Re: [squid-users] Still Fail to Authenticate
Aqil [EMAIL PROTECTED] writes: here is the content of my file1 : user1:Q9jp0EYusm5eo Is there someone out there who wants to kindfully try for me (with ncsa authentication scheme ? :) Seems fine to me. http-proxy-intern:/tmp# cat test.auth user1:Q9jp0EYusm5eo http-proxy-intern:/tmp# /usr/lib/squid/ncsa_auth ./test.auth user1 password4user1 OK -- A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing on usenet and in e-mail?
RE: [squid-users] Any security concerns to turn persistence connections off?
Hi, Any further documents that I am able to refer to? Such as how the performance is affected? What is the difference between server_persistent and client persistent? Regards, KT -Original Message- From: Henrik Nordstrom [mailto:[EMAIL PROTECTED] Sent: Thursday, June 19, 2003 3:08 PM To: Tan, Kian Tiong; '[EMAIL PROTECTED]' Subject: Re: [squid-users] Any security concerns to turn persistence connections off? On Thursday 19 June 2003 04.27, Tan, Kian Tiong wrote: Is there any concerns on configuring the following??: client_persistent_connections off server_persistent_connections off Only performance concerns. Regards Henrik -- Donations welcome if you consider my Free Squid support helpful. https://www.paypal.com/xclick/business=hno%40squid-cache.org If you need commercial Squid support or cost effective Squid or firewall appliances please refer to MARA Systems AB, Sweden http://www.marasystems.com/, [EMAIL PROTECTED]
[squid-users] squid using more bandwidth!!!
Dear Henrik/Ahmad once again i need your help regarding the bandwidth usage of squid.It is consuming more bandwidth than saving i doubt if it is saving anything. How i found that squid is using more bandwidth is mentioned below. I have a proxy server with about 50 users and it is connnected to squid with wccp. The ip address of my proxy server is 202.152.128.25 The ip address of my squid server is 202.152.128.2 When i check the ip accounting with a software called netflow i get the following results 202.152.128.2250Kb/s --when using squid+wccp v2 202.152.128.25170Kb/s--when using proxy server alone WITHOUT squid. The following is the http stats. current hits 199.0 req/min current requests 324.0 req/min i have 3 scsi driver 8 GB each and they are 50% full. so what is the fun using squid if it is consuming bandwidth rather saving, kindly do clear me. Regards Sukhjit
Re: [squid-users] Still Fail to Authenticate
--- Lieven Marchand [EMAIL PROTECTED] Seems fine to me. http-proxy-intern:/tmp# cat test.auth user1:Q9jp0EYusm5eo http-proxy-intern:/tmp# /usr/lib/squid/ncsa_auth ./test.auth user1 password4user1 OK Merci Lieven... Seems work with the command line for too now.. What I missed here is that I had to put the userid and the password with a space between them... But it still fails when I use browsers (for trial, I use mozilla and lynx).. Can you take a look in my squid.conf, and tell me where I miss something, please : Here is my squid.conf again : authenticate_program /usr/lib/squid/ncsa_auth home/aqil/file1 #so I am not using auth_param directive here, do you think it is a mistake ? acl myusers proxy_auth REQUIRED http_access allow myusers http_access deny all Or could someone show his squid.conf :) Every solution would be greatly appreciated regards aqil ___ Do You Yahoo!? -- Une adresse @yahoo.fr gratuite et en français ! Yahoo! Mail : http://fr.mail.yahoo.com
Re: [squid-users] Still Fail to Authenticate
--- Lieven Marchand [EMAIL PROTECTED] Seems fine to me. http-proxy-intern:/tmp# cat test.auth user1:Q9jp0EYusm5eo http-proxy-intern:/tmp# /usr/lib/squid/ncsa_auth ./test.auth user1 password4user1 OK Merci Lieven... Seems work with the command line for me too now.. What I missed here is that I had to put the userid and the password with a space between them... But it still fails when I use browsers (for trial, I use mozilla and lynx).. Can you take a look in my squid.conf, and tell me where I miss something, please : Here is my squid.conf again : authenticate_program /usr/lib/squid/ncsa_auth home/aqil/file1 #so I am not using auth_param directive here, do you think it is a mistake ? acl myusers proxy_auth REQUIRED http_access allow myusers http_access deny all Or could someone show his squid.conf :) Every solution would be greatly appreciated regards aqil ___ Do You Yahoo!? -- Une adresse @yahoo.fr gratuite et en français ! Yahoo! Mail : http://fr.mail.yahoo.com
Re: [squid-users] Howto Block Msn Messenger in Squid !!
Does it work with squid in transparent mode? Thank you in advance - Original Message - From: Justin Hennessy [EMAIL PROTECTED] To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Monday, June 23, 2003 1:51 AM Subject: Re: [squid-users] Howto Block Msn Messenger in Squid !! Hi Mahesh, I have just recently done this, I found though that blocking the IP was no good as the IP's change (and could change). The first thing you have to do is make sure that the users can't get directly out to the outside world (must use the proxy). Then I created and added the following lines in the squid.conf: acl MSN req_mime_type ^application/x-msn-messenger$ http_access deny MSN This identifies the MSN traffic and blocks it (works great, much to my users disgust *grin*). Justin Mahesh P [EMAIL PROTECTED] 22/06/2003 5:59:28 pm
Re: [squid-users] Any security concerns to turn persistence conne ctions off?
On Tuesday 24 June 2003 08.45, Tan, Kian Tiong wrote: Any further documents that I am able to refer to? The W3C HTTP Protocol group has several references to HTTP persistent connections research. Please note that the protocol which is used by most browsers is HTTP persistent connections with up to 4 parallell connections, so research results comparing 4 parallell HTTP/1.0 connections to one persistent HTTP/1.1 connection is not fair. Such as how the performance is affected? What is the difference between server_persistent and client persistent? The two different sides of the proxy. server: squid - webservers or peers client: clients - squid Regards Henrik
[squid-users] Re: squid-2.5.STABLE3 and cyrus-sasl-2.1.13
On Tuesday 24 June 2003 09.40, matthias.wolf wrote: './'`sasl_auth.c sasl_auth.c: In function `main` sasl_auth.c:59: warning: passing arg 6 of `sasl_server_new` from incompatible pointer type sasl_auth.c:59: too few arguments to function `sasl_server_new` sasl_auth.c:87: too many arguments to function `sasl_checkpass` the reason for that problem is still the md5.h -file (from squid!). have you any ideas? I am compiling Squid with OpenSSL. This makes a noticeable difference wrt MD5 and probably why it works here. Try using --with-openssl. Regards Henrik -- Donations welcome if you consider my Free Squid support helpful. https://www.paypal.com/xclick/business=hno%40squid-cache.org If you need commercial Squid support or cost effective Squid or firewall appliances please refer to MARA Systems AB, Sweden http://www.marasystems.com/, [EMAIL PROTECTED]
Re: [squid-users] squid using more bandwidth!!!
