date:20030723

On Thursday 24 July 2003 03.52, Daniel Camacho wrote:
> Hi,
>
> I'm currently using Squid with transparent proxy using iptables.
> There are some people who wish to not use the cache. How can I add
> a filter rule to prevent from caching a destination host? In other
> words, when a client tries to connect to 192.168.10.10 website,
> instead of iptables redirecting them to squid, it will connect them
> directly to the host. Thanks for the help.

Add an iptables ACCEPT rule before your interception rule.

Note: This is a Linux firewalling question, not a Squid question.

Regards
Henrik

-- 
Donations welcome if you consider my Free Squid support helpful.
https://www.paypal.com/xclick/business=hno%40squid-cache.org

If you need commercial Squid support or cost effective Squid or
firewall appliances please refer to MARA Systems AB, Sweden
http://www.marasystems.com/, [EMAIL PROTECTED]

Re: [squid-users] Iptables & Squid

2003-07-23 Thread Anderson Pettirossi Xavier

I think that making a rule that accept de packet first of redirect it to
your squid proxy port will resolve. Accepting the packet it will not read
the next rule, then you can configure to anyone or any server you want.

regards
Anderson

- Original Message - 
From: "Daniel Camacho" <[EMAIL PROTECTED]>
To: "Squid Users" <[EMAIL PROTECTED]>
Sent: Wednesday, July 23, 2003 10:52 PM
Subject: [squid-users] Iptables & Squid


>
> Hi,
>
> I'm currently using Squid with transparent proxy using iptables. There are
> some people who wish to not use the cache. How can I add a filter rule to
> prevent from caching a destination host? In other words, when a client
> tries to connect to 192.168.10.10 website, instead of iptables redirecting
> them to squid, it will connect them directly to the host. Thanks for the
help.
>
>
> DC
>

[squid-users] Iptables & Squid

2003-07-23 Thread Daniel Camacho

Hi,

I'm currently using Squid with transparent proxy using iptables. There are 
some people who wish to not use the cache. How can I add a filter rule to 
prevent from caching a destination host? In other words, when a client 
tries to connect to 192.168.10.10 website, instead of iptables redirecting 
them to squid, it will connect them directly to the host. Thanks for the help.

DC

Re: [squid-users] Is there a delay-pool FAQ someplace

On Thu, 2003-07-24 at 00:40, Josh Kuperman wrote:

> Lets say there are three groups on three subnets:
> 
> Research on 192.168.2.0/24
> Marketing on 192.168.3.0/24
> Administration on 192.168.1.0/24
> 
> Scenario One: insuring an even distribution of available
> bandwidth. Let's say I have a 1Mbps interent connection and I know I
> need 100kbps for external connection, email, web server,etc on my
> network. That leaves 300kbps for each of the tree groups.Can I enforce
> that with delay pools.

Yes, with one class one pool per group.

> Scenario Two: insuring a hierarchical preference so the following
> types of documents are treated as more important:
> 
> 1. Text, html, pdf,
> 2. graphics.
> 3. audio files
> 4. video files
> 5. anything being streamed.
> 
> Nothing should be prevented per se, but the simpler and older basic
> web services should always have a good response, while streaming video
> and any bandwidth hogs I know about should be limited.

You can do this, but not at the same time as the 300kbps limit for the
groups above. What you can do to come close though is use a class 2
pool. The aggregate field covers the group, and the per-last-octect
field covers each user. Now, limit each user to some fraction of the
group - say 100kbps. That means that sustained traffic from a single
machine will not saturate that group's allowance on it's own.

Long term, delays pools could be enhanced to do the sort of heirarchical
logic you talk about there - in squid 3.0 that is (relatively) easy to
accomplish.

> Scenario three: Keeping available bandwidth proportionate. Say
> Marketing sub net has 10 machines. First, how can I make sure that the same
> percent of the Marketing groups bandwidth is available to each
> machine. Second, is there a way to keep it proportionate but not count
> machines when they aren't being used.

This is the default behaviour for squid - no machine is given preference
to resources. It's not strictly enforced - it depends on the origin
servers bandwidth. Again, use of a class 1 or 2 pool will likely do what
you need.

> Scenario four: Limit bandwidth based on the online service. For
> example say you know a lot of people will be using Aol Instant
> Messenger, which is fine from time to time. But as it is a text based
> protocol you know that should never really take any bandwidth and you
> know you can restrain it quite a bit before you render it
> unusable. How would you do that.

This is a variation on Secnario 2, and my answer there applies here as
well.

Cheers,
Rob
-- 
GPG key available at: .

signature.asc
Description: This is a digitally signed message part

RE: [squid-users] Is there a delay-pool FAQ someplace

On Thu, 2003-07-24 at 01:43, Adam Aube wrote:

> 3) With Class 2 and 3, if you don't want to set a total,
> per-network, and/or per-user limit, just set the limit
> to -1/-1.

Just a nit: class 3 doesn't have per buckets. It has per- buckets. squid-3.0 has per-user delay buckets.

Cheers
Rob
-- 
GPG key available at: .

signature.asc
Description: This is a digitally signed message part

Re: [squid-users] problem with authentication

ons 2003-07-23 klockan 20.29 skrev JOHNSON DAVID R:

> 1) After i authenticate i have to refresh my browser in order for the page
> to load any ideas on the cause?

Because you are using MSIE and Microsoft has such excellent quality
control of their browser product. See the Squid FAQ.

> 2) im using ldap to authenticate and with some user accounts i do not
> authenticate but with others i do..  any ideas as to why? all of te accounts
> are in cn=Users.

Do any of these accounts have any odd characters in their login or
password? If so, make sure you are using the helper from Squid-2.5 and
not a left-over copy from an earlier release of Squid.

Regards
Henrik

-- 
Donations welcome if you consider my Free Squid support helpful.
https://www.paypal.com/xclick/business=hno%40squid-cache.org

Please consult the Squid FAQ and other available documentation before
asking Squid questions, and use the squid-users mailing-list when no
answer can be found. Private support questions is only answered
for a fee or as part of a commercial Squid support contract.

If you need commercial Squid support or cost effective Squid and
firewall appliances please refer to MARA Systems AB, Sweden
http://www.marasystems.com/, [EMAIL PROTECTED]

[squid-users] --> Unsubscribed ???

2003-07-23 Thread Alex Carlos Braga Antão

 Why I was UNsubscribed from this list ?? I didn´t ask to ! 
 
 
Alex C. B. Antão
Analista de Sistemas e Suporte
ICQ: 5144629http://motoviagens.pagina.de
http://e-modelismo.pagina.de
 
 
Um "bom" pouso é aquele do qual você sai caminhando. Um "ótimo" pouso é aquele depois 
do qual você pode usar o avião novamente.

RE: [squid-users] Is there a delay-pool FAQ someplace



ons 2003-07-23 klockan 17.43 skrev Adam Aube:

> 4) I don't know for sure if you can set the per-user
> limits in Class 2 and 3 pools to -1/-1 (never used those
> classes), but if you can, then it should divide bandwidth
> evenly among connections, up to the network/total limit
> (similar to a Class 1).

You can, but it would be a waste to do so on a class 2 pool (the class 2
is then functionally equivalent to class 1, only using more memory and
CPU time than a real class 1 pool).

Regards
Henrik
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.237 / Virus Database: 115 - Release Date: 3/7/2001

RE: [squid-users] Hardware specs

> It is hard to find any worse real life workload for RAID5 than
> Squid cache.

> If you want to raid your cache then use mirroring, not RAID5.

What about RAID 0, striping the data across multiple drives? Normally
that will improve disk performance.

Lacks redundancy, but data loss isn't much of an issue with a cache.
Just make sure that ONLY your Squid cache in on the RAID set.

Adam
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.237 / Virus Database: 115 - Release Date: 3/7/2001

Re: [squid-users] Hardware specs

ons 2003-07-23 klockan 19.48 skrev [EMAIL PROTECTED]:
> I have heard that it would be preferrable to set up the cache storage area
> on a RAID 5 set using high speed ultra SCSI drives and  a caching
> controller.  Does this sound right? 

