Re: [squid-users] Timezone issue
If you want to display the local time in squid error pages, you should change or edit the squid error pages as you want. Please read : http://www.squid-cache.org/mail-archive/squid-users/199904/0133.html Or if you want to change the time zone in logformat refer : http://www.squid-cache.org/Versions/v2/2.7/cfgman/logformat.html. ( Check the link based on your squid version) Regards Visolve Rod Taylor wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 G'Day, My squid is running on a machine that is set to local time in both software and hardware. Squid shows GMT in all error messages and uses GMT in the ACLs. How do I set Squid to use local time not GMT. Squid is the only program to do this... Any thoughts would be appreciated... Regards, Rod. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFJD/OHm74Rpyrp+UYRAulcAKDIPRc4kuh8+HH9xxLB8y6piVX50wCg3DgY M2N2chElzX6omX9nS5U6CAY= =TiB4 -END PGP SIGNATURE-
Re: [squid-users] Ignoring query string from url
Hi All, Issues was with Disk I/O. I have used null cache dir and squid response is much faster now. cache_dir null /empty Thanks everyone for your help. Regards Nitesh On Tue, Nov 4, 2008 at 9:40 AM, nitesh naik <[EMAIL PROTECTED]> wrote: > Does these Redirector statistics mean url rewrite helper program is > slowing down squid response ? avg service time is 1550 msec. > > Redirector Statistics: > program: /home/zdn/bin/redirect_parallel.pl > number running: 2 of 2 > requests sent: 1069753 > replies received: 1069752 > queue length: 0 > avg service time: 1550 msec > > > # FD PID # Requests Flags TimeOffset Request > 1 10 18237 12645 B 0.002 38 (none) > 2 15 18238 12335 2.144 0 (none) > > Regards > Nitesh > > On Mon, Nov 3, 2008 at 2:46 PM, nitesh naik <[EMAIL PROTECTED]> wrote: >> Not sure if url rewrite helper is slowing down process because via >> cache manager interface it didn't show any connection back log. What >> information I should look for in cache manager to find out the cause >> of the slow serving of requests ? >> >> Redirector Statistics: >> program: /home/zdn/bin/redirect_parallel.pl >> number running: 2 of 2 >> requests sent: 155697 >> replies received: 155692 >> queue length: 0 >> avg service time: 0 msec >> >> >> # FD PID # Requests Flags TimeOffset Request >> 1 8 21149 104125 >> BW 0.033 38 http://s2.xyz.com/1821/78/570/1789/563/i88.js?z=4258 >> 81.52.249.106/- - GET myip=10.0.0.165 myport=80\n >> 2 9 21150 51572 BW 0.039 0 >> http://s2.xyz.com/1813/2/570/1781/563/i7.js?z=8853 >> 81.52.249.106/- - GET myip=10.0.0.165 myport=80\n >> >> >> Following are my squid settings. >> >> acl all src 0.0.0.0/0.0.0.0 >> acl manager proto cache_object >> acl localhost src 127.0.0.1 >> acl to_localhost dst 127.0.0.0/255.0.0.0 >> acl localnet src 10.0.0.0/255.0.0.0 >> acl SSL_ports port 443 >> acl Safe_ports port 80 21 443 70 210 1025-65535 280 488 591 777 >> acl CONNECT method CONNECT >> http_access Allow manager localhost >> http_access Deny manager >> http_access Deny !Safe_ports >> http_access Deny CONNECT !SSL_ports >> http_access Allow all >> http_access Allow localnet >> http_access Deny all >> icp_access Allow localnet >> icp_access Deny all >> htcp_access Allow localnet >> htcp_access Deny all >> htcp_clr_access Deny all >> ident_lookup_access Deny all >> http_port 0.0.0.0:80 defaultsite=s1.xyz.com vhost >> cache_peer 10.0.0.175 Parent 80 0 no-query round-robin originserver >> cache_peer 10.0.0.177 Parent 80 0 no-query round-robin originserver >> cache_peer 10.0.0.179 