--- Sukhjit Singh [EMAIL PROTECTED] a écrit : The following is the http stats. current hits 199.0 req/min current requests 324.0 req/min Sorry, this is not to answer ... How do you make your measurements of your current hits and current requests ? ___ Do You Yahoo!? -- Une adresse @yahoo.fr gratuite et en français ! Yahoo! Mail : http://fr.mail.yahoo.com
[squid-users] time format in access.log
Dear list, is it possible to change the time format from 1056382600.241 for example to normal time and date format? Thanks in advance Tom
[squid-users] FTP firewall
Hi there friends, I need your kind advice to help me solve my problem with firewalls. We are a small company developing database solutions using a program called FileMaker Pro (http://www.filemaker.com/) We have bought a plugin for our system which is called FTPit. It is used to transfer files from the computer where the Filemaker Pro system is running, to a remote ftp server. The solution works perfectly for computers connected to the internet directly. Recently we got a new client who has got an array of computers which connects to the internet through the server where the Squid firewall is running. We have a Windows 2000 server OS running on our server computer. I want to install the Squid in the server here to test my client's scenario here. I have the following questions to ask: Is that possible the Squid can run in this windows server? How to install the Squid in the server. Do we have a normal setup program? In my filemaker plugin FTPit, they have not provided any special functions to connect to the FTP firewall servers. Instead they have got a single function. Using that function we can send core FTP commands to the server. But I do not have knowledge of these FTP commands specifically for Squid FTP firewall prgram. If you have samples of these FTP commands, please share with me that will of great help me. Your help in this will be highly appreciated. Thanks a lot. Best Regards, Hameed Pilot simple.software tel: 852 2810 1110 fax: 852 2869 1622
Re: [squid-users] squid using more bandwidth!!!
Sukhjit, I had told you before that, You can check in cachemgr or mrtg byte hit ratio, this is what you are saving in bandwidth. Respected Henrik, already have told you some tips to save a little bandwidth quick_abort_max set to 0 and also quick_abrot_min set to 0 KB. But I think it is not the problem. Can you let us know in which enviornment you are using squid ISP or Software house. What about request/sec.. onething more if you have single cache then no need to use wccp you can use simple redirect (route map). no need to put extra load on router and cache for capsulating and deccaps packets. Onething more you will have to put an ACL for your IPs. someone can use your squid minor mistake :) can be.. Keep eyes on access.log and cache.log -- Best Regs, Masood Ahmad Shah System Administrator ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ | * * * * * * * * * * * * * * * * * * * * * * * * | Fibre Net (Pvt) Ltd. Lahore, Pakistan | Tel: +92-42-6677024 | Mobile: +92-300-4277367 | http://www.fibre.net.pk | * * * * * * * * * * * * * * * * * * * * * * * * ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie) All I want is a few minutes alone with the source code for the universe and a quick recompile. - Original Message - From: Sukhjit Singh [EMAIL PROTECTED] To: Ahmad Masood Shah [EMAIL PROTECTED]; [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Tuesday, June 24, 2003 12:16 PM Subject: [squid-users] squid using more bandwidth!!! Dear Henrik/Ahmad once again i need your help regarding the bandwidth usage of squid.It is consuming more bandwidth than saving i doubt if it is saving anything. How i found that squid is using more bandwidth is mentioned below. I have a proxy server with about 50 users and it is connnected to squid with wccp. The ip address of my proxy server is 202.152.128.25 The ip address of my squid server is 202.152.128.2 When i check the ip accounting with a software called netflow i get the following results 202.152.128.2250Kb/s --when using squid+wccp v2 202.152.128.25170Kb/s--when using proxy server alone WITHOUT squid. The following is the http stats. current hits 199.0 req/min current requests 324.0 req/min i have 3 scsi driver 8 GB each and they are 50% full. so what is the fun using squid if it is consuming bandwidth rather saving, kindly do clear me. Regards Sukhjit
Re: [squid-users] FTP firewall
Hameed, If don't know about squid, I will refer you too visit www.squid-cache.org. Squid is http based cache and proxy server. Squid have http based ftp support but did not support native ftp. For this you will have to redirect yoru traffic via firewall to direct internet instead using squid. I will suggest better to use squid on UNIX flavoure OS instead using Windows OS. -- Best Regs, Masood Ahmad Shah System Administrator ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ | * * * * * * * * * * * * * * * * * * * * * * * * | Fibre Net (Pvt) Ltd. Lahore, Pakistan | Tel: +92-42-6677024 | Mobile: +92-300-4277367 | http://www.fibre.net.pk | * * * * * * * * * * * * * * * * * * * * * * * * ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie) Hameed said: Hi there friends, I need your kind advice to help me solve my problem with firewalls. We are a small company developing database solutions using a program called FileMaker Pro (http://www.filemaker.com/) We have bought a plugin for our system which is called FTPit. It is used to transfer files from the computer where the Filemaker Pro system is running, to a remote ftp server. The solution works perfectly for computers connected to the internet directly. Recently we got a new client who has got an array of computers which connects to the internet through the server where the Squid firewall is running. We have a Windows 2000 server OS running on our server computer. I want to install the Squid in the server here to test my client's scenario here. I have the following questions to ask: Is that possible the Squid can run in this windows server? How to install the Squid in the server. Do we have a normal setup program? In my filemaker plugin FTPit, they have not provided any special functions to connect to the FTP firewall servers. Instead they have got a single function. Using that function we can send core FTP commands to the server. But I do not have knowledge of these FTP commands specifically for Squid FTP firewall prgram. If you have samples of these FTP commands, please share with me that will of great help me. Your help in this will be highly appreciated. Thanks a lot. Best Regards, Hameed Pilot simple.software tel: 852 2810 1110 fax: 852 2869 1622 - This email was sent using Fibre Net (Internet Services Provider) Webmail ! http://www.fibre.net.pk/
