[squid-users] Squid CONNECT ACL Problem
Hello Squid Users and Developers, Squid has ACL For CONNECT Method it is acl SSL_ports port 443 563 acl CONNECT method CONNECT http_access deny CONNECT !SSL_ports Why squid has default behaviour to deny CONNECT requests on non-standard SSL Ports Some sites are implementing SSL on non-standard SSL Port So squid's this behaviour is creating problem in surfing such site. I am planning to allow CONNECT on non-standard SSL Port as well but before that i want to know the reasons for default DENY action. Waiting for Reply = Atit Jariwala attachment: winmail.dat
Re: [squid-users] HOw to use max_user_ip
Li Wei [EMAIL PROTECTED] writes: the option max_user_ip is a new function with Squid.2.5 From its description, it seems very useful. However, I'm failed in using it. Are there any advice to me about how to use it? acl multiple max_user_ip -s 1 http_access deny multiple will stop people using a userid on 2 machines simultaneously -- A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing on usenet and in e-mail?
Re: [squid-users] squid using more bandwidth!!!
Dear Sukhjit, I will suggest better to use maximum_object_size 8192 KB maximum_object_size_in_memory 16 KB cache_replacement_policy heap LFUDA These settings can help you to save bandwidth.. for heap LFUDA you will have to recompile your squid source again if you have not compiled squid with heap storing scheme yet... -- Best Regs, Masood Ahmad Shah System Administrator ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ | * * * * * * * * * * * * * * * * * * * * * * * * | Fibre Net (Pvt) Ltd. Lahore, Pakistan | Tel: +92-42-6677024 | Mobile: +92-300-4277367 | http://www.fibre.net.pk | * * * * * * * * * * * * * * * * * * * * * * * * ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie) All I want is a few minutes alone with the source code for the universe and a quick recompile. - Original Message - From: Sukhjit Singh [EMAIL PROTECTED] To: Ahmad Masood Shah [EMAIL PROTECTED]; squid list [EMAIL PROTECTED]; Henrik Nordstrom [EMAIL PROTECTED] Sent: Wednesday, June 25, 2003 11:07 AM Subject: Re: [squid-users] squid using more bandwidth!!! Dear Ahmad, The following are the things required my you. i have this following configs in my squid.conf maximum_object_size 1024 KB maximum_object_size_in_memory 8 KB cache_replacement_policy lru i have 3 scsci drives 8GB each, and below is the disk free status Filesystem 1K-blocks Used Available Use% Mounted on /dev/sda2 4032064 2156128 1671112 57% / /dev/sda5 4087268 51256 3828388 2% /ACACHE /dev/sdb1 8741468 4194104 4103312 51% /BCACHE /dev/sdc1 8741468 4188100 4109316 51% /CCACHE /dev/sda1 100692 10666 84827 12% /boot none256784 0256784 0% /dev/shm i have 512Mb of memory, adn following is the output of the free -m command. [EMAIL PROTECTED] root]# free -m total used free sharedbuffers cached Mem:501496 5 0126106 -/+ buffers/cache: 262238 Swap:515 4511 Hope the above things help you out in getting the solution of my prob, if anything else is required kindly let me know. Regards Sukhjit Singh Network Administrator Emmsons Infotech Ltd. SCO 13-14-15, Sec 34A, Chandigarh-160 022 (Ph): +91 172 606664 Mobile 9815228132 [EMAIL PROTECTED] http://www.emmtel.com - Original Message - From: Ahmad Masood Shah [EMAIL PROTECTED] To: Sukhjit Singh [EMAIL PROTECTED]; squid list [EMAIL PROTECTED]; Henrik Nordstrom [EMAIL PROTECTED] Sent: Wednesday, June 25, 2003 10:56 AM Subject: Re: [squid-users] squid using more bandwidth!!! Sukhjit, You Byte Hit Ratios is too low. I will suggest better to keep eyes on cachemanager current open requests and c there downloading files... that can be the problem. you are not getting too much load on your cahce. Can you let me know about your maximum_object_size XXX KB maximum_object_size_in_memory XXX KB cache_replacement_policy XXX Let me know again your cacheing space and memory? -- Best Regs, Masood Ahmad Shah System Administrator ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ | * * * * * * * * * * * * * * * * * * * * * * * * | Fibre Net (Pvt) Ltd. Lahore, Pakistan | Tel: +92-42-6677024 | Mobile: +92-300-4277367 | http://www.fibre.net.pk | * * * * * * * * * * * * * * * * * * * * * * * * ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie) All I want is a few minutes alone with the source code for the universe and a quick recompile. - Original Message - From: Sukhjit Singh [EMAIL PROTECTED] To: Ahmad Masood Shah [EMAIL PROTECTED]; squid list [EMAIL PROTECTED]; Henrik Nordstrom [EMAIL PROTECTED] Sent: Wednesday, June 25, 2003 7:20 AM Subject: Re: [squid-users] squid using more bandwidth!!! Dear Ahmad, i am using squid in an ISP invironment, The squid is getting the following number of requests according to mrtg. Max HTTP requests 406.0 req/min Average HTTP requests 152.0 req/min Current HTTP requests 32.0 req/min according to cachemgr Byte Hit Ratios: 5min: 12.1%, 60min: 10.6% according to mrtg the cache stats of # hits Max Hostname-to-Address Hits 129.2 k (25.8%) Average Hostname-to-Address Hits 39.3 k (7.9%) Current Hostname-to-Address Hits 96.1 k I will not be able to use cache without wccp there are some network limitations here. Regards Sukhjit Singh Network Administrator Emmsons Infotech Ltd. SCO 13-14-15, Sec 34A, Chandigarh-160 022 (Ph): +91 172 606664 Mobile 9815228132 [EMAIL PROTECTED] http://www.emmtel.com - Original
Re: [squid-users] squid using more bandwidth!!!
