Re: [squid-users] Squid with dual processor ..

2003-07-07 Thread Ralf Hildebrandt 
* Schelstraete Bart <[EMAIL PROTECTED]>:

> That's maybe a good suggestion for Squid v3.0..  multitasking
> = work with multiple CPU's That should be something nice, as Squid is
> almost always used on servers...and most server have multiple
> CPU's.

What for? This is mere marketing bubblebabble.

1) Our mailservers don't have multiple porcessors, since they're I/O bound.
2) Our proxyservers don't have multiple porcessors, since they're I/O bound.

Chose the right tool for the job, not what (IBM|HP|Compaq) recommends.

-- 
Ralf Hildebrandt (Im Auftrag des Referat V a)   [EMAIL PROTECTED]
Charite Campus MitteTel.  +49 (0)30-450 570-155
Referat V a - Kommunikationsnetze - Fax.  +49 (0)30-450 570-916
AIM: ralfpostfix

Re: [squid-users] Fw: Ldap auth failed

2003-07-07 Thread Henrik Nordstrom 
mån 2003-07-07 klockan 03.30 skrev James Wang:
> Thanks,
> 
> I know the problem. The squid_ldap_auth needs a -f parameter even the user
> is just under the base DN.

Not here... if your users DN is

uid=,

then no -f argument is needed (uid may be anything specified by the -u
argument).

If the login is a plain attribute on the users object and not what makes
the users DN then a search filter (-f) is always needed.

Regards
Henrik

-- 
Donations welcome if you consider my Free Squid support helpful.
https://www.paypal.com/xclick/business=hno%40squid-cache.org

Please consult the Squid FAQ and other available documentation before
asking Squid questions, and use the squid-users mailing-list when no
answer can be found. Private support questions is only answered
for a fee or as part of a commercial Squid support contract.

If you need commercial Squid support or cost effective Squid and
firewall appliances please refer to MARA Systems AB, Sweden
http://www.marasystems.com/, [EMAIL PROTECTED]

[squid-users] Load balancing on single machine

2003-07-07 Thread Dusan Djordjevic 
Hi all,

I plan to install few instances of Squid on one multiprocessor box and 
balance load between them. I plan to use LinuxVirtualServer for it. Do 
someone have that kind of solution ? What load balancing you suggest ? 
Any other recommendation ?

Thanks in advance... 
-
Eng. Dusan Djordjevic (RHCE)   PlanetSky Ltd.
Tel: +357 22454896*Fax: +357-22518022
http://www.planetsky.com  [EMAIL PROTECTED]

Re: [squid-users] Load balancing on single machine

2003-07-07 Thread Lieven Marchand 
Dusan Djordjevic <[EMAIL PROTECTED]> writes:

> I plan to install few instances of Squid on one multiprocessor box and 
> balance load between them. I plan to use LinuxVirtualServer for it. Do 
> someone have that kind of solution ? What load balancing you suggest ? 
> Any other recommendation ?

First measure whether your squid installation is CPU-bound or
I/O-bound. If it is the latter, multiprocessing won't change much.

-- 
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
A: Top-posting.
Q: What is the most annoying thing on usenet and in e-mail?

Re: [squid-users] Load balancing on single machine

2003-07-07 Thread Marc Elsen 


Dusan Djordjevic wrote:
> 
> Hi all,
> 
> I plan to install few instances of Squid on one multiprocessor box and
> balance load between them. I plan to use LinuxVirtualServer for it. Do
> someone have that kind of solution ? What load balancing you suggest ?
> Any other recommendation ?

 Do you have  an idea of the sustained http reqs/sec , your squid
 has to deal with ?

 On design terms I would question whether this setup is
meaningfull,since
 only one box is being used. Single point of failure issues e.d.
 would probably lead to think that at least 2 boxes, with one virtual
 address (server) would be better.

 M.

> 
> Thanks in advance...
> -
> Eng. Dusan Djordjevic (RHCE)   PlanetSky Ltd.
> Tel: +357 22454896*Fax: +357-22518022
> http://www.planetsky.com  [EMAIL PROTECTED]

-- 

 'Love is truth without any future.
 (M.E. 1997)

Re: [squid-users] Load balancing on single machine

2003-07-07 Thread Marc Elsen 


Dusan Djordjevic wrote:
> 
> Monday 07 July 2003 10:56, Marc Elsen:
> >  > I plan to install few instances of Squid on one multiprocessor box
> >  > and balance load between them. I plan to use LinuxVirtualServer
> >  > for it. Do someone have that kind of solution ? What load
> >  > balancing you suggest ? Any other recommendation ?
> >   Do you have  an idea of the sustained http reqs/sec , your squid
> >   has to deal with ?
> 
> Yes. I need specific non-caching proxy. There are 3000-5000 requests per
> second. Currently I have one 4CPU box i would like to deploy.

 Hm, I think I read that squid can give you a max. of about 300
reqs/sec.
 As stated before on the list squid on itself can not make
 use of more then one cpu.

 So I think in a virtual server setup, you may be better off with 4
 separate boxes (probably), I think it would give you more
 flexibility and squid service uptime, if one box is down,
 for instance.

 M.

Re: [squid-users] Load balancing on single machine

2003-07-07 Thread Kinkie 
Marc Elsen <[EMAIL PROTECTED]> writes:

> Dusan Djordjevic wrote:
>> 
>> Monday 07 July 2003 10:56, Marc Elsen:
>> >  > I plan to install few instances of Squid on one multiprocessor box
>> >  > and balance load between them. I plan to use LinuxVirtualServer
>> >  > for it. Do someone have that kind of solution ? What load
>> >  > balancing you suggest ? Any other recommendation ?
>> >   Do you have  an idea of the sustained http reqs/sec , your squid
>> >   has to deal with ?
>> 
>> Yes. I need specific non-caching proxy. There are 3000-5000 requests per
>> second. Currently I have one 4CPU box i would like to deploy.
>
>  Hm, I think I read that squid can give you a max. of about 300
> reqs/sec.
>  As stated before on the list squid on itself can not make
>  use of more then one cpu.
>
>  So I think in a virtual server setup, you may be better off with 4
>  separate boxes (probably), I think it would give you more
>  flexibility and squid service uptime, if one box is down,
>  for instance.

If you're running on Linux, there is a trick which can balance
between 2 squid instances running on the same box, discriminating between
the two depending on the client IP address.
Run the second instance on some other http_port (i.e. 4128) and add this
iptables rule:

iptables -t nat -A PREROUTING -s 0.0.0.0/0.0.0.1 -p tcp \
 --destination-port 3128 -j REDIRECT --to-ports 4128


More instances (in powers of 2) should be possible using similar tricks.


-- 
kinkie (kinkie-squid [at] kinkie [dot] it)
Random fortune, unrelated to the message:
Can't act.  Slightly bald.  Also dances.
-- RKO executive, reacting to Fred Astaire's screen test.
   Cerf/Navasky, "The Experts Speak"

Re: [squid-users] Squid with dual processor ..

2003-07-07 Thread Schelstraete Bart 

> What for? This is mere marketing bubblebabble.
> 
> 1) Our mailservers don't have multiple porcessors, since they're I/O bound.
> 2) Our proxyservers don't have multiple porcessors, since they're I/O
> bound.
> 
> Chose the right tool for the job, not what (IBM|HP|Compaq) recommends.


Correct, but you know sales people :)


rgrds,

   Bart

Re: [squid-users] Load balancing on single machine

2003-07-07 Thread Masood Ahmad Shah 
hmmm but what do u think if the proxy is transparent ..:)

-- 

Best Regs,
Masood Ahmad Shah
System Administrator

^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^
|   * * * * * * * * * * * * * * * * * * * * * * * *
|   Fibre Net (Pvt) Ltd. Lahore, Pakistan
|   Tel: +92-42-6677024
|   Mobile: +92-300-4277367
|   http://www.fibre.net.pk
|   * * * * * * * * * * * * * * * * * * * * * * * *
^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^
Unix is very simple, but it takes a genius to understand the simplicity.
(Dennis Ritchie)
"All I want is a few minutes alone with the source code for the universe and
a quick recompile."


- Original Message - 
From: "Kinkie" <[EMAIL PROTECTED]>
To: "Marc Elsen" <[EMAIL PROTECTED]>
Cc: "Dusan Djordjevic" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Monday, July 07, 2003 1:54 PM
Subject: Re: [squid-users] Load balancing on single machine


| Marc Elsen <[EMAIL PROTECTED]> writes:
|
| > Dusan Djordjevic wrote:
| >>
| >> Monday 07 July 2003 10:56, Marc Elsen:
| >> >  > I plan to install few instances of Squid on one multiprocessor box
| >> >  > and balance load between them. I plan to use LinuxVirtualServer
| >> >  > for it. Do someone have that kind of solution ? What load
| >> >  > balancing you suggest ? Any other recommendation ?
| >> >   Do you have  an idea of the sustained http reqs/sec , your squid
| >> >   has to deal with ?
| >>
| >> Yes. I need specific non-caching proxy. There are 3000-5000 requests
per
| >> second. Currently I have one 4CPU box i would like to deploy.
| >
| >  Hm, I think I read that squid can give you a max. of about 300
| > reqs/sec.
| >  As stated before on the list squid on itself can not make
| >  use of more then one cpu.
| >
| >  So I think in a virtual server setup, you may be better off with 4
| >  separate boxes (probably), I think it would give you more
| >  flexibility and squid service uptime, if one box is down,
| >  for instance.
|
| If you're running on Linux, there is a trick which can balance
| between 2 squid instances running on the same box, discriminating between
| the two depending on the client IP address.
| Run the second instance on some other http_port (i.e. 4128) and add this
| iptables rule:
|
| iptables -t nat -A PREROUTING -s 0.0.0.0/0.0.0.1 -p tcp \
|  --destination-port 3128 -j REDIRECT --to-ports 4128
|
|
| More instances (in powers of 2) should be possible using similar tricks.
|
|
| -- 
| kinkie (kinkie-squid [at] kinkie [dot] it)
| Random fortune, unrelated to the message:
| Can't act.  Slightly bald.  Also dances.
| -- RKO executive, reacting to Fred Astaire's screen test.
|Cerf/Navasky, "The Experts Speak"
|

Re: [squid-users] Load balancing on single machine

2003-07-07 Thread Kinkie 
"Masood Ahmad Shah" <[EMAIL PROTECTED]> writes:

> hmmm but what do u think if the proxy is transparent ..:)

[...]

