Re: [squid-users] Transparent Proxy and Missing Host Header in Squid-NT
Hi, Il 00.24 14/03/2003 Gary Price \(ICT\) ha scritto: Hi I would like to set up transparent proxying using Squid-NT. My plan was to use Windows RRAS to NAT packets as they arrive, so that their port is changed from 80 to 8080. Has anyone tried this? I have received some success reports about RRAS use. If You are able to make this work, please send me the configuration, I will publish it on the Squid NT web site. Regards Guido Also, in the same situation, is it possible to deal with the missing host headers as we do on *NIX platforms? Thanks Gary Price ICT - === Serassio Guido Via Albenga, 11/4 10134 - Torino - ITALY E-mail: [EMAIL PROTECTED] WWW: http://www.serassio.it
[squid-users] aufs eith pthreads
Hello All, I installed squid-2.5 with usfs and with 32 pthreads in Redhat linux-8.0. When i run squid is was able to see only one parent and child process. But in older version i was able to see all the 32 threads. Is there anyway to check howmany threads did squid has taken? regards Jack __ Do You Yahoo!? Everything you'll ever need on one web page from News and Sport to Email and Music Charts http://uk.my.yahoo.com
Re: [squid-users] authenticate_ip_ttl logging
Henrik Nordstrom <[EMAIL PROTECTED]> writes: > Not easily, but as a quick fix adding a log statement to the acl > processing of max_user_ip might suffice. However, you migth then be > somewhat flooded with messages if the users persists in trying to get > access. Yes, that would work. As another quick and dirty trick logging to syslog with its own severity and letting syslog consolidate the identical lines would solve the flood objection. -- There is only one war, and it's not the rich against the poor, the blacks against the whites, the Federation against the Borg, or the Democrats versus the Republicans. It's those of us who aren't complete idiots against those of us who are.
Re: [squid-users] Problem accessing site
On Thu, 13 Mar 2003 17:15:59 -0600 Jacob S. <[EMAIL PROTECTED]> wrote: > I'm currently using an acl to only allow access to a list of sites in > an"unblock.txt" file and it's working great for most sites, but I've > hit a snag. (I know, it's kind of a cumbersome process only allowing > access to a select few sites, but that's what I'm needing it to do > right now.) > > When I try to access http://www.joker.com I get an access denied error > like the following: > > While trying to retrieve the URL: joker.com:443 > > The following error was encountered: > > * Access Denied. Thanks to Simon for his help off list, it's now working. I had to put the url in as "joker.com" instead of/in addition to ".joker.com". The strange part is I did a little bit of playing around and noticed that I can access urls such as http://6texans.net if I have the line ".6texans.net" in my unblock file, but I am not able to access https://6texans.net. To access an https site with a url of the type https://something.tld (minus the"www"), I can't have a "." in front of it in my unblock file. This seems a little inconsistent for it to work one way with http and another for https, doesn't it? Or am I just misunderstanding how Squid works? Thanks, Jacob - GnuPG Key: 1024D/16377135 In a world without fences, who needs Gates? http://www.linux.org/
Re: [squid-users] Logging of denied sites and setting up acl
I found my answer. TCP_MISS/403 means that it was denied so I am blocking gator. I finally found the page that deciphers all the codes in access.log thanks Gary -- Original Message -- From: Henrik Nordstrom <[EMAIL PROTECTED]> Date: Wed, 12 Mar 2003 08:28:57 +0100 >On Wednesday 12 March 2003 04.04, Gary Hostetler wrote: >> I do not see in the acces.log where sites that I block are denied >> access. I am especailly trying to avoid that dreaded gator.com >> which I have set up an acl to deny but when I check the log it does >> tell me Miss on the gator entries but it doesn't tell me that it >> was denied. > >Then it probably was not denied. > >> Also when I put a list of domains to deny can that list be 100 >> names long or do I need to break it up. We have about 100 sites >> that we block on our 3Coms and I would like to cut and paste that >> list into squid.conf after I put the names one after another with a >> space in between. > >Better to put them in a separate file if the list is long. > >acl to_block dstdomain "/path/to/blocklist.txt" >and blocklist.txt contains a list of domains to block, one per line. >Lines starting with a # is ignored and assumed to be comments. > >Regards >Henrik > >
[squid-users] redirect_rewrites_host_header