Dear Ahmad, i have made the following changes maximum_object_size 8192 KB maximum_object_size_in_memory 16 KB and LFUDA i will do as soon as possible and let you know the results. cache_replacement_policy heap LFUDA Regards Sukhjit Singh Network Administrator Emmsons Infotech Ltd. SCO 13-14-15, Sec 34A, Chandigarh-160 022 (Ph): +91 172 606664 Mobile 9815228132 [EMAIL PROTECTED] http://www.emmtel.com - Original Message - From: Ahmad Masood Shah [EMAIL PROTECTED] To: Sukhjit Singh [EMAIL PROTECTED]; squid list [EMAIL PROTECTED] Sent: Wednesday, June 25, 2003 12:32 PM Subject: Re: [squid-users] squid using more bandwidth!!! Dear Sukhjit, I will suggest better to use maximum_object_size 8192 KB maximum_object_size_in_memory 16 KB cache_replacement_policy heap LFUDA These settings can help you to save bandwidth.. for heap LFUDA you will have to recompile your squid source again if you have not compiled squid with heap storing scheme yet... -- Best Regs, Masood Ahmad Shah System Administrator ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ | * * * * * * * * * * * * * * * * * * * * * * * * | Fibre Net (Pvt) Ltd. Lahore, Pakistan | Tel: +92-42-6677024 | Mobile: +92-300-4277367 | http://www.fibre.net.pk | * * * * * * * * * * * * * * * * * * * * * * * * ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie) All I want is a few minutes alone with the source code for the universe and a quick recompile. - Original Message - From: Sukhjit Singh [EMAIL PROTECTED] To: Ahmad Masood Shah [EMAIL PROTECTED]; squid list [EMAIL PROTECTED]; Henrik Nordstrom [EMAIL PROTECTED] Sent: Wednesday, June 25, 2003 11:07 AM Subject: Re: [squid-users] squid using more bandwidth!!! Dear Ahmad, The following are the things required my you. i have this following configs in my squid.conf maximum_object_size 1024 KB maximum_object_size_in_memory 8 KB cache_replacement_policy lru i have 3 scsci drives 8GB each, and below is the disk free status Filesystem 1K-blocks Used Available Use% Mounted on /dev/sda2 4032064 2156128 1671112 57% / /dev/sda5 4087268 51256 3828388 2% /ACACHE /dev/sdb1 8741468 4194104 4103312 51% /BCACHE /dev/sdc1 8741468 4188100 4109316 51% /CCACHE /dev/sda1 100692 10666 84827 12% /boot none256784 0256784 0% /dev/shm i have 512Mb of memory, adn following is the output of the free -m command. [EMAIL PROTECTED] root]# free -m total used free sharedbuffers cached Mem:501496 5 0126106 -/+ buffers/cache: 262238 Swap:515 4511 Hope the above things help you out in getting the solution of my prob, if anything else is required kindly let me know. Regards Sukhjit Singh Network Administrator Emmsons Infotech Ltd. SCO 13-14-15, Sec 34A, Chandigarh-160 022 (Ph): +91 172 606664 Mobile 9815228132 [EMAIL PROTECTED] http://www.emmtel.com - Original Message - From: Ahmad Masood Shah [EMAIL PROTECTED] To: Sukhjit Singh [EMAIL PROTECTED]; squid list [EMAIL PROTECTED]; Henrik Nordstrom [EMAIL PROTECTED] Sent: Wednesday, June 25, 2003 10:56 AM Subject: Re: [squid-users] squid using more bandwidth!!! Sukhjit, You Byte Hit Ratios is too low. I will suggest better to keep eyes on cachemanager current open requests and c there downloading files... that can be the problem. you are not getting too much load on your cahce. Can you let me know about your maximum_object_size XXX KB maximum_object_size_in_memory XXX KB cache_replacement_policy XXX Let me know again your cacheing space and memory? -- Best Regs, Masood Ahmad Shah System Administrator ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ | * * * * * * * * * * * * * * * * * * * * * * * * | Fibre Net (Pvt) Ltd. Lahore, Pakistan | Tel: +92-42-6677024 | Mobile: +92-300-4277367 | http://www.fibre.net.pk | * * * * * * * * * * * * * * * * * * * * * * * * ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie) All I want is a few minutes alone with the source code for the universe and a quick recompile. - Original Message - From: Sukhjit Singh [EMAIL PROTECTED] To: Ahmad Masood Shah [EMAIL PROTECTED]; squid list [EMAIL PROTECTED]; Henrik Nordstrom [EMAIL PROTECTED] Sent: Wednesday, June 25, 2003 7:20 AM Subject: Re: [squid-users] squid using more bandwidth!!! Dear Ahmad, i am using squid in an ISP invironment, The squid is getting the following number of
Re: [squid-users] Squid CONNECT ACL Problem
atit jariwala wrote: Hello Squid Users and Developers, Squid has ACL For CONNECT Method it is acl SSL_ports port 443 563 acl CONNECT method CONNECT http_access deny CONNECT !SSL_ports Why squid has default behaviour to deny CONNECT requests on non-standard SSL Ports Some sites are implementing SSL on non-standard SSL Port So squid's this behaviour is creating problem in surfing such site. True, the same applies for all sites using none standard http port(s). I am planning to allow CONNECT on non-standard SSL Port as well but before that i want to know the reasons for default DENY action. Allowing it, will make squid a 'hacking door' for your users, possibly using CONNECT methods from hacking applications to for instance relay e-mail on unprotected sites. If you want to be 'Internet friendly' then only open this for ports/sites where you really need it. M. Waiting for Reply = Atit Jariwala -- 'Love is truth without any future. (M.E. 1997)
Re: [squid-users] squid using more bandwidth!!!