The trick is the same. Just do two rules, one with source

-s 0.0.0.0/0.0.0.1

redirecting to the first instance of the transparent proxy, the other with 

\! -s 0.0.0.0/0.0.0.1 

redirecting to the other instance.

-- 
kinkie (kinkie-squid [at] kinkie [dot] it)
Random fortune, unrelated to the message:
Yow!  Am I in Milwaukee?

Re: [squid-users] Fw: Ldap auth failed

2003-07-07 Thread Henrik Nordstrom 
mån 2003-07-07 klockan 10.02 skrev James Wang:
> What do you mean as you write "If the login is a plain attribute on the
> users object and not what makes the users DN" ?

Each object (user, group, organization, computer, contact person, ...)
in an LDAP directory is named by a DN.

A DN indicate where in your LDAP directory tree the object is located,
and ends with a unique name at that location (usually uid or cn). 

Each object then consists of a list of attributes giving the details of
this object such as First Name, Surname, Password, Phone number,
Address,  The unique name mentioned above should be one of these
attributes or else maintenance of your directory may become a bit ugly.

If the login name is the attribute which makes the unique part of your
users DN and all your users are placed in a flat structure with no
subunits then no search filter is strictly required by squid_ldap_auth
as it can then directly construct the users unique DN from the base dn
plus the login name.

If your users are not in a flat structure (i.e. if they are divided into
different subtrees of your LDAP directory) or if you are using another
attribute not used for the users DN as login name then a search filter
(-f argument) must be used to locate the user object in your LDAP
directory.

-- 
Donations welcome if you consider my Free Squid support helpful.
https://www.paypal.com/xclick/business=hno%40squid-cache.org

Please consult the Squid FAQ and other available documentation before
asking Squid questions, and use the squid-users mailing-list when no
answer can be found. Private support questions is only answered
for a fee or as part of a commercial Squid support contract.

If you need commercial Squid support or cost effective Squid and
firewall appliances please refer to MARA Systems AB, Sweden
http://www.marasystems.com/, [EMAIL PROTECTED]

Re: [squid-users] Load balancing on single machine

2003-07-07 Thread Masood Ahmad Shah 
In my sense if one proxy will down another will not take it's place because
iptable rules are redirecting packets to both port and port instance is not
running.. so what type of  load balancing .:)
Better to run Linux clustering that is much better then things like that...

-- 

Best Regs,
Masood Ahmad Shah
System Administrator

^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^
|   * * * * * * * * * * * * * * * * * * * * * * * *
|   Fibre Net (Pvt) Ltd. Lahore, Pakistan
|   Tel: +92-42-6677024
|   Mobile: +92-300-4277367
|   http://www.fibre.net.pk
|   * * * * * * * * * * * * * * * * * * * * * * * *
^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^
Unix is very simple, but it takes a genius to understand the simplicity.
(Dennis Ritchie)
"All I want is a few minutes alone with the source code for the universe and
a quick recompile."


- Original Message - 
From: "Kinkie" <[EMAIL PROTECTED]>
To: "Masood Ahmad Shah" <[EMAIL PROTECTED]>
Cc: "Marc Elsen" <[EMAIL PROTECTED]>; "Dusan Djordjevic"
<[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Monday, July 07, 2003 2:34 PM
Subject: Re: [squid-users] Load balancing on single machine


| "Masood Ahmad Shah" <[EMAIL PROTECTED]> writes:
|
| > hmmm but what do u think if the proxy is transparent ..:)
|
| [...]
|
| The trick is the same. Just do two rules, one with source
|
| -s 0.0.0.0/0.0.0.1
|
| redirecting to the first instance of the transparent proxy, the other with
|
| \! -s 0.0.0.0/0.0.0.1
|
| redirecting to the other instance.
|
| -- 
| kinkie (kinkie-squid [at] kinkie [dot] it)
| Random fortune, unrelated to the message:
| Yow!  Am I in Milwaukee?
|

[squid-users] Re: Squid 2.5.STABLE3 and ntlm and authentication popup

2003-07-07 Thread michele . de-martin 
>This is with Squid 2.5.STABLE3 and Samba 2.2.8a. NTLM authentication is 
>working for the most part, but every so often a user is prompted with a 
>basic password for some reason.

Hi,

I had the same behaviour.
I solved it with the following patch:


--- CUT HERE ---
--- squid-2.5.STABLE2-20030401/src/auth/ntlm/auth_ntlm.c2003-02-05 
00:17:26.0 +0100
+++ squid-2.5.STABLE2-20030401-ntmulti/src/auth/ntlm/auth_ntlm.c 
2003-05-16 14:56:17.0 +0200
@@ -719,15 +719,7 @@
 */
server = helperStatefulDefer(ntlmauthenticators);
helperstate = server ? helperStatefulServerGetData(server) : NULL;
-   while ((server != NULL) && 
authenticateNTLMChangeChallenge_p(helperstate)) {
-   /* flag this helper for challenge changing */
-   helperstate->starve = 1;
-   /* and release the deferred request */
-   helperStatefulReleaseServer(server);
-   /* Get another deferrable server */
-   server = helperStatefulDefer(ntlmauthenticators);
-   helperstate = server ? helperStatefulServerGetData(server) : 
NULL;
-   }
+   if (helperstate) helperstate->starve = 1;
if (server == NULL)
debug(29, 9) ("unable to get a deferred ntlm helper... all 
helpers are refreshing challenges. Queuing as a placeholder request.\n");
--- CUT HERE ---

BE CAREFUL: 
1) I applied the patch to suid-2.5.STABLE2 and not to STABLE3.
2) I'm not a squid guru.

You can test it with only 1 helper started (auth_param ntlm children 1) to increase 
the probability of popup windows.

If you can confirm correct behaviour of this patch, a squid developper can 
review and approve/reject it (please ...).

ciao
Michele

Re: [squid-users] Load balancing on single machine

2003-07-07 Thread Kinkie 
"Masood Ahmad Shah" <[EMAIL PROTECTED]> writes:

> In my sense if one proxy will down another will not take it's place because
> iptable rules are redirecting packets to both port and port instance is not
> running.. so what type of  load balancing .:)

Load balancing _is_ in effect. It's the health-checking that's not.
For that you'd have to concot some script modifying the iptables rules
depending on service availability. I'll leave that as an exercise for the readers.

> Better to run Linux clustering that is much better then things like that...

It's just done in a different way. BTW, I tried to use linuxvirtualserver
on the same host, but for some reason it didn't really work.


-- 
kinkie (kinkie-squid [at] kinkie [dot] it)
Random fortune, unrelated to the message:
Successful and fortunate crime is called virtue.
- Seneca

Re: [squid-users] Load balancing on single machine

2003-07-07 Thread Dieter Bloms 
Hi,

On Mon, Jul 07, Kinkie wrote:

> It's just done in a different way. BTW, I tried to use linuxvirtualserver
> on the same host, but for some reason it didn't really work.

I use the software called pen for loadbalancing and it works greate for
tcp connections

http://siag.nu/pen/

For ha cluster, you need the software vrrpd, too.

http://off.net/~jme/vrrpd/


-- 
Gruß

  Dieter

--
I do not get viruses because I do not use MS software.
If you use Outlook then please do not put my email address in your
address-book so that WHEN you get a virus it won't use my address in the
From field.


pgp0.pgp
Description: PGP signature

[squid-users] Squid on port 80

2003-07-07 Thread Hasan, Irfan 
I'm running Squid 2.5 Stable3 NT on Windows 2000 Professional,
yes yes I know it is not a good idea to run Windows 2000 Professional
but I've some other issues.
 
I'm running squid on port 80, the problem is intermittent connection. 
Even when I telnet on local machine on port 80 sometime I can connect 
and sometime I can't connect.
 
When I change port 80 to some other port, no problem everything run smooth.
I already check there is no other service is using Port 80.
 
Is there any known issue to run Squid on port 80 or using Windows 2000 Pro.?

RE: [squid-users] Squid on port 80

2003-07-07 Thread Hermann Strassner 
IIS (as every other Web Server) uses this port as default.

Hermann

> -Original Message-
> From: Hasan, Irfan [mailto:[EMAIL PROTECTED]
> Sent: Monday, July 07, 2003 2:18 PM
> To: [EMAIL PROTECTED]
> Subject: [squid-users] Squid on port 80
> 
> 
> I'm running Squid 2.5 Stable3 NT on Windows 2000 Professional,
> yes yes I know it is not a good idea to run Windows 2000 Professional
> but I've some other issues.
>  
> I'm running squid on port 80, the problem is intermittent connection. 
> Even when I telnet on local machine on port 80 sometime I can connect 
> and sometime I can't connect.
>  
> When I change port 80 to some other port, no problem everything 
> run smooth.
> I already check there is no other service is using Port 80.
>  
> Is there any known issue to run Squid on port 80 or using Windows 
> 2000 Pro.?
>  
>

Re: [squid-users] Squid on port 80

2003-07-07 Thread Masood Ahmad Shah 
yes of course better to check IIS process.
You can run squid on any port but make sure no other service using that
port.
I will suggest better to not use well defined port.. but you want to listion
port to squid then you can use redirector like iptable in linux and ipsec in
Windows can do :)

-- 

Best Regs,
Masood Ahmad Shah
System Administrator

^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^
|   * * * * * * * * * * * * * * * * * * * * * * * *
|   Fibre Net (Pvt) Ltd. Lahore, Pakistan
|   Tel: +92-42-6677024
|   Mobile: +92-300-4277367
|   http://www.fibre.net.pk
|   * * * * * * * * * * * * * * * * * * * * * * * *
^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^
Unix is very simple, but it takes a genius to understand the simplicity.
(Dennis Ritchie)
"All I want is a few minutes alone with the source code for the universe and
a quick recompile."