The exact opposite.

Squid cache workload is THE worst case scenario for a RAID5 system. It
is hard to find any worse real life workload for RAID5 than Squid cache.

If you want to raid your cache then use mirroring, not RAID5. If you are
today considering 3 drives RAID5 then I would recommend considering 2+2
drives (4 drives) in mirror setup in two separate mirrors (no
concat/striping).

Regards
Henrik

-- 
Donations welcome if you consider my Free Squid support helpful.
https://www.paypal.com/xclick/business=hno%40squid-cache.org

Please consult the Squid FAQ and other available documentation before
asking Squid questions, and use the squid-users mailing-list when no
answer can be found. Private support questions is only answered
for a fee or as part of a commercial Squid support contract.

If you need commercial Squid support or cost effective Squid and
firewall appliances please refer to MARA Systems AB, Sweden
http://www.marasystems.com/, [EMAIL PROTECTED]

[squid-users] problem with authentication

2003-07-23 Thread JOHNSON DAVID R

Squid is up and runnin gbut with a few quirks


1) After i authenticate i have to refresh my browser in order for the page
to load any ideas on the cause?

2) im using ldap to authenticate and with some user accounts i do not
authenticate but with others i do..  any ideas as to why? all of te accounts
are in cn=Users.


Thanks in advance.

David Johnson | Network Administrator |
Hampton University | Hampton, VA | 23669 |
office 757.728.6528 | fax 757.727.5438
mailto:[EMAIL PROTECTED]

Re: [squid-users] would squid work for me

ons 2003-07-23 klockan 18.14 skrev Jason Jesso:
> I'm trying to figure out if squid would work for me.
> 
> Let me explain the problem.
> 
> I have a client who connects to an airline to book tickets.  I would 
> like for that client to connect to our webserver instead and get the 
> airlines web pages that way, rather then going directly to the airlines 
> URL.  I want to do this since I want to intercept certain data in the 
> http data for accounting purposes.
> 
> Can squid help here?

Yes, but so can just entering the address of your web server instead of
the airlines web page into the local hosts file on the clients computer.

Regards
Henrik

-- 
Donations welcome if you consider my Free Squid support helpful.
https://www.paypal.com/xclick/business=hno%40squid-cache.org

Please consult the Squid FAQ and other available documentation before
asking Squid questions, and use the squid-users mailing-list when no
answer can be found. Private support questions is only answered
for a fee or as part of a commercial Squid support contract.

If you need commercial Squid support or cost effective Squid and
firewall appliances please refer to MARA Systems AB, Sweden
http://www.marasystems.com/, [EMAIL PROTECTED]

Re: [squid-users] Squid 2.5STABLE3 Questions

ons 2003-07-23 klockan 15.42 skrev Merton Campbell Crockett:

> Question:  Is there any good documentation on the interaction between the
> cache_peer, cache_peer_domain, neighbor_type_domain, always_direct, and
> never_direct configuration directives.  There seems to have been significant
> changes in this area from earlier versions of Squid and that it is now more
> difficult to construct a viable Squid hierarchy.

No major changes here for a very long time..

I would recommend ignoring the cache_peer_domain directive. The
cache_peer_access directive performs the same function and gives better
control.

neighbor_type_domain is rarely if ever needed so you can most likely
ignore this as well. You will know if you need this one.

> In preliminary testing, I've had a cache_peer defined as a parent return an
> error status rather than the requested content.  This behaviour presents a
> major problem for interior network enclaves that can never directly access
> external web content.

What error?

> Constructing Squid hierarchies seems to have become more of an art form than
> it was in the past.  Can someone provide pointers to Squid documentation on
> constructing hierarchies with Squid 2.5STABLE3 or provide examples of Squid
> configurations for systems that never have direct access to Internet web
> content?

The exact same principles applies to Squid-2.5.STABLE3 as it did for
Squid-1.0. But you have some additional control in the later releases
going beyond what Squid-1.0 was capable of.


The basic principle is to use

cache_peer to establish the peering relation

never_direct/always_direct to force or bypass perrings where the default
automatic selection is not desired, such as if you are inside a firewall
and can not go direct. automatic == squid uses peers if Squid thinks
using peer cache servers is good for the request.


then you can use cache_peer_access / cache_peer_domain /
neighbor_type_domain to in detail control your peering relations for
advanced situations which can not be expressed using parent/sibling
terminology alone.


Regards
Henrik

-- 
Donations welcome if you consider my Free Squid support helpful.
https://www.paypal.com/xclick/business=hno%40squid-cache.org

Please consult the Squid FAQ and other available documentation before
asking Squid questions, and use the squid-users mailing-list when no
answer can be found. Private support questions is only answered
for a fee or as part of a commercial Squid support contract.

If you need commercial Squid support or cost effective Squid and
firewall appliances please refer to MARA Systems AB, Sweden
http://www.marasystems.com/, [EMAIL PROTECTED]

Re: [squid-users] redirection does not work

ons 2003-07-23 klockan 15.25 skrev Horvath Robert:

> 
> redirect_program /bin/redir.pl #because of chroot /usr/local/squid
> redirect_children 2 # i think it is enough


Can this helper at all run within the chroot?

A quick check is to (as root)

  cd /usr/local/squid
  chroot . /bin/redir.pl

Regards
Henrik

-- 
Donations welcome if you consider my Free Squid support helpful.
https://www.paypal.com/xclick/business=hno%40squid-cache.org

Please consult the Squid FAQ and other available documentation before
asking Squid questions, and use the squid-users mailing-list when no
answer can be found. Private support questions is only answered
for a fee or as part of a commercial Squid support contract.

If you need commercial Squid support or cost effective Squid and
firewall appliances please refer to MARA Systems AB, Sweden
http://www.marasystems.com/, [EMAIL PROTECTED]

Re: [squid-users] Re: squid caching period

tis 2003-07-22 klockan 10.43 skrev Troels Arvin:

> I bit surprising: It seems that Squid will never cache anything which will
> otherwise expire within 1 minute.

Squid will not cache anything which will expire within less than a
minute and for which Squid can not verify with the origin server if the
cached copy is still up to date.

If Squid can verify with the origin server if the cached copy is correct
then objects which expire in less than 1 minute will also be cached.
This generally requires the object to have a known Last-Modified
timestamp, allowing Squid to issue a If-Modified-Since request to verify
the cached copy.

-- 
Donations welcome if you consider my Free Squid support helpful.
https://www.paypal.com/xclick/business=hno%40squid-cache.org

Please consult the Squid FAQ and other available documentation before
asking Squid questions, and use the squid-users mailing-list when no
answer can be found. Private support questions is only answered
for a fee or as part of a commercial Squid support contract.

If you need commercial Squid support or cost effective Squid and
firewall appliances please refer to MARA Systems AB, Sweden
http://www.marasystems.com/, [EMAIL PROTECTED]

Re: [squid-users] Traffic ???

ons 2003-07-23 klockan 10.19 skrev Valter Dal Bo:
> Hi all !
> 
> I'd like to know if sites stopped/banned by ACLs cause traffic anyway.

Things blocked by http_access stops the request immediately at the
proxy, before consulting the Internet.

Regard
Henrik
-- 
Donations welcome if you consider my Free Squid support helpful.
https://www.paypal.com/xclick/business=hno%40squid-cache.org

Please consult the Squid FAQ and other available documentation before
asking Squid questions, and use the squid-users mailing-list when no
answer can be found. Private support questions is only answered
for a fee or as part of a commercial Squid support contract.

If you need commercial Squid support or cost effective Squid and
firewall appliances please refer to MARA Systems AB, Sweden
http://www.marasystems.com/, [EMAIL PROTECTED]

Re: [squid-users] How to have squid communicate with external acl

ons 2003-07-23 klockan 07.40 skrev Aqil:

> After being able to read OK or ERR, squid also (still)
> have to authenticate the user with their password..