h is there any update in bandwidth utilization...I'm sure now you are saving bandwidth best of luck :) and enjoy -- Best Regs, Masood Ahmad Shah System Administrator ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ | * * * * * * * * * * * * * * * * * * * * * * * * | Fibre Net (Pvt) Ltd. Lahore, Pakistan | Tel: +92-42-6677024 | Mobile: +92-300-4277367 | http://www.fibre.net.pk | * * * * * * * * * * * * * * * * * * * * * * * * ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie) All I want is a few minutes alone with the source code for the universe and a quick recompile. - Original Message - From: Sukhjit Singh [EMAIL PROTECTED] To: Ahmad Masood Shah [EMAIL PROTECTED] Sent: Wednesday, June 25, 2003 12:45 PM Subject: Re: [squid-users] squid using more bandwidth!!! Dear Ahmad This is the result from the cachemgr after changes. Request Hit Ratios: 5min: 15.9%, 60min: 15.8% Byte Hit Ratios: 5min: 56.3%, 60min: 50.4% Regards Sukhjit Singh Network Administrator Emmsons Infotech Ltd. SCO 13-14-15, Sec 34A, Chandigarh-160 022 (Ph): +91 172 606664 Mobile 9815228132 [EMAIL PROTECTED] http://www.emmtel.com - Original Message - From: Ahmad Masood Shah [EMAIL PROTECTED] To: Sukhjit Singh [EMAIL PROTECTED] Sent: Wednesday, June 25, 2003 12:59 PM Subject: Re: [squid-users] squid using more bandwidth!!! Sukhjit, ok.. :) -- Best Regs, Masood Ahmad Shah System Administrator ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ | * * * * * * * * * * * * * * * * * * * * * * * * | Fibre Net (Pvt) Ltd. Lahore, Pakistan | Tel: +92-42-6677024 | Mobile: +92-300-4277367 | http://www.fibre.net.pk | * * * * * * * * * * * * * * * * * * * * * * * * ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie) All I want is a few minutes alone with the source code for the universe and a quick recompile. - Original Message - From: Sukhjit Singh [EMAIL PROTECTED] To: Ahmad Masood Shah [EMAIL PROTECTED]; squid list [EMAIL PROTECTED] Sent: Wednesday, June 25, 2003 12:22 PM Subject: Re: [squid-users] squid using more bandwidth!!! Dear Ahmad, i have made the following changes maximum_object_size 8192 KB maximum_object_size_in_memory 16 KB and LFUDA i will do as soon as possible and let you know the results. cache_replacement_policy heap LFUDA Regards Sukhjit Singh Network Administrator Emmsons Infotech Ltd. SCO 13-14-15, Sec 34A, Chandigarh-160 022 (Ph): +91 172 606664 Mobile 9815228132 [EMAIL PROTECTED] http://www.emmtel.com - Original Message - From: Ahmad Masood Shah [EMAIL PROTECTED] To: Sukhjit Singh [EMAIL PROTECTED]; squid list [EMAIL PROTECTED] Sent: Wednesday, June 25, 2003 12:32 PM Subject: Re: [squid-users] squid using more bandwidth!!! Dear Sukhjit, I will suggest better to use maximum_object_size 8192 KB maximum_object_size_in_memory 16 KB cache_replacement_policy heap LFUDA These settings can help you to save bandwidth.. for heap LFUDA you will have to recompile your squid source again if you have not compiled squid with heap storing scheme yet... -- Best Regs, Masood Ahmad Shah System Administrator ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ | * * * * * * * * * * * * * * * * * * * * * * * * | Fibre Net (Pvt) Ltd. Lahore, Pakistan | Tel: +92-42-6677024 | Mobile: +92-300-4277367 | http://www.fibre.net.pk | * * * * * * * * * * * * * * * * * * * * * * * * ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie) All I want is a few minutes alone with the source code for the universe and a quick recompile. - Original Message - From: Sukhjit Singh [EMAIL PROTECTED] To: Ahmad Masood Shah [EMAIL PROTECTED]; squid list [EMAIL PROTECTED]; Henrik Nordstrom [EMAIL PROTECTED] Sent: Wednesday, June 25, 2003 11:07 AM Subject: Re: [squid-users] squid using more bandwidth!!! Dear Ahmad, The following are the things required my you. i have this following configs in my squid.conf maximum_object_size 1024 KB maximum_object_size_in_memory 8 KB cache_replacement_policy lru i have 3 scsci drives 8GB each, and below is the disk free status Filesystem 1K-blocks Used Available Use% Mounted on /dev/sda2 4032064 2156128 1671112 57% / /dev/sda5 4087268 51256 3828388 2% /ACACHE /dev/sdb1
Re: [squid-users] My ignorance or Squid lack this?
On Wednesday 25 June 2003 00.21, Bernhard Erdmann wrote: Well, my feeling is you should talk to your user and explain him why sucking at 2 Mb/s is bad would help much more than relying on technical solutions. Or better yet, make use of the delay pool feature in Squid to prevent users from getting that much bandwidth. Users have very little control over how much bandwidth they will use while downloading something. Most web clients tends to try to get things as fast as they can with no option to slow down things to reasonable speeds to be friendly.. Regards Henrik
[squid-users] Re: squid and google
On Wednesday 25 June 2003 01.48, [EMAIL PROTECTED] wrote: Hi, we have been running Squid 2.5.STABLE.1 successfully for some time now. However, when the internet clients perform a Google search and click on the Google Cached Pages, it will be blocked i.e. the Internet clients will be re-directed to the Corporate Warning page that we developed. The question you need to ask is why your setup gives the user your Corporate Warning page when the user asks for google cached pages. As this is some invention of you we cannot help you without an explanation how this is set up. How is the redirection to this Corporate Warning page implemented, and what is the criterias for it to happen? Regards Henrik
[squid-users] Re: So far So good Re: [squid-users] Squid + ICAP
On Wednesday 25 June 2003 03.07, Chijioke Kalu wrote: Jun 25 01:38:30 psyche08 squid: init_cache_dir to... Jun 25 01:38:33 psyche08 squid: init_cache_dir cache_dir... Jun 25 01:38:33 psyche08 squid: init_cache_dir Type... Jun 25 01:38:33 psyche08 squid: init_cache_dir can... Jun 25 01:38:33 psyche08 squid: init_cache_dir ufs... Jun 25 01:38:33 psyche08 squid: init_cache_dir aufs... Jun 25 01:38:33 psyche08 squid: init_cache_dir diskd... Jun 25 01:38:33 psyche08 squid: init_cache_dir this... Jun 25 01:38:33 psyche08 squid: init_cache_dir cache_dir... Jun 25 01:38:33 psyche08 squid: init_cache_dir directory,... Jun 25 01:38:33 psyche08 squid: init_cache_dir representation... Jun 25 01:38:33 psyche08 squid: init_cache_dir '.' Jun 25 01:38:33 psyche08 squid: init_cache_dir have... Jun 25 01:38:34 psyche08 squid: init_cache_dir to... Jun 25 01:38:34 psyche08 squid: init_cache_dir file Jun 25 01:38:34 psyche08 squid: init_cache_dir correct... Jun 25 01:38:34 psyche08 squid: init_cache_dir to... Not normal. Never seen this before. Checking.. looks like it is a bug in the script you use for starting Squid. This message does not even exists in Squid. This message does exists in the RedHat init script, but should not give the above errors. The above errors is consistent with a script designed like the RedHat init script but without the filter to ignore comment lines. Regards Henrik -- Donations welcome if you consider my Free Squid support helpful. https://www.paypal.com/xclick/business=hno%40squid-cache.org If you need commercial Squid support or cost effective Squid or firewall appliances please refer to MARA Systems AB, Sweden http://www.marasystems.com/, [EMAIL PROTECTED]
[squid-users] Re: Squid CONNECT ACL Problem
On Wednesday 25 June 2003 08.37, atit jariwala wrote: Some sites are implementing SSL on non-standard SSL Port So squid's this behaviour is creating problem in surfing such site. I am planning to allow CONNECT on non-standard SSL Port as well but before that i want to know the reasons for default DENY action. To protect from abuse of the proxy to connect to other services like SMTP/IRC/whatever... CONNECT opens a full duplex TCP transport tunnel via the proxy. It is better if you just extend the ACL with the ports of troublesome sites. Regards Henrikm
Re: [squid-users] Howto Block Msn Messenger in Squid !!