Parent 80 0 no-query round-robin originserver >> cache_peer 10.0.0.181 Parent 80 0 no-query round-robin originserver >> dead_peer_timeout 10 seconds >> hierarchy_stoplist cgi-bin >> hierarchy_stoplist ? >> cache_mem 0 bytes >> maximum_object_size_in_memory 1048576 bytes >> memory_replacement_policy lru >> cache_replacement_policy lru >> cache_dir ufs /home/zdn/squid/var/cache 6000 16 256 IOEngine=Blocking >> store_dir_select_algorithm least-load >> max_open_disk_fds 0 >> minimum_object_size 0 bytes >> maximum_object_size 4194304 bytes >> cache_swap_low 90 >> cache_swap_high 95 >> logformat combined %>a %ui %un [%[tl] "%"rm %"ru HTTP/%">v" %Hs %> "%"{Referer}>h" "%"{User-Agent}>h" %Ss:%Sh >> access_log /home/zdn/squid/var/logs/access.log squid >> cache_log /home/zdn/squid/var/logs/cache.log >> cache_store_log /home/zdn/squid/var/logs/store.log >> logfile_rotate 10 >> emulate_httpd_log off >> log_ip_on_direct on >> mime_table /home/zdn/squid/etc/mime.conf >> log_mime_hdrs off >> pid_filename /home/zdn/squid/var/logs/squid.pid >> debug_options ALL,1 >> log_fqdn off >> client_netmask 255.255.255.255 >> strip_query_terms off >> buffered_logs off >> url_rewrite_program /home/zdn/bin/redirect_parallel.pl >> url_rewrite_children 2 >> url_rewrite_concurrency 2000 >> url_rewrite_host_header off >> url_rewrite_bypass off >> refresh_pattern ^ftp: 1440 20% 10080 >> >> refresh_pattern ^gopher: 1440 0% 1440 >> >> refresh_pattern (cgi-bin|\?) 0 0% 0 >> >> refresh_pattern . 0 20% 4320 >> >> quick_abort_min 16 KB >> quick_abort_max 16 KB >> quick_abort_pct 95 >> read_ahead_gap 16384 bytes >> negative_ttl 0 seconds >> positive_dns_ttl 21600 seconds >> negative_dns_ttl 60 seconds >> range_offset_limit 0 bytes >> minimum_expiry_time 60 seconds >> store_avg_object_size 13 KB >> store_objects_per_bucket 20 >> request_header_max_size 20480 bytes >> reply_header_max_size 20480 bytes >> request_body_max_size 0 bytes >> via off >> ie_refresh off >> vary_ignore_expire off >> request_entities off >> relaxed_header_parser on >> forward_timeout 240 seconds >> connect_timeout 10 seconds >> peer_connect_timeout 5 seconds >> read_timeout 120 seconds >> request_timeout 10 seconds >> persistent_request_timeout 120 seconds >> client_lifetime 86400 seconds >> half_closed_clients off >> pconn_timeo
[squid-users] origin server health detect
Hi, Is there way to stop forwarding requests to origin if monitoring url returns 404 in squid 3 ? Sometimes few nodes in our origin server cluster are unavailable and we would like to disable origin which is up but responding with 404 http status code. Also I would like to know if there is option to check origin server health in squid 3. Regards Nitesh
[squid-users] Timezone issue
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 G'Day, My squid is running on a machine that is set to local time in both software and hardware. Squid shows GMT in all error messages and uses GMT in the ACLs. How do I set Squid to use local time not GMT. Squid is the only program to do this... Any thoughts would be appreciated... Regards, Rod. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFJD/OHm74Rpyrp+UYRAulcAKDIPRc4kuh8+HH9xxLB8y6piVX50wCg3DgY M2N2chElzX6omX9nS5U6CAY= =TiB4 -END PGP SIGNATURE-
[squid-users] NTLM Auth and transparently access
Sorry,my English is so poor. I 'd like to configure Squid working with NTLM AUTH. Can the clinet which has already logged in Windows' domain access to the Internet transparently? Or Is the client be asked Usename and Password again?
