Re: [squid-users] Squid content filtering and redirection

[Helmut Hullen]

Hallo, Tóth,

Du meintest am 10.11.10:


> Is there a way to deny access to sites containing certain words?
> I'm thinking aoubt a wordlist or something?

Perhaps you are searching something like "squidGuard".

Viele Gruesse!
Helmut

Re: [squid-users] Squid content filtering and redirection

[Helmut Hullen]

Hallo, Tóth,

Du meintest am 10.11.10:

>>> Is there a way to deny access to sites containing certain words?
>>> I'm thinking aoubt a wordlist or something?

>> Perhaps you are searching something like "squidGuard".

> It's possible, I just would like to know if this could be done within
> squid itself. Also a little bit of modification.
> I would like to look for "ABC" word only in the site name, not in
> it's content. Like deny access to www.this-is-my-abc.com but dont
> filter a site containg some paragraphs about ABC-s.

> Could it be done?

[please don't top post, please don't fullquote - thank you]

One possible way:

In "squid.conf"

  # Schmuddelfilter
  include /etc/squid/conf.d/schmuddel.conf


with the file "/etc/squid/conf.d/schmuddel.conf"

  # Schmuddelfilter
  acl verboten url_regex "/etc/squid/schmuddel"
  acl ausnahme url_regex "/etc/squid/whitelist"
  http_access allow ausnahme
  http_access deny verboten

and the wordlist files "/etc/squid/schmuddel" and "/etc/squid/verboten",  
one entry per line.

As far as I know "squid" can't check the contents but only can check  
URLs etc.

Viele Gruesse!
Helmut

Re: [squid-users] squid 3 squidguard

[Helmut Hullen]

Hallo, Marco,

Du meintest am 15.11.10:

> With squid3, how i have to enable squidGuard ?

Which distribution? "squid3" sounds like a very special distribution.

> Redirect_program /usr/bin/squidGuard -c /etc/squid/squidGuard.conf
> Or
> url_rewrite_program /usr/bin/squidGuard -c /etc/squid/squidGuard.conf

> the Squid Page refer from redirect_program to url_rewrite_programe,
> but with both it does not work for me

Here (self compiled on slackware base): no problem.

squid-3.1.8
squidguard-1.4

Viele Gruesse!
Helmut

Re: Fwd: [squid-users] URL redirection in offline mode

[Helmut Hullen]

Hallo, Amos,

Du meintest am 19.10.10:

> Turn of "offline_mode" if you have it set in squid.conf. Despite the
> name, it only causes aggressive caching to be done.


But what shall I do with a squid installation in a boarding school  
("Internat", many pupils have their own computer(s)) where the  
connection into the internet is cut from midnight to 6:00?

"squid" mourns on and on that the DNS is unreachable (and that's right  
...).

Viele Gruesse!
Helmut

Re: Fwd: [squid-users] URL redirection in offline mode

[Helmut Hullen]

Hallo, Amos,

Du meintest am 22.11.10:

>>> Turn of "offline_mode" if you have it set in squid.conf. Despite
>>> the name, it only causes aggressive caching to be done.

>> But what shall I do with a squid installation in a boarding school
>> ("Internat", many pupils have their own computer(s)) where the
>> connection into the internet is cut from midnight to 6:00?
>>
>> "squid" mourns on and on that the DNS is unreachable (and that's
>> right ...).


> Make yourself a custom error page template explaining the situation.
> Then use a deny_info line to supply it when a time-based ACL at the
> top of the http_access list matches your offline times. No DNS or
> external network connection involved.

May be I do something wrong - but my ACL doesn't help.

 part of "squid.conf" ---

http_access allow manager localhost
http_access deny manager
# nach Buch

http_access deny CONNECT !SSL_ports
http_access deny Dangerous_ports

# nur LAN erlaubt (ist das doppelt gemoppelt?)
http_access deny !localnet

include /etc/squid/conf.d/schlafen.conf

# 

-- end squid.conf -

with

- /etc/squid/conf.d/schlafen.conf --

acl Schlafzeit time 00:00-05:59
http_access allow !Schlafzeit
#

-- end schlafen.conf 

Early in the morning I get the following messages in "/var/log/ 
messages":

- /var/log/messages --

Nov 22 04:13:23 Arktur squid[3238]: Failure Ratio at 1.088
Nov 22 04:13:23 Arktur squid[3238]: Going into hit-only-mode for 5 minutes...
Nov 22 04:18:23 Arktur squid[3238]: Failure Ratio at 1.401
Nov 22 04:18:23 Arktur squid[3238]: Going into hit-only-mode for 5 minutes...
Nov 22 04:23:42 Arktur squid[3238]: Failure Ratio at 1.245
Nov 22 04:23:42 Arktur squid[3238]: Going into hit-only-mode for 5 minutes...
Nov 22 04:28:42 Arktur squid[3238]: Failure Ratio at 1.092
Nov 22 04:28:42 Arktur squid[3238]: Going into hit-only-mode for 5 minutes...
Nov 22 04:33:42 Arktur squid[3238]: Failure Ratio at 1.440
Nov 22 04:33:42 Arktur squid[3238]: Going into hit-only-mode for 5 minutes...
Nov 22 04:39:33 Arktur squid[3238]: Failure Ratio at 1.008
Nov 22 04:39:33 Arktur squid[3238]: Going into hit-only-mode for 5 minutes...

--- end messages --

My squid version:

Squid Cache: Version 3.1.8
configure options:  '--prefix=/usr' '--libdir=/usr/lib' 
'--sysconfdir=/etc/squid' '--localstatedir=/var/log/squid' 
'--datadir=/usr/share/squid' '--with-pidfile=/var/run/squid' 
'--mandir=/usr/man' '--with-logdir=/var/log/squid' '--enable-snmp' 
'--enable-storeio=aufs,ufs,diskd' '--enable-wccp' '--enable-arp-acl' 
'--enable-ssl' '--enable-removal-policies=lru,heap' '--enable-icmp' 
'--enable-delay-pools' '--enable-auth=basic' 
'--enable-basic-auth-helpers=NCSA,YP,multi-domain-NTLM,MSNT,SMB,getpwnam' 
'--enable-linux-netfilter' '--enable-async-io' '--disable-loadable-modules' 
'--build=i486-slackware-linux' 'build_alias=i486-slackware-linux' 'CFLAGS=-O2 
-march=i486 -mtune=i686' 'CXXFLAGS=-O2 -march=i486 -mtune=i686' 
--with-squid=/tmp/SBo/squid-3.1.8 --enable-ltdl-convenience


Viele Gruesse!
Helmut

Re: Fwd: [squid-users] URL redirection in offline mode

[Helmut Hullen]

Hallo, Amos,

Du meintest am 23.11.10:

>> - /etc/squid/conf.d/schlafen.conf --
>>
>> acl Schlafzeit time 00:00-05:59
>> http_access allow !Schlafzeit

> This is an "allow" line. It make the decision between ALLOW or
> CONTINUE.

> What you need is a "deny" line. To make the decision between DENY or
> CONTINUE.

> Use:
>   http_access deny Schlafzeit

Bingo - it works!
Thank you!

Viele Gruesse!
Helmut

[squid-users] SAMBAPREFIX

[Helmut Hullen]

Hallo, squid-users,

it would be nice if "SAMBAPREFIX" is not hard coded in "helpers/ 
basic_auth/SMB/Makefile.in" but can be defined as a "configure" option.


Viele Gruesse!
Helmut

Re: [squid-users] SAMBAPREFIX

[Helmut Hullen]

Hallo, Amos,

Du meintest am 27.11.10:

>> it would be nice if "SAMBAPREFIX" is not hard coded in "helpers/
>> basic_auth/SMB/Makefile.in" but can be defined as a "configure"
>> option.
>>

> You will probably be wanting to tell this to the developers
> (squid-dev mailing list) rather than fellow admin.
> http://bugs.squid-cache.org/show_bug.cgi?id=2959

Reported:   2010-06-18 04:35 MDT by Helmut Hullen

Viele Gruesse!
Helmut

[squid-users] POP3 authentification

[Helmut Hullen]

Hallo, squid-users,

I've tried the POP3 authentification with the script "pop3.pl" in  
"helpers/basic_auth/POP3" (written by Henrik Nordstrom) - it didn't  
work.

Many error messages in /var/log/warn, telling

Nov 26 09:14:58 Arktur squid[2157]: Starting Squid Cache version 3.1.8  
for i486-slackware-linux-gnu...
Nov 26 09:15:06 Arktur squid[2157]: WARNING: basicauthenticator #1 (FD 9) exited
Nov 26 09:15:06 Arktur squid[2157]: WARNING: basicauthenticator #2 (FD 11) 
exited

[...]

Nov 26 09:15:07 Arktur squid[2157]: WARNING: basicauthenticator #20 (FD 47) 
exited
Nov 26 09:15:07 Arktur squid[2157]: WARNING: basicauthenticator #21 (FD 49) 
exited
Nov 26 09:15:07 Arktur squid[2157]: Too few basicauthenticator processes are 
running
Nov 26 09:15:07 Arktur squid[2157]: The basicauthenticator helpers are crashing 
too rapidly, need help!
Nov 26 09:15:07 Arktur squid[1928]: Exiting due to repeated, frequent failures


Changing to

squidauth.py (by POP3)
or
squidauth.py (by IMAP)

(see "http://lateral.netmanagers.com.ar/stories/6.html";)

solved the problem.

Maybe you should add the Python scripts in "helpers/basic_auth/POP3".

