[squid-users] Re: Help. SQUID very very slow.
NEW Computer: FreeBSD 6.1-RELEASE #0: Fri Jun 16 13:10:14 EDT 2006 i386 ... I tried GENERIC kernel and My own with out all not needed drivers same Just an Idea - What does your partitioning scheme look like? Are softupdates enabled for the partition that holds your squid cache? Regards Maik
Re: [squid-users] the dreaded 'zero sized reply' on RHEL3
ons 2006-06-21 klockan 17:11 +0200 skrev [EMAIL PROTECTED]: Well, not sure what you mean with 'support for this patched binary distribution is provided by redhat' but 2.5.stable3 is the latest one that they offer for RHEL3 (via their up2date tool). That support for the RedHat binary distribution of Squid is provided by RedHat. Can you tell me where I can find a officially supported squid for RHEL3 that is more current ? The officially supported Squid version in this forum is the current STABLE source code release, i.e. currently 2.5.STABLE14. And yes RHEL3 is a supported platform. But we won't hurt you for running a binary distribution. Just that we can not help you much with problems which seem to be specific to the binary distribution you are running, and we also expect you to verify that any problem you may have exists in the current version of Squid as well before looking into the exact details. Translated to your current question this means that the level of the original question you sent is fine. So is also questions related to how to configure Squid etc. However, as the problem could not be repeated by clicking on the link you provided it's not back on your table to verify if you see the problem using the current version of Squid (not the RedHat version). Or alternatively if you do not want to try the squid-cache.org source distribution send the question to your RedHat support contact. Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
Re: [squid-users] the dreaded 'zero sized reply' on RHEL3
Please help me unsubscribe from this list. Thanks Craig ons 2006-06-21 klockan 17:11 +0200 skrev [EMAIL PROTECTED]: Well, not sure what you mean with 'support for this patched binary distribution is provided by redhat' but 2.5.stable3 is the latest one that they offer for RHEL3 (via their up2date tool). That support for the RedHat binary distribution of Squid is provided by RedHat. Can you tell me where I can find a officially supported squid for RHEL3 that is more current ? The officially supported Squid version in this forum is the current STABLE source code release, i.e. currently 2.5.STABLE14. And yes RHEL3 is a supported platform. But we won't hurt you for running a binary distribution. Just that we can not help you much with problems which seem to be specific to the binary distribution you are running, and we also expect you to verify that any problem you may have exists in the current version of Squid as well before looking into the exact details. Translated to your current question this means that the level of the original question you sent is fine. So is also questions related to how to configure Squid etc. However, as the problem could not be repeated by clicking on the link you provided it's not back on your table to verify if you see the problem using the current version of Squid (not the RedHat version). Or alternatively if you do not want to try the squid-cache.org source distribution send the question to your RedHat support contact. Regards Henrik signature.asc
Re: [squid-users] Date and Expires headers not updating?
lawrence wang wrote: Squid seems to have a bug with Expires and Date headers: It fetches an object and caches the headers. The object expires, and Squid fetches it again. The object is unmodified, so Squid continues to use the cached object. However, it appears that it also continues to return the old Expires and Date headers, even though it seems to be using new values under the hood. This will confuse downstream caches, won't it? Hello Lawrence, We guess this is something to do in webserver. -- Thanks, Visolve Squid Team, http://squid.visolve.com
Re: [squid-users] Help. SQUID very very slow.