[squid-users] getting "Software caused connection abort" in cache.log
hii, i m getting a lot of these error in cache.log. Is this normal or i have to make some change. thanks in advance. 2008/11/04 16:56:09| comm_old_accept: FD 14: (53) Software caused connection abort 2008/11/04 16:56:09| httpAccept: FD 14: accept failure: (53) Software caused connection abort regards, anuj shrestha
Re: [squid-users] Ignoring query string from url
Does these Redirector statistics mean url rewrite helper program is slowing down squid response ? avg service time is 1550 msec. Redirector Statistics: program: /home/zdn/bin/redirect_parallel.pl number running: 2 of 2 requests sent: 1069753 replies received: 1069752 queue length: 0 avg service time: 1550 msec # FD PID # Requests Flags TimeOffset Request 1 10 18237 12645 B 0.002 38 (none) 2 15 18238 12335 2.144 0 (none) Regards Nitesh On Mon, Nov 3, 2008 at 2:46 PM, nitesh naik <[EMAIL PROTECTED]> wrote: > Not sure if url rewrite helper is slowing down process because via > cache manager interface it didn't show any connection back log. What > information I should look for in cache manager to find out the cause > of the slow serving of requests ? > > Redirector Statistics: > program: /home/zdn/bin/redirect_parallel.pl > number running: 2 of 2 > requests sent: 155697 > replies received: 155692 > queue length: 0 > avg service time: 0 msec > > > # FD PID # Requests Flags TimeOffset Request > 1 8 21149 104125 > BW 0.033 38 http://s2.xyz.com/1821/78/570/1789/563/i88.js?z=4258 > 81.52.249.106/- - GET myip=10.0.0.165 myport=80\n > 2 9 21150 51572 BW 0.039 0 > http://s2.xyz.com/1813/2/570/1781/563/i7.js?z=8853 > 81.52.249.106/- - GET myip=10.0.0.165 myport=80\n > > > Following are my squid settings. > > acl all src 0.0.0.0/0.0.0.0 > acl manager proto cache_object > acl localhost src 127.0.0.1 > acl to_localhost dst 127.0.0.0/255.0.0.0 > acl localnet src 10.0.0.0/255.0.0.0 > acl SSL_ports port 443 > acl Safe_ports port 80 21 443 70 210 1025-65535 280 488 591 777 > acl CONNECT method CONNECT > http_access Allow manager localhost > http_access Deny manager > http_access Deny !Safe_ports > http_access Deny CONNECT !SSL_ports > http_access Allow all > http_access Allow localnet > http_access Deny all > icp_access Allow localnet > icp_access Deny all > htcp_access Allow localnet > htcp_access Deny all > htcp_clr_access Deny all > ident_lookup_access Deny all > http_port 0.0.0.0:80 defaultsite=s1.xyz.com vhost > cache_peer 10.0.0.175 Parent 80 0 no-query round-robin originserver > cache_peer 10.0.0.177 Parent 80 0 no-query round-robin originserver > cache_peer 10.0.0.179 Parent 80 0 no-query round-robin originserver > cache_peer 10.0.0.181 Parent 80 0 no-query round-robin originserver > dead_peer_timeout 10 seconds > hierarchy_stoplist cgi-bin > hierarchy_stoplist ? > cache_mem 0 bytes > maximum_object_size_in_memory 1048576 bytes > memory_replacement_policy lru > cache_replacement_policy lru > cache_dir ufs /home/zdn/squid/var/cache 6000 16 256 IOEngine=Blocking > store_dir_select_algorithm least-load > max_open_disk_fds 0 > minimum_object_size 0 bytes > maximum_object_size 4194304 bytes > cache_swap_low 90 > cache_swap_high 95 > logformat combined %>a %ui %un [%[tl] "%"rm %"ru HTTP/%">v" %Hs % "%"{Referer}>h" "%"{User-Agent}>h" %Ss:%Sh > access_log /home/zdn/squid/var/logs/access.log squid > cache_log /home/zdn/squid/var/logs/cache.log > cache_store_log /home/zdn/squid/var/logs/store.log > logfile_rotate 10 > emulate_httpd_log off > log_ip_on_direct on > mime_table /home/zdn/squid/etc/mime.conf > log_mime_hdrs off > pid_filename /home/zdn/squid/var/logs/squid.pid > debug_options ALL,1 > log_fqdn off > client_netmask 255.255.255.255 > strip_query_terms off > buffered_logs off > url_rewrite_program /home/zdn/bin/redirect_parallel.pl > url_rewrite_children 2 > url_rewrite_concurrency 2000 > url_rewrite_host_header off > url_rewrite_bypass off > refresh_pattern ^ftp: 1440 20% 10080 > > refresh_pattern ^gopher: 1440 0% 1440 > > refresh_pattern (cgi-bin|\?) 0 0% 0 > > refresh_pattern . 0 20% 4320 > > quick_abort_min 16 KB > quick_abort_max 16 KB > quick_abort_pct 95 > read_ahead_gap 16384 bytes > negative_ttl 0 seconds > positive_dns_ttl 21600 seconds > negative_dns_ttl 60 seconds > range_offset_limit 0 bytes > minimum_expiry_time 60 seconds > store_avg_object_size 13 KB > store_objects_per_bucket 20 > request_header_max_size 20480 bytes > reply_header_max_size 20480 bytes > request_body_max_size 0 bytes > via off > ie_refresh off > vary_ignore_expire off > request_entities off > relaxed_header_parser on > forward_timeout 240 seconds > connect_timeout 10 seconds > peer_connect_timeout 5 seconds > read_timeout 120 seconds > request_timeout 10 seconds > persistent_request_timeout 120 seconds > client_lifetime 86400 seconds > half_closed_clients off > pconn_timeout 60 seconds > ident_timeout 10 seconds > shutdown_lifetime 30 seconds > cache_mgr webmaster > mail_program mail > cache_effective_user zdn > httpd_suppress_version_string off > umask 23 > announce_period 31536000 seconds > announce_host tracker.ircache.net > announce_port 3131 > client_persistent_connections off > server_persistent_connections off > persistent_connection_after_error off > detect_b