Squid authenticates the user as soon as it encounters any acl requiring
a user name in http_access. The acl types requiring authentication
includes

  proxy_auth
  proxy_auth_regex
  external, referring to a external_acl_type using %LOGIN

> Here is what i am trying, but it seems not work.
> 
> acl myusers proxy_auth REQUIRED
> 
> external_acl_type ip_auth %SRC %LOGIN
> /path/ip_user_check -f /path/ip_and_userID
> 
> acl ip_auth_acl  external ip_auth ip_auth_acl
> 
> http_access allow ip_auth_acl myusers
> 
> Any help ?

Looks good to me. You can actually drop the myusers acl type as it is
redundant.

-- 
Donations welcome if you consider my Free Squid support helpful.
https://www.paypal.com/xclick/business=hno%40squid-cache.org

Please consult the Squid FAQ and other available documentation before
asking Squid questions, and use the squid-users mailing-list when no
answer can be found. Private support questions is only answered
for a fee or as part of a commercial Squid support contract.

If you need commercial Squid support or cost effective Squid and
firewall appliances please refer to MARA Systems AB, Sweden
http://www.marasystems.com/, [EMAIL PROTECTED]

Re: [squid-users] Stable4

ons 2003-07-23 klockan 08.20 skrev Schelstraete Bart:

> A few days ago Henrik talked about Squid 2.5 Stable4.
> Somebody knows when it will be available?

When I have found time to finish of the last remaining important issues
and proper testing.

> Is it a matter of weeks or months?

More weeks than months.

> (because I want to update, but if stable 4 arrives very soon, I'll wait for that
> version)

If you do not have any significant problems with your current Squid-2.5
then there is real no reason to upgrade. If you have problems and these
are fixed then grab the patch for the problem you are having, or wait
for 2.5.STABLE4.

Regards
Henrik

-- 
Donations welcome if you consider my Free Squid support helpful.
https://www.paypal.com/xclick/business=hno%40squid-cache.org

Please consult the Squid FAQ and other available documentation before
asking Squid questions, and use the squid-users mailing-list when no
answer can be found. Private support questions is only answered
for a fee or as part of a commercial Squid support contract.

If you need commercial Squid support or cost effective Squid and
firewall appliances please refer to MARA Systems AB, Sweden
http://www.marasystems.com/, [EMAIL PROTECTED]

Re: [squid-users] Hardware specs

2003-07-23 Thread Paul . Fiero

I have heard that it would be preferrable to set up the cache storage area
on a RAID 5 set using high speed ultra SCSI drives and  a caching
controller.  Does this sound right?  I haven't comitted to any hardware yet
but may actually have a budget to get two boxes (primary / failover) built
to my specs.  Currently looking at single 1Ghz processor boxes, 1Gb RAM, and
3 36gb 15k rpm drives attached to a caching RAID controller.

Any suggestions about the failover option?

PFiero

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.500 / Virus Database: 298 - Release Date: 7/10/2003

RE: [squid-users] Predictive caching?

ons 2003-07-23 klockan 02.10 skrev John Cougar:

> These days with Gigabit pipes, the prefetch argument is almost a mute
> point: once upon a time the notion to download sites during quiet times
> for prepositioning for the next busy days' request profiles, but how can
> you predict user behaviour? You can argue that the bulk of browsers will
> hit www.microsoft.com when they first start up, but then you have to
> consider whether the site(s) is/are cacheable and for how long ... blah,
> blah.

And also, how much resources you are willing to spend on decreasing the
time for the first few users (the others should get the cached result
anyway..)

Regards
Henrik

-- 
Donations welcome if you consider my Free Squid support helpful.
https://www.paypal.com/xclick/business=hno%40squid-cache.org

Please consult the Squid FAQ and other available documentation before
asking Squid questions, and use the squid-users mailing-list when no
answer can be found. Private support questions is only answered
for a fee or as part of a commercial Squid support contract.

If you need commercial Squid support or cost effective Squid and
firewall appliances please refer to MARA Systems AB, Sweden
http://www.marasystems.com/, [EMAIL PROTECTED]

Re: [squid-users] Predictive caching?

ons 2003-07-23 klockan 02.08 skrev Bob Arctor:
> squid could just CONNECT with all links available on the page.
> then it could check for available bandwitch and crawl thru site searching all 
> html pages (and caching them), not entering those which are dynamically 
> created.

As Robert tried to say there is a number of technical obstacles here
which makes predictive caching very tricky unless you are willing to
waste a lot of bandwidth.

* It is impossible to tell if the reply is going to be dynamically
generated by looking at the URL. This is only known once you see the
reply. By looking at the URL you can only guess what the result may be.

* It is also not fully possible to tell what the browsers request for
the URL will look like before you see the request. There is such things
like Cookies etc which makes it hard to accurately predict what the
request will look like.

* It is impossible to tell if the object will be cacheable before
actually seeing the resulting object..

* It is impossible to tell the size of the object before actually seeing
the resulting object.

* You also do not know that the browser will request these objects. The
browser may have the objects already cached, disabled loading of inline
images, or the user may simply move on to another page before the
browser fetches the objects (I am pretty sure most of you have done
this.. clicking on a link, closing the window or using the back button
while images are still loading)

Regards
Henrik

-- 
Donations welcome if you consider my Free Squid support helpful.
https://www.paypal.com/xclick/business=hno%40squid-cache.org

Please consult the Squid FAQ and other available documentation before
asking Squid questions, and use the squid-users mailing-list when no
answer can be found. Private support questions is only answered
for a fee or as part of a commercial Squid support contract.

If you need commercial Squid support or cost effective Squid and
firewall appliances please refer to MARA Systems AB, Sweden
http://www.marasystems.com/, [EMAIL PROTECTED]

Re: [squid-users] Hardware specs

ons 2003-07-23 klockan 03.49 skrev Jason Parlevliet:

> IIRC Squid prefers non raided drives - if you just have two drives it 
> handles the many read/write ops better.

Squid prefers to be able to do as many seeks as possible. It does not
need high bandwidth, but it needs a high rate of seeks.

Using a mirror almost divides the seek capacity in half.

A single drive is capable for about 30 requests/s without tuning, 50
with some tuning.

The higher rate you need to sustain, the more careful tuning of your
disk subsystem (number & type of drives, Squid configuration, kernel
settings) you will need to do.

Regards
Henrik

-- 
Donations welcome if you consider my Free Squid support helpful.
https://www.paypal.com/xclick/business=hno%40squid-cache.org

Please consult the Squid FAQ and other available documentation before
asking Squid questions, and use the squid-users mailing-list when no
answer can be found. Private support questions is only answered
for a fee or as part of a commercial Squid support contract.

If you need commercial Squid support or cost effective Squid and
firewall appliances please refer to MARA Systems AB, Sweden
http://www.marasystems.com/, [EMAIL PROTECTED]

Re: [squid-users] Efficient ACL to restrict to user's own IPAddress

ons 2003-07-23 klockan 04.36 skrev Aqil:

> Where can I find a good doc concerning
> external_acl_type ? I've already read its doc in
> squid.conf, but I think I need more info :)

There is also some docs on http://devel.squid-cache.org/external_acl/>

> What is the main idea how to use external_acl_type ?

To be able to easily plug into custom access controls into Squid.

> Is it possible to adapt the ncsa authentication scheme
> (or to combine it with other directive e.g.
> external_acl_type?, or with simple scripts) to take
> into account the additional IP address field ?

The ncsa_auth helper should parse the password fine, but you need to
write your own external acl helper to check the IP address and refer to
this via external_acl_type.  (ncsa_auth will then check the password,
your helper the IP)

Regards
Henrik

-- 
Donations welcome if you consider my Free Squid support helpful.
https://www.paypal.com/xclick/business=hno%40squid-cache.org

Please consult the Squid FAQ and other available documentation before
asking Squid questions, and use the squid-users mailing-list when no
answer can be found. Private support questions is only answered
for a fee or as part of a commercial Squid support contract.