Sergey Bondar wrote: Hi all. I am using squid for 7 year. No complains, but two week ago I installed new squid on brand new Dell Server to replace old machine. So Squid on new computer working much slower then on old one. If I go through NAT on new server it is fast. Over 50 people going through squid. Here is the specs: OLD Computer: FreeBSD 4.5-RELEASE #0: Tue Apr 30 18:25:23 EDT 2002 i386 CPU: Pentium III (501.14-MHz 686-class CPU) 512 Mb RAM squid-2.4.STABLE4 cache_dir 700 24 256 cache_mem 256 M Internet line: DSL 700 kb NEW Computer: FreeBSD 6.1-RELEASE #0: Fri Jun 16 13:10:14 EDT 2006 i386 DELL Server PE1420 ACPI APIC Table: DELL PE1420 Timecounter i8254 frequency 1193182 Hz quality 0 CPU: Intel(R) Xeon(TM) CPU 3.00GHz (2992.52-MHz 686-class CPU) 1 Gb RAM squid-2.5.STABLE12 cache_dir 3000 128 512 cache_mem 500 M Internet line: T1 I tried GENERIC kernel and My own with out all not needed drivers same results Hello Bonder, Your new server might be started with filling stage in cache . It will be fast when the cache is full. -- Thanks, Visolve Squid Team, http://squid.visolve.com
Re: [squid-users] the dreaded 'zero sized reply' on RHEL3
Craig, which bit of 'Read the SMTP headers' didn't you understand? The following appears in the header of each and every message which is sent to the mailing list: List-Post: mailto:squid-users@squid-cache.org List-Help: mailto:[EMAIL PROTECTED] List-Unsubscribe: mailto:[EMAIL PROTECTED] List-Subscribe: mailto:[EMAIL PROTECTED] If you then can't unsubscribe explain exactly what you've tried and what message / error you receive. Otherwise you won't get assistance. Neil. Craig Home wrote: Please help me unsubscribe from this list. Thanks Craig ons 2006-06-21 klockan 17:11 +0200 skrev [EMAIL PROTECTED]: Well, not sure what you mean with 'support for this patched binary distribution is provided by redhat' but 2.5.stable3 is the latest one that they offer for RHEL3 (via their up2date tool). That support for the RedHat binary distribution of Squid is provided by RedHat. Can you tell me where I can find a officially supported squid for RHEL3 that is more current ? The officially supported Squid version in this forum is the current STABLE source code release, i.e. currently 2.5.STABLE14. And yes RHEL3 is a supported platform. But we won't hurt you for running a binary distribution. Just that we can not help you much with problems which seem to be specific to the binary distribution you are running, and we also expect you to verify that any problem you may have exists in the current version of Squid as well before looking into the exact details. Translated to your current question this means that the level of the original question you sent is fine. So is also questions related to how to configure Squid etc. However, as the problem could not be repeated by clicking on the link you provided it's not back on your table to verify if you see the problem using the current version of Squid (not the RedHat version). Or alternatively if you do not want to try the squid-cache.org source distribution send the question to your RedHat support contact. Regards Henrik signature.asc -- Neil Hillard[EMAIL PROTECTED] Westland Helicopters Ltd. http://www.whl.co.uk/ Disclaimer: This message does not necessarily reflect the views of Westland Helicopters Ltd.
Re: [squid-users] Re: Help. SQUID very very slow.
I did not follow the thread, but if it is really really slow I would suspect name resolution on the squid machine. I cannot imagine anything else that slows down squid to a crawl on such a machine. Maybe this helps, Jakob Curdes
Re: [squid-users] Replicate web object in peer cache server
Eswari Pd. Sharma wrote: Hi squid users, We are running peer transparent cache servers . In peer cache server, the web objects are store identical in each peer server and when request comes it look on its own and if doesnt get it look from the siblings , eventually it takes time and degrades the performance of cache server. I want to replicate web objects in peer cache server also and see the performance of cache server. Do anyone have idea how to replicate web objects in peer server ? Hello Eswari, For the details of peer cache: http://squid.visolve.com/squid/squid24s1/neighbour.htm. -- Thanks, Visolve Squid Team, http://squid.visolve.com
Re: [squid-users] Help. SQUID very very slow.
tor 2006-06-22 klockan 17:26 +0530 skrev Visolve Squid: Your new server might be started with filling stage in cache . It will be fast when the cache is full. I don't know what Squid's you run, but generally the exact opposite applies. Squid is fast while filling the cache, but then slows down considerably if the I/O is not tuned proper.. or to a complete crawl if memory usage is not set correctly. It's true that surfing may be a little slower during the first minutes in a buzy network with overloaded Internet connection as the cache is empty and there is no hits which adds to the Internet connection overload, but this should even out pretty quickly. And it's a fairly small difference, not crawling.. Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
Re: [squid-users] Date and Expires headers not updating?
