[squid-users] reverse proxy does caching but don't want it
Hi I've got this config for my reverse proxy httpd_accel_host www.someurl.net httpd_accel_port 80 httpd_accel_with_proxy off httpd_accel_single_host off httpd_accel_uses_host_header on This is part of the access log: 1064003192.209 91 62.202.65.1 TCP_IMS_HIT/304 226 GET http://www.someurl.net/mnu_clr.js - NONE/- application/x-javascript 1064003192.621 24 62.202.65.1 TCP_IMS_HIT/304 211 GET http://www.someurl.net/res/tri.gif - NONE/- image/gif and.. 1064002978.866276 160.218.193.205 TCP_HIT/200 1141 GET http://www.someurl.net/images/sxicona.gif - NONE/- image/gif 1064002981.466639 160.218.193.205 TCP_HIT/200 364 GET http://www.someurl.net/images/scrolldown.gif - NONE/- image/gif IMS_HIT and TCP_HIT indicate this reverse proxy caches pages. According to the config above it shouldn't. Or did I miss something? It's squid 2.5 Stable 3 running on a SUSE 8.1 box. Thanks regards, Philipp
Re: [squid-users] reverse proxy does caching but don't want it
Reverse proxies are meant to cache. You can use no_cache to prevent that if you desire it. Rob -- GPG key available at: http://members.aardvark.net.au/lifeless/keys.txt. signature.asc Description: This is a digitally signed message part
Re: [squid-users] xmalloc and out of memory errors in messages log
On Sat, 20 Sep 2003, Tay Teck Wee wrote: Sep 20 00:09:58 blar out of memory [28008 Sep 20 00:09:59 blar squid[29539]: Squid Parent: child process 28008 exited due to signal 6 Sep 20 01:39:21 blar (squid): xmalloc: Unable to allocate 87380 bytes! Sep 20 01:39:21 blar squid[29539]: Squid Parent: child process 28435 exited due to signal 6 The above is effectively the same error.. twice a day. I've read the FAQ. Its states 2 possible reasons for OS to have xmalloc error: 1) out of swap 2) data segment size reached Yes.. I am sure that the machine never ran out of swap, using monitoring tools. And the below shows that I've set the data segment size to unlimited. [EMAIL PROTECTED] squid]# ulimit -a Unfortunately ulimit only gives half the picture. What ulimit unlimited says is that there is no additional limits imposed. The process size is still limited by the maximum data segment size allowed or possible with your kernel. This is why the FAQ goes into how to tune the kernel for this. linux kernel 2.4.20-19.8 And which memory model is the kernel compiled for? And how large is your Squid process? Regards Henrik
[squid-users] Send only a certain URL to another proxy
Hie gurus in my current setup i have forwarded all outgoing requests to a parent proxy cache_peer parentcache.foo.com parent 3128 0 no-query default acl all src 0.0.0.0/0.0.0.0 never_direct allow all Now is it possible for me to direct only a certain url say www.foo.com to another proxy , the remaining URLs being sent to the original parent as usual?? i want to avoid the use of a redirector if thats possible Thanks in Advance Cheers __ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com
[squid-users] WLAN-Problem with Proxy Port 80
Hello Could you please give me an advise how should I process in the following case: (In the campus there is a proxy that have been set on port 80. Squid 2.5. We can surf im INTRANET without any limitation. We can surf except port 80 on INTERNET. Services such FTP, HTTPS ans port 2082 etc. works fine. As soon as we want go out on Internet example www.google.com then we receive the message: HTTP Proxy encountered an error (the page www.google.com) is not reachable. If we disabled proxy on client side such MS Internet Expleorer and authentify the user and then enabled the proxy after the authentification then it works sometimes even with port 80 ) We have an Orinoco AP2500 as WLAN Acess Point in Campus Network with following configuration: IP Configuration: IP Address Assignment Type: static Network IP Address: xxx.xxx.yyy.220 Network Subnet Mask: 255.255.255.0 Gateway IP Address: xxx.xxx.yyy.1 DHCP Server: Enabled DHCP Server Type: Privat Public DHCP Server IP Address: xxx.xxx.yyy.220 DHCP Server Subnet Mask: 255.255.255.0 Pool Start IP Address: xxx.xxx.yyy.224 Pool End IP Address: xxx.xxx.yyy.229 Lease Time (minutes):1440 Tehere is aDNS Server RADIUS Server is enabled and is FreeRadius Authentication, Authorization and Accounting is Enabled Authorization Method: internaly Enable User Name: enalbled I will appreciate any hints how we should make forwards? Or who can help if you have made some experiences with some companies. Proxim says us just disable the Proxy what we can not do, because of security policy of whole network. With best regards Polat