If you need commercial Squid support or cost effective Squid and
firewall appliances please refer to MARA Systems AB, Sweden
http://www.marasystems.com/, [EMAIL PROTECTED]

Re: [squid-users] 301 Response Rewrites

tis 2003-07-22 klockan 13.34 skrev Brett Lymn:

> Oh dear, you mean to say the reverse proxy code is not well?  I was
> planning to use that to keep a M$ server our of our DMZ.

It has experienced a little bit-rotting over time from being a
development branch to a development version of Squid, causing some items
to fall behind somewhat.

The parts we felt most important have been merged into Squid-3. Location
header rewrites is however not in this list yet.

Until then (and always) I would recommend looking into the eMARA reverse
proxy from MARA Systems. This is the origin of the rproxy development
branch of Squid. (http://www.marasystems.com/> Products ->
eCommerce -> eMARA)

Regards
Henrik

-- 
Donations welcome if you consider my Free Squid support helpful.
https://www.paypal.com/xclick/business=hno%40squid-cache.org

Please consult the Squid FAQ and other available documentation before
asking Squid questions, and use the squid-users mailing-list when no
answer can be found. Private support questions is only answered
for a fee or as part of a commercial Squid support contract.

If you need commercial Squid support or cost effective Squid and
firewall appliances please refer to MARA Systems AB, Sweden
http://www.marasystems.com/, [EMAIL PROTECTED]

[squid-users] Re: Squid EXE Query

tis 2003-07-22 klockan 12.00 skrev E.Subrahmanya Srinivas:
> Dear ALL
> 
>  We have exe downloads restricted in our Squid proxy,but we face a
> peculiar problem with a URL(s) containing exe in it.
> 
>  Some users are able to access the site the logs for which are
> below
> 
>  1058865784.631 10 192.168.150.39 TCP_DENIED/407 1840 GET
> http://catalog-e.ckd.co.jp/exp/iexp_frmmain.exe?sid=5000425023115917720439010427 - 
> NONE/- text/html


This request was denied by your http_access rules.

Please verify your rules to make sure it does not block things you do
not intend to block, such as access to .exe CGI programs running on the
server. (these are NOT downloaded).

Unfortunately there is no way you can easily determine from the URL
alone if a .exe request is a download, or a call to a CGI program on a
Windows based server (IIS etc).

Regards
Henrik


-- 
Donations welcome if you consider my Free Squid support helpful.
https://www.paypal.com/xclick/business=hno%40squid-cache.org

Please consult the Squid FAQ and other available documentation before
asking Squid questions, and use the squid-users mailing-list when no
answer can be found. Private support questions is only answered
for a fee or as part of a commercial Squid support contract.

If you need commercial Squid support or cost effective Squid and
firewall appliances please refer to MARA Systems AB, Sweden
http://www.marasystems.com/, [EMAIL PROTECTED]

Re: [squid-users] Efficient ACL to restrict to user's own IPAddress

tis 2003-07-22 klockan 10.37 skrev Li Wei:
> Dear Henrik
> 
> Do you mean the external_acl_type?

Yes and no.

The ip_user helper is used via external_acl_type. See
helpers/external_acl/ip_user/

Regards
Henrik

-- 
Donations welcome if you consider my Free Squid support helpful.
https://www.paypal.com/xclick/business=hno%40squid-cache.org

Please consult the Squid FAQ and other available documentation before
asking Squid questions, and use the squid-users mailing-list when no
answer can be found. Private support questions is only answered
for a fee or as part of a commercial Squid support contract.

If you need commercial Squid support or cost effective Squid and
firewall appliances please refer to MARA Systems AB, Sweden
http://www.marasystems.com/, [EMAIL PROTECTED]

[squid-users] would squid work for me

2003-07-23 Thread Jason Jesso

I'm trying to figure out if squid would work for me.

Let me explain the problem.

I have a client who connects to an airline to book tickets.  I would 
like for that client to connect to our webserver instead and get the 
airlines web pages that way, rather then going directly to the airlines 
URL.  I want to do this since I want to intercept certain data in the 
http data for accounting purposes.

Can squid help here?

--

RE: [squid-users] Is there a delay-pool FAQ someplace

Yes, there is a delay pool FAQ:

http://www.squid-cache.org/Doc/FAQ/FAQ-19.html#ss19.8

If you haven't read it already, I recommend you do so.
There's also documentation in the default squid.conf.

Some things to remember:

1) Delay pool settings are in bytes, and your bandwidth
is likely measured in bits

2) You can control access to the delay pools using any
standard acl

3) With Class 2 and 3, if you don't want to set a total,
per-network, and/or per-user limit, just set the limit
to -1/-1.

4) I don't know for sure if you can set the per-user
limits in Class 2 and 3 pools to -1/-1 (never used those
classes), but if you can, then it should divide bandwidth
evenly among connections, up to the network/total limit
(similar to a Class 1).

If you come up with a setup you think will work, and it's
not working how you expect it to, then by all means ask.

Show us the Squid acl and delay settings you're using, what
you expected it to do, and what it really did.

Adam
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.237 / Virus Database: 115 - Release Date: 3/7/2001

RE: [squid-users] Monitoring users activite & log analyzer ?

> In MS-Proxy, we can monitor in real time all users
> connected to the server ? How to do it in squid ?

I know the Cache Manager has some per-user info; you
could see if the info there meets your needs.

Adam
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.237 / Virus Database: 115 - Release Date: 3/7/2001

Re: [squid-users] Monitoring users activite & log analyzer ?

2003-07-23 Thread Merton Campbell Crockett

If you want to see what users are currently doing.

tail -f /var/log/squid/access.log

For a specific user or group of users.

tail -f /var/log/squid/access.log | grep 

Merton Campbell Crockett



On Wed, 23 Jul 2003, Carlo Rodrigues wrote:

> You can check SARG at http://web.onda.com.br/orso/
> 
> It does not work at real time, but can generate daily, weekly, etc. 
> reports of your squid activity.
> 
> Cheers,
> Carlo Rodrigues
> 
> Aqil wrote:
> 
> >Hi
> >
> >Here I am again :)
> >
> >In MS-Proxy, we can monitor in real time all users
> >connected to the server ? How to do it in squid ?
> >
> >Does squid log analyzer exist ? Where to find ?
> >
> >Imagine one day reports (about duration, visited
> >sites, time, etc) have to be generated, what tool do I
> >need to ?
> >
> >TIA and regards,
> >aqil

-- 
BEGIN:  vcard
VERSION:3.0
FN: Merton Campbell Crockett
ORG:General Dynamics Advanced Information Systems;
Intelligence and Exploitation Systems
N:  Crockett;Merton;Campbell
EMAIL;TYPE=internet:[EMAIL PROTECTED]
TEL;TYPE=work,voice,msg,pref:   +1(805)497-5045
TEL;TYPE=work,fax:  +1(805)497-5050
TEL;TYPE=cell,voice,msg:+1(805)377-6762
END:vcard

Re: [squid-users] Monitoring users activite & log analyzer ?

2003-07-23 Thread Carlo Rodrigues

You can check SARG at http://web.onda.com.br/orso/

It does not work at real time, but can generate daily, weekly, etc. 
reports of your squid activity.

Cheers,
Carlo Rodrigues
Aqil wrote:

Hi

Here I am again :)

In MS-Proxy, we can monitor in real time all users
connected to the server ? How to do it in squid ?
Does squid log analyzer exist ? Where to find ?

Imagine one day reports (about duration, visited
sites, time, etc) have to be generated, what tool do I
need to ?
TIA and regards,
aqil
___
Do You Yahoo!? -- Une adresse @yahoo.fr gratuite et en français !
Yahoo! Mail : http://fr.mail.yahoo.com

[squid-users] Is there a delay-pool FAQ someplace

2003-07-23 Thread Josh Kuperman

I've been looking through the posts and documentation on Delay
Pools. I suspect I've missed a few important examples and notes. I
know very similar questions have been asked before. The following
scenarios seem to be the most common uses - but I'm still not sure how
I would implement them. All the questions are either how do I
distribute my bandwidth among groups of machines, or how do I limit
the amount of bandwidth for any destination, web site, protocol? What
I really need are examples with the information to calculate their
effect. [I started running webalizer against my current squid over the
last few months - and while I doubt I have webalizer configured
correctly my monthly throughput is exceeding what I can handle)

Feel free to RTFM me, but include links or at least search terms so I
can gather up the answers I missed from the archives. (I tend to use
the one at http://marc.theaimsgroup.com/?l=squid-users&r=1&w=2 so if
you could check a search or link on that archive it would be most
helpful, though I'm sure there are other places as well.)