ons 2006-06-21 klockan 14:37 -0400 skrev lawrence wang: Squid seems to have a bug with Expires and Date headers: It fetches an object and caches the headers. The object expires, and Squid fetches it again. The object is unmodified, so Squid continues to use the cached object. However, it appears that it also continues to return the old Expires and Date headers, even though it seems to be using new values under the hood. Yes... Bug #7... Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
Re: [squid-users] I.E. Exceptions
ons 2006-06-21 klockan 16:33 -0600 skrev Lance Pehrson: I am trying to have two applications bypass the proxy by adding exception in IE. One address is subdomain.domain.com the other is subdomain.domain.com/somesuffix. You would think that *.domain.com would do it but it only allows the exception with out the suffix through. The app that uses the url with a suffix still hits the proxy. Why is this? See the IE documentation on how to write exceptions. Not entirely sure what syntax they use there.. What can I do to get the same domain with a suffix and without to bypass the proxy? If I add them both to the exceptions in IE I get which ever one I list first bypassing the proxy and the other does not. For full control write a PAC script instead of using the manual proxy settings exceptions. Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
Re: [squid-users] accelerating with 2.6RC1
ons 2006-06-21 klockan 15:38 -0700 skrev Bryan Richter: We just recently decided to use Squid to accelerate virtual servers hosted on multiple real servers. Since it sounds like version 2.6 has made improvements regarding acceleration, I downloaded and installed it and I've been trying to make it work. Have you read the release notes? I was able to accelerate a single host using 2.5 (which came with Debian stable, the OS running the machine I've put Squid on). But I can't seem to replicate my success with 2.6. It's even simpler in 2.6.. The simplest test case I could think of is accelerating a single virtual server. To do that, I tried this config (diffed against config.default and anonymized): 66c66 http_port 3128 --- #http_port 3128 156a157,160 https_port 1.1.1.1:443 \ cert=/etc/ssl/certs/cert.pem \ key=/etc/ssl/private/key.pem \ defaultsite=accelerated.host protocol=http 1366a1371 url_rewrite_program /tmp/squid-rewriter.sh Don't use a url_rewrite_program unless you absolutely need to. I.e. only if you need to rewrite the file portion of the URL, not the hostname or protocol... In this configuration, Squid segfaults on the first request. Here is the bt (anonymized): Ouch.. it should not segfault.. please file a bug report on this. http://www.squid-cache.org/bugs/ Is your site trying to use Microsoft integrated authentication? If so you might want to try the nightly snapshot.. Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
[squid-users] Re: Help. SQUID very very slow.
I did not follow the thread, but if it is really really slow I would suspect name resolution on the squid machine. I cannot imagine anything else that slows down squid to a crawl on such a machine. Yeah that maybe another thing to look at. Amongst others... Anyway, if you have a lot of disk access on a FreeBSD Partition with SoftUpdates disabled it will also slow your server down significantly. And we all know how much Squid relies on Disk access... Regards Maik
[squid-users] Novell lookup
Can anyone lead me in the right direction. Is there a way for the access.log instead of IP addresses to have user names? We are a Novell shop. Thanks in advance.
Re: [squid-users] Re: Help. SQUID very very slow.
Please keep replies CC'ed to the list. Thanks. Thanks. I've found error in my hosts file. It was: 192.168.0.20 oper-squid.concordlimo I fixed to 192.168.0.20 oper-squid.concordlimo.com oper-squid Did you check what happens if you ping an external host from the squid machine ? You should have immediate NS resolution; if you experience a delay before pinging starts you have a name server problem. Common causes are having a misconfigured name server on top of resolv.conf or having an internal-only NS before one that doas external lookups. Then the NS query goest to the wrong server, times out and afterwards is answered by the NS that does external resolution. Happened to me several times. Yours, Jakob Curdes
Re: [squid-users] Novell lookup