On Wednesday 25 June 2003 06.11, Justin Hennessy wrote: I am afraid I am not sure. I haven't setup a transparent proxy before. On that, could you point me to some good doco to help with do this. There is the squid FAQ. There is also many other documents floating around on the Intenet on this topic. Try google. Regards Henrik -- Donations welcome if you consider my Free Squid support helpful. https://www.paypal.com/xclick/business=hno%40squid-cache.org If you need commercial Squid support or cost effective Squid or firewall appliances please refer to MARA Systems AB, Sweden http://www.marasystems.com/, [EMAIL PROTECTED]
Re: [squid-users] NoProxy directive in apache
On Wednesday 25 June 2003 06.49, Chris Vaughan wrote: Is there an equivalent to the NoProxy directive used by Apache's proxy server in squid? Yes. See the Squid FAQ. Regards Henrik -- Donations welcome if you consider my Free Squid support helpful. https://www.paypal.com/xclick/business=hno%40squid-cache.org If you need commercial Squid support or cost effective Squid or firewall appliances please refer to MARA Systems AB, Sweden http://www.marasystems.com/, [EMAIL PROTECTED]
Re: [squid-users] HOw to use max_user_ip
On Wednesday 25 June 2003 08.00, Li Wei wrote: hi,all the option max_user_ip is a new function with Squid.2.5 From its description, it seems very useful. However, I'm failed in using it. What have you tried? Regards Henrik -- Donations welcome if you consider my Free Squid support helpful. https://www.paypal.com/xclick/business=hno%40squid-cache.org If you need commercial Squid support or cost effective Squid or firewall appliances please refer to MARA Systems AB, Sweden http://www.marasystems.com/, [EMAIL PROTECTED]
[squid-users] Ntlm authentication down to groups
Dear Henrik, list, i think that i have read for a few days that is possible to authenticate users from a NT Domain down to groups in Squid 2.5. I've installed an Squid 2.5 Stable 1 and i want to know if I can realize this: 1) The authentication for users from my NT Domain is working fine, but i'm wondering why I get this Error message in the message file: Jun 25 10:59:10 proxy2 msnt_auth[14106]: AddServer: Ignoring host 'my_PDC'. Cannot resolve its address. Jun 25 10:59:10 proxy2 msnt_auth[14106]: OpenConfigFile: No servers set in /etc/squid/msntauth.conf. At least one is needed. nslookup is working for my pdc and bdc on this server, i also added them in the hosts file.so what's wrong? 2)Is it possible to exclude Domain Users by entering the WinNT DomainUser name in the msntauth.denyusers? 3) Can I tell squid only to authenticate users from my NT Domain which are in the group internet for example? Best Regards Thomas
Re: [squid-users] squid reverse refreshing
ons 2003-06-25 klockan 11.58 skrev Sjaak Nabuurs: I've 5 server with website running behand a reverse squid server. But the webmasters of the websites behind squid are complaining that when they modify and upload a page the don't get ea fresh page. In M$IE it's the ctrl + F5 button to get it fresh. Is there anyway to keep squid optimal like now (85% hit ratio) and keep my webmasters happy. Not easily. There is a tradeoff between caching and how quick updates are seen. But, if your webmasters are using somewhat recent versions of MSIE then a plain reload should give them the current version. Some older versions of MSIE requires MSIE to be configured to use a proxy for the reload button to work in combination with accelerators. -- Donations welcome if you consider my Free Squid support helpful. https://www.paypal.com/xclick/business=hno%40squid-cache.org Please consult the Squid FAQ and other available documentation before asking Squid questions, and use the squid-users mailing-list when no answer can be found. Private support questions is only answered for a fee or as part of a commercial Squid support contract. If you need commercial Squid support or cost effective Squid and firewall appliances please refer to MARA Systems AB, Sweden http://www.marasystems.com/, [EMAIL PROTECTED]
Re: [squid-users] squid using more bandwidth!!!
ons 2003-06-25 klockan 04.20 skrev Sukhjit Singh: i am using squid in an ISP invironment, The squid is getting the following number of requests according to mrtg. Max HTTP requests 406.0 req/min Average HTTP requests 152.0 req/min Current HTTP requests 32.0 req/min according to cachemgr Byte Hit Ratios: 5min: 12.1%, 60min: 10.6% So according to Squid you are saving around 10% of the bandwidth. Maybe you have unauthorized users using the proxy and this is why your router shows higher bandwidth utilization? Check your access.log for IP addresses not yours, and verify your access controls (http_access rules, firewalling of the Squid proxy is also recommended). Regards Henrik -- Donations welcome if you consider my Free Squid support helpful. https://www.paypal.com/xclick/business=hno%40squid-cache.org Please consult the Squid FAQ and other available documentation before asking Squid questions, and use the squid-users mailing-list when no answer can be found. Private support questions is only answered for a fee or as part of a commercial Squid support contract. If you need commercial Squid support or cost effective Squid and firewall appliances please refer to MARA Systems AB, Sweden http://www.marasystems.com/, [EMAIL PROTECTED]
Re: [squid-users] Re: squid and google
On Wed, Jun 25, 2003 at 09:59:39AM +0200, Henrik Nordstrom wrote: The question you need to ask is why your setup gives the user your Corporate Warning page when the user asks for google cached pages. Oh, that is probably quite easy. Some clever people have worked out that you can bypass porn/undesired content filters by plugging the right words into google and then surfing the cached pages. You get to see most of the content but unless the search criteria are logged there is nothing in the logs to show you have done anything that is against the stated policy. You can do the same with the image search. -- Brett Lymn
Re: [squid-users] Re: So far So good Re: [squid-users] Squid + ICAP
On Wed, Jun 25, 2003 at 10:11:02AM +0200, Henrik Nordstrom wrote: On Wednesday 25 June 2003 03.07, Chijioke Kalu wrote: Jun 25 01:38:30 psyche08 squid: init_cache_dir to... Jun 25 01:38:33 psyche08 squid: init_cache_dir cache_dir... Jun 25 01:38:33 psyche08 squid: init_cache_dir Type... Jun 25 01:38:33 psyche08 squid: init_cache_dir can... Jun 25 01:38:33 psyche08 squid: init_cache_dir ufs... Jun 25 01:38:33 psyche08 squid: init_cache_dir aufs... Jun 25 01:38:33 psyche08 squid: init_cache_dir diskd... Jun 25 01:38:33 psyche08 squid: init_cache_dir this... Jun 25 01:38:33 psyche08 squid: init_cache_dir cache_dir... Jun 25 01:38:33 psyche08 squid: init_cache_dir directory,... Jun 25 01:38:33 psyche08 squid: init_cache_dir representation... Jun 25 01:38:33 psyche08 squid: init_cache_dir '.' Jun 25 01:38:33 psyche08 squid: init_cache_dir have... Jun 25 01:38:34 psyche08 squid: init_cache_dir to... Jun 25 01:38:34 psyche08 squid: init_cache_dir file Jun 25 01:38:34 psyche08 squid: init_cache_dir correct... Jun 25 01:38:34 psyche08 squid: init_cache_dir to... Checking.. looks like it is a bug in the script you use for starting Squid. This message does not even exists in Squid. To me that looks like one of the helpful comments in the squid.conf, are you sure you have not mangled a couple of lines together accidentally in squid.conf, near the cache_dir directive? -- Brett Lymn
