Re: [squid-users] How can I block some porn website via SQUID?
Dear Marc, Thank you so much for your answer. You're really help me a lot. Thanks, Choth Marc Elsen wrote: Puth Chan Choth wrote: Dear All, I am very new to SQUID and I would like to block some porn websites? How can I do it via squid.conf file? Thank you so much for your assistance. ACL mechanism's can be used as in : http://www.squid-cache.org/Doc/FAQ/FAQ-10.html#ss10.4 If you want more advanced means you can also have a look at : http://www.squidguard.org/ M. Regards, Choth -- 'Time is a consequence of Matter thus General Relativity is a direct consequence of QM (M.E. Mar 2002) -- ++ Puth Chan Choth [EMAIL PROTECTED] ++ Website: http://www.forum.org.kh, E-mail: [EMAIL PROTECTED] ++ Open Forum Information Exchange Coordinator ++ Tel: +855 (23) 360 345, Fax: +855 (23) 360 345, Mobile: +855 (11) 928 056 ++ The Open Forum of Cambodia, House 245, Street 51, Phnom Penh / Cambodia
[squid-users] Problem...
Hi list: I´ve been configured Squid-2.5_1STABLE to caching my WWW server, this is the configuration, everything is Ok, but I´m getting one error message and I can´t fix it, any suggestion... cache_mem 16 MB shutdown_lifetime 0 seconds memory_pools off forwarded_for off acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl lan src 192.168.1.0/24 acl pool1 src 192.168.2.8/29 acl pool2 src 192.168.2.16/29 acl just_domain dstdomain .anydomain acl SSL_ports port 443 563 acl Safe_ports port 80 21 443 563 70 210 1025-65535 acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access deny to_localhost http_access allow lan http_access allow pool2 http_access allow pool1 just_domain http_access deny all #cache_effective_group cache_effective_user nobody httpd_accel_host virtual httpd_accel_port 80 httpd_accel_with_proxy on httpd_accel_uses_host_header on = This is the error message (/usr/local/squid/squid.out): Startup: Mon Feb 3 15:44:07 GMT 2003 2003/02/03 15:44:07| getrlimit: RLIMIT_VMEM: (22) Invalid argument I´ve FreeBSD 4.5 #0 STABLE
AW: [squid-users] Squid2.4 /etc/hosts
/etc/hosts is supported for squid 2.5, not for squid 2.4. Mit freundlichen Grüßen / regards Werner Rost - ZF Boge GmbH Werner Rost IT Friesdorfer Str. 175 D-53175 Bonn phone:+49/228/3825 420 fax: +49/228/3825 398 [EMAIL PROTECTED] www.boge-vibrationcontrol.com/ - -Ursprüngliche Nachricht- Von: Jay Turner [mailto:[EMAIL PROTECTED]] Gesendet am: Dienstag, 4. Februar 2003 10:20 An: [EMAIL PROTECTED] Betreff: RE: [squid-users] Squid2.4 /etc/hosts Hi All, I have resolved this issue I posted about last week by simply rebuilding the RedHat src RPM with --disable-internal-dns. I have now added the internal IP address of the web server to the proxy servers /etc/hosts file and all is well. The proxy connects to the internal address of the proxy and not the outside real world address as provided by a regular DNS lookup. The webserver is also listening on port 443 for a webmail connection. When a user requests https://webmail.company.com the DNS server returns the outside world IP address. Again squid needs to point to the internal IP address of this server for these requests. I tried adding webmail.company.com to /etc/hosts but this only resolves when you enter http://webmail.company.com but it sends the request to port 80 and thus the standard webserver returns the results not the webmail listening on 443. When entering https://webmail.company.com it continues to use the address provided by the DNS server. Is there a way I can get this to work as required. Adding the webmail address to the company internal DNS server has been ruled out by the company's tech staff. Thanks Jay -Original Message- From: Jay Turner [mailto:[EMAIL PROTECTED]] Sent: Wednesday, 29 January 2003 11:58 AM To: [EMAIL PROTECTED] Subject: [squid-users] Squid2.4 /etc/hosts Hi All, I am after some clarification regarding Squid-2.4.STABLE6-6.7.3 and the use of /etc/hosts. One of our proxies needs to access a webserver via it's internal address rather than its world DNS address. I have added the required information to /etc/hosts, confirmed nsswitch.conf is checking files before DNS and restarted squid but it does not seem to be taking. I have a Squid 2.5 box that uses the host_file attribute in squid.conf and it works no worries and I am able to see the listing via cachemgr under FQDN Cache Statistics. This information is not present in the 2.4STABLE6 version. Trawling the archives I found this post from Henrik: Squid-2.3 defaults to use an internal DNS client implementation, talking directly to your DNS server. Squid-2.4 too defaults to using an internal DNS client, but reads /etc/hosts on startup (I think, or maybe this is only in Squid-2.5?). -- Henrik Nordstrom Is this actually the case? It appears not in my testing. Is there a way I can add something to the Internal DNS that squid 2.4 uses? I realise that I can recompile Squid2.4 with --disable-internal-dns, but this is a production machine so re-compiling and upgrading to 2.5 are not an option at this point. The network configuration in which the server sits uses an unusual setup whereby adding an entry to the local DNS server in the network is not an option. I really require a solution that can be implemented on the Squid server. All advice appreciated Regards Jay
Re: [squid-users] SuSEfirewall2 vs Squid.
