Re: [squid-users] squid + axel

[Robert Collins]

On Mon, 2003-08-11 at 21:48, Henrik Nordstrom wrote:
> On 11 Aug 2003, Robert Collins wrote:
> 
> > Ermm, you don't need bonding for load balancing here: A simple /32 route
> > on each dial up interface in the ISP, and propogated using some IGP (one
> > ISP needed) will allow traffic to be roughly-distributed over multiple
> > links with disparate IP's.
> 
> True, but bonding makes life considerably easier for all parties involved
> escpecially in dial-up situations where the links are not dedicated at the
> ISP.

Not significantly IMO, standard proportional-weighted routing is pretty
easy to setup :}.

> Note: I count multilink-PPP as a form of bonding in this discussion.

Yep, so do I.

Rob

-- 
GPG key available at: .


signature.asc
Description: This is a digitally signed message part

Re: [squid-users] wccpv2 problems

[Masood Ahmad Shah]

what do u mean by precompiled ?
If you mean to say that you have already compiled squid source and now you
patched your squid source with wccp support.. for this you will have to run

make clean
before
make

-- 

Best Regs,
Masood Ahmad Shah
System Administrator

^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^
|   * * * * * * * * * * * * * * * * * * * * * * * *
|   Fibre Net (Pvt) Ltd. Lahore, Pakistan
|   Tel: +92-42-6677024
|   Mobile: +92-300-4277367
|   http://www.fibre.net.pk
|   * * * * * * * * * * * * * * * * * * * * * * * *
^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^
Unix is very simple, but it takes a genius to understand the simplicity.
(Dennis Ritchie)

- Original Message - 
From: "Allen Stringfellow" <[EMAIL PROTECTED]>
To: "SquidList" <[EMAIL PROTECTED]>
Sent: Wednesday, August 06, 2003 7:41 AM
Subject: [squid-users] wccpv2 problems


| I am trying to compile Squid-2.5.3 on RedHat Linux 9.0 (kernel 2.4.21 with
| ip_wccp.patch patched into the precompile includes).  I ran the
wccpv2.patch
| against the precompiled squid source and ran the configure script
| with --linux-netfilter , --delay-pools, --snmp, and --wccpv2 options
| enabled.  When I run 'make all' I get the following errors from the wccpv2
| mod:
|
|  wccpv2.c || echo './'`wccpv2.c
| wccpv2.c: In function `wccp2HandleUdp':
| wccpv2.c:338: warning: unused variable `tmp'
| wccpv2.c: In function `wccp2AssignBuckets':
| wccpv2.c:483: parse error before "sizeof"
| wccpv2.c:483: parse error before ')' token
| wccpv2.c:442: warning: unused variable `wccp2_assign_bucket'
| wccpv2.c:443: warning: unused variable `buckets_per_cache'
| wccpv2.c:444: warning: unused variable `loop'
| wccpv2.c:445: warning: unused variable `number_caches'
| wccpv2.c:447: warning: unused variable `caches'
| wccpv2.c:448: warning: unused variable `offset'
| wccpv2.c:449: warning: unused variable `buckets'
| wccpv2.c:450: warning: unused variable `buf'
| make[3]: *** [wccpv2.o] Error 1
|
| Is there a more current patch or am I doing something wrong??
|
|
|

[squid-users] Squid Kernel 2.4.20 & WCCP

[Tom Hutchison]

I just built a squid proxy server using Redhat 9, squid-2.5.STABLE1-2, 
Kernel 2.4.20-19.9

I patched the RH kernel with the ip_wccp-2_4_18.patch from Vissolve and 
squid with the wccpv2 patch.  I am using IP tables to redirect port 80 
to port 8080 of the squid server.  I have confirmed squid and the port 
redirection is working by configuring my browser to use the squid server 
as its proxy at port 80.  The browser works fine this way.

However, when my Cisco 7206VXR router redirects traffic via wccp to the 
squid box the URL's are broken when the squid server receives them.  See 
the squid access log below.  It looks like the first part of the URL is 
truncated.  i.e. " http://www.yahoo.com/player/historylog.asp " gets cut 
to " /player/history.asp?. " when squid receives it.  Then 
squid sends a "malformed URL" message to the client browser.  BTW, I get 
the same results with version 1 or version 2 of wccp configured.

Any help would be very much appreciated.

Tom

-
1060647396.299  8 198.xxx.xx.xxx NONE/400 1519 GET 
/b/MSMSNMATCMOC/120x240_flirtOn.gif - NONE/- text/html

1060647400.949 15 198.xxx.xx.xxx NONE/400 1585 GET 
/player/historylog.asp?vid=177292&uid=1215030065&rand=217825 - NONE/- 
text/html

1060647401.366 18 198.xxx.xx.xxx NONE/400 1959 GET 
/player/videocontext.asp?cid=1&ps=0&sx=p%2F13.xml&sgmid=2&cntid=1&vid=177292&bw=300&uid=1215030065&im=1&bb=Microsoft&bp=Windows%20NT&tw=LaunchVideoTarget&env=&cfw=322&vf=2&cf=1&rf=&dwurl= 
- NONE/- text/html

--
  "The only secure Microsoft software is what's still shrink-wrapped
in their warehouse..."