Re: [squid-users] redirector_access usage
On Tuesday 24 June 2003 04.17, Jay Turner wrote: i.e. I add a 'Staff' member to 'block' and they lose access (correct), then I remove them from 'block' to re-instate access and then I find that the Staff member now gets passed through to the redirector rather than bypassing it. This should be dependent on the ttl setting only, but maybe winbind also have cached group memberships for the user.. Try runnig the wb_group helper interactively to see if it reacts properly to group changes. Regards Henrik -- Donations welcome if you consider my Free Squid support helpful. https://www.paypal.com/xclick/business=hno%40squid-cache.org If you need commercial Squid support or cost effective Squid or firewall appliances please refer to MARA Systems AB, Sweden http://www.marasystems.com/, [EMAIL PROTECTED]
Re: [squid-users] FTP firewall
Hameed [EMAIL PROTECTED] wrote: We have bought a plugin for our system which is called FTPit. It is used to transfer files from the computer where the Filemaker Pro system is running, to a remote ftp server. The solution works perfectly for computers connected to the internet directly. Recently we got a new client who has got an array of computers which connects to the internet through the server where the Squid firewall is running. Squid is not a firewall nor a FTP proxy. It is 'just' a HTTP proxy. Your customer needs either a real FTP proxy (e.g. http://www.suse.de/en/whitepapers/proxy_suite/) or they must open up their firewall to let internal clients go out directly for FTP traffic. We have a Windows 2000 server OS running on our server computer. I want to install the Squid in the server here to test my client's scenario here. I have the following questions to ask: Is that possible the Squid can run in this windows server? Yes, but this will buy you nothing - see above. Cheers, Juri -- Juri Haberland [EMAIL PROTECTED]
Re: [squid-users] Access Control File
On Tuesday 24 June 2003 07.21, Li Wei wrote: hi, all I'm trying to define a specific file as acl source other than a sting For example: acl AUTH_IPs src /usr/local/squid/ip while the format of /usr/local/squid/ip file like following 172.16.8.2/255.255.255.128 This is not a valid address specification. The above specifies a network, but the host component of the network is not zero... Squid will complain on this. does not matter if specified inline or in a separate file. I think you want to specify a single IP address, not a whole network. In such case use the following syntax: 172.16.8.2 Regards Henrik -- Donations welcome if you consider my Free Squid support helpful. https://www.paypal.com/xclick/business=hno%40squid-cache.org If you need commercial Squid support or cost effective Squid or firewall appliances please refer to MARA Systems AB, Sweden http://www.marasystems.com/, [EMAIL PROTECTED]
Re: [squid-users] snmp woes
On Tuesday 24 June 2003 03.30, Andrew Thomson wrote: But when I run the following: snmpwalk -c public proxy1:3401 snmpwalk: Timeout There is two issues here: a: Some versions of snmpwalk defaults to SNMPv3, while Squid SNMP implementation is a bit older... try specifying the use of SNMPv1 to snmpwalk. b: You have not specified a startingpoint where snmpwalk should start. As the Squid MIB is outside the standard public MIB-2 MIB it won't be found by snmpwalk unless told to start within or above the location of the Squid MIB.. see the Squid FAQ and the snmpwalk documentation. MIB-2 SMI: iso.org.dod.internet.mgmt.mib-2 (1.3.6.1.2.1) Squid: iso.org.dod.internet.private.enterprices.nlanr.squid (1.3.6.1.4.1.3495.1) Regards Henrik -- Donations welcome if you consider my Free Squid support helpful. https://www.paypal.com/xclick/business=hno%40squid-cache.org If you need commercial Squid support or cost effective Squid or firewall appliances please refer to MARA Systems AB, Sweden http://www.marasystems.com/, [EMAIL PROTECTED]
Re: [squid-users] time format in access.log
On Tuesday 24 June 2003 10.33, Mueller, Thomas wrote: is it possible to change the time format from 1056382600.241 for example to normal time and date format? You can switch to common log format, or use the custom log format patch available from http://devel.squid-cache.org/customlog/ Regards Henrik -- Donations welcome if you consider my Free Squid support helpful. https://www.paypal.com/xclick/business=hno%40squid-cache.org If you need commercial Squid support or cost effective Squid or firewall appliances please refer to MARA Systems AB, Sweden http://www.marasystems.com/, [EMAIL PROTECTED]
AW: [squid-users] time format in access.log
Is this alss possible in this Version: Version 2.3.STABLE4-hno.CVS or only in 2.5? Thanks for you fast response help. Thomas -Ursprüngliche Nachricht- Von: Henrik Nordstrom [mailto:[EMAIL PROTECTED] Gesendet: Dienstag, 24. Juni 2003 11:13 An: Mueller, Thomas; [EMAIL PROTECTED] Betreff: Re: [squid-users] time format in access.log On Tuesday 24 June 2003 10.33, Mueller, Thomas wrote: is it possible to change the time format from 1056382600.241 for example to normal time and date format? You can switch to common log format, or use the custom log format patch available from http://devel.squid-cache.org/customlog/ Regards Henrik -- Donations welcome if you consider my Free Squid support helpful. https://www.paypal.com/xclick/business=hno%40squid-cache.org If you need commercial Squid support or cost effective Squid or firewall appliances please refer to MARA Systems AB, Sweden http://www.marasystems.com/, [EMAIL PROTECTED]
[squid-users] URL is VERY slow via SQUID
Hello, have a problem with this URL: www.soqrates.de When accessing it directly, without squid, it is fast as every other site. but when opening it via squid, it takes MINUTES(!). All other urls are working fast as usual. I have a SQUID 2.5STABLE3 and a 2.4STABLE6, both with the same effect. Kind regrads Stefan Vogel
Re: [squid-users] URL is VERY slow via SQUID
* [EMAIL PROTECTED] [EMAIL PROTECTED]: have a problem with this URL: www.soqrates.de When accessing it directly, without squid, it is fast as every other site. but when opening it via squid, it takes MINUTES(!). All other urls are working fast as usual. I have a SQUID 2.5STABLE3 and a 2.4STABLE6, both with the same effect. Works like a charm here. probably a DNS problem -- Ralf Hildebrandt (Im Auftrag des Referat V a) [EMAIL PROTECTED] Charite Campus MitteTel. +49 (0)30-450 570-155 Referat V a - Kommunikationsnetze - Fax. +49 (0)30-450 570-916 AIM: ralfpostfix
[squid-users] Detected DEAD/REVIVED Parent