Hello All, What is the exact functionality of "redirect_rewrites_host_header" When i am running squid as reverse proxy if i keep this tag as " on" some urls works without problem and some gets problem. If is set it as "off" everything works fine Adv thanks and Regards, Jack __ Do You Yahoo!? Everything you'll ever need on one web page from News and Sport to Email and Music Charts http://uk.my.yahoo.com
[squid-users] Partly related squid question
Ok, now i have installed privoxy for trapping those pop-ups, i have this setup workstations>privoxy(bind to eth0:1 to eth0:2-->squid(squidguard)->internet now what i want to do is, i want squid to return the requested URL directly to workstations workstations>privoxy(bind to eth0:1 to eth0:2-->squid(squidguard)->internet ^ | | | +--+ (results/requested URL) >From the looks of it, is this a question of re-routing traffic? If it does, how can i do this with iptables? Or can it be configured using squid? Thanks for the help.. --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.461 / Virus Database: 260 - Release Date: 3/10/2003 -- This message has been scanned for viruses and dangerous contents on SSCR Email Scanner Server, and is believed to be clean.
Re: [squid-users] CACHE_DIR_ACCESS
If you use Windows 2000 group policy and 2 boxes you can assign half of the users to one proxy box and the other half to the other. More than likely your internet connection is not as fast as your network and I believe this would give you much better speed than using one box and 2 caches. I just did this as we have 2 routers and I pipe one proxy server to one router and the overpriced 3Com webcache server to the other. The speed increase was incredible on the client's end. Gary -- Original Message -- From: Henrik Nordstrom <[EMAIL PROTECTED]> Date: Thu, 13 Mar 2003 23:08:01 +0100 >A squid works most efficiently if it can utilize the full resources >available. Performance will most likely be better for both groups is >they share the cache directories. > >Btw, what amount of requests/s and/or Mbps of internet traffic are we >talking about? > >Regards >Henrik > >Carlos Carrera wrote: >> >> I want to implement 2 caches to balance loads, that is to say, so that the >> proxy works with more efficiency and with the same one I number since of >> clients half of my clients 1 and the other half they work with the cache >> with the cache 2... >
[squid-users] Transparent Proxy and Missing Host Header in Squid-NT
Hi I would like to set up transparent proxying using Squid-NT. My plan was to use Windows RRAS to NAT packets as they arrive, so that their port is changed from 80 to 8080. Has anyone tried this? Also, in the same situation, is it possible to deal with the missing host headers as we do on *NIX platforms? Thanks Gary Price ICT
[squid-users] Problem accessing site
I'm currently using an acl to only allow access to a list of sites in an "unblock.txt" file and it's working great for most sites, but I've hit a snag. (I know, it's kind of a cumbersome process only allowing access to a select few sites, but that's what I'm needing it to do right now.) When I try to access http://www.joker.com I get an access denied error like the following: While trying to retrieve the URL: joker.com:443 The following error was encountered: * Access Denied. Port 443 is defined in the Safe_ports list in /etc/squid.conf and I have a line in my "unblock.txt" file that contains ".joker.com" Just for grins, I tried adding a line reading ".joker.com:443" to the file and restarted squid, but it's still giving me the same error. I can access other https and http sites just fine once they're added to the unblock file, so I'm a little stumped as to why this one's acting up. Can anyone give me any clues as to what I'm doing wrong? I'm running squid 2.4STABLE6 on Debian Woody, using kernel 2.2.19. TIA, Jacob - GnuPG Key: 1024D/16377135 In a world without fences, who needs Gates? http://www.linux.org/ pgp0.pgp Description: PGP signature
[squid-users] NTFS permissions
Hello All, If I have a page that has NTFS permissions on it will that page be cached? Will others be able to look at that without authenticating? AJ
Re: [squid-users] CACHE_DIR_ACCESS
A squid works most efficiently if it can utilize the full resources available. Performance will most likely be better for both groups is they share the cache directories. Btw, what amount of requests/s and/or Mbps of internet traffic are we talking about? Regards Henrik Carlos Carrera wrote: > > I want to implement 2 caches to balance loads, that is to say, so that the > proxy works with more efficiency and with the same one I number since of > clients half of my clients 1 and the other half they work with the cache > with the cache 2...