- Original Message - 
From: "Hasan, Irfan" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, July 07, 2003 5:18 PM
Subject: [squid-users] Squid on port 80


| I'm running Squid 2.5 Stable3 NT on Windows 2000 Professional,
| yes yes I know it is not a good idea to run Windows 2000 Professional
| but I've some other issues.
|
| I'm running squid on port 80, the problem is intermittent connection.
| Even when I telnet on local machine on port 80 sometime I can connect
| and sometime I can't connect.
|
| When I change port 80 to some other port, no problem everything run
smooth.
| I already check there is no other service is using Port 80.
|
| Is there any known issue to run Squid on port 80 or using Windows 2000
Pro.?
|
|

[squid-users] Réf. : Re: [squid-users] Problems when DNS queriestimeout

2003-07-07 Thread Tony . Oger 

Sorry for the few informations logs i gave you, but the squid servers runs
in a big production.
with 600+ sim connexions on load-balanced squid servers.

Here is the only information i could give you.

The downtime was between 08:30 and 11:30

In access.log, nothing special, it seems to works, but the problem is
different from the internet site where we have a 304 error like this..
[Wed Jul  2 10:54:42 2003].593 17 172.16.98.10 TCP_IMS_HIT/304 213 GET
http://eur.i1.yimg.com/eur.yimg.com/i/fr/msg/msgmm.gif - NONE/- image/gif

and in cache.log , some informations below .. the admin tries to restart
several time squid process that explain some shutting down infos.
---
2003/07/02 10:52:18| WARNING: Closing client 172.16.98.63 connection due to
lifetime timeout
2003/07/02 10:52:18|http://fr.news.yahoo.com/

2003/07/02 09:43:13| idnsSendQuery: Can't send query, no DNS socket!
2003/07/02 09:43:17| idnsSendQuery: Can't send query, no DNS socket!
2003/07/02 09:43:37| Shutting down...

2003/07/02 10:52:18| WARNING: Closing client 172.16.98.63 connection due to
lifetime timeout
2003/07/02 10:52:18|http://fr.news.yahoo.com/

FATAL: Could not find any nameservers.
   Please check your /etc/resolv.conf file
   or use the 'dns_nameservers' option in squid.conf.
Squid Cache (Version 2.5.STABLE1): Terminated abnormally.
-

In access.log

[Wed Jul  2 10:43:42 2003].146   9487 172.16.85.63 TCP_MISS/200 277350
CONNECT karma.devoteam.com:443 - DIRECT/172.16.2.10 -
[Wed Jul  2 10:43:55 2003].065  10035 172.16.85.63 TCP_MISS/200 1513
CONNECT karma.devoteam.com:443 - DIRECT/172.16.2.10 -
[Wed Jul  2 10:44:05 2003].207  10044 172.16.85.63 TCP_MISS/200 9619
CONNECT karma.devoteam.com:443 - DIRECT/172.16.2.10 -
[Wed Jul  2 10:44:15 2003].315  10037 172.16.85.63 TCP_MISS/200 4755
CONNECT karma.devoteam.com:443 - DIRECT/172.16.2.10 -
[Wed Jul  2 10:44:25 2003].615  10088 172.16.85.63 TCP_MISS/200 2082
CONNECT karma.devoteam.com:443 - DIRECT/172.16.2.10 -
[Wed Jul  2 10:44:25 2003].628  10101 172.16.85.63 TCP_MISS/200 1962
CONNECT karma.devoteam.com:443 - DIRECT/172.16.2.10 -
[Wed Jul  2 10:44:25 2003].630  10059 172.16.85.63 TCP_MISS/200 542 CONNECT
karma.devoteam.com:443 - DIRECT/172.16.2.10 -
[Wed Jul  2 10:44:25 2003].632  10065 172.16.85.63 TCP_MISS/200 1408
CONNECT karma.devoteam.com:443 - DIRECT/172.16.2.10 -
[Wed Jul  2 10:44:35 2003].755  10070 172.16.85.63 TCP_MISS/200 542 CONNECT
karma.devoteam.com:443 - DIRECT/172.16.2.10 -
[Wed Jul  2 10:44:35 2003].761  10057 172.16.85.63 TCP_MISS/200 1321
CONNECT karma.devoteam.com:443 - DIRECT/172.16.2.10 -
[Wed Jul  2 10:44:35 2003].765  10062 172.16.85.63 TCP_MISS/200 1074
CONNECT karma.devoteam.com:443 - DIRECT/172.16.2.10 -
[Wed Jul  2 10:44:42 2003].866  10291 172.16.85.63 TCP_MISS/200 1968
CONNECT karma.devoteam.com:443 - DIRECT/172.16.2.10 -
text/html
[Wed Jul  2 10:44:45 2003].964  10035 172.16.85.63 TCP_MISS/200 533 CONNECT
karma.devoteam.com:443 - DIRECT/172.16.2.10 -
[Wed Jul  2 10:44:45 2003].984  10032 172.16.85.63 TCP_MISS/200 533 CONNECT
karma.devoteam.com:443 - DIRECT/172.16.2.10 -
[Wed Jul  2 10:44:46 2003].473  10696 172.16.85.63 TCP_MISS/200 276030
CONNECT karma.devoteam.com:443 - DIRECT/172.16.2.10 -


[Wed Jul  2 09:17:18 2003].649   4901 172.16.98.29 TCP_MISS/000 0 GET
http://www.mistergooddeal.com/ - NONE/- -
[Wed Jul  2 09:17:33 2003].731216 172.16.98.29 TCP_MISS/200 1130
CONNECT applis.devoteam.com:443 - DIRECT/172.16.2.10 -
[Wed Jul  2 09:17:33 2003].771 20 172.16.98.29 TCP_MISS/200 185 CONNECT
applis.devoteam.com:443 - DIRECT/172.16.2.10 -
Wed Jul  2 09:17:35 2003].129182 172.16.98.29 TCP_MISS/200 418 CONNECT
applis.devoteam.com:443 - DIRECT/172.16.2.10 -
[Wed Jul  2 09:17:35 2003].145 58 172.16.98.29 TCP_MISS/200 418 CONNECT
applis.devoteam.com:443 - DIRECT/172.16.2.10 -
[Wed Jul  2 09:17:35 2003].179 32 172.16.98.29 TCP_MISS/200 419 CONNECT
applis.devoteam.com:443 - DIRECT/172.16.2.10 -
[Wed Jul  2 09:17:41 2003].059  16802 172.16.98.29 TCP_MISS/000 0 GET
http://www.pussy.org/ - NONE/- -
[Wed Jul  2 09:17:47 2003].941  75084 172.16.98.29 TCP_MISS/000 0 POST
http://bannerserver.gator.com/bannerserver/bannerserver.dll? - NONE/- -
[Wed Jul  2 09:17:50 2003].180  15033 172.16.98.29 TCP_MISS/200 419 CONNECT
applis.devoteam.com:443 - DIRECT/172.16.2.10 -
[Wed Jul  2 09:17:50 2003].180  15025 172.16.98.29 TCP_MISS/200 417 CONNECT
applis.devoteam.com:443 - DIRECT/172.16.2.10 -
[Wed Jul  2 09:17:50 2003].260  15041 172.16.98.29 TCP_MISS/200 418 CONNECT
applis.devoteam.com:443 - DIRECT/172.16.2.10 -
[Wed Jul  2 09:17:51 2003].106   3100 172.16.98.29 TCP_MISS/000 0 GET
http://www.pussy.org/ - NONE/- -
[Wed Jul  2 09:18:01 2003].367   4399 172.16.98.29 TCP_MISS/000 0 GET
http://www.cowlist.com/ - NONE/- -
--

On the Reverse proxy logs, i have no informations, when client 172.16.2.10
tries to connect to applis.devoteam.com or karma.devoteam.com (my internal
web services, which /e

[squid-users] credentialsttl

2003-07-07 Thread Alejandro Javier Pomeraniec 
Hi !!

How can i make user credentials to expire on a specified time ?

I've tried credentialsttl with no result.

Thanks !

Re: [squid-users] Réf. : Re: [squid-users]Problems when DNS queries timeout

2003-07-07 Thread Henrik Nordstrom 
mån 2003-07-07 klockan 15.47 skrev [EMAIL PROTECTED]:

> 2003/07/02 09:43:13| idnsSendQuery: Can't send query, no DNS socket!
> 2003/07/02 09:43:17| idnsSendQuery: Can't send query, no DNS socket!
> 2003/07/02 09:43:37| Shutting down...
> 
> 2003/07/02 10:52:18| WARNING: Closing client 172.16.98.63 connection due to
> lifetime timeout
> 2003/07/02 10:52:18|http://fr.news.yahoo.com/
> 
> FATAL: Could not find any nameservers.
>Please check your /etc/resolv.conf file
>or use the 'dns_nameservers' option in squid.conf.
> Squid Cache (Version 2.5.STABLE1): Terminated abnormally.

Upgrading may be wise:
http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE2-shutdown

Regards
Henrik

-- 
Donations welcome if you consider my Free Squid support helpful.
https://www.paypal.com/xclick/business=hno%40squid-cache.org

Please consult the Squid FAQ and other available documentation before
asking Squid questions, and use the squid-users mailing-list when no
answer can be found. Private support questions is only answered
for a fee or as part of a commercial Squid support contract.

If you need commercial Squid support or cost effective Squid and
firewall appliances please refer to MARA Systems AB, Sweden
http://www.marasystems.com/, [EMAIL PROTECTED]

[squid-users] Improve performance in squid

2003-07-07 Thread Adaíl Oliveira 
Hi,
I have a Dell Server with 4 GB ram + intel III 1 
GHz dual processor machine.I have a cache dir of 17 Gb for squid. Any
suggestions how to 
improve performance in squid?

Thanks
 
A.O

RE: [squid-users] Improve performance in squid

2003-07-07 Thread Hermann Strassner 
Where do you have performance problems?

> -Original Message-
> From: Adaíl Oliveira [mailto:[EMAIL PROTECTED]
> Sent: Monday, July 07, 2003 4:20 PM
> To: [EMAIL PROTECTED]
> Subject: [squid-users] Improve performance in squid
>
>
> Hi,
> I have a Dell Server with 4 GB ram + intel III 1
> GHz dual processor machine.I have a cache dir of 17 Gb for squid. Any
> suggestions how to
> improve performance in squid?
>
> Thanks
>
> A.O
>
>

RE: [squid-users] Improve performance in squid

2003-07-07 Thread Clark Allan Dave 
Must be a configuration problem, 4gb ram wow, send a summary of conf file and o/s you 
are using.