Tom Hutchison	 voice: 541-966-3187
Network Analyst  fax:   541-966-3231
Intermountain Technology email: [EMAIL PROTECTED]
---

Re: [squid-users] Authentication

[Henrik Nordstrom]

On Monday 11 August 2003 16.44, Adam Aube wrote:
> > if i only want the users on my lan (Windows 98 and 2000, IE 6.0)
> > to authenticate to a users list in the linux proxy, which is the
> > authentication program that i ve to use? I tried to do it with
> > NCSA, but it didnt worked (Is it supposed to??). I want my users
> > to have to log once they open the browser, am i clear?
>
> NCSA auth should work for what you want to do, but in your case
> Digest auth would probably be even better. The default squid.conf
> has good info on setting up the digest auth helper.

Except that you need 2.5.STABLE3 or later for good Digest support.

The basic authenticaiton scheme is always compiled into Squid unless 
disabled, so this most likely is available in your Squid binary. If 
you are lucky the ncsa_auth helper is also installed already.

Regards
Henrik

-- 
Donations welcome if you consider my Free Squid support helpful.
https://www.paypal.com/xclick/business=hno%40squid-cache.org

If you need commercial Squid support or cost effective Squid or
firewall appliances please refer to MARA Systems AB, Sweden
http://www.marasystems.com/, [EMAIL PROTECTED]

RE: [squid-users] smb_auth fixed nearly

[Adam Aube]

Have changed that now, but makes no difference :(  well spotted thow :)

cheers

andy

-Original Message-
From: Adam Aube [mailto:[EMAIL PROTECTED]
Sent: 11 August 2003 16:00
To: [EMAIL PROTECTED]
Subject: RE: [squid-users] smb_auth fixed nearly


> slox:~ # smb_auth -W link_51 -S /software/proxyauth.txt -d

> authenticate_program /usr/local/smb_auth -W link51
> -U 151.151.3.202 -S

I missed this before - you changed the domain you test with on
the command line, but didn't change it in your squid.conf.

Adam

Re: AW: [squid-users] NTLM wb_group auth and Squid 2.5 Stable 3 with SuSE

[Henrik Nordstrom]

See the Samba installation instructions.

Regards
Henrik

On Friday 08 August 2003 10.57, Mueller, Thomas wrote:
> Ok, i just found out that the winbind deamon was the "old" one from
> the SuSE rpm package 2.2.7a but I have installed Samba 2.2.8a.
> The wbinfo -a returned an error with the 2.2.7a.
>
> After deinstallation of the samba client with the winbind deamon, I
> reinstalled
> Samba with these options again:
> --with-winbind
> --with-winbind-auth-challenge
>
> But now, there is no winbindd on my system???!
> Wbinfo is not found and winbindd also??
>
> I donwloaded from the samba page the "samba-latest.tar"
>
> What am i doing wrong?
> Regards
> Thomas
>
> > -Ursprüngliche Nachricht-
> > Von: Henrik Nordstrom [mailto:[EMAIL PROTECTED]
> > Gesendet: Freitag, 8. August 2003 09:52
> > An: Mueller, Thomas; '[EMAIL PROTECTED]'
> > Betreff: Re: [squid-users] NTLM wb_group auth and Squid 2.5
> > Stable 3 with SuSE
> >
> > On Friday 08 August 2003 09.30, Mueller, Thomas wrote:
> > > I use SuSE 8.2 with Squid 2.5 Stable 3 from squid-cache.org and
> > > the latest Samba, download from yesterday (first I used the
> >
> > original Samba
> >
> > > rpm package from SuSE)
> >
> > Which version of Samba?
> >
> > What is the result of wbinfo -a test? (see the Squid FAQ on
> > winbind)
> >
> > --
> > Donations welcome if you consider my Free Squid support
> > helpful.
> > https://www.paypal.com/xclick/business=hno%40squid-cache.org
> >
> > If you need commercial Squid support or cost effective Squid
> > or firewall appliances please refer to MARA Systems AB,
> > Sweden http://www.marasystems.com/, [EMAIL PROTECTED]

Re: [squid-users] [ Squid Cache: Version 3.0-PRE2-20030806 ] [ SSL ]

[Henrik Nordstrom]

On Saturday 09 August 2003 04.54, Imad Soltani wrote:

> https_port 443 cert=x.crt key=x.key defaultsite=sww.webbox.com

defaultsite here should in most cases be the externally visible domain 
name the user is supposed to be using in their browser.

> The error say that squid is enable to forward the request at this
> time

You are missing a cache_peer definition telling Squid where and how to 
send the request.

Regards
Henrik

-- 
Donations welcome if you consider my Free Squid support helpful.
https://www.paypal.com/xclick/business=hno%40squid-cache.org

If you need commercial Squid support or cost effective Squid or
firewall appliances please refer to MARA Systems AB, Sweden
http://www.marasystems.com/, [EMAIL PROTECTED]

Re: [squid-users] Configuring multiple network card

[Henrik Nordstrom]

On Monday 11 August 2003 02.52, Mathew Thomas wrote:

> How can I configure the squid and network-card so that one netwok
> card will be used for talking to the faculty proxy servers and
> another card for fetching the pages from internet? I believe, this
> way things might be little faster.

One more note: Assuming you are using full-duplex connections and 
there is no bottlenecks in the network between you and the local 
servers + internet gateway then there is no noticeable benefit from 
having multiple NIC connections in terms of performance unless you 
need higher bandwidth than one NIC can provide.

If there is bottlenecks in the local network such as a overloaded 
firewall etc then having different conenctions to different sides of 
the bottleneck will obviously help, but it is probably more 
preferable to address the bottleneck directly than to try to bypass 
it.

