamples/SquidAndRPCOverHttp
Squid starts with my configuration (like example plus some standard
ACLs) but connections with
have any other ideas on areas we might want to check to see what could
possibly be causing this behavior?
Thanks
- Original Message
From: Henrik Nordstrom [EMAIL PROTECTED]
To: BUI18 [EMAIL PROTECTED]
Cc: squid-users@squid-cache.org
Sent: Wednesday, October 22, 2008 4:06:33
On tor, 2008-10-23 at 16:30 +0800, Sandy lone wrote:
Hello,
Under what cases squid will use refresh_pattern?
If the response objects have expire or age headers, squid will follow
their values.
Yes. Unless overridden in refresh_pattern override options.
If the response objects have neither
On tor, 2008-10-23 at 11:19 +0100, Walton, Jason (Accenture) wrote:
When we monitor the firewall, we can see port 80 taking via squid and
port 1935 talking to our test server when it has a public IP, as soon as
we take away the public IP, all port 1935 traffic stops but port 80
still routes
On tor, 2008-10-23 at 08:02 -0700, TheGash35 wrote:
vBulletin already has code built in that looks for HTTP_X_FORWARDED_FOR ,
but it looks like my squid is not configured to pass this because all
activity is coming from the proxy server IP, not the user's IP address.
Squid sends
On tor, 2008-10-23 at 14:25 -0400, Steven Cardinal wrote:
I see no sign on my DCs of any failed authentication. A tcpdump trace
on my workstation shows no attempts from my Windows PC to perform any
kerberos authentication. If I try running the command line specified
in the squid.conf, I get:
On tor, 2008-10-23 at 14:34 -0500, Osmany Goderich wrote:
Hi everyone,
I have Squid3.0STABLE9 installed on a CentOS5.2_x86_64 system. I have
problems with downloads, especially large files. Usually downloads are slow
in my network because of the amount of users I have but I dealt with it
On tor, 2008-10-23 at 15:54 -0500, Osmany Goderich wrote:
I had squid2.6STABLE6-5 before and I upgraded it thinking it was a bug in
that release. Should I still downgrade to 2.7?
Yes.
Regards
Henrik
signature.asc
Description: This is a digitally signed message part
On fre, 2008-10-24 at 08:31 -0500, Osmany Goderich wrote:
It was the range_offset_limit -1 KB line that was not letting squid
resume downloads. I set it back to 0KB as it is by default and
woila!!! Everything back to normal!!
Good.
range_offset_limit -1 says Squid should NEVER resume
On fre, 2008-10-24 at 16:52 +0900, [EMAIL PROTECTED] wrote:
Hello,I have a question.
I'd like to configure Keepalive-Timeout.
But I can't find Keepalive section in the squid.conf file.
Does persistent_request_timeoutTAG mean Keepalive-timeout?
Yes. It sets the timeout for idle client
On fre, 2008-10-24 at 13:40 +0530, nitesh naik wrote:
Is there way to ignore query string in url so that objects are cached
without query string ? I am using external perl program to strip them query
string from url which is slowing down response time. I have started 1500
processes of
On fre, 2008-10-24 at 14:32 -0400, [EMAIL PROTECTED] wrote:
I am looking to force all requests sent to an internal proxy to another
internal proxy. The two proxies are separated via a WAN link and each one is
managed by different admins. I am not able to use ICP.
Does anyone have a
On fre, 2008-10-24 at 14:46 -0400, Strauss, Christopher wrote:
I am running Squid version 2.6.STABLE20 as a proxy server on
2.2.20-gentoo-r3 Linux. I am seeing HTTP status code - in the http_log
file:
It means the request was aborted before there was any form of response.
Regards
Henrik
On fre, 2008-10-24 at 11:52 -0700, Linda W wrote:
I see alot of these messages in my squid warning log...