-Original Message-
From: Adaíl Oliveira [mailto:[EMAIL PROTECTED] 
Sent: Monday, July 07, 2003 5:20 PM
To: [EMAIL PROTECTED]
Subject: [squid-users] Improve performance in squid


Hi,
I have a Dell Server with 4 GB ram + intel III 1 
GHz dual processor machine.I have a cache dir of 17 Gb for squid. Any
suggestions how to 
improve performance in squid?

Thanks
 
A.O

Re: [squid-users] Improve performance in squid

2003-07-07 Thread Marc Elsen 


Adaíl Oliveira wrote:
> 
> Hi,
> I have a Dell Server with 4 GB ram + intel III 1
> GHz dual processor machine.I have a cache dir of 17 Gb for squid. Any
> suggestions how to
> improve performance in squid?

  What are your current performance issues ?

  M.

RE: [squid-users] Improve performance in squid

2003-07-07 Thread Connix / Leo Internet 
I have noticed a memory problem in RedHat9 with Squid 2.5 Stable1-2 -
just seems to eat away all physical & swap until the server comes to a
complete stand still.

I installed the latest release stable 3 and my memory is nou at 2.5% --
Just something to keep in mind...

-Original Message-
From: Marc Elsen [mailto:[EMAIL PROTECTED] 
Sent: Monday, July 07, 2003 4:31 PM
To: Adaíl Oliveira
Cc: [EMAIL PROTECTED]
Subject: Re: [squid-users] Improve performance in squid




Adaíl Oliveira wrote:
> 
> Hi,
> I have a Dell Server with 4 GB ram + intel III 1
> GHz dual processor machine.I have a cache dir of 17 Gb for squid. Any 
> suggestions how to improve performance in squid?

  What are your current performance issues ?

  M.
This e-mail was scanned by RAV Antivirus. (www.ravantivirus.com)

[squid-users] Wb_ntlmauth breaks persistant_request_timeout?

2003-07-07 Thread Mark Pelkoski 
List,
This is related to a problem I have posted about dying active pages.
I've been testing this using a Yahoo web mail account. The problem is
when I try to send an e-mail to anybody and the window is open for more
than 1 minute, it will display a "page can not be found" error
immediately after hitting "send". This behavior is also duplicated with
pages with JSP and CGI forms and active menus. 

I am running squid 2.5.3 on RH9.0 with wb_ntlmauth helper authenticating
to a Win2k AD Domain.

Here is what I found: If I bypass the wb_ntlmauth with a http_access
allow with my src IP address, then the setting of
persistant_request_timeout 30 minutes works like a charm and I can keep
an e-mail page for up to 30 minutes. If I do not bypass wb_ntlmauth and
have to authenticate, then the e-mail send page dies after 1 minute.

This appears to be a bug to me. I have 800 users and many of them are
complaining about this. I am trying to get rid of our M$ proxy servers
for other reasons mentioned in past postings. Please help with this. I
can provide .conf files and ethereal dumps if requested. I have
duplicated this on two different servers. TIA.

-Mark Pelkoski

Re: [squid-users] max_user_ip

2003-07-07 Thread Alejandro Javier Pomeraniec 
Where did you specify the username?

Suppose i have two users , Tom and John and i want to have a 2-limit for Tom and a 
1-limit for John.

Thanks ! 

On 04 Jul 2003 11:38:58 +1000
Robert Collins <[EMAIL PROTECTED]> wrote:

> On Fri, 2003-07-04 at 03:11, Alejandro Javier Pomeraniec wrote:
> > Hi ! 
> > 
> > Is it possible to use max_user_ip with differents values depending on the user 
> > that logs into the system?
> 
> yes
> something like
> acl 10 max_user_ip 10
> acl 20 max_user_ip 20
> acl authed proxy_auth REQUIRED
> http_access deny authed 20
> http_access deny !authed 10
> 
> Rob
> -- 
> GPG key available at: .
>

Re: [squid-users] max_user_ip

2003-07-07 Thread Henrik Nordstrom 
mån 2003-07-07 klockan 14.10 skrev Alejandro Javier Pomeraniec:
> Where did you specify the username?
> 
> Suppose i have two users , Tom and John and i want to have a 2-limit
> for Tom and a 1-limit for John.

Then you need to define two proxy_auth acls, one matching Tom, another
matching John.


acl user_Tom proxy_auth Tom
acl 1conn max_user_ip 1
http_access deny user_Tom 1conn

...

Regards
Henrik

-- 
Donations welcome if you consider my Free Squid support helpful.
https://www.paypal.com/xclick/business=hno%40squid-cache.org

Please consult the Squid FAQ and other available documentation before
asking Squid questions, and use the squid-users mailing-list when no
answer can be found. Private support questions is only answered
for a fee or as part of a commercial Squid support contract.

If you need commercial Squid support or cost effective Squid and
firewall appliances please refer to MARA Systems AB, Sweden
http://www.marasystems.com/, [EMAIL PROTECTED]

Re: [squid-users] Wb_ntlmauth breaks persistant_request_timeout?

2003-07-07 Thread Henrik Nordstrom 

mån 2003-07-07 klockan 16.55 skrev Mark Pelkoski:
> This appears to be a bug to me. I have 800 users and many of them are
> complaining about this. I am trying to get rid of our M$ proxy servers
> for other reasons mentioned in past postings. Please help with this. I
> can provide .conf files and ethereal dumps if requested. I have
> duplicated this on two different servers. TIA.

>From your description it sound like you are bitten by

  Bug #267 Form POSTing troubles with NTLM authentication
  http://www.squid-cache.org/bugs/show_bug.cgi?id=267>

If this is your problem then as a workaround you can try allowing POST
requests without requiring authentication.

Regards
Henrik

-- 
Donations welcome if you consider my Free Squid support helpful.
https://www.paypal.com/xclick/business=hno%40squid-cache.org

Please consult the Squid FAQ and other available documentation before
asking Squid questions, and use the squid-users mailing-list when no
answer can be found. Private support questions is only answered
for a fee or as part of a commercial Squid support contract.

If you need commercial Squid support or cost effective Squid and
firewall appliances please refer to MARA Systems AB, Sweden
http://www.marasystems.com/, [EMAIL PROTECTED]

Re: [squid-users] Improve performance in squid

2003-07-07 Thread Henrik Nordstrom 
mån 2003-07-07 klockan 16.19 skrev Adaíl Oliveira:
> Hi,
> I have a Dell Server with 4 GB ram + intel III 1 
> GHz dual processor machine.I have a cache dir of 17 Gb for squid. Any
> suggestions how to 
> improve performance in squid?

Without knowing what is your bottleneck we can only guess. Using some
standard systems monitoring tools to get a feeling of what may be your
bottleneck is recommended (sar/vmstat/iostat etc).

But as you did not mention what disks you are using or what kind of
cache_dir you have I would suspect your Squid becomes I/O bound. A
standard install of Squid on a system not designed for running Squid is
good for about 30 requests/s before it becomes I/O bound.. (huge amounts
of memory and fast drives help a bit, but is not a cure).


Regards
Henrik



-- 
Donations welcome if you consider my Free Squid support helpful.
https://www.paypal.com/xclick/business=hno%40squid-cache.org

Please consult the Squid FAQ and other available documentation before
asking Squid questions, and use the squid-users mailing-list when no
answer can be found. Private support questions is only answered
for a fee or as part of a commercial Squid support contract.

If you need commercial Squid support or cost effective Squid and
firewall appliances please refer to MARA Systems AB, Sweden
http://www.marasystems.com/, [EMAIL PROTECTED]

[squid-users] FD errors

2003-07-07 Thread J.D. Bronson 
sslReadServer: FD 23: read failure: (131) Connection reset by peer

Any idea what causes these? I also see FD errors on non SSL requests as 
well and wondering what it is and how to fix it?

I am running a 0707 snapshot of squid on Solaris 9 Sparc.

Thanks :)



--
J.D. Bronson
Aurora Health Care // Information Services // Milwaukee, WI USA
Office: 414.978.8282 // Fax: 414.328.8282 // Pager: 414.314.8282

RE: [squid-users] Improve performance in squid

2003-07-07 Thread Adaíl Oliveira 

The server is a dell poweredge 2550 with scsi disks. 
My cache dir is in a diferent disk --> cache_dir ufs /cache/squid 17000
16 256

What kind of configurations I have to do for my squid not become an I/O
bound?

Sar:

11:10:05 AM   CPU %user %nice   %system %idle
11:20:05 AM   all 13.03  0.00 31.31 55.67
11:30:01 AM   all 15.22  0.00 36.21 48.57
11:40:01 AM   all 11.70  0.00 26.59 61.70
11:50:00 AM   all 10.83  0.00 24.42 64.75
12:00:01 PM   all  8.42  0.00 16.96 74.62
12:10:01 PM   all  9.60  0.00 20.46 69.94
12:20:01 PM   all 11.40  0.00 26.49 62.11
12:30:02 PM   all 10.43  0.00 21.51 68.05
12:40:01 PM   all 11.30  0.00 21.15 67.55
12:50:01 PM   all 12.81  0.00 25.41 61.78
01:00:04 PM   all 16.20  0.00 30.75 53.05
01:10:01 PM   all 16.89  0.00 30.24 52.87
01:20:01 PM   all 14.91  0.00 27.82 57.27
01:30:01 PM   all 15.86  0.00 29.62 54.52
01:40:01 PM   all 18.89  0.00 35.97 45.14
01:50:02 PM   all 18.27  0.00 32.37 49.36
02:00:02 PM   all 16.18  0.00 28.86 54.96
02:10:05 PM   all 15.58  0.00 28.94 55.48
02:20:01 PM   all 16.13  0.00 29.64 54.23
02:30:02 PM   all 15.98  0.00 28.63 55.39
02:40:01 PM   all 17.86  0.00 31.87 50.27
02:50:03 PM   all 18.56  0.00 31.94 49.50
03:00:01 PM   all 24.44  0.00 24.10 51.46
03:10:01 PM   all 10.63  0.00 23.43 65.93
03:20:01 PM   all 11.23  0.00 26.40 62.37
03:30:01 PM   all 12.67  0.00 29.40 57.92
03:40:01 PM   all 13.76  0.00 30.92 55.32
03:50:01 PM   all 14.23  0.00 30.32 55.44
04:00:00 PM   all 15.85  0.00 34.99 49.17
04:10:01 PM   all 14.26  0.00 30.64 55.10
04:20:01 PM   all 13.98  0.00 30.44 55.58
Average:  all  6.02  0.01 12.48 81.49

Iostat:
07/07/2003

avg-cpu:  %user   %nice%sys   %idle
   5.660.02   11.90   82.42

Device:tps   Blk_read/s   Blk_wrtn/s   Blk_read   Blk_wrtn
dev3-0   18.06   131.26   162.86  148271344  183967640



Thanks,
A.O



-Original Message-
From: Henrik Nordstrom [mailto:[EMAIL PROTECTED] 
Sent: segunda-feira, 7 de Julho de 2003 17:06
To: Adaíl Oliveira
Cc: [EMAIL PROTECTED]
Subject: Re: [squid-users] Improve performance in squid


mån 2003-07-07 klockan 16.19 skrev Adaíl Oliveira:
> Hi,
> I have a Dell Server with 4 GB ram + intel III 1
> GHz dual processor machine.I have a cache dir of 17 Gb for squid. Any
> suggestions how to 
> improve performance in squid?

