[squid-users] GURU opinion required.
after going thru different articles and analyzing the behavior of squid 2.5 stable10 transparent proxy over freebsd machine, it is not possible that https requests are entertained in other words it simply means proxying will not be done for https traffic. now let's dvlvle in details. in case of transparent squid proxy whenever https traffic is passed through the proxy, proxy does not adds it's ip addres rather it forwards the packets with original client ip address located on internal network. the packets then finally are natted at the firewall with the public ip address, and operation successfully completes. but in my case my network colleagues who are managing firewall device have blocked any traffic originating from internal network and have only allowed proxy address hence any https traffic is blocked becoz they have the source address as internal address not of the proxy. as it should be, any traffic that leaves the proxy with the modified source address as of proxy address , successfully completes the request. hence http traffic and https traffic with manual/force proxy works but transparent proxy with https traffic doesn't work. if i am wrong or there is any work around would be highly appreciated. Thanks in advance.
Re: [squid-users] GURU opinion required.
Ok! then what would i need to do in my ipfw to make things work accordingly. i already have natd in place!!! Thanks, --- On Tue, 4/28/09, Pandu E Poluan wrote: > From: Pandu E Poluan > Subject: Re: [squid-users] GURU opinion required. > To: squid-users@squid-cache.org > Date: Tuesday, April 28, 2009, 3:01 PM > IMO, you got that wrong. > > Squid re-sends the https datagram in a wholly new packet, > with Source IP > Address is the squid's IP Address. > > I should know, for my firewall at my office totally block > non-proxy > addresses. Yet employees still can access Gmail and/or > Yahoo!Mail (both > of which use https for authentication purposes). > > As usual, CMIIW. > > > Rgds, > > > [p] > > > goody goody wrote: > > after going thru different articles and analyzing the > behavior of squid 2.5 stable10 transparent proxy over > freebsd machine, it is not possible that https requests are > entertained in other words it simply means proxying will not > be done for https traffic. > > > > now let's dvlvle in details. > > > > in case of transparent squid proxy whenever https > traffic is passed through the proxy, proxy does not adds > it's ip addres rather it forwards the packets with original > client ip address located on internal network. the packets > then finally are natted at the firewall with the public ip > address, and operation successfully completes. > > > > but in my case my network colleagues who are managing > firewall device have blocked any traffic originating from > internal network and have only allowed proxy address hence > any https traffic is blocked becoz they have the source > address as internal address not of the proxy. > > > > as it should be, any traffic that leaves the proxy > with the modified source address as of proxy address , > successfully completes the request. > > > > hence http traffic and https traffic with manual/force > proxy works but transparent proxy with https traffic doesn't > work. > > > > if i am wrong or there is any work around would be > highly appreciated. > > > > Thanks in advance. > > > > > > > > > > > > > > > > > > > > -- > *Pandu E Poluan* > *Panin Sekuritas* > IT Manager / Infrastructure & Audit > Phone : +62-21-515-3055 ext 135 > Fax : +62-21-515-3061 > Mobile : +62-856-8400-426 > e-mail : pandu_pol...@paninsekuritas.co.id > <mailto:pandu_pol...@paninsekuritas.co.id> > > > > > > Y!M : hands0me_irc > MSN : si-gant...@live.com > GTalk : pandu.ca...@gmail.com > >
Re: [squid-users] Transparent proxy with HTTPS on freebsd
Dear Amos, i say http works but https doesn't behind transparent proxy (no proxy details specified in browser) and this is simply I just want to achieve as some sites such as yahoo, gmail use https to connect to. so if you guide my how can i configure squid to allow https sites to connect behind transparent proxy. Further info regarding squid and bsd os is as follows. squid version info Squid Cache: Version 2.5.STABLE10 configure options: --enable-storeio=diskd,ufs --enable-snmp --with-openssl=/opt/ssl '--enable-auth=basic ntlm' --enable-wccp '--enable-removal-policies=heap lru' BSD OS Info FreeBSD XXX 5.4-RELEASE FreeBSD 5.4-RELEASE #0: Fri Mar 30 18:16:33 PKT 2007 r...@xxx.abc.com.:/usr/src/sys/i386/compile/BSD-ROUTER i386 an early response would be very much appreciated. Regards, --- On Wed, 4/29/09, Amos Jeffries wrote: > From: Amos Jeffries > Subject: Re: [squid-users] Transparent proxy with HTTPS on freebsd > To: "abdul sami" > Cc: squid-users@squid-cache.org > Date: Wednesday, April 29, 2009, 1:49 PM > abdul sami wrote: > > Dear all, > > > > subject settings doesn't work when i set the > transparent proxy though > > http traffic works. on analysis of traffic i have come > to know that > > proxy doesn't add it's source address to https traffic > rather simply > > forwards it with local net address to gateway/firewall > device which > > ultimately drops the packets. > > > > any suggestion in shape of steps/article would be > highly appreciated. > > > > Regards, > > Pardon? > HTTPS being transparently intercepted (miracle #1) and the > users not phoning you about being attacked? (miracle #2). > > HTTPS == HTTP via _secure_ SSL. > transparent proxy == man-in-middle network attack on > traffic. > > HTTPS was created to prevent transparent interception > amongst other things. So yes I'm not surprised it won't > work. > > What are you trying to achieve with this? > > Amos > -- Please be using > Current Stable Squid 2.7.STABLE6 or 3.0.STABLE14 > Current Beta Squid 3.1.0.7 >
[squid-users] the request or reply is too large squid
Hi There. I have setup transparent proxy on squid 3.0 stable 14 on freebsd 7. but it gives me the subject error. after studying the error on net i found suggestions to add followings in squid.conf, but it didn't helped me out even. request_header_max_size 10 KB request_body_max_size 1 MB reply_header_max_size 40 KB reply_body_max_size 0 BTW I am using ipfw as local firewall. pls guide me how i can tackle this situation. with thanks and regards, .Goody.