[squid-users] Configuring Squid to run with Elster Client
Hi, for using the Elster Windows Client (www.elster.de) this needs spezial requirements. The internal running Port 3128 works fine for internet browsing. But Elster needs spezial Entries we have implemented in /etc/squid.conf but not working. Elster needs for the local Network the following Ports: 1024 -- Gateway to 62.157.211.58 Port 8000 1025 -- Gateway to 62.157.211.59 Port 8000 1026 -- Gateway to 194.112.100.70 Port 8000 1027 -- Gateway to 193.109.238.26 Port 8000 1029 -- Gateway to 193.109.238.27 Port 8000 *The IP-Adresses are spezial Servers of Elster We have this Gateway functionality testet in JanaProxy (Konfiguration Example: http://www.voks.de/Programminfos/Konfiguration_AVMKEN_Jana.pdf) and this works from the same Server in Windows VMWare Session. The Host System ist SuSE Linux 8.0. In the future all German companies would work with Elster and if they are using Squid Proxy this should work. # ## squid.conf # http_port 192.x.x.x:3128 http_port 192.x.x.x:1024 http_port 192.x.x.x:1025 http_port 192.x.x.x:1026 http_port 192.x.x.x:1027 http_port 192.x.x.x:1028 http_port 192.x.x.x:1029 We have not found where to configure Gateway functions. So we do that in cache_peer # ## cache_peer # cache_peer 62.157.211.58 parent 1024 8000 cache_peer 62.157.211.59 parent 1025 8000 cache_peer 194.112.100.70 parent 1026 8000 cache_peer 193.109.238.26 parent 1027 8000 cache_peer 193.109.238.27 parent 1028 8000 # ## acl (works for internet browsing) # acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl SSL_ports port 443 563 acl Safe_ports port 80 21 443 563 70 210 280 488 591 777 1025-65535 acl CONNECT method CONNECT acl allowed_hosts src 192.x.x.0/255.255.255.0 # Only allow cachemgr access from localhost http_access allow manager localhost http_access deny manager http_access allow localhost # Deny requests to unknown ports http_access deny !Safe_ports # Deny CONNECT to other than SSL ports http_access deny CONNECT !SSL_ports http_access allow allowed_hosts http_access deny all Can anyone help us? Regards i.A. Michael Ehlers adata Software GmbH -- Telefon : 04231/804-0 Telefax : 04231/804-400 Lohn Gehalt : 0190/884331 Fibu / Kost / Anla: 0190/884332 Auf / Av / B+E / List : 0190/884333 Bde / Pze : 0190/884334 Systemsupport : 0190/884335 Telefax Lohnhotline : 04231/804-401 -- adata Software GmbH Windmühlenstrasse 15 27283 Verden http://www.adata.de --
Re: [squid-users] cache_peer for authorisation on upstream proxy
Hi Henrik, yes this is correct that there is nothing to cache on https, I know this but my problem is that the proxy authorisation on ssl connections does not work on M$ Browsers IE6 ;o( The Browsers crash if there was no authorisation over a http session first. So I search for a way to do this with a trick (upstream for auth). Regards Daniel Server Environment for my ssl tests: OS:Win32 NT4-XP Squid:SquidNT 2.3 - 2.6 - Original Message - From: Henrik Nordstrom [EMAIL PROTECTED] To: Mr. Proxy [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Friday, June 13, 2003 2:40 PM Subject: Re: [squid-users] cache_peer for authorisation on upstream proxy fre 2003-06-13 klockan 12.54 skrev Mr. Proxy: On Squid: squid.conf cache_peer [IPProxy for Auth] parent 8080 7 no-query no-digest no-netdb-exchange default login=PASS Is it correct that this only works for http and not for https? If works just as fine for https, but you will need to tell Squid that it is inside a firewall, or else it won't use peers for https as there is no benefit in caching (proxied https traffic is always uncacheable). Regards Henrik --- snip ---
Re: [squid-users] squid reverse refreshing
Most webmasters use MSIE 6.0 Is refresh_pattern a the best option for this problem. I use this refresh_pattern \. 300 90% 10400 override-lastmod override-expire reload-into-ims But what your best practice. Thanks for quick responding. In M$IE it's the ctrl + F5 button to get it fresh. Is there anyway to keep squid optimal like now (85% hit ratio) and keep my webmasters happy. Not easily. There is a tradeoff between caching and how quick updates are seen. But, if your webmasters are using somewhat recent versions of MSIE then a plain reload should give them the current version. Some older versions of MSIE requires MSIE to be configured to use a proxy for the reload button to work in combination with accelerators.
Re: [squid-users] squid using more bandwidth!!!
do you know of email spiders and email mass mailing programs, there good culprits at choping up bandwidth, and if u dont have some sort bandwidth manager, it means u could have some users downloading at 10 times the speed for normal http access ons 2003-06-25 klockan 04.20 skrev Sukhjit Singh: i am using squid in an ISP invironment, The squid is getting the following number of requests according to mrtg. Max HTTP requests 406.0 req/min Average HTTP requests 152.0 req/min Current HTTP requests 32.0 req/min according to cachemgr Byte Hit Ratios: 5min: 12.1%, 60min: 10.6% So according to Squid you are saving around 10% of the bandwidth. Maybe you have unauthorized users using the proxy and this is why your router shows higher bandwidth utilization? Check your access.log for IP addresses not yours, and verify your access controls (http_access rules, firewalling of the Squid proxy is also recommended). Regards Henrik _ Protect your PC - get McAfee.com VirusScan Online http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963
Re: [squid-users] Configuring Squid to run with Elster Client
Michael Ehlers [EMAIL PROTECTED] wrote: for using the Elster Windows Client (www.elster.de) this needs spezial requirements. The internal running Port 3128 works fine for internet browsing. But Elster needs spezial Entries we have implemented in /etc/squid.conf but not working. Elster needs for the local Network the following Ports: 1024 -- Gateway to 62.157.211.58 Port 8000 1025 -- Gateway to 62.157.211.59 Port 8000 1026 -- Gateway to 194.112.100.70 Port 8000 1027 -- Gateway to 193.109.238.26 Port 8000 1029 -- Gateway to 193.109.238.27 Port 8000 *The IP-Adresses are spezial Servers of Elster We have this Gateway functionality testet in JanaProxy (Konfiguration Example: http://www.voks.de/Programminfos/Konfiguration_AVMKEN_Jana.pdf) and this works from the same Server in Windows VMWare Session. The Host System ist SuSE Linux 8.0. In the future all German companies would work with Elster and if they are using Squid Proxy this should work. Hmm, does this application talk HTTP to these special servers? If not, then Squid is not the right tool. Assuming it's a special protocol you need either a generic proxy or just open up the firewall for those clients to talk on these special ports to those servers. Another approach could be to use the DNAT (destination address translation) functionality of ithe Linux iptables firewall. And slap the developers of Elster for not using standard protocols. This will be much fun for a lot of german systems administrators... Cheers, Juri -- Juri Haberland [EMAIL PROTECTED]
Re: [squid-users] My ignorance or Squid lack this?