Without knowing what is your bottleneck we can only guess. Using some
standard systems monitoring tools to get a feeling of what may be your
bottleneck is recommended (sar/vmstat/iostat etc).

But as you did not mention what disks you are using or what kind of
cache_dir you have I would suspect your Squid becomes I/O bound. A
standard install of Squid on a system not designed for running Squid is
good for about 30 requests/s before it becomes I/O bound.. (huge amounts
of memory and fast drives help a bit, but is not a cure).


Regards
Henrik



-- 
Donations welcome if you consider my Free Squid support helpful.
https://www.paypal.com/xclick/business=hno%40squid-cache.org

Please consult the Squid FAQ and other available documentation before
asking Squid questions, and use the squid-users mailing-list when no
answer can be found. Private support questions is only answered for a
fee or as part of a commercial Squid support contract.

If you need commercial Squid support or cost effective Squid and
firewall appliances please refer to MARA Systems AB, Sweden
http://www.marasystems.com/, [EMAIL PROTECTED]

RE: [squid-users] Wb_ntlmauth breakspersistant_request_timeout?

2003-07-07 Thread Mark Pelkoski 
Thanks Henrik for the fast reply. I implemented your work-around and seems to work 
fine. I will look forward to the fix on this.

-Mark


mån 2003-07-07 klockan 16.55 skrev Mark Pelkoski:
> This appears to be a bug to me. I have 800 users and many of them are 
> complaining about this. I am trying to get rid of our M$ proxy servers 
> for other reasons mentioned in past postings. Please help with this. I 
> can provide .conf files and ethereal dumps if requested. I have 
> duplicated this on two different servers. TIA.

>From your description it sound like you are bitten by

  Bug #267 Form POSTing troubles with NTLM authentication
  http://www.squid-cache.org/bugs/show_bug.cgi?id=267>

If this is your problem then as a workaround you can try allowing POST requests 
without requiring authentication.

Regards
Henrik

[squid-users] Page loading issues

2003-07-07 Thread Jeremy Broadway 
Hello,
I am having an issue where every once in a while pages just do
not display. No error message is displayed by squid, no 404, the page
just doesn't load when I click on the link or it starts to load but
never finishes.  Closing my browser (IE 6 sp1 + q331906 patch on win2k
sp4) and opening it again fixes the issue and the page loads just fine.
The only person using squid is myself as I am trying to get it stable
enough for a test deployment with a few users. I am using ntlm
authentication in a win2k ad domain, max children is 15, the squid
server is a p3 1.0ghz with 512megs ram running openbsd 3.3, squid itself
is version 2.5-stable2.

There is nothing special about the web pages that I am visiting when
this happens and it appears to be random since it has happened on
google, cnn, slashdot and microsoft's websites just to name a few, it
doesn't matter if I am viewing a static html page or submitting a form
and it happens frequently enough that it is rather annoying.

In the cahce.log I do receive these errors;
2003/07/07 12:45:38| clientReadRequest: FD 35: (54) Connection reset by
peer
2003/07/07 12:46:33| clientReadRequest: FD 32: no data to process ((35)
Resource temporarily unavailable)

Squid also seems to be at odds with itself because I also get messages
like these in the cahce.log.

2003/07/07 12:46:33| The request GET
http://www.google.com/webhp?hl=en&edition=usa&q= is DENIED, because it
matched 'AuthorizedUsers'

2003/07/07 12:46:33| The request GET
http://www.google.com/webhp?hl=en&edition=
sa&q= is ALLOWED, because it matched 'AuthorizedUsers'

Any help would be greatly appreciated.

Jeremy Broadway
Network Administrator
[EMAIL PROTECTED]
Office: 734-727-3151
Cell:   734-216-9359

Re: [squid-users] Improve performance in squid

2003-07-07 Thread Henrik Nordstrom 
On Monday 07 July 2003 18.25, Adaíl Oliveira wrote:
> The server is a dell poweredge 2550 with scsi disks.
> My cache dir is in a diferent disk --> cache_dir ufs /cache/squid
> 17000 16 256
>
> What kind of configurations I have to do for my squid not become an
> I/O bound?

As mentioned your Squid is most likely I/O bound, limited by the speed 
of your disk.

To lessen this limitation there is many things you can do

a) Use a async I/O method such as aufs or diskd to remove the burden 
of having to wait for disk I/O, allowing networking I/O to be 
processed in parallell.

b) Add more cache drives. A reasonable estimate is one drive per 50 
request/s you want to be able to handle.


When you add cache drives, keep an eye on the memory usage. You should 
not design a Squid to use more than 1GB of memory. There is magic 
hardware related limitations for running larger processes on 32 bit 
CPUs such as Intel X86 and these are best stayed away from if 
possible. See the Squid FAQ on memory usage for the relation between 
cache size and memory usage.

Regards
Henrik

-- 
Donations welcome if you consider my Free Squid support helpful.
https://www.paypal.com/xclick/business=hno%40squid-cache.org

If you need commercial Squid support or cost effective Squid or
firewall appliances please refer to MARA Systems AB, Sweden
http://www.marasystems.com/, [EMAIL PROTECTED]

[squid-users] How does squid actually work?

2003-07-07 Thread Richard Sumilang 
My idea of how squid works is when you visit a website for the first 
time (google.com) it will download all the images and html code into 
cache and when you go back to the site in the future it will check if 
it has been modified and if since last time you loaded it and if so 
then load then refresh the cache when the newer copy else load the 
version in the cache. Is this correct? Perhaps there is some 
documentation I don't see with how it works?

Thanks
- Richard S.

RE: [squid-users] Wb_ntlmauth breaks persistant_request_timeout?

2003-07-07 Thread Adam Aube 
> Thanks Henrik for the fast reply. I implemented your work-around and 
> seems to work fine. I will look forward to the fix on this.

Glad to see you finally got that mess sorted out.

Adam
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.237 / Virus Database: 115 - Release Date: 3/7/2001

<>

[squid-users] What would you suggest?

2003-07-07 Thread Richard Sumilang 
I have a network of about 30 users that use the internet to do their 
daily job. Would putting in place a dedicated squid server with about 
30+ GB 7200 RPM, Red Hat 7.2, 512mb ram, AMD 1.3+ processor work or do 
I need something more powerful or could I get by with something less 
powerful? What would you suggest?

Re: [squid-users] What would you suggest?

2003-07-07 Thread Joel Jaeggli 
you could get by with something signficantly less powerfull...

I'd probably runner a  newer distro than rh7.2 just on principle...

joelja
 
On Mon, 7 Jul 2003, Richard Sumilang wrote:

> I have a network of about 30 users that use the internet to do their 
> daily job. Would putting in place a dedicated squid server with about 
> 30+ GB 7200 RPM, Red Hat 7.2, 512mb ram, AMD 1.3+ processor work or do 
> I need something more powerful or could I get by with something less 
> powerful? What would you suggest?
> 

-- 
-- 
Joel Jaeggli  Academic User Services   [EMAIL PROTECTED]
--PGP Key Fingerprint: 1DE9 8FCA 51FB 4195 B42A 9C32 A30D 121E  --
  In Dr. Johnson's famous dictionary patriotism is defined as the last
  resort of the scoundrel.  With all due respect to an enlightened but
  inferior lexicographer I beg to submit that it is the first.
-- Ambrose Bierce, "The Devil's Dictionary"

Re: [squid-users] How does squid actually work?

2003-07-07 Thread Peter Lustig 
Richard Sumilang wrote:

My idea of how squid works is when you visit a website for the first 
time (google.com) it will download all the images and html code into 
cache and when you go back to the site in the future it will check if 
it has been modified and if since last time you loaded it and if so 
then load then refresh the cache when the newer copy else load the 
version in the cache. Is this correct? Perhaps there is some 
documentation I don't see with how it works?

Thanks
- Richard S.

I guess this is how all caching proxies work. I did a presentation today 
on  this topic to get my exam and the examiners asked me exact this 
question. I answered the same way you wrote and they said it was right. 
Looking into "Web Caching" by Duane Wessels (O'Reilly) shows roughly the 
same definition.

HTH

Greetings
Peter Lustig

[squid-users] getting dhcpd client-hostname (or other name) in access log

2003-07-07 Thread Nick Bartos 
I have several small sites that would like to be able to monitor user's
access.  The problem I am running into is that most of them do not want to
have the user enter a password when the browser opens up.  Doing it by IP
normally would not be all that bad since it can be tracked down to an
individual machine, but since most of these sites will be using dhcp they
may change and can not easily be relied apon.

I am looking into writing some sort of plugin/mod that will query dhcpd
and get the client-hostname for an ip address and somehow insert that into
the log.  I am wondering if anyone else has attempted this or has
suggestions.  I thought about doing it via a cron job or from a monitoring
program, but unless it runs every minute or so I am getting into a higher
percentage for error since it would not be known when the ip address was
changed.  I wrote a plugin for ulogd (for iptables) that did a similar
thing by querying dhcpd to get the client-hostname (and mac address too)
for the ip address.  I would reuse the dhcp code from this if needed.

I thought about writing an auth plugin, but after more research I don't
think I could disable the request for auth on the client, and it doesn't
look like I have the ability to return an actual name and get it into the
logs, so that probably won't work.