[squid-users] Re: the request or reply is too large squid
in continuation with my previous email, pls note that before setting transparent proxy, squid was behaving perfectly fine. however when i turn on natd and ipfw with http_port IP:3128 it started this problem. important thing is that subject problem occurs while normal sites i-e yahhooo google etc, i m not download any larger files. if you people need more info, pls let me know. Thanks and regards, .Goody. --- On Wed, 5/13/09, goody goody wrote: > From: goody goody > Subject: the request or reply is too large squid > To: squid-users@squid-cache.org > Cc: squ...@treenet.co.nz > Date: Wednesday, May 13, 2009, 6:47 PM > Hi There. > > I have setup transparent proxy on squid 3.0 stable 14 on > freebsd 7. but it gives me the subject error. after studying > the error on net i found suggestions to add followings in > squid.conf, but it didn't helped me out even. > > request_header_max_size 10 KB > request_body_max_size 1 MB > reply_header_max_size 40 KB > reply_body_max_size 0 > > BTW I am using ipfw as local firewall. > > pls guide me how i can tackle this situation. > > with thanks and regards, > > .Goody. > > > >
Re: [squid-users] the request or reply is too large squid
my acceess log doesn't gives such an error it only show messgag: 441 10.1.21.10 TCP_MISS/400 26687 GET http://update.microsoft.com/v8/windowsupdate/redir/muv3wuredir.cab? - DIRECT/65.55.184.253 text/html however, cache log gives the following error. xxx.xx.xxx.xx (squid/3.0.STABLE14), 1.0 xxx.xx.xxx.xx (squid/3.0.STABLE14), 1.0 xxx.xx.xxx.xx (squid/3.0.STABLE14), 1.0 xxx.xx.xxx.xx (squid/3.0.STABLE14), 1.0 xxx.xx.xxx.xx (squid/3.0.STABLE14) X-Forwarded-For: 10.1.21.10, 192.168.1.93, 192.168.1.93, 192.168.1.93, 192.168.1.93, 192.168.1.93, 192.168.1.93, 192.168.1.93, 192.168.1.93, 192.168.1.93, 192.168.1.93, 192.168.1.93, 192.168.1.93, 192.168.1.93, 192.168.1.93, 192.168.1.93, 192.168.1.93, 192.168.1.93, 192.168.1.93, 192.168.1.93, 192.168.1.93, 192.168.1.93, 192.168.1.93, Cache-Control: max-age=259200 Connection: keep-alive there are lot of such message appear in cache.log whenever i initiate a single request for site yahoo or google etc. Thanks, .Goody. 2009/05/13 17:43:39| clientProcessRequest: Invalid Request --- On Thu, 5/14/09, Matus UHLAR - fantomas wrote: > From: Matus UHLAR - fantomas > Subject: Re: [squid-users] the request or reply is too large squid > To: squid-users@squid-cache.org > Date: Thursday, May 14, 2009, 1:23 AM > On 13.05.09 06:47, goody goody > wrote: > > Subject: [squid-users] the request or reply is too > large squid > > > I have setup transparent proxy on squid 3.0 stable 14 > on freebsd 7. but it > > gives me the subject error. after studying the error > on net i found > > suggestions to add followings in squid.conf, but it > didn't helped me out > > even. > > > > request_header_max_size 10 KB > > request_body_max_size 1 MB > > reply_header_max_size 40 KB > > reply_body_max_size 0 > > > > BTW I am using ipfw as local firewall. > > > > pls guide me how i can tackle this situation. > > one of them is not big enough. Have you checkd access logs > from the time you > see this error? > > It's probably request_body_max_size too small, when users > are e.g. uploading > big files to webmail, they may need much bigger > request_body. > > -- > Matus UHLAR - fantomas, uh...@fantomas.sk > ; http://www.fantomas.sk/ > Warning: I wish NOT to receive e-mail advertising to this > address. > Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek > reklamnu postu. > Nothing is fool-proof to a talented fool. >
[squid-users] squid crashes after running for a while
Dear members, I have setup a proxy on squid 3.0 stble 14 on freebsd 7. my proxy is behaving abnormally, it runs for afew hours and then squid process closes unexpectdly (message displayed), when i restart the squid it fails again until i dont restart machine. after restarting it works well for a period then it does the same. i am unable to identify the problem my cache log gives the following messages. * 2009/05/27 01:08:56| UFSSwapDir::doubleCheck: ENTRY SIZE: 3342, FILE SIZE: 389 2009/05/27 01:08:56| UFSSwapDir::dumpEntry: FILENO 0004 2009/05/27 01:08:56| UFSSwapDir::dumpEntry: PATH /cache1/00/00/0004 2009/05/27 01:08:56| StoreEntry->key: B016EFEF1F5BDD7F96CC09CF4F64B217 2009/05/27 01:08:56| StoreEntry->next: 0 2009/05/27 01:08:56| StoreEntry->mem_obj: 0 2009/05/27 01:08:56| StoreEntry->timestamp: 1243365627 2009/05/27 01:08:56| StoreEntry->lastref: 1243365627 2009/05/27 01:08:56| StoreEntry->expires: -1 2009/05/27 01:08:56| StoreEntry->lastmod: 1221873935 2009/05/27 01:08:56| StoreEntry->swap_file_sz: 3342 2009/05/27 01:08:56| StoreEntry->refcount: 1 2009/05/27 01:08:56| StoreEntry->flags: CACHABLE,DISPATCHED 2009/05/27 01:08:56| StoreEntry->swap_dirn: 0 2009/05/27 01:08:56| StoreEntry->swap_filen: 4 2009/05/27 01:08:56| StoreEntry->lock_count: 0 2009/05/27 01:08:56| StoreEntry->mem_status: 0 2009/05/27 01:08:56| StoreEntry->ping_status: 0 2009/05/27 01:08:56| StoreEntry->store_status: 0 2009/05/27 01:08:56| StoreEntry->swap_status: 2 2009/05/27 01:08:56| Completed Validation Procedure 2009/05/27 01:08:56| Validated 97720 Entries 2009/05/27 01:08:56| store_swap_size = 776190 2009/05/27 01:08:56| assertion failed: store_rebuild.cc:120: "store_errors == 0" 2009/05/27 01:08:59| Starting Squid Cache version 3.0.STABLE14 for i386-unknown-freebsd7.0... * df -i results Filesystem 1K-blocksUsedAvail Capacity iused ifree %iused Mounted on /dev/da0s1a 10154158 246910 9094916 3%2763 13161470% / devfs 1 10 100% 0 0 100% /dev /dev/da0s1f 76168552 837956 69237112 1% 56201 97885331% /cache1 /dev/da0s1g 76168552 4 70075064 0% 2 98447320% /cache2 /dev/da0s1e 40622796 2540572 34832402 7% 312023 49400716% /usr /dev/da0s1d 60931274 225310 55831464 0% 337 78895810% /var I have specfied cache size : cache_dir diskd /cache1 6 16 256 Q1=72 Q2=64 I dont know what to do, pls help me out. An early reponse is requested, pls. Regards, .Goody.
