Re: [squid-users] Timezone issue

[squid]

If you want to display the local time in squid error pages, you should 
change or edit the squid error pages as you want.


Please read : 
http://www.squid-cache.org/mail-archive/squid-users/199904/0133.html


Or if you want to change the time zone in logformat

refer : 
http://www.squid-cache.org/Versions/v2/2.7/cfgman/logformat.html. ( 
Check the link based on your squid version)


Regards
Visolve


Rod Taylor wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

G'Day,

My squid is running on a machine that is set to local time in both
software and hardware. Squid shows GMT in all error messages and uses
GMT in the ACLs. How do I set Squid to use local time not GMT. Squid is
the only program to do this...

Any thoughts would be appreciated...

Regards, Rod.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFJD/OHm74Rpyrp+UYRAulcAKDIPRc4kuh8+HH9xxLB8y6piVX50wCg3DgY
M2N2chElzX6omX9nS5U6CAY=
=TiB4
-END PGP SIGNATURE-


  

Re: [squid-users] Ignoring query string from url

[nitesh naik]

Hi All,

Issues was with Disk I/O. I have used null cache dir and squid
response is much faster now.

 cache_dir null /empty

Thanks everyone for your help.

Regards
Nitesh

On Tue, Nov 4, 2008 at 9:40 AM, nitesh naik <[EMAIL PROTECTED]> wrote:
> Does these Redirector statistics mean url rewrite helper program is
> slowing down squid response ? avg service time is 1550 msec.
>
> Redirector Statistics:
> program: /home/zdn/bin/redirect_parallel.pl
> number running: 2 of 2
> requests sent: 1069753
> replies received: 1069752
> queue length: 0
> avg service time: 1550 msec
>
>
> #   FD  PID # Requests  Flags   TimeOffset  Request
> 1   10  18237   12645   B   0.002   38  (none)
> 2   15  18238   12335   2.144   0   (none)
>
> Regards
> Nitesh
>
> On Mon, Nov 3, 2008 at 2:46 PM, nitesh naik <[EMAIL PROTECTED]> wrote:
>> Not sure if url rewrite helper is slowing down process because via
>> cache manager interface it didn't show any connection back log. What
>> information I should look for in cache manager to find out the cause
>> of the slow serving of requests ?
>>
>> Redirector Statistics:
>> program: /home/zdn/bin/redirect_parallel.pl
>> number running: 2 of 2
>> requests sent: 155697
>> replies received: 155692
>> queue length: 0
>> avg service time: 0 msec
>>
>>
>> #   FD  PID # Requests  Flags   TimeOffset  Request
>> 1   8   21149   104125
>> BW  0.033   38  http://s2.xyz.com/1821/78/570/1789/563/i88.js?z=4258
>> 81.52.249.106/- - GET myip=10.0.0.165 myport=80\n
>> 2   9   21150   51572   BW  0.039   0   
>> http://s2.xyz.com/1813/2/570/1781/563/i7.js?z=8853
>> 81.52.249.106/- - GET myip=10.0.0.165 myport=80\n
>>
>>
>> Following are my squid settings.
>>
>> acl all src 0.0.0.0/0.0.0.0
>> acl manager proto cache_object
>> acl localhost src 127.0.0.1
>> acl to_localhost dst 127.0.0.0/255.0.0.0
>> acl localnet src 10.0.0.0/255.0.0.0
>> acl SSL_ports port 443
>> acl Safe_ports port 80 21 443 70 210 1025-65535 280 488 591 777
>> acl CONNECT method CONNECT
>> http_access Allow manager localhost
>> http_access Deny manager
>> http_access Deny !Safe_ports
>> http_access Deny CONNECT !SSL_ports
>> http_access Allow all
>> http_access Allow localnet
>> http_access Deny all
>> icp_access Allow localnet
>> icp_access Deny all
>> htcp_access Allow localnet
>> htcp_access Deny all
>> htcp_clr_access Deny all
>> ident_lookup_access Deny all
>> http_port 0.0.0.0:80 defaultsite=s1.xyz.com vhost
>> cache_peer 10.0.0.175 Parent 80 0 no-query round-robin originserver
>> cache_peer 10.0.0.177 Parent 80 0 no-query round-robin originserver
>> cache_peer 10.0.0.179 Parent 80 0 no-query round-robin originserver
>> cache_peer 10.0.0.181 Parent 80 0 no-query round-robin originserver
>> dead_peer_timeout 10 seconds
>> hierarchy_stoplist cgi-bin
>> hierarchy_stoplist ?
>> cache_mem 0 bytes
>> maximum_object_size_in_memory 1048576 bytes
>> memory_replacement_policy lru
>> cache_replacement_policy lru
>> cache_dir ufs /home/zdn/squid/var/cache 6000 16 256 IOEngine=Blocking
>> store_dir_select_algorithm least-load
>> max_open_disk_fds 0
>> minimum_object_size 0 bytes
>> maximum_object_size 4194304 bytes
>> cache_swap_low 90
>> cache_swap_high 95
>> logformat combined %>a %ui %un [%[tl] "%"rm %"ru HTTP/%">v" %Hs %> "%"{Referer}>h" "%"{User-Agent}>h" %Ss:%Sh
>> access_log /home/zdn/squid/var/logs/access.log squid
>> cache_log /home/zdn/squid/var/logs/cache.log
>> cache_store_log /home/zdn/squid/var/logs/store.log
>> logfile_rotate 10
>> emulate_httpd_log off
>> log_ip_on_direct on
>> mime_table /home/zdn/squid/etc/mime.conf
>> log_mime_hdrs off
>> pid_filename /home/zdn/squid/var/logs/squid.pid
>> debug_options ALL,1
>> log_fqdn off
>> client_netmask 255.255.255.255
>> strip_query_terms off
>> buffered_logs off
>> url_rewrite_program /home/zdn/bin/redirect_parallel.pl
>> url_rewrite_children 2
>> url_rewrite_concurrency 2000
>> url_rewrite_host_header off
>> url_rewrite_bypass off
>> refresh_pattern ^ftp: 1440 20% 10080
>>
>> refresh_pattern ^gopher: 1440 0% 1440
>>
>> refresh_pattern (cgi-bin|\?) 0 0% 0
>>
>> refresh_pattern . 0 20% 4320
>>
>> quick_abort_min 16 KB
>> quick_abort_max 16 KB
>> quick_abort_pct 95
>> read_ahead_gap 16384 bytes
>> negative_ttl 0 seconds
>> positive_dns_ttl 21600 seconds
>> negative_dns_ttl 60 seconds
>> range_offset_limit 0 bytes
>> minimum_expiry_time 60 seconds
>> store_avg_object_size 13 KB
>> store_objects_per_bucket 20
>> request_header_max_size 20480 bytes
>> reply_header_max_size 20480 bytes
>> request_body_max_size 0 bytes
>> via off
>> ie_refresh off
>> vary_ignore_expire off
>> request_entities off
>> relaxed_header_parser on
>> forward_timeout 240 seconds
>> connect_timeout 10 seconds
>> peer_connect_timeout 5 seconds
>> read_timeout 120 seconds
>> request_timeout 10 seconds
>> persistent_request_timeout 120 seconds
>> client_lifetime 86400 seconds
>> half_closed_clients off
>> pconn_timeo