I thought about modifying the custom log patch and adding options for a
hostname field, but I was hoping there may be some other options.

Ideas?

RE: [squid-users] getting dhcpd client-hostname (or other name) in access log

2003-07-07 Thread Adam Aube 
> I have several small sites that would like to be able to monitor user's
> access.  The problem I am running into is that most of them do not want to
> have the user enter a password when the browser opens up.  Doing it by IP
> normally would not be all that bad since it can be tracked down to an
> individual machine, but since most of these sites will be using dhcp they
> may change and can not easily be relied apon.

I would suggest you tell the sites there are three options:

1) Setup authentication. Note that if you have a Windows NT/2000 domain,
you can use the Winbind NTLM helpers and the users won't see a prompt.

2) Switch to static IP Addresses. However, explain to them that this will
only positively identify a machine, not a user. It will not protect against
someone surfing on another persons's machine (but authentication would).

3) Don't monitor users' access to the Internet.

Explain to them that there are no other practical solutions.

Adam
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.237 / Virus Database: 115 - Release Date: 3/7/2001

RE: [squid-users] DNS question - running squid2.5Stable2

2003-07-07 Thread Zand, Nooshin 
I had tested host_file directive; it seems it is not working.
I checked also /etc/nsswitch.conf file for hosts and it refers to file as well.
Any idea why? 
Do I have to enable any functionality during compilation in order to get it work?

Thanks,
Nooshin

-Original Message-
From: Henrik Nordstrom [mailto:[EMAIL PROTECTED]
Sent: Thursday, July 03, 2003 11:30 PM
To: Zand, Nooshin; [EMAIL PROTECTED]
Subject: Re: [squid-users] DNS question - running squid2.5Stable2


On Thursday 03 July 2003 23.14, Zand, Nooshin wrote:
> Hi,
> 1)
> It seems even though the first DNS entry in /etc/resolv.conf is not
> answering to dns query squid still tries to send the query to it.
> (based on tcpdump data) This causes slowness in web access.
> How can I enforce squid to not send dns query for a some period of
> time to defected DNS server?

Some programming may be required for this.

> 2)
> In squid2.4 I had to disable internal_dns and run dnsserver in
> order to check /etc/host file. It "seems" squid2.5 behaves the
> same. Please advise!

Squid-2.5 reads /etc/hosts or another hosts type file of your choice. 
See the hosts_file directive in squid.conf.

Note: the hosts file is only read on startup or reconfigure.

-- 
Donations welcome if you consider my Free Squid support helpful.
https://www.paypal.com/xclick/business=hno%40squid-cache.org

If you need commercial Squid support or cost effective Squid or
firewall appliances please refer to MARA Systems AB, Sweden
http://www.marasystems.com/, [EMAIL PROTECTED]

RE: [squid-users] credentialsttl

2003-07-07 Thread Adam Aube 
> How can i make user credentials to expire on a specified time ?
> I've tried credentialsttl with no result.

Depends on what you mean by "expire". The credentialsttl setting will make
Squid force the user to reauthenticate after a set time period.

Since that setting didn't give you what you want, I'm going to guess that
you want to issue a temporary account to the user that will become
inoperable
after a given amount of time. Squid does not have that functionality.

If this is what you want, then I need to know what basic auth helper you are
using to give you suggestions on how to proceed.

Adam
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.237 / Virus Database: 115 - Release Date: 3/7/2001

[squid-users] FTP authenticated logons

2003-07-07 Thread Jorge Umaña 
I am using squid-2.4.STABLE7, right now I have access to the http service 
and to
the ftp service with an anonymous account, however when I try to access with 
a
specific account it does not work I do not get any prompt to put the login 
and
password neither with ftp://[EMAIL PROTECTED] Could you say me what is wrong. 
This is part of my squid.conf file:

#My only safe ports
acl Safe_ports port 80  # http
acl Safe_ports port 21  # ftp
acl Safe_ports port 443 # https
#The access allow, where "redLocal" is my address network
http_access allow redLocal Safe_ports
I also wrote the "acl ftp_proto proto FTP" and put this in the "http_access
allow redLocal Safe_ports ftp_proto", but did not work.
I will apreciate your help

Thanks.

_
Charla con tus amigos en línea mediante MSN Messenger: 
http://messenger.yupimsn.com/

RE: [squid-users] DNS question - running squid2.5Stable2

2003-07-07 Thread Zand, Nooshin 
Thanks it is working.
Nooshin

-Original Message-
From: Henrik Nordstrom [mailto:[EMAIL PROTECTED]
Sent: Thursday, July 03, 2003 11:30 PM
To: Zand, Nooshin; [EMAIL PROTECTED]
Subject: Re: [squid-users] DNS question - running squid2.5Stable2


On Thursday 03 July 2003 23.14, Zand, Nooshin wrote:
> Hi,
> 1)
> It seems even though the first DNS entry in /etc/resolv.conf is not
> answering to dns query squid still tries to send the query to it.
> (based on tcpdump data) This causes slowness in web access.
> How can I enforce squid to not send dns query for a some period of
> time to defected DNS server?

Some programming may be required for this.

> 2)
> In squid2.4 I had to disable internal_dns and run dnsserver in
> order to check /etc/host file. It "seems" squid2.5 behaves the
> same. Please advise!

Squid-2.5 reads /etc/hosts or another hosts type file of your choice. 
See the hosts_file directive in squid.conf.

Note: the hosts file is only read on startup or reconfigure.

-- 
Donations welcome if you consider my Free Squid support helpful.
https://www.paypal.com/xclick/business=hno%40squid-cache.org

If you need commercial Squid support or cost effective Squid or
firewall appliances please refer to MARA Systems AB, Sweden
http://www.marasystems.com/, [EMAIL PROTECTED]

Re: [squid-users] FTP authenticated logons

2003-07-07 Thread Schelstraete Bart 
Jorge Umaña wrote:

I am using squid-2.4.STABLE7, right now I have access to the http 
service and to
the ftp service with an anonymous account, however when I try to 
access with a
specific account it does not work I do not get any prompt to put the 
login and
password neither with ftp://[EMAIL PROTECTED] Could you say me what is 
wrong. This is part of my squid.conf file:

#My only safe ports
acl Safe_ports port 80# http
acl Safe_ports port 21# ftp
acl Safe_ports port 443 # https 


Hello Jorge,

I think that this has nothing to do with Squid as anonymous ftp works.
Try using:  ftp://username:[EMAIL PROTECTED]
rgrds,

 Bart

Re: [squid-users] FD errors

2003-07-07 Thread Schelstraete Bart 
J.D. Bronson wrote:

sslReadServer: FD 23: read failure: (131) Connection reset by peer

Any idea what causes these? I also see FD errors on non SSL requests 
as well and wondering what it is and how to fix it?

I am running a 0707 snapshot of squid on Solaris 9 Sparc. 


J.D,

You don't need to worry about this, if you don't read this TO much.
This means that the connection has lost to the remote server.
If you're receiving this very,very often you should check your network.
rgrds,

 Bart

Re: [squid-users] Page loading issues

2003-07-07 Thread Schelstraete Bart 

2003/07/07 12:46:33| The request GET
http://www.google.com/webhp?hl=en&edition=usa&q= is DENIED, because it
matched 'AuthorizedUsers'
2003/07/07 12:46:33| The request GET
http://www.google.com/webhp?hl=en&edition=
sa&q= is ALLOWED, because it matched 'AuthorizedUsers'
 

Jeremy,

That's a strange one.
Is it possible to send me your acl's?
rgrds,

 Bart

Re: [squid-users] Page loading issues

2003-07-07 Thread Schelstraete Bart 
Jeremy Broadway wrote:

Hello,
I am having an issue where every once in a while pages just do
not display. No error message is displayed by squid, no 404, the page
just doesn't load when I click on the link or it starts to load but
never finishes.  Closing my browser (IE 6 sp1 + q331906 patch on win2k
sp4) and opening it again fixes the issue and the page loads just fine.
The only person using squid is myself as I am trying to get it stable
enough for a test deployment with a few users. I am using ntlm
authentication in a win2k ad domain, max children is 15, the squid
server is a p3 1.0ghz with 512megs ram running openbsd 3.3, squid itself
is version 2.5-stable2.
There is nothing special about the web pages that I am visiting when
this happens and it appears to be random since it has happened on
google, cnn, slashdot and microsoft's websites just to name a few, it
doesn't matter if I am viewing a static html page or submitting a form
and it happens frequently enough that it is rather annoying.
 

Also check this one :
(saw this in mail from Henrik, regarding NTLM)
 Bug #267 Form POSTing troubles with NTLM authentication
 http://www.squid-cache.org/bugs/show_bug.cgi?id=267>
rgrds,

  Bart

[squid-users] Unable to forward this request at this time

2003-07-07 Thread Norman Zhang 
Hi,

I am trying to access the internet using my Proxy Server
http://192.168.22.6:3128, but when I hit any page, I got

The following error was encountered:

 * Unable to forward this request at this time.

This request could not be forwarded to the origin server or to any parent
caches. The most likely cause for this error is that:

 * The cache administrator does not allow this cache to make direct
   connections to origin servers, and
 * All configured parent caches are currently unreachable.

Would someone please give me a few pointers? I used all default settings
from the squid.conf and only made changes to the following options.

Regards,
Norman

auth_param ntlm program /usr/lib/squid/wb_ntlmauth
auth_param ntlm children 5
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 2 minutes
acl password proxy_auth REQUIRED
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access deny all
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
#http_access deny to_localhost
acl our_networks src 192.168.11.0/26 192.168.22.0/25
http_access allow our_networks
http_access allow localhost
http_reply_access allow all

Re: [squid-users] Page loading issues

2003-07-07 Thread Henrik Nordstrom 
On Monday 07 July 2003 18.57, Jeremy Broadway wrote:

> 2003/07/07 12:46:33| The request GET
> http://www.google.com/webhp?hl=en&edition=usa&q= is DENIED, because
> it matched 'AuthorizedUsers'

This is normal and should correlate to a TCP_DENIED/407 entry in 
cache.log.

> 2003/07/07 12:46:33| The request GET
> http://www.google.com/webhp?hl=en&edition=
> sa&q= is ALLOWED, because it matched 'AuthorizedUsers'

The same request as above but after successful authentication.