[squid-users] Fw: squid crashes after running for a while
in addition to previous email, i am also receiving following messages in cache.log. comm_old_accept: FD 14: (53) Software caused > connection abort httpAccept: FD 14: accept failure: (53) Software > caused connection abort My current kernel entries are as follow. also suggest if still need to increase it. i have 2GB ram. kern.ipc.nmbclusters=32768 kern.ipc.somaxconn=1024 kern.maxfiles=32768 kern.maxproc=8192 Thanks, --- On Wed, 5/27/09, goody goody wrote: > From: goody goody > Subject: squid crashes after running for a while > To: squid-users@squid-cache.org > Date: Wednesday, May 27, 2009, 1:06 PM > Dear members, > I have setup a proxy on squid 3.0 stble 14 on freebsd 7. > > my proxy is behaving abnormally, it runs for afew hours and > then squid process closes unexpectdly (message displayed), > when i restart the squid it fails again until i dont restart > machine. after restarting it works well for a period then it > does the same. i am unable to identify the problem my cache > log gives the following messages. > > * > 2009/05/27 01:08:56| UFSSwapDir::doubleCheck: ENTRY SIZE: > 3342, FILE SIZE: 389 > 2009/05/27 01:08:56| UFSSwapDir::dumpEntry: FILENO > 0004 > 2009/05/27 01:08:56| UFSSwapDir::dumpEntry: PATH > /cache1/00/00/0004 > 2009/05/27 01:08:56| StoreEntry->key: > B016EFEF1F5BDD7F96CC09CF4F64B217 > 2009/05/27 01:08:56| StoreEntry->next: 0 > 2009/05/27 01:08:56| StoreEntry->mem_obj: 0 > 2009/05/27 01:08:56| StoreEntry->timestamp: 1243365627 > 2009/05/27 01:08:56| StoreEntry->lastref: 1243365627 > 2009/05/27 01:08:56| StoreEntry->expires: -1 > 2009/05/27 01:08:56| StoreEntry->lastmod: 1221873935 > 2009/05/27 01:08:56| StoreEntry->swap_file_sz: 3342 > 2009/05/27 01:08:56| StoreEntry->refcount: 1 > 2009/05/27 01:08:56| StoreEntry->flags: > CACHABLE,DISPATCHED > 2009/05/27 01:08:56| StoreEntry->swap_dirn: 0 > 2009/05/27 01:08:56| StoreEntry->swap_filen: 4 > 2009/05/27 01:08:56| StoreEntry->lock_count: 0 > 2009/05/27 01:08:56| StoreEntry->mem_status: 0 > 2009/05/27 01:08:56| StoreEntry->ping_status: 0 > 2009/05/27 01:08:56| StoreEntry->store_status: 0 > 2009/05/27 01:08:56| StoreEntry->swap_status: 2 > 2009/05/27 01:08:56| Completed Validation > Procedure > 2009/05/27 01:08:56| Validated 97720 > Entries > 2009/05/27 01:08:56| store_swap_size = > 776190 > 2009/05/27 01:08:56| assertion failed: > store_rebuild.cc:120: "store_errors == 0" > 2009/05/27 01:08:59| Starting Squid Cache version > 3.0.STABLE14 for i386-unknown-freebsd7.0... > > * > > df -i results > > Filesystem 1K-blocks Used > Avail Capacity iused ifree %iused > Mounted on > /dev/da0s1a 10154158 246910 9094916 > 3% 2763 1316147 > 0% / > devfs > 1 1 > 0 100% > 0 0 > 100% /dev > /dev/da0s1f 76168552 837956 69237112 > 1% 56201 9788533 > 1% /cache1 > /dev/da0s1g 76168552 4 > 70075064 0% > 2 9844732 > 0% /cache2 > /dev/da0s1e 40622796 2540572 34832402 > 7% 312023 4940071 > 6% /usr > /dev/da0s1d 60931274 225310 55831464 > 0% 337 > 7889581 0% /var > > I have specfied cache size : cache_dir diskd /cache1 > 6 16 256 Q1=72 Q2=64 > > > I dont know what to do, pls help me out. > An early reponse is requested, pls. > Regards, > .Goody. > > > >
[squid-users] squid 3.0 stable 14 terminates abnormally
subject squid version running on freebsd 7 dies and following messages is displayed. assertion failed: HttpHeader.cc:1196: "Headers[id].type == ftInt64" after search mailing list i found Amos's answer to wong asking to upgrade to 15 or changes in src/HttpHeader.cc. Trying Method-1 Apply latest patch. now i have download the squid-3.0.STABLE15.patch and changed the pwd to the source files from where i had previously installed the stable 14 version, but when i apply this patch using command patch < /path/squid-3.0.STABLE15.patch, it successfully hunks some files and then stops and says "Hmm... The next patch looks like a unified diff to me...". So can any body tell me what should i do to continue On Trying Method-2 changes in src/HttpHeader.cc. after changing the said line i-e {"Max-Forwards", HDR_MAX_FORWARDS, ftInt}, to become {"Max-Forwards", HDR_MAX_FORWARDS, ftInt64}, i don't what to do further to tell squid adapt changes. should i run "make clean && make && make install" and it would be done!!!. Thanks in advance. .Goody.