So it boils down to that the main benefit of having multiple NIC 
connections is more in the area of redundancy than performance. A 
prorperly set up multi-NIC configuration may surive even if one NIC 
(or cable) crashes.

Regards
Henrik

-- 
Donations welcome if you consider my Free Squid support helpful.
https://www.paypal.com/xclick/business=hno%40squid-cache.org

If you need commercial Squid support or cost effective Squid or
firewall appliances please refer to MARA Systems AB, Sweden
http://www.marasystems.com/, [EMAIL PROTECTED]

Re: [squid-users] Proxy setup script

[Antony Stone]

On Monday 11 August 2003 8:34 pm, Alvaro Gordon-Escobar wrote:

> Does any one have a scritp that will setup the proxy configurations on
> upon user logon?

You'll need to define "login".

What Operating System are the users logging in to; what mechanism is used to 
authenticate them?

Antony.

-- 

Anyone that's normal doesn't really achieve much.

 - Mark Blair, Australian rocket engineer

Re: [squid-users] browsing ms .net passport or webmail sites - FAIL

[Henrik Nordstrom]

On Monday 11 August 2003 11.19, [EMAIL PROTECTED] wrote:
> ok, i fixed the problem.
> it was never_direct allow SSL in my config
>
> but i get another error with "Zero Sized Reply"  in the faq there
> is an article about it, but nothing really helpfully thins.

Maybe you are bitten by broken web servers disliking what Squid does 
with the Host header? See the "Squid 2.5 patches" page for details.

Regards
Henrik

-- 
Donations welcome if you consider my Free Squid support helpful.
https://www.paypal.com/xclick/business=hno%40squid-cache.org

If you need commercial Squid support or cost effective Squid or
firewall appliances please refer to MARA Systems AB, Sweden
http://www.marasystems.com/, [EMAIL PROTECTED]

Re: [squid-users] [ Squid Cache: Version 3.0-PRE2-20030806 ] [ SSL ]

[aqil]

Pada 10-Aug-2003, Imad Soltani menulis:
> On Wed, 2003-08-06 at 04:41, [EMAIL PROTECTED] wrote:
> > Pada 09-Aug-2003, Imad Soltani bilang:
> > > Hello , 
> > > The following error was encountered: 
> > > 
> > > Unable to determine IP address from host name for
> > > rev.host-160.201.tiscali-business.fr 
> > > The dnsserver returned: 
> > 
> je ne saisis pas la question .
> Il semble que oui ( j'avoue avoir fait des tests basiques a la nslookup
> ip ip_dns ) et ca reponds correctement  

Apres avoir vu l'erreur, il sembelerait que vos serveurs de DNS ne
pouvait resoudre la page que vous avez demande

# nslookup
> rev.host-160.201.tiscali-business.fr
Server: 10.129.1.2
Address:10.129.1.2#53
Non-authoritative answer:
Name:   rev.host-160.201.tiscali-business.fr
Address: 212.83.160.201

Qu'est-ce que ca donne si vous essayez les adresses au lieu des URLs ?
Pour rev.host-160.201.tiscali-business.fr par example, essayez :
http://212.83.160.201

> > Et ou est-ce que vous avez mis votre http_access deny par rapport a
> > votre http_access allow ?
> > 
> La par contre , je ne saisis plus .

Il se peut que votre http_access deny est saisi en premier lieu alors
ttp_access allow ne pourra jamais etre lu... Et cela se passe si votre
http_access deny se place avant http_access allow

Cepandant vue l'erreur que vous avez eue, il semblerait c'est un probleme de
DNS..

> Merci de votre aide .
> 
> Au vu de la difficulte que j'ai eu avec la devel , j'en ferais un site
> de mes *histoires* 

Si vous voulez ..

> IS

HTH
aqil

Re: [squid-users] Problems with the ncsa_auth

[Antonio Lopez Mercader]

Ok, this was the problem. Creating/adding users with the d flag works. I
wont touch anything else =)

Lets try with chpasswd now (http://web.onda.com.br/orso/chpasswd.html).
After installing it, whats the URL of the cgi?
Lets supose my hostname is pepe.emp.com and the cgi is installed in
/usr/local/etc/httpd/cgi-bin

Merci beaucoup ;-)

- Original Message - 
From: "aqil" <[EMAIL PROTECTED]>
To: "Antonio Lopez Mercader" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Monday, August 11, 2003 5:35 AM
Subject: Re: [squid-users] Problems with the ncsa_auth


> Pada 08-Aug-2003, Antonio Lopez Mercader menulis:
> > Hello,
> > I supose it might be a problem related with the password file, but can't
> > guess what. All paths seem to be correct.
>
> Try manually your authentication program :
> #auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/squid_passwd
>
> Try some couples of examples. If it returns OK then it should be fine.
> But if you got ERR instead of OK, I recommend you to check your
> squid_passwd file
>
> user1 goodpassword
> OK
>
> user1 badpassword
> ERR
>
> ...
> Be sure to use crypt() encryption ..
>
> regards,
> aqil

RE: [squid-users] User Authentication using NCSA module.