Viele Gruesse!
Helmut

Re: [squid-users] POP3 authentification

[Helmut Hullen]

Hallo,

I wrote am 26.11.10:

> I've tried the POP3 authentification with the script "pop3.pl" in
> "helpers/basic_auth/POP3" (written by Henrik Nordstrom) - it didn't
> work.

> Many error messages in /var/log/warn, telling

> Nov 26 09:14:58 Arktur squid[2157]: Starting Squid Cache version
> 3.1.8 for i486-slackware-linux-gnu...
> Nov 26 09:15:06 Arktur squid[2157]: WARNING: basicauthenticator #1
> (FD 9) exited Nov 26 09:15:06 Arktur squid[2157]: WARNING:
> basicauthenticator #2 (FD 11) exited

Sorry - it was my fault. "pop3.pl" needs the address of the POP3 server  
as a parameter, "popauth.py" has this address hard coded.

# POP3/IMAP
# auth_param basic program /usr/libexec/popauth.py
# auth_param basic program /usr/libexec/imapauth.py
auth_param basic program /usr/libexec/pop3.pl localhost



Viele Gruesse!
Helmut

Re: [squid-users] POP3 authentification

[Helmut Hullen]

Hallo, Amos,

Du meintest am 27.11.10:

>> Sorry - it was my fault. "pop3.pl" needs the address of the POP3
>> server as a parameter, "popauth.py" has this address hard coded.
>>
>> # POP3/IMAP
>> # auth_param basic program /usr/libexec/popauth.py
>> # auth_param basic program /usr/libexec/imapauth.py
>> auth_param basic program /usr/libexec/pop3.pl localhost

> Since you have both going now are you able to provide any info on
> which of the perl or python versions is fastest regarding these
> important details?
>   * helper startup time
>   * request execution time

I'll try ...

On my installation here at home there is only 1 user. But I can watch  
some other machines.

In "cache.log" (and debug level 1) I only find something like

2010/11/27 09:26:11| helperOpenServers: Starting 40/40 'pop3.pl'  
processes
2010/11/27 09:26:13| Accepting  HTTP connections at [::]:8080, FD 95.

Where/how can I find the execution time(s)?

-

Studying log files sucks ...

"popauth.py" and "imapauth.py" send error messages, but they work.

Viele Gruesse!
Helmut

Re: [squid-users] size of squid binary

[Helmut Hullen]

Hallo, Orestes,

Du meintest am 27.12.10:

> I've built squid 3.1.10 on openbsd4.6 sucessfuly
> but my squid binary it's 40M of size, then I do a:

> strip --strip-unneeded squid

> to low this to 2M and all ok.

> it's this size by default normal?
> squid gets a debug build by default?

Slackware, LZO-packed: about 1 MByte

  http://arktur.shuttle.de/CD/5.4/slack/n1/squid-3.1.10-i486-1hln.tgz

My pure binary "/usr/bin/squid" is about 2 MByte big.

Viele Gruesse!
Helmut

Re: [squid-users] Squid for personal use...

[Helmut Hullen]

Hallo, John,

Du meintest am 09.01.11:

> Is there any advantage of using squid on a personal computer?  I can
> see that in a household, running squid on a central server could be
> beneficial.  What if there was only one machine in the home?

It's a kind of big cache, too. You can choose which program caches - the  
browser(s) or squid.

Viele Gruesse!
Helmut

[squid-users] documentation link for smb_auth

[Helmut Hullen]

Hallo, squid-users,

I'm just trying squid-3.1.10-20110110, especially the smb  
authentification.

The error with the hard coded samba directory seems to be cured, but the  
is still another bug; I'm investigating.

By searching I found

a)

 path_to_source/helpers/basic_auth/SMB/README

and in that file a link to

 http://www.hacom.nl/~richard/software/smb_auth.html

That link seems to be dead.

b)
in "/usr/libexec/smb_auth.sh" the path to "nmblookup" seems to be hard  
coded; on my installation (slackware) I had to set a symlink.

c) "smb_auth.pl" and "smb_auth.sh" seem to be added for testing; which  
parameters do they need? It's a nasty job reengineering them ...

Viele Gruesse!
Helmut

[squid-users] picture address unreachable

[Helmut Hullen]

Hallo, squid-users,

I'm testing squid-3.1.0-20110131.

I'm trying authentification. When authentification (ncsa or smb) fails  
then "errors/errorpage.css" ("/etc/squid/errorage.css") seems to be  
invoked.
And in this *.css the address of the background picture (SN.png) leads  
to the "www.squid-cache.org" site. But because authentification has  
failed this site is unreachable.

The proposed picture (SN.png) should be copied to "/usr/share/squid/ 
icons", and the proposed *.css link should set to this local address.

Viele Gruesse!
Helmut

Re: [squid-users] Bypass ICAP somehow?

[Helmut Hullen]

Hallo, Kinkie,

Du meintest am 09.02.11:

>> Can I selectively bypass the use of ICAP (we're using c-icap) for
>> certain * client IPs
>> * destination URLs
>> * destination IPs

> You can check http://www.squid-cache.org/Doc/config/icap_access/ out.

   "This option is deprecated. Please use adaptation_access,"



Viele Gruesse!
Helmut

Re: [squid-users] squid crashes periodically without logging error message, signal 8, Arithmetic exception

[Helmut Hullen]

Hallo, Marc,

Du meintest am 25.02.11:

> our squid crashes from time to time without logging error
> messages. I started gdb on the core file - disclaimer: gdb
> is totally new for me - and here is what gdb says:

[...]

> Version: Squid 2.6.STABLE18 on Ubuntu 08.04 LTS

What about updating to an actual version, p.e. 2.7STABLE9 or 3.1.11?

Viele Gruesse!
Helmut

Re: [squid-users] squid crashes periodically without logging error message, signal 8, Arithmetic exception

[Helmut Hullen]

Hallo, Marc,

Du meintest am 25.02.11:

>>> our squid crashes from time to time without logging error
>>> messages. I started gdb on the core file - disclaimer: gdb
>>> is totally new for me - and here is what gdb says:
>>
>> [...]
>>
>>> Version: Squid 2.6.STABLE18 on Ubuntu 08.04 LTS
>>
>> What about updating to an actual version, p.e. 2.7STABLE9 or 3.1.11?

[...]

> I just want to rule out that a likely cause for this issue are
> Hardware failures, defect RAM or something like that, that cannot be
> fixed by installing a new version.

May be a colleague some hours away has a similar problem (with squid- 
2.6STABLE16, the system is about 3 years old); next week I'll watch that  
system.

Simple changing to a newer version (slackware based) doesn't work; at  
least "libexpat" is missing ...

Viele Gruesse!
Helmut

Re: [squid-users] Auth popup not shown on website

[Helmut Hullen]

Hallo, Xavier,

Du meintest am 02.03.11:

> The url is : http://reporting.generix.biz/QlikView/index.htm

> I tried with squid-3.0.STABLE7-4, squid-2.5.STABLE10-10 ...

> Dunno what is the type of auth that pops up, I'm not the owner of the
> website, I just want to use it.

Here (squid 3.1.10-20110131, Firefox 3.6.3) I'm asked for login and  
password.

Viele Gruesse!
Helmut

Re: [squid-users] Squid 3.2.0.5 beta is available

[Helmut Hullen]

Hallo, Amos,

Du meintest am 13.02.11:

> The Squid HTTP Proxy team is very pleased to announce the
> availability of the Squid-3.2.0.5 beta release!

I've just compiled it; seems to run as expected.

Some nasty error:

The icons (p.e. "anthony-unknown.gif") are in "/usr/share/squid/icons",  
but 3.2.0.5 searches them in "/var/log/squid/www/squid/icons".

Configured with

Squid Cache: Version 3.2.0.5
configure options:  '--prefix=/usr' '--libdir=/usr/lib' '--sysconfdir=/ 
etc/squid' '--localstatedir=/var/log/squid' '--datadir=/usr/share/squid'  
'--mandir=/usr/man' '--with-pidfile=/var/run/squid' '--with-logdir=/var/ 
log/squid' '--with-filedescriptors=65536' '--with-large-files' '-- 
enable-snmp' '--enable-storeio=aufs,ufs,diskd' '--enable-wccp' '-- 
enable-arp-acl' '--enable-ssl' '--enable-esi' '--enable-external-acl- 
helpers=ip_user,ldap_group,unix_group,wbinfo_group' '--enable-removal- 
policies=lru,heap' '--enable-icmp' '--enable-delay-pools' '--enable- 
basic-auth-helpers=NCSA,YP,MSNT-multi- 
domain,MSNT,SMB,getpwnam,LDAP,POP3,RADIUS' '--enable-digest-auth- 
helpers=LDAP,file' '--enable-ntlm-auth-helpers=smb_lm' '--enable- 
negotiate-auth-helpers=kerberos' '--enable-linux-netfilter' '--enable- 
async-io=8' '--enable-inline' '--disable-loadable-modules' '--disable- 
translation' '--build=i486-slackware-linux' 'build_alias=i486-slackware- 
linux' 'CFLAGS=-O2 -march=i486 -mtune=i686' 'CXXFLAGS=-O2 -march=i486 - 
mtune=i686'

--

Where's the mis-configuration?

It's nearly the same configuration as for 3.1.11 - there the icons are  
searched and found under "/usr/share/squid/icons".

Viele Gruesse!
Helmut

Re: [squid-users] Squid 3.2.0.5 beta is available

[Helmut Hullen]

Hallo,

I wrote am 05.03.11 zum Thema Re: Squid 3.2.0.5 beta is available:

>> The Squid HTTP Proxy team is very pleased to announce the
>> availability of the Squid-3.2.0.5 beta release!

