Re: [squid-users] squid and SSH
Henrik Nordstrom wrote: SOCKS, for proxying of other protocols such as SSH, POP-3, IMAP, ICQ, IRC, etc etc... OK, that's a good explanation, thank you. Now, the matter is: our network setup causes us to use OUR squid proxy which uses the PARENT of our ISP. How would I be using a SOCKS proxy in this environment? THanks... -- --- Boniforti Flavio Provincia del Verbano-Cusio-Ossola Ufficio Informatica Tecnoparco del Lago Maggiore Via dell'Industria, 25 28924 Verbania ---
[squid-users] reverse-proxy for multiple domains
hi, ich tried to configure squid as a reverse proxy for multiple domains. I rebulit squid with the --disable-internal-dns option with the following command: ./configure --disable-internal-dns make make install till this point everything went fine. i use these options in the squid.conf http_port 5 acl TEST dst http_access allow TEST httpd_accel_host virtual httpd_accel_port 0 httpd_accel_single_host off http_accel_with_proxy off httpd_accel_uses_host_header on In the hosts-file i put the ip of the webserver i want to reach. it looks likes this: i tested the squid with one webserver and only changed the httpd_accel-settings an everything went fine. i don't know why squid isn't using the /etc/hosts entries, has anybody an explanation? bye martin
RE: [squid-users] reverse-proxy for multiple domains
> > hi, > > ich tried to configure squid as a reverse proxy for multiple > domains. I > rebulit squid with the --disable-internal-dns option with the > following > command: > > ./configure --disable-internal-dns > make > make install > > till this point everything went fine. > > i use these options in the squid.conf > > http_port 5 > > acl TEST dst > http_access allow TEST > > > httpd_accel_host virtual > httpd_accel_port 0 > > httpd_accel_single_host off > http_accel_with_proxy off > httpd_accel_uses_host_header on > > In the hosts-file i put the ip of the webserver i want to > reach. it looks > likes this: > > > > i tested the squid with one webserver and only changed the > httpd_accel-settings an everything went fine. > > i don't know why squid isn't using the /etc/hosts entries, > has anybody an > explanation? > Which version of SQUID are you using ? M.
Re: [squid-users] 2 squid server in different network (Urgent)
On Thu, 26 Feb 2004, Winanjaya wrote: > But there is only 1 internet connection in Network A ..(172.16.1.0) .. > peoples in Network B should request to Network A if they want to surf to > internet .. I want squid in Network B will handle it before they passed to > Network A .. then I only set the acl for the squid for Network B.. I need > advice .. thanks Squid FAQ 4.8 How do I configure Squid to work behind a firewall? http://www.squid-cache.org/Doc/FAQ/FAQ-4.html#ss4.8> Squid FAQ 4.9 How do I configure Squid forward all requests to another proxy? http://www.squid-cache.org/Doc/FAQ/FAQ-4.html#ss4.9> Regards Henrik
AW: [squid-users] reverse-proxy for multiple domains
i use squid 2.5 stable4 on a debian3.0 rc2 > -Ursprüngliche Nachricht- > Von: Elsen Marc [mailto:[EMAIL PROTECTED] > Gesendet: Donnerstag, 26. Februar 2004 09:24 > An: [EMAIL PROTECTED]; [EMAIL PROTECTED] > Betreff: RE: [squid-users] reverse-proxy for multiple domains > > > > > > > > hi, > > > > ich tried to configure squid as a reverse proxy for multiple > > domains. I > > rebulit squid with the --disable-internal-dns option with the > > following > > command: > > > > ./configure --disable-internal-dns > > make > > make install > > > > till this point everything went fine. > > > > i use these options in the squid.conf > > > > http_port 5 > > > > acl TEST dst > > http_access allow TEST > > > > > > httpd_accel_host virtual > > httpd_accel_port 0 > > > > httpd_accel_single_host off > > http_accel_with_proxy off > > httpd_accel_uses_host_header on > > > > In the hosts-file i put the ip of the webserver i want to > > reach. it looks > > likes this: > > > > > > > > i tested the squid with one webserver and only changed the > > httpd_accel-settings an everything went fine. > > > > i don't know why squid isn't using the /etc/hosts entries, > > has anybody an > > explanation? > > > > Which version of SQUID are you using ? > > M. >
Re: [squid-users] Access.log
On Wed, 25 Feb 2004, Brian Bennett wrote: > Everything I find refers to using winbind to access an NT PDC, well I dont > need to get at another PDC, both squid and SAMBA PDC are on the same box. > Is there not an easy way to get squid to get the currently logged on > machine\user from an IP address from samba? (this would be ideal). winbind? > I have tried setting up winbind, but it does not work for me, wbinfo -a > with user and password fails. If I have to go this route, is there a > trick to setting this up when there is NO NT BOX involved. Should work just fine with a Samba PDC, just as it works with a NT PDC. > Like I said, I think winbind is overkill in this scenario, as I dont' > care about authing against NT. winbind is not about NT but about having integration with a Windows PDC including a Samba based PDC to provide automatic login to the proxy if the user is using a Windows box and logged on to the domain. > Any help would be greatly appreciated, as these squid logs aren't of much > help with dhcp ip addresses in them. If your DHCP server supports dynamic DNS you could have it automatically register the machine names in DNS when it gives out IP addresses. Maybe this will help? Regards Henrik
Re: [squid-users] TAG:deny_info - another question
On Wed, 25 Feb 2004, OTR Comm wrote: > Is it possible to get squid to also send the user ident when it 'calls' > ERR_FORWARDING_DENIED? That is, the URL goes is sent in %U, but can I > get the user ident also? Unfortunately there is no % tag for the user name. Should not be hard to add one I guess. See src/errorpage.c. Regards Henrik
Re: [squid-users] monitoring squid without cachemgr.cgi
On Wed, 25 Feb 2004, unixware wrote: > i want to monitor squid response time and other > parameters through command line rather than using > cachemgr.cgi squidclient mgr: or by using SNMP (if enabled in your Squid). Regards Henrik