My cache log always shown : 2003/06/24 14:49:19| Detected DEAD Parent: 192.168.10.4/8080/3130 2003/06/24 14:51:51| Detected REVIVED Parent: 192.168.10.4/8080/3130 2003/06/24 14:52:55| Detected DEAD Parent: 192.168.10.4/8080/3130 2003/06/24 14:55:18| Detected REVIVED Parent: 192.168.10.4/8080/3130 After Detected DEAD Parent next minutes then Detected REVIVED Parent within 1 hour it's happened 1-5 times. My question: 1. It's normal have this messages ? 2. it's will slowdown the squid performance ? 3. how to fix it. Thanks friend, Suhadi
Re: [squid-users] URL is VERY slow via SQUID
Not likely, if I try to browse the url from the SQUID-Machine itself, but do not use the squid, the page opens very fast. Also if I use our old (very old) Netscape Proxyserver3.5, it is also very fast. Bopth machines (Netscape and Squid) have the same nameresoloution. Regards Stefan Ralf Hildebrandt Ralf.Hildebrandt @charite.de To [EMAIL PROTECTED] 24.06.2003 11:53 cc Subject Re: [squid-users] URL is VERY slow via SQUID * [EMAIL PROTECTED] [EMAIL PROTECTED]: have a problem with this URL: www.soqrates.de When accessing it directly, without squid, it is fast as every other site. but when opening it via squid, it takes MINUTES(!). All other urls are working fast as usual. I have a SQUID 2.5STABLE3 and a 2.4STABLE6, both with the same effect. Works like a charm here. probably a DNS problem -- Ralf Hildebrandt (Im Auftrag des Referat V a) [EMAIL PROTECTED] Charite Campus MitteTel. +49 (0)30-450 570-155 Referat V a - Kommunikationsnetze - Fax. +49 (0)30-450 570-916 AIM: ralfpostfix
[squid-users] -- SNMP x Cachemanager
Hello, I am making some working with rrdtool here, and got something strange. I am getting data with SNMP, and two of them (CPU Usage, in percent and Memory Utilization), have somthing wrong. 1) If I go to Cache Manager-General Runtime Information, I get there: CPU Usage:1.20% But since SNMP OID is an Integer32, it gets me only 1% : NAME: cacheCpuUsage OID: 1.3.6.1.4.1.3495.1.3.1.5 SYNTAX: Integer32 MAX-ACCESS: read-only STATUS: current DESCRIPTION: The percentage use of the CPU Aren´t there some way to make SNMP inform those 1.20% And also, in TOP we have: PID USERNAME PRI NICE SIZERES STATETIME WCPU CPU COMMAND 451 www 960 62136K 57420K RUN262:48 7.42% 7.42% squid Why this diference ??? 1% to 7 % ?? 2) In SNMP we have : NAME: cacheMemUsage OID: 1.3.6.1.4.1.3495.1.3.1.3 SYNTAX: Integer32 MAX-ACCESS: read-only STATUS: current DESCRIPTION: Total memory accounted for KB and NAME: cacheMaxResSize OID: 1.3.6.1.4.1.3495.1.3.1.6 SYNTAX: Integer32 MAX-ACCESS: read-only STATUS: current DESCRIPTION: Maximum Resident Size in KB And in TOP we have PID USERNAME PRI NICE SIZERES STATETIME WCPU CPU COMMAND 451 www 960 62136K 57420K RUN262:48 7.42% 7 42% squid I´d like to count the total memory SQUID is using, but cacheMemUsage returns only 24Mb, and cacheMaxResSize gives those 57Mb... Thanks for any help Alex C. B. Antão Analista de Sistemas e Suporte ICQ: 5144629http://motoviagens.pagina.de http://e-modelismo.pagina.de Um bom pouso é aquele do qual você sai caminhando. Um ótimo pouso é aquele depois do qual você pode usar o avião novamente.
Re: AW: [squid-users] time format in access.log
tis 2003-06-24 klockan 11.22 skrev Mueller, Thomas: Is this alss possible in this Version: Version 2.3.STABLE4-hno.CVS or only in 2.5? The Squid-2.3-hno tree is obsolete and should not be used any longer, in fact it should never been used in production as the patch set has never been verified (http://devel.squid-cache.org/hno/patches-2.3.html and http://devel.squid-cache.org/hno/). These patches was maintained while merging my changes into the main Squid source tree, not as a stable release. I would strongly advice upgrading to Squid-2.5. Squid-2.5 has all the important features of the now obsolete Squid-2.3-hno tree, and in addition countless other improvements and bugfixes. You may or may not be able to apply the customlog patch to Squid-2.3, I do not know, and have no intention of finding out. Squid-2.3 is a closed chapter in the Squid history. The option to use common log format exists in all Squid-2.X versions. Regards Henrik -- Donations welcome if you consider my Free Squid support helpful. https://www.paypal.com/xclick/business=hno%40squid-cache.org Please consult the Squid FAQ and other available documentation before asking Squid questions, and use the squid-users mailing-list when no answer can be found. Private support questions is only answered for a fee or as part of a commercial Squid support contract. If you need commercial Squid support or cost effective Squid and firewall appliances please refer to MARA Systems AB, Sweden http://www.marasystems.com/, [EMAIL PROTECTED]
[squid-users] Re: AW: squid-2.5.STABLE3 and cyrus-sasl-2.1.13
tis 2003-06-24 klockan 11.54 skrev matthias.wolf: hi henrik, i changed my config options: #env CFLAGS=-I/usr/local/include/sasl LDFLAGS=-L/usr/local/lib/sasl2 ./configure --prefix=/usr/local/squid --enable-basic-auth-helpers=SASL --with-openssl=/usr/local/openssl but it won't work. i'm using freebsd 4.7 with linux binary mode. are there any more options? You may need to run make distclean before running configure if you have already configured the source tree once. Regards Henrik -- Donations welcome if you consider my Free Squid support helpful. https://www.paypal.com/xclick/business=hno%40squid-cache.org Please consult the Squid FAQ and other available documentation before asking Squid questions, and use the squid-users mailing-list when no answer can be found. Private support questions is only answered for a fee or as part of a commercial Squid support contract. If you need commercial Squid support or cost effective Squid and firewall appliances please refer to MARA Systems AB, Sweden http://www.marasystems.com/, [EMAIL PROTECTED]
Res: RE: [squid-users] problem with BIG passwords
Hello, guys, Any news about that problem with passwords above 15 caracteres that squid cannot authenticate ??? Thanks ---Mensagem original--- De: Rick Matthews Data: quarta-feira, 18 de junho de 2003 14:24:53 Para: Alex Carlos Braga Antão Assunto: RE: [squid-users] problem with BIG passwords Alex Carlos Braga Antão wrote: Let me ask again no answers on last question Hello all, I got a problem here recently. My squid is authenticating all users with NTLM_AUTH and BASIC SMB_AUTH. Everythig works correctly, but a user has a password very big, and it´s IE keeps asking for his password. If a put my user, I can browse, but squid does not authenticate him becaouse of his big password. When he changed the password for on little, it worked. OK, I'll ask the question: How big is it? 14 characters long or 14 billion characters long? .