> I've just compiled it; seems to run as expected.

> Some nasty error:

> The icons (p.e. "anthony-unknown.gif") are in
> "/usr/share/squid/icons", but 3.2.0.5 searches them in
> "/var/log/squid/www/squid/icons".

Additionally: that seems to be (mis-)configured at least in  
"squid.conf.documented"; "icon_directory".

Viele Gruesse!
Helmut

Re: [squid-users] Pausing the transfer of data during a browsing session

[Helmut Hullen]

Hallo, Amos,

Du meintest am 05.03.11:

> 3.2 is needed for client bandwidth limits.
> http://wiki.squid-cache.org/Features/ClientBandwidthLimit

Seems I'll need this option; "delay_pool" doesn't please me.

But the Wiki only tells that this option exists; how can I use it, with  
which parameters?

Viele Gruesse!
Helmut

Re: [squid-users] Squid 3.2.0.5 beta is available

[Helmut Hullen]

Hallo, Amos,

Du meintest am 06.03.11:

>>> The Squid HTTP Proxy team is very pleased to announce the
>>> availability of the Squid-3.2.0.5 beta release!

>> The icons (p.e. "anthony-unknown.gif") are in
>> "/usr/share/squid/icons", but 3.2.0.5 searches them in
>> "/var/log/squid/www/squid/icons".

>> Where's the mis-configuration?

> --localstatedir=/var/log/squid  appears to be the problem.

Ok - some more symlinks ...

> 3.2 has been updated to obey the standard filesystem hierarchy
> definitions. Meaning the default cache is at /var/cache/squid,
> locally served files (icons) are in /var/www/squid, logs are in
> /var/log/squid, PID files are in /var/run/squid, etc.

> 3.2.0.5 also uses a new set of icons, they should be installed under
> /var/www/squid/icons

What about the old icons, p.e. "anthony-unknown.gif"?

squid mourned that it couldn't find them, and they seem to be no part of  
3.2.0.5

Mar  5 11:02:59 ElNath squid[14639]: Starting Squid Cache version  
3.2.0.5 for i486-slackware-linux-gnu...
Mar  5 11:02:59 ElNath squid[14639]: mimeLoadIconFile: 
/var/log/squid/www/squid/icons/anthony-image.gif: (2) No such file or directory
Mar  5 11:02:59 ElNath squid[14639]: mimeLoadIconFile: 
/var/log/squid/www/squid/icons/anthony-text.gif: (2) No such file or directory
Mar  5 11:02:59 ElNath squid[14639]: mimeLoadIconFile: 
/var/log/squid/www/squid/icons/anthony-dirup.gif: (2) No such file or directory
[...]

When I linked (or declared) the icon_directory to the 3.1.11 icon  
directory all worked fine.

Viele Gruesse!
Helmut

Re: [squid-users] Squid 3.2.0.5 beta is available

[Helmut Hullen]

Hallo, Amos,

Du meintest am 06.03.11:

 The icons (p.e. "anthony-unknown.gif") are in
 "/usr/share/squid/icons", but 3.2.0.5 searches them in
 "/var/log/squid/www/squid/icons".

 Where's the mis-configuration?

>>> --localstatedir=/var/log/squid  appears to be the problem.

>> Ok - some more symlinks ...

> Why do you have all state configured to be installed below "/var/log"
> anyway? That is a location reserved for log files.

I've taken the "Build" script from 3.1.11 - most parts work well.

> Distribution packages are supposed to set --localstatedir=/var there.
> User-built packages are supposed to set /usr/var or some such local
> equivalent.

Ok - I'll update the script.

>> What about the old icons, p.e. "anthony-unknown.gif"?
>>
>> squid mourned that it couldn't find them, and they seem to be no
>> part of 3.2.0.5
>>
>> Mar  5 11:02:59 ElNath squid[14639]: Starting Squid Cache version
>> 3.2.0.5 for i486-slackware-linux-gnu...
>> Mar  5 11:02:59 ElNath squid[14639]: mimeLoadIconFile:
>> /var/log/squid/www/squid/icons/anthony-image.gif: (2) No such file
>> or directory Mar  5 11:02:59 ElNath squid[14639]: mimeLoadIconFile:
>> /var/log/squid/www/squid/icons/anthony-text.gif: (2) No such file or
>> directory Mar  5 11:02:59 ElNath squid[14639]: mimeLoadIconFile:
>> /var/log/squid/www/squid/icons/anthony-dirup.gif: (2) No such file
>> or directory [...]
>>
>> When I linked (or declared) the icon_directory to the 3.1.11 icon
>> directory all worked fine.

> There is a file mime.conf installed with Squid which should have been
> updated to link the new icons. Perhaps it has not been updated.


It hasn't ... thank you!

---

By the way: in "errorpage.css" the "background" calls a picture  
("SN.png") via the net. That's no good idea for a machine which is  
sometimes offline.

Viele Gruesse!
Helmut

[squid-users] download quota

[Helmut Hullen]

Hallo, squid-users,

is there a simple ACL for setting a download quota for users or for MAC  
addresses?

squid 3.1.11 and/or 3.2.0.5

"squidquota" seems to be dead, "squid quota manager" (sqm) too. "dealay  
pools" doesn't work "per user".

Viele Gruesse!
Helmut

Re: [squid-users] download quota

[Helmut Hullen]

Hallo, Leonardo,

Du meintest am 11.03.11:

>> is there a simple ACL for setting a download quota for users or for
>> MAC addresses?
>>
>> squid 3.1.11 and/or 3.2.0.5
>>
>> "squidquota" seems to be dead, "squid quota manager" (sqm) too.
>> "dealay pools" doesn't work "per user".

>  no, there's no easy way or 'squid-only' way to provide that. It
> can be acchieved using external_acls and probably some coding.

>  Please check the mailing list archives, as this subject has been
> discussed several times.


Thank you - there I've only found "squish" (don't know if it's still  
maintained ...). I'll take a try.

Viele Gruesse!
Helmut

Re: [squid-users] download quota

[Helmut Hullen]

Hallo, Amos,

Du meintest am 12.03.11:

 is there a simple ACL for setting a download quota for users or
 for MAC addresses?

[...]

>> Thank you - there I've only found "squish" (don't know if it's still
>> maintained ...). I'll take a try.

> Squid does not do Quotas.

> If delay pools (bandwidth speed cap) is suitable there is
> client_delay_pools now in 3.2 and QoS features in all.

Last year I've played some time with "delay pools" - hasn't pleased me.
If I've understood this option correct it manages the actual transfer  
rate but not (p.e.) a monthly quota per user or per client.

But "squish" doesn't work as described - it examines the lines in  
"access.log", and on my machine it doesn't find client IP or user login  
name.
I should examine a long perl script, and I don't like perl ...

Viele Gruesse!
Helmut

[squid-users] 2 parallel access.log files

[Helmut Hullen]

Hallo, squid-users,

can I use 2 parallel access.log files?

I have some applications who want "squid" style (p.e. "squish"), and I  
have some other applications who want "common" style.

Or can I download somewhere a converter which changes the one style to  
the other?

Viele Gruesse!
Helmut

Re: [squid-users] 2 parallel access.log files

[Helmut Hullen]

Hallo, Amos,

Du meintest am 17.03.11:

>> can I use 2 parallel access.log files?

> Yes. Just enter two access_log directives.

> The only restriction is that if using a log daemon then only one
> daemon helper may be used in the current Squid releases. Though it
> may still be used to write several logs.

In my special case: no such problem. Works as described - fine!
Thank you!

Viele Gruesse!
Helmut

Re: [squid-users] 2 parallel access.log files

[Helmut Hullen]

Hallo, Amos,

Du meintest am 17.03.11:

>> I have some applications who want "squid" style (p.e. "squish"), and
>> I have some other applications who want "common" style.
>>
>> Or can I download somewhere a converter which changes the one style
>> to the other?

> And yes. Perl scripts are available around the 'Net to convert squid
> to common.

I've just found "squid2common.pl" as part of "pwebstats":

http://martin.gleeson.com/pwebstats/installation.html

Viele Gruesse!
Helmut

Re: [squid-users] Mark log entries for redirected sites

[Helmut Hullen]

Hallo, Thomas,

Du meintest am 01.04.11:

[...]

> Well, I didn't see a 301/302/307 in the logs though I did
> get the "blocked" redirect page handed out by squidGuard.

[...]

> Actually I want to do it a bit differently: If f.e. someone blocked
> "facebook.com" during main business hours, they still show up in the
> access_log and in the reports created from it. As more and more sites
> include "Like this on facebook" buttons which refer to facebook.com,
> it looks like users are accessing facebook.com even though they
> aren't.

But that's a squidGuard problem, no squid problem. Perhaps it's a  
problem of your special reporting program.

For reporting I use "SARG" and "squish". For "squish" it might be very  
simple excluding "facebook" entries; the program gets its date via a  
simple "cat" command.

Viele Gruesse!
Helmut

Re: [squid-users] 3.2.0.6 problems

[Helmut Hullen]

Hallo, Ralf,

Du meintest am 05.04.11:

> 1) squid won't start, since it complains about a missing
> /usr/share/squid3/iconsdirectory

> 2) Once I mkdir'ed that directory, squid will start, but it keeps
> crashing:

> 2011/04/05 11:56:50| mimeLoadIconFile:
> /usr/share/squid3/icons/anthony-image.gif: (2) No such file or
> directory

The path has changed.
"squid3" sounds like a version which is "corrected" from a distribution  
- which distribution do you use?

Have you changed "/etc/squid/mime.conf" too?