[ads squid]

Yes I have used rpm -ql and found out location.
So my command in .conf file is 
"auth_param basic program /usr/lib/squid/ncsa_auth
/usr/local/squid/etc/passwd"

I have created password file. path
/usr/local/squid/etc/passwd. tried to creat username
and passowd by command
[EMAIL PROTECTED] root]# htpasswd −bd
/usr/local/squid/etc/passwd xyz ads
Gets following error.
Usage:
htpasswd [-cmdps] passwordfile username
htpasswd -b[cmdps] passwordfile username
password

htpasswd -n[mdps] username
htpasswd -nb[mdps] username password
 -c  Create a new file.
 -n  Don't update file; display results on stdout.
 -m  Force MD5 encryption of the password.
 -d  Force CRYPT encryption of the password (default).
 -p  Do not encrypt the password (plaintext).
 -s  Force SHA encryption of the password.
 -b  Use the password from the command line rather
than prompting for it.
On Windows, NetWare and TPF systems the '-m' flag is
used by default.
On all other systems, the '-p' flag will probably not
work.

Thanks for support.


--- Adam Aube <[EMAIL PROTECTED]> wrote:
> > My password file will be at
> /usr/local/squid/etc/passwd
> 
> Did you use rpm -ql to find out where the rpm put
> the
> ncsa_auth program? You'll need to know that to setup
> the authentication.
> 
> > I am sorry, I am new to this don't know how to
> create
> > crypt encryption. I think format is
> username:passowrd.
> 
> Yes, that is the correct format. There are several
> ways
> to setup the password file.
> 
> If you also have Apache installed on this server,
> you
> can use the htpasswd program that comes with Apache.
> Check its man page for correct info.
> 
> You can also create the encrypted passwords with
> Perl.
> From the command line, run:
> 
> perl -e "print crypt('[password]','[seed]')"
> 
> Where [password] is the cleartext password and
> [seed] is
> a random 2-character string.
> 
> Adam


__
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com

Re: [squid-users] Newbie at Squid.

[Schelstraete Bart]

Alvaro Gordon-Escobar wrote:

I just got squip up and running.  

I want to block .exe .zip .msi and .vbs cmd.exe root.exe  etc.
I don't want people to download this files.  especially becuase my file server is 
running low on space.
I want o block these files from HTTP and FTP.
I tried to block FTP downloads, but that block all  FTP dwonloads, including PDF and legit word docs.

I have read in some doc that a txt file can be created too use as a filter.

 

Hello ,

Pls read the FAQ first, which is available on the Squid website:   
http://www.squid-cache.org
(what you should always do)
This will explain alot.

rgrds,

 Bart

Re: [squid-users] squid + axel

[Robert Collins]

On Mon, 2003-08-11 at 17:53, Henrik Nordstrom wrote:
> On Monday 11 August 2003 00.49, Bob Arctor wrote:
> > 3)it is _only_ way to balance traffic if you have multiple slow
> > lines (like few dialups, like i do have)
> 
> It is the only way to balance traffic for the same large download 
> request on multiple slow dial up lines not supporting bonding. On 
> this I agree.

Ermm, you don't need bonding for load balancing here: A simple /32 route
on each dial up interface in the ISP, and propogated using some IGP (one
ISP needed) will allow traffic to be roughly-distributed over multiple
links with disparate IP's.

Cheers,
Rob
-- 
GPG key available at: .


signature.asc
Description: This is a digitally signed message part

RE: [squid-users] Transparent authentication problem

[Adam Aube]

> In my Windows network i installed SQUID 2.5 STABLE1 and
> SAMBA 2.2.5 on a Linux Debian 2.4.19 box.

We have NTLM auth working successfully; Squid 2.5STABLE3,
Samba 2.2.8a and Windows 2000 AD. Clients use a mix of
IE 5.01, IE 5.5, and IE 6. So it should work for you.

The only other suggestion I have to try Squid 2.5STABLE3
and Samba 2.2.8a. Maybe there's some obscure bug that
tripping you up that's been fixed in a newer version.

Adam

[squid-users] wccpv2 problems

[Allen Stringfellow]

I am trying to compile Squid-2.5.3 on RedHat Linux 9.0 (kernel 2.4.21 with
ip_wccp.patch patched into the precompile includes).  I ran the wccpv2.patch
against the precompiled squid source and ran the configure script
with --linux-netfilter , --delay-pools, --snmp, and --wccpv2 options
enabled.  When I run 'make all' I get the following errors from the wccpv2
mod:

 wccpv2.c || echo './'`wccpv2.c
wccpv2.c: In function `wccp2HandleUdp':
wccpv2.c:338: warning: unused variable `tmp'
wccpv2.c: In function `wccp2AssignBuckets':
wccpv2.c:483: parse error before "sizeof"
wccpv2.c:483: parse error before ')' token
wccpv2.c:442: warning: unused variable `wccp2_assign_bucket'
wccpv2.c:443: warning: unused variable `buckets_per_cache'
wccpv2.c:444: warning: unused variable `loop'
wccpv2.c:445: warning: unused variable `number_caches'
wccpv2.c:447: warning: unused variable `caches'
wccpv2.c:448: warning: unused variable `offset'
wccpv2.c:449: warning: unused variable `buckets'
wccpv2.c:450: warning: unused variable `buf'
make[3]: *** [wccpv2.o] Error 1

Is there a more current patch or am I doing something wrong??

RE: [squid-users] User Authentication using NCSA module.

[Adam Aube]

> Now if user is accessing from WIN 98 machine. I think When
> browser opens it It shoud prompt for Username and password.
> Then If I enter username and password matching from passwd
> file it should permit to access internet as per acls.

Basically - yes, that is how it works.

Setting up an acl

acl xyz proxy_auth REQUIRED

will make acl xyz match on any user that authenticates
successfully.