[squid-users] origin server health detect

[nitesh naik]

Hi,

Is there way to stop forwarding requests to origin if monitoring url
returns 404 in squid 3 ?  Sometimes few nodes in our origin server
cluster are unavailable and we would like to disable origin which is
up but responding with 404 http status code.

Also I would like to know if there is option to check origin server
health in squid 3.

Regards
Nitesh

[squid-users] Timezone issue

[Rod Taylor]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

G'Day,

My squid is running on a machine that is set to local time in both
software and hardware. Squid shows GMT in all error messages and uses
GMT in the ACLs. How do I set Squid to use local time not GMT. Squid is
the only program to do this...

Any thoughts would be appreciated...

Regards, Rod.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFJD/OHm74Rpyrp+UYRAulcAKDIPRc4kuh8+HH9xxLB8y6piVX50wCg3DgY
M2N2chElzX6omX9nS5U6CAY=
=TiB4
-END PGP SIGNATURE-

[squid-users] NTLM Auth and transparently access

[keisuke.hamanaka]

Sorry,my English is so poor.

I 'd like to configure Squid working with NTLM AUTH.
Can the clinet which has already logged in Windows' domain access to the 
Internet
transparently? Or Is the client be asked Usename and  Password again?

[squid-users] getting "Software caused connection abort" in cache.log

[Anuj Shrestha]

hii,
 i m getting a lot of these error in cache.log. Is this normal or i 
have to make some change. thanks in advance.


2008/11/04 16:56:09| comm_old_accept: FD 14: (53) Software caused 
connection abort
2008/11/04 16:56:09| httpAccept: FD 14: accept failure: (53) Software 
caused connection abort


regards,
anuj shrestha

Re: [squid-users] Ignoring query string from url

[nitesh naik]

Does these Redirector statistics mean url rewrite helper program is
slowing down squid response ? avg service time is 1550 msec.

Redirector Statistics:
program: /home/zdn/bin/redirect_parallel.pl
number running: 2 of 2
requests sent: 1069753
replies received: 1069752
queue length: 0
avg service time: 1550 msec


#   FD  PID # Requests  Flags   TimeOffset  Request
1   10  18237   12645   B   0.002   38  (none)
2   15  18238   12335   2.144   0   (none)

