Re: [squid-users] swap.state, swap.state.new, and cache shrinking

[Henrik Nordstrom]

On Thu, 30 Oct 2003, Noel Clarkson wrote:

> read and guessed, I think my problem was that squid was trying to rebuild 
> the swap.state file by creating a swap.state.new file and this was running 
> the partiton out of space, and then doing the rebuild again after failing 
> (clearing the space, and rebuilding and running out of space over and 
> over).  So I've now cleared the cache (or at least the swap.state) and 
> things have settled down, but I'm wondering if this is the likely 
> explaination to my trouble.

If the partition where swap.state is kept is full then Squid will 
repeately crash while trying to rebuild the cache index.

> The other question regarding this that I have is that I've now reduced the 
> size that the cache can take up so that this won't become a problem again, 
> but the actual space that the cache takes up is more than I have told it 
> should be the max because the files from the cache before I told it to 
> shrink are still around.

As long as you do not change the L1 / L2 parameters Squid will 
automatically clean up the cache if you give it some time. Normally a 
cache cleanup maintenance sweep takes up to 24 hours.

Alternatively you can do a complete clean of the cache.

1. Shut down Squid
2. Remove the cache directories
3. run "squid -z".
4. Start Squid again


While you are looking at these things, make sure you have log rotation 
configured. If not the Squid log files including swap.state will grow 
forever until it runs out of space.

Regards
Henrik

Re: [squid-users] Squid/Linux crash - please help

[Henrik Nordstrom]

On Thu, 30 Oct 2003, Mathew Thomas wrote:

> I have got squid running on HP ML530 with two Xeon 3.0 GHz, 8GB Mem, and
> 8x36 Gb hard disk. Six disks have been dedicated for Cache and using
> reiserfs filesystem and mounted as /cache1 to /cache6.

Total overkill server... unless ofcourse you plan on running 8 instances 
of Squid on this box..

> Yesterday the system crashed. Other than ping response, it was not doing
> anything. I couldn't login into the console. I had to cold boot the
> server in order to bring up the server. I checked the logs, and I can't
> see anything unusual or wrong. Squid is working fine after the cold
> boot.

These kinds of symptoms is almost always a kernel or hardware issue.

I would recommend to always keep the console logged in (in text mode) and
disable the screen saver, or alternatively have a serial console always
connected. Also enable Sys-RQ support. Enabling kernel crash-dump support
may also be helpful (even if maybe not very practical with such large
amounts of memory).

> The server is not under heavy load, ( probably less than one tenth of
> the load we are planning put to the box) . I don't know where to start
> and look at the problem. Please help. I am attaching the output of the
> top command and my squid.conf file.

Neither really matters. You need to gather data on what was going in when 
the system hang, not when it operates normally.

Regards
Henrik

[squid-users] swap.state, swap.state.new, and cache shrinking

[Noel Clarkson]

Hi,

I had a problem recently where my partition with the cache on it was 
filling over and over again after about 7 mins, no matter whether anyone 
was using the system or not.  After looking into this a bit, I decided to 
clean out the cache by clearing out the swap.state file as described in the 
faqs.  It's size was about 280Mb and there was also a swap.state.new file 
that was about 40Mb.  I also noticed that the timestamp on the swap.state 
file was about a week old, and the .new one was from today.  From what I've 
read and guessed, I think my problem was that squid was trying to rebuild 
the swap.state file by creating a swap.state.new file and this was running 
the partiton out of space, and then doing the rebuild again after failing 
(clearing the space, and rebuilding and running out of space over and 
over).  So I've now cleared the cache (or at least the swap.state) and 
things have settled down, but I'm wondering if this is the likely 
explaination to my trouble.

The other question regarding this that I have is that I've now reduced the 
size that the cache can take up so that this won't become a problem again, 
 but the actual space that the cache takes up is more than I have told it 
should be the max because the files from the cache before I told it to 
shrink are still around.  How do I go about cleaning up the old cache files 
so that I gain the space back?  It's not an issue now but if I get into the 
situation of having a large swap.state file that then needs rebuilding, I 
still won't have the room on the partition for this to work unless the 
cache files have shrunk to the max size I've set.

Hope that makes some sense, any help most apreciated.

cheers,

noel

[squid-users] Squid/Linux crash - please help

[Mathew Thomas]

Hi,

I have got squid running on HP ML530 with two  Xeon 3.0 GHz, 8GB Mem, and  8x36 Gb 
hard disk. Six disks have been dedicated for Cache and using reiserfs filesystem and 
mounted as /cache1 to /cache6.

OS - Red Hat 8.0 , Kernel 2.4.20
squid Cache: Version 2.5.STABLE4
configure options:  --enable-async-io --enable-gnuregex --enable-kill-parent-hack 
--enable-cachemgr-hostname
( haven't set up cachengr yet)

Yesterday the system crashed. Other than ping response, it was not doing anything. I 
couldn't login into the console. I had to cold boot the server  in order to bring up 
the server. I checked  the logs, and I can't see anything unusual or wrong. Squid is 
working fine after the cold boot.

The server is not under heavy load, ( probably less than one tenth of the load we are 
planning put to the box) . I don't know where to start and look at the problem. Please 
help. I am attaching the output of the top command and my squid.conf file.

Thanks in advance for the help.

Mathew


--- Begin Message ---
11:21am  up 18:38,  1 user,  load average: 0.03, 0.01, 0.00
79 processes: 78 sleeping, 1 running, 0 zombie, 0 stopped
CPU0 states:  0.0% user,  5.0% system,  0.0% nice, 94.2% idle
CPU1 states:  0.0% user,  0.0% system,  0.0% nice, 100.0% idle
CPU2 states:  0.0% user,  0.0% system,  0.0% nice, 100.0% idle
CPU3 states:  0.1% user,  0.0% system,  0.0% nice, 99.1% idle
Mem:  8025228K av,  988768K used, 7036460K free,   0K shrd,  429876K buff
Swap: 2558136K av,   0K used, 2558136K free  107700K cached