[squid-users] squid becomes very slow during peak hours
Hi there, I am running squid 2.5 on freebsd 7, and my squid box respond very slow during peak hours. my squid machine have twin dual core processors, 4 ram and following hdds. Filesystem SizeUsed Avail Capacity Mounted on /dev/da0s1a9.7G241M8.7G 3%/ devfs 1.0K1.0K 0B 100%/dev /dev/da0s1f 73G 35G 32G52%/cache1 /dev/da0s1g 73G2.0G 65G 3%/cache2 /dev/da0s1e 39G2.5G 33G 7%/usr /dev/da0s1d 58G6.4G 47G12%/var below are the status and settings i have done. i need further guidance to improve the box. last pid: 50046; load averages: 1.02, 1.07, 1.02 up 7+20:35:29 15:21:42 26 processes: 2 running, 24 sleeping CPU states: 25.4% user, 0.0% nice, 1.3% system, 0.8% interrupt, 72.5% idle Mem: 378M Active, 1327M Inact, 192M Wired, 98M Cache, 112M Buf, 3708K Free Swap: 4096M Total, 20K Used, 4096M Free PID USERNAME THR PRI NICE SIZERES STATE C TIME WCPU COMMAND 49819 sbt1 1050 360M 351M CPU3 3 92:43 98.14% squid 487 root1 960 4372K 2052K select 0 57:00 3.47% natd 646 root1 960 16032K 12192K select 3 54:28 0.00% snmpd 49821 sbt1 -40 3652K 1048K msgrcv 0 0:13 0.00% diskd 49822 sbt1 -40 3652K 1048K msgrcv 0 0:10 0.00% diskd 49864 root1 960 3488K 1536K CPU2 1 0:04 0.00% top 562 root1 960 3156K 1008K select 0 0:04 0.00% syslogd 717 root1 80 3184K 1048K nanslp 0 0:02 0.00% cron 49631 x-man 1 960 8384K 2792K select 0 0:01 0.00% sshd 49635 root1 200 5476K 2360K pause 0 0:00 0.00% csh 49628 root1 40 8384K 2776K sbwait 1 0:00 0.00% sshd 710 root1 960 5616K 2172K select 1 0:00 0.00% sshd 49634 x-man 1 80 3592K 1300K wait 1 0:00 0.00% su 49820 sbt1 -80 1352K 496K piperd 3 0:00 0.00% unlinkd 49633 x-man 1 80 3456K 1280K wait 3 0:00 0.00% sh 765 root1 50 3156K 872K ttyin 1 0:00 0.00% getty 766 root1 50 3156K 872K ttyin 2 0:00 0.00% getty 767 root1 50 3156K 872K ttyin 2 0:00 0.00% getty 769 root1 50 3156K 872K ttyin 3 0:00 0.00% getty 771 root1 50 3156K 872K ttyin 1 0:00 0.00% getty 770 root1 50 3156K 872K ttyin 0 0:00 0.00% getty 768 root1 50 3156K 872K ttyin 3 0:00 0.00% getty 772 root1 50 3156K 872K ttyin 1 0:00 0.00% getty 47303 root1 80 8080K 3560K wait 1 0:00 0.00% squid 426 root1 960 1888K 420K select 0 0:00 0.00% devd 146 root1 200 1356K 668K pause 0 0:00 0.00% adjkerntz pxy# iostat tty da0pass0 cpu tin tout KB/t tps MB/s KB/t tps MB/s us ni sy in id 0 126 12.79 5 0.06 0.00 0 0.00 4 0 1 0 95 pxy# vmstat procs memory pagedisks faults cpu r b w avmfre flt re pi pofr sr da0 pa0 in sy cs us sy id 1 3 0 458044 10326812 0 0 030 5 0 0 273 1721 2553 4 1 95 pxy# netstat -am 1376/1414/2790 mbufs in use (current/cache/total) 1214/1372/2586/25600 mbuf clusters in use (current/cache/total/max) 1214/577 mbuf+clusters out of packet secondary zone in use (current/cache) 147/715/862/12800 4k (page size) jumbo clusters in use (current/cache/total/max) 0/0/0/6400 9k jumbo clusters in use (current/cache/total/max) 0/0/0/3200 16k jumbo clusters in use (current/cache/total/max) 3360K/5957K/9317K bytes allocated to network (current/cache/total) 0/0/0 requests for mbufs denied (mbufs/clusters/mbuf+clusters) 0/0/0 requests for jumbo clusters denied (4k/9k/16k) 0/7/6656 sfbufs in use (current/peak/max) 0 requests for sfbufs denied 0 requests for sfbufs delayed 0 requests for I/O initiated by sendfile 0 calls to protocol drain routines "netstat -an | grep "TIME_WAIT" | more " command 17 scroll pages of crt. some lines from squid.conf cache_mem 256 MB cache_replacement_policy heap LFUDA memory_replacement_policy heap GDSF cache_swap_low 80 cache_swap_high 90 cache_dir diskd /cache2 6 16 256 Q1=72 Q2=64 cache_dir diskd /cache1 6 16 256 Q1=72 Q2=64 cache_log /var/log/squid25/cache.log cache_access_log /var/log/squid25/access.log cache_store_log none half_closed_clients off maximum_object_size 1024 KB pxy# sysctl -a | grep maxproc kern.maxproc: 6164 kern.maxprocperuid: 5547 kern.ipc.somaxconn: 1024 kern.maxfiles: 12328 kern.maxfilesperproc: 11095 net.inet.ip.portrange.randomtime: 45 net.inet.ip.portrange.randomcps: 10 net.inet.ip.portrange.randomized: 1 net.inet.ip.p
Re: [squid-users] squid becomes very slow during peak hours
Thanks for replies, 1. i have tried squid 3.0 stable 14 for few weeks but the problems were there and performance issues was also severe. as we had previously 2.5 stable 10 running that's why i reverted to it temporarily. further i have squid 3.0/14 in place as i have install 2.5 in separate directry and i can squid 3.0/14 run it anytime. i will also welcome if you tell me the most stable version of squid. 2. secondly we are using RAID 5 and have very powerfull machine at present as compared to previous one, and previous was working good with the same amount of traffic and less powerfull system. 3. thirdly i have gigabit network card but yes i have 100 mb ethernet channel, but as defined in step 2 same link was working superb in previous setup. 4. i could not get chris robertson question regarding processors, i have two dual core xeon processors(3.2 ghz) and i captured stats at peak hours when performance was degraded. So what should i do??? Regards, --- On Wed, 7/1/09, Chris Robertson wrote: > From: Chris Robertson > Subject: Re: [squid-users] squid becomes very slow during peak hours > To: squid-users@squid-cache.org > Date: Wednesday, July 1, 2009, 2:25 AM > goody goody wrote: > > Hi there, > > > > I am running squid 2.5 on freebsd 7, > > As Adrian said, upgrade. 2.6 (and 2.7) support kqueue > under FreeBSD. > > > and my squid box respond very slow during peak > hours. my squid machine have twin dual core processors, 4 > ram and following hdds. > > > > Filesystem Size > Used Avail Capacity Mounted on > > /dev/da0s1a 9.7G 241M > 8.7G 3% / > > devfs 1.0K > 1.0K > 0B 100% /dev > > /dev/da0s1f 73G > 35G 32G > 52% /cache1 > > /dev/da0s1g 73G > 2.0G 65G > 3% /cache2 > > /dev/da0s1e 39G > 2.5G 33G > 7% /usr > > /dev/da0s1d 58G > 6.4G 47G 12% > /var > > > > > > below are the status and settings i have done. i need > further guidance to improve the box. > > > > last pid: 50046; load averages: > 1.02, 1.07, 1.02 > > > up > > > > 7+20:35:29 15:21:42 > > 26 processes: 2 running, 24 sleeping > > CPU states: 25.4% user, 0.0% nice, 1.3% > system, 0.8% interrupt, 72.5% idle > > Mem: 378M Active, 1327M Inact, 192M Wired, 98M Cache, > 112M Buf, 3708K Free > > Swap: 4096M Total, 20K Used, 4096M Free > > > > PID USERNAME THR > PRI NICE SIZE RES STATE > C TIME WCPU COMMAND > > 49819 sbt 1 105 > 0 360M 351M > CPU3 3 92:43 98.14% squid > > 487 root > 1 96 0 4372K > 2052K select 0 57:00 3.47% natd > > 646 root > 1 96 0 16032K 12192K select > 3 54:28 0.00% snmpd > > > SNIP > > pxy# iostat > > tty > da0 > pass0 > cpu > > tin tout KB/t tps > MB/s KB/t tps MB/s us ni sy in > id > > 0 126 > 12.79 5 > 0.06 0.00 0 > 0.00 4 0 1 0 95 > > > > pxy# vmstat > > procs memory > page > disks > faults cpu > > r b w avm > fre flt re pi po > fr sr da0 > pa0 in sy cs > us sy id > > 1 3 0 458044 103268 > 12 0 0 0 > > 30 5 0 0 > 273 1721 2553 4 1 95 > > > > Those statistics show wildly different utilization. > The first (top, I > assume) shows 75% idle (or a whole CPU in use). The > next two show 95% > idle (in effect, one CPU 20% used). How close (in > time) were the > statistics gathered? > > > > > some lines from squid.conf > > cache_mem 256 MB > > cache_replacement_policy heap LFUDA > > memory_replacement_policy heap GDSF > > > > cache_swap_low 80 > > cache_swap_high 90 > > > > cache_dir diskd /cache2 6 16 256 Q1=72 Q2=64 > > cache_dir diskd /cache1 6 16 256 Q1=72 Q2=64 > > > > cache_log /var/log/squid25/cache.log > > cache_access_log /var/log/squid25/access.log > > cache_store_log none > > > > half_closed_clients off > > maximum_object_size 1024 KB > > > > if anyother info required, i shall provide. > > > > The types (and number) of ACLs in use would be of interest > as well. > > > Regards, > > .Goody. > > > > Chris > >
