AW: AW: [squid-users] Group Authentication (NT4 Domain)
> -Ursprüngliche Nachricht- > Von: Henrik Nordstrom [mailto:[EMAIL PROTECTED] > Gesendet: Mittwoch, 12. November 2003 23:42 > An: Altrock, Jens > Cc: 'Adam Aube'; '[EMAIL PROTECTED]' > Betreff: Re: AW: [squid-users] Group Authentication (NT4 Domain) > > > On Wed, 12 Nov 2003, Altrock, Jens wrote: > > > There is no cache log, although I added the cache_log entry > to the conf > > file... > > Then there is no write permission for Squid to the specified log file. The Squid log file is in the /usr/local/squid/var/logs/ directory, and squid has access to the whole /usr/local/squid/ directory. So it must have write permission... > > > where to find the system's message files? > > Usually in /var/log/messages. See your systems syslog > configuration if > unsure. > > Regards > Henrik > ### Diese Nachricht wurde von F-Secure Anti-Virus gescannt. This message has been scanned by F-Secure Anti-Virus.
[squid-users] Squid Authentication
Hi all, how do i setup squid authentication in a way that it ties with my Windows password? Is LDAP_auth able to do this? I need to set up password policies but i believe that the best thing is to use the same password for squid and windows so that all the existing policies for windows apply to squid. Thanks in advanced. melvin _ Get 10mb of inbox space with MSN Hotmail Extra Storage http://join.msn.com/?pgmarket=en-sg
Re: [squid-users] Squid Authentication
melvin melvin wrote: > > Hi all, > > how do i setup squid authentication in a way that it ties with my Windows > password? Is LDAP_auth able to do this? I need to set up password policies > but i believe that the best thing is to use the same password for squid and > windows so that all the existing policies for windows apply to squid. > > Thanks in advanced. > melvin > http://www.squid-cache.org/Doc/FAQ/FAQ-11.html#ss11.14 M.
[squid-users] sigsegv again :-(
hello. i'm facing strange situation. from the users' point of view squid works as normal, BUT in my cache.log i have the following === 2003/11/13 09:16:08| Starting Squid Cache version 2.5.STABLE4 for i686-pc-linux-gnu... 2003/11/13 09:16:08| Process ID 22150 2003/11/13 09:16:08| With 1024 file descriptors available 2003/11/13 09:16:08| DNS Socket created at 0.0.0.0, port 32796, FD 4 2003/11/13 09:16:08| Adding nameserver 192.168.7.5 from squid.conf 2003/11/13 09:16:08| helperOpenServers: Starting 10 'squidGuard' processes 2003/11/13 09:16:09| helperOpenServers: Starting 7 'auth_md5_wo_ip' processes 2003/11/13 09:16:10| helperOpenServers: Starting 8 'ip_acl' processes 2003/11/13 09:16:11| Unlinkd pipe opened on FD 35 2003/11/13 09:16:11| Swap maxSize 2682880 KB, estimated 206375 objects 2003/11/13 09:16:11| Target number of buckets: 10318 2003/11/13 09:16:11| Using 16384 Store buckets 2003/11/13 09:16:11| Max Mem size: 49152 KB 2003/11/13 09:16:11| Max Swap size: 2682880 KB 2003/11/13 09:16:11| Store logging disabled 2003/11/13 09:16:11| Rebuilding storage in /cache (CLEAN) 2003/11/13 09:16:11| Using Least Load store dir selection 2003/11/13 09:16:11| Set Current Directory to /cache/ 2003/11/13 09:16:11| Loaded Icons. 2003/11/13 09:16:13| Accepting HTTP connections at 192.168.7.1, port 3128, FD 36. 2003/11/13 09:16:13| Ready to serve requests. 2003/11/13 09:16:13| Store rebuilding is 5.2% complete 2003/11/13 09:16:16| Done reading /cache swaplog (78778 entries) 2003/11/13 09:16:16| Finished rebuilding storage from disk. 2003/11/13 09:16:16| 78778 Entries scanned 2003/11/13 09:16:16| 0 Invalid entries. 2003/11/13 09:16:16| 0 With invalid flags. 2003/11/13 09:16:16| 78776 Objects loaded. 2003/11/13 09:16:16| 0 Objects expired. 2003/11/13 09:16:16| 0 Objects cancelled. 2003/11/13 09:16:16| 1 Duplicate URLs purged. 2003/11/13 09:16:16| 1 Swapfile clashes avoided. 2003/11/13 09:16:16| Took 4.5 seconds (17586.1 objects/sec). 2003/11/13 09:16:16| Beginning Validation Procedure 2003/11/13 09:16:16| Completed Validation Procedure 2003/11/13 09:16:16| Validated 78776 Entries 2003/11/13 09:16:16| store_swap_size = 869504k 2003/11/13 09:16:16| storeLateRelease: released 0 objects (squid)[0x80996a9] /lib/libc.so.6[0x400bb4f8] (squid)[0x80a9515] (squid)[0x8076db8] (squid)[0x8064839] (squid)[0x808410f] /lib/libc.so.6(__libc_start_main+0xc7)[0x400a8917] (squid)(log+0xa1)[0x804a6fd] FATAL: Received Segment Violation...dying. 2003/11/13 09:52:04| storeDirWriteCleanLogs: Starting... 2003/11/13 09:52:04| WARNING: Closing open FD 36 2003/11/13 09:52:04| 65536 entries written so far. 2003/11/13 09:52:04| Finished. Wrote 79389 entries. 2003/11/13 09:52:04| Took 0.1 seconds (1173300.0 entries/sec). CPU Usage: 9.990 seconds = 6.880 user + 3.110 sys Maximum Resident Size: 0 KB Page faults with physical i/o: 362 Memory usage for squid via mallinfo(): total space in arena: 13152 KB Ordinary blocks:13133 KB 16 blks Small blocks: 0 KB 6 blks Holding blocks: 1164 KB 4 blks Free Small blocks: 0 KB Free Ordinary blocks: 18 KB Total in use: 14297 KB 109% Total free:18 KB 0% 2003/11/13 09:52:07| Starting Squid Cache version 2.5.STABLE4 for i686-pc-linux-gnu... 2003/11/13 09:52:07| Process ID 22321 2003/11/13 09:52:07| With 1024 file descriptors available 2003/11/13 09:52:07| DNS Socket created at 0.0.0.0, port 32797, FD 4 2003/11/13 09:52:07| Adding nameserver 192.168.7.5 from squid.conf 2003/11/13 09:52:07| helperOpenServers: Starting 10 'squidGuard' processes 2003/11/13 09:52:08| helperOpenServers: Starting 7 'auth_md5_wo_ip' processes 2003/11/13 09:52:09| helperOpenServers: Starting 8 'ip_acl' processes 2003/11/13 09:52:10| Unlinkd pipe opened on FD 35 2003/11/13 09:52:10| Swap maxSize 2682880 KB, estimated 206375 objects 2003/11/13 09:52:10| Target number of buckets: 10318 2003/11/13 09:52:10| Using 16384 Store buckets 2003/11/13 09:52:10| Max Mem size: 49152 KB 2003/11/13 09:52:10| Max Swap size: 2682880 KB 2003/11/13 09:52:10| Store logging disabled 2003/11/13 09:52:10| Rebuilding storage in /cache (CLEAN) 2003/11/13 09:52:10| Using Least Load store dir selection 2003/11/13 09:52:10| Set Current Directory to /cache/ 2003/11/13 09:52:10| Loaded Icons. 