Re: [squid-users] Squid + ICAP
tis 2003-06-24 klockan 17.06 skrev Chijioke Kalu: has anyone successfully infused Squid and ICAP?, having a hair breaking experience and need some assistance. The ICAP client for Squid is still a bit immature, but at least some basic functions do work. How far have you got? Regards Henrik -- Donations welcome if you consider my Free Squid support helpful. https://www.paypal.com/xclick/business=hno%40squid-cache.org Please consult the Squid FAQ and other available documentation before asking Squid questions, and use the squid-users mailing-list when no answer can be found. Private support questions is only answered for a fee or as part of a commercial Squid support contract. If you need commercial Squid support or cost effective Squid and firewall appliances please refer to MARA Systems AB, Sweden http://www.marasystems.com/, [EMAIL PROTECTED]
Re: [squid-users] My ignorance or Squid lack this?
tis 2003-06-24 klockan 15.31 skrev Mohsin Khan: Well question is, is there any way to terminate that download session, without effecting the rest of the clients browsing. Wingate have this functioanlity and i really feel that squid need to have this. So is there any ? Not really. You can restart Squid, which will break all current download sessions. Regards Henrik -- Donations welcome if you consider my Free Squid support helpful. https://www.paypal.com/xclick/business=hno%40squid-cache.org Please consult the Squid FAQ and other available documentation before asking Squid questions, and use the squid-users mailing-list when no answer can be found. Private support questions is only answered for a fee or as part of a commercial Squid support contract. If you need commercial Squid support or cost effective Squid and firewall appliances please refer to MARA Systems AB, Sweden http://www.marasystems.com/, [EMAIL PROTECTED]
Re: [squid-users] problem with BIG passwords
tis 2003-06-24 klockan 14.35 skrev Alex Carlos Braga Antão: It´s independent on which authenticator I use. Now I use NTLM AUTH and BASIC SMB auth. If the user has a 15 carac. password or more, he cannot log into squid to browse... squid keeps asking for his password There is a limit in the total length of login:password to 63 characters in Squid-2.5. Other than this there is no limit on the password length. So if your login name is 47 characters long then the password will indeed be limited to 15 characters. Smaller logins allow for larger passwords. I would guess it is the authenticator helper or backend user database you use who is the culprit. Have you tried running the authenticators manually? -- Donations welcome if you consider my Free Squid support helpful. https://www.paypal.com/xclick/business=hno%40squid-cache.org Please consult the Squid FAQ and other available documentation before asking Squid questions, and use the squid-users mailing-list when no answer can be found. Private support questions is only answered for a fee or as part of a commercial Squid support contract. If you need commercial Squid support or cost effective Squid and firewall appliances please refer to MARA Systems AB, Sweden http://www.marasystems.com/, [EMAIL PROTECTED]
[squid-users] squid_ldap_group
I am trying to set up internet user access via ldap authentication and squid. I have set up 2 groups in an ldap server one called test-allow one called test-deny . Each group has one test user in it. The ldap server is a Windows box. My test squid proxy is a Solaris 8 box. My squid.conf on the Solaris box reads: auth_param basic program /usr/local/squid/libexec/squid_ldap_auth -b DC=vcn,DC=ds,DC=volvo,DC=net -f uid=%s -D cn=inetaccess01,ou=Service Accounts,ou=gso,ou=it,DC=vcn,DC=ds,DC=volvo,DC=net -w password -h ldapserver auth_param basic children 5 auth_param basic realm squidbox proxy-caching web server auth_param basic credentialsttl 2 hours acl ldapauth proxy_auth REQUIRED http_access allow ldapauth external_acl_type inetaccess01 %LOGIN /usr/local/squid/libexec/squid_ldap_group -b DC=vcn,DC=ds,DC=volvo,DC=net -f ((uid=%v)(cn=%a)) -D inetaccess01 -w password -h ldapserver acl test-allow external inetaccess01 Testing http_access allow test-allow I get the following errors in the cache.log 2003/06/24 12:03:19| helperOpenServers: Starting 5 'squid_ldap_auth' processes 2003/06/24 12:03:21| helperOpenServers: Starting 5 'squid_ldap_group' processes 2003/06/24 12:03:21| Accepting HTTP connections at 0.0.0.0, port 80, FD 8. 2003/06/24 12:03:21| WCCP Disabled. 2003/06/24 12:03:21| Loaded Icons. 2003/06/24 12:03:21| Ready to serve requests. squid_ldap_auth: WARNING, LDAP search error 'Timelimit exceeded' squid_ldap_auth: WARNING, LDAP search error 'Timelimit exceeded' squid_ldap_auth: WARNING, LDAP search error 'Timelimit exceeded' Anyone got any ideas of what I am doing wrong? squid_ldap_match doesnt seem to help me much. Regards John Clark
Res: Re: [squid-users] problem with BIG passwords
Henrik, Running the smb_auth manually works perfectly. The combination of login:password does not pass 30 caracters. There´s no database to authenticate, I run ntlm_auth and smb-auth Thanks Alex C. B. Antão Analista de Sistemas e Suporte ICQ: 5144629http://motoviagens.pagina.de http://e-modelismo.pagina.de Um bom pouso é aquele do qual você sai caminhando. Um ótimo pouso é aquele depois do qual você pode usar o avião novamente. ---Mensagem original--- De: Henrik Nordstrom Data: terça-feira, 24 de junho de 2003 13:24:52 Para: Alex Carlos Braga Antão Cc: [EMAIL PROTECTED] Assunto: Re: [squid-users] problem with BIG passwords tis 2003-06-24 klockan 14.35 skrev Alex Carlos Braga Antão: It´s independent on which authenticator I use. Now I use NTLM AUTH and BASIC SMB auth. If the user has a 15 carac. password or more, he cannot log into squid to browse... squid keeps asking for his password There is a limit in the total length of login:password to 63 characters in Squid-2.5. Other than this there is no limit on the password length. So if your login name is 47 characters long then the password will indeed be limited to 15 characters. Smaller logins allow for larger passwords. I would guess it is the authenticator helper or backend user database you use who is the culprit. Have you tried running the authenticators manually? -- Donations welcome if you consider my Free Squid support helpful. https://www.paypal.com/xclick/business=hno%40squid-cache.org Please consult the Squid FAQ and other available documentation before asking Squid questions, and use the squid-users mailing-list when no answer can be found. Private support questions is only answered for a fee or as part of a commercial Squid support contract. If you need commercial Squid support or cost effective Squid and firewall appliances please refer to MARA Systems AB, Sweden http://www.marasystems.com/, [EMAIL PROTECTED] .