Lets say there are three groups on three subnets:

Research on 192.168.2.0/24
Marketing on 192.168.3.0/24
Administration on 192.168.1.0/24

Scenario One: insuring an even distribution of available
bandwidth. Let's say I have a 1Mbps interent connection and I know I
need 100kbps for external connection, email, web server,etc on my
network. That leaves 300kbps for each of the tree groups.Can I enforce
that with delay pools.

Scenario Two: insuring a hierarchical preference so the following
types of documents are treated as more important:

1. Text, html, pdf,
2. graphics.
3. audio files
4. video files
5. anything being streamed.

Nothing should be prevented per se, but the simpler and older basic
web services should always have a good response, while streaming video
and any bandwidth hogs I know about should be limited.

Scenario three: Keeping available bandwidth proportionate. Say
Marketing sub net has 10 machines. First, how can I make sure that the same
percent of the Marketing groups bandwidth is available to each
machine. Second, is there a way to keep it proportionate but not count
machines when they aren't being used.

Scenario four: Limit bandwidth based on the online service. For
example say you know a lot of people will be using Aol Instant
Messenger, which is fine from time to time. But as it is a text based
protocol you know that should never really take any bandwidth and you
know you can restrain it quite a bit before you render it
unusable. How would you do that.


-- 
Josh Kuperman   
[EMAIL PROTECTED]

RE: [squid-users] redirection does not work

> I use a chrooted Squid-2.5.STABLE3 over djb daemontools.

> If i do not use redirect program everything is fine.
> When i set the directives to:

> redirect_program /bin/redir.pl #because of chroot /usr/local/squid
> redirect_children 2 # i think it is enough

> nothing happens.

Try these:

1) Run Squid not chrooted (unless daemontools automatically chroots)
2) Run Squid without daemontools

Adam
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.237 / Virus Database: 115 - Release Date: 3/7/2001

[squid-users] [ANNOUNCE]: N.A.D.S. Normalized Attack Detection System

2003-07-23 Thread Scaramanga

Hi,

Just released version 0.2 of NADS. NADS is a squid ACL helper which
links to libnads, an HTTP URL normalization engine. The aim is to build
a comprehensive HTTP application layer firewall that can withstand
whisker style IDS evasion techniques.

New from 0.1 is the ability to map different sites to different
emulation types eg: www.scaranmanga.co.uk:80 is set to Apache, while
www.foobar.com:8080 is set to IIS.

Of course, it is free software released under the terms of the GNU GPL
v2. You can download it at:

http://www.scaramanga.co.uk/nads/nads-0.2.tar.gz

It currently normalizes the following evasion techniques:
o Strips out query string
o Hex encoding (including double hex encoding)
o MS UTF-16 (%u)
o Overlong UTF-8 encodings
o Double slashes
o Backslashes
o Case normalization
o . and .. normalized out (eg /./foo/../bar/ becomes /bar/)

Here is an example. The URL starts like this (unicode exploit caught in
the wild):

/msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe

Then it gets hex decoded:

/msadc/..%5c../..%5c../..%5c/..Á^\../..Á^\../..Á^\../winnt/system32/cmd.exe

Then it gets hex decoded again (the emulation type is set to IIS).

/msadc/..\../..\../..\/..Á^\../..Á^\../..Á^\../winnt/system32/cmd.exe

Then overlong UTF-8 encodings are normalized:

/msadc/..\../..\../..\/..\../..\../..\../winnt/system32/cmd.exe

Then the path components are normalized:

/msadc/../../../../../../../../../../../winnt/system32/cmd.exe

Then the code throws up an error, due to accessing files outside the
webroot.

Future version will support fast signature matching too.

Any comments and feedback are very welcome.

--
// Gianni Tedesco (gianni at scaramanga dot co dot uk)
lynx --source www.scaramanga.co.uk/gianni-at-ecsc.asc | gpg --import
8646BE7D: 6D9F 2287 870E A2C9 8F60 3A3C 91B5 7669 8646 BE7D

[squid-users] Squid 2.5STABLE3 Questions

2003-07-23 Thread Merton Campbell Crockett

Background:  I am working on project involving groups of network enclaves.
The network enclaves are interconnected using IPSec VPN tunnels between the
network servers that control access to and from the enclave.  Within each
group there will be one network server that is designated a network gateway
and will provide access to the Internet.

The intent is to use Squid in the classic Harvest Project sense to reduce
the volume of traffic flowing accross the IPSec VPN tunnels and to minimize
the latency introduced by IPSec VPN encryption.  Squid 2.5STABLE3 has been
downloaded and installed as I will need to add intercept proxying and wanted
to do this with a recent release of Squid.

Question:  Is there any good documentation on the interaction between the
cache_peer, cache_peer_domain, neighbor_type_domain, always_direct, and
never_direct configuration directives.  There seems to have been significant
changes in this area from earlier versions of Squid and that it is now more
difficult to construct a viable Squid hierarchy.

In preliminary testing, I've had a cache_peer defined as a parent return an
error status rather than the requested content.  This behaviour presents a
major problem for interior network enclaves that can never directly access
external web content.

Constructing Squid hierarchies seems to have become more of an art form than
it was in the past.  Can someone provide pointers to Squid documentation on
constructing hierarchies with Squid 2.5STABLE3 or provide examples of Squid
configurations for systems that never have direct access to Internet web
content?

Merton Campbell Crockett


-- 
BEGIN:  vcard
VERSION:3.0
FN: Merton Campbell Crockett
ORG:General Dynamics Advanced Information Systems;
Intelligence and Exploitation Systems
N:  Crockett;Merton;Campbell
EMAIL;TYPE=internet:[EMAIL PROTECTED]
TEL;TYPE=work,voice,msg,pref:   +1(805)497-5045
TEL;TYPE=fax,work:  +1(805)497-5050
TEL;TYPE=cell,voice,msg:+1(805)377-6762
END:vcard

[squid-users] redirection does not work

2003-07-23 Thread Horvath Robert

Hi!

My problem is the following:
I use a chrooted Squid-2.5.STABLE3 over djb daemontools.
My run file:
#!/bin/bash
exec ./sbin/squid -d 1 -N -D -f ./etc/squid.conf 2>&1 | /usr/local/bin/
multilog t s100 n20 ./log
If i do not use redirect program everything is fine.
When i set the directives to:
redirect_program /bin/redir.pl #because of chroot /usr/local/squid
redirect_children 2 # i think it is enough
nothing happens.
I tested it with lynx, and the dns lookup is ok. (lookin for xx and 
then:
HTTP request sent; waiting for response (forever)
There is not any explanation in the logfiles. (no new lines)
The ps shows 4 sqid-processes (no redir.pl just squid)
My redir.pl:
#!/usr/bin/perl
$|=1;
while(<>){
print;
}
(rights squid.squid 755)

If i try to restart squid (svc -t /services/squid) it starts 4  new 
processes. Any other of the services works fine with svc -t.

squid start log:
Starting Squid Cache version 2.5.STABLE3 for i686-pc-linux-gnu...
Process ID 27433
With 1024 file descriptors available
DNS Socket created at 0.0.0.0, port 1085, FD 4
Adding nameserver 192.168.47.131 from /etc/resolv.conf
helperOpenServers: Starting 2 'redir.pl' processes
Unlinkd pipe opened on FD 13
Swap maxSize 102400 KB, estimated 7876 objects
Target number of buckets: 393
Using 8192 Store buckets
Max Mem  size: 8192 KB
Max Swap size: 102400 KB
Rebuilding storage in /var/cache (CLEAN)
Using Least Load store dir selection
Current Directory is /
Loaded Icons.
Accepting HTTP connections at 0.0.0.0, port 3128, FD 15.
Accepting ICP messages at 0.0.0.0, port 3130, FD 16.
WCCP Disabled.
Ready to serve requests.
Done reading /var/cache swaplog (319 entries)
Finished rebuilding storage from disk.
319 Entries scanned
0 Invalid entries.
0 With invalid flags.
319 Objects loaded.
0 Objects expired.
0 Objects cancelled.
0 Duplicate URLs purged.
0 Swapfile clashes avoided.
Took 0.5 seconds ( 700.6 objects/sec).
Beginning Validation Procedure
Completed Validation Procedure
Validated 319 Entries
store_swap_size = 4356k
storeLateRelease: released 0 objects
Can anybody help me?