2003/11/13 09:52:12| Accepting HTTP connections at 192.168.7.1, port 3128, FD 36. 2003/11/13 09:52:12| Ready to serve requests. 2003/11/13 09:52:12| Store rebuilding is 5.2% complete 2003/11/13 09:52:12| Done reading /cache swaplog (79389 entries) 2003/11/13 09:52:12| Finished rebuilding storage from disk. 2003/11/13 09:52:12| 79389 Entries scanned 2003/11/13 09:52:12| 0 Invalid entries. 2003/11/13 09:52:12| 0 With invalid flags. 2003/11/13 09:52:12| 79389 Objects loaded. 2003/11/13 09:52:12|
AW: AW: [squid-users] Group Authentication (NT4 Domain)
I've checked permissions now and set them again, I set all permissions on /usr/local/squid for user squid/group squid and tried again. Same error, and no cache.log file again (although squid has read/write access to the /usr/local/squid/var/logs directory...) any more ideas/suggestions? > -Ursprüngliche Nachricht- > Von: Henrik Nordstrom [mailto:[EMAIL PROTECTED] > Gesendet: Mittwoch, 12. November 2003 23:42 > An: Altrock, Jens > Cc: 'Adam Aube'; '[EMAIL PROTECTED]' > Betreff: Re: AW: [squid-users] Group Authentication (NT4 Domain) > > > On Wed, 12 Nov 2003, Altrock, Jens wrote: > > > There is no cache log, although I added the cache_log entry > to the conf > > file... > > Then there is no write permission for Squid to the specified log file. > > > where to find the system's message files? > > Usually in /var/log/messages. See your systems syslog > configuration if > unsure. > > Regards > Henrik > ### Diese Nachricht wurde von F-Secure Anti-Virus gescannt. This message has been scanned by F-Secure Anti-Virus.
AW: AW: [squid-users] reply_body_max_size ACLs ignored? (solved)
> > > Have you made sure the ident lookup have completed? How can I do this? > > Regards > Henrik > > On Wed, 12 Nov 2003 [EMAIL PROTECTED] wrote: > > > And why does it not work für me??? > > > > Version 2.5.STABLE4 > > > > Squid.conf: > > > >acl user_rost ident rost > > > >reply_body_max_size 0 allow user_rost > >reply_body_max_size 200 allow all > > > > Trying to download a file of about 100 MB gives I get the message > > ERR_TOO_BIG. > > > > access.log shows: > > > > > > > > 1068652370.557 3282 10.23.5.121 TCP_MISS/304 421 GET > > http://www.microsoft.com/products/shared/images/jump2.gif rost > > FIRST_UP_PARENT/fu0270.zff.zf-group.de image/gif > > 1068652371.608 1050 10.23.5.121 TCP_DENIED/403 1840 GET > > > http://download.microsoft.com/download/win2000platform/SP/SP2/NT5/EN-U > > S/W2KS > > P2.exe rost FIRST_UP_PARENT/fu0270.zff.zf-group.de text/html > > > > > > > > > > Mit freundlichem Gruß / regards > > > > Werner Rost > > GM-FIR - Netzwerk > > > > ZF Boge Elastmetall GmbH > > Friesdorfer Str. 175 > > 53175 Bonn > > > > Tel. +49 228 38 25 - 420 > > Fax +49 228 38 25 - 398 > > mailto:[EMAIL PROTECTED] > > www.zf.com/boge-elastmetall > > > > > > > > > > > -Ursprüngliche Nachricht- > > > Von: David Landgren [mailto:[EMAIL PROTECTED] > > > Gesendet: Mittwoch, 12. November 2003 14:51 > > > An: Henrik Nordstrom > > > Cc: [EMAIL PROTECTED] > > > Betreff: Re: [squid-users] reply_body_max_size ACLs > ignored? (solved) > > > > > > > > > Henrik Nordstrom wrote: > > > > On Tue, 4 Nov 2003, David Landgren wrote: > > > > > > > > > > > >>reply_body_max_size 0 allow user_davidl user_tomn > > > > > > > > > > > > This is a contradiction and can never be true. The same request > > > > can > > > > not > > > > come from both users at the same time. > > > > > > > > What you want is a single ACL listing all users in this > category > > > > of > > > > users, > > > > and then refer to this single acl in reply_body_max_size. > > > The logics of > > > > reply_body_max_size is idendical to that of http_access: > > > > > > > > Squid FAQ 10.1 Access Controls Introduction > > > > http://www.squid-cache.org/Doc/FAQ/FAQ-10.html#ss10.1> > > > > > > Just for the record, this was indeed the problem. I'm kicking > > > myself for > > > not having thought about ANDing ACLs. I've changed the above to > > > > > > reply_body_max_size 0 allow user_davidl > > > reply_body_max_size 0 allow user_tomn > > > > > > and of course everything works correctly now. Thanks Henrik. > > > > > > David > > > -- > > > Commercial OS breeds commerce, whereas free OS breeds > > > freedom, the only thing more dangerous and confusing than > commerce. > > >-- Michael R. Jinks, redhat-list, circa 1997 > > > > > >
[squid-users] scanning through proxy
Hi All, We notice there is a surge in port 80 scanning through proxy servers in the past few days. As these requests come from many valid source ips to random destination ips, it is quite impossible to deny based on ip. Below is a sample of the scan request. GET / HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, */* User-Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows 98) Host: 61.199.26.41 Connection: Keep-Alive In order to prevent the proxy servers being 'blacklisted', is there anyway to deny such request? Thanks, Wei Keong
Re: [squid-users] Squid redirectors (squirm)
On Thu, 13 Nov 2003, Blomberg David wrote: > Squid-2.5.STABLE1-63 I would probably recommend upgrading. See http://www.squid-cache.org/Versions/v2/2.5/bugs/ but my memory is a little short and I don't exacly remember what was discussed.. Regards Henrik