RE: [squid-users] Local Servers Question
Thanks Henrik! I actually received my answer earlier today. I didn't completely catch his name due to a noisy environment, but the assistance was much appreciated, and I do have things functioning almost the way I want. Unfortunately, the rest is beyond my control. Thanks again! Scott Wrosch email [EMAIL PROTECTED] > -Original Message- > From: Henrik Nordstrom [mailto:[EMAIL PROTECTED] > Sent: Thursday, March 13, 2003 3:19 PM > To: Scott Wrosch > Cc: [EMAIL PROTECTED] > Subject: Re: [squid-users] Local Servers Question > > Scott Wrosch wrote: > > > Is there a way in Squid (and I may have missed it if there, because I > > can't find it) to have it tell the client that the server that it's > > trying to request is a local server, and that it shouldn't use the > > proxy? Kind of like that little check box in Internet Explorer. > > Nope. > > If the client has sent the request to the proxy the proxy either has to > process the request, or give an error back to the user. > > > Or, if not, is there a way (whether it be through a batch file or a > > server script or something) to set it so that IE is automatically > > configured to bypass the proxy for a specific site? > > Sure. Many ways. Which one is least hard to implement depends heavily on > your environment. > > If the browsers are already configured to use a proxy configuration > script then just update the script with instructions on what do do on > requests for the domain. > > If not you will need to find some way to have a small program executed > on all client stations to reconfigure the browser proxy settings. This > can be run from a domain logon script or similar if your users are > logging on to a domain. > > Alternatively you can set up access controls in the proxy denying access > to the domain and return an error with instructions on the > reconfigurations needed instructing the user how to make the needed > changes. > > If you have a distributed administration framework such as SMS or > anything similar then the automatic change of the client configurations > may be possible to do via this also. > > Regards > Henrik
Re: [squid-users] CACHE_DIR_ACCESS
I want to implement 2 caches to balance loads, that is to say, so that the proxy works with more efficiency and with the same one I number since of clients half of my clients 1 and the other half they work with the cache with the cache 2... - Original Message - From: "Henrik Nordstrom" <[EMAIL PROTECTED]> To: "Carlos Carrera" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Thursday, March 13, 2003 3:20 PM Subject: Re: [squid-users] CACHE_DIR_ACCESS > Only by setting up two squids (possibly on the same server) > > Why do you want to divide the cache? Normally the cache improves the > more clients there are. > > Regards > Henrik > > > Carlos Carrera wrote: > > > > HELLO FRIENDS, I HAVE THEM AN INTERESTING QUESTION... > > > > as I can configure the squid so that a range of my clients works with the > > cache "/var/squid/cache1" and does the other range work with > > "/var/squid/cache2?" > > > > my clients have addresses private IPs of class B > > > > 172.16.1.0/24 > > 172.16.2.0/24 Range 1 > > > > 172.16.3.0/24 > > 172.16.4.0/24 Range 2 > > > > Thank you for their time... > > > > Greetings > > > > Carlos. >
Re: [squid-users] Only Caching!!! Without proxing !!