Re: [squid-users] logging of user agents
Frank Neumann wrote: Hi folks, which patch should I use to get the user agent logged in access.log? What are your recommendations and experiences? Target will be squid 2.5. By your command, excerpt from squid.conf.default : # TAG: useragent_log # Note: This option is only available if Squid is rebuilt with the # --enable-useragent-log option # # Squid will write the User-Agent field from HTTP requests # to the filename specified here. By default useragent_log # is disabled. # #Default: # none 'Reading the world will always give ultimate wisdom. (PraghaKhan,India Baipur 1642)
Re: Res: RE: [squid-users] problem with BIG passwords
On Tue, 2003-06-24 at 07:30, Lieven Marchand wrote: Alex Carlos Braga Ant?o [EMAIL PROTECTED] writes: Any news about that problem with passwords above 15 caracteres that squid cannot authenticate ??? ncsa authentication ignores everything after the first 8 characters, just like the classic unix passwd. I think I remember (could be wrong, here) that our old NT4 PDC had limits of 14 characters in the password. Is it a limit for NTLM?
Res: Re: Res: RE: [squid-users] problem with BIG passwords
Stephen, I have a DC with AD native Mode here, not a NT4, and the problem also happens with smb_auth, because I cannot login even with smb_auth, but manually it gives me OK. It seems squid cannot read big passwords, or it passes them with limitation to the helper... Alex C. B. Antão Analista de Sistemas e Suporte ICQ: 5144629http://motoviagens.pagina.de http://e-modelismo.pagina.de Um bom pouso é aquele do qual você sai caminhando. Um ótimo pouso é aquele depois do qual você pode usar o avião novamente. ---Mensagem original--- De: Stephen J. McCracken Data: terça-feira, 24 de junho de 2003 14:32:29 Para: [EMAIL PROTECTED] Cc: Alex Carlos Braga Ant?o Assunto: Re: Res: RE: [squid-users] problem with BIG passwords On Tue, 2003-06-24 at 07:30, Lieven Marchand wrote: Alex Carlos Braga Ant?o [EMAIL PROTECTED] writes: Any news about that problem with passwords above 15 caracteres that squid cannot authenticate ??? ncsa authentication ignores everything after the first 8 characters, just like the classic unix passwd. I think I remember (could be wrong, here) that our old NT4 PDC had limits of 14 characters in the password. Is it a limit for NTLM? .
Re: [squid-users] logging of user agents
On Tuesday 24 June 2003 18.41, Frank Neumann wrote: Hi folks, which patch should I use to get the user agent logged in access.log? What are your recommendations and experiences? Target will be squid 2.5. I would recommend trying the long awaited customlog patch just released. Gives you powers close (if not better) to that of the apache CustomLog directive, and allows you to automatically split/select what is logged were (or not). http://devel.squid-cache.org/customlog/ It is a little bigger than the other patches, but is a preview of what will be available in a later Squid release in terms of log style. Regards Henrik -- Donations welcome if you consider my Free Squid support helpful. https://www.paypal.com/xclick/business=hno%40squid-cache.org If you need commercial Squid support or cost effective Squid or firewall appliances please refer to MARA Systems AB, Sweden http://www.marasystems.com/, [EMAIL PROTECTED]
Re: Res: Re: [squid-users] problem with BIG passwords
On Tuesday 24 June 2003 19.03, Alex Carlos Braga Antão wrote: Henrik, Running the smb_auth manually works perfectly. The combination of login:password does not pass 30 caracters. There´s no database to authenticate, I run ntlm_auth and smb-auth Thanks You cannot run ntlm_auth or smb_auth without a user database.. the database in question used by these helpers is your NT domain. NT domain authentication does have a magic limit at 15 characters for LM passwords I think. Only NT passwords can be longer. Both the smb_auth and ntlm_auth is using LM style authentication to the domain. Regards Henrik -- Donations welcome if you consider my Free Squid support helpful. https://www.paypal.com/xclick/business=hno%40squid-cache.org If you need commercial Squid support or cost effective Squid or firewall appliances please refer to MARA Systems AB, Sweden http://www.marasystems.com/, [EMAIL PROTECTED]
Re: [squid-users] My ignorance or Squid lack this?
Well, my feeling is you should talk to your user and explain him why sucking at 2 Mb/s is bad would help much more than relying on technical solutions.
Re: [squid-users] squid using more bandwidth!!!
Dear Ahmad, i am using squid in an ISP invironment, The squid is getting the following number of requests according to mrtg. Max HTTP requests 406.0 req/min Average HTTP requests 152.0 req/min Current HTTP requests 32.0 req/min according to cachemgr Byte Hit Ratios:5min: 12.1%, 60min: 10.6% according to mrtg the cache stats of # hits Max Hostname-to-Address Hits 129.2 k (25.8%) Average Hostname-to-Address Hits 39.3 k (7.9%) Current Hostname-to-Address Hits 96.1 k I will not be able to use cache without wccp there are some network limitations here. Regards Sukhjit Singh Network Administrator Emmsons Infotech Ltd. SCO 13-14-15, Sec 34A, Chandigarh-160 022 (Ph): +91 172 606664 Mobile 9815228132 [EMAIL PROTECTED] http://www.emmtel.com - Original Message - From: Ahmad Masood Shah [EMAIL PROTECTED] To: Sukhjit Singh [EMAIL PROTECTED]; squid list [EMAIL PROTECTED]; Henrik Nordstrom [EMAIL PROTECTED] Sent: Tuesday, June 24, 2003 2:11 PM Subject: Re: [squid-users] squid using more bandwidth!!! Sukhjit, I had told you before that, You can check in cachemgr or mrtg byte hit ratio, this is what you are saving in bandwidth. Respected Henrik, already have told you some tips to save a little bandwidth quick_abort_max set to 0 and also quick_abrot_min set to 0 KB. But I think it is not the problem. Can you let us know in which enviornment you are using squid ISP or Software house. What about request/sec.. onething more if you have single cache then no need to use wccp you can use simple redirect (route map). no need to put extra load on router and cache for capsulating and deccaps packets. Onething more you will have to put an ACL for your IPs. someone can use your squid minor mistake :) can be.. Keep eyes on access.log and cache.log -- Best Regs, Masood Ahmad Shah System Administrator ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ | * * * * * * * * * * * * * * * * * * * * * * * * | Fibre Net (Pvt) Ltd. Lahore, Pakistan | Tel: +92-42-6677024 | Mobile: +92-300-4277367 | http://www.fibre.net.pk | * * * * * * * * * * * * * * * * * * * * * * * * ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie) All I want is a few minutes alone with the source code for the universe and a quick recompile. - Original Message - From: Sukhjit Singh [EMAIL PROTECTED] To: Ahmad Masood Shah [EMAIL PROTECTED]; [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Tuesday, June 24, 2003 12:16 PM Subject: [squid-users] squid using more bandwidth!!! Dear Henrik/Ahmad once again i need your help regarding the bandwidth usage of squid.It is consuming more bandwidth than saving i doubt if it is saving anything. How i found that squid is using more bandwidth is mentioned below. I have a proxy server with about 50 users and it is connnected to squid with wccp. The ip address of my proxy server is 202.152.128.25 The ip address of my squid server is 202.152.128.2 When i check the ip accounting with a software called netflow i get the following results 202.152.128.2250Kb/s --when using squid+wccp v2 202.152.128.25170Kb/s--when using proxy server alone WITHOUT squid. The following is the http stats. current hits 199.0 req/min current requests 324.0 req/min i have 3 scsi driver 8 GB each and they are 50% full. so what is the fun using squid if it is consuming bandwidth rather saving, kindly do clear me. Regards Sukhjit
RE: [squid-users] redirector_access usage
I have spent a few more hours this morning testing this more thoroughly.