Re: [squid-users] Squid redirectors (squirm)
On Thu, 13 Nov 2003, Blomberg David wrote: > acl webmail url_regex -i ^http://webmail\.domain\.com > > http_access deny webmail > > deny_info ERR_SEND_HTTPS webmail Ah, now I remember. I would recommend upgrading as later Squid-2.5 versions supports sending a URL in deny_info. If not you will run into problems with most versions of MSIE who substitute the error message sent by Squid with a stupid generic message Microsoft thinks explain the error better based on the HTTP status code alone.. With more current Squid-2.5 versions the above becomes acl & http_access as above deny_info https://webmail.domain.com/ webmail Regards Henrik
Re: AW: AW: [squid-users] Group Authentication (NT4 Domain)
On Thu, 13 Nov 2003, Altrock, Jens wrote: > The Squid log file is in the /usr/local/squid/var/logs/ directory, and squid > has access to the whole > /usr/local/squid/ directory. So it must have write permission... Try starting Squid manually /path/to/squid -DNYd3 this should give you all errors on the terminal from where you started Squid. Regards Henrik
Re: AW: AW: [squid-users] reply_body_max_size ACLs ignored? (solved)
On Thu, 13 Nov 2003 [EMAIL PROTECTED] wrote: > > Have you made sure the ident lookup have completed? > > How can I do this? By using the ident ACL in http_access. Another question: Are you sure that the ident acl is what you are looking for? This is not the correct ACL for proxy authentication. Regards Henrik
Re: [squid-users] Re: ERR_CACHE_ACCESS_DENIED
On Wed, 12 Nov 2003, Norman Zhang wrote: > > Neither of the two requests shown in your log uses SSDOWNLOAD in the > > User-Agent.. The first is "Mozilla/4.0 (compatible; MSIE 6.0; Windows > > NT 5.1)", the second "SSREADER/3.7.0.0001" > > When I grep through access.log, I did see SSDOWNLOAD. Now I added SSREADER > too. Do I need a special ACL for Mozilla/4.0 too? I thought that's pretty > standard? Do you still have problems using the application? The first request did not look like being sent by this application. Regards Henrik
Re: [squid-users] Auth Questions
On Wed, 12 Nov 2003, Alex Collins wrote: > 1) Could this session cookie based auth possibly work with squid. I'm > 100% open to suggestions. Session cookie auth schemes works with web sites, not general Internet proxies. This is because cookies are connected to domains visited, not proxy servers, and also considered a property of the request to be sent to the web server by the HTTP protocol. What this means is that you can use cookie auth schemes in a Squid running as a surrogate/reverseproxy server infront of your (or specific) web sites, but not in a Squid running as a general Internet HTTP proxy. > 2) I'd also like to avoid the User Config of the .pac file URL - maybe > auto send it as required - can this be done ? If you want the browser to use a specific proxy then the browser needs to be told this via the configuration methods supported by the browser. What methods are applicable depends on how much control you have over the environment where the browser runs. > 3) Could a small java app push everything through the proxy after they > are authenticated and identified as being off campus? Maybe sent from > the squid server, maybe a.n.other web server. This could also help > eliminate a further set of issues relating to Citrix ICA stuff. Don't quite follow this. > 4) Am I totally barmy for even attempting this in the first place ? Maybe, maybe not. Regards Henrik
Re: [squid-users] Squid closing connection in mid stream
On Wed, 12 Nov 2003, Dave Hahn wrote: > I'm using Squid 2.5 Stable 4 with a rather basic config. Everything is > working as it should, with the exception of one site > (www.hcmuscle.com). Connections that do not go through the server are > able to receive the page without problems. As soon as I move the > machine behind the squid server, the connection drops part of the way > through the page. The page author can not see any reason why this would > be so. Have you read the Squid FAQ section relevant to your OS? There are many broken firewalls/routers out on the Internet, and in most modern OS:es needs some tuning to disable advanced TCP/IP features which those broken firewalls/routers fail on... Regards Henrik
Re: [squid-users] Re: caching dynamic pages
But dynamic pages does not have any information at all wrt expiry. There is nothing to override. Date: now Last Modified: unknown (now assumed by Squid). Apply your refresh_pattern setting to this and I think you will see why the page is not getting cached. It should be noted that it is not generally safe to enable caching of dynamic content. Many web sites does not know that dynamically generated content MAY be cached unless explicitly indicated that the information is not cacheable but simply assumes their dynamic content will not get cached by shared proxy caches. Because of this you risk breaking web sites and in some cases even leak sensitive private information between users if enabling caching of dynamic content. Regards Henrik On Wed, 12 Nov 2003, Tong Sun wrote: > > Thanks for the input, Henrik. If I didn't understand wrong, that's what > I've been trying to do. Shouldn't the line in my squid.conf forces Squid > to ignore the expiry information? > > refresh_pattern . 0 20% 4320 override-expire > > I might be missing something here. Please help. > > > This is a dynamic page and does not have any expiry information. Because > > of this it won't be cached by Squid unless you force Squid to via the > > refresh_pattern directive. > > > > Regards > > Henrik
Re: [squid-users] disclosing an intranet site.