Re: AW: [squid-users] reverse-proxy for multiple domains
On Thursday 26 February 2004 15:29, [EMAIL PROTECTED] wrote: > > > i don't know why squid isn't using the /etc/hosts entries, > > > has anybody an > > > explanation? Did you apply below command after rewrite /etc/hosts file? $ /path/to/squid -k reconfigure You need to apply above command the let Squid knows you want it to re-read its configuration files. -- Regards, Anthony M. Rasat PT. Kalteng Pos Press Palangkaraya - Indonesia.-
AW: AW: [squid-users] reverse-proxy for multiple domains
i restartet squid everytime i changed the /etc/squid.conf with the following command /etc/init.d/squid restart is it also ok? > -Ursprüngliche Nachricht- > Von: Anthony M. Rasat [mailto:[EMAIL PROTECTED] > Gesendet: Donnerstag, 26. Februar 2004 10:11 > An: [EMAIL PROTECTED] > Betreff: Re: AW: [squid-users] reverse-proxy for multiple domains > > > On Thursday 26 February 2004 15:29, > [EMAIL PROTECTED] wrote: > > > > i don't know why squid isn't using the /etc/hosts entries, > > > > has anybody an > > > > explanation? > > Did you apply below command after rewrite /etc/hosts file? > > $ /path/to/squid -k reconfigure > > You need to apply above command the let Squid knows you want > it to re-read its > configuration files. > > -- > > Regards, > > Anthony M. Rasat > PT. Kalteng Pos Press > Palangkaraya - Indonesia.- >
[squid-users] HTTP 502 Proxy Error
Hi all, I have just started to play with Squid and currently I am using a MS ISA server as the parent cache and forcing Squid to ask ISA to get the pages if it doesn't have it in cache. The authentication is working fine, but I get the following error: HTTP 502 Proxy Error - The ISA Server denies the specified Uniform Resource Locator (URL). (12202) Can anybody perhaps help me with this? Regards Gert de Swardt This email and any file transmitted with it is confidential and may also be legally privileged. It is intended solely for the use of the entity or the individual to whom it is addressed. If you are not the intended recipient, please advice the sender immediately and delete the message without copying, distributing or disclosing its contents to any other person. Whilst this message has been checked for all known viruses by EC Harris, we cannot accept liability for any damage sustained as a result of software viruses and advise that you carry out your own virus checks before opening any attachment. Please view our website at http://www.echarris.com
Re: [squid-users] reverse-proxy for multiple domains
On Thu, 26 Feb 2004 [EMAIL PROTECTED] wrote: > ich tried to configure squid as a reverse proxy for multiple domains. Which Squid version? > httpd_accel_host virtual > httpd_accel_port 0 Why httpd_accel_port 0? And are you sure you want httpd_accel_host virtual? This is not about domain-based virtual hosts but IP based virtual hosts. > httpd_accel_single_host off > http_accel_with_proxy off > httpd_accel_uses_host_header on Ok, > In the hosts-file i put the ip of the webserver i want to reach. it looks > likes this: > > The hostname should be the hostname the clients requests (or what is logged in access.log), not the actual hostname. > i tested the squid with one webserver and only changed the > httpd_accel-settings an everything went fine. > > i don't know why squid isn't using the /etc/hosts entries, has anybody an > explanation? It does for me. Maybe you are using a redirector disturbing things? Regards Henrik
RE: [squid-users] HTTP 502 Proxy Error
> > Hi all, > > I have just started to play with Squid and currently I am > using a MS ISA > server as the parent cache and forcing Squid to ask ISA to > get the pages if > it doesn't have it in cache. > > The authentication is working fine, but I get the following error: > HTTP 502 Proxy Error - The ISA Server denies the specified > Uniform Resource > Locator (URL). (12202) > > Can anybody perhaps help me with this? > Perhaps this could be relevant; I do not use MS ISA myself however. M. http://support.microsoft.com/default.aspx?scid=kb;en-us;Q295089
Re: [squid-users] HTTP 502 Proxy Error
On Thu, 26 Feb 2004, DeSwardt, Gert (Lyn) wrote: > The authentication is working fine, but I get the following error: > HTTP 502 Proxy Error - The ISA Server denies the specified Uniform Resource > Locator (URL). (12202) This looks like some kind of access restriction or problem with the ISA server, not Squid. Can you access the ISA server as a proxy from the Squid server by running a browser on the Squid server? (use lynx if you do not have a screen). Regards Henrik
RE: [squid-users] HTTP 502 Proxy Error
Hi Marc, Thanx for the URL. I have already made sure that the SP is the latest and used winupdate to make sure I have all the updates for ISA that is available. -Original Message- From: Elsen Marc [mailto:[EMAIL PROTECTED] Sent: 26 February 2004 10:01 To: DeSwardt, Gert (Lyn); [EMAIL PROTECTED] Subject: RE: [squid-users] HTTP 502 Proxy Error > > Hi all, > > I have just started to play with Squid and currently I am > using a MS ISA > server as the parent cache and forcing Squid to ask ISA to > get the pages if > it doesn't have it in cache. > > The authentication is working fine, but I get the following error: > HTTP 502 Proxy Error - The ISA Server denies the specified > Uniform Resource > Locator (URL). (12202) > > Can anybody perhaps help me with this? > Perhaps this could be relevant; I do not use MS ISA myself however. M. http://support.microsoft.com/default.aspx?scid=kb;en-us;Q295089 This email and any file transmitted with it is confidential and may also be legally privileged. It is intended solely for the use of the entity or the individual to whom it is addressed. If you are not the intended recipient, please advice the sender immediately and delete the message without copying, distributing or disclosing its contents to any other person. Whilst this message has been checked for all known viruses by EC Harris, we cannot accept liability for any damage sustained as a result of software viruses and advise that you carry out your own virus checks before opening any attachment. Please view our website at http://www.echarris.com