  PID USER PRI  NI  SIZE  RSS SHARE STAT %CPU %MEM   TIME COMMAND
 1270 root  16   0  1044 1044   840 R 5.0  0.0   0:01 top
  633 squid 10   0 62460  60M  1360 S 0.4  0.7   0:26 squid
1 root   9   0   476  476   424 S 0.0  0.0   0:03 init
2 root   9   0 00 0 SW0.0  0.0   0:00 keventd
3 root  19  19 00 0 SWN   0.0  0.0   0:00 ksoftirqd_CPU0
4 root  18  19 00 0 SWN   0.0  0.0   0:00 ksoftirqd_CPU1
5 root  19  19 00 0 SWN   0.0  0.0   0:00 ksoftirqd_CPU2
6 root  18  19 00 0 SWN   0.0  0.0   0:00 ksoftirqd_CPU3
7 root   9   0 00 0 SW0.0  0.0   0:00 kswapd
8 root   9   0 00 0 SW0.0  0.0   0:00 bdflush
9 root   9   0 00 0 SW0.0  0.0   0:01 kupdated
  119 root   9   0 00 0 SW0.0  0.0   0:00 kjournald
  120 root   9   0 00 0 SW0.0  0.0   0:00 kjournald
  121 root   9   0 00 0 SW0.0  0.0   0:00 kjournald
  122 root   9   0 00 0 SW0.0  0.0   0:00 kreiserfsd
  123 root   9   0 00 0 SW0.0  0.0   0:00 kjournald
  445 root   9   0   548  548   460 S 0.0  0.0   0:00 syslogd
  449 root   9   0   428  428   376 S 0.0  0.0   0:00 klogd
  466 rpc9   0   536  536   460 S 0.0  0.0   0:00 portmap
  485 rpcuser9   0   728  728   636 S 0.0  0.0   0:00 rpc.statd
  596 root   9   0   612  612   536 S 0.0  0.0   0:00 crond
  602 root   9   0  1212 1212  1084 S 0.0  0.0   0:02 sshd
  620 daemon 9   0   528  528   464 S 0.0  0.0   0:00 atd
  629 root   9   0  1052 1052   904 S 0.0  0.0   0:00 squid
  638 root   9   0   412  408   356 S 0.0  0.0   0:00 mingetty
  639 root   9   0   408  408   356 S 0.0  0.0   0:00 mingetty
  640 root   9   0   404  404   356 S 0.0  0.0   0:00 mingetty
  641 root   9   0   404  404   356 S 0.0  0.0   0:00 mingetty
  642 root   9   0   404  404   356 S 0.0  0.0   0:00 mingetty
  645 squid  9   0   244  244   208 S 0.0  0.0   0:00 unlinkd
  776 root   9   0   408  408   356 S 0.0  0.0   0:00 mingetty
 1155 mathew 9   0  1472 1472  1112 S 0.0  0.0   0:00 bash
 

--- End Message ---


squid.conf
Description: Binary data

[squid-users] FW: NTLM Auth in Active Directory.

[Chris Vaughan]

Here is some output from my access.log. I have censored the PC IP addresses and names.

1067384247.264  3  TCP_DENIED/407 1798 GET http://ap
ac.emsselfservice.com/template/images/now/common_cec_bottom2.gif - NONE/- text/h
tml
1067384247.268  3  TCP_DENIED/407 1801 GET http://ap
ac.emsselfservice.com/template/images/now/powernow_bulb_b_now.gif - NONE/- text/
html
1067384247.633  1  TCP_DENIED/407 1852 GET http://ap
ac.emsselfservice.com/template/images/now/common_cec_top.gif - NONE/- text/html
1067384247.635  0  TCP_DENIED/407 1786 GET http://ap
ac.emsselfservice.com/OpenedEmail.asp? - NONE/- text/html
1067384247.641  2  TCP_DENIED/407 1856 GET http://ap
ac.emsselfservice.com/template/images/now/common_cec_top.gif - NONE/- text/html
1067384247.642  3  TCP_DENIED/407 1790 GET http://ap
ac.emsselfservice.com/OpenedEmail.asp? - NONE/- text/html
1067384247.644  1  TCP_DENIED/407 1786 GET http://ap
ac.emsselfservice.com/template/images/now/common_cec_top.gif - NONE/- text/html
1067384247.646  2  TCP_DENIED/407 1720 GET http://ap
ac.emsselfservice.com/OpenedEmail.asp? - NONE/- text/html
1067384266.198  0  TCP_DENIED/407 1726 GET http://10
.3.240.10/ccmadmin - NONE/- text/html
1067384266.204  0  TCP_DENIED/407 1730 GET http://10
.3.240.10/ccmadmin - NONE/- text/html
1067384266.207  2  TCP_DENIED/407 1660 GET http://10
.3.240.10/ccmadmin - NONE/- text/html
1067384656.253  0 10.3.1.17 TCP_DENIED/407 1789 GET http://inlands/News/OurN
ews/Previous/default.htm - NONE/- text/html
1067384656.268  1  TCP_DENIED/407 1793 GET http://inlands/News
/OurNews/Previous/default.htm - NONE/- text/html
1067384656.271  2  TCP_DENIED/407 1723 GET http://inlands/News
/OurNews/Previous/default.htm - NONE/- text/html


>  -Original Message-
> From: Chris Vaughan  
> Sent: Wednesday, 29 October 2003 10:50 AM
> To:   Squid-Users (E-mail)
> Subject:  NTLM Auth in Active Directory.
> 
> Greetings,
> 
> I have a test machine running Squid 2.5 Stable 4 and Samba 3.0.0 doing NTLM 
> authentication on our Active Directory Domain. However, It appears that squid and 
> samba are trying to authenticate against client machines.
> 
> How do I get authentication to work against username and pasword instead?
> >  <> 


***
This message is intended for the addressee named and 
may  contain confidential information. If you are not the 
intended recipient, please delete it and notify the sender. 
Views expressed in this message are those of the 
individual sender, and are not necessarily the views of 
the Department of  Lands.

This email message has been swept by MIMEsweeper 
for the presence of computer viruses.
***

BEGIN:VCARD
VERSION:2.1
N:Vaughan;Chris
FN:Chris Vaughan (E-mail)
ORG:Department of Lands;Information Management and Technology
TITLE:Communications Administrator
TEL;WORK;VOICE:(02) 9228-6884
TEL;CELL;VOICE:+61 (0401) 148061
TEL;WORK;FAX:(02) 9223-1271
ADR;WORK;ENCODING=QUOTED-PRINTABLE:;IMT;1 Prince Albert Rd=0D=0AQueens Square;Sydney;NSW;2000;Australia
LABEL;WORK;ENCODING=QUOTED-PRINTABLE:IMT=0D=0A1 Prince Albert Rd=0D=0AQueens Square=0D=0ASydney, NSW 2000=0D=0AAu=
stralia
EMAIL;PREF;INTERNET:[EMAIL PROTECTED]
REV:20030829T062124Z
END:VCARD

Re: [squid-users] wccpv2 + follow X-Forwarded-For

[Campbell, Shawn]

Henrik,

Thank you.  I did forget to run bootstrap.sh.