tor 2006-06-22 klockan 08:53 -0700 skrev Keith Owen: Can anyone lead me in the right direction. Is there a way for the access.log instead of IP addresses to have user names? We are a Novell shop. Thanks in advance. Authentication. Or if you know how to look up the current username from the client station IP then you can plug this into Squid via external_acl_type.. Or alternatively run a ident server on the client stations and use the ident protocol to get Squid to learn the username.. Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
RE: [squid-users] I.E. Exceptions
I have a pac file but prefer not to use it because I need to define access by AD group not by IP address as you would in a pac file. So I use GPO's to define proxy settings per user. Is the exceptions field in IE not as flexible as the exceptions statements in the pac file? Thanks Lance -Original Message- From: Henrik Nordstrom [mailto:[EMAIL PROTECTED] Sent: Thursday, June 22, 2006 7:35 AM To: Lance Pehrson Cc: squid-users@squid-cache.org Subject: Re: [squid-users] I.E. Exceptions ons 2006-06-21 klockan 16:33 -0600 skrev Lance Pehrson: I am trying to have two applications bypass the proxy by adding exception in IE. One address is subdomain.domain.com the other is subdomain.domain.com/somesuffix. You would think that *.domain.com would do it but it only allows the exception with out the suffix through. The app that uses the url with a suffix still hits the proxy. Why is this? See the IE documentation on how to write exceptions. Not entirely sure what syntax they use there.. What can I do to get the same domain with a suffix and without to bypass the proxy? If I add them both to the exceptions in IE I get which ever one I list first bypassing the proxy and the other does not. For full control write a PAC script instead of using the manual proxy settings exceptions. Regards Henrik
RE: [squid-users] I.E. Exceptions
-Original Message- From: Lance Pehrson [mailto:[EMAIL PROTECTED] Sent: Thursday, June 22, 2006 1:08 PM To: Henrik Nordstrom Cc: squid-users@squid-cache.org Subject: RE: [squid-users] I.E. Exceptions I have a pac file but prefer not to use it because I need to define access by AD group not by IP address as you would in a pac file. So I use GPO's to define proxy settings per user. Is the exceptions field in IE not as flexible as the exceptions statements in the pac file? Thanks Lance -Original Message- From: Henrik Nordstrom [mailto:[EMAIL PROTECTED] Sent: Thursday, June 22, 2006 7:35 AM To: Lance Pehrson Cc: squid-users@squid-cache.org Subject: Re: [squid-users] I.E. Exceptions ons 2006-06-21 klockan 16:33 -0600 skrev Lance Pehrson: I am trying to have two applications bypass the proxy by adding exception in IE. One address is subdomain.domain.com the other is subdomain.domain.com/somesuffix. You would think that *.domain.com would do it but it only allows the exception with out the suffix through. The app that uses the url with a suffix still hits the proxy. Why is this? See the IE documentation on how to write exceptions. Not entirely sure what syntax they use there.. What can I do to get the same domain with a suffix and without to bypass the proxy? If I add them both to the exceptions in IE I get which ever one I list first bypassing the proxy and the other does not. For full control write a PAC script instead of using the manual proxy settings exceptions. Regards Henrik
RE: [squid-users] I.E. Exceptions
Try entering your exception as subdomain.domain.com. the exceptions list is looking for 'addresses beginning with'. -Original Message- From: Lance Pehrson [mailto:[EMAIL PROTECTED] Sent: Thursday, June 22, 2006 1:08 PM To: Henrik Nordstrom Cc: squid-users@squid-cache.org Subject: RE: [squid-users] I.E. Exceptions I have a pac file but prefer not to use it because I need to define access by AD group not by IP address as you would in a pac file. So I use GPO's to define proxy settings per user. Is the exceptions field in IE not as flexible as the exceptions statements in the pac file? Thanks Lance -Original Message- From: Henrik Nordstrom [mailto:[EMAIL PROTECTED] Sent: Thursday, June 22, 2006 7:35 AM To: Lance Pehrson Cc: squid-users@squid-cache.org Subject: Re: [squid-users] I.E. Exceptions ons 2006-06-21 klockan 16:33 -0600 skrev Lance Pehrson: I am trying to have two applications bypass the proxy by adding exception in IE. One address is subdomain.domain.com the other is subdomain.domain.com/somesuffix. You would think that *.domain.com would do it but it only allows the exception with out the suffix through. The app that uses the url with a suffix still hits the proxy. Why is this? See the IE documentation on how to write exceptions. Not entirely sure what syntax they use there.. What can I do to get the same domain with a suffix and without to bypass the proxy? If I add them both to the exceptions in IE I get which ever one I list first bypassing the proxy and the other does not. For full control write a PAC script instead of using the manual proxy settings exceptions. Regards Henrik