Regards
Nitesh

On Mon, Nov 3, 2008 at 2:46 PM, nitesh naik <[EMAIL PROTECTED]> wrote:
> Not sure if url rewrite helper is slowing down process because via
> cache manager interface it didn't show any connection back log. What
> information I should look for in cache manager to find out the cause
> of the slow serving of requests ?
>
> Redirector Statistics:
> program: /home/zdn/bin/redirect_parallel.pl
> number running: 2 of 2
> requests sent: 155697
> replies received: 155692
> queue length: 0
> avg service time: 0 msec
>
>
> #   FD  PID # Requests  Flags   TimeOffset  Request
> 1   8   21149   104125
> BW  0.033   38  http://s2.xyz.com/1821/78/570/1789/563/i88.js?z=4258
> 81.52.249.106/- - GET myip=10.0.0.165 myport=80\n
> 2   9   21150   51572   BW  0.039   0   
> http://s2.xyz.com/1813/2/570/1781/563/i7.js?z=8853
> 81.52.249.106/- - GET myip=10.0.0.165 myport=80\n
>
>
> Following are my squid settings.
>
> acl all src 0.0.0.0/0.0.0.0
> acl manager proto cache_object
> acl localhost src 127.0.0.1
> acl to_localhost dst 127.0.0.0/255.0.0.0
> acl localnet src 10.0.0.0/255.0.0.0
> acl SSL_ports port 443
> acl Safe_ports port 80 21 443 70 210 1025-65535 280 488 591 777
> acl CONNECT method CONNECT
> http_access Allow manager localhost
> http_access Deny manager
> http_access Deny !Safe_ports
> http_access Deny CONNECT !SSL_ports
> http_access Allow all
> http_access Allow localnet
> http_access Deny all
> icp_access Allow localnet
> icp_access Deny all
> htcp_access Allow localnet
> htcp_access Deny all
> htcp_clr_access Deny all
> ident_lookup_access Deny all
> http_port 0.0.0.0:80 defaultsite=s1.xyz.com vhost
> cache_peer 10.0.0.175 Parent 80 0 no-query round-robin originserver
> cache_peer 10.0.0.177 Parent 80 0 no-query round-robin originserver
> cache_peer 10.0.0.179 Parent 80 0 no-query round-robin originserver
> cache_peer 10.0.0.181 Parent 80 0 no-query round-robin originserver
> dead_peer_timeout 10 seconds
> hierarchy_stoplist cgi-bin
> hierarchy_stoplist ?
> cache_mem 0 bytes
> maximum_object_size_in_memory 1048576 bytes
> memory_replacement_policy lru
> cache_replacement_policy lru
> cache_dir ufs /home/zdn/squid/var/cache 6000 16 256 IOEngine=Blocking
> store_dir_select_algorithm least-load
> max_open_disk_fds 0
> minimum_object_size 0 bytes
> maximum_object_size 4194304 bytes
> cache_swap_low 90
> cache_swap_high 95
> logformat combined %>a %ui %un [%[tl] "%"rm %"ru HTTP/%">v" %Hs % "%"{Referer}>h" "%"{User-Agent}>h" %Ss:%Sh
> access_log /home/zdn/squid/var/logs/access.log squid
> cache_log /home/zdn/squid/var/logs/cache.log
> cache_store_log /home/zdn/squid/var/logs/store.log
> logfile_rotate 10
> emulate_httpd_log off
> log_ip_on_direct on
> mime_table /home/zdn/squid/etc/mime.conf
> log_mime_hdrs off
> pid_filename /home/zdn/squid/var/logs/squid.pid
> debug_options ALL,1
> log_fqdn off
> client_netmask 255.255.255.255
> strip_query_terms off
> buffered_logs off
> url_rewrite_program /home/zdn/bin/redirect_parallel.pl
> url_rewrite_children 2
> url_rewrite_concurrency 2000
> url_rewrite_host_header off
> url_rewrite_bypass off
> refresh_pattern ^ftp: 1440 20% 10080
>
> refresh_pattern ^gopher: 1440 0% 1440
>
> refresh_pattern (cgi-bin|\?) 0 0% 0
>
> refresh_pattern . 0 20% 4320
>
> quick_abort_min 16 KB
> quick_abort_max 16 KB
> quick_abort_pct 95
> read_ahead_gap 16384 bytes
> negative_ttl 0 seconds
> positive_dns_ttl 21600 seconds
> negative_dns_ttl 60 seconds
> range_offset_limit 0 bytes
> minimum_expiry_time 60 seconds
> store_avg_object_size 13 KB
> store_objects_per_bucket 20
> request_header_max_size 20480 bytes
> reply_header_max_size 20480 bytes
> request_body_max_size 0 bytes
> via off
> ie_refresh off
> vary_ignore_expire off
> request_entities off
> relaxed_header_parser on
> forward_timeout 240 seconds
> connect_timeout 10 seconds
> peer_connect_timeout 5 seconds
> read_timeout 120 seconds
> request_timeout 10 seconds
> persistent_request_timeout 120 seconds
> client_lifetime 86400 seconds
> half_closed_clients off
> pconn_timeout 60 seconds
> ident_timeout 10 seconds
> shutdown_lifetime 30 seconds
> cache_mgr webmaster
> mail_program mail
> cache_effective_user zdn
> httpd_suppress_version_string off
> umask 23
> announce_period 31536000 seconds
> announce_host tracker.ircache.net
> announce_port 3131
> client_persistent_connections off
> server_persistent_connections off
> persistent_connection_after_error off
> detect_b