Not unless you give C some other IP address and instead give the address of C to the proxy.. Regards Henrik TMurugavelu wrote: > > Dear Henrik, > > In the below examable as you told . Squid will wrk only proxy tech. but Is > it possible to get the C's ip in A's server. Is there any parameter i hve > to change in below case. Kindly help me henrik. > Awaiting your reply > > regards > velu > > A is hotmail server > B is my local linux box > C is client machine > I am trying to access A(hotmail server) throu Squid Proxy running in B > (linux box). > In the above case in hotmail server log it is showing the Proxy B's ip is > displaying > I want the Client machine ip C should be display in the homtail maillog > access. > Can anyone help me in this regard. > > I have made the itables as below > > iptables -A PREROUTING -t NAT -p tcp --dport 80 -j REDIRECT --to-ports 3128 > > Can anyone suggest me free web tool to get interact with squid? > > Awaiting for your valuable repply > > Regards > velu > > 1 Henrik Nordstrom1 > > ons 2003-03-12 klockan 12.34 skrev TMurugavelu: > >> Dear members , > >> > >> I want my linux box to work as Caching server rather then proxy. > > > > You can't have caching without proxying. > > > > The caching is a byproduct of proxying, not a function on it's own. > > > > -- > > Henrik Nordstrom <[EMAIL PROTECTED]> > > MARA Systems AB, Sweden
Re: [squid-users] authenticate_ip_ttl logging
Not easily, but as a quick fix adding a log statement to the acl processing of max_user_ip might suffice. However, you migth then be somewhat flooded with messages if the users persists in trying to get access. Regards Henrik Lieven Marchand wrote: > > In recent versions of squid, the authenticate_ip_ttl mechanism has > been changed with the max_user_ip acl. Previous versions of squid > logged multiple ip address use with the user name which was handy to > force password changes of compromised userids. Is there a way to get > this logging back? > > -- > There is only one war, and it's not the rich against the poor, > the blacks against the whites, the Federation against the Borg, > or the Democrats versus the Republicans. It's those of us who > aren't complete idiots against those of us who are.
Re: [squid-users] Local Servers Question
Scott Wrosch wrote: > Is there a way in Squid (and I may have missed it if there, because I > can't find it) to have it tell the client that the server that it's > trying to request is a local server, and that it shouldn't use the > proxy? Kind of like that little check box in Internet Explorer. Nope. If the client has sent the request to the proxy the proxy either has to process the request, or give an error back to the user. > Or, if not, is there a way (whether it be through a batch file or a > server script or something) to set it so that IE is automatically > configured to bypass the proxy for a specific site? Sure. Many ways. Which one is least hard to implement depends heavily on your environment. If the browsers are already configured to use a proxy configuration script then just update the script with instructions on what do do on requests for the domain. If not you will need to find some way to have a small program executed on all client stations to reconfigure the browser proxy settings. This can be run from a domain logon script or similar if your users are logging on to a domain. Alternatively you can set up access controls in the proxy denying access to the domain and return an error with instructions on the reconfigurations needed instructing the user how to make the needed changes. If you have a distributed administration framework such as SMS or anything similar then the automatic change of the client configurations may be possible to do via this also. Regards Henrik
Re: [squid-users] ACL Helpers
By using the arp acl type. Note: For ARP aclt to work the clients must be directly attached to the same IP subnet as the Squid server. There MUST NOT be a router inbetween (including a intercepting router). Regards Henrik Mahesh Kudva wrote: > > Hi all, > I have Squid 2.5 running as a transparent proxy on R.H-7.3. I have compiled > squid using the enable-arp-acl option. How do I make use of it ..??? > > Regards > Maheshs S K
Re: [squid-users] How to do? Radius Authentication
Tushar Gupta wrote: > I am interested in knowing what is needed for making radius > authentication to work with squid. You can use either the native Radius authenticator for Squid (see related software), or connect to Radius via PAM. Regards Henrik
Re: [squid-users] , in the URL
Not that I know of, but I have to admit that I haven't used Squid-2.4 much.. Try upgrading to Squid-2.5 just in case. There is no reason to use Squid-2.4 any more, and even if you do prove there is a bug you most likely won't see a fix for it unless the same bug exists in 2.5. Regards Henrik Mihalis Tsoukalos wrote: > > Hello everyone :-) > > Did in the past squid (version 2.4 of squid) have any problems (bugs) with > URLs such as the following: > > http://site.com/tee/2003/mar/130303/foobar,property=Img.gif > > I am most concerned about the , (comma) in the URL as other URLs come > without problems. > > many thanks in advance, > Mihalis. > > > HTML Email Considered Harmful: http://expita.com/nomime.html > Please avoid sending Word, Excel or PowerPoint attachments.