Specifically, in filtering off the date, and sort+uniq+counting, I see:
var/log# grp Median response warn|cut -c36-90 |more|sort|uniq -c
107 WARNING: Median response time is 57448
On fre, 2008-10-24 at 15:51 -0400, Strauss, Christopher wrote:
Thanks for your reply, Henrik.
Has this always been the way squid handles these aborted requests?
As far as I can remember yes.
Regards
Henrik
signature.asc
Description: This is a digitally signed message part
On fre, 2008-10-24 at 13:32 -0700, Linda W wrote:
BUT---this sure is misleading and confuses the heck out of poor
ignorami like me, who think of a response time as something along the lines
of (srchost)ping - (-remotehost-echo: YO! -)- (srchost: YO!)
It's the median response time of all
On fre, 2008-10-24 at 15:44 -0700, Neil Harkins wrote:
We are using collapsed_forwarding here. I haven't tried disabling it yet.
Unfortunately, since the problem appears to be load-related, I've been
unable to reproduce for a tcpdump or running squid in debug thus far.
The mismatch in
On fre, 2008-10-24 at 18:41 -0700, Tom Williams wrote:
1224898553.333 2 www.xxx.yyy.zzz TCP_DENIED/403 2434 GET
http://aaa.bbb.ccc.ddd/ - NONE/- text/html
yet I can't generate any debug info to provide more information as to
why the TCP_DENIED was issued.
Anything in cache.log?
Are
On mån, 2008-10-27 at 12:30 +0530, nitesh naik wrote:
We use query string in each url for bursting cache at client end (
browser) hence its not important for us and it won't provide any
incorrect results. We already use similar configuration at CDN level.
Why do you do this?
Henrik
On mån, 2008-10-27 at 10:11 +0100, Matus UHLAR - fantomas wrote:
Write your own url rewriter helper. It's no more than a couple of lines
perl..
shouldn't that be storeurl rewriter?
No, since the backend server is not interested in this dummy query
string an url rewriter is better.
Regards
On mån, 2008-10-27 at 16:12 +0530, nitesh naik wrote:
Henrik,
Is this code capable for handling requests in parallel ?
It's capable to handle the concurrent helper mode yes. It doesn't
process requests in parallell, but you don't need to.
Regards
Henrik
signature.asc
Description: This is a
Sorry, forgot the following important line in both
BEGIN { $|=1; }
should be inserted as the second line in each script (just after the #! line)
On mån, 2008-10-27 at 11:48 +0100, Henrik Nordstrom wrote:
Example script removing query strings from any file ending in .ext:
#!/usr/bin/perl
, Henrik Nordstrom
[EMAIL PROTECTED] wrote:
Sorry, forgot the following important line in both
BEGIN { $|=1; }
should be inserted as the second line in each script (just after the #!
line)
On mån, 2008-10-27 at 11:48 +0100, Henrik Nordstrom wrote:
Example script removing query
On mån, 2008-10-27 at 12:23 -0700, Neil Harkins wrote:
The timeout is because the Content-Length header is bigger than the
payload it sent.
Every http client/server will hang in that situation. This isn't
simply a misreported
HIT-MISS in the log, this is absolutely a significant bug where
On mån, 2008-10-27 at 14:49 +0100, Ralf Hildebrandt wrote:
I set up a reverse proxy in front to http://www.charite.de (typo3) since it's
fucking slow. Now it's fast, but SOME (!) users are reporting the sites:
http://www.charite.de/neurologie/
http://www.charite.de/stoffwechsel-centrum/
On mån, 2008-10-27 at 11:58 -0500, Lou Lohman wrote:
don't have a process that uses the network credentials already in
place to authorize Internet Access. The question is - is it possible
to do that using ldap - or must I continue to beat this NTLM horse to
death?
You need NTLM or
On mån, 2008-10-27 at 15:56 -0700, Neil Harkins wrote:
I'd like to help and see this get fixed, but as I said earlier,
it happens on about 16% of our test requests, only when
there's 750~1050 reqs/second going through the box,
and pretty much disappears under 500 reqs/s (off-peak).