ons 2003-06-25 klockan 13.38 skrev Mohsin Khan: Well ppl True, but there are certain limitations, if give squid a HUP signal or restart it, it will not only close all the download sessions, but there are certain java applications that run through browsers and well they maintain login sessions, and once squid is closed there session is closed as well and they have to download the API's again, and relogin. A HUP does not close any sessions. A restart does. A JAVA applet using HTTP should not notice the restart of the proxy, unless if it is actively fetching something at the time the proxy is restarted. Sessions is a business between the applet and the web server, not actively involving the proxy. If you have an applet using the proxy as a tunnel via the CONNECT method to reach some server application then you indeed have this problem, but only because you are using the HTTP proxy for things it is not intended to be used for (for such purposes a SOCKS proxy should be used). Secondly in my enviroment i can not restrict the bandwidth, its just that users are educated to not to download like this, but if some one do than there must be so accountability. Accontability you have. The session is logged when it finishes, and running sessions is visible in the cachemgr interface. Why can you not restrict bandwidth? If you already have the policy that users must not download like this, why not make a rule which denies them to do so? It is very easy to do in Squid without limiting the speed of normal browsing. What you do not have in Squid is the possibility to actively terminate unwanted sessions. But if nothing else a temporary firewall rule (both Linux and FreeBSD have integrated firewalls) can be used to block a download once the session is identified and you can not reach the user to ask them to stop what they are doing. Adding a function natively to Squid to selectively terminate sessions is possible, but requires a bit of coding as it is not a function which exists today. Regards Henrik -- Donations welcome if you consider my Free Squid support helpful. https://www.paypal.com/xclick/business=hno%40squid-cache.org Please consult the Squid FAQ and other available documentation before asking Squid questions, and use the squid-users mailing-list when no answer can be found. Private support questions is only answered for a fee or as part of a commercial Squid support contract. If you need commercial Squid support or cost effective Squid and firewall appliances please refer to MARA Systems AB, Sweden http://www.marasystems.com/, [EMAIL PROTECTED]
Re: [squid-users] logging of user agents
Hi, I should have made things more clear, sorry. I want the user agent to be logged together with the request in one file in one line. I tested useragent_log in squid.conf but this gives you an extra logfile with only the user agent logged in it. If you have multiple requests per second I'm not able to match requests and user agents. On the squid developer site there are several links to patches for including the user agent in the native squid log. My question was which of these patches you guys would recommend to use. Thanks, Frank Marc Elsen wrote: Frank Neumann wrote: Hi folks, which patch should I use to get the user agent logged in access.log? What are your recommendations and experiences? Target will be squid 2.5. By your command, excerpt from squid.conf.default : # TAG: useragent_log # Note: This option is only available if Squid is rebuilt with the # --enable-useragent-log option # # Squid will write the User-Agent field from HTTP requests # to the filename specified here. By default useragent_log # is disabled. # #Default: # none
Re: [squid-users] squid using more bandwidth!!!
ons 2003-06-25 klockan 14.41 skrev Chijioke Kalu: do you know of email spiders and email mass mailing programs, there good culprits at choping up bandwidth, and if u dont have some sort bandwidth manager, it means u could have some users downloading at 10 times the speed for normal http access Yes, but those show up in the cache statistics just like any other HTTP client. -- Donations welcome if you consider my Free Squid support helpful. https://www.paypal.com/xclick/business=hno%40squid-cache.org Please consult the Squid FAQ and other available documentation before asking Squid questions, and use the squid-users mailing-list when no answer can be found. Private support questions is only answered for a fee or as part of a commercial Squid support contract. If you need commercial Squid support or cost effective Squid and firewall appliances please refer to MARA Systems AB, Sweden http://www.marasystems.com/, [EMAIL PROTECTED]
[squid-users] Problem with squid Auth
Hi, I'm running Squid-2.5STABLE1 with the winbind authentication. Browsing works fine, but some other applications like RealPlayer (RealOne) don't. Another application that doesn't work is MSN Messenger (tested with versions 5.0 and 6.0). I setup proxy, username/passwd in Connection Tab, but it still doesn't work. Access.log contains only one entry: TCP_DENIED/407 2032 POST http://gateway.messenger.hotmail.com/gateway/gateway.dll? - NONE/- text/html If I define the ACL to allow connection to Messenger servers without authentication MSN Messenger client works fine. Does anyone have MSN Messenger working properly with proxy authentication? If someone has any suggestion for RealPlayer, I'd be really thankful!! Regards, Tan _ Hotmail is now available on Australian mobile phones. Go to http://ninemsn.com.au/mobilecentral/signup.asp
Re: [squid-users] My ignorance or Squid lack this?