Re: [squid-users] squid becomes very slow during peak hours
Nope! i haven't applied aufs, but i will try upgrading to 2.7 with aufs, and would get back with results. Thanks to all for support Regards, .Goody. --- On Thu, 7/2/09, Brett Glass wrote: > From: Brett Glass > Subject: Re: [squid-users] squid becomes very slow during peak hours > To: "goody goody" , squid-users@squid-cache.org > Cc: "Chris Robertson" , balique8...@yahoo.com, > hen...@henriknordstrom.net, "Amos jafferies Squid GURU" > Date: Thursday, July 2, 2009, 7:42 AM > I wonder if your problem might be > diskd. > > At one time, diskd was hailed as a great way to speed up a > cache, but that was back in the days when caches had a small > fraction of the load they do today. Nowadays, it appears > that diskd's overhead creates a huge bottleneck. > > Have you tried COSS or AUFS? > > --Brett Glass > >
[squid-users] website accessible on one proxy but not through another
Hi all, I am running (squid/2.5.STABLE10) on freebsd. I am running two different proxy server for different LANS, but users experiencing problem while visit below site on one proxy whereas the same site is accessible on another proxy. so please guide what could be the possible reason. I have tried to purge the cache but this object is not in the cache (404 error returned). Regards, .Goody. ERROR The requested URL could not be retrieved While trying to retrieve the URL: http://www.swift.com/about_swift/index.page? The following error was encountered: Connection Failed The system returned: (13) Permission denied The remote host or network may be down. Please try the request again
Re: [squid-users] website accessible on one proxy but not through another
Thank you for reply Amos. I figured out this it was actually a OS firewall rule which was causing problem. Regards, --- On Wed, 10/7/09, Amos Jeffries wrote: > From: Amos Jeffries > Subject: Re: [squid-users] website accessible on one proxy but not through > another > To: > Cc: squid-users@squid-cache.org > Date: Wednesday, October 7, 2009, 3:04 PM > goody goody wrote: > > Hi all, > > > > I am running (squid/2.5.STABLE10) on freebsd. > > > > I am running two different proxy server for > different LANS, but users experiencing problem while > visit below site on one proxy whereas the same site is > accessible on another proxy. so please guide what could be > the possible reason. > > > > I have tried to purge the cache but this object is not > in the cache (404 error returned). > > Good. That means it's a real live problem. Not a > temporary random event that got cached. > > > > > Regards, > > .Goody. > > > > ERROR > > The requested URL could not be retrieved > > > > > > > > > While trying to retrieve the URL: > > http://www.swift.com/about_swift/index.page? > > The following error was encountered: > > Connection Failed The system returned: > > (13) Permission denied > > > > The remote host or network may be down. Please try the > request again > > > Hmm, operating system returns "Permission Denied" to > opening a TCP link. Weird. > > > Please check: > > * what each configured DNS server for both working and > non-working proxy are returning for 'www.swift.com'. Try to > telnet to each IP from the non-working proxy machine. > > * whether SELinux is running and what the permissions are > for the Squid user ('nobody' or cache_effective_user in > squid.conf). > > > I've not seen a firewall send back that message, but just > in case followup by checking those settings as well. > > Amos > -- Please be using > Current Stable Squid 2.7.STABLE7 or 3.0.STABLE19 > Current Beta Squid 3.1.0.14 >
[squid-users] squid not being rotated
Hi EveryBody, i have observed that since a few days my squid cache logs are not being rotated even when i try to rotate through manual squid -k rotate command. so pls guide me how can i resolve this problem. i am runngind squid 2.7 on freebsd 7. Regards,
[squid-users] transparent+manual proxy on single squid
Hi, Dear squid gurus Pls guide me that whether can i run the single squid cache in transparent + manual mode at time or not? If yes then how? Best Regards, .Goody.
Re: [squid-users] transparent+manual proxy on single squid
>From transparent i mean that user do not enter proxy settings in browser >whereas in manual user have to. - Original Message From: Kinkie To: goody goody Cc: squid-users@squid-cache.org Sent: Wed, January 27, 2010 3:00:52 PM Subject: Re: [squid-users] transparent+manual proxy on single squid On Wed, Jan 27, 2010 at 9:45 AM, goody goody wrote: > Hi, > > Dear squid gurus > > Pls guide me that whether can i run the single squid cache in transparent + > manual mode at time or not? If yes then how? Transparent or interception? Interception, yes. Just point the clients to it. Transparent, not sure. -- /kinkie
Re: [squid-users] transparent+manual proxy on single squid
Okay Thanks i figured it out. Solution is to an additional line in the squid.conf like below. http_port : transparent http_port : Take care. - Original Message From: Kinkie To: goody goody Cc: squid-users@squid-cache.org Sent: Thu, January 28, 2010 1:51:41 PM Subject: Re: [squid-users] transparent+manual proxy on single squid On Thu, Jan 28, 2010 at 9:36 AM, goody goody wrote: > From transparent i mean that user do not enter proxy settings in browser > whereas in manual user have to. Ok, in Squid's usual terms, that's interception. Then you can :) -- /kinkie
[squid-users] Yahoo mail Display problem
Hi, I am running squid 2.5 on 5.4-RELEASE FreeBSD 5.4-RELEASE, since the number of years and was working very fine. Few days back i replaced my old windows 2003 DNS server and installed new server with windows server 2008 OS and configured DNS on it with the same IP address, since then i started to receive problem. "Unable to determine IP address from host name xxx" DNS server returned "No Address Records" This means Cache was unable to resolve host name present in the url check if the address is correct. Following the error I revisited the DNS configuration and found fine. after then i flushed the cache and recreated it using squid -z, assuming that it may help me out, but it didn't as after flushing the cache yahoo mail page started to appear scattered in the explorer. So can you please let me know why squid is behaving like this and how can i fix these issues? An early solution would be very helpful. Thanks and regards, .Goody.