You need to allow access to the site in http_access.. Regards Henrik On Thu, 13 Nov 2003 [EMAIL PROTECTED] wrote: > > > my situation : an iis server with intranet on the internal > network (10.10.10.7:80.) > > I am trying to disclose the intranet pages to the internet > with ncsa authentication. > > I have patched the source to get authentication working in > reversed proxy mode. > > I can see in access.log that the authentication works but > on my browser connected to the internet i get ACCESS DENIED > to 10.10.10.7. > > it seems that i have no acl matching for the intranet > server, but i have ! > > Is this construcion possible in the first place ? > > should i try squid 3? > > 1068646051.440 12 164.111.141.141 TCP_DENIED/403 1381 > GET > http://10.10.10.7/frameset_1024.php hans NONE/- text/html > > 1068646083.354 3 164.111.141.141 TCP_DENIED/401 1665 > GET http://10.10.10.7/ - NONE/- text/html > > 1068646093.452570 164.111.141.141 TCP_DENIED/403 1347 > GET http://10.10.10.7/ hans NONE/- text/html > > (the ip adresses are made up) > > Hans. > >
Re: [squid-users] Squid Authentication
On Thu, 13 Nov 2003, melvin melvin wrote: > Hi all, > > how do i setup squid authentication in a way that it ties with my Windows > password? Is LDAP_auth able to do this? LDAP is one way if you are using MS AD. You can also use Samba winbind. See the Squid FAQ. Regards Henrik
Re: [squid-users] sigsegv again :-(
Please file a bug report for this issue. Regards Henrik On Thu, 13 Nov 2003, oleg wrote: > > hello. > i'm facing strange situation. > from the users' point of view squid works as normal, BUT > in my cache.log i have the following > === > 2003/11/13 09:16:08| Starting Squid Cache version 2.5.STABLE4 for > i686-pc-linux-gnu... > 2003/11/13 09:16:08| Process ID 22150 > 2003/11/13 09:16:08| With 1024 file descriptors available > 2003/11/13 09:16:08| DNS Socket created at 0.0.0.0, port 32796, FD 4 > 2003/11/13 09:16:08| Adding nameserver 192.168.7.5 from squid.conf > 2003/11/13 09:16:08| helperOpenServers: Starting 10 'squidGuard' processes > 2003/11/13 09:16:09| helperOpenServers: Starting 7 'auth_md5_wo_ip' processes > 2003/11/13 09:16:10| helperOpenServers: Starting 8 'ip_acl' processes > 2003/11/13 09:16:11| Unlinkd pipe opened on FD 35 > 2003/11/13 09:16:11| Swap maxSize 2682880 KB, estimated 206375 objects > 2003/11/13 09:16:11| Target number of buckets: 10318 > 2003/11/13 09:16:11| Using 16384 Store buckets > 2003/11/13 09:16:11| Max Mem size: 49152 KB > 2003/11/13 09:16:11| Max Swap size: 2682880 KB > 2003/11/13 09:16:11| Store logging disabled > 2003/11/13 09:16:11| Rebuilding storage in /cache (CLEAN) > 2003/11/13 09:16:11| Using Least Load store dir selection > 2003/11/13 09:16:11| Set Current Directory to /cache/ > 2003/11/13 09:16:11| Loaded Icons. > 2003/11/13 09:16:13| Accepting HTTP connections at 192.168.7.1, port 3128, FD 36. > 2003/11/13 09:16:13| Ready to serve requests. > 2003/11/13 09:16:13| Store rebuilding is 5.2% complete > 2003/11/13 09:16:16| Done reading /cache swaplog (78778 entries) > 2003/11/13 09:16:16| Finished rebuilding storage from disk. > 2003/11/13 09:16:16| 78778 Entries scanned > 2003/11/13 09:16:16| 0 Invalid entries. > 2003/11/13 09:16:16| 0 With invalid flags. > 2003/11/13 09:16:16| 78776 Objects loaded. > 2003/11/13 09:16:16| 0 Objects expired. > 2003/11/13 09:16:16| 0 Objects cancelled. > 2003/11/13 09:16:16| 1 Duplicate URLs purged. > 2003/11/13 09:16:16| 1 Swapfile clashes avoided. > 2003/11/13 09:16:16| Took 4.5 seconds (17586.1 objects/sec). > 2003/11/13 09:16:16| Beginning Validation Procedure > 2003/11/13 09:16:16| Completed Validation Procedure > 2003/11/13 09:16:16| Validated 78776 Entries > 2003/11/13 09:16:16| store_swap_size = 869504k > 2003/11/13 09:16:16| storeLateRelease: released 0 objects > (squid)[0x80996a9] > /lib/libc.so.6[0x400bb4f8] > (squid)[0x80a9515] > (squid)[0x8076db8] > (squid)[0x8064839] > (squid)[0x808410f] > /lib/libc.so.6(__libc_start_main+0xc7)[0x400a8917] > (squid)(log+0xa1)[0x804a6fd] > FATAL: Received Segment Violation...dying. > 2003/11/13 09:52:04| storeDirWriteCleanLogs: Starting... > 2003/11/13 09:52:04| WARNING: Closing open FD 36 > 2003/11/13 09:52:04| 65536 entries written so far. > 2003/11/13 09:52:04| Finished. Wrote 79389 entries. > 2003/11/13 09:52:04| Took 0.1 seconds (1173300.0 entries/sec). > CPU Usage: 9.990 seconds = 6.880 user + 3.110 sys > Maximum Resident Size: 0 KB > Page faults with physical i/o: 362 > Memory usage for squid via mallinfo(): > total space in arena: 13152 KB > Ordinary blocks:13133 KB 16 blks > Small blocks: 0 KB 6 blks > Holding blocks: 1164 KB 4 blks > Free Small blocks: 0 KB > Free Ordinary blocks: 18 KB > Total in use: 14297 KB 109% > Total free:18 KB 0% > 2003/11/13 09:52:07| Starting Squid Cache version 2.5.STABLE4 for > i686-pc-linux-gnu... > 2003/11/13 09:52:07| Process ID 22321 > 2003/11/13 09:52:07| With 1024 file descriptors available > 2003/11/13 09:52:07| DNS Socket created at 0.0.0.0, port 32797, FD 4 > 2003/11/13 09:52:07| Adding nameserver 192.168.7.5 from squid.conf > 2003/11/13 09:52:07| helperOpenServers: Starting 10 'squidGuard' processes > 2003/11/13 09:52:08| helperOpenServers: Starting 7 'auth_md5_wo_ip' processes > 2003/11/13 09:52:09| helperOpenServers: Starting 8 'ip_acl' processes > 2003/11/13 09:52:10| Unlinkd pipe opened on FD 35 > 2003/11/13 09:52:10| Swap maxSize 2682880 KB, estimated 206375 objects > 2003/11/13 09:52:10| Target number of buckets: 10318 > 2003/11/13 09:52:10| Using 16384 Store buckets > 2003/11/13 09:52:10| Max Mem size: 49152 KB > 2003/11/13 09:52:10| Max Swap size: 2682880 KB > 2003/11/13 09:52:10| Store logging disabled > 2003/11/13 09:52:10| Rebuilding storage in /cache (CLEAN) > 2003/11/13 09:52:10| Using Least Load store dir selection > 2003/11/13 09:52:10| Set Current Directory to /cache/ > 2003/11/13 09:52:10| Loaded Icons. > 2003/11/13 09:52:12| Accepting HTTP connections at 192.168.7.1, port 3128, FD 36. > 2003/11/13 09:52:12| Ready to serve requests. > 2003/11/13 09:52:12| Store rebuilding is 5.2% complete > 2003/11/13 09:52:12| Done reading /cache swaplog (79389 entri
[squid-users] ntlm
Hello, I'm just starting to use NTLM authentication with Squid and I have some questions: a) Do you really need to use winbind in order to use NTLM authentication? If I check the Squid FAQ, they are using the wb_ntlmauth. But I don't see any example with ntlmauth. b) If I tried: auth_param ntlm program /usr/local/squid/libexec/ntlm_auth DOMAIN/controller.hostname (but without winbind) The IE browsers just can't connect, they just keep looking for the page. - no special error message in the squid log file. c) fakeauth works without any problems, but the userid is then domain/userid. Is there any way to only have the 'userid' , so to drop that 'domain'? rgrds, Bart
Re: [squid-users] Experience of big squid setups?