You can also specify individual users:

acl abc proxy_auth jdoe sdoe jsmith

This will match only for those listed users.

There is also a proxy_auth_regex acl, which allows you to
match users using regular expressions.

Adam

Re: [squid-users] squid + axel

[Antony Stone]

On Sunday 10 August 2003 9:05 pm, Bob Arctor wrote:

> axel is an download 'accelerator'
> originally it splits file to parts (equal) , opens local file , and
> download it.

Pardon my ignorance, but how does this accelerate anything?

What sort of bottleneck (where) between server and client does axel overcome?

Antony.

> On Sunday 10 August 2003 21:34, Henrik Nordstrom wrote:
> > On Sunday 10 August 2003 20.39, Bob Arctor wrote:
> > > i tried to modify axel.c to make it work as an cgi-bin script ,
> > > and with squid rewriting url to point it to cgi-bin script, but
> > > after a while of hacking i concluded it is pointless.
> >
> > What is axel?
> >
> > Regards
> > Henrik

-- 

This is not a rehearsal.
This is Real Life.

Re: [squid-users] Skymaster 630e "Internet Page Accelerator" replacement?

[Lucas Brasilino]

Hi Gustavo:


There is a service here in Brazil that uses the Skymaster 630e
(http://www.gilat.com/Products_Skystar360e_OverView.asp) "modem". It
communicates via satellite and it have a huge delay in the requests...
so browsing the Internet isn't possible, to solve that they provide a
"Internet Page Accelerator", unfortunately just for M$ Windows.
The software runs with Wine, but requires a local windows installation :(

The basic operation of that software is: it's a proxy that reduces ACK
requests "packaging" requests like this: Each page is downloaded in 2
requests: 1 for HTML and 1 for Images and likes
So I wonder if that is possible with Squid or other GPL software? If
it's not possible with Squid right now, how difficult would be to
implement that?
I've already deployed a network using this so called
"satellite modem". I haven't found a replacement for the
Internet Page Accelerator so my solution was using Squid
as it's "child cache".
Please refer "cache_host" directive.
bests regards

--

[]'s
Lucas Brasilino
[EMAIL PROTECTED]
http://www.recife.pe.gov.br
Emprel -Empresa Municipal de Informatica (pt_BR)
Municipal Computing Enterprise (en_US)
Recife - Pernambuco - Brasil
Fone: +55-81-34167078

RE: [squid-users] CPU utilization performance issue

[Adam Aube]

> 'Multiple cache disks', does that included hardware raids,
> because that are also 'multiple disks'.

I would assume it does not, but I don't think that was
specifically discussed.

However, one item that has come up repeatedly it to NOT
use RAID5 with Squid, because Squid's use of disk (many,
many small writes) causes big performance issues on RAID5.

I would imaging, though, that RAID0 (striping) would perform
quite well, but I think that from Squid's perspective it would
still count as a single cache disk.

> I will do some tests regarding this in the future.

Be sure to let us know the results.

Adam

RE: [squid-users] smb_auth fixed nearly

[Adam Aube]

squid -k parse has no errors

cache.log has a error in it

2003/08/11 15:53:12| ipcCreate: /usr/local/smb_auth: (13) Permission denied

also now when i try to authenticate askes 3 times and then fails now say
"this cache requires authentication" but form command line is ok

2003/08/11 15:54:49| Squid is already running!  Process ID 3782
slox:~ # smb_auth -W link_51 -S /software/proxyauth.txt -d
adean elizabeth
Domain name: link_51
Pass-through authentication: no
Query address options:
Domain controller IP address: 151.151.3.202
Domain controller NETBIOS name: LINKTEL
Contents of //LINKTEL/software/proxyauth.txt: allow
OK

any suggestions pleae

andy

-Original Message-
From: Adam Aube [mailto:[EMAIL PROTECTED]
Sent: 11 August 2003 15:49
To: [EMAIL PROTECTED]
Subject: RE: [squid-users] smb_auth fixed nearly


> The only problem i get now is after i`ve authenticated
> i get a dns error page generated by IE

Are there any errors in cache.log? What does the output of
squid -k parse (no output = good) and squid -v say?

Adam

Re: [squid-users] squid + axel

[Henrik Nordstrom]

On 11 Aug 2003, Robert Collins wrote:

> Ermm, you don't need bonding for load balancing here: A simple /32 route
> on each dial up interface in the ISP, and propogated using some IGP (one
> ISP needed) will allow traffic to be roughly-distributed over multiple
> links with disparate IP's.

True, but bonding makes life considerably easier for all parties involved
escpecially in dial-up situations where the links are not dedicated at the
ISP.

Note: I count multilink-PPP as a form of bonding in this discussion.