This time I was making no changes to any of my NT Global Groups I just
surfed the web seeing how often I would be correctly blocked from accessing
a site. The results were very bad.
Maybe 1 in 5 requests were being sent to the redirector by the
redirector_access rule. I'm unsure if I am doing anything wrong, or if it is
the combination of redirector_access and wb_groups not getting along.
All I know is I will be unable to use this in a production environment.
I'd log a bug, but I don't really know what to say or be able to provide any
concrete evidence (except for what I have supplied below)... All I can say
is this feature may need reviewing sometime in the future.
Again here were my ACL's/access rules:
acl FilteredUsers external NTGroups /etc/squid/ntgroups-filtered
acl UnfilteredUsers external NTGroups /etc/squid/ntgroups-unfiltered
acl BlockedUsers external NTGroups /etc/squid/ntgroups-blocked
acl AuthorizedUsers proxy_auth REQUIRED
redirector_access allow AuthorizedUsers FilteredUsers
http_access deny AuthorizedUsers BlockedUsers
http_access allow AuthorizedUsers FilteredUsers
http_access allow AuthorizedUsers UnfilteredUsers
cache.log - debug 61,9
2003/06/25 10:31:19| redirectStart: 'http://www.porn.com/'
2003/06/25 10:31:20| redirectStart: 'http://www.porn.com/images2/back.gif'
2003/06/25 10:31:20| redirectStart: 'http://www.porn.com/images2/spacer.gif'
2003/06/25 10:31:20| redirectStart: 'http://www.porn.com/images2/p_top.jpg'
2003/06/25 10:31:21| redirectStart:
'http://www.porn.com/images2/today_top.gif'
2003/06/25 10:31:21| redirectStart: 'http://www.porn.com/images2/baba.gif'
2003/06/25 10:31:21| redirectHandleRead:
{http://10.20.10.225/vw/denied.php?client=10.20.10.122user=
domain\jturnerurl=http://www.porn.com/images2/baba.gif 10.20.10.122/-
domain\jturner GET}
2003/06/25 10:31:21| redirectStart: 'http://www.porn.com/images2/1.gif'
2003/06/25 10:31:21| redirectStart: 'http://www.porn.com/images2/light.gif'
2003/06/25 10:31:21| redirectHandleRead:
{http://10.20.10.225/vw/denied.php?client=10.20.10.122user=
domain\jturnerurl=http://www.porn.com/images2/light.gif 10.20.10.122/-
domain\jturner GET}
As you can see only 2 of the 10 requests were sent to the redirector. When
they did go, they were correctly blocked.
Thanks for your time
Jay
-Original Message-
From: Henrik Nordstrom [mailto:[EMAIL PROTECTED]
Sent: Tuesday, 24 June 2003 4:49 PM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Re: [squid-users] redirector_access usage
On Tuesday 24 June 2003 04.17, Jay Turner wrote:
i.e. I add a 'Staff' member to 'block' and they lose access
(correct), then I remove them from 'block' to re-instate access and
then I find that the Staff member now gets passed through to the
redirector rather than bypassing it.
This should be dependent on the ttl setting only, but maybe winbind
also have cached group memberships for the user..
Try runnig the wb_group helper interactively to see if it reacts
properly to group changes.
Regards
Henrik
--
Donations welcome if you consider my Free Squid support helpful.
https://www.paypal.com/xclick/business=hno%40squid-cache.org
If you need commercial Squid support or cost effective Squid or
firewall appliances please refer to MARA Systems AB, Sweden
http://www.marasystems.com/, [EMAIL PROTECTED]
Re: [squid-users] Howto Block Msn Messenger in Squid !!