RE: [squid-users] HTTP 502 Proxy Error
Hi Henrik When I change the proxcy to the ISA server on the Squid server and try to access the ISA server, I get authentication required error. If I checnge the proxcy back to the Squid server it comes up with a username/password box. After entering the network user credentials, it goes to the ISA server and I get the same HTTP 502 error. Regards Gert -Original Message- From: Henrik Nordstrom [mailto:[EMAIL PROTECTED] Sent: 26 February 2004 10:03 To: DeSwardt, Gert (Lyn) Cc: '[EMAIL PROTECTED]' Subject: Re: [squid-users] HTTP 502 Proxy Error On Thu, 26 Feb 2004, DeSwardt, Gert (Lyn) wrote: > The authentication is working fine, but I get the following error: > HTTP 502 Proxy Error - The ISA Server denies the specified Uniform Resource > Locator (URL). (12202) This looks like some kind of access restriction or problem with the ISA server, not Squid. Can you access the ISA server as a proxy from the Squid server by running a browser on the Squid server? (use lynx if you do not have a screen). Regards Henrik This email and any file transmitted with it is confidential and may also be legally privileged. It is intended solely for the use of the entity or the individual to whom it is addressed. If you are not the intended recipient, please advice the sender immediately and delete the message without copying, distributing or disclosing its contents to any other person. Whilst this message has been checked for all known viruses by EC Harris, we cannot accept liability for any damage sustained as a result of software viruses and advise that you carry out your own virus checks before opening any attachment. Please view our website at http://www.echarris.com
Re: [squid-users] squid and SSH
On Thu, 26 Feb 2004, Boniforti Flavio wrote: > OK, that's a good explanation, thank you. > Now, the matter is: our network setup causes us to use OUR squid proxy > which uses the PARENT of our ISP. How would I be using a SOCKS proxy in > this environment? The two are not related. Assuming your ISP gives you Internet access and not only web access you should be able to run a SOCKS proxy for those other services. Regards Henrik
AW: [squid-users] reverse-proxy for multiple domains
Why httpd_accel_port 0? cause i read it somewhere i don't remember anymore. i thought the port must be zero in connection with the virtual httpd_accel_host. do i have to change it to the port of the web-server? > -Ursprungliche Nachricht- > Von: Henrik Nordstrom [mailto:[EMAIL PROTECTED] > Gesendet: Donnerstag, 26. Februar 2004 10:58 > An: [EMAIL PROTECTED] > Cc: [EMAIL PROTECTED] > Betreff: Re: [squid-users] reverse-proxy for multiple domains > > > On Thu, 26 Feb 2004 [EMAIL PROTECTED] wrote: > > > ich tried to configure squid as a reverse proxy for > multiple domains. > > Which Squid version? > > > httpd_accel_host virtual > > httpd_accel_port 0 > > Why httpd_accel_port 0? > > And are you sure you want httpd_accel_host virtual? This is not about > domain-based virtual hosts but IP based virtual hosts. > > > httpd_accel_single_host off > > http_accel_with_proxy off > > httpd_accel_uses_host_header on > > Ok, > > > In the hosts-file i put the ip of the webserver i want to > reach. it looks > > likes this: > > > > > > The hostname should be the hostname the clients requests (or what is > logged in access.log), not the actual hostname. > > > i tested the squid with one webserver and only changed the > > httpd_accel-settings an everything went fine. > > > > i don't know why squid isn't using the /etc/hosts entries, > has anybody an > > explanation? > > It does for me. > > Maybe you are using a redirector disturbing things? > > Regards > Henrik >
RE: [squid-users] Squid -k reconfigure from Web form
At 07:38 26.2.2004 +0100, Elsen Marc wrote: > >> I'd like to run squid -k reconfigure from Web form. I know it >> sounds like a >> crazy idea, but that's what I like to do. The idea is make a >> sevice that >> gives a teacher an easy way to restrain class from Internet. >> The other part >> of program works but managing Squid isn't. >> I have perl script which works fine when run from shell, but >> not when run >> with Apache. I wonder if it's possible at all? >> >> system("/usr/local/squid/sbin/squid -k reconfigure") causes: >> squid: ERROR: Could not send signal 1 to process 3646: (1) >> Operation not >> permitted >> > > Probably, the intended program must run under the same uid as the >user squid is being configured to run under in squid.conf or else >the application must run as root. > > M. Ok.If want to run program as user squid, how can I do this? I found that it is possible with directive in httpd.conf, but I didn't manage to do it. I have RH9.0, Apache 2.0.40 and Squid 2.5 PH
[squid-users] squid_ldap_auth Windows 2003
I have been successfully using Squid 2.5.STABLE4 using squid_ladp_auth authenticating against Windows 200 Active Directory without any problems for a number of months. Following the upgrade of the domain to Windows 2003 server squid_ldap_auth appears to now only function intermittently For example. $ ./squid_ldap_auth -b "DC=MAN,DC=STC,DC=AC,DC=UK" -D "CN=squiduser,CN=Users,DC=MAN,DC=STC,DC=AC,DC=UK" -w "password" -h 172.24.0.100 -u sAMAccountName -f sAMAccountName =%s cscott password OK cscott password squid_ldap_auth: WARNING, LDAP search error 'Operations error' OK cscott password squid_ldap_auth: WARNING, LDAP search error 'Operations error' OK As squid_ldap_auth eventually returns an OK and ldapsearch works with the same query I do not believe this problem to be related to security permissions. Any on the cause of this and how it can be resolved? Thanks in advance Craig Scott IT Development Officer South Tyneside College Tel: (0191) 4273670
[squid-users] Using Squid to cache Kazaa (Yes ! It can be possible !)