Regards
Henrik

RE: [squid-users] smb_auth

[Denis V. Terebiy]

> Hi 
> I`m having problems with trying to get smb_auth to work
> 
> the error i get is below
> slox:~ # smb_auth -W link51 -U 151.151.3.202 -S /software -d 
> adean elizabeth Domain name: link51 Pass-through 
> authentication: no Query address options: -U 151.151.3.202 -R 
> Domain controller IP address: ERR
> 
> any ideas please

1) Squid is not in original Windows enviroment (connect to DC throw
firewall) and
  2) -U do not show to WINS server, where smb_auth can get IP adress of
DC

[squid-users] Authentication

[sebastiand]

Hi. Im trying to build a proxy with a Red Hat 8.0 and Squid 2.4.STABLE7-4.
The cache proxy is working properly, but i cant solve the authentication
question. I've checked the documentation but i still have some doubts. if
i only want the users on my lan (Windows 98 and 2000, IE 6.0) to authenticate
to a users list in the linux proxy, which is the authentication program
that i ve to use? I tried to do it with NCSA, but it didnt worked
(Is it supposed to??).
I want my users to have to log once they open the browser, am i clear?
thanks in advance
Sebastian Davancens


E-mail y acceso a Internet UltraVeloz totalmente GRATIS en Buenos Aires,
Rosario, Cordoba, Mendoza, La Plata y Pilar
http://www.Argentina.com
Nro. de acceso 5078-5000 Usuario: Argentina Password: Argentina




-- 
Obtenga gratis su cuenta @Argentina.com con AntiVirus, 
20mb de espacio y acceso libre UltraVeloz en 24 ciudades
   www.Argentina.com

[squid-users] Authneticating Windows NT/2000 users with squid

[azad_a]

Hi all

How can I authenticate windows NT/2000 domain users with squid.Can squid be
integrated to use Windows Authentication.
Any suggesstions /solutions.

Rgds
Azad


This mail was scanned by Interscan Virus Wall of Mailserver2 at SNR, TCS, Chennai

RE: [squid-users] User Authentication using NCSA module.

[Adam Aube]

>I got "squid-ncsa_auth-2.5.STABLE3-2.i586.rpms" from
>web. I installed this rpm but still get following
>error after squid reconfigure.

>2003/08/11 14:40:21| aclParseAclLine: IGNORING: Proxy
>Auth ACL 'acl anta proxy_auth REQUIRED' because no
>authentication schemes are fully configured.

Did you setup the proper "auth_param basic" lines in
your squid.conf? See the default squid.conf for details.

Adam

[squid-users] problem with my net

[Lucas de C. Zechim]

I have to net. One is 10.100.*.* and other 100.100.100.*

I create a acl's rules to this nets access, the two nets access the web,
but the net 10.100 not access my local webserver..

thanks

+ Lucas de Camargo Zechim
+
+  CNEC Capivari
+   Rua Barão do Rio Branco, 374
+   13360-000
+   Capivari / São Paulo / Brasil
+
+Nossa missão:
+ "Oferecer educação de excelência
+  com compromisso social visando
+  formação integral das pessoas."
+

[squid-users] Transferring from one squid to another squid proxy

[azad_a]

Hi

I,m running Master squid 2.4 (10.10.10.1)on one redhat 7.3 server and
another slave squid 2.4(10.10.10.2)  server.
All request coming to 10.10.10.2 needs to be transferred to 10.10.10.1.
cache_peer is added in slave proxy

cache_peer 10.10.10.1 parent  80 3130 proxy-only

Browsing is happening fine .But all mail sites ( mail.yahoo.com,
hotmail.rediffmail.com) which has authentication is not going thru.Gives
page cannot be displayed.Any other parameters needs to added , suggestions
please.

Rgds
Azad

This mail was scanned by Interscan Virus Wall of Mailserver2 at SNR, TCS, Chennai

RE: [squid-users] Winbind basic authentication problems with squi d

[Henrik Nordstrom]

On Wed, 6 Aug 2003, FWAdmin wrote:

> Yeah, wbinfo does work.
> 
> No, like I said I didn't specify the path. As seen in the logs Squid is
> still able to find the helper though.


The thing is that the winbind helpers is very sensitive to the version of 
Samba used. If you do not specify the path to your Samba sources when you 
build Squid then it will only work for specific versions of Samba, 
producing strange results on other versions.

See the Squid-2.5 release notes.

Regards
Henrik

[squid-users] smb_auth fixed nearly

[Andy Dean]

Right got it working now :)) domain name was link51 but in netbios is
link_51 lol

slox:~ # smb_auth -W link_51 -S /software/proxyauth.txt -d
adean elizabeth
Domain name: link_51
Pass-through authentication: no
Query address options:
Domain controller IP address: 151.151.3.202
Domain controller NETBIOS name: LINKTEL
Contents of //LINKTEL/software/proxyauth.txt: allow
OK

The only problem i get now is after i`ve authenticated i get a dns error
page generated by IE, the rule for smb_auth is below

authenticate_program /usr/local/smb_auth -W link51 -U 151.151.3.202 -S
\software\proxyauth.txt
acl domainusers proxy_auth REQUIRED
http_access allow domainusers

thanks

Regards

Andy Dean
IT Services 



E-Mail Disclaimer:
The information in this e-mail is confidential, and may be legally
privileged.  It is intended  solely for the addressee.  Access to this
e-mail by anyone else is unauthorised.  If you are not the intended
recipient, any disclosure, copying, distribution or any action taken or
omitted to be taken in reliance on it, is prohibited and may be unlawful.

Re: [squid-users] external_acl and http_reply_access

[Robert Collins]

On Sun, 2003-08-10 at 18:31, Joshua Brindle wrote:

> which specifically returns the request header, is there a way
> to make this check which side of the request we are on, or
> will a new type %{reply:header} or whatever need to be 
> created? I'll play around with this a bit but I'd like the opinion of
> the squid gurus
> 

new type is needed...

essentially copy n paste the request header logic, I'd suggest %[Header]
as the format - allowing the same parsing logic other than the bracket
type.