Hi Ilker... I am using IP 192.168.23.237 and if try to grep a ccording to my IP number, I found nothing. Strange... And if do tail -n 1000 ./access.log than I only find my network number 192.168.23.0 but I don't know what's wrong. Today morning the problem comes again. I had to restart my SuSEfirewall2 before my user can surf to the internet again. Sigh TAC. --- Ilker Gokhan [EMAIL PROTECTED] wrote: Prabu Subroto wrote: Hi Buddies. I have SuSEfirewall2 and Squid server running on SuSE Linux 8.1 . I wonder why my LAN users can not visit any homepages sometimes. In this situation, is there any log entry in access.log ? Regards, Ilker G. __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com
RE: [squid-users] Restart squid on Disconnect
having http_port at the default of any address is perfectly fine for dialup use. It does not make Squid request any specific IP address but will accept requests on whatever IP address your box currently have, even if those addresses did not exists when Squid started. The cause is somewhere else. Maybe you get assigned different DNS servers when you redial or something, I do not know. Regards Henrik tis 2003-02-04 klockan 06.18 skrev DAVID,Anthony: -Original Message- From: Ashir [mailto:[EMAIL PROTECTED]] Sent: Tuesday, February 04, 2003 4:11 PM To: [EMAIL PROTECTED] Subject: [squid-users] Restart squid on Disconnect I am connected to internet via MODEM. when ever i get disconnect i am forced to restart squid service. otherwise i am not able to browse. what could be the reason? Hi Ashir You probably get a new IP addess from your ISP that is different from the one you were bound to. From the comments in squid.conf:- # If you run Squid on a dual-homed machine with an internal # and an external interface then we recommend you to specify the # internal address:port in http_port. This way Squid will only be # visible on the internal address. # Specify the internal address and your problem should go away. If you are browsing from the squid box only, specify 127.0.0.1:port HTH Regards Anthony Notice: The information contained in this e-mail message and any attached files may be confidential information, and may also be the subject of legal professional privilege. If you are not the intended recipient any use, disclosure or copying of this e-mail is unauthorised. If you have received this e-mail in error, please notify the sender immediately by reply e-mail and delete all copies of this transmission together with any attachments. -- Henrik Nordstrom [EMAIL PROTECTED] MARA Systems AB, Sweden
Re: [squid-users] Problem...