Re: [squid-users] Novell lookup
Quoting Keith Owen [EMAIL PROTECTED]: Can anyone lead me in the right direction. Is there a way for the access.log instead of IP addresses to have user names? We are a Novell shop. Thanks in advance. How is your DNS setup? Using Novell Im surprised you arent using their transparent proxy with bordermanager. -- Dwayne Hottinger Network Administrator Harrisonburg City Public Schools
RE: [squid-users] I.E. Exceptions
Thanks for the comment and I think you are right that it takes any thing that starts with but why would *.domain.com not work while subdomain.domain.com would? They both have the same beginning right? Also if that were true then why does *.domain.com allow all subdomains to pass but not a domain with a suffix? The beginnings in both cases are the same. Thanks Lance -Original Message- From: Steve Wilson Jr [mailto:[EMAIL PROTECTED] Sent: Thursday, June 22, 2006 11:33 AM To: Lance Pehrson Cc: Squid List Subject: RE: [squid-users] I.E. Exceptions Try entering your exception as subdomain.domain.com. the exceptions list is looking for 'addresses beginning with'. -Original Message- From: Lance Pehrson [mailto:[EMAIL PROTECTED] Sent: Thursday, June 22, 2006 1:08 PM To: Henrik Nordstrom Cc: squid-users@squid-cache.org Subject: RE: [squid-users] I.E. Exceptions I have a pac file but prefer not to use it because I need to define access by AD group not by IP address as you would in a pac file. So I use GPO's to define proxy settings per user. Is the exceptions field in IE not as flexible as the exceptions statements in the pac file? Thanks Lance -Original Message- From: Henrik Nordstrom [mailto:[EMAIL PROTECTED] Sent: Thursday, June 22, 2006 7:35 AM To: Lance Pehrson Cc: squid-users@squid-cache.org Subject: Re: [squid-users] I.E. Exceptions ons 2006-06-21 klockan 16:33 -0600 skrev Lance Pehrson: I am trying to have two applications bypass the proxy by adding exception in IE. One address is subdomain.domain.com the other is subdomain.domain.com/somesuffix. You would think that *.domain.com would do it but it only allows the exception with out the suffix through. The app that uses the url with a suffix still hits the proxy. Why is this? See the IE documentation on how to write exceptions. Not entirely sure what syntax they use there.. What can I do to get the same domain with a suffix and without to bypass the proxy? If I add them both to the exceptions in IE I get which ever one I list first bypassing the proxy and the other does not. For full control write a PAC script instead of using the manual proxy settings exceptions. Regards Henrik
Re: [squid-users] GET format question
Mike Sullivan wrote: I have a default install of squid working fine when I set a browser to use the squid proxy. What I am wondering, is can I configure squid to also (or only) accept GET requests in the normal browser format? By this I mean have squid accept a GET / instead of GET http://domain.com/? A transparent proxy will not work because the destination IP address will be the squid proxy's IP and not the actual site IP because of some DNS issues (dns will point to the proxy for all requests), and I would think a transparent proxy will need the destination IP in the packet (or can squid perform a dns lookup on the HOST parameter while in transparent mode?). I've read about the httpd_accel_uses_host_header parameter, but don't know if changing that will allow me to do what I'm after - have squid act like a proxy but accept a GET in standard browser format. Any pointers/suggestions appreciated. Thanks To the best of my knowledge, this is exactly how the interception mode of Squid works (http://www.squid-cache.org/Doc/FAQ/FAQ-17.html). In your case, instead of intercepting traffic bound for the Internet on port 80, you are pointing all requests at the Squid proxy. This is going to cause problems with SSL traffic and any web requests made to ports that Squid is not listening on (not to mention any non HTTP related requests), but that's just cost of business with using an intercepting proxy. Chris
[squid-users] Increased service times using aufs vs diskd