(I had similar problems some weeks ago, and Amos had told something  
about changed pathes ...)

Viele Gruesse!
Helmut

Re: [squid-users] Squid Icons screw-up

[Helmut Hullen]

Hallo, Amos,

Du meintest am 11.04.11:

> I am deeply sorry for this mixup and hope that this has not caused
> too much trouble.

Baah - don't worry.
Symlinks are a fine remedy.

Viele Gruesse!
Helmut

Re: [squid-users] How to Hide Proxy detected at whatismyip.com

[Helmut Hullen]

Hallo, AZHAR,

Du meintest am 12.04.11:

> We have successfully installed Squid 3.1.10 with Tproxy, iptables at
> Fedora 14 which working perfected under PBR of router.
> (following instructions of http://wiki.squid-cache.org/Features/Tprox
> y4) We can see clients pcs inside the network browsing with tcp_hit,
> tcp_miss records. But when any client PC browse to whatismyip.com
> that time, the site shows client's fixed IP address along with
> detection of cache server mentioning hostname of squid server.

Do other websites react in the same way?

http://myip.at
http://checkip.dyndns.org

Viele Gruesse!
Helmut

[squid-users] logging skype

[Helmut Hullen]

Hallo, squid-users,

can I log skype transfer from clients in a LAN to the wide world?

My server installation:

iptables:

  $IPTABLES_BIN -t filter -A INPUT -p tcp --dport 80 -j ACCEPT
  $IPTABLES_BIN -t filter -A INPUT -p tcp --dport 443 -j ACCEPT

  $IPTABLES_BIN -t filter -A FORWARD -p tcp --dport 80 -j reject_fkt
  $IPTABLES_BIN -t filter -A FORWARD -p tcp --dport 3128 -j reject_fkt
  $IPTABLES_BIN -t filter -A FORWARD -p tcp --dport 8080 -j reject_fkt

squid.conf (no transparant squid):

  http_port 8080
  icp_port 3130

For a kind of traffic shaping with "squish" I'd need skype entries in  
squid's "access.log"

Viele Gruesse!
Helmut

Re: [squid-users] Block Facebook message page

[Helmut Hullen]

Hallo, Mohammad,

Du meintest am 14.04.11:


> I want to block message page within facebook. Any body can help me?

> Is there any way to block some pages inside a certaine sites?

I presume that's an end user problem, no squid problem (for all users).  
With firefox I use "adblock+" for such problems.

Viele Gruesse!
Helmut

Re: [squid-users] logging skype

[Helmut Hullen]

Hallo, Marcus,

Du meintest am 14.04.11:

> ufdbGuard is a URL filter which can be configured to allow/block
> Skype.

Thank you - I'll take a try.

Viele Gruesse!
Helmut

Re: [squid-users] compile squid with large files option

[Helmut Hullen]

Hallo, Tóth,

Du meintest am 15.04.11:

> What is the option when I compile squid to cache files over 2GB ?

--with-large-files

> How can I see what are the default compile options for an apt-get
> based debian installation?


squid -v

Viele Gruesse!
Helmut

Re: [squid-users] ACL::~ACL:

[Helmut Hullen]

Hallo, cc,

Du meintest am 19.04.11:

> I'm using Squid v3.0.Stable24.

> Whenever I do a "squid -k reconfigure", I get the following
> lines appearing:

> 2011/04/19 17:08:57.266| ACL::~ACL: '
> 2011/04/19 17:08:57.266| ACL::~ACL: '

[...]

> I have no idea what this is and can't seem to find any
> hints when googling.

Just try a newer squid version.

On my machine runs squid 3.1.11 under slackware-current - no such  
messages. Some older squid versions had produced them.

Viele Gruesse!
Helmut

Re: [squid-users] building 3.1.12

[Helmut Hullen]

Hallo, cc,

Du meintest am 19.04.11:

>>> Icmp4.cc:116: error: invalid use of undefined type `struct icmphdr'
>>> Icmp4.cc:96: error: forward declaration of `struct icmphdr'

>> 

>>> Am I missing something?

>> Some required header is not being found.

> during ./configure wouldn't it tell me what header is missing and
> not let me continue?

No - no such message.

Viele Gruesse!
Helmut

Re: [squid-users] building 3.1.12

[Helmut Hullen]

Hallo, cc,

Du meintest am 19.04.11:

> I tried building 3.1.12 today and came across the following
> errors:

[...]

Perhaps you try (for slackware)




Viele Gruesse!
Helmut

Re: [squid-users] building 3.1.12

[Helmut Hullen]

Hallo, Amos,

Du meintest am 19.04.11:

>> Icmp4.cc:116: error: invalid use of undefined type `struct
>> icmphdr' Icmp4.cc:96: error: forward declaration of `struct
>> icmphdr'

>> "struct icmphdr" should be defined in one of the netinet/ files. We
>> need to start with figuring out which.

[...]

> Ohh, Just noticed you said the compiler was GCC 3.3.5.

Maybe that's a compiler version problem. "cc" used gcc-3.3.5, I used  
(successfully) gcc-4.5.2

Viele Gruesse!
Helmut

Re: [squid-users] Squid 3.2.0.7 beta is available

[Helmut Hullen]

Hallo, Ralf,

Du meintest am 19.04.11:

>> The Squid HTTP Proxy team is very pleased to announce the
>> availability of the Squid-3.2.0.7 beta release!

> It doesn't build; I'm getting:

> Making install in wrapper
> make[3]: Entering directory
> /usr/src/squid-3.2.0.7/helpers/negotiate_auth/wrapper'
> g++ -DHAVE_CONFIG_H  -I../../.. -I../../../include -I../../../lib
> -I../../../src -I../../../include -I/usr/include -Wall
> -Wpointer-arith -Wwrite-strings -Wcomments -Werror -pipe -D_REENTRANT
> -m32 -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -g -O2 -c -o
> negotiate_wrapper.o negotiate_wrapper.cc
> cc1plus: warnings being treated as errors

[...]

not reproduceable.

gcc, cc, cpp Version 4.5.2
No cc1plus

configure options:
./configure \
  --prefix=/usr \
  --libdir=/usr/lib${LIBDIRSUFFIX} \
  --sysconfdir=/etc/squid \
  --localstatedir=/var/log/squid \
  --datadir=/usr/share/squid \
  --mandir=/usr/man \
  --with-pidfile=/var/run/squid \
  --with-logdir=/var/log/squid \
  --with-filedescriptors=65536 \
  --with-large-files \
  --enable-snmp \
  --enable-storeio=aufs,ufs,diskd \
  --enable-wccp \
  --enable-arp-acl --enable-ssl --enable-esi \
  --enable-external-acl-helpers=ip_user,ldap_group,unix_group,wbinfo_group \
  --enable-removal-policies=lru,heap \
  --enable-icmp \
  --enable-delay-pools\
  
--enable-basic-auth-helpers=NCSA,YP,MSNT-multi-domain,MSNT,SMB,getpwnam,LDAP,POP3,RADIUS
 \
  --enable-digest-auth-helpers=LDAP,file \
  --enable-ntlm-auth-helpers=smb_lm \
  --enable-negotiate-auth-helpers=kerberos \
  --enable-linux-netfilter \
  --enable-async-io=8 \
  --enable-inline \
  --disable-loadable-modules --disable-translation \
  --build=$ARCH-slackware-linux

#  --enable-auth=basic,digest,ntlm,negotiate \


# disable loadable modules wegen libltdl

# ---

Perhaps I have to modify some options (I have copied them from 3.1.x),  
but I first only tried wether compiling works. And it works.

The result:
  


Viele Gruesse!
Helmut

Re: [squid-users] building 3.1.12

[Helmut Hullen]

Hallo, cc,

Du meintest am 20.04.11:

> (Anyone in Slackware land that knows of where these
> headers are found? i.e. which package?)

  .../d/kernel-headers...

  .../testing/packages/kernel-headers...

In the "testing" path you also find the header packet for kernel  
2.6.38.3

And you should update to gcc-4.5.2 and gcc-g++-4.5.2

Viele Gruesse!
Helmut

Re: [squid-users] 'squid -k reconfigure' and connectivity breaking

[Helmut Hullen]

Hallo, Eugene,

Du meintest am 20.04.11:

> # stat swap.state
> 95 4012314 -rw-r- 1 squid squid 16326000 10203960 "Apr 19
> 14:02:21 2011" "Apr 20 10:53:45 2011" "Apr 20 10:53:45 2011" "Apr 19
> 14:02:21 2011" 16384 19968 0 swap.state

What about deleting the old cache and restarting with

squid -z

Viele Gruesse!
Helmut

Re: [squid-users] Common log file format conversion??

[Helmut Hullen]

Hallo, michel,

Du meintest am 29.04.11:

> I use CentOS, and my version of squid is squid-2.6.STABLE21-6.el5

> I configured my squid to generate logs in native mode to Mysar could
> generate the reports. as I mentioned in my previous email to the
> list.

[...]

> But I need to import some old logs that are common formats:

Squid (at least version 3.1.x) allows to write both formats  
simultaneously:

access_log /var/log/proxy/access.log common
access_log /var/log/proxy/access-s.log squid

or however your path is defined.


Viele Gruesse!
Helmut

Re: [squid-users] apt-get update issue on Client machine in LAN

[Helmut Hullen]

Hallo, Kaushal,

Du meintest am 12.05.11:

> I have a issue wherein when i list lynx
> http://archive.ubuntu.com/ubuntu and then browse the directories, I
> do not get further listing on the client machine in LAN

What happens if you don't use lynx as a client browser but (p.e.)  
firefox or seamonkey?