[squid-users] ntlm_auth problem
Hi any hints about the following problem will be appreciated: i am newbie to ntlm authentication and i have a problem: - i configure squid with option ./configure --enable-auth=ntlm --enable-ntlm-auth-helpers i did not specify any ntlm-auth helpers because i think this will install all needed helpers, not only the one i specify. It installs wb_ntlmauth ntlm_auth and others ... under libexec dir.. but squid works fine until: - i add the lines acl authenticated proxy_auth REQUIRED http_access allow authenticated auth_param ntlm program /usr/local/squid/libexec ntlm_auth Elm.local\192.168.0.120 auth_param ntlm children 5 auth_param ntlm max_challenge_reuses 0 auth_param ntlm max_challenge_lifetime 2 minutes Elm.local is my domain name. and other is controller ip... By the it is windows 2003 Enterprise edition i don't know why squid does not work after these lines. i think i make something wrong about ntlm_auth. by the way whic one is better to use. ntlm_auth or wb_ntlmauth? thanks alot for your help...
[squid-users] Squid out from dark...
SquidShow - the program, shows realtime active requests users of proxy-server Squid in simple, demonstrative form. Screenshot: http://softbox.netfirms.com/ssscreen.htm Download: http://softbox.netfirms.com/dnlsqshow.htm Statistics, activity.
[squid-users] Configure with or without option?
All, In FAQ, there is an instruction below to enable transparent proxy - Squid-2 (after version beta25) has IP filter support built in. Simple enable it when you run configure: ./configure --enable-ipf-transparent However, I can run transparent proxy without enable the option above (Squid 2.4S7 and 2.3S4). What is the effect if I do not enable the option? Does the option only affect to version 2.5? Please advise. Thx Rgds, Awie
[squid-users] Connection limiting in Redhat
(Redirected by Nauman Malik [EMAIL PROTECTED]) hello Is it possible to limit tcp connections from one single IP to a certain limit in Redhat Linux. So that connections get blocked at OS level, instead squid has to block undesired sessions. IPTABLES may help?
Re: [squid-users] Aggressive tune up?
Yes, now I changed ALL of VM setting to default. However, I want to know which setting that cause the problem. Because I used same setting so far. Thx Rgds, Awie - Original Message - From: Adam Aube [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Sunday, September 21, 2003 12:24 AM Subject: Re: [squid-users] Aggressive tune up? I tried to tune up my Linux (kernel 2.4.20) to get optimal performance, but get problem. You need to REALLY know what you're doing before you start tinkering with VM settings - it's easy to make a mistake and make your system unstable. I am really curios by using the such setting. Few months ago system run very good. But within last few weeks Squid becomes unstable, very slow until could not serve the requests. It can back to normal without any action. However, if I shutdown the Squid and reload, it becomes back normal immediately (then unstable again). If your tinkering has introduced system instability, then of course Squid will be unstable. Change your kernel settings back to the defaults and see if Squid starts acting properly. If not, post your question again. Adam
[squid-users] Redhat 9.0 ntlm
In squid that comes with redhat 9.0 although wb_ntlmauth ntlm_auth programs are found and in config file ntlm lines exists when i configure and try to start it gives error unknown authentication scheme ntlm. Does not it really have support for ntlm? In not how can i add? i want to use the src.rpm of redhat but i don't know how to pass --enable-auth=ntlm option with the rpmbuild command. Any hints please?