Re: [squid-users] error:unsupported-request-method
> On Tue, Nov 4, 2008 at 5:48 AM, Amos Jeffries <[EMAIL PROTECTED]> > wrote: >> >> A program tried to use the proxy with a request that is either not HTTP >> or >> is part of the HTTP extensions your squid can't handle yet. >> see cache.log for info on which request method was tried. >> >> Amos >> -- >> Please be using >> Current Stable Squid 2.7.STABLE5 or 3.0.STABLE10 >> Current Beta Squid 3.1.0.1 >> > > 2008/11/03 18:01:59| clientReadRequest: FD 22 (192.169.1.56:2008) > Invalid Request > 2008/11/03 18:02:29| parseHttpRequest: Unsupported method 'NICK' > > > how to "repair" that error ? > Prevent SIP application sending SIP protocol through HTTP protocol channel. Amos
Re: [squid-users] error:unsupported-request-method
On Tue, Nov 4, 2008 at 5:48 AM, Amos Jeffries <[EMAIL PROTECTED]> wrote: > > A program tried to use the proxy with a request that is either not HTTP or > is part of the HTTP extensions your squid can't handle yet. > see cache.log for info on which request method was tried. > > Amos > -- > Please be using > Current Stable Squid 2.7.STABLE5 or 3.0.STABLE10 > Current Beta Squid 3.1.0.1 > 2008/11/03 18:01:59| clientReadRequest: FD 22 (192.169.1.56:2008) Invalid Request 2008/11/03 18:02:29| parseHttpRequest: Unsupported method 'NICK' how to "repair" that error ? -- -=-=-=-= http://amyhost.com Dollar naik ? Krisis ? Kami tetap mempertahankan harga jual domain Rp. 75.000 rupiah Pengin punya Layanan SMS PREMIUM ? Contact me ASAP. dapatkan Share revenue MAXIMAL tanpa syarat traffic...
Re: [squid-users] R: [squid-users] Connection to webmail sites problem using more than one parent proxy
Sergio wrote: Hi Amos! Thank you for your replying. I have changed squid version ( now is running the 2.7 stable5) and I have modified the parents peers in that way: parentproxy1.mydomain.it parent 3128 3130 sourcehash parentproxy2.mydomain.it parent 3128 3130 sourcehash parentproxy3.mydomain.it parent 3128 3130 sourcehash But I still have the same problem. I tried also in this way, but it didn't work as well : parentproxy1.mydomain.it parent 3128 3130 roundrobin sourcehash parentproxy2.mydomain.it parent 3128 3130 roundrobin sourcehash parentproxy3.mydomain.it parent 3128 3130 roundrobin sourcehash I'm wondering whether the configuration is correct, or not. Just the top config should have worked. It selects the parent based on client source IP. Something else must be going on. Do you have some better tips about how to configuring it? Hope to have nice news from you! Thanks a lot for help! Sergio -Messaggio originale- Da: Amos Jeffries [mailto:[EMAIL PROTECTED] Inviato: sabato 1 novembre 2008 4.40 A: Sergio Cc: squid-users@squid-cache.org Oggetto: Re: [squid-users] Connection to webmail sites problem using more than one parent proxy Sergio wrote: Hello Everybody, We have this scenario: We have proxy connected to internet trough 3 parent proxy [client] | | [proxy] | | +-+---+ | | | [parentproxy1],[parentproxy2],[parentproxy3] We have trouble with some webmail sites ( eg. mail.tiscali.it) that don't keep the connection on the session. We have this problem when the proxy establishes the connection using all the proxy serves. If we use only a proxy server as parent the session is not missed. This the localproxy configuration for the cache peers: cache_peer parentproxy1.mydomain.it parent 3128 3130 cache_peer parentproxy2.mydomain.it parent 3128 3130 cache_peer parentproxy3.mydomain.it parent 3128 3130 we use squid 2.5 stable7 version for Windows. The parent proxies use squid 2.5 stable7 for windows as well and go out directly to Internet. How can we override this problem? Thank you in advance guys! Sergio Ps. We also contacted the Tiscali customer care, but they didn't give us any useful information! Forgot to mention in my earlier reply. If you upgrade to current squid the srchash peering algorithm is available to ensure that all requests from a given client IP go through a certain parent. This is hash balanced across all the active parents and handles parents proxies going up/down without breaking client access. Amos -- Please be using Current Stable Squid 2.7.STABLE5 or 3.0.STABLE10 Current Beta Squid 3.1.0.1