What happens with other text browsers (links and/or w3m)?

Viele Gruesse!
Helmut

Re: [squid-users] Sharing ACL Lists between different squids

[Helmut Hullen]

Hallo, Stefan,

Du meintest am 26.05.11:

> i like to ask, if it is possible to share ACL Lists between squids
> on different locations? Centralized ACL-List, if you will.

> With all our squid boxes have its own DSL connection and our ACL's
> are changing fast, I have to touch every box on every change.

> Can squid pull the ACL's from a remote database (i.e: mysql)?

Amos has mentioned "include" - may work as expected.
But you'll still have to touch every box with "squid -k reconfigure" on  
every change.

Viele Gruesse!
Helmut

Re: [squid-users] A way/hack to force squid to die?

[Helmut Hullen]

Hallo, jeffrey,

Du meintest am 09.06.11:


>> I need to verify, if I get a mail when squid dies (I put a correct
>> mailaddress in cache_mgr-directive). Is there a way/hack to force
>> squid to die? I tried several things like revoking permissions on
>> the the cache-dir, moving cache.log away... -> but squid is still
>> alive.

> ps -ax | grep squid
> kill -9 squid.pid

No good idea - sorry.

Warning: bad ps syntax, perhaps a bogus '-'? See http://procps.sf.net/ 
faq.html
 3978 ?Ss 0:00 /usr/sbin/squid -s
 3980 ?Sl 0:19 (squid) -s
24289 pts/0S+ 0:00 grep squid

-

Viele Gruesse!
Helmut

Re: [squid-users] A way/hack to force squid to die?

[Helmut Hullen]

Hallo, Tom,

Du meintest am 09.06.11:


> I need to verify, if I get a mail when squid dies (I put a correct
> mailaddress in cache_mgr-directive). Is there a way/hack to force
> squid to die?

Yes - this daemon is started from a script p.e. with the command

/etc/init.d/squid start

(the command depends on your distribution).

And stopping squid is nearly the same command.

Brute force (under a linux distribution):

killall squid

(if you are curious: repeat the command)

Viele Gruesse!
Helmut

Re: [squid-users] A way/hack to force squid to die?

[Helmut Hullen]

Hallo, Tom,

Du meintest am 09.06.11:

> I think, that if squid "realize" that something is wrong, it shutdown
> (or even dies) with sending the mail to the "cache_mgr".

Why should squid send mails when it dies?
"before I die please give me 10 minutes to inform all my relatives!"

Perhaps you need another job which only watches the squid PID.

Viele Gruesse!
Helmut

Re: [squid-users] A way/hack to force squid to die?

[Helmut Hullen]

Hallo, Tom,

Du meintest am 09.06.11:

>> Brute force (under a linux distribution):
>>
>>        killall squid
>>
>> (if you are curious: repeat the command)

[Toppost and fullquote reordered]

> killall (without any parameter) sends a sigterm (kill -15) to the
> squid-processes. This command kill's indeed all sqBut this does not
> bring squid to die and then send the mail. This command does just
> kill the processes.

Please: what is the difference between "kill all squid-processes" and  
"bring squid to die"?

Sending a mail is another problem.

Viele Gruesse!
Helmut

Re: [squid-users] A way/hack to force squid to die?

[Helmut Hullen]

Hallo, david,

Du meintest am 09.06.11:

>> Brute force (under a linux distribution):
>>
>>killall squid
>>
>> (if you are curious: repeat the command)

> actually, you do need to repeat the command. Squid doesn't stop
> immediatly when it gets the standard kill signal (15), it does some
> sort of graceful shutdown that can take a significant amount of time
> to actually take place.

[...]

> what I do is to do killall squid in a loop until the killall command
> returns an error that there is no process to kill.

Ok - I've seen this behaviour too but haven't yet studied it deeply.  
Thank you!

Viele Gruesse!
Helmut

Re: [squid-users] A way/hack to force squid to die?

[Helmut Hullen]

Hallo, Tom,

Du meintest am 10.06.11:

> From squid.conf.documented:
> -+- SNIP ---
> #  TAG: cache_mgr
> #   Email-address of local cache manager who will receive
> #   mail if the cache dies.  The default is "webmaster."

"if the cache dies"

That's another thing than a dying squid.

Viele Gruesse!
Helmut

Re: [squid-users] Squid not caching

[Helmut Hullen]

Hallo, Fabiano,

Du meintest am 21.06.11:

> My squid is not caching any content, all request is TCP_MISS/200,

> minimum_object_size 512 KB
> maximum_object_size 200 bytes

That may be the reason. "at least 512000 Bytes" and "max. 200 Byte"   
seems to be twisted.

Viele Gruesse!
Helmut

Re: [squid-users] Squid 3.1.14 is available

[Helmut Hullen]

Hallo, Amos,

Du meintest am 04.07.11:

> The Squid HTTP Proxy team is very pleased to announce the
> availability of the Squid-3.1.14 release!


And it works under Slackware 13.37:

  

Viele Gruesse!
Helmut

Re: [squid-users] Squid terminates when my network goes down

[Helmut Hullen]

Hallo, January,

Du meintest am 08.07.11:

> I would like assistance in configuring squid 2.7 for Windows 7.

> When my Internet connection goes down (my ethernet cable or my modem
> gets disconnected), Squid terminates by itself.

[...]

> 2011/07/07 11:32:55| With 2048 CRT stdio descriptors available
> 2011/07/07 11:32:55| Windows sockets initialized
> 2011/07/07 11:32:55| Using select for the IO loop
> 2011/07/07 11:32:55| Performing DNS Tests...
> 2011/07/07 11:32:55| Leaving Squid service
> FATAL: ipcache_init: DNS name lookup tests failed.
> Squid Cache (Version 2.7.STABLE8): Terminated abnormally.

That's strange - I run several versions of squid on many linux machines  
since years, they are disconnected for many hours in the early morning:  
I've never seen such an error message.

Should it be a special windows problem?

Viele Gruesse!
Helmut

Re: [squid-users] I need to deny navegation in Squid using ip address.

[Helmut Hullen]

Hallo, Amos,

Du meintest am 12.07.11:

>> I need that my Squid 3.0 deny all connections from clients by ip
>> like http://x.x.x.x/.
>>
>> In short, I want to permit the navegation only by hostnames.

>  There is a pattern to match IP addresses at:
>  http://wiki.squid-cache.org/ConfigExamples/Chat/Skype

But does that block hostnames whose IP address is in the blocked range?

Viele Gruesse!
Helmut

Re: [squid-users] Squid terminates when my network goes down

[Helmut Hullen]

Hallo, Peter,

Du meintest am 12.07.11:

>> How can you expect *machineS* to get a response from squid if
>> network is down?

> Proxy server. Squid accepts clients on inside interface and
> connects to internet servers on outside interface.
> Outside interface goes down with inside interface still alive.

That was the option/switch

offline mode on
or
offline mode off

New versions of squid don't need this option; if the WAN interface is  
down the clients get their pages from the cache (or they get nothing if  
the wanted page is not yet cached).

Viele Gruesse!
Helmut

Re: [squid-users] SARG: The date range passed as argument is not formatted as dd/mm/yyyy-dd/mm/yyyy

[Helmut Hullen]

Hallo, chinner999,

Du meintest am 18.07.11:

> /usr/sbin/sarg-daily-report

> TODAY=$(date +%/%m/%d)
> YESTERDAY=$(date -date "1 day ago" +%/%m/%d)

   --date

Viele Gruesse!
Helmut

Re: [squid-users] Squid 3.2.0.10 beta is available

[Helmut Hullen]

Hallo, Amos,

Du meintest am 25.07.11:

> The Squid HTTP Proxy team is very pleased to announce the
> availability of the Squid-3.2.0.10 beta release!

I've just compiled it with the "slackbuild" script for slackware: it  
runs!

Viele Gruesse!
Helmut

Re: [squid-users] Whatismyip response behind squid

[Helmut Hullen]

Hallo, a,

Du meintest am 18.08.11:

> I have several squid boxes running. There is one which when i set it
> on the proxy configuration on my client PCs browser then open
> www.whatismyip.com , It not only bring its real NAT IP , but also
> below information too. What makes the site gets these information and
> how can prevent or change this banner?

Then try another server/service, p.e.

myip.it
myip.nl

And then you need a script for extractiing the IP address ...

Viele Gruesse!
Helmut

Re: [squid-users] squid redirecting attempted downloads

[Helmut Hullen]

Hallo, Dave,

Du meintest am 22.08.11:

> We are having an issue where users try to download a file (an email
> attachment, setup file, etc.) and are redirected to a page on our
> intranet that says something about file downloads not being allowed.
> The person I took over from here says that it may be something
> configured in the squid.conf file.

> I found the file but have no idea how to disable or modify this
> setting.

What's the name of the file?
Can you find this name somewhere in the "squid.conf"?

Or does "squid" invoke some other program like "squidGuard"?

Viele Gruesse!
Helmut

Re: [squid-users] squid redirecting attempted downloads

[Helmut Hullen]

Hallo, Dave,

Du meintest am 22.08.11:

>>> We are having an issue where users try to download a file (an email
>>> attachment, setup file, etc.) and are redirected to a page on our
>>> intranet that says something about file downloads not being
>>> allowed. The person I took over from here says that it may be
>>> something configured in the squid.conf file.

> I meant I found the squid.conf file.

Then please show the "squid.conf".

Viele Gruesse!
Helmut

Re: [squid-users] blacklist to block adults sites

[Helmut Hullen]

Hallo, alexus,

Du meintest am 27.08.11:

> is there a blacklist of URLs/IPs that contains say an adults sites? I
> need to be able to feed that into my squid, people abusing it with
> surfing porn!