Regards
Henrik

-- 
Donations welcome if you consider my Free Squid support helpful.
https://www.paypal.com/xclick/business=hno%40squid-cache.org

If you need commercial Squid support or cost effective Squid or
firewall appliances please refer to MARA Systems AB, Sweden
http://www.marasystems.com/, [EMAIL PROTECTED]

Re: [squid-users] Unable to forward this request at this time

2003-07-07 Thread Chijioke Kalu 
I figure http_access deny all should be the last

K

Hi,

I am trying to access the internet using my Proxy Server
http://192.168.22.6:3128, but when I hit any page, I got
The following error was encountered:

 * Unable to forward this request at this time.

This request could not be forwarded to the origin server or to any parent
caches. The most likely cause for this error is that:
 * The cache administrator does not allow this cache to make direct
   connections to origin servers, and
 * All configured parent caches are currently unreachable.
Would someone please give me a few pointers? I used all default settings
from the squid.conf and only made changes to the following options.
Regards,
Norman
auth_param ntlm program /usr/lib/squid/wb_ntlmauth
auth_param ntlm children 5
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 2 minutes
acl password proxy_auth REQUIRED
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access deny all
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
#http_access deny to_localhost
acl our_networks src 192.168.11.0/26 192.168.22.0/25
http_access allow our_networks
http_access allow localhost
http_reply_access allow all
_
The new MSN 8: smart spam protection and 2 months FREE*  
http://join.msn.com/?page=features/junkmail

Re: [squid-users] getting dhcpd client-hostname (or other name) in access log

2003-07-07 Thread Henrik Nordstrom 
On Monday 07 July 2003 21.09, Nick Bartos wrote:

> I am looking into writing some sort of plugin/mod that will query
> dhcpd and get the client-hostname for an ip address and somehow
> insert that into the log.

You can't query DHCP who an IP address belongs to using standard 
protocols, but real DHCP servers supports automatic DNS updates these 
days to keep DNS data in synch with DHCP updates..

There is also the option (for Windows netowrks) to use Microsoft DNS 
with a WINS fallback which works to some level..

However, if you find a way to query the user name (including looking 
direclty into the dhcpd database of IP addresses) or equivalent based 
on the source IP address then you can easily plug this into Squid via 
an external acl returning the information as user name (see 
external_acl_type).

Regards
Henrik

-- 
Donations welcome if you consider my Free Squid support helpful.
https://www.paypal.com/xclick/business=hno%40squid-cache.org

If you need commercial Squid support or cost effective Squid or
firewall appliances please refer to MARA Systems AB, Sweden
http://www.marasystems.com/, [EMAIL PROTECTED]

Re: [squid-users] credentialsttl

2003-07-07 Thread Henrik Nordstrom 
On Monday 07 July 2003 21.27, Adam Aube wrote:
> > How can i make user credentials to expire on a specified time ?
> > I've tried credentialsttl with no result.
>
> Depends on what you mean by "expire". The credentialsttl setting
> will make Squid force the user to reauthenticate after a set time
> period.

Sorry, but this is not at all what credentialsttl does.

credentialsttl will make Squid requery the authentication helper after 
a set time period (default 2 hours). It is not related to 
when/how/why the user may need to reauthenticate himself. The latter 
is a business between the user and his browser alone and outside the 
control of Squid.  The browser authenticates to Squid on each and 
every request sent to the proxy.

Regards
Henrik

-- 
Donations welcome if you consider my Free Squid support helpful.
https://www.paypal.com/xclick/business=hno%40squid-cache.org

If you need commercial Squid support or cost effective Squid or
firewall appliances please refer to MARA Systems AB, Sweden
http://www.marasystems.com/, [EMAIL PROTECTED]

Re: [squid-users] FTP authenticated logons

2003-07-07 Thread Henrik Nordstrom 
On Monday 07 July 2003 22.12, Jorge Umaña wrote:
> I am using squid-2.4.STABLE7, right now I have access to the http
> service and to
> the ftp service with an anonymous account, however when I try to
> access with a
> specific account it does not work I do not get any prompt to put
> the login and
> password neither with ftp://[EMAIL PROTECTED] Could you say me what is
> wrong.

A guess:

You are using MSIE, and are frustrated because MSIE does not support 
authentication to FTP servers over HTTP but requires the password to 
be specified in the URL using the official 
ftp://user:[EMAIL PROTECTED]/path.. syntax.

ftp://[EMAIL PROTECTED]/ is an inofficial URL syntax. When Squid sees such 
URL it asks the browser to provide full user credentials via WWW 
authentication but unfortunately not all browsers know how to handle 
this, which is a little odd as they do know how to handle WWW 
authentication when requesting a http:// URL from the HTTP proxy and 
there technically is no difference in what the browser does... (both 
are just a HTTP request to the proxy, and displaying HTTP/HTML 
responses)

Regards
Henrik
-- 
Donations welcome if you consider my Free Squid support helpful.
https://www.paypal.com/xclick/business=hno%40squid-cache.org

If you need commercial Squid support or cost effective Squid or
firewall appliances please refer to MARA Systems AB, Sweden
http://www.marasystems.com/, [EMAIL PROTECTED]

Re: [squid-users] Unable to forward this request at this time

2003-07-07 Thread Henrik Nordstrom 
On Tuesday 08 July 2003 00.47, Norman Zhang wrote:

>  * Unable to forward this request at this time.

This message is only seen if you are using never_direct.

Regards
Henrik


-- 
Donations welcome if you consider my Free Squid support helpful.
https://www.paypal.com/xclick/business=hno%40squid-cache.org

If you need commercial Squid support or cost effective Squid or
firewall appliances please refer to MARA Systems AB, Sweden
http://www.marasystems.com/, [EMAIL PROTECTED]

[squid-users] Re: Unable to forward this request at this time

2003-07-07 Thread Norman Zhang 
Hi,

Chijioke Kalu wrote:
> I figure http_access deny all should be the last

I swap the line http_access deny all to the end, restarted squid but problem
still persists. Is there something trivial I am missing?

Regards,
Norman

Norman Zhang wrote:
> I am trying to access the internet using my Proxy Server
> http://192.168.22.6:3128, but when I hit any page, I got
>
> The following error was encountered:
>
>   * Unable to forward this request at this time.

> auth_param ntlm program /usr/lib/squid/wb_ntlmauth
> auth_param ntlm children 5
> auth_param ntlm max_challenge_reuses 0
> auth_param ntlm max_challenge_lifetime 2 minutes
> acl password proxy_auth REQUIRED
> acl all src 0.0.0.0/0.0.0.0
> acl manager proto cache_object
> acl localhost src 127.0.0.1/255.255.255.255
> acl to_localhost dst 127.0.0.0/8
> acl SSL_ports port 443 563
> acl Safe_ports port 80 # http
> acl Safe_ports port 21 # ftp
> acl Safe_ports port 443 563 # https, snews
> acl Safe_ports port 70 # gopher
> acl Safe_ports port 210 # wais
> acl Safe_ports port 1025-65535 # unregistered ports
> acl Safe_ports port 280 # http-mgmt
> acl Safe_ports port 488 # gss-http
> acl Safe_ports port 591 # filemaker
> acl Safe_ports port 777 # multiling http
> acl CONNECT method CONNECT
> http_access allow manager localhost
> http_access deny manager
> http_access deny !Safe_ports
> http_access deny CONNECT !SSL_ports
> #http_access deny to_localhost
> acl our_networks src 192.168.11.0/26 192.168.22.0/25
> http_access allow our_networks
> http_access allow localhost
> http_reply_access allow all
> http_access deny all

[squid-users] Re: Unable to forward this request at this time

2003-07-07 Thread Norman Zhang 
Hi,

> On Tuesday 08 July 2003 00.47, Norman Zhang wrote:
>
>>  * Unable to forward this request at this time.
>
> This message is only seen if you are using never_direct.

But default setting for squid.conf never_direct is none. I haven't touched
those fancy options yet 8)

Regards,
Norman

Re: [squid-users] Squid on port 80

2003-07-07 Thread Surjadi Sjariffudin 
how do i unsubscribe from this mailing list ??? It never seems to work !


- Original Message -
From: "Hasan, Irfan" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, July 07, 2003 7:18 PM
Subject: [squid-users] Squid on port 80


> I'm running Squid 2.5 Stable3 NT on Windows 2000 Professional,
> yes yes I know it is not a good idea to run Windows 2000 Professional
> but I've some other issues.
>
> I'm running squid on port 80, the problem is intermittent connection.
> Even when I telnet on local machine on port 80 sometime I can connect
> and sometime I can't connect.
>
> When I change port 80 to some other port, no problem everything run
smooth.
> I already check there is no other service is using Port 80.
>
> Is there any known issue to run Squid on port 80 or using Windows 2000
Pro.?
>
>

[squid-users] blocking Symantec Live Update

2003-07-07 Thread Fajar Priyanto 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hello all,
Can squid block automatic Symantec Live Update by Norton Antivirus?
I can see in the access.log this activity:
  79891 192.168.0.65 TCP_REFRESH_HIT/304 211 GET 
http://liveupdate.symantecliveupdate.com/avenge$201.5$20microdefs2_microdefsb.curdefs_symalllanguages_livetri.zip
 
- - DIRECT/202.146.251.72 application/zip

I've blocked liveupdate.symantecliveupdate.com into squidGuard. Is it blocked?

Thanks in advance
Fajar
- --
This message was compose on a 100% GNU/Linux machine

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE/ChqxUrYxG8KGMVERAj0cAJ9GTm6VNtQk0wEogLL+MqOpOW/5MQCePkKz
Fhh9h9P1qtK4mkz7jT0jvy4=
=TvYD
-END PGP SIGNATURE-

[squid-users] the problem of blocking URL

2003-07-07 Thread Li Wei 
hi,all

I faced the same problem as before again, which refer to my control rule
about blocking a few websites.

I set my rule as below:
acl badURL2 urlpath_regex -i \.mp3$ \.wma$ \.avi$ \.mpeg$ \.mpg$ \.swf$ \.asf$ \.rm$ 
\.ram$
http_access deny badURL2

However, when my colleague was accessing 
http://photo.cameraunion.net:81/phpchat/index.php3, he was rejected by Squid.



Why? Why do Squid cause such unexpected matches?



Regard.