Ok, I can limit downloads, but this is not ths solution, this is just a backdoor way out, there should be more control over client sessions, A GUI interface or command line utility, that can alter individual sessions. There are certain java aplications that are embeded, and for them using socks it not possible, they use HTTP, more over certain XML applications work in the same manner. http://www-svca.mercuryinteractive.com/products/testdirector I would like to put my head in the source and i guess i would not have to do much, since squid logs every session and every request. --- Henrik Nordstrom [EMAIL PROTECTED] wrote: ons 2003-06-25 klockan 13.38 skrev Mohsin Khan: Well ppl True, but there are certain limitations, if give squid a HUP signal or restart it, it will not only close all the download sessions, but there are certain java applications that run through browsers and well they maintain login sessions, and once squid is closed there session is closed as well and they have to download the API's again, and relogin. A HUP does not close any sessions. A restart does. A JAVA applet using HTTP should not notice the restart of the proxy, unless if it is actively fetching something at the time the proxy is restarted. Sessions is a business between the applet and the web server, not actively involving the proxy. If you have an applet using the proxy as a tunnel via the CONNECT method to reach some server application then you indeed have this problem, but only because you are using the HTTP proxy for things it is not intended to be used for (for such purposes a SOCKS proxy should be used). Secondly in my enviroment i can not restrict the bandwidth, its just that users are educated to not to download like this, but if some one do than there must be so accountability. Accontability you have. The session is logged when it finishes, and running sessions is visible in the cachemgr interface. Why can you not restrict bandwidth? If you already have the policy that users must not download like this, why not make a rule which denies them to do so? It is very easy to do in Squid without limiting the speed of normal browsing. What you do not have in Squid is the possibility to actively terminate unwanted sessions. But if nothing else a temporary firewall rule (both Linux and FreeBSD have integrated firewalls) can be used to block a download once the session is identified and you can not reach the user to ask them to stop what they are doing. Adding a function natively to Squid to selectively terminate sessions is possible, but requires a bit of coding as it is not a function which exists today. Regards Henrik -- Donations welcome if you consider my Free Squid support helpful. https://www.paypal.com/xclick/business=hno%40squid-cache.org Please consult the Squid FAQ and other available documentation before asking Squid questions, and use the squid-users mailing-list when no answer can be found. Private support questions is only answered for a fee or as part of a commercial Squid support contract. If you need commercial Squid support or cost effective Squid and firewall appliances please refer to MARA Systems AB, Sweden http://www.marasystems.com/, [EMAIL PROTECTED] = Regards, Mohsin Khan CCNA ( Cisco Certified Network Associate 2.0 ) Happy is the one who can smile __ Do you Yahoo!? SBC Yahoo! DSL - Now only $29.95 per month! http://sbc.yahoo.com
Re: [squid-users] My ignorance or Squid lack this?
On Wednesday 25 June 2003 17.59, Mohsin Khan wrote: I would like to put my head in the source and i guess i would not have to do much, since squid logs every session and every request. The easiest place is probably via the filedescriptor table in cachemgr. If you comm_close() the offending filedescriptor then the session is terminated immediately. The cachemgr changes in this old patch of mine might be useful for this purpose: http://devel.squid-cache.org/hno/patches/squid-2.2.PRE1.cachemgr_acl_refresh.patch This patch adds a menu where acls can be selectively reloaded via cachemgr, to avoid needing to do a full reconfigure after changing an included acl file. It was rejected as Duane did not want to have more active actions via the cachemgr interface. Regards Henrik
Re: [squid-users] squid using more bandwidth!!!
On Wednesday 25 June 2003 17.39, Chijioke Kalu wrote: as regards to this (espiders emailling progs) , do you know of anyway I can tell squid to refuse connections or drop the connections, or limit the bandwidth used for this specific programs, cause they do give me problems There is multiple approaches. See delay_pools, acl max_user_ip, acl browser, http_access and deny_info directives. Your first task is figuring out how these can be identified. Some access.log data with log_mime_hdrs enabled is a very good start (keep this private to yourself as the data may contain users private passwords etc). Regards Henrik
Re: [squid-users] My ignorance or Squid lack this?
On Wednesday 25 June 2003 17.59, Mohsin Khan wrote: Ok, I can limit downloads, but this is not ths solution, this is just a backdoor way out, there should be more control over client sessions, A GUI interface or command line utility, that can alter individual sessions. I am of the opposite, considering manual tools as a backdor way out from a poor system.. Properly running systems should be self-regulating where possible not requiring manual intervention to correct bad situations. delay pools is one very good tool for making self-regulating systems. There are certain java aplications that are embeded, and for them using socks it not possible, they use HTTP, more over certain XML applications work in the same manner. If they really use HTTP then they will in most cases not care if the proxy is restarted, as long as the proxy is restarted in a timely fashion. Regards Henrik
[squid-users] newbie: WARNING cache_mem is larger than total disk cache space!
Sorry for what must be a dumb question, but I can't get this error to go away on my new Squid setup. # service squid reload 2003/06/24 16:59:58| WARNING cache_mem is larger than total disk cache space! Here's my config: # squid -v Squid Cache: Version 2.4.STABLE6 # cat /etc/squid/squid.conf|grep ^cache_dir cache_dir ufs /usr/local/squid/var/cache 8000 16 256 # cat /etc/squid/squid.conf|grep ^cache_mem cache_mem 500 MB # cd /usr/local/squid/var/cache # df -h . FilesystemSize Used Avail Use% Mounted on /dev/hde2 12G 1.6G 10G 14% /usr And cachemgr.cgi says: Store Directory Statistics: Store Entries : 8322 Maximum Swap Size : 8192000 KB Current Store Swap Size: 73156 KB Current Capacity : 1% used, 99% free Store Directory #0 (ufs): /usr/local/squid/var/cache FS Block Size 4096 Bytes First level subdirectories: 16 Second level subdirectories: 256 Maximum Size: 8192000 KB Current Size: 73156 KB Percent Used: 0.89% Filemap bits in use: 8285 of 32768 (25%) Filesystem Space in use: 1593928/12825536 KB (12%) Filesystem Inodes in use: 101064/1632000 (6%) Flags: SELECTED Removal policy: lru LRU reference age: 11.34 days Thanks, in advance for your help (and for the cool software). --Karl
Re: [squid-users] newbie: WARNING cache_mem is larger than total disk cache space!
On Wednesday 25 June 2003 20.02, Karl Kopper wrote: # service squid reload 2003/06/24 16:59:58| WARNING cache_mem is larger than total disk cache space! Here's my config: # squid -v Squid Cache: Version 2.4.STABLE6 Upgrading may be a good idea.. especially if you are making a new Squid setup. The current stable and maintained Squid release is Squid-2.5.STABLE3. # cat /etc/squid/squid.conf|grep ^cache_dir cache_dir ufs /usr/local/squid/var/cache 8000 16 256 # cat /etc/squid/squid.conf|grep ^cache_mem cache_mem 500 MB Looks like you should not get the above warning.. and I don't if I use the exact same configuration (well, a different path to the cache directory) in Squid-2.5. But are you absolutely sure you want this huge cache_mem setting? See the Squid FAQ chapter on memory usage.. Regards Henrik -- Donations welcome if you consider my Free Squid support helpful. https://www.paypal.com/xclick/business=hno%40squid-cache.org If you need commercial Squid support or cost effective Squid or firewall appliances please refer to MARA Systems AB, Sweden http://www.marasystems.com/, [EMAIL PROTECTED]
[squid-users] Re: Subject: Re: [squid-users] Accelerator thru a firewall
On Thursday 26 June 2003 00.16, Mikko Lahikainen wrote: Would it be possible (with squid 3.0) to do password authentication while forwarding https requests to exchange web access box. Yes, provided your accelerator uses the same login+password database as your Exchange server. The HTTP protocol only has room for a single login slot for the web server per request (accelerators counts as part of the web server in terms of HTTP). If you want to have different logins for the accelerator and exchange server then at least one of the two must use cookie based authentication, but I am not sure if Exchange supports cookie authentication and there is no helper published for cookie based authentication to Squid accelerators. Regards Henrik
[squid-users] saving bandwidth with squid+wccp
Dear all squid gurus, kindly tell me how to increase byte hit ratio or how to save bandwidth with squid+wccp. Regards Sukhjit Singh
Re: [squid-users] saving bandwidth with squid+wccp
Sukhjit, WCCP can not save bandwidth :) you will have to study it first... If you talk about to increase byte hit ratio you will have to study in squid refresh_pattren I'm sure it will help -- Best Regs, Masood Ahmad Shah System Administrator ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ | * * * * * * * * * * * * * * * * * * * * * * * * | Fibre Net (Pvt) Ltd. Lahore, Pakistan | Tel: +92-42-6677024 | Mobile: +92-300-4277367 | http://www.fibre.net.pk | * * * * * * * * * * * * * * * * * * * * * * * * ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie) All I want is a few minutes alone with the source code for the universe and a quick recompile. - Original Message - From: Sukhjit Singh [EMAIL PROTECTED] To: Henrik Nordstrom [EMAIL PROTECTED] Cc: squid list [EMAIL PROTECTED] Sent: Thursday, June 26, 2003 9:25 AM Subject: [squid-users] saving bandwidth with squid+wccp Dear all squid gurus, kindly tell me how to increase byte hit ratio or how to save bandwidth with squid+wccp. Regards Sukhjit Singh
Re: [squid-users] Squid and bandwidth saving!!!