What about "squidGuard"?

Or at least the blacklist for "squidGuard":

  http://squidguard.mesd.k12.or.us/blacklists.tgz

Viele Gruesse!
Helmut

[squid-users] ACL for authorized users

[Helmut Hullen]

Hallo, squid-users,

is it possible to define ACLs for special users (authentification via  
NCSA works)?

Using "squidGuard" is possible (and there I can define ACLs for "user"  
or "userlist") but I'd prefer a solution with the pure "squid".

Searching in the Wiki didn't help - maybe I haven't found the right  
questions.

"squid" version 3.2.0.10

Viele Gruesse!
Helmut

Re: [squid-users] ACL for authorized users

[Helmut Hullen]

Hallo, Amos,

Du meintest am 29.08.11:

>> is it possible to define ACLs for special users (authentification
>> via NCSA works)?


> proxy_auth ACL.

> Like so:
>acl users proxy_auth bob knuth


Nice - thank you!

(I should have studied the "squish" examples ...)

Viele Gruesse!
Helmut

Re: [squid-users] "deep" analysis of some request

[Helmut Hullen]

Hallo, alexus,

Du meintest am 08.09.11:

> Is there a way to analyze somehow deeper what's going on with this?

> tss# grep 'http://ecs.amazonaws.com/onca/xml?' access.log | tail -1

> 66.55.138.70 - - [08/Sep/2011:18:59:26 +] "GET
> http://ecs.amazonaws.com/onca/xml? HTTP/1.1" 200 135861 "-"
> "Mozilla/4.1" TCP_MISS:DIRECT

That line shows that the machine 66.55.138.70 tries to get a document  
from http://ecs.amazonaws.com/onca/xml
And it gets the document (with about 130 kByte).

66.55.138.70 belongs to Alexusbiz Corp - seems to be one of your IP  
addresses.
Seems that this request is no squid problem.

Viele Gruesse!
Helmut

Re: [squid-users] "deep" analysis of some request

[Helmut Hullen]

Hallo, alexus,

Du meintest am 09.09.11:

>>> 66.55.138.70 - - [08/Sep/2011:18:59:26 +] "GET
>>> http://ecs.amazonaws.com/onca/xml? HTTP/1.1" 200 135861 "-"
>>> "Mozilla/4.1" TCP_MISS:DIRECT

>> That line shows that the machine 66.55.138.70 tries to get a
>> document from http://ecs.amazonaws.com/onca/xml
>> And it gets the document (with about 130 kByte).

> 66.55.138.70 is actually my own IP, in this log you can't really see
> real remote IP, but that's not an issue
> I just have alot of request like this, so I want to somehow do some
> sort of capture to see what's going on there...

Sorry - your client machine 66.55.138.70 requests a document from  
ecs.amazon.com - ask the user of this machine why he oder she wants this  
document.

"squid" only manages the transfer.

Viele Gruesse!
Helmut

Re: [squid-users] Problem with deny_info

[Helmut Hullen]

Hallo, Amos,

Du meintest am 22.09.11:

> 3.0 and 3.1 only accept % parameter to deny_info.

> The extended dynamic format is a new 3.2 feature.

Where are these parameters explained?

Viele Gruesse!
Helmut

Re: [squid-users] [3.2.0.12] ErrorDetailManager.cc(222) parse: WARNING! invalid error detail name:

[Helmut Hullen]

Hallo, david,

Du meintest am 22.09.11:


> Dear i receive this error in cache.log just after compiling the
> 3.2.0.12 version



> ErrorDetailManager.cc(222) parse: WARNING! invalid error detail name:
> P?.?P?.?09_V_ERR_DOMAIN_MISMATCH
> 2011/09/22 15:15:23 kid1| errorpage.cc(352) loadFromFile:  parse
> error while reading template
> file: /usr/share/squid3/errors/templates/error-details.txt

Maybe I've seen the same error, with "squid-3.2.0.10". Compiling squid  
without "enable-ssl" cured that problem (but that's no real solution).

Viele Gruesse!
Helmut

Re: [squid-users] how to use the user auth parameters

[Helmut Hullen]

Hallo, Eliezer,

Du meintest am 24.09.11:

>>> i have used the info on:
>>> http://www.cyberciti.biz/tips/linux-unix-squid-proxy-server-authent
>>> ication.html

>> there it is
>> FATAL: ERROR: Invalid ACL: acl ncsa_users proxy_auth REQUIRED

I use

# - auth.conf ---

auth_param basic program /usr/libexec/ncsa_auth /etc/squid/.htpasswd

auth_param basic children 20
auth_param basic realm Surf-Anmeldung
auth_param basic credentialsttl 60 minutes

acl Anmeldung proxy_auth REQUIRED
http_access deny !Anmeldung

# 

Configuration:
Squid Cache: Version 3.2.0.10
configure options:  '--prefix=/usr' '--libdir=/usr/lib' '--sysconfdir=/ 
etc/squid' '--localstatedir=/var/log/squid' '--datadir=/usr/share/squid'  
'--with-pidfile=/var/run/squid' '--mandir=/usr/man' '--with-logdir=/var/ 
log/squid' '--enable-snmp' '--enable-basic-auth-helpers=NCSA,YP,MSNT- 
multi-domain,MSNT,SMB,getpwnam,LDAP,POP3,RADIUS' '--enable-linux- 
netfilter' '--enable-async-io' '--with-large-files' '--disable-option- 
checking' '--with-filedescriptors=65536' '--enable-icmp' '--enable- 
delay-pools' '--enable-digest-auth-helpers=LDAP,file' '--enable-ntlm- 
auth-helpers=smb_lm' '--enable-negotiate-auth-helpers=kerberos' '-- 
enable-inline' '--disable-loadable-modules' '--disable-translation' '-- 
enable-storeio=aufs,ufs' '--enable-arp-acl' '--enable-wccp' '--enable- 
external-acl-helpers=ip_user,ldap_group,unix_group,wbinfo_group' '-- 
enable-removal-policies=lru,heap' '--enable-esi' '--enable-ssl' '-- 
build=i486-slackware-linux' 'build_alias=i486-slackware-linux' 'CFLAGS=- 
O2 -march=i486 -mtune=i686' 'CXXFLAGS=-O2 -march=i486 -mtune=i686'

Viele Gruesse!
Helmut

Re: [squid-users] How to rotate Cache.log

[Helmut Hullen]

Hallo, Amos,

Du meintest am 30.09.11:

>> My cache file is getting too big (250mb) so it becomes really hard
>> to view the log file.

[...]

>  Question is though why your cache.log is getting so big in the first
>  place. It should only have rare messages about serious problems.

That can happen. I've seen log files with more than 2 GByte too.

A bit more precise: "squid" rotates them if they are bigger than 2  
GByte. And then the next 2 Gbyte were filled, but the partition wasn't  
big enough. All happened within less than 24 hours.

But I've seen this nasty behaviour only 1 time in the many last years.

Viele Gruesse!
Helmut

Re: [squid-users] ACL's by Specific Date and Time

[Helmut Hullen]

Hallo, Jenny,

Du meintest am 10.10.11:

>> What my thoughts are is when they are on a holiday, to disable my
>> normal rules. So when they are out of school the proxy doesn't stop
>> their access, but if it's a non school day, it will allow them out.

> Very easy to do.


> See "acl time":
> http://wiki.squid-cache.org/SquidFaq/SquidAcl?highlight=%28time%29#Ho
> w_can_I_allow_some_clients_to_use_the_cache_at_specific_times.3F

> You can add weekends to your rules to allow access to your kids. You
> can also download official public holiday list and create rules for
> these days.

Sorry - that doesn't help. Such an ACL doesn't know school holidays, it  
doesn't know public holidays.

Ok - that's the problem of nearly every simple calendar ...

Viele Gruesse!
Helmut

Re: [squid-users] WARNING: You should probably remove 'www.somewebsite.com' from the ACL named 'blacklist'

[Helmut Hullen]

Hallo, devadmin,

Du meintest am 12.10.11:

> I have a blacklist of about 1 million domains when I reload squid I
> get about, a million of these error messages. Should I do something
> to correct this error message?

Yes: include "squidGuard" for managing such a large blacklist.

Viele Gruesse!
Helmut

Re: [squid-users] facebook upload DOS's squid?

[Helmut Hullen]

Hallo, hunter,

Du meintest am 14.10.11:

> when uploading a 540m video to facebook, it seems like squid ends up
> caching(maybe not the right word) the whole thing.

Does "squid" control uploading?

Viele Gruesse!
Helmut

Re: [squid-users] Non-transparent port works, transparent doesn't

[Helmut Hullen]

Hallo, Pieter,

Du meintest am 18.10.11:

[TOFU]

> I understand you being upset with this, but this is a text based
> client and I have limited time that I can reply to certain issues. I
> thought I would give a quick insight into an error that I might have
> spotted. It's quite hard to have selective lines on this client.

No - it isn't. Even your mail program ("pine"/"alpine") can delete lines  
and paragrafs.

Please stop these nasty fullquotes.

And please look at the "reply to" line: I had asked you per e-mail far  
away from the mailing list.

Viele Gruesse!
Helmut

Re: [squid-users] squid-3.1.16: squid -k shutdown causes crash

[Helmut Hullen]

Hallo, Ralf,

Du meintest am 18.10.11:

> squid-3.1.16:
> squid -k shutdown causes a crash, below is the result of:

Here: not reproduceable.