**
Li Wei   ^-^ HAVE A GOOD DAY ^-^
JFTT
E-mail: [EMAIL PROTECTED]
**

[squid-users] Re: Unable to forward this request at this time

2003-07-07 Thread Norman Zhang 
Hi,

> I am trying to access the internet using my Proxy Server
> http://192.168.22.6:3128, but when I hit any page, I got
>
> The following error was encountered:
>
>  * Unable to forward this request at this time.
>
> This request could not be forwarded to the origin server or to any parent
> caches. The most likely cause for this error is that:
>
>  * The cache administrator does not allow this cache to make direct
>connections to origin servers, and

Would someone mind telling me can find related directives for this?

>  * All configured parent caches are currently unreachable.

I only have one squid server running. Does this mean I need to disable cache
parents? I am new to squid, am I safe to presume that since none are set for
cache_peer* then I am fine? Are there additional directives I need to
disable/enable?

Regards,
Norman

[squid-users] NoProxy directive equivalent in squid

2003-07-07 Thread Chris Vaughan 
Hello,

I am trying to identify an equivalent in squid to the apache NoProxy
directive. When I previously asked about this, I was told the answer was
held in the FAQ. However, having looked at the FAQ, I am unable to find what
I am supposed to be looking for. Any help is appreciated.


 <> 


***
This message is intended for the addressee named and 
may  contain confidential information. If you are not the 
intended recipient, please delete it and notify the sender. 
Views expressed in this message are those of the 
individual sender, and are not necessarily the views of the
Department of  Lands.

This email message has been swept by MIMEsweeper 
for the presence of computer viruses.
***



Chris Vaughan.vcf
Description: Binary data

RE: [squid-users] What would you suggest?

2003-07-07 Thread Adrian Hope-Hodgetts VK4MIA 
Richard,

We have a similar setup using two 6 GiG 5400Rpm drives one for OS and
one for Cache. Processor is PIII450Mhz with 384Mb Ram running on OpenBSD
3.3. It is more than ample for our needs.
Your suggested machine is fine, however if cost is important you can
spec your suggested machine down. 
If the machine is only going to be used for Squid and "Nothing" else
then RH has a lot of other stuff that is not needed.
You may like to find a *nix distrib that doenst offer all the frilly
bits.


Regards
Adrian Hope-Hodgetts


-Original Message-
From: Richard Sumilang [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, 8 July 2003 4:27 AM
To: [EMAIL PROTECTED]
Subject: [squid-users] What would you suggest?


I have a network of about 30 users that use the internet to do their 
daily job. Would putting in place a dedicated squid server with about 
30+ GB 7200 RPM, Red Hat 7.2, 512mb ram, AMD 1.3+ processor work or do
I need something more powerful or could I get by with something less 
powerful? What would you suggest?

[squid-users] Squid Proxy not caching DNS

2003-07-07 Thread chisholm 27 
Hello,

I have a problem when connecting to a destination site who are running DNS
round robin for its 3 web servers A, B & C. Upon opening the main page for
list of reports, whihch required user ID & password for SSL, it prompts for
login again when trying to traverse to next page quoting credentials
timed-out.
Debug mode showed Squid proxy as our proxy made a DNS request again within
seconds (when next page is traversed), which returned with a different IP
from DNS round robin.
I knew this is a typical issue highlighted by someone before and the
workaround is to use host file, but seemed like no actual resolution to fine
tune Squid proxy. Can DNS Name cache in Squid be set to retain resolved DNS
name to certain time so it wouldn't have to query DNS again so fast ?
Regards
Chisholm
_
Using a handphone prepaid card? Reload your credit online! 
http://www.msn.com.my/reloadredir/default.asp

Re: [squid-users] Page loading issues

2003-07-07 Thread Schelstraete Bart 
Henrik Nordstrom wrote:

On Monday 07 July 2003 18.57, Jeremy Broadway wrote:

 

2003/07/07 12:46:33| The request GET
http://www.google.com/webhp?hl=en&edition=usa&q= is DENIED, because
it matched 'AuthorizedUsers'
   

This is normal and should correlate to a TCP_DENIED/407 entry in 
cache.log.

 

2003/07/07 12:46:33| The request GET
http://www.google.com/webhp?hl=en&edition=
sa&q= is ALLOWED, because it matched 'AuthorizedUsers'
   

The same request as above but after successful authentication.

Regards
Henrik
 

Hernik,

Is this normal??

   BArt

Re: [squid-users] Improve performance in squid

2003-07-07 Thread Masood Ahmad Shah 
First of all I will suggest better to purchase some SCSI hard disks more
then 17 GB. 4 GB RAM is okk..

-- 

Best Regs,
Masood Ahmad Shah
System Administrator

^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^
|   * * * * * * * * * * * * * * * * * * * * * * * *
|   Fibre Net (Pvt) Ltd. Lahore, Pakistan
|   Tel: +92-42-6677024
|   Mobile: +92-300-4277367
|   http://www.fibre.net.pk
|   * * * * * * * * * * * * * * * * * * * * * * * *
^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^
Unix is very simple, but it takes a genius to understand the simplicity.
(Dennis Ritchie)
"All I want is a few minutes alone with the source code for the universe and
a quick recompile."


- Original Message - 
From: "Adaíl Oliveira" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, July 07, 2003 7:19 PM
Subject: [squid-users] Improve performance in squid


| Hi,
| I have a Dell Server with 4 GB ram + intel III 1
| GHz dual processor machine.I have a cache dir of 17 Gb for squid. Any
| suggestions how to
| improve performance in squid?
|
| Thanks
|
| A.O
|
|

Re: [squid-users] blocking Symantec Live Update

2003-07-07 Thread Schelstraete Bart 

Hello all,
Can squid block automatic Symantec Live Update by Norton Antivirus?
I can see in the access.log this activity:
 79891 192.168.0.65 TCP_REFRESH_HIT/304 211 GET 
http://liveupdate.symantecliveupdate.com/avenge$201.5$20microdefs2_microdefsb.curdefs_symalllanguages_livetri.zip 
- - DIRECT/202.146.251.72 application/zip

I've blocked liveupdate.symantecliveupdate.com into squidGuard. Is it blocked?

 

If  you blocked liveupdate.symantecliveupdate.com, then you shouldn't be 
able to run liveupdate.

rgrds,
 Bart

Re: [squid-users] NoProxy directive equivalent in squid

2003-07-07 Thread Schelstraete Bart 
Chris Vaughan wrote:

Hello,

I am trying to identify an equivalent in squid to the apache NoProxy
directive. When I previously asked about this, I was told the answer was
held in the FAQ. However, having looked at the FAQ, I am unable to find what
I am supposed to be looking for. Any help is appreciated.
 

Hello Chris,

What o  you want to accomplisch with 'No proxy':

 a)   Do not cache?  (no_cache option)
 b)   Do no forward to parent proxies? (always_direct, 
never_direct options)
 c)   Block the URL? (ACL)
   

Pls be more specific.

rgrds,
Bart

Re: [squid-users] urgent squid with squidguard help

2003-07-07 Thread Vishal For You 
I have tried to used squid acl for this. Infact i am currently using acl's 
but for the new configuration somehow it is not working thats why i am using 
squidguard to solve the problem.

I have denied everyone in my squid.conf.

My squidguard.conf is basic and simple for test.
acl
{
   default
  {
  pass all
  }
}
still i am getting access denied page.

My cache.log shows following messages
2003/07/08 10:16:16| Adding nameserver 202.54.1.18 from /etc/resolv.conf
2003/07/08 10:16:16| helperOpenServers: Starting 4 'squidguard' processes
2003/07/08 10:16:16| errorTryLoadText: 
'/usr/share/squid/errors/ERR_READ_TIMEOUT': (2) No such file or directory
2003/07/08 10:16:16| errorTryLoadText: 
'/usr/share/squid/errors/ERR_LIFETIME_EXP': (2) No such file or directory
2003/07/08 10:16:16| errorTryLoadText: 
'/usr/share/squid/errors/ERR_READ_ERROR': (2) No such file or directory
2003/07/08 10:16:16| errorTryLoadText: 
'/usr/share/squid/errors/ERR_WRITE_ERROR': (2) No such file or directory

What r these errors? How do i overcome it?

I am using redirect_children=4
In process it shows all the processes running for squidguard
My squidguard.log is as follows
2003-07-08 10:04:17 [2839] squidGuard 1.2.0 started (1057638857.331)
2003-07-08 10:04:17 [2839] squidGuard ready for requests (1057638857.348)
2003-07-08 10:04:17 [2842] squidGuard 1.2.0 started (1057638857.363)
2003-07-08 10:04:17 [2842] squidGuard ready for requests (1057638857.363)
2003-07-08 10:16:05 [2839] squidGuard stopped (1057639565.410)
Waiting 4 reply
Vishal
From: Henrik Nordstrom <[EMAIL PROTECTED]>
To: "Vishal For You" <[EMAIL PROTECTED]>, 
[EMAIL PROTECTED]
Subject: Re: [squid-users] urgent squid with squidguard help
Date: Sat, 5 Jul 2003 16:42:27 +0200

On Saturday 05 July 2003 16.06, Vishal For You wrote:
> I am using squid for a long time. Right now the company i am
> working in wants to restrict internet usage based on departments
> and location.
I would suggest using the Squid access controls for this purpose
rather than squidguard..
But it depends.. if you want to give different users different filter
profiles in SquidGuard then you need the access controls in
SquidGuard.
Regards
Henrik
--
Donations welcome if you consider my Free Squid support helpful.
https://www.paypal.com/xclick/business=hno%40squid-cache.org
If you need commercial Squid support or cost effective Squid or
firewall appliances please refer to MARA Systems AB, Sweden
http://www.marasystems.com/, [EMAIL PROTECTED]
_
Looking for love? Yearning for friendship? http://www.msn.co.in/Romance/ 
You're in the right place.

RE: [squid-users] NoProxy directive equivalent in squid

2003-07-07 Thread Schelstraete Bart 
Citeren Chris Vaughan <[EMAIL PROTECTED]>:

> I am trying to get to an intranet site on a remote host, that our office has
> a point to point connection for. We are trying to tell the server not to use
> proxy for the specific internal domain names for this site.

Chris,

You can use -for example:
  acl internal dstdomain yahoo.com  (or something similar)
  always_direct allow internal
  never_direct deny internal


rgrds,
  Bart