Ouch..
On tis, 2008-10-28 at 11:17 +0100, Andre E. wrote:
The odd thing is the following. The time difference in ms between SSL
Reuse enabled and disabled is considerably higher when using the
rsa-cipher. With diffie-hellman the difference is about 40% and rsa
about 20%.
How big keys? DH requires
On ons, 2008-10-29 at 15:08 +0530, nitesh naik wrote:
Hi,
Sometimes I see squid is taking time in delivering contents even if
object is available in its cache. Any idea what could be the reason?
I used external url rewrite program to strip the query string. Is it
slowing down serving
On ons, 2008-10-29 at 14:16 -0700, nairb rotsak wrote:
http_access allow all NTLMUsers
http_access allow our_networks
The our_networks line can not be reached.
This should probably be
http_access allow our_networks NTLMUsers
http_access deny all
Regards
Henrik
signature.asc
Description:
On ons, 2008-10-29 at 17:23 +, Jamie Stallwood wrote:
This is caused by Samba - does anyone know if this will ever be fixed
properly?
Have you verified that it isn't fixed already?
Samba 2.0 is quite dated.. Current production Samba release is 3.2.4 and
the legacy version is 3.0.32.
On tor, 2008-10-30 at 11:29 -0400, Seymen Ertas wrote:
I am trying to cache webdav traffic through a squid proxy, I have the
squid proxy configured in accel mode and have turned on the
Cache-control: Public on my server for the reason that every request
I send does contain a Authorization
On fre, 2008-10-31 at 08:43 -0200, Luciano Cassemiro wrote:
Everything is OK but what bothers me is: the login window shows up when an
user
tries to connect to a forbidden site then he fill with his credentials BUT
after
OK button the login window appears again and again until the user
On fre, 2008-10-31 at 13:55 -0500, Richard wrote:
* What specific piece of the puzzle on the client side is it about the
NTLM or kerberos authentication methods that allow the authentication
traffic secure by sending only the credential hashes?
The client talks to the microsoft SSP libraries
On lör, 2008-11-01 at 14:05 +0200, İsmail ÖZATAY wrote:
I'm suspecting it may be gcc-3.3 related. Is there a more recent gcc
version you can upgrade to and try again?
Amos
Opps i am already using gcc version 3.3.5 . ;) . I have just checked it...
Is there any newer GCC version than
On lör, 2008-11-01 at 19:48 +0100, Willem Stender wrote:
So here is my question: How to push the data directly into squid's
cache? Is there any interfaces? Some port, so i can use sockets or
something like that?
cache_peer, cache_peer_access, never_direct and a suitable HTTP request
sent to
On tor, 2008-10-30 at 09:25 +0100, Ralf Hildebrandt wrote:
Ever so often we have clients (browsers) that are somehow (?) caught
in a tight loop, resulting in a LOT of queries - one example
7996 10.39.108.198
http://cdn.media.zylom.com/images/site/whitelabel/promo/deluxefeature/button_up.gif
On tor, 2008-10-30 at 19:50 +0530, nitesh naik wrote:
url rewrite helper script works fine for few requests ( 100 req/sec )
but slows down response as number of requests increase and it takes
10+ second to deliver the objects.
I'v run setups like this at more than thousand requests/s.
Is
On lör, 2008-11-01 at 19:49 -0700, Chuck Kollars wrote:
One-time generally refers to the 'nonce' (and 'cnonce') used by
challenge-response authentication protocols. But verifying the
nonce-hashed-by-password would require using the actual original
cleartext password, something proxies don't
On sön, 2008-11-02 at 20:34 +0200, Mehmet CELIK wrote:
I want to setup Squid reverse proxy for my apache servers. But.. Can
Squid protect my apache servers from Syn flood and Bot-Net attack ? or
Squid drop this connection, when apache is the syn_recv ? or Squid
Reverse be enough to this as
On mån, 2008-11-03 at 11:26 +0545, Anuj Shrestha wrote:
i m using squid in freebsd 7.0 below are the compile options,
proxy01# squid -v
Squid Cache: Version 3.0.STABLE9
below are the cache.log errors
FATAL: Received Segment Violation...dying.