Hello list, I did some tests with a small and nice soft called KazaaHTTP (www.iprisma.com/kazaahttp) that translate a SOCKS 5 connection to a HTTP one. My big surprise when I tried to download a "licenced" music from Kazaa from one machine and tried again from other. The speed reaches 1033 kbytes/s (yes ! squid cached it nicely) ! Well ... at this moment you already figured out what happens when Kazaa asks for small (and different) chunks of the file from other hosts ... obviously, the squid doesn't have a way to cache it ... This list is composed mainly of sysadmins that see tons of their bandwidth going away day after day and I'm pretty sure that everybody here will like to have a way to cache this content using a grateful and reliable code that squid is, instead to use a proprietary and costly code (PeerCache, CacheLogic, etc). I don't know anything about squid internals so my question is: "Duane, can't squid have a module to handle this kind of use?" Neilson
Re: [squid-users] squid_ldap_group acl
On Thu, 26 Feb 2004, Silhavy, Peter wrote: > Can anybody help me with %a %v and %s arguments? These are documented in the squid_ldap_group manual. But please note that %a and %v has been replaced with %g and %u which is a whole lot easier to remember (user, group). -f filter LDAP search filter used to search the LDAP direc tory for any matching group memberships.In the filter %u will be replaced by the user name (or DN if the -F or -u options are used) and %g by the requested group name. -F filter LDAP search filter used to search the LDAP direc tory for any matching users.In the filter %s will be replaced by the user name. If % is to be included literally in the filter then use %%. and the older squid_ldap_group documentation from 2.5.STABLE1 read for the -f option: -f filter LDAP search filter used to search the LDAP direc tory for any matching group memberships. In the filter %v will be replaces by the user login name and %a by the requested group name. Regards Henrik
Re: [squid-users] TAG:deny_info - another question
On Thu, 26 Feb 2004, OTR Comm wrote: > I am using squid-3.0 so I looked in errorpage.cc and found the > errorConvert(char token, ErrorState * err) function. Yes, this is where it all happens. > I see how the URL is setup in the case for 'U'. > I see that > > > HttpRequest *r = err->request; > The important part of %U is found further down case 'U': p = r ? urlCanonicalClean(r) : err->url ? err->url : "[no URL]"; break; this calculates what %U should be replaced by. Translated to english the above logics is If there is a request then use the URL from the request else if there is a URL registered in the ErrorState object use that url else "[no URL]". > Now, can I setup another case in errorConvert for the username (maybe > 'C' for client ID) and reference 'r->extacl_user' to get the username? extacl_user is maybe not what you are looking for. This is the username as returned by external_acl_type, not the username from authentication. There is quite many kinds of usernames in Squid. The current Squid-3.0 sources have the following different username concepts: * Username from URL, as in ftp://user:[EMAIL PROTECTED]/ * Username from authentication * Username from IDENT lookup * Username from external acl lookup (external_acl_type) * Username from SSL certificate As each have somewhat different meaning each is accessed differently. Examples on how most of these can be accessed can be found in ClientHttpRequest::logRequest() and clientPrepareLogWithRequestDetails() (both found in client_side.cc) where the information is prepared for logging in access.log. Regards Henrik
[squid-users] Re: memory ? result bypass server w/squid
On Thu, 26 Feb 2004, Bobby Gochuico wrote: > I have not been using the proxy to point to squid and so far it has no > activity but yet the use mem is at 355356 mb ram. > is that normal ? below is the details. > > total used free sharedbuffers cached > Mem:517220 355356 161864 27820 228176 13600 > -/+ buffers/cache: 113580 403640 > Swap: 514040 0 514040 Your memory usage is 113580 KB, with approximately 403640 KB free memory. This is perfectly normal. Regards Henrik
[squid-users] errorpage.cc and errorConvert question
Hello, I added an additional case to errorConvert, just for debugging, i.e., case 'C': if (r->auth_user_request) { p = "[UNKNOWN]"; } else { p = "[unknown]"; } break; I wanted to see if r->auth_user_request is true in errorConvert. Then I modified my query string in ERR_FORWARDING_DENIED to pickup the value for 'C', i.e., URL=http://216.19.43.110/cgi-bin/squidsearch/FD_Handler.cgi?url=%U&ident=%C But %C doesn't pickup either value from the case statement. %U does pickup the URL, but it is like the case for 'C' is ignored. What have I missed here? Thanks, Murrah Boswell By the way, just an observation, at other case statements in errorConvert, 'unknown' is misspelled at cases 'M' and 'P' where it is spelled 'unkown'. Just an editorial observation!