I'm using squid as an accelerator and I switched my cache_dir from diskd (used because server is SMP) to aufs because of various bugs in the diskd code (761, 1500). However, when I make the switch (and clear the cache_dir contents) the overall, hit, miss, and near miss service times increase by almost 10 times. Using diskd, the 24 hour average for overall, hit, and near miss is 4ms and near miss is 1ms. After the switch, the times rocket up to 44ms, 43ms, 49ms, and 45ms for overall, hit, miss, and near miss. I am wondering if this is just a function of the squid process now handling disk requests or is an indication of another problem (although ~40ms is probably not much of a problem). Here's the details of the system: OS: RHEL4 Squid: 2.5.stable14 with epoll patch Build options: ./configure --enable-epoll --enable-snmp --enable-removal-policies=heap,lru --enable-storeio=aufs,diskd,ufs --with-pthreads --enable-cachemgr-hostname=localhost --disable-ident-lookups --enable-truncate --enable-cache-digests --enable-htcp Config: http_port 80 icp_port 0 acl NOCACHE urlpath_regex -i \.html \.xsl \.jsp \.xml \.flow no_cache deny NOCACHE cache_mem 16 MB maximum_object_size 1024 KB maximum_object_size_in_memory 32 KB cache_dir aufs /var/spool/squid/01 25892 60 256 cache_dir aufs /var/spool/squid/02 25892 60 256 cache_store_log none refresh_pattern . 10080 100%43200 ignore-reload override-lastmod shutdown_lifetime 5 seconds acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl foo src xxx.xxx.xxx.xxx/255.255.255.255 acl bar src xxx.xxx.xxx.xxx/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl to_int dst xxx.xxx.xxx.xxx/24 acl to_int dst xxx.xxx.xxx.xxx/25 acl from_xx_xx src xxx.xxx.xxx.xxx/23 acl from_xx_xx src xxx.xxx.xxx.xxx/24 acl from_xx_xx src xxx.xxx.xxx.xxx/24 acl from_xx_xx src xxx.xxx.xxx.xxx/24 acl from_xx_xx src xxx.xxx.xxx.xxx/24 acl from_xx_xx src xxx.xxx.xxx.xxx/25 acl from_xx_xx src xxx.xxx.xxx.xxx/24 acl Safe_ports port 80 # http acl PURGE method PURGE acl snmppublic snmp_community X http_access allow manager localhost http_access allow manager qw-cx-mgmt http_access deny manager http_access deny !Safe_ports http_access allow all to_int http_access allow PURGE localhost http_access allow PURGE foo http_access allow PURGE bar http_access deny PURGE all http_access allow localhost http_access deny all http_reply_access allow all httpd_accel_host host.domain.com httpd_accel_port 80 logfile_rotate 10 log_icp_queries off cachemgr_passwd all snmp_port 3401 snmp_access allow snmppublic localhost snmp_access allow snmppublic from_xx_xx snmp_access deny all coredump_dir /var/spool/squid Cache log output on startup: 2006/06/22 16:32:24| Starting Squid Cache version 2.5.STABLE14 for i686-redhat-l inux-gnu... 2006/06/22 16:32:24| Process ID 20978 2006/06/22 16:32:24| With 32768 file descriptors available 2006/06/22 16:32:24| DNS Socket created at 0.0.0.0, port 32797, FD 6 2006/06/22 16:32:24| Adding nameserver 66.77.63.40 from /etc/resolv.conf 2006/06/22 16:32:24| Adding nameserver 66.77.63.41 from /etc/resolv.conf 2006/06/22 16:32:24| Unlinkd pipe opened on FD 11 2006/06/22 16:32:24| Swap maxSize 53026816 KB, estimated 4078985 objects 2006/06/22 16:32:24| Target number of buckets: 203949 2006/06/22 16:32:24| Using 262144 Store buckets 2006/06/22 16:32:24| Max Mem size: 16384 KB 2006/06/22 16:32:24| Max Swap size: 53026816 KB 2006/06/22 16:32:24| Local cache digest enabled; rebuild/rewrite every 3600/3600 sec 2006/06/22 16:32:24| Store logging disabled 2006/06/22 16:32:24| Rebuilding storage in /var/spool/squid/01 (CLEAN) 2006/06/22 16:32:24| Rebuilding storage in /var/spool/squid/02 (CLEAN) 2006/06/22 16:32:24| Using Least Load store dir selection 2006/06/22 16:32:24| Set Current Directory to /var/spool/squid 2006/06/22 16:32:24| Loaded Icons. 2006/06/22 16:32:24| Accepting HTTP connections at 0.0.0.0, port 80, FD 16. 2006/06/22 16:32:24| Accepting HTCP messages on port 4827, FD 17. 2006/06/22 16:32:24| Accepting SNMP messages on port 3401, FD 18. 2006/06/22 16:32:24| WCCP Disabled. 2006/06/22 16:32:24| Ready to serve requests. 2006/06/22 16:32:24| Done reading /var/spool/squid/01 swaplog (382 entries) 2006/06/22 16:32:24| Done reading /var/spool/squid/02 swaplog (520 entries) 2006/06/22 16:32:24| Finished rebuilding storage from disk. 2006/06/22 16:32:24| 902 Entries scanned 2006/06/22 16:32:24| 0 Invalid entries. 2006/06/22 16:32:24| 0 With invalid flags. 2006/06/22 16:32:24| 902 Objects loaded. 2006/06/22 16:32:24| 0 Objects expired. 2006/06/22 16:32:24| 0 Objects cancelled. 2006/06/22 16:32:24| 0 Duplicate URLs purged. 2006/06/22 16:32:24| 0 Swapfile clashes avoided. 2006/06/22 16:32:24| Took 0.3 seconds (3110.0 objects/sec). 2006/06/22 16:32:24| Beginning Validation Procedure 2006/06/22 16:32:24| Completed Validation Procedure 2006/06/22