Shawn

On Wed, 2003-10-29 at 16:12, Henrik Nordstrom wrote:
> On Wed, 29 Oct 2003, Campbell, Shawn wrote:
> 
> > I am very curious as to what mistake I made in my version of Alan's
> > patch.  I believe the problem must be in configure.in since
> configure
> > recognizes the option and prints out the message but the code must
> be
> > getting excluded by FOLLOW_X_FORWARDED_FOR not being defined.
> 
> Is the define set in include/autoconf.h after running configure?
> 
> Did you remember to run the bootstrap.sh script after modifying the 
> autoconf/automake files?  (the bootstrap.sh script can be found in the
> Squid CVS tree)
> 
> Regards
> Henrik
> 

Re: [squid-users] problem in yahoo games

[Henrik Nordstrom]

On Wed, 29 Oct 2003, Mohammad Shakir wrote:

> I am running squid squid-2.4.STABLE6-1.7.2, on Red Hat
> Linux 7.3,

First try upgrading to the current Squid release. The current Squid 
release is Squid-2.5.STABLE4. Squid-2.4 is very old and no longer 
supported for free on the squid-users mailinglist.

If you still have problems after upgrading then enable log_mime_hdrs and
send a trace of what requests appear in cache.log.


Regards
Henrik

Re: [squid-users] OWA on Exchange 2003 proxy

[Henrik Nordstrom]

On Wed, 29 Oct 2003, Jonathan Giles wrote:

> 1)  forms based authentication mode turns on ssl on the exchange 
> server.  Https connections fail because it does not like the test cert 
> we put on the exchange server.  Is there any way to tell squid to 
> ignore the problem with the ssl test cert on the 2003 exchange server?  

If you use Squid-3 then you can tell Exchange that https is added by a 
frontend server such as Squid. See the cache_peer directive in Squid-3.

> We can skip forms based auths if we can cause squid to time out 
> sessions...  Seems as though exchange credentials are stored on the web 
> client, and are not destroyed until the web client is quit.

Correct.

> 2)  if using IE on Windows, exchange2003 goes into high gear mode and 
> gives special features to the client, and this does not work on the 
> squid system I configured for exchange2000.  I believe there is a 
> redirect that is causing the proxy to spin it's gears, as the mail 
> folder list never gets populated with mail messages.  So, if someone 
> here has a suggestion with regards to this issue, or if there is a way 
> to stop letting Exchange 2003 know that the client is IE on windows, it 
> would be very helpful.

You quite likely need to use the above Squid-3 feature for this to work 
properly..

Modern Exchange OWA installations uses WebDAV for folder access etc when
accessed by MSIE clients and this requires that OWA knows exacly by which
means it is accessed. Any front-end server such as a Squid reverse proxy
MUST NOT modify the URL (including the host component) and if the
front-end uses SSL while using plain HTTP to the OWA server then it must
tell so to the OWA by using the custom X-Front-End-HTTPS header.

Regards
Henrik

Re: [squid-users] Discrepancies between Squid and its docs

[Henrik Nordstrom]

On Wed, 29 Oct 2003, Eric Geater 10/23/03 wrote:

> 9.1, docs are in /usr/share/doc/squid-2.5.stable1) refer to 2.5, but I
> have wholly been using the ACL instructions found at
> http://squid-docs.sourceforge.net/latest/html/x1455.html (and found
> under the "Using the NCSA authentication module" section).

The (unfinished) Squid Users Guide was written long time ago, long before 
Squid-2.5 was released. The syntax shown in it's examples are using the 
syntax which was correct at the time, but Squid-2.5 uses a slightly 
different syntax. The principles are the same however.

You can find details on the Squid-2.5 syntax in

 a) squid.conf.default
 b) Squid-2.5 release notes
 b) the Squid FAQ
 c) list archives since Squid-2.5 was released

The squid.conf.default file is THE authoritative reference to squid.conf 
syntax and is always up to date with the version of Squid you have 
installed.

The Squid-2.5 release noted do document these squid.conf syntax changes, 
giving some guidelines in how to translate Squid-2.4 and earlier 
configurations to Squid-2.5 syntax

The Squid FAQ is slightly more up to date than the (incomplete) Squid
Users Guide or the Squid-2.4 Configuration Guide, but seriously needs
someone maintaining it a little more actively..

volunteers for updating the Squid FAQ is highly welcome..  For this task
the requirements is:

 * knowledge in how to use a text editor (required)
 * some understanding of Squid-2.5 (required)
 * follows discussions on Squid-users (required)
 * not being scared by SGML (desired, not required)
 * and reasonably good English writing skills (desired, not required)

Regards
Henrik

RE: [squid-users] SquidNT - maximum object size

[Henrik Nordstrom]

On Wed, 29 Oct 2003, Dilan Arumainathan wrote:

> Hi,
> I have placed my squid.conf file as http://www3.telus.net/dilan/squid.conf
> The output of the -X option is at http://www3.telus.net/dilan/squid.log

And this indicates it finds your maxium_object_size 8192 KB directive... 
just just have to look a little further in the log file. First there is 
the parsing of the built in default settings, then follows the parsing of 
your squid.conf. The built in default setting is 4096 KB but is later 
overridden by your squid.conf setting.

Regards
Henrik

Re: [squid-users] wccpv2 + follow X-Forwarded-For

[Henrik Nordstrom]

On Wed, 29 Oct 2003, Campbell, Shawn wrote:

> I am very curious as to what mistake I made in my version of Alan's
> patch.  I believe the problem must be in configure.in since configure
> recognizes the option and prints out the message but the code must be
> getting excluded by FOLLOW_X_FORWARDED_FOR not being defined.

Is the define set in include/autoconf.h after running configure?