Re: [squid-users] error:unsupported-request-method

[Amos Jeffries]

> On Tue, Nov 4, 2008 at 5:48 AM, Amos Jeffries <[EMAIL PROTECTED]>
> wrote:
>>
>> A program tried to use the proxy with a request that is either not HTTP
>> or
>> is part of the HTTP extensions your squid can't handle yet.
>> see cache.log for info on which request method was tried.
>>
>> Amos
>> --
>> Please be using
>>  Current Stable Squid 2.7.STABLE5 or 3.0.STABLE10
>>  Current Beta Squid 3.1.0.1
>>
>
> 2008/11/03 18:01:59| clientReadRequest: FD 22 (192.169.1.56:2008)
> Invalid Request
> 2008/11/03 18:02:29| parseHttpRequest: Unsupported method 'NICK'
>
>
> how to "repair" that error ?
>

Prevent SIP application sending SIP protocol through HTTP protocol channel.

Amos

Re: [squid-users] error:unsupported-request-method

[░▒▓ ɹɐzǝupɐɥʞ ɐzɹıɯ ▓▒░]

On Tue, Nov 4, 2008 at 5:48 AM, Amos Jeffries <[EMAIL PROTECTED]> wrote:
>
> A program tried to use the proxy with a request that is either not HTTP or
> is part of the HTTP extensions your squid can't handle yet.
> see cache.log for info on which request method was tried.
>
> Amos
> --
> Please be using
>  Current Stable Squid 2.7.STABLE5 or 3.0.STABLE10
>  Current Beta Squid 3.1.0.1
>

2008/11/03 18:01:59| clientReadRequest: FD 22 (192.169.1.56:2008)
Invalid Request
2008/11/03 18:02:29| parseHttpRequest: Unsupported method 'NICK'


how to "repair" that error ?

-- 
-=-=-=-=
http://amyhost.com
Dollar naik ? Krisis ? Kami tetap mempertahankan harga jual domain Rp.
75.000 rupiah

Pengin punya Layanan SMS PREMIUM ?
Contact me ASAP. dapatkan Share revenue MAXIMAL tanpa syarat traffic...

Re: [squid-users] R: [squid-users] Connection to webmail sites problem using more than one parent proxy

[Amos Jeffries]

Sergio wrote:

Hi Amos!
Thank you for your replying.

I have changed squid version ( now is running the 2.7 stable5) and I have
modified the parents peers in that way:

 parentproxy1.mydomain.it parent 3128 3130 sourcehash
 parentproxy2.mydomain.it parent 3128 3130 sourcehash
 parentproxy3.mydomain.it parent 3128 3130 sourcehash

But I still have the same problem.

I tried also in this way, but it didn't work as well :

parentproxy1.mydomain.it parent 3128 3130 roundrobin sourcehash
parentproxy2.mydomain.it parent 3128 3130 roundrobin sourcehash
parentproxy3.mydomain.it parent 3128 3130 roundrobin sourcehash

I'm wondering whether the configuration is correct, or not.


Just the top config should have worked. It selects the parent based on 
client source IP.

Something else must be going on.


Do you have some better tips about how to configuring it?

Hope to have nice news from you!

Thanks a lot for help!

Sergio 



-Messaggio originale-
Da: Amos Jeffries [mailto:[EMAIL PROTECTED] 
Inviato: sabato 1 novembre 2008 4.40

A: Sergio
Cc: squid-users@squid-cache.org
Oggetto: Re: [squid-users] Connection to webmail sites problem using more
than one parent proxy

Sergio wrote:

Hello Everybody,


We have this scenario:

We have proxy connected to internet trough 3 parent proxy

[client]
|
|
[proxy]
|
|
+-+---+
| |   |

[parentproxy1],[parentproxy2],[parentproxy3]



We have trouble with some  webmail sites ( eg. mail.tiscali.it) that don't
keep the connection on the session.
We have this problem when the proxy establishes the connection using all

the

proxy serves.
If we use only a proxy server as parent the session is not missed.

This the localproxy configuration for the cache peers:

cache_peer parentproxy1.mydomain.it parent 3128 3130
cache_peer parentproxy2.mydomain.it parent 3128 3130
cache_peer parentproxy3.mydomain.it parent 3128 3130

we use squid 2.5 stable7 version for Windows.
The parent proxies use squid 2.5 stable7 for windows as well and go out
directly to Internet.
How can we override this problem?
Thank you in advance guys!


Sergio



Ps.

We also contacted the Tiscali customer care, but they didn't give us any
useful information!



Forgot to mention in my earlier reply.
If you upgrade to current squid the srchash peering algorithm is 
available to ensure that all requests from a given client IP go through 
a certain parent. This is hash balanced across all the active parents 
and handles parents proxies going up/down without breaking client access.