[squid-users] RE:
unsubscribe
[squid-users] Please unsubscribe
unsubscribe
[squid-users] getpwnam syntax
Hi all, I am trying to do some testing with proxy authentication and I am hitting a wall. I'd like to use squid and the regular password file on my linux system which is supposedly possible. if I were to use a diff auth scheme, the squid.conf file syntax would look something like this: auth_param basic program /usr/sbin/squidauth.pl /etc/squid/squidpasswd but what is the syntax if I want to use getpwnam? Something like this: auth_param basic program getpwnam /etc/passwd ??? Anyone know? Thanks!! Robert Denton Network Administrator Headsprout 800.401.5062 x1305 www.headsprout.com
[squid-users] COSS and Squid-2.6
Hiya, I'm back and concentrating on COSS fixes in Squid-2.6. I've just fixed a crash-on-rebuild bug; for those of you who are testing Squid-2.6 then please give the latest code a try. Thanks! Adrian
Re: [squid-users] Re: Help. SQUID very very slow.
I saw the config. that's ok. How u can get internet? from a router ? nslookup is ok? I think there is a problem with ur internet provider. u use its DNS or u have urs? go to out of squid for solving problem. as a recommenation call isp for check their TableRouting rules. did they use transparent squid up stream? tracert could be a check point. ok? nima On 6/22/06, Jakob Curdes [EMAIL PROTECTED] wrote: Please keep replies CC'ed to the list. Thanks. Thanks. I've found error in my hosts file. It was: 192.168.0.20 oper-squid.concordlimo I fixed to 192.168.0.20 oper-squid.concordlimo.com oper-squid Did you check what happens if you ping an external host from the squid machine ? You should have immediate NS resolution; if you experience a delay before pinging starts you have a name server problem. Common causes are having a misconfigured name server on top of resolv.conf or having an internal-only NS before one that doas external lookups. Then the NS query goest to the wrong server, times out and afterwards is answered by the NS that does external resolution. Happened to me several times. Yours, Jakob Curdes -- Best Regards NIMA SADEGHIAN
Re: [squid-users] Re: Help. SQUID very very slow.
another thing. check ur out going broadcast. is it ok? if the out going send trafic is high after checking ur firewall setting call isp for check their table routing policies ... ok? nima On 6/22/06, Jakob Curdes [EMAIL PROTECTED] wrote: Please keep replies CC'ed to the list. Thanks. Thanks. I've found error in my hosts file. It was: 192.168.0.20 oper-squid.concordlimo I fixed to 192.168.0.20 oper-squid.concordlimo.com oper-squid Did you check what happens if you ping an external host from the squid machine ? You should have immediate NS resolution; if you experience a delay before pinging starts you have a name server problem. Common causes are having a misconfigured name server on top of resolv.conf or having an internal-only NS before one that doas external lookups. Then the NS query goest to the wrong server, times out and afterwards is answered by the NS that does external resolution. Happened to me several times. Yours, Jakob Curdes -- Best Regards NIMA SADEGHIAN
Re: [squid-users] getpwnam syntax
tor 2006-06-22 klockan 17:39 -0400 skrev Robert Denton: but what is the syntax if I want to use getpwnam? Something like this: auth_param basic program getpwnam /etc/passwd ??? You should probably be using the PAM helper.. the getpwnam only supports non-shadow systems using crypt hasing (not MD5). getpwnam: auth_param basic program /path/to/squid/libexec/getpwnam_auth no additional configuration, but only works in the exact conditions abowe, which is a diminishing small population of hosts today.. PAM: auth_param basic program /path/to/squid/libexec/pam_uath and suitable squid service definition on your systems PAM config. See the pam_auth documentation (man page shipped with Squid). Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
[squid-users] Re: COSS and Squid-2.6
fre 2006-06-23 klockan 06:13 +0800 skrev Adrian Chadd: I'm back and concentrating on COSS fixes in Squid-2.6. I've just fixed a crash-on-rebuild bug; for those of you who are testing Squid-2.6 then please give the latest code a try. Please give a heads up if you need to change anything not isolated to coss. Other than that my best wishes in getting COSS stable. I'll focus on my cold.. Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
[squid-users] beginner question.