Did you remember to run the bootstrap.sh script after modifying the 
autoconf/automake files?  (the bootstrap.sh script can be found in the 
Squid CVS tree)

Regards
Henrik

Re: [squid-users] proxy_auth when using a parent cache

[Henrik Nordstrom]

On Thu, 30 Oct 2003, Chris Joyce wrote:

> everyting works fine with no proxy_auth but when its on clients connecting
> to squid-1 work ok
> clients connecting to squid-2 can auth for some reason ? ( squid-2 dose not
> do any proxy_auth)

See the cache_peer documentation. Your squid-2 needs to be told to forward 
authentication credentials to squid-1.

Regards
Henrik

[squid-users] problem in yahoo games

[Mohammad Shakir]

I am running squid squid-2.4.STABLE6-1.7.2, on Red Hat
Linux 7.3, all things are running fine but when I
connect to games.yahoo.com and try to join I get some
error like " you have stale page in your cache " and
more ...
 
I am sending herewith my squid configuration, any
expert have idea, what will be problem in my
configuration.
 
thanks in advance.
 
http_port 8080
icp_port 0
icp_query_timeout 0
maximum_icp_query_timeout 0
mcast_icp_query_timeout 0
dead_peer_timeout 10 seconds
hierarchy_stoplist
cache_mem  100 MB
cache_swap_low  90
cache_swap_high 95
maximum_object_size 16384 KB
minimum_object_size 0 KB
ipcache_size 1024
ipcache_low  90
ipcache_high 95
fqdncache_size 2048
cache_dir aufs /cache1 1000 16 256
cache_access_log /var/log/squid/access.log
cache_log /dev/null
cache_store_log /dev/null
cache_swap_log /var/log/squid/cache_swap_log.log
emulate_httpd_log off
mime_table /etc/squid/mime.conf
log_mime_hdrs off
pid_filename /var/run/squid.pid
debug_options ALL,1
log_fqdn on
client_netmask 255.255.255.255
ftp_user [EMAIL PROTECTED]
ftp_list_width 32
dns_nameservers 192.168.0.2
wais_relay_host localhost
wais_relay_port 8000
request_header_max_size 10 KB
request_body_max_size 0 MB
reply_body_max_size 1 MB
refresh_pattern .   518400  99%   
 518400
refresh_pattern .jpg20160   99%   
 40320 override-expire
refresh_pattern .jpeg   20160   99%   
 40320 override-expire
refresh_pattern .gif20160   99%   
 40320 override-expire
refresh_pattern ^ftp:   518400  99%   
 518400
refresh_pattern ^gopher:518400  99%   
 518400
reference_age 1 year
quick_abort_min 0 KB
quick_abort_max 0 KB
connect_timeout 120 seconds
siteselect_timeout 4 seconds
read_timeout 5 minutes
request_timeout 30 seconds
half_closed_clients off
pconn_timeout 120 seconds
ident_timeout 10 seconds
shutdown_lifetime 1 seconds
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl ourserver src 192.168.0.101-192.168.0.130
acl ourserver1 src 192.168.0.1
acl SSL_ports port 443 563
acl Safe_ports port 80 21 443 563 70 210 1025-69000
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow ourserver
http_access allow ourserver1
http_access deny all
http_access allow localhost
icp_access allow all
miss_access allow all
cache_mgr [EMAIL PROTECTED]
cache_effective_user squid
cache_effective_group squid
visible_hostname server2.cyberya.net
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
dns_testnames netscape.com internic.net nlanr.net
microsoft.com
logfile_rotate 10
append_domain .cyberya.net
tcp_recv_bufsize 0 bytes
memory_pools on
forwarded_for on
buffered_logs on
offline_mode on

 


__
Do you Yahoo!?
Exclusive Video Premiere - Britney Spears
http://launch.yahoo.com/promos/britneyspears/

RE: [squid-users] Discrepancies between Squid and its docs

[Adam Aube]

> Now if I am running Squid 2.5, and an old squid.conf
> file (that apparently works fine, unless I apply the
> "authenticate_program" tag line), and there's no docs
> to explain usage of the "auth_param" version

You can look at this section of the Squid FAQ:

http://www.squid-cache.org/Doc/FAQ/FAQ-23.html

and also in the squid.conf.default that was installed when you
installed Squid.

Adam

[squid-users] problem in yahoo games

[Mohammad Shakir]

I am running squid squid-2.4.STABLE6-1.7.2, on Red Hat
Linux 7.3, all things are running fine but when I
connect to games.yahoo.com and try to join I get some
error like " you have stale page in your cache " and
more ...
 
I am sending herewith my squid configuration, any
expert have idea, what will be problem in my
configuration.
 
thanks in advance.
 
http_port 8080
icp_port 0
icp_query_timeout 0
maximum_icp_query_timeout 0
mcast_icp_query_timeout 0
dead_peer_timeout 10 seconds
hierarchy_stoplist
cache_mem  100 MB
cache_swap_low  90
cache_swap_high 95
maximum_object_size 16384 KB
minimum_object_size 0 KB
ipcache_size 1024
ipcache_low  90
ipcache_high 95
fqdncache_size 2048
cache_dir aufs /cache1 1000 16 256
cache_access_log /var/log/squid/access.log
cache_log /dev/null
cache_store_log /dev/null
cache_swap_log /var/log/squid/cache_swap_log.log
emulate_httpd_log off
mime_table /etc/squid/mime.conf
log_mime_hdrs off
pid_filename /var/run/squid.pid
debug_options ALL,1
log_fqdn on
client_netmask 255.255.255.255
ftp_user [EMAIL PROTECTED]
ftp_list_width 32
dns_nameservers 192.168.0.2
wais_relay_host localhost
wais_relay_port 8000
request_header_max_size 10 KB
request_body_max_size 0 MB
reply_body_max_size 1 MB
refresh_pattern .   518400  99%   
 518400
refresh_pattern .jpg20160   99%   
 40320 override-expire
refresh_pattern .jpeg   20160   99%   
 40320 override-expire
refresh_pattern .gif20160   99%   
 40320 override-expire
refresh_pattern ^ftp:   518400  99%   
 518400
refresh_pattern ^gopher:518400  99%   
 518400
reference_age 1 year
quick_abort_min 0 KB
quick_abort_max 0 KB
connect_timeout 120 seconds
siteselect_timeout 4 seconds
read_timeout 5 minutes
request_timeout 30 seconds
half_closed_clients off
pconn_timeout 120 seconds
ident_timeout 10 seconds
shutdown_lifetime 1 seconds
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl ourserver src 192.168.0.101-192.168.0.130
acl ourserver1 src 192.168.0.1
acl SSL_ports port 443 563
acl Safe_ports port 80 21 443 563 70 210 1025-69000
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow ourserver
http_access allow ourserver1
http_access deny all
http_access allow localhost
icp_access allow all
miss_access allow all
cache_mgr [EMAIL PROTECTED]
cache_effective_user squid
cache_effective_group squid
visible_hostname server2.cyberya.net
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
dns_testnames netscape.com internic.net nlanr.net
microsoft.com
logfile_rotate 10
append_domain .cyberya.net
tcp_recv_bufsize 0 bytes
memory_pools on
forwarded_for on
buffered_logs on
offline_mode on