[squid-users] Can not compile ip_wccp.c
Hello All This is the first time i am playing with kernel and trying to patch it (ip_wccp.c) and failing. Having no idea what i am doing wrong i turn to the number 1 place for squid help. below is the complete out put. Regards Mahmood Ahmed Buraak Telecommunications Pvt. Ltd. [EMAIL PROTECTED] linux]# gcc -D__KERNEL__ -I/usr/include/linux -Wall -Wstrict-prototypes\ > -O2 -fomit-frame-pointer -fno-strict-aliasing -pipe -fno-strength-reduce \ > -mcpu=i386 -DCPU=386 -DMODULE -DMODVERSIONS -include \ > /usr/include/linux/modversions.h -c ip_wccp.c In file included from :1: /usr/include/linux/modversions.h:1:2: #error Modules should never use kernel-headers system headers, /usr/include/linux/modversions.h:2:2: #error but rather headers from an appropriate kernel-source package. /usr/include/linux/modversions.h:3:2: #error Change -I/usr/src/linux/include (or similar) to /usr/include/linux/modversions.h:4:2: #error -I/lib/modules/$(uname -r)/build/include /usr/include/linux/modversions.h:5:2: #error to build against the currently-running kernel. In file included from /usr/include/linux/fs.h:23, from /usr/include/linux/capability.h:17, from /usr/include/linux/binfmts.h:5, from /usr/include/linux/sched.h:9, from ip_wccp.c:10: /usr/include/linux/string.h:8:2: warning: #warning Using kernel header in userland! In file included from /usr/include/linux/sched.h:14, from ip_wccp.c:10: /usr/include/linux/timex.h:173: field `time' has incomplete type In file included from /usr/include/linux/bitops.h:69, from /usr/include/asm/system.h:7, from /usr/include/linux/sched.h:16, from ip_wccp.c:10: /usr/include/asm/bitops.h:327:2: warning: #warning This includefile is not available on all architectures. /usr/include/asm/bitops.h:328:2: warning: #warning Using kernel headers in userspace: atomicity not guaranteed In file included from /usr/include/linux/signal.h:4, from /usr/include/linux/sched.h:25, from ip_wccp.c:10: /usr/include/asm/signal.h:107: parse error before "sigset_t" /usr/include/asm/signal.h:110: parse error before '}' token In file included from /usr/include/linux/sched.h:81, from ip_wccp.c:10: /usr/include/linux/timer.h:45: parse error before "spinlock_t" /usr/include/linux/timer.h:53: parse error before '}' token /usr/include/linux/timer.h:67: parse error before "tvec_base_t" /usr/include/linux/timer.h:101: parse error before "tvec_bases" /usr/include/linux/timer.h: In function `init_timer': /usr/include/linux/timer.h:105: dereferencing pointer to incomplete type /usr/include/linux/timer.h:105: dereferencing pointer to incomplete type /usr/include/linux/timer.h:106: dereferencing pointer to incomplete type /usr/include/linux/timer.h: In function `timer_pending': /usr/include/linux/timer.h:121: dereferencing pointer to incomplete type In file included from /usr/include/linux/highmem.h:5, from /usr/include/linux/skbuff.h:26, from ip_wccp.c:12: /usr/include/asm/pgalloc.h:6:24: asm/fixmap.h: No such file or directory In file included from /usr/include/linux/highmem.h:5, from /usr/include/linux/skbuff.h:26, from ip_wccp.c:12: /usr/include/asm/pgalloc.h: At top level: /usr/include/asm/pgalloc.h:57: parse error before '*' token /usr/include/asm/pgalloc.h: In function `get_pgd_slow': /usr/include/asm/pgalloc.h:59: `pgd_t' undeclared (first use in this function) /usr/include/asm/pgalloc.h:59: (Each undeclared identifier is reported only once /usr/include/asm/pgalloc.h:59: for each function it appears in.) /usr/include/asm/pgalloc.h:59: `pgd' undeclared (first use in this function) /usr/include/asm/pgalloc.h:59: parse error before ')' token /usr/include/asm/pgalloc.h:62: `USER_PTRS_PER_PGD' undeclared (first use in this function) /usr/include/asm/pgalloc.h:63: `swapper_pg_dir' undeclared (first use in this function) /usr/include/asm/pgalloc.h:63: `PTRS_PER_PGD' undeclared (first use in this function) /usr/include/asm/pgalloc.h: At top level: /usr/include/asm/pgalloc.h:70: parse error before '*' token /usr/include/asm/pgalloc.h: In function `get_pgd_fast': /usr/include/asm/pgalloc.h:80: `pgd_t' undeclared (first use in this function) /usr/include/asm/pgalloc.h:80: parse error before ')' token /usr/include/asm/pgalloc.h: At top level: /usr/include/asm/pgalloc.h:83: parse error before '*' token /usr/include/asm/pgalloc.h: In function `free_pgd_fast': /usr/include/asm/pgalloc.h:85: `pgd' undeclared (first use in this function) /usr/include/asm/pgalloc.h: At top level: /usr/include/asm/pgalloc.h:90: parse error before '*' token /usr/include/asm/pgalloc.h: In function `free_pgd_slow': /usr/include/asm/pgalloc.h:99: `pgd' undeclared (first use in this function) /usr/include/asm/pgalloc.h: At top level: /usr/include/asm/pgalloc.h:103: parse error befo
Re: [squid-users] Using Simple Authentication for incoming reverse proxy connections
On Thu, 26 Feb 2004, Eric Kahklen wrote: > I've setup squid 3.0 to do reverse proxying for Exchange OWA/SSL. I'd > like to setup some simple authentication that requires a username and > password to be allowed in to proxy into toward the exchange server. Is > there an easy way to do this? I don't need to connect to any backend > database. The username and password can reside on the Linux box. For this to work you must configre OWA to use cookie based authentication if possible. Then simply configure authentication in Squid as would be done for a normal proxy. There is nothing odd about authentication in reverse proxies with Squid-3. Regards Henrik
[squid-users] NTLM authentication with Windows 2003 Server domain controller
Hi, Our squid proxy will join domains for NTLM authentication when the NT server is running anything except Windows 2003 server. Has anyone else seen this? Is there any known fix or workaround for this problem? We tried the fix described here. http://www.squid-cache.org/mail-archive/squid-users/200312/0893.html that allows us to view web pages through the proxy on the Windows 2003 server but we still can't get our box to join a domain controlled by the 2003 AD server. Thanks in advance, Graeme
[squid-users] Adding a disk ?