Re: [squid-users] error:unsupported-request-method
??? ??z?up??? ?z??? ??? wrote: 1225701560.304 1 192.169.1.56 TCP_DENIED/400 1614 NONE error:unsupported-request-method - NONE/- text/html what is that mean ? squid 2x ( from UBUNTU packages ) A program tried to use the proxy with a request that is either not HTTP or is part of the HTTP extensions your squid can't handle yet. see cache.log for info on which request method was tried. Amos -- Please be using Current Stable Squid 2.7.STABLE5 or 3.0.STABLE10 Current Beta Squid 3.1.0.1
Re: [squid-users] SquidNT TCP_DENIED
Chris Lee wrote: > Hi, > > Form the access.log of my new SquidNT (version 2.7.STABLE4) box, I got some > TCP_DENIED entry, before the users can access the website. SquidNT no longer exists. If you fetched it from a website claiming to be SquidNT, please be aware there are now fraudulent distributions about and you should obtain an official copy of 'Squid' for windows. They are available through http://squid.acmeconsulting.it/ > > 1225693114.517 10 10.1.10.147 TCP_DENIED/407 1721 CONNECT urs.microsoft. > com:443 - NONE/- text/html > 1225693114.547 30 10.1.10.147 TCP_DENIED/407 1933 CONNECT urs.microsoft. > com:443 - NONE/- text/html > 1225693114.577240 10.1.10.147 TCP_MISS/200 6346 CONNECT > urs.microsoft.com:443 domain_nt\osec DIRECT/207.46.50.124 - > > Why the first 2 entry does not go the domain\user info? Did I misconfigure > something? The first two are sent to proxy without that info. The proxy denies them with "407 Authentication needed" This is normal for NTLM handshakes during the auth procedure. > > Regards, > Chris Lee > Amos -- Please be using Current Stable Squid 2.7.STABLE5 or 3.0.STABLE10 Current Beta Squid 3.1.0.1
[squid-users] R: [squid-users] Connection to webmail sites problem using more than one parent proxy
Hi Amos! Thank you for your replying. I have changed squid version ( now is running the 2.7 stable5) and I have modified the parents peers in that way: parentproxy1.mydomain.it parent 3128 3130 sourcehash parentproxy2.mydomain.it parent 3128 3130 sourcehash parentproxy3.mydomain.it parent 3128 3130 sourcehash But I still have the same problem. I tried also in this way, but it didn't work as well : parentproxy1.mydomain.it parent 3128 3130 roundrobin sourcehash parentproxy2.mydomain.it parent 3128 3130 roundrobin sourcehash parentproxy3.mydomain.it parent 3128 3130 roundrobin sourcehash I'm wondering whether the configuration is correct, or not. Do you have some better tips about how to configuring it? Hope to have nice news from you! Thanks a lot for help! Sergio -Messaggio originale- Da: Amos Jeffries [mailto:[EMAIL PROTECTED] Inviato: sabato 1 novembre 2008 4.40 A: Sergio Cc: squid-users@squid-cache.org Oggetto: Re: [squid-users] Connection to webmail sites problem using more than one parent proxy Sergio wrote: > Hello Everybody, > > > We have this scenario: > > We have proxy connected to internet trough 3 parent proxy > > [client] > | > | > [proxy] > | > | > +-+---+ > | | | > > [parentproxy1],[parentproxy2],[parentproxy3] > > > > We have trouble with some webmail sites ( eg. mail.tiscali.it) that don't > keep the connection on the session. > We have this problem when the proxy establishes the connection using all the > proxy serves. > If we use only a proxy server as parent the session is not missed. > > This the localproxy configuration for the cache peers: > > cache_peer parentproxy1.mydomain.it parent 3128 3130 > cache_peer parentproxy2.mydomain.it parent 3128 3130 > cache_peer parentproxy3.mydomain.it parent 3128 3130 > > we use squid 2.5 stable7 version for Windows. > The parent proxies use squid 2.5 stable7 for windows as well and go out > directly to Internet. > How can we override this problem? > Thank you in advance guys! > > > Sergio > > > > Ps. > > We also contacted the Tiscali customer care, but they didn't give us any > useful information! > Forgot to mention in my earlier reply. If you upgrade to current squid the srchash peering algorithm is available to ensure that all requests from a given client IP go through a certain parent. This is hash balanced across all the active parents and handles parents proxies going up/down without breaking client access. Amos -- Please be using Current Stable Squid 2.7.STABLE5 or 3.0.STABLE10 Current Beta Squid 3.1.0.1 No virus found in this incoming message. Checked by AVG - http://www.avg.com Version: 8.0.175 / Virus Database: 270.8.5/1758 - Release Date: 31/10/2008 8.22
Re: [squid-users] YouTube and other streaming media (caching)
