[squid-users] User-Agent Headers allow only for specific mime-types
Hi all! The poblem with that I don't allow User-Agent headers. I want to allow User-Agent headers for only Realplayer and Mediaplayer Mimetypes. Realplayer and Mediaplayer arent functioning in the paranoid Mode How can I solve this Problem? Paul
Re: [squid-users] User-Agent Headers allow only for specific mime-types
On Tuesday 09 September 2003 08.15, [EMAIL PROTECTED] wrote: Hi all! The poblem with that I don't allow User-Agent headers. I want to allow User-Agent headers for only Realplayer and Mediaplayer Mimetypes. You can not make the desision for forwarding of User-Agent in the request based on the MIME type of the response. To get the response the request must first be forwarded so the server knows what to respond to.. What you can do is to selectively allow User-Agent based on the value of User-Agent. See http_header_access and the browser acl type. Regards Henrik -- Donations welcome if you consider my Free Squid support helpful. https://www.paypal.com/xclick/business=hno%40squid-cache.org If you need commercial Squid support or cost effective Squid or firewall appliances please refer to MARA Systems AB, Sweden http://www.marasystems.com/, [EMAIL PROTECTED]
[squid-users] reverse proxy with different ports
Hello, I have a question about accel mode special configuration... Is it possible to have this configuration with SQUID3-PRE3 : User -[https on port 1443]- Reverse Proxy --[http on port 80]-- Original server User -[https on port 2443]- Reverse Proxy --[http on port 81]-- Original server Both links through the same Squid ? Should I write a special redirector ? If it's too hard, I could work with this other configuration : User -[https on port 1443 to virtual server name1]- Reverse Proxy --[http on port 80]-- Original server User -[https on port 1443 to virtual server name2]- Reverse Proxy --[http on port 81]-- Original server I've tried the following squid.conf with SQUID3-PRE3 but it doesn't work : - https_port 1443 defaultsite=original-site cert=rproxy.cert key=rproxy.key cache_peer 192.168.x.x parent80 0 no-query originserver name=virtualservname1.mydomain cache_peer 192.168.x.x parent81 0 no-query originserver name=virtualservname2.mydomain acl http1 port 80 acl http2 port 81 cache_peer_access virtualservname1.mydomain allow http1 cache_peer_access virtualservname1.mydomain allow http2 - IP of virtualservname1.mydomain = IP of virtualservname2.mydomain = IP of the reverse proxy. - Whatever virtual server name I use (https://virtualservname2.mydomain:1443), I access the same site on original server port 80. Could you tell me where I'm wrong ? Regards, Laurent Derrien
Re: [squid-users] Reverse proxy tracking source IP's
configure squid in httpd_accelerator mode and it will give the X_Forwarded_For header to your web server unless to set it up to anonymize such a feature Original message Date: Mon, 8 Sep 2003 09:49:45 -0700 From: robert schwartz [EMAIL PROTECTED] Subject: [squid-users] Reverse proxy tracking source IP's To: [EMAIL PROTECTED] I have an interesting problem, we have to reverse proxy incoming web requests to an application that needs to know the end-user's IP address. This is for security not for performance, so there's no need to cache the actuall results. Our current proxy software cannot communicate this information to the backend web server (every requests looks like its coming from the proxy server obviously), and I was wondering if SQUID can do this? It would be like forwarded_for for reverse proxy so that there's something in the header the destination web server can read that tells it the requesting client's real IP address. Is there a patch or a well-known config option that has elluded my googling and MARC searching that presents the requestor's IP address to the accelerated server? TIA Robert
[squid-users] Can Overwrite Store.log ?
hi guys can overwrite the store.log because now the size of this log is 170Mb ,with an another store.loc empty ??? Andrea Soccal IT Sistema Ufficio [EMAIL PROTECTED]
[squid-users] Re: Problems
Please use a browser which actually displays the error and does not substitute it with a generic error message the browser vendor thinks is better than the real error. It is impossible to understand what the real error is if it is not shown. Note: It is possible to convert MSIE to such browser by correcting the internet settings to a sane settings (not the default). Regards Henrik On Tuesday 09 September 2003 08.57, Christopher Ng wrote: when i key in chinese url it will return this: The page cannot be found The page you are looking for might have been removed, had its name changed, or is temporarily unavailable.