our squid-setup: at about 150 locations connecting to three parent squid intranet, = interent and extranet we have at about 30 GB Traffic with 6-8 Mio Hits. markus rietzler
[squid-users] basic question
Hi all, A basic question, let's assume a web site is cached by squid. The site is updated by the site maintainers. How will squid update it's old cached version? Is there an ageing process? Best Regards, Gilbert __ Gilbert Galea I.S. Security Engineer Engineering & Operations Dept., Vodafone Malta Ltd. Tel: (+356) 23887 703 Mob: (+356) 99431021 Email: [EMAIL PROTECTED]
AW: AW: AW: [squid-users] Group Authentication (NT4 Domain)
same errors as before... anyway, I dunno if it is needed, but do i need to configure pam when using nt4 domain to authenticate? or do i need pam only in case of active directory? if so that could be a problem though too for i didn't yet configure pam > -Ursprüngliche Nachricht- > Von: Henrik Nordstrom [mailto:[EMAIL PROTECTED] > Gesendet: Donnerstag, 13. November 2003 09:38 > An: Altrock, Jens > Cc: 'Henrik Nordstrom'; '[EMAIL PROTECTED]' > Betreff: Re: AW: AW: [squid-users] Group Authentication (NT4 Domain) > > > On Thu, 13 Nov 2003, Altrock, Jens wrote: > > > The Squid log file is in the /usr/local/squid/var/logs/ > directory, and squid > > has access to the whole > > /usr/local/squid/ directory. So it must have write permission... > > Try starting Squid manually > > /path/to/squid -DNYd3 > > this should give you all errors on the terminal from where > you started > Squid. > > Regards > Henrik > ### Diese Nachricht wurde von F-Secure Anti-Virus gescannt. This message has been scanned by F-Secure Anti-Virus.
Re: [squid-users] basic question
Galea Gilbert wrote: > > Hi all, > > A basic question, let's assume a web site is cached by squid. > The site is updated by the site maintainers. > How will squid update it's old cached version? > Is there an ageing process? > > Best Regards, > Gilbert You need to update your basic knowledge on these issues : Have a look at : http://www.mnot.net/cache_docs/ M.
Re: AW: AW: AW: [squid-users] Group Authentication (NT4 Domain)
On Thu, 13 Nov 2003, Altrock, Jens wrote: > anyway, I dunno if it is needed, but do i need to configure pam when using > nt4 domain No. Only winbindd. You do not need either of PAM or NSS. These are only needed if you want to make the OS use winbind for authentication of local accounts, not for the proxy. Regards Henrik
Re: [squid-users] Auth Questions
Hi Alex, There maybe another approach to allow people access to your resticted IP resources. It is great for people on Company networks behind proxy firewalls or ISP that require them to use their proxies. EZproxy http://www.usefulutilities.com/ University Researchers who are located on our Hospital Network access restricted IP University Library Services. The University Library runs EZproxy. I know this doesn't answer your questions but I thought I would mention it just incase you did not know about this product. Kind Regards Jeff Smith > --- Alex Collins <[EMAIL PROTECTED]> wrote: > > > Hi There. > > > > Please forgive the waffle. > > > > We have an authenticated Squid proxy passing > through > > to ATHENS > > Authentication. http://www.athens.ac.uk. This > works > > superbly well, and > > is basically so our off campus users can use IP > > restricted resources. > > > > Details of exactly what we are doing are available > > at > > http://libweb.apu.ac.uk/authen/proxy.htm (you > should > > get the picture) > > It's a fairly basic Username / Password > > Authentication setup fired by a > > .pac file the users setup in their browser. > > > > As with all things they move on. Maintaining a > > 12,000 user name space > > requires a fair bit of admin. Maintaining 2 is > just > > a waste of time, and > > is exactly what we are doing at the moment. Add in > > "Students" to the mix > > and you see the problem. > > > > Solution: Junk the ATHENS auth in favour of a > > Devolved authentication > > method. Use a Local name space (In this case our > > Library Login using > > Aleph 500) with Devolved ATHENS via a session > cookie > > based system and we > > have an interesting mix. This is where we are > going > > for all our ATHENS > > authenticated resources. > > > > What I need to know is: > > 1) Could this session cookie based auth possibly > > work with squid. I'm > > 100% open to suggestions. > > 2) I'd also like to avoid the User Config of the > > .pac file URL - maybe > > auto send it as required - can this be done ? > > 3) Could a small java app push everything through > > the proxy after they > > are authenticated and identified as being off > > campus? Maybe sent from > > the squid server, maybe a.n.other web server. This > > could also help > > eliminate a further set of issues relating to > Citrix > > ICA stuff. > > 4) Am I totally barmy for even attempting this in > > the first place ? > > > > Your help is very much appreciated. > > -- > > Alex Collins. Library Systems and > Support > > Officer. > > Rivermead Library. Tel:01245 493131 X3722 > Fax: > > X3145 > > [EMAIL PROTECTED]http://libweb.apu.ac.uk > > This message has been ROT-13 Encrypted twice for > > Extra Security ! > > > __ > Do you Yahoo!? > Protect your identity with Yahoo! Mail AddressGuard > http://antispam.yahoo.com/whatsnewfree > __ Do you Yahoo!? Protect your identity with Yahoo! Mail AddressGuard http://antispam.yahoo.com/whatsnewfree
[squid-users] SUSPECT SPAM: POST problem.