The error looks harmless to me. If Squid starts you can most likely ignore this error. But I am a little confused on your Squid configuration for other reasons.. is this Squid to act as a reverse proxy infront of your HTTP server, or as a transparent intercepting proxy for your local users? The configuration seems to be for a transparent intercepting proxy. Regards Henrik mån 2003-02-03 klockan 17.04 skrev Mynx: Hi list: I´ve been configured Squid-2.5_1STABLE to caching my WWW server, this is the configuration, everything is Ok, but I´m getting one error message and I can´t fix it, any suggestion... cache_mem 16 MB shutdown_lifetime 0 seconds memory_pools off forwarded_for off acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl lan src 192.168.1.0/24 acl pool1 src 192.168.2.8/29 acl pool2 src 192.168.2.16/29 acl just_domain dstdomain .anydomain acl SSL_ports port 443 563 acl Safe_ports port 80 21 443 563 70 210 1025-65535 acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access deny to_localhost http_access allow lan http_access allow pool2 http_access allow pool1 just_domain http_access deny all #cache_effective_group cache_effective_user nobody httpd_accel_host virtual httpd_accel_port 80 httpd_accel_with_proxy on httpd_accel_uses_host_header on = This is the error message (/usr/local/squid/squid.out): Startup: Mon Feb 3 15:44:07 GMT 2003 2003/02/03 15:44:07| getrlimit: RLIMIT_VMEM: (22) Invalid argument I´ve FreeBSD 4.5 #0 STABLE -- Henrik Nordstrom [EMAIL PROTECTED] MARA Systems AB, Sweden
Re: [squid-users] Performance problems after unclear load situation (2.5.STABLE2, Solaris 8)
On Mon, Feb 03, 2003 at 01:41:53PM -0600, Peter Smith wrote: I would make 2 guesses. First is, what type of NICs do you have? There have been many problems with the TG3/Broadcom series of cards. I'm working with a totally unloaded Gigabit interface. The bottleneck is on the Internet connection, where we only have paid for 40MB/s. The other one is, what size/type of disk cache are you using? A 32GB SCSI-RAID1 on 4 disks using mirroring of 2 pairs. If you turn caching off, do you still have slowness? I'm not sure I should try that under full load ... If you run 'top', do you see squid processes that are in state D a lot (waiting for disk?) My top doesn't have that state :-) Squid seems to be running or sleeping most of the time, though. How many page faults is the server making? Perhaps it is constantly paging? Doesn't look like that, but I'll follow it at the next episode. Currently it just does a few hundred kilobyte pageins every 3 seconds from the filesystem. Thanks Jost -- | [EMAIL PROTECTED] Please help stamp out spam! | | Postmaster, JAPH, resident answer machine am RZ der RUB | | Pluralitas non est ponenda sine necessitate | | William of Ockham (1285-1347/49) |
[squid-users] why squid not use swap file?
HI, I've 2GB RAM on my squid box, 4GB swap file and 145GB cache dir. The squid use ALL of 2GB RAM, I think it would be great if I could use the 4GB swap file (it is totaly unused). Is it possible to configure squid to use swap file? FYI, here is my squid.conf: cache_mem 256 MB cache_swap_low 94 cache_swap_high 96 memory_replacement_policy heap LFUDA memory_pools on Best regards, zulkarnain __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com
Re: [squid-users] why squid not use swap file?
zulkarnain wrote: HI, I've 2GB RAM on my squid box, 4GB swap file and 145GB cache dir. The squid use ALL of 2GB RAM, I think it would be great if I could use the 4GB swap file (it is totaly unused). Is it possible to configure squid to use swap file? Which version of squid are you using ? On which os/platform/version ? See the FAQ on SQUID mem. usage versus configured cache dir(s), for instance. Your cache dir is very large, also your cache_mem setting hence your squid will use a lot of memory. Normal os-es will prevent use of SWAP unless 'there is no other way' This is good, not bad. Meaning that if you want squid to use less memory, then you will have to tweak cache_dir and or cache_mem params. M. FYI, here is my squid.conf: cache_mem 256 MB cache_swap_low 94 cache_swap_high 96 memory_replacement_policy heap LFUDA memory_pools on Best regards, zulkarnain __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com -- 'Time is a consequence of Matter thus General Relativity is a direct consequence of QM (M.E. Mar 2002)
[squid-users] Error message in cache.log
Hi, Someone can help us about the message below: 2003/02/04 13:29:36| AuthenticateNTLMHandleReply: invalid callback data. Releasing helper '0x823ed58'. 2003/02/04 13:30:19| AuthenticateNTLMHandleReply: invalid callback data. Releasing helper '0x823cca8'. 2003/02/04 13:32:51| AuthenticateNTLMHandleReply: invalid callback data. Releasing helper '0x823cca8'. 2003/02/04 13:39:06| AuthenticateNTLMHandleReply: invalid callback data. Releasing helper '0x823cca8'. 2003/02/04 13:40:01| AuthenticateNTLMHandleReply: invalid callback data. Releasing helper '0x823ed58'. 2003/02/04 13:40:39| AuthenticateNTLMHandleReply: invalid callback data. Releasing helper '0x823ed58'. 2003/02/04 13:40:46| AuthenticateNTLMHandleReply: invalid callback data. Releasing helper '0x823cca8'. It´s a frequenty message in our cache.log. How can we resolv it ? Thanks, Hedwio - This mail sent through IMP: http://horde.org/imp/