[squid-users] Re: Yahoo mail Display problem
Can someone let me know the fix please. - Original Message From: goody goody To: squid-users@squid-cache.org Sent: Thu, April 15, 2010 12:16:38 PM Subject: Yahoo mail Display problem Hi, I am running squid 2.5 on 5.4-RELEASE FreeBSD 5.4-RELEASE, since the number of years and was working very fine. Few days back i replaced my old windows 2003 DNS server and installed new server with windows server 2008 OS and configured DNS on it with the same IP address, since then i started to receive problem. "Unable to determine IP address from host name xxx" DNS server returned "No Address Records" This means Cache was unable to resolve host name present in the url check if the address is correct. Following the error I revisited the DNS configuration and found fine. after then i flushed the cache and recreated it using squid -z, assuming that it may help me out, but it didn't as after flushing the cache yahoo mail page started to appear scattered in the explorer. So can you please let me know why squid is behaving like this and how can i fix these issues? An early solution would be very helpful. Thanks and regards, .Goody.
Re: [squid-users] Re: Yahoo mail Display problem
Thanks for reply. Please let me know which version of squid 2.7/3.1.1 is most stable i-e bug free bcoz i am gonna deploy it in production environment. Best Regards, - Original Message From: Kinkie To: goody goody Cc: squid-users@squid-cache.org Sent: Fri, April 16, 2010 2:21:16 PM Subject: Re: [squid-users] Re: Yahoo mail Display problem > - Original Message > From: goody goody > To: squid-users@squid-cache.org > Sent: Thu, April 15, 2010 12:16:38 PM > Subject: Yahoo mail Display problem > > Hi, > > I am running squid 2.5 on 5.4-RELEASE FreeBSD 5.4-RELEASE, since the number > of years and was working very fine. Hi Goody. 2.5 is a really OLD version of Squid (as in: YEARS old). The most up-to-date versions are 2.7 and 3.1.1 and they contain uncountable improvements and fixes;using those versions you're most likely to get help. If you can consider upgrading, please do so. -- /kinkie
Re: [squid-users] Re: Yahoo mail Display problem
Thanks for your help Amos, Actually the reason behind the question was my previous experience of 3.0.4 version, which i installed but after then it was shutting down after running for some time, and if there is not such a serious problem with 3.1.1 i would definitely love to install the latest to get benefit from new features. Best Regards, - Original Message From: Amos Jeffries To: squid-users@squid-cache.org Sent: Tue, April 20, 2010 6:31:58 PM Subject: Re: [squid-users] Re: Yahoo mail Display problem goody goody wrote: > Thanks for reply. > > Please let me know which version of squid 2.7/3.1.1 is most stable i-e bug > free bcoz i am gonna deploy it in production environment. > > Best Regards, > Both the same by that measure. 126 bugs and enhancement requests each. 2.7 being the oldest version still supported. We do recommend trying 3.1 first. Coming from 2.5 you will not already be using any of the features that have locked people into 2.7 use. Be careful of the configuration file though, since there are now two full versions worth of changes you have to leap over. If you need any help with the conversion the release notes and we are here. Amos -- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.1
Re: [squid-users] Re: Yahoo mail Display problem
Pls ignore my last email. Best Regards, .Goody. - Original Message From: goody goody To: Amos Jeffries ; squid-users@squid-cache.org Sent: Wed, April 21, 2010 10:25:58 AM Subject: Re: [squid-users] Re: Yahoo mail Display problem Thanks for your help Amos, Actually the reason behind the question was my previous experience of 3.0.4 version, which i installed but after then it was shutting down after running for some time, and if there is not such a serious problem with 3.1.1 i would definitely love to install the latest to get benefit from new features. Best Regards, - Original Message From: Amos Jeffries To: squid-users@squid-cache.org Sent: Tue, April 20, 2010 6:31:58 PM Subject: Re: [squid-users] Re: Yahoo mail Display problem goody goody wrote: > Thanks for reply. > > Please let me know which version of squid 2.7/3.1.1 is most stable i-e bug > free bcoz i am gonna deploy it in production environment. > > Best Regards, > Both the same by that measure. 126 bugs and enhancement requests each. 2.7 being the oldest version still supported. We do recommend trying 3.1 first. Coming from 2.5 you will not already be using any of the features that have locked people into 2.7 use. Be careful of the configuration file though, since there are now two full versions worth of changes you have to leap over. If you need any help with the conversion the release notes and we are here. Amos -- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.1
[squid-users] very slow browsing and page is not displaed properly
Hi, Version information and some statistics collected by me are as below. At times, my users complain the browsing becomes deadly slow and we page like yahoo, after much delay is displayed scattered and pictures are not visible rather "X" sign is displayed and after few times refresh screen becomes better. proxy-br# uname -a FreeBSD proxy-br 0-RELEASE FreeBSD 8.0-RELEASE #0: Sat Nov 21 15:48:17 UTC 2009 r...@almeida.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386 proxy-br# /usr/local/squid27/sbin/squid -v Squid Cache: Version 2.7.STABLE9 configure options: '--prefix=/usr/local/squid27' '--enable-async-io' '-enable-storeio=aufs,coss' '--enable-removal-policies=heap,lru' '--enable-snmp' '--with-openssl=/opt/ssl' '--enable-wccp' proxy-br# iostat -c 5 -w 3 tty da0pass0 cpu tin tout KB/t tps MB/s KB/t tps MB/s us ni sy in id 0 138 13.88 2 0.03 0.00 0 0.00 4 0 1 0 95 0 140 11.00 1 0.01 0.00 0 0.00 11 0 5 1 83 0 133 11.00 1 0.01 0.00 0 0.00 16 0 5 1 78 086 16.00 0 0.01 0.00 0 0.00 13 0 4 1 82 0 132 3.07 5 0.01 0.00 0 0.00 14 0 4 1 80 proxy-br# vmstat procs memory pagedisks faults cpu r b w avmfre flt re pi pofr sr da0 pa0 in sy cs us sy id 1 0 0924M 154M20 0 0 0 6 1 0 0 189 1178 1366 4 1 95 proxy-br# systat /0 /1 /2 /3 /4 /5 /6 /7 /8 /9 /10 Load Average || /0% /10 /20 /30 /40 /50 /60 /70 /80 /90 /100 root idle XX root idle X squid squid X root kernel X my squid.conf is as below http_port 3128 hierarchy_stoplist cgi-bin ? acl QUERY urlpath_regex cgi-bin \? no_cache deny QUERY cache_mem 256 MB visible_hostname pxy #negative_ttl 0 acl PURGE method PURGE acl localhost src 127.0.0.1 http_access allow PURGE localhost http_access deny PURGE cache_replacement_policy heap LFUDA memory_replacement_policy heap GDSF cache_dir aufs /cache 45000 16 256 cache_store_log /dev/null #/var/log/squid27/store.log cache_store_log none cache_swap_low 80 cache_swap_high 90 cache_log /var/log/squid27/cache.log cache_access_log /var/log/squid27/access.log half_closed_clients off ... ...acl... . #always_direct allow myiplist cache_mgr x...@ cache_effective_user squid cache_effective_group squid logfile_rotate 0 buffered_logs on nonhierarchical_direct off prefer_direct off ie_refresh on ftp_list_width 32 ftp_passive on ftp_sanitycheck on ftp_telnet_protocol on emulate_httpd_log on Your expert opinion is required, please. Warm Regards, .Goody.