Re: [squid-users] reverse proxy with different ports
On Tuesday 09 September 2003 09.58, [EMAIL PROTECTED] wrote: Hello, I have a question about accel mode special configuration... Is it possible to have this configuration with SQUID3-PRE3 : User -[https on port 1443]- Reverse Proxy --[http on port 80]-- Original server User -[https on port 2443]- Reverse Proxy --[http on port 81]-- Original server Both links through the same Squid ? Yes. Should I write a special redirector ? With Squid-2.5 a redirector is needed. Squid-3 will do this nicely without the help of a redirector. If it's too hard, I could work with this other configuration : User -[https on port 1443 to virtual server name1]- Reverse Proxy --[http on port 80]-- Original server User -[https on port 1443 to virtual server name2]- Reverse Proxy --[http on port 81]-- Original server Same problem basic problem.. https_port 1443 defaultsite=original-site cert=rproxy.cert This will make the URLs accepted by Squid look like https://original-site/path/to/requested/document your acls need to match this. If you want the https_port to support virtual domains then you need to use the vhost directive, which will make the URLs read like https://requested-domain-name/path/to/requested/document and again your acls need to match this. When using the vhost directive the defaultsite= option just specified the host name to assume if no host name was given in the request sent by the client. Regards Henrik -- Donations welcome if you consider my Free Squid support helpful. https://www.paypal.com/xclick/business=hno%40squid-cache.org If you need commercial Squid support or cost effective Squid or firewall appliances please refer to MARA Systems AB, Sweden http://www.marasystems.com/, [EMAIL PROTECTED]
Re: [squid-users] Can Overwrite Store.log ?
On Tuesday 09 September 2003 11.19, Soccal Andrea wrote: hi guys can overwrite the store.log because now the size of this log is 170Mb ,with an another store.loc empty ??? Yes, and you can even disable the writing of store.log from squid.conf. store.log is generally not useful. Regards Henrik -- Donations welcome if you consider my Free Squid support helpful. https://www.paypal.com/xclick/business=hno%40squid-cache.org If you need commercial Squid support or cost effective Squid or firewall appliances please refer to MARA Systems AB, Sweden http://www.marasystems.com/, [EMAIL PROTECTED]
[squid-users] R: [squid-users] Can Overwrite Store.log ?
Ok Therefore make a new file TXt named store.log ?? Thakns Andrea Soccal IT Sistema Ufficio [EMAIL PROTECTED] -Messaggio originale- Da: Henrik Nordstrom [mailto:[EMAIL PROTECTED] Inviato: martedì 9 settembre 2003 11.37 A: Soccal Andrea; '[EMAIL PROTECTED]' Oggetto: Re: [squid-users] Can Overwrite Store.log ? On Tuesday 09 September 2003 11.19, Soccal Andrea wrote: hi guys can overwrite the store.log because now the size of this log is 170Mb ,with an another store.loc empty ??? Yes, and you can even disable the writing of store.log from squid.conf. store.log is generally not useful. Regards Henrik -- Donations welcome if you consider my Free Squid support helpful. https://www.paypal.com/xclick/business=hno%40squid-cache.org If you need commercial Squid support or cost effective Squid or firewall appliances please refer to MARA Systems AB, Sweden http://www.marasystems.com/, [EMAIL PROTECTED]
[squid-users] Redirection not happening
Hi All, I am using squid-2.5.STABLE1 for redirection in my setup.The redirect program is writing the redirect_url , src address , identity and method to the stdout , but the redirection is not happening.I have tried with (printf, fflush )combination , (sprintf , fprintf , fflush )combo , (sprintf,puts,fflush) combo but , nothing seems to be triggering the proxy to accept the new redirect url.Kindly help me solve this problem. Secondly , the proxy is sending out malformed urls(some junk characters are getting prefixed to the url).How can I take care of this? How to prevent the proxy from sending out the urls of the popups that accompany any url to the redirect program? Also , could somebody kindly tell me as to how to enforce the proxy to always generate the url with the domain name itself and not replace the domain name by its IP before it passes it on to the redirector program. Any suggestions are most welcome. Regards and TIA, Deepa Yahoo! India Matrimony: Find your partner online. Go to http://yahoo.shaadi.com
[squid-users] configuring additional componets after install
How can i install additional features as ping after installing samba 3.0rc2 with rpms?? mfg
[squid-users] configuring additional componets after install
Hi all! How can i install additional features as ping after installing squid 2.5stable3 with rpms?? mfg sorry for my mistake (samba)
[squid-users] Problem with ISP blocking hundreds of sites
I have my isp blocking hundreds if not thousnads of sites and sending a copy of the internet explorer 404 not found page instead of the original site or any other page saying that the site was blocked. Now, I want to know if using a cache peer located outside the tunisian backbone as parent will allow me to access such sites ?