Hi all, My squid with 1 disk is running at 10.000 req/min (167req/s). The peak request of the system with 1 disk (seek time is about 6-12 ms) is 1000/6-12, around 83 - 167 req/s. Does it true ? Now, i want to add 1 more disk to increase the peak request. What I have to do are: - Plug the new disk, create the partition - Adding one more line cache_dir ... in squid.conf file - Run squid -z command Does it correct ? Is it affect to the current files in the old cache_dir ? What is the best filesystem type if i'm using Solaris 8 ? Thanks in advance, Regards, Tri Dam
[squid-users] Problems filtering
hello, I'm trying to simply block all website except those found in the squid guard blacklist. Instead, it seems to still be wide open. This is the entry i have for the squid conf file Squid conf: cache_mem 100 MB cache_effective_user squid cache_effective_group squid redirect_program /usr/sbin/squidGuard -c /etc/squidguard.conf This is what I have for the Squid Guard conf: Squidguard Conf: logdir /var/log/squidGuard dbhome /var/lib/squidGuard/db destination bl_audio-video { } destination bl_porn { } acl { default { pass !porn all redirect http://localhost/cgi/blocked?clientaddr=%a&clientname=%n&clientuser=%i&clientgroup=%s&url=%u } } I don't seem to be logging anything in /var/log/squidguard either. Has anyone else had this probem in the past? Thanks in advance for any help! Ryan
[squid-users] Compile WCCP module in Alpha
All, I have small Alpha Machine (DS-10) run RH 7.2 with kernel 2.4.9. Currently, it run as Transparent proxy, I plan to apply WCCP. Here is my script to compile WCCP in x86 (I know it won't work in Alpha); gcc -D__KERNEL__ -I/usr/src/linux/include -Wall -Wstrict-prototypes -Wno-tri graphs -O2 -fomit-frame-pointer -fno-strict-aliasing -fno-common -pipe -mpre ferred-stack-boundary=2 -march=i686 -DMODULE -DMODVERSIONS -include /usr/src/linux/include/linux/modversions.h -c -o ip_wccp.o ip_wccp.c Would you tell me what I should change the command to make it work in Alpha? Your answer is very appreciated. Thx & Rgds, Awie
Re: AW: AW: [squid-users] reverse-proxy for multiple domains -- Repost in text form
Henrik Nordstrom wrote: On Thu, 26 Feb 2004 [EMAIL PROTECTED] wrote: we got two webservers an differnet ports and of course different ip's. i wannted to put a reverse-proxyx in front of them to cache some requests but i think this is nor what i mentionted in the postings so far? As the servers is on different ports the setup with Squid-2.5 is a little tricky, but only a little. There is two possible approaches a) Use two http_port directives, one per port, and use the virtual port accelerator mode. Henrik, Would you elaborate on point (a)? I have a case here where I would like to do something similar. 1 Squid firewall machine. Internet: 24.115.66.100 Intranet: 192.168.20.10 2 Internal Web Servers. E-Mail server: 192.168.20.8:80 Calendar server: 192.168.20.9:81 I can if need be re-align the Calendar server to port 80, but... So far I have tried the virtual httpd_accel_host virtual httpd_accel_port 80 httpd_accel_single_host off httpd_accel_with_proxy on httpd_accel_uses_host_header on For now though, I resulted to allow access to one host and have used our old Netscape Proxy 3.6sp3 for the other server. My current Squid config is: httpd_accel_host email.komatsu.ca httpd_accel_port 80 httpd_accel_single_host on httpd_accel_with_proxy on httpd_accel_uses_host_header on I found the documents opaque on the transparent proxy issue where more than one internal host is concerned. If I can solve this issue I can dump the Netscape proxy. :^) Thanks Tim. -- -- Timothy E. Neto Computer Systems Engineer Komatsu Canada Limited Ph#: 905-625-6292 x265 1725B Sismet Road Fax: 905-625-6348 Mississauga, Ontario, Canada E-Mail: [EMAIL PROTECTED] L4W 1P9 -- b) Use a redirector helper to rewrite the port number accordingly. Or you could look into using Squid-3 where this type of configurations is a lot simpler. But be warned that Squid-3.0 is still under development and is not yet released in a STABLE version suitable for production use. But if you can make sure the servers run on standard ports your life will be a bit simpler, and also the risk for problems is much less. Regards Henrik
[squid-users] Transparent Squid-Cache Servers load-balanced with Cisco IOS SLB vs WCCP
Maybe this will be useful regarding this subject. http://www.geocities.com/tukapr/slbtranscache.html Regards Valton Hashani
[squid-users] Dyslexic
Hectic day. What I'm really trying to do is allow access to EVERY website EXCEPT those found in Squidguard. Sorry, Ryan
Re: [squid-users] squid and SSH
On Thu, 26 Feb 2004, Boniforti Flavio wrote: > Henrik Nordstrom wrote: > > > If your ISP only gives you HTTP access then that is what you have, as your > > ISP then does not allow you to use SSH or other Internet services. > > OK, therefore I would like to take advantage of HTTP to "encapsulate" > SSH into it... Can you help? There is two options a) IF your ISPs HTTP proxy has poor access controls then you may be able to abuse the CONNECT method of the proxy to CONNECT to port 22. b) If you have control over a server on the outside of the ISP you can use one of the XXX-over-HTTP tunneling methods to provide full bi-directional Internet access over the HTTP proxy. I will not help you further on any of the approaches as I strongly dislike this type of abuse of HTTP proxies and is more interesting in finding ways to make sure these types of activities is not possible via HTTP proxies. You better talk to your ISP to see if they have some better means of accessing SSH or other non-HTTP services such as POP3, IMAP, IRC etc. Regards Henrik
Re: [squid-users] How to check open proxy
> How to make sure that my squid is NOT Open Proxy? .. Squid is not a open proxy means, IF you are allowing only the specified network people to access the squid for the net usage. If you have an acl network src /mask-address http_access deny !network It is not a open proxy. Put the acl in the beginning of the squid.conf file to achieve the "Specific Proxy to the network" Regards, Muthukumar.