Hi all ! I just find out a problem with my squid 2.4stable7 on Linux mandrake 9.0. When I click on the submit button after filling in the fields in the page http://www.sae.org/products/webcd/cddemo-dlrequest.htm I get the following: Method Not Allowed The requested method POST is not allowed for the URL /Access_Denied.html. Apache-AdvancedExtranetServer/1.3.26 Server at 127.0.0.1 Port 80 and in the squid log I get the following: 128.xxx.xxx.xxx valter - [13/Nov/2003:12:02:24 +0100] "POST http://www.sae.org/cgi-bin/FormMail.pl HTTP/1.1" 405 598 TCP_MISS:DIRECT The URL /Access_Denied.html is/should be on my server (is the message the users get when they land on a prohibited address) but I don't quite understand why I get the message. Can anyone help me ? Thank you loads Valter
Re: [squid-users] ntlm
On Thu, 13 Nov 2003, Schelstraete Bart wrote: > a) Do you really need to use winbind in order to use NTLM > authentication? If I check the Squid FAQ, they are using the > wb_ntlmauth. But I don't see any example with ntlmauth. For good operation you need winbind. There is a couple of other ntlm helpers not using winbind, but neither are very stable or reliable. > c) fakeauth works without any problems, but the userid is then > domain/userid. Is there any way to only have the 'userid' , so to drop > that 'domain'? The userid when using NTLM is domain/userid. This is what you entered when you logged in to the domain (well, split in two fields, but it still is the same) Regards Henrik
Re: [squid-users] basic question
On Thu, 13 Nov 2003, Galea Gilbert wrote: > A basic question, let's assume a web site is cached by squid. > The site is updated by the site maintainers. > How will squid update it's old cached version? Depends on how cache aware the web site was. If the web site did this correctly in a planned manner they set the expiry date on the old content to shortly before they planned on doing the update. Most don't and in such case Squid guesses how often the content is updated based on how old it is. See refresh_pattern. > Is there an ageing process? Yes. Regards Henrik
Re: AW: AW: AW: [squid-users] Group Authentication (NT4 Domain)
On Thu, 13 Nov 2003, Altrock, Jens wrote: > same errors as before... So what errors do you get? And where? In one mail you say you don't get any errors but Squid is refusing to start. Regards Henrik
RE: [squid-users] scanning through proxy
> We notice there is a surge in port 80 scanning through proxy > servers in the past few days. > Below is a sample of the scan request That is just a request for the root of the document tree on the server itself - it does not appear to be a request for a document on another server. I see nothing to be concerned about. Adam
AW: AW: AW: AW: [squid-users] Group Authentication (NT4 Domain)
The following: utils/ntlm_auth.c: manage_squid_request(1042) fgets() failed! dying. errno=0 (Erfolg) This message appears about 10 times, and after that pressing enter results in getting back to the "command line" (however you call it though). I can't even see the squid startup, I just see the last message, "aborted", before the above shown error comes... squid itself doesn't refuse to start, it starts though, but dies after pressing a key when getting that error. you see? > -Ursprüngliche Nachricht- > Von: Henrik Nordstrom [mailto:[EMAIL PROTECTED] > Gesendet: Donnerstag, 13. November 2003 15:08 > An: Altrock, Jens > Cc: 'Henrik Nordstrom'; '[EMAIL PROTECTED]' > Betreff: Re: AW: AW: AW: [squid-users] Group Authentication > (NT4 Domain) > > > On Thu, 13 Nov 2003, Altrock, Jens wrote: > > > same errors as before... > > So what errors do you get? And where? > > In one mail you say you don't get any errors but Squid is refusing to > start. > > Regards > Henrik > ### Diese Nachricht wurde von F-Secure Anti-Virus gescannt. This message has been scanned by F-Secure Anti-Virus.
Re: [squid-users] SUSPECT SPAM: POST problem.
Please describe what method you use for detecting "prohibited address". The error is most likely found there. Regards Henrik On Thu, 13 Nov 2003, Valter Dal Bo wrote: > Hi all ! > > I just find out a problem with my squid 2.4stable7 on Linux mandrake 9.0. > When I click on the submit button after filling in the fields in the page > http://www.sae.org/products/webcd/cddemo-dlrequest.htm > I get the following: > > Method Not Allowed > The requested method POST is not allowed for the URL /Access_Denied.html. > Apache-AdvancedExtranetServer/1.3.26 Server at 127.0.0.1 Port 80 > > and in the squid log I get the following: > 128.xxx.xxx.xxx valter - [13/Nov/2003:12:02:24 +0100] "POST > http://www.sae.org/cgi-bin/FormMail.pl HTTP/1.1" 405 598 TCP_MISS:DIRECT > > The URL /Access_Denied.html is/should be on my server (is the message > the users get when they land on a prohibited address) but I don't quite > understand why I get the message. > > Can anyone help me ? > Thank you loads > > Valter >
Re: AW: AW: AW: AW: [squid-users] Group Authentication (NT4 Domain)
On Thu, 13 Nov 2003, Altrock, Jens wrote: > I can't even see the squid startup, I just see the last message, "aborted", > before the above shown error comes... And how are you starting Squid? HAve you tried starting it manually like indicated earlier? If you do this there is no way you do not see the Squid startup messages. Note: The errors you see from ntlm_auth is not the cause to your problems, only another symptom due to the problems. The problems you are having is more fundamental and prevents Squid from starting correcly. Regards Henrik
RE: [squid-users] scanning through proxy
Hi Adam, You are right that it is a request for the root doc, and is normal to see this type of request. However, what I am seeing is continuous stream of these kind of requests, to consecutive dest IPs, at about 10 req/s. I believe there is some kind of scanning going on... Rgds, Wei Keong On Thu, 13 Nov 2003, Adam Aube wrote: > > We notice there is a surge in port 80 scanning through proxy > > servers in the past few days. > > > Below is a sample of the scan request > > That is just a request for the root of the document tree on the server > itself - it does not appear to be a request for a document on another > server. I see nothing to be concerned about. > > Adam >
[squid-users] SUSPECT SPAM: More info on POST.... (was: POST problem)
Well.I use squidguard as an external redirector program. Thank you 4 your help. Valter Henrik Nordstrom wrote: Please describe what method you use for detecting "prohibited address". The error is most likely found there. Regards Henrik On Thu, 13 Nov 2003, Valter Dal Bo wrote: Hi all ! I just find out a problem with my squid 2.4stable7 on Linux mandrake 9.0. When I click on the submit button after filling in the fields in the page http://www.sae.org/products/webcd/cddemo-dlrequest.htm I get the following: Method Not Allowed The requested method POST is not allowed for the URL /Access_Denied.html. Apache-AdvancedExtranetServer/1.3.26 Server at 127.0.0.1 Port 80 and in the squid log I get the following: 128.xxx.xxx.xxx valter - [13/Nov/2003:12:02:24 +0100] "POST http://www.sae.org/cgi-bin/FormMail.pl HTTP/1.1" 405 598 TCP_MISS:DIRECT The URL /Access_Denied.html is/should be on my server (is the message the users get when they land on a prohibited address) but I don't quite understand why I get the message. Can anyone help me ? Thank you loads
RE: [squid-users] scanning through proxy
On Thu, 13 Nov 2003, Wei Keong wrote: > However, what I am seeing is continuous stream of these kind of requests, > to consecutive dest IPs, at about 10 req/s. I believe there is some kind > of scanning going on... >From where are you seeing these? From your own users or from other users who should not be using your Squid? Regards Henrik
AW: AW: AW: AW: AW: [squid-users] Group Authentication (NT4 Domai n)
> -Ursprüngliche Nachricht- > Von: Henrik Nordstrom [mailto:[EMAIL PROTECTED] > Gesendet: Donnerstag, 13. November 2003 16:26 > An: Altrock, Jens > Cc: 'Henrik Nordstrom'; '[EMAIL PROTECTED]' > Betreff: Re: AW: AW: AW: AW: [squid-users] Group Authentication (NT4 > Domain) > > > On Thu, 13 Nov 2003, Altrock, Jens wrote: > > > I can't even see the squid startup, I just see the last > message, "aborted", > > before the above shown error comes... > > And how are you starting Squid? > > HAve you tried starting it manually like indicated earlier? > If you do this > there is no way you do not see the Squid startup messages. ok i'll try to explain that again: I started squid manually as every time, but the ntlm_auth messages appear at the startup, right after the infos about squid starting, which I don't see (for they go up out of the screen because that ntlm_auth error appears about 10 times on the screen). I start squid normally with -N -d 1 -D and, as you mentioned in a mail before, I did with -DNYd3 too, but with the same result. I should try and reinstall the whole system... > > > Note: The errors you see from ntlm_auth is not the cause to > your problems, > only another symptom due to the problems. The problems you > are having is > more fundamental and prevents Squid from starting correcly. > So should i turn of the ntlm_auth? If it is just one of lots of problems... > Regards > Henrik > ### Diese Nachricht wurde von F-Secure Anti-Virus gescannt. This message has been scanned by F-Secure Anti-Virus.