[squid-users] NTLM broken when using a parent proxy...
Hi everyone, i have SquidNT running with NTLM authentication. Everything is running fine after the tips from Guido (thanks again). Now i configured the proxy to use a parent proxy, and prefere that parent over direct connections. After i did that NTLM broke. If the parent proxy is dead, then everything works fine. The users are authenticated by their InternetExplorer, no questions, usernames or passwords asked. If the parent proxy is alive, then NTLM breaks. Squid asks for a username and password, and even if you enter a valid combination the request is denied. Thats quite bad because we want to take advantage of NTLM (not bugging the users with entering username and password everytime they start a new browser and still have authentication) and of the Viruswall (the parent proxy). Any hints? Danny -- Whenever, wherever http://www.cyberdelia.de We're meant to be together [EMAIL PROTECTED] I'll be there and you'll be near And that's the deal my dear
RE: [squid-users] Problem with ISP blocking hundreds of sites
I have my isp blocking hundreds if not thousnads of sites Now, I want to know if using a cache peer located outside the tunisian backbone as parent will allow me to access such sites Yes, provided that: 1) Your ISP allows the peering traffic 2) You follow the Squid FAQ instructions to forward all traffic to another proxy Adam
[squid-users] WCCP Module
All, I have WCCP modules already but plan to change my Ethernet card. I assume that the WCCP modules still usable as long as I do not change the kernel, am I right? Please advise. Your answer is very appreciated. Thx Rgds, Awie
Re: Re: [squid-users] user_cert in Squid 3.0 PRE3
fre 2003-08-29 klockan 00.51 skrev [EMAIL PROTECTED]: Thank you for this information. Please could you tell me how to force use of client certificates ? I want squid to reject connections without client certificates authenticated by my CA certificate. If the request is still accepted by Squid then you can use one of the client certificate based ACLs to deny requests without accepted certificates, just like how you deny other types of unacceptable requests. Regards Henrik -- Donations welcome if you consider my Free Squid support helpful. https://www.paypal.com/xclick/business=hno%40squid-cache.org Please consult the Squid FAQ and other available documentation before asking Squid questions, and use the squid-users mailing-list when no answer can be found. Private support questions is only answered for a fee or as part of a commercial Squid support contract. If you need commercial Squid support or cost effective Squid and firewall appliances please refer to MARA Systems AB, Sweden http://www.marasystems.com/, [EMAIL PROTECTED]
Re: [squid-users] configuring additional componets after install
tis 2003-09-09 klockan 15.47 skrev [EMAIL PROTECTED]: Hi all! How can i install additional features as ping after installing squid 2.5stable3 with rpms?? mfg sorry for my mistake (samba) Depends.. to have support for ICMP your Squid binary must be configured with ICMP support which will automatically cause the pinger to be build. However, most anything else using external helpers can be added without having to fully rebuild Squid, but you will need access to the sources and some experience in compiling. Generally it is recommended to compile your own Squid if the Squid delivered in rpm format by your vendor is not sufficient. This gives you most flexibility. Regards Henrik -- Donations welcome if you consider my Free Squid support helpful. https://www.paypal.com/xclick/business=hno%40squid-cache.org Please consult the Squid FAQ and other available documentation before asking Squid questions, and use the squid-users mailing-list when no answer can be found. Private support questions is only answered for a fee or as part of a commercial Squid support contract. If you need commercial Squid support or cost effective Squid and firewall appliances please refer to MARA Systems AB, Sweden http://www.marasystems.com/, [EMAIL PROTECTED]
Re: [squid-users] NTLM broken when using a parent proxy...