Slackware 13.37 (self made)
squid-3.1.16 (self made)
http://arktur.shuttle.de/CD/Testpakete/squid-3.1.16-i486-1_hln.tgz

Viele Gruesse!
Helmut

Re: [squid-users] Squid 3.2.0.14 beta is available

[Helmut Hullen]

Hallo, Amos,

Du meintest am 13.12.11:

> The Squid HTTP Proxy team is very pleased to announce the
> availability of the Squid-3.2.0.14 beta release!

Slackware binary:

  


Viele Gruesse!
Helmut

Re: [squid-users] Error 502 - Bad Gateway - www.allplanlernen.de

[Helmut Hullen]

Hallo, Mario,

Du meintest am 28.12.11:

> i am running Squid 3.1.0.14 and when i try to access
> www.allplanlernen.de i get a 502 error.

Same here (squid 3.2.0.14):

502 Bad Gateway
nginx/0.7.67

> It works without squid.

Same here, too.

> Does anyone know why?

Seems to be a malformed web site.

I've tested (without squid)

lynx www.allplanlernen.de/themen/impressum.html

and got the informations; looking with a browser (behind squid) onto the  
side gets

Internal Error (check logs)

and that's an error message for the website administrator, not for me.

Viele Gruesse!
Helmut

Re: [squid-users] Squid 3.2.0.14 beta is available

[Helmut Hullen]

Hallo, Amos,

Du meintest am 13.12.11:

> The Squid HTTP Proxy team is very pleased to announce the
> availability of the Squid-3.2.0.14 beta release!

I had to re-install the former version; 3.2.0.14 had stopped working.

Messages in "/var/log/warn":

Dec 29 07:05:51 Arktur squid[4479]: Starting Squid Cache version  
3.2.0.14 for i486-slackware-linux-gnu...
Dec 29 07:06:16 Arktur squid[4479]: BUG: Orphan Comm::Connection: 
local=[::]:3130 remote=[::] FD 20 flags=9
Dec 29 07:06:16 Arktur squid[4479]: NOTE: 1 Orphans since last started.
Dec 29 07:06:17 Arktur squid[4479]: BUG: Orphan Comm::Connection: 
local=[::]:3130 remote=[::] FD 15 flags=9
Dec 29 07:06:17 Arktur squid[4479]: NOTE: 2 Orphans since last started.
Dec 29 13:26:59 Arktur squid[4479]: BUG: Orphan Comm::Connection: 
local=[::]:3130 remote=[::] FD 15 flags=9
Dec 29 13:26:59 Arktur squid[4479]: NOTE: 3 Orphans since last started.
Dec 29 13:38:18 Arktur squid[4477]: Exiting due to unexpected forced shutdown

and no client got a connection to an external web site.

Maybe the "orphan" messages are not related to this "no connection"  
event; the last days "squid" reportet 2 to 5 orphans, but made no other  
problems (the machine is re-started every morning).

Which additional informations do you need?

Viele Gruesse!
Helmut

Re: [squid-users] Squid 3.2.0.14 beta is available

[Helmut Hullen]

Hallo,

I wrote am 29.12.11:

>> The Squid HTTP Proxy team is very pleased to announce the
>> availability of the Squid-3.2.0.14 beta release!

> I had to re-install the former version; 3.2.0.14 had stopped working.


Seems to be (have been) a false alarm - sorry.

The same breakdown just happened with an older squid version which had  
run without problems for many months. Seems to be a special problem in  
my installation.


Viele Gruesse!
Helmut

Re: [squid-users] Problem Compiling Squid 1.1.8 (noob?)

[Helmut Hullen]

Hallo, someone,

Du meintest am 30.12.11:

> Problem Compiling Squid 1.1.8

> deviant:/home/devadmin/source/squid-3.1.18# ./configure

> -O2' --with-squid=/build/buildd-squid3_3.1.6-1.2+squeeze1-i386-_y3HlV
> /squid3-3.1.6

Just for curiosity: which squid version do you really mean?

Viele Gruesse!
Helmut

[squid-users] Squid 3.2.0.14: disk size

[Helmut Hullen]

Hallo, squid-users,

I'm running squid 3.2.0.14 (self made).

It always tells

Jan 21 14:37:00 Arktur squid[13670]: WARNING: Disk space over limit:  
11131162772328824.00 KB > 512000 KB
Jan 21 14:37:33 Arktur last message repeated 3 times
Jan 21 14:38:39 Arktur last message repeated 6 times

That disk size is completely wrong - why?

My configuration:

cache_mem 254 MB
maximum_object_size 4096 KB
ipcache_size 4096
fqdncache_size  4096
cache_dir ufs /var/proxy/cache 500 8 256

That configuration works since years without any (such) problem.
The cache is in/on a 10 GByte partition.



The message seems to be only a (nonsense) warning; "squid" works well.

Viele Gruesse!
Helmut

Re: [squid-users] Changes related to /etc/resolv.conf and squid

[Helmut Hullen]

Hallo, Amos,

Du meintest am 25.01.12:

>> If I changed the entry in /etc/resolv.conf then, Is there need to
>> reload/reconfigure the squid?

> Yes. Squid does not monitor the configuration files for changes. It's
> on the feature wishlist, but nobody has had enough interest to code
> up a small background ticker event to do the checks.

I use "incron" from Lukas Aiken,

  http://inotify.aiken.cz

with the file "/etc/incron.d/squid" with the contents

  /etc/resolv.conf IN_MODIFY squid -k reconfigure

That means: if "/etc/resolv.conf" is modified then run "squid -k  
reconfigure".

There are some other programs which also work with "inotify" - maybe  
it's hard for a "squid" developper to look for the special routine(s) on  
a special target machine.

"incron" hasn't changed the last two years - don't know if Lukas still  
works on it. But the program doesn't seem to need changes ...

Viele Gruesse!
Helmut

Re: [squid-users] Squid 3.2.0.14: disk size

[Helmut Hullen]

Hallo, Amos,

Du meintest am 23.01.12:

>> I'm running squid 3.2.0.14 (self made).
>>
>> It always tells
>>
>> Jan 21 14:37:00 Arktur squid[13670]: WARNING: Disk space over limit:
>> 11131162772328824.00 KB>  512000 KB

> This is http://bugs.squid-cache.org/show_bug.cgi?id=3441

Thank you -

  rm -f /path/to/swap.state*
  /path/to/bin/squid -s -S

seems to do the job.

Viele Gruesse!
Helmut

[squid-users] Squid 3.2.0.14: "failed to select source for ..."

[Helmut Hullen]

Hallo, squid-users,

my self made squid 3.2.0.14 sometimes produces messages like


Jan 30 08:56:58 Arktur squid[4263]: Failed to select source for 'http:// 
ivwbox.de/'
Jan 30 08:56:58 Arktur squid[4263]:   always_direct = 0
Jan 30 08:56:58 Arktur squid[4263]:never_direct = 0
Jan 30 08:56:58 Arktur squid[4263]:timedout = 0

I've searched Google for this messages; seems to be another kind of  
error(?). Especially:

   http://wiki.squid-cache.org/KnowledgeBase/FailedToSelectSource

and

   https://bugzilla.redhat.com/show_bug.cgi?id=186561

tell nothing about "all ... = 0".

pgrep -l squid

shows that squid is running, the log files also show that squid runs and  
works hard.

Where's the problem?
Is that message an information, a warning or an error message?

Viele Gruesse!
Helmut

Re: [squid-users] Squid 3.2.0.14: "failed to select source for ..."

[Helmut Hullen]

Hallo, Ralf,

Du meintest am 10.02.12:

>> my self made squid 3.2.0.14 sometimes produces messages like

>> Jan 30 08:56:58 Arktur squid[4263]: Failed to select source for
>> 'http://ivwbox.de/'

> ivwbox.de does not resolve. Maybe that's normal?

I may not believe it. I never had these messages with older squid  
versions.

This message appeared not only with "ivwbox.de" but also p.e. with  
"google.com". About 5 to 10 messages within 1 minute, and then a long  
pause (long = more than 30 minutes ...)

I've just re-installed an older version - my colleague doesn't like  
restarting "squid" hourly ... (I don't know if that's related to "Failed  
to select" ...)

Viele Gruesse!
Helmut

Re: [squid-users] Squid 3.2.0.14: "failed to select source for ..."

[Helmut Hullen]

Hallo, Amos,

Du meintest am 11.02.12:

[...]

>> This message appeared not only with "ivwbox.de" but also p.e. with
>> "google.com". About 5 to 10 messages within 1 minute, and then a
>> long pause (long = more than 30 minutes ...)

> Sounds a bit like behaviour Alex S reported  to squid-dev about the
> new parallel A/ lookups. Which full version string was that
> squid?

squid-3.2.0.14 from 12/12/2011

>> I've just re-installed an older version - my colleague doesn't like
>> restarting "squid" hourly ... (I don't know if that's related to
>> "Failed to select" ...)

> Possibly is. Every restart the DNS gets shutdown and cannot resolve
> any domains for the requests which are still only being parsed at
> that time (cached DNS records should be okay, new domains orwith
> expired records will fail).

Ok - then we can hope that both problems have disappeared while going  
back to 3.1.14 ...

-

Just for the record: we use "dnsmasq" als LAN DNS. Might this be a  
special problem?

Viele Gruesse!
Helmut

Re: [squid-users] Squid 3.2.0.14: "failed to select source for ..."