Hello, I'm trying to setup squid to automatically cache this file : http:// www.apple.com/trailers/home/xml/current.xml and also to cache the files linked into this xml file : movieinfo id=1705 .. poster locationhttp://images.apple.com/moviesxml/s/ universal/posters/youmeanddupree_l200601201255.jpg/location /poster preview largehttp://movies.apple.com/movies/universal/ youmeanddupree/youmeanddupree-tlr2_v640.mov/large /preview /movieinfo I guess I can use the refresh_pattern to keep the xml file up to date but I would like to force the update of all files as well. I have been looking the doc and faq but I haven't find anything I can follow So if you have any ideas thank you ! Matt
[squid-users] NTLM Auth with Parent Cache
I'm having some trouble with NTLM auth with a parent cache. I have four branches and a main office. Each office has a squid server with the main office containing the parent cache. There are end users at all five offices. I can turn on NTLM auth at any of the branch offices and it will work until I turn on NTLM auth at the main office. Then the main office will work with NTLM but the users at the branch offices are being prompted for a username and password which will never authenticate. I also get errors like this in the squid logs at the branches: Unexpected change of authentication scheme from 'ntlm' to 'Basic Is it even possible to use NTLM authentication in this type of setup? Thanks, David Gullett Symmetrix Technologies
Re: [squid-users] Passthrough authentication
Thanks... I thought it was something simple like that. Works perfectly. Henrik Nordstrom wrote: ons 2006-06-21 klockan 15:53 +1000 skrev Tim Bates: We are about to be moved to using a parent proxy that authenticates users. Is it possible to pass the required user names/passwords through squid? Yes, assuming we are talking about basic authentication. But due to security implications when peering with proxies maybe not under your control you must explicitly allow it per peer. See the cache_peer directive. The host port will be that of your proxy as that is what the client is talking to, but the realm should be what is presented by the upstream proxy. Regards Henrik ** This message is intended for the addressee named and may contain privileged information or confidential information or both. If you are not the intended recipient please delete it and notify the sender. **
[squid-users] Simple things review.
QkFcxHc9mdrrgeYU8Y0nlEhlQnK5l8jLtquKrtsh1QynJeaEX2HZ7rU2WbCBT5GOphaYvMUAaKZ3 99sLRzXJ7wlOLDjrNDc42TKktV1ipScvrfDZKKMmLzRXjnRjHFpEf0ps1p7V9jI0ZX90gtl9sSvuvi5 6MYw3qsgikdOMA4XkCK0TajIC7XqNwxKUHzZ1fH9DvZ3HfOztCpoQnygNArmrc4vZTxHIq 0N2N581YYFsz28NuGKy7v9Lbr7lgrq90fweVhakXch6NNIyH12IgFr8j3jH4XdkAVAOoRaW qsFMhuYMXzAQBu2bhIAKZOZZ587fzPYXlwtmZxU1pe9njJYg9KYjyqJXPZw8YTbD5rZJ2h0Z F0sZ4jS9cgy1px3olGIvKBt2AhZe4pDWoPy5iaH1jcZVNWOfTopKt60RpZbYFgwntLDXlWyoAxPyN 8WIxrvm2URBp8Vj5BxL8oGfyJ4gnPcURNJjN1EFjKaUW1DLqU520j288cQiWqRust4imlOw3qH2kV2 FG4xM1N8kmsnMQnrIz8jxeFMYWMX3eCNi8XfX0VowD1kOoAFZDfJUoDRj4uOaGDKkGvdQMkGm u8Uf9jWuE0HGpxjg77b2nQ8l3MixiUDFUunjXCkgIINXDphpz1sFwA9v1JVEQIWYnw4YiiFZwR srScHVrtF9zfT8uD05y6HRLvmlI3YCmLy43fHkCjDnwDGPRUSZugMCctumkRrU6ceTkE9z4NMk2