__
Do you Yahoo!?
Exclusive Video Premiere - Britney Spears
http://launch.yahoo.com/promos/britneyspears/

[squid-users] OWA on Exchange 2003 proxy

[Jonathan Giles]

I was wondering if anyone had any experience with squid and OWA on 
Exchange 2003 proxies.

My major hurtles are two in number.

1)  forms based authentication mode turns on ssl on the exchange 
server.  Https connections fail because it does not like the test cert 
we put on the exchange server.  Is there any way to tell squid to 
ignore the problem with the ssl test cert on the 2003 exchange server?  
We can skip forms based auths if we can cause squid to time out 
sessions...  Seems as though exchange credentials are stored on the web 
client, and are not destroyed until the web client is quit.

2)  if using IE on Windows, exchange2003 goes into high gear mode and 
gives special features to the client, and this does not work on the 
squid system I configured for exchange2000.  I believe there is a 
redirect that is causing the proxy to spin it's gears, as the mail 
folder list never gets populated with mail messages.  So, if someone 
here has a suggestion with regards to this issue, or if there is a way 
to stop letting Exchange 2003 know that the client is IE on windows, it 
would be very helpful.

Maybe some of these issues are addressed in squid3?

Thanks very much!

jg
---=---=---
Jonathan Giles
Senior Unix Administrator
Cline Davis Mann
---
Privileged/Confidential Information may be contained in this
message.  If you are not the addressee indicated in this message
(or responsible for delivery of the message to such person), you
may not copy or deliver this message to anyone.  In such case,
you should destroy this message and kindly notify the sender
by reply e-mail.  Please advise immediately if you or your
employer do not consent to Internet e-mail of this kind.
Opinions, conclusions, and other information in this message
that do not relate to the official business of CDM shall
be understood as neither given nor endorsed by it.

[squid-users] Discrepancies between Squid and its docs

[Eric Geater 10/23/03]

I would like to report something, but I honestly don't know just how to
do it.

I'm a newb.  There, it's on the table.  I'm running Squid 2.5, I have
working ACL's and http_access lines, and I did this by viewing the ACL
docs on squid-cache.org.  The squid docs on my own machine (Mandrake
9.1, docs are in /usr/share/doc/squid-2.5.stable1) refer to 2.5, but I
have wholly been using the ACL instructions found at
http://squid-docs.sourceforge.net/latest/html/x1455.html (and found
under the "Using the NCSA authentication module" section).  I did this
because I was STRONGLY SUGGESTED by every single newsgroup/mail
archive/user forum that previously answered that question.

But the docs at the above listed website do not account for "auth_param"
taglines, and in fact still validate the use of "authenticate_program"
and "authenticate_children" as suggested by the squid.conf file that I'm
presently running.  Now if I am running Squid 2.5, and an old squid.conf
file (that apparently works fine, unless I apply the
"authenticate_program" tag line), and there's no docs to explain usage
of the "auth_param" version, to whom do I turn to get this issue solved?

Much appreciation to anyone who can get me out of this rut.  If it's ANY
consolation, I really am starting to like Linux, even if it still
baffles me.

Thanks a million,

Eric Geater
egeater at mscoinc dot com

Re: [squid-users] MEMHAR

[Robert Collins]

On Thu, 2003-10-30 at 07:26, Michael Buck wrote:
> >>> <[EMAIL PROTECTED]> 10/29/03 12:30PM >>>
> Your email message was temporarily blocked by my spam
> filter. If you feel this is an error, please follow
> these instructions.

Autoresponders that send messages like this to the mailing list are not
acceptable. Consider this a warning: if you don't get your mail system
fixed, you will be removed from the mailing list. 

Rob
-- 
GPG key available at: .


signature.asc
Description: This is a digitally signed message part

RE: [squid-users] SquidNT - maximum object size

[Serassio Guido]

Hi Dilan,

At 21.02 29/10/2003, Dilan Arumainathan wrote:

Hi,
I have placed my squid.conf file as http://www3.telus.net/dilan/squid.conf
The output of the -X option is at http://www3.telus.net/dilan/squid.log
thanks
dilan
This is from Your log:

2003/10/29 10:27:00| Processing: 'no_cache deny QUERY'
2003/10/29 10:27:00| parse_line: no_cache deny QUERY
2003/10/29 10:27:00| aclParseAccessLine: looking for ACL name 'QUERY'
2003/10/29 10:27:00| Processing: 'maximum_object_size 8192 KB'
2003/10/29 10:27:00| parse_line: maximum_object_size 8192 KB
2003/10/29 10:27:00| Processing: 'auth_param basic children 5'
2003/10/29 10:27:00| parse_line: auth_param basic children 5
2003/10/29 10:27:00| Processing: 'auth_param basic realm Squid 
proxy-caching web server'
2003/10/29 10:27:00| parse_line: auth_param basic realm Squid proxy-caching 
web server

You are stuck on the first occurrence of maximum_object_size, when default 
value is loaded, but some line after the squid.conf is parsed ... :-)

You should check your squid config with cachemgr.cgi.

Regards

Guido



-

Guido Serassio
Acme Consulting S.r.l.
Via Gorizia, 69 10136 - Torino - ITALY
Tel. : +39.011.3249426  Fax. : +39.011.3293665
Email: [EMAIL PROTECTED]
WWW: http://www.acmeconsulting.it/

[squid-users] MEMHAR

[Michael Buck]

>>> <[EMAIL PROTECTED]> 10/29/03 12:30PM >>>
Your email message was temporarily blocked by my spam
filter. If you feel this is an error, please follow
these instructions.

The attached image contains a password.
Reply to this email and enter the password
in the subject or body of your reply.

Thank you.