Re: [squid-users] restrictive proxy forwarding
Robert Ainslie wrote: > The solution is to connect directly to the asp. My question is this: > How can I in squid get all requests for a certain domain to be handled > but the local squid box, ie route them down the direct pipe, while all > other requests are handled by the authenticating squid box on the main > internet connection? Normally you solve this by routing. You route the subnet of the ASP via the direct connection. No need to involve Squid configuration at all. Regards Henrik
Re: [squid-users] SquidGuard not related to Squid version?
Mihalis Tsoukalos wrote: > Is a SquidGuard version related to a specific Squid version? Nope. The versioning of SquidGuard is completely separate to the versioning of Squid. > That is: Can I use an older SquidGuard version with a newer version of Squid > and vice versa (a new SquidGuard version with an old Squid version)? Yes. You can mix as you like. Squid has been providing the same redirector interface since Squid-2.0. Regards Henrik
Re: [squid-users] CACHE_DIR_ACCESS
Only by setting up two squids (possibly on the same server) Why do you want to divide the cache? Normally the cache improves the more clients there are. Regards Henrik Carlos Carrera wrote: > > HELLO FRIENDS, I HAVE THEM AN INTERESTING QUESTION... > > as I can configure the squid so that a range of my clients works with the > cache "/var/squid/cache1" and does the other range work with > "/var/squid/cache2?" > > my clients have addresses private IPs of class B > > 172.16.1.0/24 > 172.16.2.0/24 Range 1 > > 172.16.3.0/24 > 172.16.4.0/24 Range 2 > > Thank you for their time... > > Greetings > > Carlos.
[squid-users] SquidGuard not related to Squid version?
Hello to everyone. Just one quick question: Is a SquidGuard version related to a specific Squid version? That is: Can I use an older SquidGuard version with a newer version of Squid and vice versa (a new SquidGuard version with an old Squid version)? many thanks in advance, Mihalis. HTML Email Considered Harmful: http://expita.com/nomime.html Please avoid sending Word, Excel or PowerPoint attachments.
[squid-users] CACHE_DIR_ACCESS
HELLO FRIENDS, I HAVE THEM AN INTERESTING QUESTION... as I can configure the squid so that a range of my clients works with the cache "/var/squid/cache1" and does the other range work with "/var/squid/cache2?" my clients have addresses private IPs of class B 172.16.1.0/24 172.16.2.0/24 Range 1 172.16.3.0/24 172.16.4.0/24 Range 2 Thank you for their time... Greetings Carlos.