Amos



--
Please be using
  Current Stable Squid 2.7.STABLE5 or 3.0.STABLE10
  Current Beta Squid 3.1.0.1

Re: [squid-users] error:unsupported-request-method

[Amos Jeffries]

??? ??z?up??? ?z??? ??? wrote:

1225701560.304  1 192.169.1.56 TCP_DENIED/400 1614 NONE
error:unsupported-request-method - NONE/- text/html

what is that mean ?
squid 2x ( from UBUNTU packages )



A program tried to use the proxy with a request that is either not HTTP 
or is part of the HTTP extensions your squid can't handle yet.

see cache.log for info on which request method was tried.

Amos
--
Please be using
  Current Stable Squid 2.7.STABLE5 or 3.0.STABLE10
  Current Beta Squid 3.1.0.1

Re: [squid-users] SquidNT TCP_DENIED

[Amos Jeffries]

Chris Lee wrote:
> Hi,
>  
> Form the access.log of my new SquidNT (version 2.7.STABLE4) box, I got some
> TCP_DENIED entry, before the users can access the website.

SquidNT no longer exists. If you fetched it from a website claiming to
be SquidNT, please be aware there are now fraudulent distributions about
and you should obtain an official copy of 'Squid' for windows. They are
available through http://squid.acmeconsulting.it/



>  
> 1225693114.517 10 10.1.10.147 TCP_DENIED/407 1721 CONNECT urs.microsoft.
> com:443 - NONE/- text/html
> 1225693114.547 30 10.1.10.147 TCP_DENIED/407 1933 CONNECT urs.microsoft.
> com:443 - NONE/- text/html
> 1225693114.577240 10.1.10.147 TCP_MISS/200 6346 CONNECT
> urs.microsoft.com:443 domain_nt\osec DIRECT/207.46.50.124 -
>  
> Why the first 2 entry does not go the domain\user info? Did I misconfigure
> something?

The first two are sent to proxy without that info. The proxy denies them
with "407 Authentication needed"

This is normal for NTLM handshakes during the auth procedure.

>  
> Regards,
> Chris Lee
> 

Amos
-- 
Please be using
  Current Stable Squid 2.7.STABLE5 or 3.0.STABLE10
  Current Beta Squid 3.1.0.1

[squid-users] R: [squid-users] Connection to webmail sites problem using more than one parent proxy

[Sergio]

Hi Amos!
Thank you for your replying.

I have changed squid version ( now is running the 2.7 stable5) and I have
modified the parents peers in that way:

 parentproxy1.mydomain.it parent 3128 3130 sourcehash
 parentproxy2.mydomain.it parent 3128 3130 sourcehash
 parentproxy3.mydomain.it parent 3128 3130 sourcehash

But I still have the same problem.

I tried also in this way, but it didn't work as well :

parentproxy1.mydomain.it parent 3128 3130 roundrobin sourcehash
parentproxy2.mydomain.it parent 3128 3130 roundrobin sourcehash
parentproxy3.mydomain.it parent 3128 3130 roundrobin sourcehash

I'm wondering whether the configuration is correct, or not.
Do you have some better tips about how to configuring it?

Hope to have nice news from you!

Thanks a lot for help!

Sergio 


-Messaggio originale-
Da: Amos Jeffries [mailto:[EMAIL PROTECTED] 
Inviato: sabato 1 novembre 2008 4.40
A: Sergio
Cc: squid-users@squid-cache.org
Oggetto: Re: [squid-users] Connection to webmail sites problem using more
than one parent proxy

Sergio wrote:
> Hello Everybody,
> 
> 
> We have this scenario:
> 
> We have proxy connected to internet trough 3 parent proxy
> 
> [client]
> |
> |
> [proxy]
> |
> |
> +-+---+
> | |   |
> 
> [parentproxy1],[parentproxy2],[parentproxy3]
> 
> 
> 
> We have trouble with some  webmail sites ( eg. mail.tiscali.it) that don't
> keep the connection on the session.
> We have this problem when the proxy establishes the connection using all
the
> proxy serves.
> If we use only a proxy server as parent the session is not missed.
> 
> This the localproxy configuration for the cache peers:
> 
> cache_peer parentproxy1.mydomain.it parent 3128 3130
> cache_peer parentproxy2.mydomain.it parent 3128 3130
> cache_peer parentproxy3.mydomain.it parent 3128 3130
> 
> we use squid 2.5 stable7 version for Windows.
> The parent proxies use squid 2.5 stable7 for windows as well and go out
> directly to Internet.
> How can we override this problem?
> Thank you in advance guys!
> 
> 
> Sergio
> 
> 
> 
> Ps.
> 
> We also contacted the Tiscali customer care, but they didn't give us any
> useful information!
> 

Forgot to mention in my earlier reply.
If you upgrade to current squid the srchash peering algorithm is 
available to ensure that all requests from a given client IP go through 
a certain parent. This is hash balanced across all the active parents 
and handles parents proxies going up/down without breaking client access.