This email account is protected with Spam Bully.
www.spambully.com 

I am looking for information on how to configure Squid to run in
transparency mode.  The section in the Squid documentation about
transparency is incomplete.  If anyone can provide information on how
to
configure Squid to work this way, I would appreciate it.  I would like
to insert a Squid cache server between the internet and my internal
network so all clients automatically go through the cache.  

Thanks,

Michael Buck
[EMAIL PROTECTED] 
/samb

RE: [squid-users] How Many Concurrent Connections

[Robert Collins]

Please keep the thread on-list... not least because direct mail from me
to you bounces off of some annoying spam-manual-check, which I don't
have the time to fiddle around with.

On Thu, 2003-10-30 at 06:55, JOHNSON DAVID R wrote:
> ok , well i am running squid v 2.4STABLE and it i quitting on me every 3-4
> days..

2.4 is very old - and no longer supported by the squid developers,
except for commercial clients. For free support and troubleshooting, as
well as a plethora of bugfixes - including security sensitive ones - I
urge you to upgrade to 2.5 latest stable.

> i run RH8 with dual xeon procs, 1 gig mem and a 10/100. What in the config
> do i need to *tweak*?

Kernel ephemeral ports, possible other kernel settings depending on the
RH defaults, user fd limits, rebuild squid. There are documents on this
on the web - such as Joe Coopers tuning squid whitepaper...

> Is there any file or anythin i can send you in order for you to lend me a
> hand? PLease?

I wouldn't assume that your problem is number of concurrent connections
- follow the FAQ guidelines for submitting a squid bug report, and
you'll gather information that you can probably use to identify the
cause.

Rob


-- 
GPG key available at: .


signature.asc
Description: This is a digitally signed message part

RE: [squid-users] SquidNT - maximum object size

[Dilan Arumainathan]

Hi,
I have placed my squid.conf file as http://www3.telus.net/dilan/squid.conf
The output of the -X option is at http://www3.telus.net/dilan/squid.log

thanks
dilan

-Original Message-
From: Serassio Guido [mailto:[EMAIL PROTECTED]
Sent: Wednesday, October 29, 2003 11:38 AM
To: Dilan Arumainathan; [EMAIL PROTECTED]
Subject: Re: [squid-users] SquidNT - maximum object size


Hi,

At 19.33 29/10/2003, Dilan Arumainathan wrote:

>Hi,
>I have downloaded and installed SquidNT (v 2.5.STABLE4-NT-CVS). I am doing
>some testing to see if squid could be used to complement our software
>distribution channels by caching software updates. Along these lines I
tried
>to increase the maximum object size to about 20 megs (20480 KB). After
>making the changes I started squid with the -X option and it still reports
>the maximum object size as the default 4096 KB. Is there something else
that
>needs to be changed?

Are you sure about your directive syntax in squid .conf ?

I have just make a check on my development system with a size of 8192 KB,
and it's OK.

Regards

Guido



-

Guido Serassio
Acme Consulting S.r.l.
Via Gorizia, 69 10136 - Torino - ITALY
Tel. : +39.011.3249426  Fax. : +39.011.3293665
Email: [EMAIL PROTECTED]
WWW: http://www.acmeconsulting.it/

Re: [squid-users] SquidNT - maximum object size

[Serassio Guido]

Hi,

At 19.33 29/10/2003, Dilan Arumainathan wrote:

Hi,
I have downloaded and installed SquidNT (v 2.5.STABLE4-NT-CVS). I am doing
some testing to see if squid could be used to complement our software
distribution channels by caching software updates. Along these lines I tried
to increase the maximum object size to about 20 megs (20480 KB). After
making the changes I started squid with the -X option and it still reports
the maximum object size as the default 4096 KB. Is there something else that
needs to be changed?
Are you sure about your directive syntax in squid .conf ?

I have just make a check on my development system with a size of 8192 KB, 
and it's OK.

Regards

Guido



-

Guido Serassio
Acme Consulting S.r.l.
Via Gorizia, 69 10136 - Torino - ITALY
Tel. : +39.011.3249426  Fax. : +39.011.3293665
Email: [EMAIL PROTECTED]
WWW: http://www.acmeconsulting.it/

Re: [squid-users] How Many Concurrent Connections

[Robert Collins]

On Thu, 2003-10-30 at 05:42, JOHNSON DAVID R wrote:
> How many concurrent connections can the squid service handle?
> 
> I am getting a problem with squid crashing every few days or so and am
> trying to troubleshoot the problem without knowing it.

Depends on your OS configuration and the squid build. A tuned squid can
handle thousands of concurrent connections.

Rob
-- 
GPG key available at: .


signature.asc
Description: This is a digitally signed message part

Re: [squid-users] How Many Concurrent Connections

[Antony Stone]

On Wednesday 29 October 2003 6:42 pm, David Johnson wrote:

> How many concurrent connections can the squid service handle?

What O/S and hardware are you using?

What bandwidth Internet connection do you have?

> I am getting a problem with squid crashing every few days or so and am
> trying to troubleshoot the problem without knowing it.

What shows in the squid logs prior to the crashes?

Antony.

-- 

Anyone that's normal doesn't really achieve much.

 - Mark Blair, Australian rocket engineer

Re: [squid-users] SquidNT - maximum object size

[trainier]

I'm not positive about squidnt, but in linux, I have to use -k reconfigure
when I make any changes to the squid configuration.




"Dilan Arumainathan" <[EMAIL PROTECTED]>
10/29/2003 01:33 PM

 
To: <[EMAIL PROTECTED]>
cc: 
Subject:[squid-users] SquidNT -  maximum object size


Hi,
I have downloaded and installed SquidNT (v 2.5.STABLE4-NT-CVS). I am doing
some testing to see if squid could be used to complement our software
distribution channels by caching software updates. Along these lines I 
tried
to increase the maximum object size to about 20 megs (20480 KB). After
making the changes I started squid with the -X option and it still reports
the maximum object size as the default 4096 KB. Is there something else 
that
needs to be changed?

thanks
dilan

[squid-users] How Many Concurrent Connections

[JOHNSON DAVID R]

How many concurrent connections can the squid service handle?

I am getting a problem with squid crashing every few days or so and am
trying to troubleshoot the problem without knowing it.