Hi everybody, regarding this issue: http://wiki.squid-cache.org/WikiSandBox/Discussion/YoutubeCaching I came up with a workaroud, it's a rewriter script in PHP (sorry I'm not good at Perl, but maybe someone would be kind enough to later share a transcoded version... jeje) NOTE 1: Use this script for testing purposes only, It may not work as expected... I've tested it only with very few URLs... If you can improve it, please share. NOTE 2: To use this script you need the PHP command line interface. In Ubuntu yo can install it with this command: sudo apt-get install php5-cli NOTE 3: Make sure the log file is writable by the script. And now the script: #!/usr/bin/php -q http://[^/]+/(get_video|videodownload|videoplayback)\?@',$url) ) { ## Get reply headers ## $rep = get_headers($url); ## If reply is a redirect, make its store-URL unique to avoid matching the store-URL of a video ## $rnd = ""; if ( preg_match('/ 30[123] /',$rep[0]) ) { $rnd = "&REDIR=" . rand(1,9); } $url = preg_replace('@.*id=([^&]*)&?.*$@',"http://videos.SQUIDINTERNAL/ID=$1$rnd",$url); } ## Return rewrited URL ## print $url . "\n"; ## Record what we did on log ## fwrite($log,"$url $rep[0]\n"); ## May do some good, but I'm not sure ## flush(); } fclose($log); ?> ## END OF SCRIPT ## The trick here is knowing if the URL is a redirect (301, 302 or 303) with the get_headers function. It would be nice if the Squid process passed the HTTP status to the script, maybe as a key=value pair, but I'm not even a programmer so that is way beyond my knowledge... Regards, Horacio H.
[squid-users] NTLM Authentication working against Samba 3 PDC, except for random login prompts
I have Squid 2.7 authenticating against a Samba 3 PDC. All seems to work well and Squid defiantly is able to tell what username is browsing what site. My only problem is, every now and then, while browsing, it will work, then suddenly Firefox appearntly because of Squid, will ask for the username and password, then it all works well again, until the prompt randomly shows up again. Also, if you are browsing as a "limited" user, or just a proxy_auth user that has sites blocked, can you somehow temporarily login to Squid as another user, but then immediately when done, have it go back to the regular user. Almost like Window's RunAs function.
Re: [squid-users] squid is dying
On mån, 2008-11-03 at 11:26 +0545, Anuj Shrestha wrote: > i m using squid in freebsd 7.0 below are the compile options, > > proxy01# squid -v > Squid Cache: Version 3.0.STABLE9 > below are the cache.log errors > > FATAL: Received Segment Violation...dying. You may want to try upgrading to 3.0.STABLE10. Or at a minimum file a bug report including a stack backtrace. http://wiki.squid-cache.org/SquidFaq/TroubleShooting#head-7067fc0034ce967e67911becaabb8c95a34d576d > proxy01# tail -f /var/log/squid/cache.log > 2008/11/03 17:14:17| clientParseRequestMethod: Unsupported method in > request 'REGISTER sip:68.142.233.183:80;transport=tcp SIP/2.0__From: > ;ta' Hmm.. SIP requests sent to Squid? Why is that? SIP is not HTTP even if it borrows much of the syntax from HTTP. Regards Henrik signature.asc Description: This is a digitally signed message part
Re: [squid-users] How to run squid after reboot?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Try this: # update-rc.d squid defaults Sebastian Jaurena escreveu: > Hi, Im having problems trying to get back to the life squid after > reboot. We have ubuntu 6.06. > > Thanks. > -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFJDuGX4/f2ihDUoIkRAiEjAKCh580Q2b0B5RmJPhA0RYT6p8o2LwCdFO5y PGlwqkxQh05cMspyUAsnylc= =3x4R -END PGP SIGNATURE-
Re: [squid-users] MSNT authentication - login window
Forgot to 'reply to all'. My bad Resend... Dear Henrik, my first acl: acl users proxy_auth REQUIRED so theres that defaults - acl our_networks, manager, localhost etc acl tecnology proxy_auth [users in this group] acl directors proxy_auth [users in this group] . . . . . until: acl forbidden_sites url_regex -i "/path/forbidden_sites.txt" acl forbidden_webmail blablabla and then: http_access deny our_networks users forbidden_sites !directors (keep denying webmail etc) http_access allow our_networks users http_access deny all Henrik Nordstrom escreveu: > On fre, 2008-10-31 at 08:43 -0200, Luciano Cassemiro wrote: > >> Everything is OK but what bothers me is: the login window shows up when an user >> tries to connect to a forbidden site then he fill with his credentials BUT after >> OK button the login window appears again and again until the user click cancel. > > This happens is the last acl on the http_access deny line denying access > is realted to authentication. > > Now I am a little confused as the http_access rules you posted did not > have this.. is there other http_access deny lines in your squid.conf? > > > Regards > Henrik
[squid-users] How to run squid after reboot?