Re: [squid-users] Error message in cache.log
[EMAIL PROTECTED] wrote: We have a squid-2.5.STABLE1 in a RedHat 7.3 kernel 2.4.18-3 with authentication in AD (W2K), winbind and NTLM. There has been a thread on this during the previous month. It seems that the error is due to browsers aborting requests before NTLM negotiation is completed. Hence this would not be real problem concerning your 'NTLM configuration'. Checkout : http://www.squid-cache.org/mail-archive/squid-users/200301/ And look for 'invalid' with the help of your browser's find option. M. Hedwio Citando Marc Elsen [EMAIL PROTECTED]: [EMAIL PROTECTED] wrote: Hi, Someone can help us about the message below: 2003/02/04 13:29:36| AuthenticateNTLMHandleReply: invalid callback data. Releasing helper '0x823ed58'. 2003/02/04 13:30:19| AuthenticateNTLMHandleReply: invalid callback data. Releasing helper '0x823cca8'. 2003/02/04 13:32:51| AuthenticateNTLMHandleReply: invalid callback data. Releasing helper '0x823cca8'. 2003/02/04 13:39:06| AuthenticateNTLMHandleReply: invalid callback data. Releasing helper '0x823cca8'. 2003/02/04 13:40:01| AuthenticateNTLMHandleReply: invalid callback data. Releasing helper '0x823ed58'. 2003/02/04 13:40:39| AuthenticateNTLMHandleReply: invalid callback data. Releasing helper '0x823ed58'. 2003/02/04 13:40:46| AuthenticateNTLMHandleReply: invalid callback data. Releasing helper '0x823cca8'. It´s a frequenty message in our cache.log. How can we resolv it ? Which squid version are you using ? On which platform/os/version ? M. Thanks, Hedwio - This mail sent through IMP: http://horde.org/imp/ -- 'Time is a consequence of Matter thus General Relativity is a direct consequence of QM (M.E. Mar 2002) - This mail sent through IMP: http://horde.org/imp/ -- 'Time is a consequence of Matter thus General Relativity is a direct consequence of QM (M.E. Mar 2002)
[squid-users] Redirect some URLs to another squid...?
hi folks, following situation: I have a squid running which all users use for internet access. Our Co-Bussiness has another proxy which controls who can access there _intranet_ (the Proxy IP is the only allowed one). So, i want my users to use my proxy if they want to access the internet, and if they want to reach the Co-Business intranet my squid should redirect this request to the other proxy as it is... I think of something like (this is fiktive): if httpurl = http://intranet.wherever.org then redirect to proxy on 123.123.123.123:3128 Anyone a solution for me? sorry for my poor english regards Ingram Melchour -- +++ GMX - Mail, Messaging more http://www.gmx.net +++ NEU: Mit GMX ins Internet. Rund um die Uhr für 1 ct/ Min. surfen!
[squid-users] NTLM/Basic Authentication problem with blocked user
Hi, I have implemented NTLM and it works very nice. We have a well Know public user on our network which I want to block completely from anything. If the user logs on and launches Internet Explorer then all that is presented the Username/logon banner and despite entering the correct password the user never gets access. If I launch Netscape from a UNIX box then basic authentication takes over (I am assuming this!) and not NTLM. If I enter the Same username/password which is blocked then the user is allowed access!! My squid.conf file Acl UnauthorisedUser proxy_auth MyDomain\BlockedUser Acl AuthorisedUsers proxy_auth REQUIRED Http_access deny unauthorisedUser Http_access allow AuthorisedUsers I looked at the FAQ and noticed the following example. acl USER1 proxy_auth Dick acl USER2 proxy_auth Jane acl DAY time 06:00-18:00 http_access allow USER1 DAY http_access deny USER1 http_access allow USER2 !DAY http_access deny USER2 Does this mean I should switch allow and deny rules around. Thanks Chris
[squid-users] RE: SQUID V2.5 and cache disk configs
Hi there, We have six (6) Proliant DL380 G3 servers running RedHat Linux V8.0 with 2.5GB of RAM and 6 x 18.2GB disks (configured as JBODs). We've installed Squid V2.5 and are now wondering about how best to configure our disks. Would it make sense to configure the remaining 5 drives using LVM to create one large cache disk... or simply create 5 individual cache disks??? TIA!! Kevin Cavanagh
RE: [squid-users] Squid2.4 /etc/hosts
On Wed, 2003-02-05 at 12:02, Jay Turner wrote: But it is maintained by Red Hat who backport any security patches to the 2.4 version they ship with 7.3. If you could please re-read my post you will note that I have recompiled with --disable-internal-dns and it successfully references /etc/hosts for http:// pages. My question relates to https:// pages and having squid do a local lookup from somewhere for the IP address rather than fetching it from the DNS (as it does with /etc/hosts for http:// requests). Which you probably can't do. If the CONNECT verb is provided to squid with an ip address rather than a hostname, no proxy can do what you are asking. If a hostname is provided, then the same host-ip lookup path is followed as for http:// requests. Check access.log. If you see CONNECT ipaddress:443 then you need to look at using a redirectory to alter the requested IP address. If you see CONNECT hostname:443, then please log a bug in bugzilla. Rob -- GPG key available at: http://users.bigpond.net.au/robertc/keys.txt. signature.asc Description: This is a digitally signed message part
[squid-users] cache takes long before it updates a site!