David Johnson | Network Administrator |
Hampton University | Hampton, VA | 23669 |
office 757.728.6528 | fax 757.727.5438
mailto:[EMAIL PROTECTED]

[squid-users] SquidNT - maximum object size

[Dilan Arumainathan]

Hi,
I have downloaded and installed SquidNT (v 2.5.STABLE4-NT-CVS). I am doing
some testing to see if squid could be used to complement our software
distribution channels by caching software updates. Along these lines I tried
to increase the maximum object size to about 20 megs (20480 KB). After
making the changes I started squid with the -X option and it still reports
the maximum object size as the default 4096 KB. Is there something else that
needs to be changed?

thanks
dilan

[squid-users] cachemgr.cgi just redirects me

[Y Jones]

I am running squid on port 80 and apache on port 81
like this:  http_port 80 accel vport=81
When I visit http://localhost:81/cgi-bin/cachemgr.cgi
I get
Cache Host:
Cache Port:
Manager name:
Password:
I enter localhost and 80.

When I click "Continue..." I am redirected to http://localhost:81/
and I don't get logged in.
I've tried setting and unsetting
   cachemgr_passwd secret all
I've tried various usernames.
cachemgr.cgi/3.0-PRE3-20031002

Thanks for your help.

_
Want to check if your PC is virus-infected?  Get a FREE computer virus scan 
online from McAfee.
http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963

[squid-users] wccpv2 + follow X-Forwarded-For

[Campbell, Shawn]

I have been trying to get squid 2.5.Stable4 working with the wccpv2
patch and the follow X-Forwarded-For patch.  The wccpv2 patch works
great.  However, the X-Forwarded-For patch for squid 2.5 doesn't
correctly patch the source.  In the end, I want to apply them both, but
I have been trying to get the X-Forwarded-For patch to apply to the
stock squid 2.5 source.  I tried looking at the patch file and manually
copying in the changes, altering them as necessary.  I looked at the
wccpv2 patch and compared the way it altered configure.in and some of
the other files, I combined the techniques and ended with a patch that
looked like it would do what I wanted.  So I enabled the compilation
option --enable-follow-x-forwarded-for and the configure script seemed
to indicate that the patch was in place.  I then compiled squid and
tried using the directives that are added by the patch to squid.conf. 
The squid executable did not seem to recognize any of the directives. 
Since the patch compiled, I assumed I must have done something
incorrectly in the autoconf/automake stuff (configure.in), but I am new
to autoconf/automake, and what I did looked exactly like what was done
in the wccpv2 patch.

I was not able to include the patch in this email because of the 5 byte
limit of the list.

To provide some more background, I am currently using squid 2.5-Stable4
+ wccpv2 patch + squidguard for content filtering.  My intention is to
switch over to a setup that uses dansguardian.  I want dansguardian to
receive the request and then forward it to squid.  I want to use acls,
delay pools, and squid's logging facilities as I do with my current
setup.  In order for that to work, I need squid to look at the
X-Forwarded-For header provided by dansguardian for acls, delay pools,
and logging.  I am not sure who to turn to or where to go on the Follow
X-Forwarded-For patch.  I have tried to repair Alan's squid 2.5 patch
without much success.  If anyone sees a problem in the configure.in for
my patch file, fixing it would probably clear up the issue I am having. 
I have looked for other patches and I did manage to find one that
addresses squid logging and X-Forwarded-For.  Here is the patch I found:






--- squid-2.5.STABLE1/src/client_side.c Mon Sep 23 07:04:03 2002
+++ squid-2.5.STABLE1/src/client_side.c Wed Feb  5 10:35:45 2003
@@ -85,6 +85,8 @@
 
 #define FAILURE_MODE_TIME 300
 
+#define DANSGUARDIAN_IP_FORWARD
+
 /* Local functions */
 
 static CWCB clientWriteComplete;
@@ -771,6 +773,9 @@
 clientHttpRequest **H;
 ConnStateData *conn = http->conn;
 StoreEntry *e;
+#ifdef DANSGUARDIAN_IP_FORWARD
+String s;
+#endif
 request_t *request = http->request;
 MemObject *mem = NULL;
 debug(33, 3) ("httpRequestFree: %s\n", storeUrl(http->entry));
@@ -795,6 +800,13 @@
http->al.http.content_type = strBuf(mem->reply->content_type);
}
http->al.cache.caddr = conn->log_addr;
+#ifdef DANSGUARDIAN_IP_FORWARD
+   if (httpHeaderHas(&request->header, HDR_X_FORWARDED_FOR)) {
+   s = httpHeaderGetList(&request->header, HDR_X_FORWARDED_FOR);
+   if (! inet_pton (AF_INET,strBuf(s),&http->al.cache.caddr))
+   http->al.cache.caddr = conn->log_addr;
+   }
+#endif
http->al.cache.size = http->out.size;
http->al.cache.code = http->log_type;
http->al.cache.msec = tvSubMsec(http->start, current_time);






Alan's patch is targeted at becoming a squid feature and uses the
configuration file to enable/disable the feature.  A compile in option
is fine for my situation, so I started looking into what changes I would
need to make to the patch above so that acls and delay pools would use
the X-Forwarded-For entry if it was present and valid.  

The clientHttpRequest seems to be the data structure that is depended
upon by logging, acls, and delay pools.  In the case of logging,
http->al is the AccessLogEntry for the request, the patch simply checks
if the X-Forwarded-For header is present in valid, converts it into an
address and stores it in the AccessLogEntry data structure instead of
conn->log_addr.  The function in which this happens is called
httpRequestFree.  After examining Alan's patch, acl.c and delay_pools.c
both seem to use http->request->client_addr for both acls and
delay_pools.  I don't really have a picture of what exactly is happening
inside of squid in terms of the callback order.  If I were to alter the
http->request->client_addr in the function httpRequestFree, would this
change be utilized by acl.c and delay_pools.c?  It is p

[squid-users] proxy_auth when using a parent cache

[Chris Joyce]

I've got my self stuck on two problams when using proxy_auth

when proxy_auth is in use MS word's clipart search dose not work , seems to
attempt auth once then fails.
I don't have any other problam with proxy_auth on the any client using MS
word , just seems to be a MS Word thing ?

the second is more involved

I've got two squid servers running on my network , squid-1 used to access
the internet , and runs proxy_auth
the sencond squid-2 acts as a proxy on a private link to a intranet , and
forwards everything else to squid-1

everyting works fine with no proxy_auth but when its on clients connecting
to squid-1 work ok
clients connecting to squid-2 can auth for some reason ? ( squid-2 dose not
do any proxy_auth)