Re: [squid-users] very slow browsing and page is not displaed properly
Dear Members, In addition to below information, I have added some more info regarding machine hardware and platform. RAM = 4 GB Processors = 4 HDDs SATA having implemented RAID-5 Running on VMWARE ESXi 3.5. Should you need any info, pls let me know. Waiting for your expert opinion, please. Warm Regards, .goody. - Original Message From: goody goody To: squid-users@squid-cache.org Sent: Thu, May 20, 2010 4:31:21 PM Subject: [squid-users] very slow browsing and page is not displaed properly Hi, Version information and some statistics collected by me are as below. At times, my users complain the browsing becomes deadly slow and we page like yahoo, after much delay is displayed scattered and pictures are not visible rather "X" sign is displayed and after few times refresh screen becomes better. proxy-br# uname -a FreeBSD proxy-br 0-RELEASE FreeBSD 8.0-RELEASE #0: Sat Nov 21 15:48:17 UTC 2009 r...@almeida.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386 proxy-br# /usr/local/squid27/sbin/squid -v Squid Cache: Version 2.7.STABLE9 configure options: '--prefix=/usr/local/squid27' '--enable-async-io' '-enable-storeio=aufs,coss' '--enable-removal-policies=heap,lru' '--enable-snmp' '--with-openssl=/opt/ssl' '--enable-wccp' proxy-br# iostat -c 5 -w 3 tty da0pass0 cpu tin tout KB/t tps MB/s KB/t tps MB/s us ni sy in id 0 138 13.88 2 0.03 0.00 0 0.00 4 0 1 0 95 0 140 11.00 1 0.01 0.00 0 0.00 11 0 5 1 83 0 133 11.00 1 0.01 0.00 0 0.00 16 0 5 1 78 086 16.00 0 0.01 0.00 0 0.00 13 0 4 1 82 0 132 3.07 5 0.01 0.00 0 0.00 14 0 4 1 80 proxy-br# vmstat procs memory pagedisks faults cpu r b w avmfre flt re pi pofr sr da0 pa0 in sy cs us sy id 1 0 0924M 154M20 0 0 0 6 1 0 0 189 1178 1366 4 1 95 proxy-br# systat /0 /1 /2 /3 /4 /5 /6 /7 /8 /9 /10 Load Average || /0% /10 /20 /30 /40 /50 /60 /70 /80 /90 /100 root idle XX root idle X squid squid X root kernel X my squid.conf is as below http_port 3128 hierarchy_stoplist cgi-bin ? acl QUERY urlpath_regex cgi-bin \? no_cache deny QUERY cache_mem 256 MB visible_hostname pxy #negative_ttl 0 acl PURGE method PURGE acl localhost src 127.0.0.1 http_access allow PURGE localhost http_access deny PURGE cache_replacement_policy heap LFUDA memory_replacement_policy heap GDSF cache_dir aufs /cache 45000 16 256 cache_store_log /dev/null #/var/log/squid27/store.log cache_store_log none cache_swap_low 80 cache_swap_high 90 cache_log /var/log/squid27/cache.log cache_access_log /var/log/squid27/access.log half_closed_clients off ... ...acl... . #always_direct allow myiplist cache_mgr x...@ cache_effective_user squid cache_effective_group squid logfile_rotate 0 buffered_logs on nonhierarchical_direct off prefer_direct off ie_refresh on ftp_list_width 32 ftp_passive on ftp_sanitycheck on ftp_telnet_protocol on emulate_httpd_log on Your expert opinion is required, please. Warm Regards, .Goody.