[Helmut Hullen]

Hallo, Henrik,

Du meintest am 12.02.12:

>> Jan 30 08:56:58 Arktur squid[4263]: Failed to select source for
>> 'http:// ivwbox.de/'
>> Jan 30 08:56:58 Arktur squid[4263]:   always_direct = 0
>> Jan 30 08:56:58 Arktur squid[4263]:never_direct = 0
>> Jan 30 08:56:58 Arktur squid[4263]:timedout = 0

> Reverse proxy with no matching cache_peer?

No. "classic" proxy.

Which part of the "squid.conf" might you need?

Viele Gruesse!
Helmut

Re: [squid-users] Squid 3.2.0.14: "failed to select source for ..."

[Helmut Hullen]

Hallo, Amos,

Du meintest am 11.02.12:

>> my self made squid 3.2.0.14 sometimes produces messages like
>>
>> Jan 30 08:56:58 Arktur squid[4263]: Failed to select source for
>> 'http:// ivwbox.de/'
>> Jan 30 08:56:58 Arktur squid[4263]:   always_direct = 0
>> Jan 30 08:56:58 Arktur squid[4263]:never_direct = 0
>> Jan 30 08:56:58 Arktur squid[4263]:timedout = 0

[...]

>> Where's the problem?
>> Is that message an information, a warning or an error message?

> Direct access is permitted, but DNS produced no usable results.

Why (as far as you can be clairvoyant)?

It doesn't happen always, it only happens sometimes.
That makes testing difficult - I don't dare to run the new squid version  
on a "productive" system, and the last time I've seen this message on my  
local system is some weeks ago.

As I've told some days ago both machines where I've seen these messages  
run "dnsmasq" as DNS, not ISC-bind.

Restarting squid helps for some time, but maybe the real problem would  
have disappeared by only waiting some time too ...

Viele Gruesse!
Helmut

Re: [squid-users] Squid 3.2.0.14: "failed to select source for ..."

[Helmut Hullen]

Hallo, Amos,

Du meintest am 14.02.12:

 my self made squid 3.2.0.14 sometimes produces messages like

 Jan 30 08:56:58 Arktur squid[4263]: Failed to select source for
 'http:// ivwbox.de/'
 Jan 30 08:56:58 Arktur squid[4263]:   always_direct = 0
 Jan 30 08:56:58 Arktur squid[4263]:never_direct = 0
 Jan 30 08:56:58 Arktur squid[4263]:timedout = 0

>> [...]

>> Restarting squid helps for some time, but maybe the real problem
>> would have disappeared by only waiting some time too ...

> Like Ralf mentioned...

> ## host-check ivwbox.de
> ivwbox.de has SOA record ns.ivwbox.de. hostmaster.ivwbox.de.
> 2011061896 1 3600 604800 86400

It's no problem which only happens with "ivwbox.de".

Just a few lines:

messages.1.gz:Feb 10 10:06:30 Capella squid[11774]: Failed to select  
source for 'http://id.google.de/verify/EMh-Wz2X9xLGTCOymxWnaw8.gif'
messages.1.gz:Feb 10 10:06:55 Capella squid[11774]: Failed to select source for 
'http://id.google.de/verify/EN2Vjy0k3x-VRsw45NuiIlg.gif'
messages.1.gz:Feb 10 10:06:55 Capella squid[11774]: Failed to select source for 
'http://id.google.de/verify/ENJhY8KMMFdd7qtN9ZOGAR0.gif'
messages.1.gz:Feb 10 10:07:16 Capella squid[11774]: Failed to select source for 
'http://id.google.de/verify/ENzpClI9YEXm5qSK4htjImk.gif'
messages.1.gz:Feb 10 10:07:16 Capella squid[11774]: Failed to select source for 
'http://id.google.de/verify/ENzpClI9YEXm5qSK4htjImk.gif'
messages.1.gz:Feb 10 10:08:23 Capella squid[11774]: Failed to select source for 
'http://ipv6-count.gmx.net/p6.gif?ts=1328864900621'
messages.1.gz:Feb 10 10:10:05 Capella squid[11774]: Failed to select source for 
'[null_entry]'
messages.1.gz:Feb 10 10:10:09 Capella squid[11774]: Failed to select source for 
'[null_entry]'
messages.1.gz:Feb 10 10:10:10 Capella squid[11774]: Failed to select source for 
'[null_entry]'
messages.1.gz:Feb 10 10:10:28 Capella squid[11774]: Failed to select source for 
'http://www.ureader.de/msg/15515065.aspx'
messages.1.gz:Feb 10 10:10:28 Capella squid[11774]: Failed to select source for 
'http://www.ureader.de/favicon.ico'
messages.1.gz:Feb 10 10:10:42 Capella squid[11774]: Failed to select source for 
'[null_entry]'
messages.1.gz:Feb 10 10:16:40 Capella squid[11774]: Failed to select source for 
'http://m-wissen.de/'
messages.1.gz:Feb 10 10:16:40 Capella squid[11774]: Failed to select source for 
'http://m-wissen.de/favicon.ico'
messages.1.gz:Feb 10 10:16:43 Capella squid[11774]: Failed to select source for 
'http://m-wissen.de/favicon.ico'


Going back to "squid 3.1.14": no such message.

Viele Gruesse!
Helmut

Re: [squid-users] Prefetch patch test

[Helmut Hullen]

Hallo, anita.sivakumar,

Du meintest am 16.02.12:

> Sorry Amos. But where else do I post this ? I thought I can mail it
> to this mail id squid-users@squid-cache.org. But if there is some
> other place, please let me know.

[full quote deleted - don't top post, please, don't full quote, please]

The address is ok.
But when you want to write a new question then you shouldn't really  
answer to an existing problem and then only change the headline. Your  
mail reader can produce a "new" mail too.

Viele Gruesse!
Helmut

Re: [squid-users] Page seems to load for ever

[Helmut Hullen]

Hallo, karj,

Du meintest am 23.02.12:

> I? have a problem with the first page of a site, that?s behind squid.
> The page of the site www.tovima.gr seems to load forever (using
> chrome and firefox).

Here: no problem.
Squid 3.1.14

Viele Gruesse!
Helmut

Re: [squid-users] blacklist

[Helmut Hullen]

Hallo, Esteban,

Du meintest am 04.03.12:

> Currently I have 3 servers running with squid and haproxy balancing
> ahead of them.
> It works perfectly.
> Now I want to block porn sites, viruses, external proxies, etc ...
> I tried dansguardian and squidguard, but slows down my squid and I do
> not like.

> I can use?

Every filter needs time.
"squidGuard" looks only for URLs - that needs not much time.
Looking vor viruses needs much time.

That's no special "squid" problem. That's a problem of the additional  
software.

Viele Gruesse!
Helmut

Re: [squid-users] Squid 3.1.x and detect/disable http tunneling over proxe web sites

[Helmut Hullen]

Hallo, Josef,

Du meintest am 08.03.12:

>is it able to detect somehow (and disable) tunneling http regular
> web thru proxy web sites ?  For example porn web site thru
> "hidemyass.com". There are a lot of web proxies, couldn't locate
> everyone and disable it :). How do you solve it ?

I use "squidGuard" with its database p.e. for porn and/or proxies. It's  
simple to use it under "squid".

Viele Gruesse!
Helmut

Re: [squid-users] Unable to open HTTP Socket in syslog

[Helmut Hullen]

Hallo, zozo,

Du meintest am 19.03.12:

> userdemo@ubuntu-demo:~$ sudo cat /var/log/syslog |tail
> Mar 19 16:01:01 ubuntu-demo (squid-1): Unable to open HTTP Socket
> Mar 19 16:01:01 ubuntu-demo squid[1173]: Squid Parent: (squid-1)
> process 1193 exited with status 1

Please try to start "squid" again, wait 1 to 2 minutes and then examine  
the log file(s) again with

sudo tail -20 /var/log/syslog

or

sudo grep 'squid' /var/log/syslog

May be the last ten lines of "/var/log/syslog" don't show the reason.

But "Unable to open HTTP Socket" may point to the error.

Viele Gruesse!
Helmut

Re: [squid-users] DB Error ?

[Helmut Hullen]

Hallo, Jarosch,,

Du meintest am 22.03.12:

> Is there any way to change the location where squidguard store the
> temp DB files?

File "squidGuard.conf"

Line "dbhome /var/lib/squidGuard/db"

or whatever you want.

Viele Gruesse!
Helmut

Re: [squid-users] DB Error ?

[Helmut Hullen]

Hallo, Jarosch,,

Du meintest am 21.03.12:

> Hi together I think I have some trouble with my Berkely Database.

> When I start up my Squid I get following error in my cache.log

> 2012-03-21 15:50:28 [2325] init domainlist
> /usr/local/squidGuard/list/BL/warez/domains 2012-03-21 15:50:28
> [2325] init urllist /usr/local/squidGuard/list/BL/warez/urls
> temporary open: /var/tmp/BDB02320: Permission denied unable to create
> temporary backing file temporary open: /var/tmp/BDB02320: Permission
> denied


My usual way for creating the squidGuard database(s):

squidGuard -b -d -C all
squidGuard -b -d u

Do these commands run without an error message?

Viele Gruesse!
Helmut

Re: [squid-users] No response from Squid when cannot resolve DNS for host

[Helmut Hullen]

Hallo, Vincent,

Du meintest am 16.04.12:

> I have a strange issue with at least one URL :
> http://d.businessinsider.com/

> The host does not exist and cannot be resolved. But instead of
> telling me that Squid cannot resolve the host (as it does for example
> for the non existing http://zfsdfo.sdfdsfrgq.com/ ), Squid gives no
> response, and make the browser wait forever.

Here:

Der DNS-Server meldete:

Name Error: The domain name does not exist.

-

Viele Gruesse!
Helmut