I could drop ine squid if I could get proxy_auth to not throw up a loging
when the request is going to the
connected private network , but other wise two servers will do just fine .

chris


squid-1

acl nac-password proxy_auth REQUIRED

acl our_networks src x.x.x.x/24
acl our_servers dst x.x.x.x/24
acl adsl_network src x.x.x.x/24
acl pcc_network src x.x.x.x/22

http_access allow nac-password

http_access allow our_servers
http_access allow our_networks
http_access allow adsl_network
http_access allow pcc_network
http_access allow localhost

icp_access allow our_servers
icp_access allow our_networks
icp_access allow adsl_network
icp_access allow pcc_network
icp_access allow localhost


http_access deny all

# always go direct to local systems
always_direct allow our_servers


squid-2

cache_peer  squid-1  parent  3128  3130
acl our_networks src x.x.x.x/24
acl our_servers dst x.x.x.x/24
acl adsl_network src x.x.x.x/24
acl pcc_network src x.x.x.x/22


#http_access allow nac-password

# are the requests from our network ?
#http_access allow our_servers
#http_access allow our_networks
#http_access allow adsl_network

http_access deny our_servers
http_access deny our_networks
http_access deny adsl_network
http_access allow pcc_network

icp_access allow our_servers
icp_access allow our_networks
icp_access allow adsl_network
icp_access allow pcc_network

http_access deny all

always_direct allow our_servers
always_direct allow adsl_network
always_direct allow pcc_network

# never go direct to any other place
never_direct allow all

RE: [squid-users] time based Instant Message blocking

[Manu C S]

>Since there are some new features in Squid 2.5 Stable4
>where can i get a copy of the squid.conf.default?
>There wasn't a copy in the source I downloaded and
>I'd like examples of how to use some of the new tags.

Oops! Shot off that email before I dug around. I found
the default configuration file in /usr/local/squid.

Sorry about that!

Regards,
Manu

RE: [squid-users] time based Instant Message blocking

[Adam Aube]

> I built it on RH7.3 and I'm able to use the executable
> on IPCop. Thanks for the suggestion.

You're welcome - I'm glad you could get everything working.

> Since there are some new features in Squid 2.5 Stable4
> where can i get a copy of the squid.conf.default?
> There wasn't a copy in the source I downloaded and
> I'd like examples of how to use some of the new tags.

You could run make install in the Squid source directory on the RedHat
7.3 box; this will put it in /usr/local/squid/etc by default (unless
you changed the path with configure). Then just copy it over by your
preferred method.

Adam

RE: [squid-users] NTLM Auth in Active Directory.

[Adam Aube]

> I have a test machine running Squid 2.5 Stable 4 and
> Samba 3.0.0 doing NTLM authentication on our Active
> Directory Domain.

> However, It appears that squid and samba are trying 
> to authenticate against client machines.

What do you mean by "authenticating against client machines"? It is
using the machine name instead of the user name, or is it trying to
verify the NTLM credentials against the client machine instead of AD?

> How do I get authentication to work against username
> and pasword instead?

This is what it should be doing. What are you seeing that makes you
believe it's not doing this?

Adam
<>

RE: [squid-users] time based Instant Message blocking

[Manu C S]

Hi,

>RedHat 8.0 uses glibc 2.3, so when you compile Squid on it, Squid gets
>linked with glibc 2.3. Do you have access to a Linux box that has an
>older version of glibc? If so, try building Squid on that.

I built it on RH7.3 and I'm able to use the executable
on IPCop. Thanks for the suggestion.

Since there are some new features in Squid 2.5 Stable4
where can i get a copy of the squid.conf.default?
There wasn't a copy in the source I downloaded and
I'd like examples of how to use some of the new tags.


>anything beyond that should be using one of the async I/O modes (aufs
>or diskd - aufs being preferred on Linux). Support for aufs must be
>compiled into Squid - see 'configure --help' for details.
>
>You might also want to remote the cache_store_log setting - store.log
>is generally only used for debugging, and the logging it creates puts
>extra load on your disk.

Thanks. When I get the new squid running on my system, I shall
use the suggestions you've given and keep you posted on 
the results.

Regards,
Manu

Re: [squid-users] streamload.com

[Christoph Haas]

On Tue, Oct 28, 2003 at 05:50:06AM -0600, Ampugnani, Fernando wrote:
>   Anybody know how I can block all  streamload.com. servers??

Write your own ACLs. RTFM so see how.

 Christoph

-- 
~
~
".signature" [Modified] 3 lines --100%--3,41 All

Re: [squid-users] squid.conf in RCS Mode

[Henrik Nordstrom]

On Wed, 29 Oct 2003 [EMAIL PROTECTED] wrote:

> Can squid.conf file act in rcs mode.

Yes, if you use rcs. squid.conf as such or Squid does not care how you 
maintain your squid.conf, only that the contents are correct when Squid 
tries to read it.

> What happens if I make changes to squid.conf thru webmin ?

Depends on webmin, but I suppose that without further instructions webmin 
will not automatically use rcs.

If webmin has support for using rcs then it should.. (provided this 
support is enabled if required).

Regards
Henrik

[squid-users] squid.conf in RCS Mode

[azad_a]

Hi

Can squid.conf file act in rcs mode. What happens if I make changes to
squid.conf thru webmin ?
will it make the changes in squid.conf file in rcs.
Will it bring the older revision of squid.conf if we wanna revert. ?

Rgds
Azad A

Re: [squid-users] block ICQ

[Schelstraete Bart]

Li Wei wrote:

>hi, all
>
>Recently, I found many users use ICQ through proxy server(Squid2.5.STABLE2).
>such as www.icq.com:80
>
>I set one ACL to block it, like following:
>acl QQ dstdom_regex -i www.icq.com
>
>But it seem not to take effect.
>
>  
>

That's correct. The messenger itself is not connecting to www.icq.com ,
that's the webpage itself.
What you should do I check the access.log file, and check what address
are loaded.
As far I could see, icq was connecting to *.icq.aol.com and *.icq.com
over here. (but you need to check this in your sqquid logfile)
SO can try the following acl

acl QQ dstdom_regex -i icq.com icq.aol.com



rgrds,

Bart

-- 
 Schelstraete Bart
 http://www.hansbeke.com
 email: bart at schelstraete.org