hello im having problems on my squid server, here's the scenario. I have a website outside of my ip/block i update it once' a while like every minute. Now when i try to reload the page that i have update squid does not update it i mean it still cache the old one. when i tried to access it directly i can see the update that i had, but when i get back again on it still the old one. I think it updates but it takes so long! I tried updating and reading the faq and the docs but i really can't see the correct options on the config, is there anyone here that has similar problems as i am having on my cache/squid? is there a solution that i can adjust? on my configs? pls advise. -- thanks, louie miranda
Re: [squid-users] cache takes long before it updates a site!
You mean add this line? Or add a meta-refresh rate? meta content=text/html charset=UTF-8 http-equiv=content-type You need to issue appropriate metadata from your web server. Squid only knows what the webserver tells it about the freshness and lifetime of the cached obejcts. -- thanks, louie miranda chikka asia, inc. noc +63-2(7535000-511) Engineering does not require science. Science helps a lot but people built perfectly good brick walls long before they knew why cement works. - Original Message - From: Robert Collins [EMAIL PROTECTED] To: louie miranda [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Wednesday, February 05, 2003 12:48 PM Subject: Re: [squid-users] cache takes long before it updates a site!
RE: [squid-users] Squid2.4 /etc/hosts
Hi Robert, Thanks for your reply. Checking the log file the CONNECT method is provided to squid with the hostname webmail.company.com however the IP address that is shown is the world address rather than the address specified in the /etc/hosts file. ie /etc/hosts entry: 10.14.12.122 webmail.company.com Browser Request: https://webmail.company.com Log Shows: 10.14.12.123 TCP_MISS/503 0 CONNECT webmail.company.com:443 - DIRECT/203.123.xxx.xxx - So you are saying this should work and is probably a bug? -Original Message- From: Robert Collins [mailto:[EMAIL PROTECTED]] Sent: Wednesday, 5 February 2003 9:14 AM To: [EMAIL PROTECTED] Cc: Henrik Nordstrom; [EMAIL PROTECTED] Subject: RE: [squid-users] Squid2.4 /etc/hosts On Wed, 2003-02-05 at 12:02, Jay Turner wrote: But it is maintained by Red Hat who backport any security patches to the 2.4 version they ship with 7.3. If you could please re-read my post you will note that I have recompiled with --disable-internal-dns and it successfully references /etc/hosts for http:// pages. My question relates to https:// pages and having squid do a local lookup from somewhere for the IP address rather than fetching it from the DNS (as it does with /etc/hosts for http:// requests). Which you probably can't do. If the CONNECT verb is provided to squid with an ip address rather than a hostname, no proxy can do what you are asking. If a hostname is provided, then the same host-ip lookup path is followed as for http:// requests. Check access.log. If you see CONNECT ipaddress:443 then you need to look at using a redirectory to alter the requested IP address. If you see CONNECT hostname:443, then please log a bug in bugzilla. Rob -- GPG key available at: http://users.bigpond.net.au/robertc/keys.txt.
Re: [squid-users] AIM problem with Authentication
[EMAIL PROTECTED] wrote: The correct question is: How do you get a version of the AIM client which supports HTTP proxy authentication. The AIM client does support HTTP proxy and I have had it work with Netscape Proxy in the past with no problems. With authentication? Regards Henrik
Re: [squid-users] cache takes long before it updates a site!