tis 2003-09-09 klockan 16.11 skrev Daniel Meyer: If the parent proxy is dead, then everything works fine. The users are authenticated by their InternetExplorer, no questions, usernames or passwords asked. If the parent proxy is alive, then NTLM breaks. Squid asks for a username and password, and even if you enter a valid combination the request is denied. Maybe the parent also requires authentication? Regards Henrik -- Donations welcome if you consider my Free Squid support helpful. https://www.paypal.com/xclick/business=hno%40squid-cache.org Please consult the Squid FAQ and other available documentation before asking Squid questions, and use the squid-users mailing-list when no answer can be found. Private support questions is only answered for a fee or as part of a commercial Squid support contract. If you need commercial Squid support or cost effective Squid and firewall appliances please refer to MARA Systems AB, Sweden http://www.marasystems.com/, [EMAIL PROTECTED]
Re: [squid-users] WCCP Module
tis 2003-09-09 klockan 17.10 skrev Awie: All, I have WCCP modules already but plan to change my Ethernet card. I assume that the WCCP modules still usable as long as I do not change the kernel, am I right? Right. Regards Henrik -- Donations welcome if you consider my Free Squid support helpful. https://www.paypal.com/xclick/business=hno%40squid-cache.org Please consult the Squid FAQ and other available documentation before asking Squid questions, and use the squid-users mailing-list when no answer can be found. Private support questions is only answered for a fee or as part of a commercial Squid support contract. If you need commercial Squid support or cost effective Squid and firewall appliances please refer to MARA Systems AB, Sweden http://www.marasystems.com/, [EMAIL PROTECTED]
Re: [squid-users] NTLM broken when using a parent proxy...
On 9 Sep 2003, Henrik Nordstrom wrote: tis 2003-09-09 klockan 16.11 skrev Daniel Meyer: If the parent proxy is dead, then everything works fine. The users are authenticated by their InternetExplorer, no questions, usernames or passwords asked. If the parent proxy is alive, then NTLM breaks. Squid asks for a username and password, and even if you enter a valid combination the request is denied. Maybe the parent also requires authentication? No. I can use the parent proxy without authentication, verified by just changing the proxy setting in the browser. Danny -- Whenever, wherever http://www.cyberdelia.de We're meant to be together [EMAIL PROTECTED] I'll be there and you'll be near And that's the deal my dear
Re: [squid-users] NTLM broken when using a parent proxy...
Hi Daniel, At 16.11 09/09/2003, Daniel Meyer wrote: Hi everyone, i have SquidNT running with NTLM authentication. Everything is running fine after the tips from Guido (thanks again). Now i configured the proxy to use a parent proxy, and prefere that parent over direct connections. After i did that NTLM broke. If the parent proxy is dead, then everything works fine. The users are authenticated by their InternetExplorer, no questions, usernames or passwords asked. If the parent proxy is alive, then NTLM breaks. Squid asks for a username and password, and even if you enter a valid combination the request is denied. Thats quite bad because we want to take advantage of NTLM (not bugging the users with entering username and password everytime they start a new browser and still have authentication) and of the Viruswall (the parent proxy). Any hints? Please, do You can post your squid configuration ? I like to try it on a not Windows machine to see what happens and after compare with a Windows environment. Regards Guido - Guido Serassio Acme Consulting S.r.l. Via Gorizia, 69 10136 - Torino - ITALY Tel. : +39.011.3249426 Fax. : +39.011.3293665 Email: [EMAIL PROTECTED] WWW: http://www.acmeconsulting.it/
[squid-users] Documentation
Hello, I need of the a documentation to configure the squid proxy with ntlm authentication and that explains the compilation options Where do I find ? thanks Luciano
[squid-users] Optimum Number of Redirectors