Amos
-- 
Please be using
   Current Stable Squid 2.7.STABLE5 or 3.0.STABLE10
   Current Beta Squid 3.1.0.1

No virus found in this incoming message.
Checked by AVG - http://www.avg.com 
Version: 8.0.175 / Virus Database: 270.8.5/1758 - Release Date: 31/10/2008
8.22

Re: [squid-users] YouTube and other streaming media (caching)

[Horacio H.]

Hi everybody,

regarding this issue:

http://wiki.squid-cache.org/WikiSandBox/Discussion/YoutubeCaching

I came up with a workaroud, it's a rewriter script in PHP (sorry I'm
not good at Perl, but maybe someone would be kind enough to later
share a transcoded version... jeje)

NOTE 1: Use this script for testing purposes only, It may not work as
expected... I've tested it only with very few URLs... If you can
improve it, please share.

NOTE 2: To use this script you need the PHP command line interface. In
Ubuntu yo can install it with this command:

sudo apt-get install php5-cli

NOTE 3: Make sure the log file is writable by the script.

And now the script:

#!/usr/bin/php -q
http://[^/]+/(get_video|videodownload|videoplayback)\?@',$url)
) {

 ## Get reply headers ##

 $rep = get_headers($url);

 ## If reply is a redirect, make its store-URL unique to avoid
matching the store-URL of a video ##

 $rnd = "";

 if ( preg_match('/ 30[123] /',$rep[0]) ) {

   $rnd = "&REDIR=" . rand(1,9);

 }

 $url = 
preg_replace('@.*id=([^&]*)&?.*$@',"http://videos.SQUIDINTERNAL/ID=$1$rnd",$url);

   }

   ## Return rewrited URL ##

   print $url . "\n";

   ## Record what we did on log ##

   fwrite($log,"$url $rep[0]\n");

   ## May do some good, but I'm not sure ##

   flush();

 }

 fclose($log);

?>
## END OF SCRIPT ##

The trick here is knowing if the URL is a redirect (301, 302 or 303)
with the get_headers function.  It would be nice if the Squid process
passed the HTTP status to the script, maybe as a key=value pair, but
I'm not even a programmer so that is way beyond my knowledge...

Regards,

Horacio H.

[squid-users] NTLM Authentication working against Samba 3 PDC, except for random login prompts

[Adam McCarthy]

I have Squid 2.7 authenticating against a Samba 3 PDC.

All seems to work well and Squid defiantly is able to tell what
username is browsing what site.

My only problem is, every now and then, while browsing, it will work,
then suddenly Firefox appearntly because of Squid, will ask for the
username and password, then it all works well again, until the prompt
randomly shows up again.

Also, if you are browsing as a "limited" user, or just a proxy_auth
user that has sites blocked, can you somehow temporarily login to
Squid as another user, but then immediately when done, have it go back
to the regular user. Almost like Window's RunAs function.

Re: [squid-users] squid is dying

[Henrik Nordstrom]

On mån, 2008-11-03 at 11:26 +0545, Anuj Shrestha wrote:
> i m using squid in freebsd 7.0 below are the compile options,
> 
> proxy01# squid -v
> Squid Cache: Version 3.0.STABLE9

> below are the cache.log errors
> 
> FATAL: Received Segment Violation...dying.

You may want to try upgrading to 3.0.STABLE10.

Or at a minimum file a bug report including a stack backtrace.

http://wiki.squid-cache.org/SquidFaq/TroubleShooting#head-7067fc0034ce967e67911becaabb8c95a34d576d

> proxy01# tail -f /var/log/squid/cache.log
> 2008/11/03 17:14:17| clientParseRequestMethod: Unsupported method in 
> request 'REGISTER sip:68.142.233.183:80;transport=tcp SIP/2.0__From: 
> ;ta'

Hmm.. SIP requests sent to Squid? Why is that? SIP is not HTTP even if
it borrows much of the syntax from HTTP.

Regards
Henrik


signature.asc
Description: This is a digitally signed message part

Re: [squid-users] How to run squid after reboot?

[Luciano Cassemiro]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Try this:
# update-rc.d squid defaults


Sebastian Jaurena escreveu:
> Hi, Im having problems trying to get back to the life squid after
> reboot. We have ubuntu 6.06.
> 
> Thanks.
> 

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFJDuGX4/f2ihDUoIkRAiEjAKCh580Q2b0B5RmJPhA0RYT6p8o2LwCdFO5y
PGlwqkxQh05cMspyUAsnylc=
=3x4R
-END PGP SIGNATURE-

Re: [squid-users] MSNT authentication - login window

[Luciano Cassemiro]

Forgot to 'reply to all'. My bad
Resend...