Re: [squid-users] very slow browsing and page is not displaed properly
Hi, Squid GURUs, Your response is required, please. Regards, .Goody. - Original Message From: goody goody To: squid-users@squid-cache.org Sent: Fri, May 21, 2010 1:52:23 AM Subject: Re: [squid-users] very slow browsing and page is not displaed properly Dear Members, In addition to below information, I have added some more info regarding machine hardware and platform. RAM = 4 GB Processors = 4 HDDs SATA having implemented RAID-5 Running on VMWARE ESXi 3.5. Should you need any info, pls let me know. Waiting for your expert opinion, please. Warm Regards, .goody. - Original Message From: goody goody To: squid-users@squid-cache.org Sent: Thu, May 20, 2010 4:31:21 PM Subject: [squid-users] very slow browsing and page is not displaed properly Hi, Version information and some statistics collected by me are as below. At times, my users complain the browsing becomes deadly slow and we page like yahoo, after much delay is displayed scattered and pictures are not visible rather "X" sign is displayed and after few times refresh screen becomes better. proxy-br# uname -a FreeBSD proxy-br 0-RELEASE FreeBSD 8.0-RELEASE #0: Sat Nov 21 15:48:17 UTC 2009 r...@almeida.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386 proxy-br# /usr/local/squid27/sbin/squid -v Squid Cache: Version 2.7.STABLE9 configure options: '--prefix=/usr/local/squid27' '--enable-async-io' '-enable-storeio=aufs,coss' '--enable-removal-policies=heap,lru' '--enable-snmp' '--with-openssl=/opt/ssl' '--enable-wccp' proxy-br# iostat -c 5 -w 3 tty da0 pass0 cpu tin tout KB/t tps MB/s KB/t tps MB/s us ni sy in id 0 138 13.88 2 0.03 0.00 0 0.00 4 0 1 0 95 0 140 11.00 1 0.01 0.00 0 0.00 11 0 5 1 83 0 133 11.00 1 0.01 0.00 0 0.00 16 0 5 1 78 0 86 16.00 0 0.01 0.00 0 0.00 13 0 4 1 82 0 132 3.07 5 0.01 0.00 0 0.00 14 0 4 1 80 proxy-br# vmstat procs memory page disks faults cpu r b w avm fre flt re pi po fr sr da0 pa0 in sy cs us sy id 1 0 0 924M 154M 20 0 0 0 6 1 0 0 189 1178 1366 4 1 95 proxy-br# systat /0 /1 /2 /3 /4 /5 /6 /7 /8 /9 /10 Load Average || /0% /10 /20 /30 /40 /50 /60 /70 /80 /90 /100 root idle XX root idle X squid squid X root kernel X my squid.conf is as below http_port 3128 hierarchy_stoplist cgi-bin ? acl QUERY urlpath_regex cgi-bin \? no_cache deny QUERY cache_mem 256 MB visible_hostname pxy #negative_ttl 0 acl PURGE method PURGE acl localhost src 127.0.0.1 http_access allow PURGE localhost http_access deny PURGE cache_replacement_policy heap LFUDA memory_replacement_policy heap GDSF cache_dir aufs /cache 45000 16 256 cache_store_log /dev/null #/var/log/squid27/store.log cache_store_log none cache_swap_low 80 cache_swap_high 90 cache_log /var/log/squid27/cache.log cache_access_log /var/log/squid27/access.log half_closed_clients off ... ...acl... . #always_direct allow myiplist cache_mgr x...@ cache_effective_user squid cache_effective_group squid logfile_rotate 0 buffered_logs on nonhierarchical_direct off prefer_direct off ie_refresh on ftp_list_width 32 ftp_passive on ftp_sanitycheck on ftp_telnet_protocol on emulate_httpd_log on Your expert opinion is required, please. Warm Regards, .Goody.
[squid-users] block usres who create their own proxy behind main proxy
Hi, In our organization we have restricted access to only limited IPs as per company policy, but what some users are doing that they are building their own proxy servers on any single allowed IP addresses and distribute access to their locally formed group. In this way our main proxy thinks that it is allowing access to only one IP whereas in real it is not the case. This has become a challenge and if there is any solution / work around to this please let me know. I am using squid 2.7 stable 6 on freebsd 7 release # 6 An early response is much appreciated. Regards, .Goody.
[squid-users] how to allow ftp connection through squid proxy
Hi there, I am currently using squid stable v.3 as transparent proxy on freebsd 6.4. i am facing problem when accessing the ftp site. can any body guide me or provide me some useful link, for tweaking the settings to allow ftp access through squid. many thanks, .Goody.
Re: [squid-users] how to allow ftp connection through squid proxy
Thanks for reply. i have added following lines to my squid.conf file but still it doesn't work. ... ... acl ftp_access proto FTP refresh_pattern ftp:99 99%60 override-expire override-lastmod http_access allow ftp_access pls guide me, shall be very thank full. .Goody. --- On Mon, 3/16/09, Amos Jeffries wrote: > From: Amos Jeffries > Subject: Re: [squid-users] how to allow ftp connection through squid proxy > To: "goody goody" > Cc: squid-users@squid-cache.org > Date: Monday, March 16, 2009, 4:41 PM > goody goody wrote: > > > > Hi there, > > > > I am currently using squid stable v.3 as transparent > proxy on freebsd 6.4. > > > > i am facing problem when accessing the ftp site. can > any body guide me or provide me some useful link, for > tweaking the settings to allow ftp access through squid. > > > > Squid can only map FTP objects into HTTP objects. > To do that use the ftp_access controls same as you would > http_access > > http://www.squid-cache.org/Doc/config/ > > > Amos > -- Please be using > Current Stable Squid 2.7.STABLE6 or 3.0.STABLE13 > Current Beta Squid 3.1.0.6 >
Re: [squid-users] how to allow ftp connection through squid proxy
i have inserted the ftp_access allow all command but squid says on parsing cache_cf.cc(346) squid.conf:73 unrecognized: 'ftp_access' ??? I have also tried to lookup that command on my squid books, but no clue. Thanks, --- On Wed, 3/18/09, Amos Jeffries wrote: > From: Amos Jeffries > Subject: Re: [squid-users] how to allow ftp connection through squid proxy > To: "goody goody" > Cc: squid-users@squid-cache.org > Date: Wednesday, March 18, 2009, 6:01 PM > goody goody wrote: > > Thanks for reply. > > > > i have added following lines to my squid.conf file but > still it doesn't work. > > > > ... > > ... > > acl ftp_access proto FTP > > > > refresh_pattern ftp: > > 99 99% > 60 override-expire override-lastmod > > > > http_access allow ftp_access > > > > > > > > pls guide me, shall be very thank full. > > > > Like this: > > http_access allow all > - permits all http://... requests > ftp_access allow all > - permits all ftp://... requests > > understand? > > Amos > > > > > .Goody. > > > > --- On Mon, 3/16/09, Amos Jeffries > wrote: > > > >> From: Amos Jeffries > >> Subject: Re: [squid-users] how to allow ftp > connection through squid proxy > >> To: "goody goody" > >> Cc: squid-users@squid-cache.org > >> Date: Monday, March 16, 2009, 4:41 PM > >> goody goody wrote: > >>> Hi there, > >>> > >>> I am currently using squid stable v.3 as > transparent > >> proxy on freebsd 6.4. > >>> i am facing problem when accessing the ftp > site. can > >> any body guide me or provide me some useful link, > for > >> tweaking the settings to allow ftp access through > squid. > >> Squid can only map FTP objects into HTTP objects. > >> To do that use the ftp_access controls same as you > would > >> http_access > >> > >> http://www.squid-cache.org/Doc/config/ > >> > >> > >> Amos > >> -- Please be using > >> Current Stable Squid 2.7.STABLE6 > or 3.0.STABLE13 > >> Current Beta Squid 3.1.0.6 > >> > > > > > > > > > -- > Please be using > Current Stable Squid 2.7.STABLE6 or > 3.0.STABLE13 > Current Beta Squid 3.1.0.6 >