louie miranda wrote: You mean add this line? Or add a meta-refresh rate? meta content=text/html charset=UTF-8 http-equiv=content-type No. This line only tells your browser to expect that the document is written using UTF-8 character encoding.. has nothing to do with freshness. What robert is talking about is the Expires: and/or Cache-Control: max-age=... HTTP headers. These are controlled by you web server configuration. See also the refersh_pattern setting in squid.conf. Regards Henrik
Re: [squid-users] X-Forwarded Help
See http://devel.squid-cache.org/projects.html#follow_xff Regards Henrik Jason M. Kusar wrote: Not sure if this is possible, but does anyone know whether it is possible for squid to look at the ip specified in the X-Forwarded-For header instead of the origin ip? Basically I want to use source ACL's, but I can't right now because the squid proxy is the second in line so it sees all requests as coming from the same server. The proxy in front of squid puts the origin ip into the headers so I just need to get squid to read them. If anyone knows how to do this, please let me know. I'm using squid 2.5. Thanks, Jason
Re: [squid-users] Re: AW: [Group-ldap-auth-help] AD auth with squid 2.5
Daniel Barron wrote: I would recommend matching the member attribute of group objects. I agree, however that seems more difficult as squid only passes the user name in the form 'daniel' where as the filter needs it in 'cn=daniel,ou=test,dc=jadeb,dc=com' so I opted for (b). This is why the updated helper has options to look up the user DN in the same manner as squid_ldap_auth does. See the -F, -B and -u arguments. These corresponds directly to the -f, -b and -u arguments of squid_ldap_auth. Regards Henrik
Re: [squid-users] Squid2.4 /etc/hosts
Jay Turner wrote: But it is maintained by Red Hat who backport any security patches to the 2.4 version they ship with 7.3. Sure.. you get the most blatant security fixes, but nearly no other bug fixes. If you have any issue with Squid-2.4 and ask here on Squid-users the first response will unconditionally be upgrade to the current STABLE release. If you could please re-read my post you will note that I have recompiled with --disable-internal-dns and it successfully references /etc/hosts for http:// pages. My question relates to https:// pages and having squid do a local lookup from somewhere for the IP address rather than fetching it from the DNS (as it does with /etc/hosts for http:// requests). Squid does not make any difference between hostnames in a GET or a CONNECT request. What does access.log show for these https://; requests (btw, Squid-2.4 technically does not support https://, only proxy tunnelling of SSL via CONNECT). Regards Henrik
Re: [squid-users] RE: SQUID V2.5 and cache disk configs
Lightfoot.Michael wrote: I have tried both striping across two or more disks and individual disk filesystems and concur with Robert. There is no measurable performance gain in striping and there is a cache availablility gain in using more than one cache directory (you never lose the whole cache if you have an individual disk failure.) Also system recovery time is improved when using separate drives * fsck can run in parallell on each drive if needed * full cleanout of the cache with mkfs can also be done in parallell on all the drives Only benefits from having separate drives, no drawbacks. Regards Henrik
Re: [squid-users] squidguard
Jason Parlevliet wrote: Works fine with 2.4, and it should work with 2.5. Because it uses external hooks in Squid, it should work with any version that supports external redirectors It does. Regards Henrik
Re: [squid-users] Squid2.4 /etc/hosts
What do you get in Squid access.log on a request for http://webmail.company.com/? Are you using any redirectors? Regard Henrik Jay Turner wrote: Hi Robert, Thanks for your reply. Checking the log file the CONNECT method is provided to squid with the hostname webmail.company.com however the IP address that is shown is the world address rather than the address specified in the /etc/hosts file. ie /etc/hosts entry: 10.14.12.122 webmail.company.com Browser Request: https://webmail.company.com Log Shows: 10.14.12.123 TCP_MISS/503 0 CONNECT webmail.company.com:443 - DIRECT/203.123.xxx.xxx - So you are saying this should work and is probably a bug? -Original Message- From: Robert Collins [mailto:[EMAIL PROTECTED]] Sent: Wednesday, 5 February 2003 9:14 AM To: [EMAIL PROTECTED] Cc: Henrik Nordstrom; [EMAIL PROTECTED] Subject: RE: [squid-users] Squid2.4 /etc/hosts On Wed, 2003-02-05 at 12:02, Jay Turner wrote: But it is maintained by Red Hat who backport any security patches to the 2.4 version they ship with 7.3. If you could please re-read my post you will note that I have recompiled with --disable-internal-dns and it successfully references /etc/hosts for http:// pages. My question relates to https:// pages and having squid do a local lookup from somewhere for the IP address rather than fetching it from the DNS (as it does with /etc/hosts for http:// requests). Which you probably can't do. If the CONNECT verb is provided to squid with an ip address rather than a hostname, no proxy can do what you are asking. If a hostname is provided, then the same host-ip lookup path is followed as for http:// requests. Check access.log. If you see CONNECT ipaddress:443 then you need to look at using a redirectory to alter the requested IP address. If you see CONNECT hostname:443, then please log a bug in bugzilla. Rob -- GPG key available at: http://users.bigpond.net.au/robertc/keys.txt.