[squid-users] Local Servers Question
Hello, I've got my workstations on the 192.168.1.0/24 network. I've got my web servers on the 10.10.0.0/24 network, which is the DMZ. Is there a way in Squid (and I may have missed it if there, because I can't find it) to have it tell the client that the server that it's trying to request is a local server, and that it shouldn't use the proxy? Kind of like that little check box in Internet Explorer. Or, if not, is there a way (whether it be through a batch file or a server script or something) to set it so that IE is automatically configured to bypass the proxy for a specific site? I haven't been able to search as extensively as I'd like to be able to for an answer to either of the above questions due to a variety of different projects that I'm working on taking up my time. Any assistance would be much appreciated. Thanks and regards, Scott Wrosch desk 248.333.7700 x227 pager 248.806.7657 text [EMAIL PROTECTED] email [EMAIL PROTECTED] "Our greatest glory is not in never falling but in rising every time we fall." -- Confucius
Re: [squid-users] ACL Helpers
Mahesh Kudva wrote: Hi all, I have Squid 2.5 running as a transparent proxy on R.H-7.3. I have compiled squid using the enable-arp-acl option. How do I make use of it ..??? This helps you: http://squid.bilkent.edu.tr/Doc/FAQ/FAQ-10.html#ss10.20 Regards, Ilker G. "Peace at home,peace at the world." K.Ataturk
[squid-users] wb_group locks my users
Scenario: +W2K A.D. Domain + squid 2.5 STABLE1. + wb_group as authenticator Sometime appears that some users (is randomic!) have user locked on the Domain Controller for accessing Internet using squid. I've noticed that in squid access.log there are many ACCESS_DENIED from ip machine since IE pass squid credential. ES: user "guest" on machine 10.10.10.10 I receive three four ACCESS_DENIED from that machine, after that I can see that IE pass DOMAIN\User to squid. How to solve lock problems ?
RE: [squid-users] How to do? authentication and ip-range
Could you send a sample squid.conf file and also if you are using a redirector, the config file for the redirector also. -Original Message- From: Sander Winkel [mailto:[EMAIL PROTECTED] Sent: Thu 3/13/2003 4:39 AM To: Lieven Marchand Cc: [EMAIL PROTECTED] Subject: Re: [squid-users] How to do? authentication and ip-range Thanks, it works! Sander Winkel - Original Message - From: "Lieven Marchand" <[EMAIL PROTECTED]> To: "Sander Winkel" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Thursday, March 13, 2003 10:02 AM Subject: Re: [squid-users] How to do? authentication and ip-range > "Sander Winkel" <[EMAIL PROTECTED]> writes: > > > I want to give only access to computers from an specified ip-range and the > > users at that ip-range must be validated with radius authentication. > > The radius authentication works well, but I don't know how to define that > > only the specified IP-range have access to the server. > > Oh yes, I know that it could as specified below: > > > > acl clients src 192.168.0.0/255.255.255.0 > > http_access allow clients > > > > But when I put this before: > > > > http_access allow password > > > > All the users within that range have access to the cache without > > authentication. > > > > I think that's not so difficult to get this work, but I don't see the > > solution at the moment. > > I hope you can help me. > > acl's can be combined so you do > > http_access allow clients password > > -- > There is only one war, and it's not the rich against the poor, > the blacks against the whites, the Federation against the Borg, > or the Democrats versus the Republicans. It's those of us who > aren't complete idiots against those of us who are.
Re: [squid-users] How to do? authentication and ip-range
"Tushar Gupta" <[EMAIL PROTECTED]> writes: > Also is it possible to generate both start of session and end of session > records using squid using any authentication mechanism. I am looking > forward to do accounting based on number of hours of usage. HTTP is inherently a stateless protocol and the client authenticates to the proxy for every request. So there is no session or "end of session". You can kludge things together on the basis of considering each 5 minute period with at least one request part of an ongoing session etc. but accounting based on the number of bytes transferred seems more appropriate. -- There is only one war, and it's not the rich against the poor, the blacks against the whites, the Federation against the Borg, or the Democrats versus the Republicans. It's those of us who aren't complete idiots against those of us who are.