[squid-users] Re: ERR_CACHE_ACCESS_DENIED
Hi, >>> Neither of the two requests shown in your log uses SSDOWNLOAD in the >>> User-Agent.. The first is "Mozilla/4.0 (compatible; MSIE 6.0; >>> Windows NT 5.1)", the second "SSREADER/3.7.0.0001" >> >> When I grep through access.log, I did see SSDOWNLOAD. Now I added >> SSREADER too. Do I need a special ACL for Mozilla/4.0 too? I thought >> that's pretty standard? > > Do you still have problems using the application? I still can't download the list of docs from internet through Squid. I think my first report that it worked for some and not others was bogous. The ones downloaded were actually cached when used without Squid. My new acl looks like this. What parts of the log should I investigate further? acl ssread browser SSDOWNLOAD acl ssread browser SSREADER http_access allow ssread > The first request did not look like being sent by this application. The Mozilla part had to do with TCP_MISS. I don't know what's going on there. But when I added, acl ssread browser Mozilla some browsers (IE6.1 on slower machines) had to wait for a long time before loading page. So I took it out. Regards, Norman
[squid-users] Problem with squid.init!
Hi there, I have a problem with my squid start script in the /etc/init.d/ I use squid-2.5STABLE3 source code on REDHAT 9. I modified a squid script, so that I can start squid by /etc/init.d/squid start and stop with /etc/init.d/squid stop. I want squid to start automatically at the startup of the system. But when I do chkconfig --list | grep squid nothing shows up! Does someone know what the problem can be? Thanks in advance! Regards, Tommy Hansgrohe, Inc. Information Service 1492 Bluegrass Lakes Parkway Alpharetta, GA 30004 phone (+001) 678 - 762 - 6994
Re: AW: AW: AW: AW: AW: [squid-users] Group Authentication (NT4 Domai n)
On Thu, 13 Nov 2003, Altrock, Jens wrote: > I started squid manually as every time, but the ntlm_auth messages appear at > the startup, right after > the infos about squid starting, which I don't see (for they go up out of the > screen because that > ntlm_auth error appears about 10 times on the screen). Ok. not seeing because they scroll off the screen is very different from not seeing at all. To slow things down try this: squid -DNYd3 2>&1 | less or alternatively depending on the type of shell you use squid -DNYd3 |& less Regards Henrik
Re: [squid-users] Problem with squid.init!
On Thu, 13 Nov 2003 [EMAIL PROTECTED] wrote: > I have a problem with my squid start script in the /etc/init.d/ > I use squid-2.5STABLE3 source code on REDHAT 9. I modified a squid script, so that I > can start squid by /etc/init.d/squid start > and stop with /etc/init.d/squid stop. I want squid to start automatically at the > startup of the system. > But when I do chkconfig --list | grep squid nothing shows up! > Does someone know what the problem can be? Probably your squid init script does not have the required comments used by chkconfig, or you have not told chkconfig to add the init script to your rc directory (--add flag) See the chkconfig man page for details. Regards Henrik
Re: [squid-users] Problem with squid.init!
Le Thu, 13 Nov 2003 11:53:12 -0500, [EMAIL PROTECTED] écrivait : > Hi there, Hi, > the startup of the system. But when I do chkconfig --list | grep squid > nothing shows up! Does someone know what the problem can be? You must specify two lines like this in your init script : # chkconfig: 345 90 25 # description: Squid - Internet Object Cache. Then type : chkconfig --add squid man chkconfig for more details. -- Didier ALBENQUE DAG/DSI/MIVT
Re: [squid-users] Problem with squid.init! [solved]
Thanks a lot! That was what I needed! Regards, Tommy Hansgrohe, Inc. Information Service 1492 Bluegrass Lakes Parkway Alpharetta, GA 30004 phone (+001) 678 - 762 - 6994 Didier ALBENQUE <[EMAIL PROTECTED]To: [EMAIL PROTECTED] re.gouv.fr> cc: Subject: Re: [squid-users] Problem with squid.init! Le Thu, 13 Nov 2003 11:53:12 -0500, [EMAIL PROTECTED] écrivait : > Hi there, Hi, > the startup of the system. But when I do chkconfig --list | grep squid > nothing shows up! Does someone know what the problem can be? You must specify two lines like this in your init script : # chkconfig: 345 90 25 # description: Squid - Internet Object Cache. Then type : chkconfig --add squid man chkconfig for more details. -- Didier ALBENQUE DAG/DSI/MIVT
[squid-users] Monitoring Linux Squid from NT Client?
Hi folks, is there a possibility for monitoring squid running on linux from a NT client? Has someone any experiences with it? Which tools can you advice? Are there some howtos available? Thanks in advance! Regards, Tommy Hansgrohe, Inc. Information Service 1492 Bluegrass Lakes Parkway Alpharetta, GA 30004 phone (+001) 678 - 762 - 6994
[squid-users] filter ssl traffic
Hi, I am using squid 2.5. I would like all the rules that I configured in squid.conf (filtering, blocking sites, different modules, etc.) will also apply to SSL traffic. I want the SSL connection to terminate at the squid, so all the traffic will be inspected as regular HTTP traffic. is this possible ? how can this be done ? Thank you, -Z -- zidan [EMAIL PROTECTED] -- http://www.fastmail.fm - Access all of your messages and folders wherever you are
RE: [squid-users] Monitoring Linux Squid from NT Client?