You may want to try upgrading to
On mån, 2008-11-03 at 16:57 +0800, Bin Liu wrote:
Hi,
I'm going to deploy multiple squid servers in a ISP for HTTP traffic
caching. I'm now considering using WCCP for load balancing and TPROXY
for fully transparent interception.
Here is the problem. As far as I know, Cisco WCCP module
On mån, 2008-11-03 at 09:25 -0200, Luciano Cassemiro wrote:
http_access deny our_networks users forbidden_sites !directors
This line requests authentication as the last acl on the line is
authentication related (directors).
Rewrite it to
http_acccess deny out_networks !directors
On tis, 2008-11-04 at 19:49 +0100, Sergio Marchi wrote:
cache_peer myparentproxy1.dipvvf.it parent 3128 3130 sourcehash
round-robin no-query
Don't mix round-robin and sourcehash. Not sure what will happen in such
confusing setup.
But you should indeed use no-query if you use sourcehash or
On tis, 2008-11-04 at 18:02 +1100, Rod Taylor wrote:
My squid is running on a machine that is set to local time in both
software and hardware. Squid shows GMT in all error messages and uses
GMT in the ACLs. How do I set Squid to use local time not GMT. Squid is
the only program to do this...
On tis, 2008-11-04 at 01:58 -0800, Retaliator wrote:
on the squid log i see
TCP_MISS/404 0 CONNECT SERVERNAME.SUBDOMAIN.beeper.co.il:443 - DIRECT/- -
servername and subdomain are smt else i changed.
From this it looks like yout Squid can not resolve te requested hostname
into an IP.
Check
On tis, 2008-11-04 at 22:37 +0530, Arun Srinivasan wrote:
Yes. I could see the connections go over lo interface. However, it is
not getting handled by the stack.
Public addresses can not talk to loopback addresses (127.X). This is an
intentional security restriction in the TCP/IP stack.
Also
On tis, 2008-11-04 at 14:22 -0300, Rodrigo de Oliveira Gomes wrote:
Cache Manager Error
target 192.168.47.89:3128 not allowed in cachemgr.conf
__
cachemgr.conf:
localhost
192.168.47.89:3128
Am I doing
On ons, 2008-11-05 at 17:57 +0530, sohan krishi wrote:
My configuration is Ubuntu-iptables-squid2.6/Transparent Proxy. I
block gmail to all employees in my company. My problem is, squid does
not block https://gmail.com. And does not even log https://gmail.com !
I didn't knew this until I've
Most likely a window scaling issue. There is still very many broken
firewalls out there..
Squid FAQ System Wierdness - Linux - Some sites load extremely slowly or not at
all:
http://wiki.squid-cache.org/SquidFaq/SystemWeirdnesses#head-4920199b311ce7d20b9a0d85723fd5d0dfc9bc84
Regards
Henrik
On
On tor, 2008-11-06 at 11:39 +0100, Jan Welker wrote:
My Question for you is:
Is Squid capable of hosting the auto-configuration file? Or is there a
workaround for that?
There is a workaround if you enable the transparent option. You can then
use an url rewriter to rewrite the PAC URL to a web
On tor, 2008-11-06 at 05:43 -0800, Retaliator wrote:
My Squid server is on the external (DMZ) with real ip, of course it can't
resolve internal hosts like the exchange server..
Then how do you expect the server to be able to connet to internal hosts
by name?
Regards
Henrik
signature.asc
On tor, 2008-11-06 at 13:17 -0800, Mark Nottingham wrote:
I remember reading somewhere (can't forget where, and I may be
incorrect) that when available, sbrk is a more reliable indication of
memory use for squid than mallinfo().
mallinfo is more reliabe than sbrk when it works... but at
1 - 100 of 11697 matches
Mail list logo