Greetings, How do I determine the optimum number of redirector processes to use? The FAQ says: Caution If you start too few Squid will have to wait for them to process a back log of URLs, slowing it down. If you start too many they will use RAM and other system resources. So what is too few or too many? Is it just trial and error? I'm running Squid2.5 Stable3 on Linux/Dell 350 with 1GB or Ram Using Perl redirectors. Is there some ballpark figure i.e. between 10 - 32 , etc. Thank you, John Kent
[squid-users] Which file system for squid cache in Linux
Hi, I am setting up a couple of squid servers for our uni using Red hat 8.0 with Kernel 2.4.21. I have set up 6 *36 GB disk for cache which mount as /cache1 to /cache6. Currently I formatted the disk with ext3 file system. cache_dir aufs /cache1 25000 64 256 to cache_dir aufs /cache1 25000 64 256 I am just confused of the best file system for squid after doing some 'googling' . Which file systems( ext2, ext3, reiserfs, ) is best for the squid cache? Do I need to use any option ( eg noatime,etc) in mounting the cache directories to increase the performance? Thanks Mathew
Re: [squid-users] Slow proxy server
[EMAIL PROTECTED] a écrit : Hi there I've got the latest stable version of Squid running on a RH9.0 machine and I've run into a little problem. From time to time the proxy server doesn't work the way it should, sometimes it totally stops working at all so I have to use another proxy server. Other times it's just plain slow. Is there something I can do to fix this, a common issue maybe? Regards Roy - WebMail fra Tele2 http://www.tele2.no - Hi, You may check file system vs /var/log/squid/*.log size. If your logs are using about 90% of file system squid may slow down and even crash. If it's not sufficient you may find on oreilly.com articles some details describing which ram size needed by which cache size and objects size. Check for Jennifer Vesperman's articles. Fred.
Re: [squid-users] Optimum Number of Redirectors
On Wednesday 10 September 2003 00.42, Kent, Mr. John wrote: So what is too few or too many? Is it just trial and error? The optimal number depends on the type of redirector used and the request load. If your redirector is only using CPU time then not very many is needed, but if the redirector is doing database queries or other operations which may temporarily block the redirector process then more is needed. Also, the higher your request load is the more processes you need due to the design of Squid. cachemgr can be used to figure out how well balanced your number of redirectors are. If you find that all redirectors are used a lot then you have too few, if you find that there is redirectors never used then you may have too many. Regards Henrik -- Donations welcome if you consider my Free Squid support helpful. https://www.paypal.com/xclick/business=hno%40squid-cache.org If you need commercial Squid support or cost effective Squid or firewall appliances please refer to MARA Systems AB, Sweden http://www.marasystems.com/, [EMAIL PROTECTED]
Re: Re: [squid-users] reverse proxy with different ports
On Wednesday 10 September 2003 02.04, [EMAIL PROTECTED] wrote: In my case, I use special ports (https://virt_serv_name:2443 and http://virt_serv_name:81...) and it looks like the vhost instruction in https_port doesn't work with it. See your access.log. access.log contains the URL as processed by Squid according to the http(s)_port settings where the request was accepted. Regards Henrik
Re: Re: Re: [squid-users] reverse proxy with different ports
I've seen access.log. When I add vhost in https_port settings, it looks like the virtual site name is fully rewritten by squid in the http header. Only the protocol type is changed from https:// to http:// . So, it doesn't use the port specified in cache_peer... cache_peer 192.168.x.x parent800 no-query originserver name=host1.mydomain cache_peer 192.168.x.x parent810 no-query originserver name=host2.mydomain Regards, Laurent Henrik Nordstrom [EMAIL PROTECTED] 10/09/2003 11:39 Pour : [EMAIL PROTECTED] cc :[EMAIL PROTECTED] Objet : Re: Re: [squid-users] reverse proxy with different ports On Wednesday 10 September 2003 02.04, [EMAIL PROTECTED] wrote: In my case, I use special ports (https://virt_serv_name:2443 and http://virt_serv_name:81...) and it looks like the vhost instruction in https_port doesn't work with it. See your access.log. access.log contains the URL as processed by Squid according to the http(s)_port settings where the request was accepted. Regards Henrik