first of all keep in mind always CC to squid list please.. where you are getting problem to make MRTG? What type of favor you are looking for ? -- Best Regs, Masood Ahmad Shah System Administrator ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ | * * * * * * * * * * * * * * * * * * * * * * * * | Fibre Net (Pvt) Ltd. Lahore, Pakistan | Tel: +92-42-6677024 | Mobile: +92-300-4277367 | http://www.fibre.net.pk | * * * * * * * * * * * * * * * * * * * * * * * * ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie) All I want is a few minutes alone with the source code for the universe and a quick recompile. - Original Message - From: Li Wei [EMAIL PROTECTED] To: Ahmad Masood Shah [EMAIL PROTECTED] Sent: Thursday, June 26, 2003 8:50 AM Subject: Re: [squid-users] Squid and bandwidth saving!!! hi, Your suggestion sounds good to me. However, I dont know how to make MRTG specifical for Squid. Can you do me a favor? Any comments would be welcome - Original Message - From: Ahmad Masood Shah [EMAIL PROTECTED] To: Sukhjit Singh [EMAIL PROTECTED]; squid list [EMAIL PROTECTED] Sent: Monday, June 23, 2003 3:21 PM Subject: Re: [squid-users] Squid and bandwidth saving!!! If you are using Squid then let me tell you, you did not need to configure Squid if you have 50 or less clients. Squid by default do all things regarding caching:) you can make MRTG for Squid too. And show these MRTG to your boss. there will be byte hit ratio and this is what you are saving bandwidth in %. Can you let me know, in which enviornment you are using squid. software house or ISP. Most of the user are doing downloading or Browsing? What you are seening in access.log and cache.log? -- Best Regs, Masood Ahmad Shah System Administrator ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ | * * * * * * * * * * * * * * * * * * * * * * * * | Fibre Net (Pvt) Ltd. Lahore, Pakistan | Tel: +92-42-6677024 | Mobile: +92-300-4277367 | http://www.fibre.net.pk | * * * * * * * * * * * * * * * * * * * * * * * * ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie) All I want is a few minutes alone with the source code for the universe and a quick recompile. - Original Message - From: Sukhjit Singh [EMAIL PROTECTED] To: Henrik Nordstrom [EMAIL PROTECTED]; Frank Fegert [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Sunday, June 22, 2003 1:56 PM Subject: [squid-users] Squid and bandwidth saving!!! Dear all squid gurus, Kindly help me with this, i have configured mrtg on my gateway routers (serial interface) in order to check the bandwidth utilisation. I am using squid +wccp for my users who access internet and the fact is that there is no difference in the bandwidth utilization even if the squid is working or not. I have 3 scsi drives and they are 43% filled and i am getting Request56 - 100/minute hits 23- 70/minute So if squid is not able to save bandwidth then Y using a server and resources for it.This is the question my Boss in asking from me.What shoud be my answer Regards Sukhjit Singh Network Administrator Emmsons Infotech Ltd. SCO 13-14-15, Sec 34A, Chandigarh-160 022 (Ph): +91 172 606664 Mobile 9815228132 [EMAIL PROTECTED] http://www.emmtel.com - Original Message - From: Henrik Nordstrom [EMAIL PROTECTED] To: Frank Fegert [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Saturday, June 21, 2003 5:59 PM Subject: Re: [squid-users] LDAP Auth + Passwd expiry On Saturday 21 June 2003 13.57, Frank Fegert wrote: Further testing showed, that after applying the deny_info-patch, the helper works fine, as long as squid is run in no-deamon mode (with de- bugging turned on). If i switch to deamon-mode - using RunCache - the helper instances are started on squid-startup, but die shortly after. Are there any special needs an external helper needs to fit to work with squid in deamon mode? Am i missing something here? The helpers should not notice any difference from what I know and have experienced. However, maybe your helper tries to use /dev/tty for some reason. Helpers should not use /dev/tty, but this is the only possible difference I can estimate between daemon mode and no daemon mode. Helpers should only use stdin/stdout/stderr (stderr for error logging only). Minor note: The RunCache scripts run Squid in no-daemon mode by using the -N command line flag to Squid. The default is to run in daemon mode. Regards Henrik -- Donations welcome if you consider my Free Squid
[squid-users] maxconn to limit user's window on their computer
Hi First of all, my squid is already running happily with its authentication procedure... Now I want to limit my users to make just a certain number of connections, say 1 connection. So I put in my squid.conf these lines : acl justone src 10.100.1.1 acl 1CONN maxconn 1 http_access deny 1CONN justone The user with IP address 10.100.1.1, after opening the first internet page, say www.yahoo.com, can't then make a second connection, i.e.: -he can't open a new browser and then type www.hotmail.com for example -he can't also browse mail.yahoo.com in a new browser window by right-clicking it's link in the first page.. So far so good.. But.. When he tries to browse mail.yahoo.com in the same browser window, he is also denied to go further... This is not really what I want. I want that user still can browse any other links as much as he wants, as long as he just open ONE browser window... Is there any additive thing to consider, to make people can still browse anything and as many times as he wants from only one browser ? As usual, I would very appreciate any idea TIA and regards, aqil ___ Do You Yahoo!? -- Une adresse @yahoo.fr gratuite et en français ! Yahoo! Mail : http://fr.mail.yahoo.com