Thx

Robert

[squid-users] RE: How to Configure an E-Mail Client behind Squid

> Please guys, someone help me. I've already asked this, but nobody
answered.

When did you ask? I don't recall receiving this message before, and a search
of the archives came up blank.

> Some people in my organization read e-mails form an outside ISP with
> Outlook Express. But when they try to connect they get the following
error:

Had you searched the archives for POP3, you would have learned that Squid
has
nothing to do with POP3, and therefore has nothing to do with your problem.

The only exception would be if your Squid server is set to listen on port
110,
and you are transparently redirecting traffic to it. I doubt this is the
case.

If you have a firewall, make sure it's not blocking port 110 and/or the POP3
server. If that checks out, call your ISP.

Adam
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.237 / Virus Database: 115 - Release Date: 3/7/2001

Re: [squid-users] Please set visible hostname by running squid installed from squid sorce tar

I have already done that
--

- Original Message -

DATE: Wed, 23 Jul 2003 16:55:19
From: "Masood Ahmad Shah" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>,<[EMAIL PROTECTED]>
Cc: 

>then simple is that set hotst_visible name in your squid.conf
>don't worry about it :)
>
>-- 
>
>Best Regs,
>Masood Ahmad Shah
>System Administrator
>
>^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^
>|   * * * * * * * * * * * * * * * * * * * * * * * *
>|   Fibre Net (Pvt) Ltd. Lahore, Pakistan
>|   Tel: +92-42-6677024
>|   Mobile: +92-300-4277367
>|   http://www.fibre.net.pk
>|   * * * * * * * * * * * * * * * * * * * * * * * *
>^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^
>Unix is very simple, but it takes a genius to understand the simplicity.
>(Dennis Ritchie)
>
>- Original Message - 
>From: "Reena Panwar" <[EMAIL PROTECTED]>
>To: <[EMAIL PROTECTED]>
>Sent: Wednesday, July 23, 2003 4:44 PM
>Subject: [squid-users] Please set visible hostname by running squid
>installed from squid sorce tar
>
>
>| Hi
>|
>| I have installed squid from squid-2.5.STABLE5.tar.gz.
>|
>| I have compiled it using make and installed.
>|
>| Now when I am trying to run it from
>| /usr/local/squid/sbin
>| it gives an error please set visible hostname
>|
>| Reena
>|
>|
>| 
>| Get advanced SPAM filtering on Webmail or POP Mail ... Get Lycos Mail!
>| http://login.mail.lycos.com/r/referral?aid=27005
>|
>
>




Get advanced SPAM filtering on Webmail or POP Mail ... Get Lycos Mail!
http://login.mail.lycos.com/r/referral?aid=27005

RE: [squid-users] How to have squid communicate with external acl

> Here is what i am trying, but it seems not work.

Try this:

acl myusers proxy_auth REQUIRED

external_acl_type ip_auth %SRC %LOGIN
/path/ip_user_check -f /path/ip_and_userID

acl ip_auth_acl external ip_auth

http_access allow myusers ip_auth_acl

Adam
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.237 / Virus Database: 115 - Release Date: 3/7/2001

RE: [squid-users] Squid is runnin as a standalone server

> I don't think he she knows anything about squid or apache or anything
> for that matter. He/ she is just a spammer , who annoys all the people
> here.

"Spammer" probably isn't the correct term, because spammers generally
want you to buy something or go to a particular website. This person
probably just didn't understand what Squid was for.

Hopefully he/she does now.

Adam
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.237 / Virus Database: 115 - Release Date: 3/7/2001

RE: [squid-users] how to restrict the file size of download

> Put in your squid.conf file...
> request_body_max_size 20 KB

He wanted to restrict downloads, not uploads. For downloads use:

reply_body_max_size 20 KB

Adam
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.237 / Virus Database: 115 - Release Date: 3/7/2001

Re: [squid-users] Squid is runnin as a standalone server

Clark,

I think so...

-- 

Best Regs,
Masood Ahmad Shah
System Administrator

^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^
|   * * * * * * * * * * * * * * * * * * * * * * * *
|   Fibre Net (Pvt) Ltd. Lahore, Pakistan
|   Tel: +92-42-6677024
|   Mobile: +92-300-4277367
|   http://www.fibre.net.pk
|   * * * * * * * * * * * * * * * * * * * * * * * *
^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^
Unix is very simple, but it takes a genius to understand the simplicity.
(Dennis Ritchie)

- Original Message - 
From: "Clark Allan Dave" <[EMAIL PROTECTED]>
To: "'Masood Ahmad Shah'" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Wednesday, July 23, 2003 5:09 PM
Subject: RE: [squid-users] Squid is runnin as a standalone server


| I don't think he she knows anything about squid or apache or anything for
that matter.
|
| He/ she is just a spammer , who annoys all the people here.
|
| -Original Message-
| From: Masood Ahmad Shah [mailto:[EMAIL PROTECTED]
| Sent: Wednesday, July 23, 2003 3:03 PM
| To: [EMAIL PROTECTED]; Antony Stone
| Cc: [EMAIL PROTECTED]
| Subject: Re: [squid-users] Squid is runnin as a standalone server
|
|
| hmmm it's very strange for me that you are using squid for web services
| instead apache :)
| If you know how to parse CGI or PHP JSP pages via squid .please let me
| know.
|
| -- 
|
| Best Regs,
| Masood Ahmad Shah
| System Administrator
|
| ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^
| |   * * * * * * * * * * * * * * * * * * * * * * * *
| |   Fibre Net (Pvt) Ltd. Lahore, Pakistan
| |   Tel: +92-42-6677024
| |   Mobile: +92-300-4277367
| |   http://www.fibre.net.pk
| |   * * * * * * * * * * * * * * * * * * * * * * * *
| ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^
| Unix is very simple, but it takes a genius to understand the simplicity.
| (Dennis Ritchie)
|
| - Original Message - 
| From: "Reena Panwar" <[EMAIL PROTECTED]>
| To: "Antony Stone" <[EMAIL PROTECTED]>
| Cc: <[EMAIL PROTECTED]>
| Sent: Wednesday, July 23, 2003 4:54 PM
| Subject: Re: [squid-users] Squid is runnin as a standalone server
|
|
| |
| | --Please yaar If i want something which is not possible. Tell me. I
asked
| a think because because obviously I was not sure if that can be done.
| |
| | Reena
| |
| | - Original Message -
| |
| | DATE: Wed, 23 Jul 2003 12:37:45
| | From: Antony Stone <[EMAIL PROTECTED]>
| | To: [EMAIL PROTECTED]
| | Cc:
| |
| | >On Wednesday 23 July 2003 12:16 pm, Reena Panwar wrote:
| | >
| | >> Hi
| | >>
| | >> Look you did not get my question..
| | >>
| | >> I am using squid as a standalone web server. I don't want to use any
| other
| | >> wen server with it. I am not using squid as a proxy but as a web
server
| | >> which will run for me like a normal apache server but I have to use
| squid
| | >> only.
| | >
| | >Oh, I do apologise.   I did not actually realise that it was possible
to
| run
| | >Squid as a web server - I thought it was only a proxy.
| | >
| | >Thanks for enlightening me.
| | >
| | >Regards,
| | >
| | >Antony.
| | >
| | >-- 
| | >
| | >You can spend the whole of your life trying to be popular,
| | >but at the end of the day the size of the crowd at your funeral
| | >will be largely dictated by the weather.
| | >
| | > - Frank Skinner
| | >
| |
| |
| |
| | 
| | Get advanced SPAM filtering on Webmail or POP Mail ... Get Lycos Mail!
| | http://login.mail.lycos.com/r/referral?aid=27005
| |
|

RE: [squid-users] Squid is runnin as a standalone server

2003-07-23 Thread Clark Allan Dave

I don't think he she knows anything about squid or apache or anything for that matter.