Re: [squid-users] squid_ldap_auth Windows 2003
On Thu, 26 Feb 2004, Craig Scott wrote: > As squid_ldap_auth eventually returns an OK and ldapsearch works with > the same query I do not believe this problem to be related to security > permissions. > > Any on the cause of this and how it can be resolved? Not sure. The symptoms displayed could make sense if you were using persistent LDAP connections, but from what I can tell you are not (this is specified by the -P option to squid_ldap_auth). Regards Henrik
[squid-users] memory ? result bypass server w/squid
I have not been using the proxy to point to squid and so far it has no activity but yet the use mem is at 355356 mb ram. is that normal ? below is the details. Bobby total used free sharedbuffers cached Mem:517220 355356 161864 27820 228176 13600 -/+ buffers/cache: 113580 403640 Swap: 514040 0 514040 9:24pm up 1 day, 8:33, 2 users, load average: 0.00, 0.00, 0.00 34 processes: 33 sleeping, 1 running, 0 zombie, 0 stopped CPU states: 0.3% user, 0.1% system, 0.0% nice, 26.3% idle Mem: 517220K av, 355456K used, 161764K free, 28112K shrd, 228176K buff Swap: 514040K av, 0K used, 514040K free 13600K cached PID USER PRI NI SIZE RSS SHARE STAT LIB %CPU %MEM TIME COMMAND 8532 root 16 0 832 832 652 R 0 0.9 0.1 0:00 top 1 root 0 0 480 480 404 S 0 0.0 0.0 0:04 init 2 root 0 0 00 0 SW 0 0.0 0.0 0:00 kflushd 3 root 0 0 00 0 SW 0 0.0 0.0 0:02 kupdate 4 root 0 0 00 0 SW 0 0.0 0.0 0:00 kpiod 5 root 0 0 00 0 SW 0 0.0 0.0 0:00 kswapd 6 root -20 -20 00 0 SW< 0 0.0 0.0 0:00 mdrecove 269 root 0 0 524 524 428 S 0 0.0 0.1 0:02 syslogd 278 root 0 0 760 760 388 S 0 0.0 0.1 0:00 klogd 292 root 0 0 620 620 512 S 0 0.0 0.1 0:00 crond 306 root 0 0 520 520 440 S 0 0.0 0.1 0:00 inetd 327 root 0 0 1172 1172 872 S 0 0.0 0.2 0:00 sendmail 342 root 0 0 3936 3936 3732 S 0 0.0 0.7 0:00 httpd 351 nobody 0 0 4008 4008 3800 S 0 0.0 0.7 0:00 httpd 352 nobody 0 0 4008 4008 3800 S 0 0.0 0.7 0:00 httpd 353 nobody 0 0 4008 4008 3800 S 0 0.0 0.7 0:00 httpd
Re: [squid-users] Upload bandwidth limits (was: Putting upper limit on Uploading.)
On Thu, 26 Feb 2004, Mihai BUHA wrote: > I would like to limit the bandwidth that users in my network use > to upload stuff. > > I want to state that conventional traffic shaping (CBQ, HTB & > co.) has absolutely no way to know about the intricate acl system > in my squid.conf. Either of tcp_outgoing_tos or tcp_outgoing_address can be used for provided access control hints to traffic shapers if required. > I believe that the proper way to do it would be a duplicate set > of delay pools with separate but similar configuration directives > which would only apply on the uploading part of the data > streams. Most of the code should be reused from the current > delay pools, I suppose... Of course something like delay pools can be implemented for uploaded traffic as well. It is just a matter of having it implemented. Now I have no intention to claim the following applies to you, but history has shown that many people seem to be offended if the answer to their question is that the feature they ask for is not yet implemented in Squid because nobody has needed it badly enough to see to have it implemented and that they are welcome to see to have it implemented. Because of this I usually don't answer with this answer if there is alternative approaches which could solve the problem. Open source is a community thing, and gets developed by the community. The more active the community is in the development of an opens source project, the more progress the project makes. Some years ago Squid had the fortune of being sponsored (indirectly) by a US government contract. This is no longer the case and the current development is mostly driven by a few individuals mostly on spare time basis. A more active participation in the development process by members of the Squid community is highly welcomed by the current developers. If there is interest in this please contact [EMAIL PROTECTED] and pay a visit to http://devel.squid-cache.org/. Regards Henrik
[squid-users] How to check open proxy
Dear All, How to make sure that my squid is NOT Open Proxy? .. pls advice .. thanks Winanjaya
RE: [squid-users] HTTP 502 Proxy Error
On Thu, 26 Feb 2004, DeSwardt, Gert (Lyn) wrote: > When I change the proxcy to the ISA server on the Squid server and try to > access the ISA server, I get authentication required error. Ok. Then you need to tell Squid to authenticate to this proxy. See the login= cache_peer option. Regards Henrik
RE: [squid-users] memory ? result bypass server w/squid
> I have not been using the proxy to point to squid and so far it has no > activity but yet the use mem is at 355356 mb ram. > is that normal ? below is the details. > >... Depending on the size of the configured cache dir(s); that is perfectly possible. Check the squid FAQ on mem. usage versus the size of the cache. M.