Cheers,
Rob
-- 
GPG key available at: .


signature.asc
Description: This is a digitally signed message part

Re: [squid-users] squid + axel

[Bob Arctor]

there are traffic shapers and QoS services which prevent links from being 
monopolised. 
and if he just hacked 10 phone boxes, he would be glad that upload will 
finish 10x faster, so he can escape more quickly ;)


On Monday 11 August 2003 09:18, Henrik Nordstrom wrote:
> On Monday 11 August 2003 00.49, Bob Arctor wrote:
> > also, if server is load balanced on i.e. 10 slow links, it would
> > allow you to download with greater speed from it . otherwise no
> > matter how many links server owner on siberia will manage to get,
> > your DSL will still suck big file from his page @ 2k/sec ;)
>
> If a server owned in siberia has 10 slow links I do not think he wants
> a single user to monopolize all 10 links effektively blocking out all
> other users while downloading.
>
> Regards
> Henrik

-- 
-- 

Re: [squid-users] Authneticating Windows NT/2000 users with squid

[Marc Elsen]

[EMAIL PROTECTED] wrote:
> 
> Hi all
> 
> How can I authenticate windows NT/2000 domain users with squid.Can squid be
> integrated to use Windows Authentication.
> Any suggesstions /solutions.
 
 Check the Squid FAQ.

 M.

Re: [squid-users] squid + axel - netiquete idea

[Bob Arctor]

unfortunatelly not everywhere in the world ISP's support it :(
and second - imagine scenario where you're connected via your mobile phone, 
which does roaming, and keeps you online , and also using 802.11x 
infrastructure (if it is available) 

i know IP layer load balancing is much more effective, and i don't claim http 
load balancing will outperform it. is just handy sometimes.
i.e. right now i have two modem lines, both @ different ISP's. 
both ISP's run their services without any mainteance, so forget about i.e. 
bonding them. you call to ISP , and you get automatic reply, or someone who 
don't know computers at all. second thing is that each connection is located 
in different place. 
when using simple download accelerator and 2 to three connections i get twice 
speed without incresed overhead, and any problems.
if one line fails, download is continued over second line.

i will have access to at least four such connections.



On Monday 11 August 2003 07:48, Robert Collins wrote:
> Bob, seems to me you are missing the point of network load balancing.
> Someone with 10 modem lines should have their ISP performing load
> balancing and redundancy at a IP level, not by manual load balancing.
>
> This form of 'acceleration' dramatically increases the overhead for web
> servers - i.e. checking databases, logging requests, checking access
> control lists.
>
> The act of transmission is only one part of the load involved in
> handling a request, and these 'accelerators' -only- share that part of
> the load, everything else is duplicated and wasted.
>
> There is a place for swarming - but not in the client-server model of
> HTTP. Things like gnutella, where swarming is a part of the protocol,
> are an appropriate place and if someone with 10 modem lines wants to
> use application level load balancing for static file downloads, gnutella
> is probably an ideal tool - for them.
>
> Rob

-- 
-- 

Re: [squid-users] squid + axel

[Bob Arctor]

it accelerates in two ways :
1)if you have more than one connection to the internet, and your proxy does 
load balance, or you have multiple interfaces in your machine, multiple 
parts of file are downloaded via multiple connections

2) if server is load balanced, and it's domain have many aliases, chosen 
round robin as you connect, each part of file is downloaded from different 
server

as an 'extra' there is ftpsearch feature, where axel search for mirrors. it 
is only feature, because can't be used in everyday's life, as it doesn't 
check md5sums or other checksums, and it is thus unsafe to download from 
untrusted mirrors.




Sunday 10 August 2003 22:14, Antony Stone wrote:
> On Sunday 10 August 2003 9:05 pm, Bob Arctor wrote:
> > axel is an download 'accelerator'
> > originally it splits file to parts (equal) , opens local file , and
> > download it.
>
> Pardon my ignorance, but how does this accelerate anything?
>
> What sort of bottleneck (where) between server and client does axel
> overcome?
>
> Antony.
>
> > On Sunday 10 August 2003 21:34, Henrik Nordstrom wrote:
> > > On Sunday 10 August 2003 20.39, Bob Arctor wrote:
> > > > i tried to modify axel.c to make it work as an cgi-bin script ,
> > > > and with squid rewriting url to point it to cgi-bin script, but
> > > > after a while of hacking i concluded it is pointless.
> > >
> > > What is axel?
> > >
> > > Regards
> > > Henrik

-- 
-- 

[squid-users] LDAP Auth and Squid Accelerator Mode

[mmckenzie]

Hello all,

In previous attempts at trying to get squid to work in accelerator mode
with authentication I was unsuccessful.

I found a patch that is suppose to do it here:
www.poulpy.com/proj.php?PROJID=2

I'm not sure how to apply the patch.  The patch only works with 2.5 STABLE
1.

The ldap auth module that comes with 2.5 STABLE 1, I was uable to get it to
work.

I did get the ldap module I downloaded from here to work:
freshmeat.net/projects/squid_auth_ldap/?topic_id=90

Please, Please, Please if anyone is doing this please reply.

Thanks in advance.

Mitchell S. McKenzie
Intern Programmer Analyst
Learning Environment & Internet Services
University of Nebraska Medical Center
Phone: 402-559-9306
Cell Phone: 402-708-1493

University of Nebraska Medical Center E-mail Confidentiality Disclaimer :
The information in this e-mail is privileged and confidential, intended
only for the use of the addressee(s) above.
Any unauthorized use or disclosure of this information is prohibited.
If you have received this e-mail by mistake please delete it and
immediately contact the sender.