Hi, Im having problems trying to get back to the life squid after reboot. We have ubuntu 6.06. Thanks.
Re: [squid-users] Ignoring query string from url
Not sure if url rewrite helper is slowing down process because via cache manager interface it didn't show any connection back log. What information I should look for in cache manager to find out the cause of the slow serving of requests ? Redirector Statistics: program: /home/zdn/bin/redirect_parallel.pl number running: 2 of 2 requests sent: 155697 replies received: 155692 queue length: 0 avg service time: 0 msec # FD PID # Requests Flags TimeOffset Request 1 8 21149 104125 BW 0.033 38 http://s2.xyz.com/1821/78/570/1789/563/i88.js?z=4258 81.52.249.106/- - GET myip=10.0.0.165 myport=80\n 2 9 21150 51572 BW 0.039 0 http://s2.xyz.com/1813/2/570/1781/563/i7.js?z=8853 81.52.249.106/- - GET myip=10.0.0.165 myport=80\n Following are my squid settings. acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1 acl to_localhost dst 127.0.0.0/255.0.0.0 acl localnet src 10.0.0.0/255.0.0.0 acl SSL_ports port 443 acl Safe_ports port 80 21 443 70 210 1025-65535 280 488 591 777 acl CONNECT method CONNECT http_access Allow manager localhost http_access Deny manager http_access Deny !Safe_ports http_access Deny CONNECT !SSL_ports http_access Allow all http_access Allow localnet http_access Deny all icp_access Allow localnet icp_access Deny all htcp_access Allow localnet htcp_access Deny all htcp_clr_access Deny all ident_lookup_access Deny all http_port 0.0.0.0:80 defaultsite=s1.xyz.com vhost cache_peer 10.0.0.175 Parent 80 0 no-query round-robin originserver cache_peer 10.0.0.177 Parent 80 0 no-query round-robin originserver cache_peer 10.0.0.179 Parent 80 0 no-query round-robin originserver cache_peer 10.0.0.181 Parent 80 0 no-query round-robin originserver dead_peer_timeout 10 seconds hierarchy_stoplist cgi-bin hierarchy_stoplist ? cache_mem 0 bytes maximum_object_size_in_memory 1048576 bytes memory_replacement_policy lru cache_replacement_policy lru cache_dir ufs /home/zdn/squid/var/cache 6000 16 256 IOEngine=Blocking store_dir_select_algorithm least-load max_open_disk_fds 0 minimum_object_size 0 bytes maximum_object_size 4194304 bytes cache_swap_low 90 cache_swap_high 95 logformat combined %>a %ui %un [%[tl] "%"rm %"ru HTTP/%">v" %Hs %h" "%"{User-Agent}>h" %Ss:%Sh access_log /home/zdn/squid/var/logs/access.log squid cache_log /home/zdn/squid/var/logs/cache.log cache_store_log /home/zdn/squid/var/logs/store.log logfile_rotate 10 emulate_httpd_log off log_ip_on_direct on mime_table /home/zdn/squid/etc/mime.conf log_mime_hdrs off pid_filename /home/zdn/squid/var/logs/squid.pid debug_options ALL,1 log_fqdn off client_netmask 255.255.255.255 strip_query_terms off buffered_logs off url_rewrite_program /home/zdn/bin/redirect_parallel.pl url_rewrite_children 2 url_rewrite_concurrency 2000 url_rewrite_host_header off url_rewrite_bypass off refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern (cgi-bin|\?) 0 0% 0 refresh_pattern . 0 20% 4320 quick_abort_min 16 KB quick_abort_max 16 KB quick_abort_pct 95 read_ahead_gap 16384 bytes negative_ttl 0 seconds positive_dns_ttl 21600 seconds negative_dns_ttl 60 seconds range_offset_limit 0 bytes minimum_expiry_time 60 seconds store_avg_object_size 13 KB store_objects_per_bucket 20 request_header_max_size 20480 bytes reply_header_max_size 20480 bytes request_body_max_size 0 bytes via off ie_refresh off vary_ignore_expire off request_entities off relaxed_header_parser on forward_timeout 240 seconds connect_timeout 10 seconds peer_connect_timeout 5 seconds read_timeout 120 seconds request_timeout 10 seconds persistent_request_timeout 120 seconds client_lifetime 86400 seconds half_closed_clients off pconn_timeout 60 seconds ident_timeout 10 seconds shutdown_lifetime 30 seconds cache_mgr webmaster mail_program mail cache_effective_user zdn httpd_suppress_version_string