> is there a possibility for monitoring squid running on > linux from a NT client? Monitoring Squid itself, or monitoring users accessing Squid? You can use Cache Manager to monitor Squid itself from any client with a web browser (so long as you provide access in squid.conf). Adam
RE: [squid-users] filter ssl traffic
> I want the SSL connection to terminate at the squid, so all > the traffic will be inspected as regular HTTP traffic. Only if Squid is being used in accelerator mode - the design of SSL prevents it in any other setup. Adam
Re: [squid-users] Monitoring Linux Squid from NT Client?
Hi, At 20.07 13/11/2003, [EMAIL PROTECTED] wrote: Hi folks, is there a possibility for monitoring squid running on linux from a NT client? Has someone any experiences with it? Which tools can you advice? Are there some howtos available? Two options: Use cachemgr.cgi from Windows port of Squid and configure IIS, see FAQ for download link. or http://softbox.netfirms.com/sqshow.htm Regards Guido - Guido Serassio Acme Consulting S.r.l. Via Gorizia, 69 10136 - Torino - ITALY Tel. : +39.011.3249426 Fax. : +39.011.3293665 Email: [EMAIL PROTECTED] WWW: http://www.acmeconsulting.it/
FW: [squid-users] NCSA Authent ...
>> Are you trying to allow certain sites to only certain >> users, or allow certain users only certain sites? > Allow certain sites to only certain users. Then after you allow access to a group of sites for a specific group of users, you'll want to immediately deny access to that group of sites to make sure a later http_access rule doesn't unintentionally allow access. Adam
FW: [squid-users] Squid closing connection in mid stream
>>> I'm using Squid 2.5 Stable 4 with a rather basic config. >>> Everything is working as it should, with the exception >>> of one site (www.hcmuscle.com). >> The site loaded fine for me - Squid 2.5 STABLE4, IE 5.5 SP2 >> on Win2k SP3. What client browser/OS are you using? > IE 6, Windows 2K Pro. IE 6 has many bugs. Make sure you are up to date on all IE patches and service packs from Microsoft. You may still run into some problems with it. Adam
Re: [squid-users] Monitoring Linux Squid from NT Client?
On Thu, 13 Nov 2003 [EMAIL PROTECTED] wrote: > is there a possibility for monitoring squid running on linux from a NT client? Any HTTP monitoring program can be used. Also any kind of system monitoring with a web interface is also suitable. You can also call the cachemgr from any kind of station.. (web based) to look into how Squid is behaving. What tool to use depends on what kind of monitoring you are looking for. Regards Henrik
Re: [squid-users] filter ssl traffic
On Thu, 13 Nov 2003, zidan wrote: > I am using squid 2.5. I would like all the rules that I configured in > squid.conf (filtering, blocking sites, > different modules, etc.) will also apply to SSL traffic. > > I want the SSL connection to terminate at the squid, so all the traffic > will be inspected as regular HTTP traffic. Not without servere limitations - SSL will be broken, no longer supporting client side certificates or user selected trust in server certificates. - You will need a custom CA to be installed in each client browser, or else they won't trust that the proxy is the SSL server they wanted to contact. - Squid needs to be extended to generate fake SSL certificates in response to CONNECT requests. (this means coding) - Browser must be configured to use the proxy, or else the proxy will not be able to tell what web site to fake the server side certificate for. Regards Henrik
[squid-users] Re: ERR_CACHE_ACCESS_DENIED
Hi, > acl ssread browser SSDOWNLOAD > acl ssread browser SSREADER > http_access allow ssread My bad. After restarting squid with the above rules added, the application did work. Regards, Norman
[squid-users] Dumb Cache Question
Hello, This may seem like a dumb question, but... I have squid running with authentication and with squidGuard as a redirect program. All this is working okay. I have set some debugging hooks in the squidGuard code to watch operation and how squid and squidGuard interface. My question is this, if squid is a caching proxy, how come it sends all GETs to the redirector? That is, even a sight that is not blocked by the squidGuard blacklist is passed to squidGuard for checking. For example, every time I go to my own web site (http://www.wildapache.net), I see all the GETs go through squidGuard. When does squid check it's cache for the information on any given request? Is it after the call to squidGuard? I guess I do not understand how squid works. It seems to me that squid would check it's cache first before it called the redirector, but it doesn't seem to work this way. Could someone please explain to me the functional model for squid and the justification for the model, or direct me to a site that can explain this? A functional flow diagram would be helpful if one exists on the web. Thanks, Murrah Boswell
RE: [squid-users] ntlm_auth does not work
Hello Adam, you wrote: >>I am using ntlm_auth from samba-3.0.0 with squid 2.5.STABLE3. >>And neither Win2k clients can authenticate, nor win98 ones. >Then you likely have a problem with your Samba install. Did you run >the wbinfo tests as specified in the Squid FAQ? If so, what was the >output? If not, run them and post the output. Squid FAQ says: "As Samba-3.x has it's own authentication helper there is no need to build any of the Squid authentication helpers for use with Samba-3.x. ... Note: For Samba-3.X the Samba ntlm_auth helper is used instead of the wb_ntlmauth and wb_auth helpers above." Following these instructions i see interesting thing: #./ntlm_auth --username xxx --password xxx NT_STATUS_NO_LOGON_SERVERS: No logon servers (0xc05e) # ./ntlm_auth --username xxx --password xxx NT_STATUS_OK: Success (0x0) # -- Best regards, GZMmailto:[EMAIL PROTECTED]
Re: [squid-users] Dumb Cache Question
OTR Comm wrote: > > Hello, > > This may seem like a dumb question, but... > > I have squid running with authentication and with squidGuard as a > redirect program. All this is working okay. I have set some debugging > hooks in the squidGuard code to watch operation and how squid and > squidGuard interface. > > My question is this, if squid is a caching proxy, how come it sends all > GETs to the redirector? That is, even a sight that is not blocked by The redirector usage is defined by >you< by specifying a redirector in squid.conf , in this case squidGuard. If squidGuard is the authority for your blocking purposes, then by definition all url's must pass squidGuard first for checking. > the squidGuard blacklist is passed to squidGuard for checking. For > example, every time I go to my own web site (http://www.wildapache.net), > I see all the GETs go through squidGuard. > > When does squid check it's cache for the information on any given > request? Is it after the call to squidGuard? > Most probably , because squidGuard can transfer or transfers an URL into another one. Hence checking for the cache is only meaningfull for the returned-by-squidguard request. > I guess I do not understand how squid works. It seems to me that squid > would check it's cache first before it called the redirector, but it > doesn't seem to work this way. Could someone please explain to me the > functional model for squid and the justification for the model, or > direct me to a site that can explain this? A functional flow diagram > would be helpful if one exists on the web. > > Thanks, > Murrah Boswell -- 'Love is truth without any future. (M.E. 1997)