Re: [squid-users] browsing ms .net passport or webmail sites - FAIL

[m.kastinger]

ok, i changed the error language to english, this is the error:

ERROR
The requested URL could not be retrieved



While trying to retrieve the URL: registernet.passport.net:443

The following error was encountered:

Unable to forward this request at this time.
This request could not be forwarded to the origin server or to a

yes i paste it correctly, its " ... server or to a"

Re: [squid-users] LAG !!!

[Schelstraete Bart]

squid_user wrote:

Hello everyone,

I ve been useing squid for about 1 year. I didnt notice that earlyer
but last
time i found taht when i want to open some WWW pages then i have to
wait about sometimes 10-15 sec before browser show me something.
Is that normal ? or maybe i should add something to squid.conf to
avoid this lagg... i dont know plz help me to solve that problem.
When i turn off squid then web browsing works much more quick.

will be thankful for any advice

 

Maybe DNS problem on the Squid proxy server?



  Bart

Re: [squid-users] Parent-to-child compressed transfer

[Henrik Nordstrom]

On Friday 08 August 2003 17.29, Dave Serls wrote:

> Is there a patch to 2.5.x or code on the horizon to stipulate
> compressed cache-to-cache transfers of parent hits?

Not for squid-2.5.

There is plans on adding Transfer-Encoding support in a later Squid 
version, maybe Squid-3.1 but the exact timeplan depends on if anyone 
sponsors the development of the feature and sparetime available to 
the developers working on transfer encoding support. It is very 
likely Transfer-Encoding support will include gzip compression once 
added.

> Since I'm clueless on the actual mechanics, this may be a silly
> request, although it seems useful between an ISP and small LAN over
> a phone line.

Indeed.

Regards
Henrik

-- 
Donations welcome if you consider my Free Squid support helpful.
https://www.paypal.com/xclick/business=hno%40squid-cache.org

If you need commercial Squid support or cost effective Squid or
firewall appliances please refer to MARA Systems AB, Sweden
http://www.marasystems.com/, [EMAIL PROTECTED]

RE: [squid-users] Configuring multiple network card

[Tony Melia (DMS)]

Just have default gateway of NIC1 as normal (ip = 192.168.0.1) which will
get the pages from internet, then add second nic and change the listen
addresses to the IP of new NIC2, i.e listen on port 192.168.0.2:8080.
Suggest you 'team' multiple NICS together as the listening NIC, compaq/Intel
have such cards, and the cards are seen as 1 fat pipe if switch is
configured properly.

Regards,
TOny

-Original Message-
From: Mathew Thomas [mailto:[EMAIL PROTECTED] 
Sent: Monday, 11 August 2003 10:53
To: <
Subject: [squid-users] Configuring multiple network card


Hi,

I am setting up a couple super squid proxy servers for the University. My
servers have got multiple network cards. All the faculty proxy servers will
use my proxy as the parent, and  then my proxy server will fetch the pages
from internet for the faculty proxy servers. There is no direct fetching
for the end-users in the super proxy. End-users have to go via the faculty
proxies.

How can I configure the squid and network-card so that one netwok card will
be used for talking to the faculty proxy servers and another card for
fetching the pages from internet? I believe, this way things might be little
faster.

Thanks in advance for the help.
Mathew




Downs MicroSystems Pty Ltd
145 Margaret Street
Toowoomba Qld 4350
Ph. (07) 4639 3344 Fax (07) 4639 3820

Important Disclaimer and Warning

Downs MicroSystems does not represent or warrant that any attached files are
free from computer viruses or other defects. The attached files are
provided, and may only be used, on the basis that the user assumes all
responsibility for any loss, damage or consequences resulting directly or
indirectly from use of the attached files. The liability of Downs
MicroSystems in any event is limited to either the resupply of the attached
files or the cost of having the attached files resupplied.

NOTE: The views expressed by the individual in this message do not
necessarily reflect those of the organisation.

Downs MicroSystems is committed to protecting the privacy of individuals,
and is bound by the principles of the Commonwealth Privacy Act (1988).
Should you wish to view our Privacy Policy, please visit
www.downsmicro.com.au.

The information contained in this message is confidential and may be legally
privileged. The message is intended solely for the addressee(s). If you are
not the intended recipient, you are hereby notified that any use,
dissemination, or reproduction is strictly prohibited and may be unlawful.
If you are not the intended recipient, please contact the sender by return
e-mail and destroy all copies of the original message.

Re: [squid-users] squid + axel

[Henrik Nordstrom]

On Monday 11 August 2003 00.49, Bob Arctor wrote:
> 3)it is _only_ way to balance traffic if you have multiple slow
> lines (like few dialups, like i do have)

It is the only way to balance traffic for the same large download 
request on multiple slow dial up lines not supporting bonding. On 
this I agree.

Now there is a number of assumptions here which must all be true for 
this to be done in a social manner

a) The service provided by the server contacted is intended for users 
with higher bandwidth than a single dialup connection.

b) You are mostly alone with little or no other use of your dialup 
connections.

c) It is known the download is relatively large.


'a' may or may not be true depending on the server. It is very hard 
for a program to determine. Round-robin DNS is not a sign of this.

'b' can be determined by a program keeping track of the link usage.

'c' is very hard to know in HTTP without first actually making the 
request. Users can easily determine when starting the download.


So is Squid the proper place for this? In my opinion not.

Regards
Henrik