RE: [squid-users] How to do? authentication and ip-range
Hi, I am interested in knowing what is needed for making radius authentication to work with squid. Also is it possible to generate both start of session and end of session records using squid using any authentication mechanism. I am looking forward to do accounting based on number of hours of usage. Thanks in advance, Tushar -Original Message- From: Sander Winkel [mailto:[EMAIL PROTECTED] Sent: Thursday, March 13, 2003 3:09 PM To: Lieven Marchand Cc: [EMAIL PROTECTED] Subject: Re: [squid-users] How to do? authentication and ip-range Thanks, it works! Sander Winkel - Original Message - From: "Lieven Marchand" <[EMAIL PROTECTED]> To: "Sander Winkel" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Thursday, March 13, 2003 10:02 AM Subject: Re: [squid-users] How to do? authentication and ip-range > "Sander Winkel" <[EMAIL PROTECTED]> writes: > > > I want to give only access to computers from an specified ip-range and the > > users at that ip-range must be validated with radius authentication. > > The radius authentication works well, but I don't know how to define that > > only the specified IP-range have access to the server. > > Oh yes, I know that it could as specified below: > > > > acl clients src 192.168.0.0/255.255.255.0 > > http_access allow clients > > > > But when I put this before: > > > > http_access allow password > > > > All the users within that range have access to the cache without > > authentication. > > > > I think that's not so difficult to get this work, but I don't see the > > solution at the moment. > > I hope you can help me. > > acl's can be combined so you do > > http_access allow clients password > > -- > There is only one war, and it's not the rich against the poor, > the blacks against the whites, the Federation against the Borg, > or the Democrats versus the Republicans. It's those of us who > aren't complete idiots against those of us who are.
Re: [squid-users] restrictive proxy forwarding
"Robert Ainslie" <[EMAIL PROTECTED]> writes: > I have a very large network with an internet connection and an > authenticating squid proxy server. We have an important web > application that is hosted by a 3rd party asp but our internet pipe is > way overutilised which makes the application unusable. (any more > bandwidth we throw at the internet pipe will be snapped up and will > not solve the problem, managment issue. > > The solution is to connect directly to the asp. My question is this: > How can I in squid get all requests for a certain domain to be handled > but the local squid box, ie route them down the direct pipe, while all > other requests are handled by the authenticating squid box on the main > internet connection? > > The direct connection I think has to happen. If anyone can help with > the above it would be great or suggest other ideas, iptables...? Delay pools might be an answer. Put your asp traffic in one pool, the rest of the internet traffic in another and guarantee a certain bandwidth for the asp. -- There is only one war, and it's not the rich against the poor, the blacks against the whites, the Federation against the Borg, or the Democrats versus the Republicans. It's those of us who aren't complete idiots against those of us who are.
[squid-users] ACL Helpers
Hi all, I have Squid 2.5 running as a transparent proxy on R.H-7.3. I have compiled squid using the enable-arp-acl option. How do I make use of it ..??? Regards Maheshs S K
[squid-users] restrictive proxy forwarding
I have a very large network with an internet connection and an authenticating squid proxy server. We have an important web application that is hosted by a 3rd party asp but our internet pipe is way overutilised which makes the application unusable. (any more bandwidth we throw at the internet pipe will be snapped up and will not solve the problem, managment issue. The solution is to connect directly to the asp. My question is this: How can I in squid get all requests for a certain domain to be handled but the local squid box, ie route them down the direct pipe, while all other requests are handled by the authenticating squid box on the main internet connection? The direct connection I think has to happen. If anyone can help with the above it would be great or suggest other ideas, iptables...? Thanks ___ http://www.webmail.co.za the South-African free email service NetWiseGurus.Com Portal - Your Own Internet Business Today!
[squid-users] authenticate_ip_ttl logging
In recent versions of squid, the authenticate_ip_ttl mechanism has been changed with the max_user_ip acl. Previous versions of squid logged multiple ip address use with the user name which was handy to force password changes of compromised userids. Is there a way to get this logging back? -- There is only one war, and it's not the rich against the poor, the blacks against the whites, the Federation against the Borg, or the Democrats versus the Republicans. It's those of us who aren't complete idiots against those of us who are.