He/ she is just a spammer , who annoys all the people here.

-Original Message-
From: Masood Ahmad Shah [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, July 23, 2003 3:03 PM
To: [EMAIL PROTECTED]; Antony Stone
Cc: [EMAIL PROTECTED]
Subject: Re: [squid-users] Squid is runnin as a standalone server

hmmm it's very strange for me that you are using squid for web services
instead apache :)
If you know how to parse CGI or PHP JSP pages via squid .please let me
know.

-- 

Best Regs,
Masood Ahmad Shah
System Administrator

^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^
|   * * * * * * * * * * * * * * * * * * * * * * * *
|   Fibre Net (Pvt) Ltd. Lahore, Pakistan
|   Tel: +92-42-6677024
|   Mobile: +92-300-4277367
|   http://www.fibre.net.pk
|   * * * * * * * * * * * * * * * * * * * * * * * *
^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^
Unix is very simple, but it takes a genius to understand the simplicity.
(Dennis Ritchie)

- Original Message - 
From: "Reena Panwar" <[EMAIL PROTECTED]>
To: "Antony Stone" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Wednesday, July 23, 2003 4:54 PM
Subject: Re: [squid-users] Squid is runnin as a standalone server

|
| --Please yaar If i want something which is not possible. Tell me. I asked
a think because because obviously I was not sure if that can be done.
|
| Reena
|
| - Original Message -
|
| DATE: Wed, 23 Jul 2003 12:37:45
| From: Antony Stone <[EMAIL PROTECTED]>
| To: [EMAIL PROTECTED]
| Cc:
|
| >On Wednesday 23 July 2003 12:16 pm, Reena Panwar wrote:
| >
| >> Hi
| >>
| >> Look you did not get my question..
| >>
| >> I am using squid as a standalone web server. I don't want to use any
other
| >> wen server with it. I am not using squid as a proxy but as a web server
| >> which will run for me like a normal apache server but I have to use
squid
| >> only.
| >
| >Oh, I do apologise.   I did not actually realise that it was possible to
run
| >Squid as a web server - I thought it was only a proxy.
| >
| >Thanks for enlightening me.
| >
| >Regards,
| >
| >Antony.
| >
| >-- 
| >
| >You can spend the whole of your life trying to be popular,
| >but at the end of the day the size of the crowd at your funeral
| >will be largely dictated by the weather.
| >
| > - Frank Skinner
| >
|
|
|
| 
| Get advanced SPAM filtering on Webmail or POP Mail ... Get Lycos Mail!
| http://login.mail.lycos.com/r/referral?aid=27005
|

Re: [squid-users] Squid is runnin as a standalone server

On Wed, 2003-07-23 at 21:51, Reena Panwar wrote:

> But the reason We were using squid is that may be in future we wanted to use these 
> services.

Then you have two options - choose one:
1) Configure squid as a reverse proxy now and use a webserver behind it.
2) Don't use squid until you need those services.

> Please look into the problem

It's not a problem, it's the way things are.

Squid is NOT a webserver.
* It doesn't support CGI.
* It doesn't support static page serving.

Rob
-- 
GPG key available at: .

signature.asc
Description: This is a digitally signed message part

Re: [squid-users] Squid is runnin as a standalone server

hmmm it's very strange for me that you are using squid for web services
instead apache :)
If you know how to parse CGI or PHP JSP pages via squid .please let me
know.

-- 

Best Regs,
Masood Ahmad Shah
System Administrator

^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^
|   * * * * * * * * * * * * * * * * * * * * * * * *
|   Fibre Net (Pvt) Ltd. Lahore, Pakistan
|   Tel: +92-42-6677024
|   Mobile: +92-300-4277367
|   http://www.fibre.net.pk
|   * * * * * * * * * * * * * * * * * * * * * * * *
^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^
Unix is very simple, but it takes a genius to understand the simplicity.
(Dennis Ritchie)

- Original Message - 
From: "Reena Panwar" <[EMAIL PROTECTED]>
To: "Antony Stone" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Wednesday, July 23, 2003 4:54 PM
Subject: Re: [squid-users] Squid is runnin as a standalone server


|
| --Please yaar If i want something which is not possible. Tell me. I asked
a think because because obviously I was not sure if that can be done.
|
| Reena
|
| - Original Message -
|
| DATE: Wed, 23 Jul 2003 12:37:45
| From: Antony Stone <[EMAIL PROTECTED]>
| To: [EMAIL PROTECTED]
| Cc:
|
| >On Wednesday 23 July 2003 12:16 pm, Reena Panwar wrote:
| >
| >> Hi
| >>
| >> Look you did not get my question..
| >>
| >> I am using squid as a standalone web server. I don't want to use any
other
| >> wen server with it. I am not using squid as a proxy but as a web server
| >> which will run for me like a normal apache server but I have to use
squid
| >> only.
| >
| >Oh, I do apologise.   I did not actually realise that it was possible to
run
| >Squid as a web server - I thought it was only a proxy.
| >
| >Thanks for enlightening me.
| >
| >Regards,
| >
| >Antony.
| >
| >-- 
| >
| >You can spend the whole of your life trying to be popular,
| >but at the end of the day the size of the crowd at your funeral
| >will be largely dictated by the weather.
| >
| > - Frank Skinner
| >
|
|
|
| 
| Get advanced SPAM filtering on Webmail or POP Mail ... Get Lycos Mail!
| http://login.mail.lycos.com/r/referral?aid=27005
|

Re: [squid-users] Squid is runnin as a standalone server

2003-07-23 Thread Antony Stone

On Wednesday 23 July 2003 12:51 pm, Reena Panwar wrote:

> Anyways are you sure I will not be able to run cgi scripts on it I mean i
> make it run like a normal web server.

Squid is not a web server.   It is a web proxy.   These are two different 
things.

> Beacuse in that case their is no
> point using squid because right now i don't want to use any of its proxy
> services.

In that case you should clearly use something else, which is a web server.

Perhaps Apache?

Regards,

Antony.

-- 

Abandon hope, all ye who enter here.
You'll feel much better about things once you do.

Re: [squid-users] Please set visible hostname by running squid installed from squid sorce tar

then simple is that set hotst_visible name in your squid.conf
don't worry about it :)

-- 

Best Regs,
Masood Ahmad Shah
System Administrator

^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^
|   * * * * * * * * * * * * * * * * * * * * * * * *
|   Fibre Net (Pvt) Ltd. Lahore, Pakistan
|   Tel: +92-42-6677024
|   Mobile: +92-300-4277367
|   http://www.fibre.net.pk
|   * * * * * * * * * * * * * * * * * * * * * * * *
^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^
Unix is very simple, but it takes a genius to understand the simplicity.
(Dennis Ritchie)

- Original Message - 
From: "Reena Panwar" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, July 23, 2003 4:44 PM
Subject: [squid-users] Please set visible hostname by running squid
installed from squid sorce tar


| Hi
|
| I have installed squid from squid-2.5.STABLE5.tar.gz.
|
| I have compiled it using make and installed.
|
| Now when I am trying to run it from
| /usr/local/squid/sbin
| it gives an error please set visible hostname
|
| Reena
|
|
| 
| Get advanced SPAM filtering on Webmail or POP Mail ... Get Lycos Mail!
| http://login.mail.lycos.com/r/referral?aid=27005
|

Re: [squid-users] Squid is runnin as a standalone server


--Please yaar If i want something which is not possible. Tell me. I asked a think 
because because obviously I was not sure if that can be done.