Dear Henrik,

my first acl:
acl users proxy_auth REQUIRED
so theres that defaults - acl our_networks, manager, localhost etc

acl tecnology proxy_auth [users in this group]
acl directors proxy_auth [users in this group]
. . . . .
until:
acl forbidden_sites url_regex -i "/path/forbidden_sites.txt"
acl forbidden_webmail blablabla

and then:

http_access deny our_networks users forbidden_sites !directors
(keep denying webmail etc)

http_access allow our_networks users
http_access deny all


Henrik Nordstrom escreveu:
> On fre, 2008-10-31 at 08:43 -0200, Luciano Cassemiro wrote:
>
>> Everything is OK but what bothers me is: the login window shows up
when an user
>> tries to connect to a forbidden site then he fill with his credentials
BUT after
>>  OK button the login window appears again and again until the user
click cancel.
>
> This happens is the last acl on the http_access deny line denying access
> is realted to authentication.
>
> Now I am a little confused as the http_access rules you posted did not
> have this.. is there other http_access deny lines in your squid.conf?
>
>
> Regards
> Henrik

[squid-users] How to run squid after reboot?

[Sebastian Jaurena]

Hi, Im having problems trying to get back to the life squid after
reboot. We have ubuntu 6.06.

Thanks.

Re: [squid-users] Ignoring query string from url

[nitesh naik]

Not sure if url rewrite helper is slowing down process because via
cache manager interface it didn't show any connection back log. What
information I should look for in cache manager to find out the cause
of the slow serving of requests ?

Redirector Statistics:
program: /home/zdn/bin/redirect_parallel.pl
number running: 2 of 2
requests sent: 155697
replies received: 155692
queue length: 0
avg service time: 0 msec


#   FD  PID # Requests  Flags   TimeOffset  Request
1   8   21149   104125  
BW  0.033   38  http://s2.xyz.com/1821/78/570/1789/563/i88.js?z=4258
81.52.249.106/- - GET myip=10.0.0.165 myport=80\n
2   9   21150   51572   BW  0.039   0   
http://s2.xyz.com/1813/2/570/1781/563/i7.js?z=8853
81.52.249.106/- - GET myip=10.0.0.165 myport=80\n


Following are my squid settings.

acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1
acl to_localhost dst 127.0.0.0/255.0.0.0
acl localnet src 10.0.0.0/255.0.0.0
acl SSL_ports port 443
acl Safe_ports port 80 21 443 70 210 1025-65535 280 488 591 777
acl CONNECT method CONNECT
http_access Allow manager localhost
http_access Deny manager
http_access Deny !Safe_ports
http_access Deny CONNECT !SSL_ports
http_access Allow all
http_access Allow localnet
http_access Deny all
icp_access Allow localnet
icp_access Deny all
htcp_access Allow localnet
htcp_access Deny all
htcp_clr_access Deny all
ident_lookup_access Deny all
http_port 0.0.0.0:80 defaultsite=s1.xyz.com vhost
cache_peer 10.0.0.175 Parent 80 0 no-query round-robin originserver
cache_peer 10.0.0.177 Parent 80 0 no-query round-robin originserver
cache_peer 10.0.0.179 Parent 80 0 no-query round-robin originserver
cache_peer 10.0.0.181 Parent 80 0 no-query round-robin originserver
dead_peer_timeout 10 seconds
hierarchy_stoplist cgi-bin
hierarchy_stoplist ?
cache_mem 0 bytes
maximum_object_size_in_memory 1048576 bytes
memory_replacement_policy lru
cache_replacement_policy lru
cache_dir ufs /home/zdn/squid/var/cache 6000 16 256 IOEngine=Blocking
store_dir_select_algorithm least-load
max_open_disk_fds 0
minimum_object_size 0 bytes
maximum_object_size 4194304 bytes
cache_swap_low 90
cache_swap_high 95
logformat combined %>a %ui %un [%[tl] "%"rm %"ru HTTP/%">v" %Hs %h" "%"{User-Agent}>h" %Ss:%Sh
access_log /home/zdn/squid/var/logs/access.log squid
cache_log /home/zdn/squid/var/logs/cache.log
cache_store_log /home/zdn/squid/var/logs/store.log
logfile_rotate 10
emulate_httpd_log off
log_ip_on_direct on
mime_table /home/zdn/squid/etc/mime.conf
log_mime_hdrs off
pid_filename /home/zdn/squid/var/logs/squid.pid
debug_options ALL,1
log_fqdn off
client_netmask 255.255.255.255
strip_query_terms off
buffered_logs off
url_rewrite_program /home/zdn/bin/redirect_parallel.pl
url_rewrite_children 2
url_rewrite_concurrency 2000
url_rewrite_host_header off
url_rewrite_bypass off
refresh_pattern ^ftp: 1440 20% 10080