I am afraid I am not sure. I haven't setup a transparent proxy before. On that, could you point me to some good doco to help with do this. Thanks. alberto [EMAIL PROTECTED] 24/06/2003 5:52:08 pm Does it work with squid in transparent mode? Thank you in advance - Original Message - From: Justin Hennessy [EMAIL PROTECTED] To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Monday, June 23, 2003 1:51 AM Subject: Re: [squid-users] Howto Block Msn Messenger in Squid !! Hi Mahesh, I have just recently done this, I found though that blocking the IP was no good as the IP's change (and could change). The first thing you have to do is make sure that the users can't get directly out to the outside world (must use the proxy). Then I created and added the following lines in the squid.conf: acl MSN req_mime_type ^application/x-msn-messenger$ http_access deny MSN This identifies the MSN traffic and blocks it (works great, much to my users disgust *grin*). Justin Mahesh P [EMAIL PROTECTED] 22/06/2003 5:59:28 pm
[squid-users] NoProxy directive in apache
Hello, Is there an equivalent to the NoProxy directive used by Apache's proxy server in squid? Otherwise, is there any helper application for squid that would fulfil this function? For instance, would I use a redirector program in this instance? Chris Vaughan.vcf *** This message is intended for the addressee named and may contain confidential information. If you are not the intended recipient, please delete it and notify the sender. Views expressed in this message are those of the individual sender, and are not necessarily the views of the Department of Lands. This email message has been swept by MIMEsweeper for the presence of computer viruses. *** Chris Vaughan.vcf Description: Binary data
Re: [squid-users] snmp woes
thanks henrik, hit the nail on the head.. snmpwalk -v1 -c public proxy1:3401 .1.3.6.1.4.1.3495.1.1 SNMPv2-SMI::enterprises.3495.1.1.1.0 = INTEGER: 8160 SNMPv2-SMI::enterprises.3495.1.1.2.0 = INTEGER: 293484 SNMPv2-SMI::enterprises.3495.1.1.3.0 = Timeticks: (8345869) 23:10:58.69 cheers, ajt. On Tue, Jun 24, 2003 at 11:07:03AM +0200, Henrik Nordstrom wrote: On Tuesday 24 June 2003 03.30, Andrew Thomson wrote: But when I run the following: snmpwalk -c public proxy1:3401 snmpwalk: Timeout There is two issues here: a: Some versions of snmpwalk defaults to SNMPv3, while Squid SNMP implementation is a bit older... try specifying the use of SNMPv1 to snmpwalk. b: You have not specified a startingpoint where snmpwalk should start. As the Squid MIB is outside the standard public MIB-2 MIB it won't be found by snmpwalk unless told to start within or above the location of the Squid MIB.. see the Squid FAQ and the snmpwalk documentation. MIB-2 SMI: iso.org.dod.internet.mgmt.mib-2 (1.3.6.1.2.1) Squid: iso.org.dod.internet.private.enterprices.nlanr.squid (1.3.6.1.4.1.3495.1) Regards Henrik -- Donations welcome if you consider my Free Squid support helpful. https://www.paypal.com/xclick/business=hno%40squid-cache.org If you need commercial Squid support or cost effective Squid or firewall appliances please refer to MARA Systems AB, Sweden http://www.marasystems.com/, [EMAIL PROTECTED]
Re: [squid-users] squid using more bandwidth!!!
Sukhjit, You Byte Hit Ratios is too low. I will suggest better to keep eyes on cachemanager current open requests and c there downloading files... that can be the problem. you are not getting too much load on your cahce. Can you let me know about your maximum_object_size XXX KB maximum_object_size_in_memory XXX KB cache_replacement_policy XXX Let me know again your cacheing space and memory? -- Best Regs, Masood Ahmad Shah System Administrator ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ | * * * * * * * * * * * * * * * * * * * * * * * * | Fibre Net (Pvt) Ltd. Lahore, Pakistan | Tel: +92-42-6677024 | Mobile: +92-300-4277367 | http://www.fibre.net.pk | * * * * * * * * * * * * * * * * * * * * * * * * ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie) All I want is a few minutes alone with the source code for the universe and a quick recompile. - Original Message - From: Sukhjit Singh [EMAIL PROTECTED] To: Ahmad Masood Shah [EMAIL PROTECTED]; squid list [EMAIL PROTECTED]; Henrik Nordstrom [EMAIL PROTECTED] Sent: Wednesday, June 25, 2003 7:20 AM Subject: Re: [squid-users] squid using more bandwidth!!! Dear Ahmad, i am using squid in an ISP invironment, The squid is getting the following number of requests according to mrtg. Max HTTP requests 406.0 req/min Average HTTP requests 152.0 req/min Current HTTP requests 32.0 req/min according to cachemgr Byte Hit Ratios: 5min: 12.1%, 60min: 10.6% according to mrtg the cache stats of # hits Max Hostname-to-Address Hits 129.2 k (25.8%) Average Hostname-to-Address Hits 39.3 k (7.9%) Current Hostname-to-Address Hits 96.1 k I will not be able to use cache without wccp there are some network limitations here. Regards Sukhjit Singh Network Administrator Emmsons Infotech Ltd. SCO 13-14-15, Sec 34A, Chandigarh-160 022 (Ph): +91 172 606664 Mobile 9815228132 [EMAIL PROTECTED] http://www.emmtel.com - Original Message - From: Ahmad Masood Shah [EMAIL PROTECTED] To: Sukhjit Singh [EMAIL PROTECTED]; squid list [EMAIL PROTECTED]; Henrik Nordstrom [EMAIL PROTECTED] Sent: Tuesday, June 24, 2003 2:11 PM Subject: Re: [squid-users] squid using more bandwidth!!! Sukhjit, I had told you before that, You can check in cachemgr or mrtg byte hit ratio, this is what you are saving in bandwidth. Respected Henrik, already have told you some tips to save a little bandwidth quick_abort_max set to 0 and also quick_abrot_min set to 0 KB. But I think it is not the problem. Can you let us know in which enviornment you are using squid ISP or Software house. What about request/sec.. onething more if you have single cache then no need to use wccp you can use simple redirect (route map). no need to put extra load on router and cache for capsulating and deccaps packets. Onething more you will have to put an ACL for your IPs. someone can use your squid minor mistake :) can be.. Keep eyes on access.log and cache.log -- Best Regs, Masood Ahmad Shah System Administrator ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ | * * * * * * * * * * * * * * * * * * * * * * * * | Fibre Net (Pvt) Ltd. Lahore, Pakistan | Tel: +92-42-6677024 | Mobile: +92-300-4277367 | http://www.fibre.net.pk | * * * * * * * * * * * * * * * * * * * * * * * * ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie) All I want is a few minutes alone with the source code for the universe and a quick recompile. - Original Message - From: Sukhjit Singh [EMAIL PROTECTED] To: Ahmad Masood Shah [EMAIL PROTECTED]; [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Tuesday, June 24, 2003 12:16 PM Subject: [squid-users] squid using more bandwidth!!! Dear Henrik/Ahmad once again i need your help regarding the bandwidth usage of squid.It is consuming more bandwidth than saving i doubt if it is saving anything. How i found that squid is using more bandwidth is mentioned below. I have a proxy server with about 50 users and it is connnected to squid with wccp. The ip address of my proxy server is 202.152.128.25 The ip address of my squid server is 202.152.128.2 When i check the ip accounting with a software called netflow i get the following results 202.152.128.2250Kb/s --when using squid+wccp v2 202.152.128.25170Kb/s--when using proxy server alone WITHOUT squid. The following is the http stats. current hits 199.0 req/min current requests 324.0 req/min i have 3 scsi driver 8 GB each and they are 50% full. so what is the fun using squid if it is consuming bandwidth rather saving, kindly do clear me.
[squid-users] HOw to use max_user_ip
hi,all the option max_user_ip is a new function with Squid.2.5 From its description, it seems very useful. However, I'm failed in using it. Are there any advice to me about how to use it? Thanks in advance. ** Li Wei ^-^ HAVE A GOOD DAY ^-^ JFTT E-mail: [EMAIL PROTECTED] **