off umask 23 announce_period 31536000 seconds announce_host tracker.ircache.net announce_port 3131 client_persistent_connections off server_persistent_connections off persistent_connection_after_error off detect_broken_pconn off snmp_port 0 snmp_access Deny all snmp_incoming_address 0.0.0.0 snmp_outgoing_address 255.255.255.255 icp_port 3130 htcp_port 0 log_icp_queries on udp_incoming_address 0.0.0.0 udp_outgoing_address 255.255.255.255 icp_hit_stale off minimum_direct_hops 4 minimum_direct_rtt 400 netdb_low 900 netdb_high 1000 netdb_ping_period 300 seconds query_icmp off test_reachability off icp_query_timeout 4000 maximum_icp_query_timeout 2000 minimum_icp_query_timeout 5 background_ping_rate 10 seconds mcast_icp_query_timeout 2000 icon_directory /home/zdn/squid/share/icons global_internal_static on short_icon_urls on error_directory /home/zdn/squid/share/errors/templates err_html_text email_err_data on nonhierarchical_direct on prefer_direct off incoming_icp_average 6 incoming_http_average 4 incoming_dns_average 4 min_icp_poll_cnt 8 min_dns_poll_cnt 8 min_http_poll_c
[squid-users] WCCP load balancing and TPROXY fully transparent interception
Hi, I'm going to deploy multiple squid servers in a ISP for HTTP traffic caching. I'm now considering using WCCP for load balancing and TPROXY for fully transparent interception. Here is the problem. As far as I know, Cisco WCCP module does not maintain connection status, it just redirect packets based on their IP addresses and ports. I'm just wondering if it's possible that one squid server(squid A, for example) sends a outbound request, but the router redirects the corresponding inbound response to another squid(squid B)? Then that's totally messed.
RE: [squid-users] SquidNT TCP_DENIED
This is very common with squid, same in my logs, its more along the lines squid tries to fetch the page without using authentication, which is denied, than fetches the page with authentication and its correctly presented. You always see two denied and the connect, this is "dummy" traffic as nothing is fetched from the site. It's perfectly setup. Alex -Original Message- From: Chris Lee [mailto:[EMAIL PROTECTED] Sent: 03 November 2008 06:24 To: 'squid-users@squid-cache.org' Subject: [squid-users] SquidNT TCP_DENIED Hi, Form the access.log of my new SquidNT (version 2.7.STABLE4) box, I got some TCP_DENIED entry, before the users can access the website. 1225693114.517 10 10.1.10.147 TCP_DENIED/407 1721 CONNECT urs.microsoft. com:443 - NONE/- text/html 1225693114.547 30 10.1.10.147 TCP_DENIED/407 1933 CONNECT urs.microsoft. com:443 - NONE/- text/html 1225693114.577240 10.1.10.147 TCP_MISS/200 6346 CONNECT urs.microsoft.com:443 domain_nt\osec DIRECT/207.46.50.124 - Why the first 2 entry does not go the domain\user info? Did I misconfigure something? Regards, Chris Lee This message and its attachment (if any) are strictly confidential and sent to the designated recipient(s) only. If you are not the intended recipient, please notify the sender by e-mail and delete this message and its attachment (if any) from your computer system immediately . Century City International Holdings Limited, Paliburg Holdings Limited, Regal Hotels International Holdings Limited, its respective related subsidiaries, associated companies and affiliates do not guarantee this message and its attachment (if any) are free of computer virus and would not accept any liability whatsoever arising from Internet transmission.
[squid-users] error:unsupported-request-method
1225701560.304 1 192.169.1.56 TCP_DENIED/400 1614 NONE error:unsupported-request-method - NONE/- text/html what is that mean ? squid 2x ( from UBUNTU packages ) -- -=-=-=-= http://amyhost.com Dollar naik ? Krisis ? Kami tetap mempertahankan harga jual domain Rp. 75.000 rupiah Pengin punya Layanan SMS PREMIUM ? Contact me ASAP. dapatkan Share revenue MAXIMAL tanpa syarat traffic...