refresh_pattern ^gopher: 1440 0% 1440

refresh_pattern (cgi-bin|\?) 0 0% 0

refresh_pattern . 0 20% 4320

quick_abort_min 16 KB
quick_abort_max 16 KB
quick_abort_pct 95
read_ahead_gap 16384 bytes
negative_ttl 0 seconds
positive_dns_ttl 21600 seconds
negative_dns_ttl 60 seconds
range_offset_limit 0 bytes
minimum_expiry_time 60 seconds
store_avg_object_size 13 KB
store_objects_per_bucket 20
request_header_max_size 20480 bytes
reply_header_max_size 20480 bytes
request_body_max_size 0 bytes
via off
ie_refresh off
vary_ignore_expire off
request_entities off
relaxed_header_parser on
forward_timeout 240 seconds
connect_timeout 10 seconds
peer_connect_timeout 5 seconds
read_timeout 120 seconds
request_timeout 10 seconds
persistent_request_timeout 120 seconds
client_lifetime 86400 seconds
half_closed_clients off
pconn_timeout 60 seconds
ident_timeout 10 seconds
shutdown_lifetime 30 seconds
cache_mgr webmaster
mail_program mail
cache_effective_user zdn
httpd_suppress_version_string off
umask 23
announce_period 31536000 seconds
announce_host tracker.ircache.net
announce_port 3131
client_persistent_connections off
server_persistent_connections off
persistent_connection_after_error off
detect_broken_pconn off
snmp_port 0
snmp_access Deny all
snmp_incoming_address 0.0.0.0
snmp_outgoing_address 255.255.255.255
icp_port 3130
htcp_port 0
log_icp_queries on
udp_incoming_address 0.0.0.0
udp_outgoing_address 255.255.255.255
icp_hit_stale off
minimum_direct_hops 4
minimum_direct_rtt 400
netdb_low 900
netdb_high 1000
netdb_ping_period 300 seconds
query_icmp off
test_reachability off
icp_query_timeout 4000
maximum_icp_query_timeout 2000
minimum_icp_query_timeout 5
background_ping_rate 10 seconds
mcast_icp_query_timeout 2000
icon_directory /home/zdn/squid/share/icons
global_internal_static on
short_icon_urls on
error_directory /home/zdn/squid/share/errors/templates
err_html_text
email_err_data on
nonhierarchical_direct on
prefer_direct off
incoming_icp_average 6
incoming_http_average 4
incoming_dns_average 4
min_icp_poll_cnt 8
min_dns_poll_cnt 8
min_http_poll_c

[squid-users] WCCP load balancing and TPROXY fully transparent interception

[Bin Liu]

Hi,

I'm going to deploy multiple squid servers in a ISP for HTTP traffic
caching. I'm now considering using WCCP for load balancing and TPROXY
for fully transparent interception.

Here is the problem. As far as I know, Cisco WCCP module does not
maintain connection status, it just redirect packets based on their IP
addresses and ports. I'm just wondering if it's possible that one
squid server(squid A, for example) sends a outbound request, but the
router redirects the corresponding inbound response to another
squid(squid B)? Then that's totally messed.

RE: [squid-users] SquidNT TCP_DENIED

[Alex Huxham]

This is very common with squid, same in my logs, its more along the
lines squid tries to fetch the page without using authentication, which
is denied, than fetches the page with authentication and its correctly
presented.

You always see two denied and the connect, this is "dummy" traffic as
nothing is fetched from the site.

It's perfectly setup.

Alex

-Original Message-
From: Chris Lee [mailto:[EMAIL PROTECTED] 
Sent: 03 November 2008 06:24
To: 'squid-users@squid-cache.org'
Subject: [squid-users] SquidNT TCP_DENIED

Hi,
 
Form the access.log of my new SquidNT (version 2.7.STABLE4) box, I got
some
TCP_DENIED entry, before the users can access the website.
 
1225693114.517 10 10.1.10.147 TCP_DENIED/407 1721 CONNECT
urs.microsoft.
com:443 - NONE/- text/html
1225693114.547 30 10.1.10.147 TCP_DENIED/407 1933 CONNECT
urs.microsoft.
com:443 - NONE/- text/html
1225693114.577240 10.1.10.147 TCP_MISS/200 6346 CONNECT
urs.microsoft.com:443 domain_nt\osec DIRECT/207.46.50.124 -
 
Why the first 2 entry does not go the domain\user info? Did I
misconfigure
something?
 
Regards,
Chris Lee


This message and its attachment (if any) are strictly confidential and
sent
to the designated recipient(s) only. If you are not the intended
recipient,
please notify the sender by e-mail and delete this message and its
attachment (if any) from your computer system immediately . Century City
International Holdings Limited, Paliburg Holdings Limited, Regal Hotels
International Holdings Limited, its respective related subsidiaries,
associated companies and affiliates do not guarantee this message and
its
attachment (if any) are free of computer virus and would not accept any
liability whatsoever arising from Internet transmission. 

[squid-users] error:unsupported-request-method

[░▒▓ ɹɐzǝupɐɥʞ ɐzɹıɯ ▓▒░]

1225701560.304  1 192.169.1.56 TCP_DENIED/400 1614 NONE
error:unsupported-request-method - NONE/- text/html

what is that mean ?
squid 2x ( from UBUNTU packages )


-- 
-=-=-=-=
http://amyhost.com
Dollar naik ? Krisis ? Kami tetap mempertahankan harga jual domain Rp.
75.000 rupiah

Pengin punya Layanan SMS PREMIUM ?
Contact me ASAP. dapatkan Share revenue MAXIMAL tanpa syarat traffic...