Re: [squid-users] Aggressive tune up?
Yes, now I changed ALL of VM setting to default. However, I want to know which setting that cause the problem. Because I used same setting so far. VM setting or Squid setting? If you want to know which VM change made your system unstable, you are asking the wrong list. If Squid is still unstable after changing your VM settings back to the default, post your squid.conf and the output of squid -v to the list. Adam
Re: [squid-users] Authentication related query
Thanks for the response.I am herewith pasting the squid.conf for ur perusal. As far as I can tell, your squid.conf looks ok (though I've never used pam_auth before). Unless it is a problem with pam_auth, I would have to say it is most definitely a browser problem. An easy way to check would be to switch to a different basic auth helper (such as ncsa_auth) and see if the problem goes away. Adam
Re: [squid-users] help: Squid.conf
With no -f option, squid reads an old configuration of squid.conf that I have deletedis it possible? Two solutions: 1) Create a symlink where Squid expects the config file to be that points to the real config file 2) Recompile Squid to change the location it expects the config file to be at Adam
[squid-users] Load Balancing Content Types
Hi, I'm new to many of the options within Squid, so I would appreciate any help with the following scenario. I have network wherein the squid proxy connects to the Internet via two parent proxies. /- ISDN Parent Proxy #1 | Squid ---+ Proxy | \- ADSL Parent Proxy #2 Parent Proxy #1 (over the IDSN line) is monitored by an organisation-wide content filtering process. Although the simple solution is to simply use this link alone, the cost required to upgrade it to the required capacity is prohibitive. Parent Proxy #2 (over the ADSL line) is a high capacity multi-megabit connection that, while lacking any filtering capability, is cheap and fast. Hence, what I would like to do is have Parent Proxy #2 used for any non-textual content (e.g. image files, audio files, etc) while Parent Proxy #1 is used for generic HTML. Therefore, is it possible to have Squid change parent proxies based on the content type of the requested URL? How do I do this? Finally, are there any other options to balance the load over these two connections? The ideal solution would appear to have all requests go through to Parent Proxy #1 and then, when the squid proxy received a HTTP response that suggested the desired URL is accessible, the request would be dropped and then re-made via Parent Proxy #2. Any and all comments appreciated. Thanks, Darryn.
RE: [squid-users] help: Squid.conf
Or move the config where it is expecting to see it. -Original Message- From: Adam Aube [mailto:[EMAIL PROTECTED] Sent: Saturday, September 20, 2003 8:33 PM To: [EMAIL PROTECTED] Subject: Re: [squid-users] help: Squid.conf With no -f option, squid reads an old configuration of squid.conf that I have deletedis it possible? Two solutions: 1) Create a symlink where Squid expects the config file to be that points to the real config file 2) Recompile Squid to change the location it expects the config file to be at Adam ** This message was virus scanned at mail.siliconjunkie.net and any known viruses were removed. For a current virus list see http://www.siliconjunkie.net/antivirus/list.html
[squid-users] IE weirdness with PPP
I recently added a PPP dialin server on my network on which I have a Squid proxy box. The dialin clients can browse the internet with Mozilla via Squid. They can also ping and telnet to the Squid box. IE6 however gets no response from Squid. Unfortunately our company policy requires we use IE on the clients. The same client systems works fine with IE via the same Squid box when directly connected to the local network and using the same proxy configuration. Running tcpdump on the Squid box shows the request from IE is being recieved, but there is no response from Squid. Netstat never shows a connection. /etc/ppp/options: auth -chap +pap login modem crtscts proxyarp debug lock ms-dns 172.16.4.50 ms-wins 172.16.4.57 Any ideas would be most appreciated. Alan Lehman