Re: [squid-users] How to do? authentication and ip-range
Thanks, it works! Sander Winkel - Original Message - From: "Lieven Marchand" <[EMAIL PROTECTED]> To: "Sander Winkel" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Thursday, March 13, 2003 10:02 AM Subject: Re: [squid-users] How to do? authentication and ip-range > "Sander Winkel" <[EMAIL PROTECTED]> writes: > > > I want to give only access to computers from an specified ip-range and the > > users at that ip-range must be validated with radius authentication. > > The radius authentication works well, but I don't know how to define that > > only the specified IP-range have access to the server. > > Oh yes, I know that it could as specified below: > > > > acl clients src 192.168.0.0/255.255.255.0 > > http_access allow clients > > > > But when I put this before: > > > > http_access allow password > > > > All the users within that range have access to the cache without > > authentication. > > > > I think that's not so difficult to get this work, but I don't see the > > solution at the moment. > > I hope you can help me. > > acl's can be combined so you do > > http_access allow clients password > > -- > There is only one war, and it's not the rich against the poor, > the blacks against the whites, the Federation against the Borg, > or the Democrats versus the Republicans. It's those of us who > aren't complete idiots against those of us who are.
Re: [squid-users] How to do? authentication and ip-range
"Sander Winkel" <[EMAIL PROTECTED]> writes: > I want to give only access to computers from an specified ip-range and the > users at that ip-range must be validated with radius authentication. > The radius authentication works well, but I don't know how to define that > only the specified IP-range have access to the server. > Oh yes, I know that it could as specified below: > > acl clients src 192.168.0.0/255.255.255.0 > http_access allow clients > > But when I put this before: > > http_access allow password > > All the users within that range have access to the cache without > authentication. > > I think that's not so difficult to get this work, but I don't see the > solution at the moment. > I hope you can help me. acl's can be combined so you do http_access allow clients password -- There is only one war, and it's not the rich against the poor, the blacks against the whites, the Federation against the Borg, or the Democrats versus the Republicans. It's those of us who aren't complete idiots against those of us who are.
[squid-users] How to do? authentication and ip-range
I want to give only access to computers from an specified ip-range and the users at that ip-range must be validated with radius authentication. The radius authentication works well, but I don't know how to define that only the specified IP-range have access to the server. Oh yes, I know that it could as specified below: acl clients src 192.168.0.0/255.255.255.0 http_access allow clients But when I put this before: http_access allow password All the users within that range have access to the cache without authentication. I think that's not so difficult to get this work, but I don't see the solution at the moment. I hope you can help me. Sander Winkel
Re: [squid-users] Only Caching!!! Without proxing !!
Dear Henrik, In the below examable as you told . Squid will wrk only proxy tech. but Is it possible to get the C's ip in A's server. Is there any parameter i hve to change in below case. Kindly help me henrik. Awaiting your reply regards velu A is hotmail server B is my local linux box C is client machine I am trying to access A(hotmail server) throu Squid Proxy running in B (linux box). In the above case in hotmail server log it is showing the Proxy B's ip is displaying I want the Client machine ip C should be display in the homtail maillog access. Can anyone help me in this regard. I have made the itables as below iptables -A PREROUTING -t NAT -p tcp --dport 80 -j REDIRECT --to-ports 3128 Can anyone suggest me free web tool to get interact with squid? Awaiting for your valuable repply Regards velu 1 Henrik Nordstrom1 > ons 2003-03-12 klockan 12.34 skrev TMurugavelu: >> Dear members , >> >> I want my linux box to work as Caching server rather then proxy. > > You can't have caching without proxying. > > The caching is a byproduct of proxying, not a function on it's own. > > -- > Henrik Nordstrom <[EMAIL PROTECTED]> > MARA Systems AB, Sweden
[squid-users] , in the URL
Hello everyone :-) Did in the past squid (version 2.4 of squid) have any problems (bugs) with URLs such as the following: http://site.com/tee/2003/mar/130303/foobar,property=Img.gif I am most concerned about the , (comma) in the URL as other URLs come without problems. many thanks in advance, Mihalis. HTML Email Considered Harmful: http://expita.com/nomime.html Please avoid sending Word, Excel or PowerPoint attachments.