Reena

- Original Message -

DATE: Wed, 23 Jul 2003 12:37:45
From: Antony Stone <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Cc: 

>On Wednesday 23 July 2003 12:16 pm, Reena Panwar wrote:
>
>> Hi
>>
>> Look you did not get my question..
>>
>> I am using squid as a standalone web server. I don't want to use any other
>> wen server with it. I am not using squid as a proxy but as a web server
>> which will run for me like a normal apache server but I have to use squid
>> only.
>
>Oh, I do apologise.   I did not actually realise that it was possible to run 
>Squid as a web server - I thought it was only a proxy.
>
>Thanks for enlightening me.
>
>Regards,
>
>Antony.
>
>-- 
>
>You can spend the whole of your life trying to be popular,
>but at the end of the day the size of the crowd at your funeral
>will be largely dictated by the weather.
>
> - Frank Skinner
>




Get advanced SPAM filtering on Webmail or POP Mail ... Get Lycos Mail!
http://login.mail.lycos.com/r/referral?aid=27005

Re: [squid-users] Squid is runnin as a standalone server

Hi

I am sorry If you felt bad at Look you didnot..."
I did not mean it.

Anyways are you sure I will not be able to run cgi scripts on it I mean i make it run 
like a normal web server. Beacuse in that case their is no point using squid because 
right now i don't want to use any of its proxy services.

But the reason We were using squid is that may be in future we wanted to use these 
services.

Please look into the problem
Reena

--

- Original Message -

DATE: 23 Jul 2003 21:32:28 +100
From: Robert Collins <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]

>On Wed, 2003-07-23 at 21:16, Reena Panwar wrote:
>> Hi
>> 
>> Look you did not get my question..
>
>With all due respect, you *did not get* the answer.
>
>Squid cannot do what you are asking. It's not a webserver.
>
>Rob
>-- 
>GPG key available at: .
>

Get advanced SPAM filtering on Webmail or POP Mail ... Get Lycos Mail!
http://login.mail.lycos.com/r/referral?aid=27005

[squid-users] Please set visible hostname by running squid installed from squid sorce tar

Hi

I have installed squid from squid-2.5.STABLE5.tar.gz.

I have compiled it using make and installed.

Now when I am trying to run it from
/usr/local/squid/sbin
it gives an error please set visible hostname

Reena



Get advanced SPAM filtering on Webmail or POP Mail ... Get Lycos Mail!
http://login.mail.lycos.com/r/referral?aid=27005

Re: [squid-users] Squid is runnin as a standalone server

2003-07-23 Thread Antony Stone

On Wednesday 23 July 2003 12:16 pm, Reena Panwar wrote:

> Hi
>
> Look you did not get my question..
>
> I am using squid as a standalone web server. I don't want to use any other
> wen server with it. I am not using squid as a proxy but as a web server
> which will run for me like a normal apache server but I have to use squid
> only.

Oh, I do apologise.   I did not actually realise that it was possible to run
Squid as a web server - I thought it was only a proxy.

Thanks for enlightening me.

Regards,

Antony.

--

You can spend the whole of your life trying to be popular,
but at the end of the day the size of the crowd at your funeral
will be largely dictated by the weather.

 - Frank Skinner

Re: [squid-users] Squid is runnin as a standalone server

On Wed, 2003-07-23 at 21:16, Reena Panwar wrote:
> Hi
> 
> Look you did not get my question..

With all due respect, you *did not get* the answer.

Squid cannot do what you are asking. It's not a webserver.

Rob
-- 
GPG key available at: .

signature.asc
Description: This is a digitally signed message part

[squid-users] Squid is runnin as a standalone server

Hi

Look you did not get my question..

I am using squid as a standalone web server. I don't want to use any other wen server 
with it. I am not using squid as a proxy but as a web server which will run for me 
like a normal apache server but I have to use squid only. 

Now as we have certain directories in any other web server where we place our jsp and 
html page same way I wanna know if the above scenario can be achieved . If yes how. 
And where to place my cgi script and html pages.

Regards
Reena




Get advanced SPAM filtering on Webmail or POP Mail ... Get Lycos Mail!
http://login.mail.lycos.com/r/referral?aid=27005

[squid-users] Squid is runnin as a standalone server

Hi

Look you did not get my question..

I am using squid as a standalone web server. I don't want to use any other wen server 
with it. I am not using squid as a proxy but as a web server which will run for me 
like a normal apache server but I have to use squid only. 

Now as we have certain directories in any other web server where we place our jsp and 
html page same way I wanna know if the above scenario can be achieved . If yes how. 
And where to place my cgi script and html pages.

Regards
Reena




Get advanced SPAM filtering on Webmail or POP Mail ... Get Lycos Mail!
http://login.mail.lycos.com/r/referral?aid=27005

Re: [squid-users] in which directories os qsuid should i place HTML and CGI scripts

2003-07-23 Thread Antony Stone

On Wednesday 23 July 2003 11:57 am, Reena Panwar wrote:

> Hi
>
> I have installed squid-2.4.STABLE1.i386.rpm.
> Now I want that whenever a request comes to squid a CGI script shoud run,
> which will throw a login page(HTML) on the user's screen.

You don't need a proxy server to do this - you need a web server.

You might want Squid to redirect requests to that web server for you, but 
that's where you need to run the CGI scripts.

Regards,

Antony.

-- 

Documentation is like sex:
when it's good, it's very very good;
when it's bad, it's still better than nothing.

[squid-users] in which directories os qsuid should i place HTML and CGI scripts


Hi

I have installed squid-2.4.STABLE1.i386.rpm.
Now I want that whenever a request comes to squid a CGI script shoud run, which will 
throw a login page(HTML) on the user's screen.
Now where should i place HTML and CGI scripts.
And how will this script run if any user accesses any web page.

Reena




Get advanced SPAM filtering on Webmail or POP Mail ... Get Lycos Mail!
http://login.mail.lycos.com/r/referral?aid=27005

[squid-users] Re: squid caching period

2003-07-23 Thread Troels Arvin

On Tue, 22 Jul 2003 03:31:12 +0200, Henrik Nordstrom wrote:

> It depends on the timestamps of the object and your refresh_pattern
> settings

I bit surprising: It seems that Squid will never cache anything which will
otherwise expire within 1 minute. I have used this patch to overcome that:

http://troels.arvin.dk/linuxforum2003/?p=16

-- 
Greetings from Troels Arvin, Copenhagen, Denmark

[squid-users] Traffic ???

2003-07-23 Thread Valter Dal Bo

Hi all !

I'd like to know if sites stopped/banned by ACLs cause traffic anyway.
I mean; if I pay for every byte that I receive from internet and in 
order to reduce the traffic I decide to ban all the banner/advertising 
sites, if my users still try to go on those sites or visit web pages 
with banners, do those banned address still cause traffic that I'm going 
to pay in the end ?
In other words, are the ACLs doing they're job _before_ (stopping the 
address from beeing requested) or _after_ (stopping the browser from 
displaying the contents) ?

Thank you

--

|____  | Valter DAL BO
|   /  \ /| |'-.   | e-mail: [EMAIL PROTECTED]
|  .\__/ || |   |  |
|   _ /  `._ \|_|_.-'  | Tesco TS S.p.A.
|  | /  \__.`=._) (_   | http://www.tesco.it
|  |/ ._/  |"| |
|  |'.  `\ | | | tel.: +390113011711
|  ;"""/ / | | | fax : +390113140362
|   ) /_/| |.---.| | mobile: +393357707810
|  '  `-`' " " | C.so Tazzoli 10137 Torino ITALY

Re: [squid-users] how to restrict the file size of download

2003-07-23 Thread Aqil

 --- Li Wei <[EMAIL PROTECTED]> a écrit : > hi,all
> 
> I'd like to restrict the size of download through
> Squid.
> 

Try reply_body_max_size directive

 
HTH
aqil

___
Do You Yahoo!? -- Une adresse @yahoo.fr gratuite et en français !
Yahoo! Mail : http://fr.mail.yahoo.com

Re: [squid-users] how to restrict the file size of download