Re: AW: [squid-users] reverse-proxy for multiple domains
On Thu, 26 Feb 2004 [EMAIL PROTECTED] wrote: > Why httpd_accel_port 0? > > cause i read it somewhere i don't remember anymore. i thought the port must > be zero in connection with the virtual httpd_accel_host. Enabling httpd_accel_port virtual mode enables port-based virtual hosts. > do i have to change it to the port of the web-server? This is required. These directives control how Squid reconstructs the complete requested URL on accelerated requests httpd_accel_uses_host_header tells Squid to use the Host header of the request if available. httpd_accel_host tells what host name to use if httpd_accel_uses_host_header is not enabled or if the request does not have a Host header. httpd_accel_port tells what port to use in the reconstructed url. If 0 then the port number of the http_port will be used. So if you have http_accel_host virtual http_accel_port 0 http_accel_uses_host_header off (or request without Host header) http_port 1.2.3.4: then the URL as seen by Squid will become http://1.2.3.4:/path/to/file and this is the URL Squid will try to retreive, which most likely is not what you want unless you are using a redirector to fix up this URL into something which makes sense. The recommended accelerator setup for Squid-2.5 is # Host to assume if there is no Host header httpd_accel_host your.main.domain.name # Normal web port httpd_accel_port 80 # Domain based virtual host support httpd_accel_uses_host_header on # Required for RFC compliance httpd_accel_with_proxy on Then add the accelerated hostnames to /etc/hosts with the addresses of the real web servers, and configure Squid access controls to limit what may be accessed # Base ACLs acl all src 0.0.0.0/0 acl port80 port 80 acl http proto http # Give access only to our accelerated servers acl ourwebsites dstdomain accelerated.web.name other.accelerated.web.name http_access allow http port80 ourwebsites # Deny all other uses http_access deny all For Squid-3 the setup is a little different, but Squid-3.0 is not yet released so more on that later. Regards Henrik
Re: [squid-users] Can not compile ip_wccp.c
On Fri, 27 Feb 2004, Mahmood Ahmed wrote: > [EMAIL PROTECTED] linux]# gcc -D__KERNEL__ -I/usr/include/linux -Wall > -Wstrict-prototypes\ > > -O2 -fomit-frame-pointer -fno-strict-aliasing -pipe -fno-strength-reduce \ > > -mcpu=i386 -DCPU=386 -DMODULE -DMODVERSIONS -include \ > > /usr/include/linux/modversions.h -c ip_wccp.c both /usr/include/linux references above should point to your kernel sources, not the /usr/include directory. Usually /usr/src/linux-2.4.24/include/linux or similar. If you have not built your own custom kernel this first needs to be done. Few if any distributions include kernel headers that allow easy building of extra modules without first building a custom kernel to use with the modules. Regards Henrik
Re: [squid-users] WCCP Configuration
> /sbin/modprobe ip_wccp > echo 1 > /proc/sys/net/ipv4/ip_forward > /sbin/iptables -t nat -A PREROUTING -i eth0 -p tcp > --dport 80 -j REDIRECT --to-port 3128 > > First line is load ip_wccp after every reboot > Second will enable ip forwarding Does it be needed to enable ip forwarding if I only have 1 NIC? Thx & Rgds, Awie > Third line will enable iptables > > Thanks and Regards > > > > --- Adeel Asher <[EMAIL PROTECTED]> wrote: > > Dear Mahmood Ahmed > > > > Here is the Linux configuration: > > > > Patching Kernel with WCCP v1 Support > > > > The following steps are needed: > > > > 1.Download the ip_wccp.c from > > > http://www.squid-cache.org/WCCP-support/Linux/ip_wccp.c > > .Compile ip_wccp.c > > using the following command: > > > > gcc -D__KERNEL__ -I/usr/src/linux-2.4.18-3/include > > -Wall -Wstrict-prototypes > > \ > > -O2 -fomit-frame-pointer -fno-strict-aliasing -pipe > > -fno-strength-reduce \ > > -m386 -DCPU=386 -DMODULE -DMODVERSIONS -include \ > > /usr/src/linux-2.4.18-3/include/linux/modversions.h > > -c ip_wccp.c > > > > After this, the compiled ip_wccp.o will be created. > > > > 2.Copy ip_wccp.o to > > /lib/modules/2.4.18-3/kernel/net/ipv4/ip_wccp.o. > > > > [EMAIL PROTECTED] ip_wccp.o > > /lib/modules/2.4.18-3/kernel/net/ipv4/ip_wccp.o. > > > > Then edit /lib/modules/2.4.18-3/modules.dep > > Add the line: > > /lib/modules/2.4.18-3/kernel/net/ipv4/ip_wccp.o: > > > > 3. Test the module with: > > /sbin/modprobe ip_wccp > > /sbin/depmod -a -e > > This should report no errors. > > > > > > > > > > > > > > > > -Original Message- > > From: Mahmood Ahmed > > [mailto:[EMAIL PROTECTED] > > Sent: Thursday, February 26, 2004 2:42 AM > > To: [EMAIL PROTECTED] > > Cc: [EMAIL PROTECTED] > > Subject: RE: [squid-users] WCCP Configuration > > > > Hello Adeel > > > > can you please also explain the step by step (like > > you did below) wccp > > configuration for OS (Redhat 9.0) and Squid too. > > > > Regards > > > > Mahmood Ahmed > > Buraak Telecommunications Pvt. Ltd. > > > - > > > > This mail has been sent using Buraak Net's Mailing > > System > > (http://www.buraak.net.pk) > > > > -- Original Message --- > > From: "Adeel Asher" <[EMAIL PROTECTED]> > > To: "'squid'" <[EMAIL PROTECTED]> > > Sent: Wed, 25 Feb 2004 10:34:45 +0500 > > Subject: RE: [squid-users] WCCP Configuration > > > > > Here You Go > > > > > > Router # > > > Router (config)# ip wccp version 1 > > > Router (config)# ip wccp web-cache redirect-list > > 125 > > > Router (config)# ip wccp web-cache redirect out > > > Router (config)# ip wccp redirect exclude in > > > Router (config)# ip wccp web-cache redirect out > > > > > > Access-List 125 > > > > > > permit ip 192.168.92.0 0.0.0.255 any > > > permit ip 192.168.93.0 0.0.0.255 any > > > permit ip 192.168.94.0 0.0.0.255 any > > > permit ip 192.168.95.0 0.0.0.255 any > > > permit ip 192.168.96.0 0.0.0.255 any > > > permit ip 192.168.97.0 0.0.0.255 any > > > permit ip 192.168.98.0 0.0.0.255 any > > > > > > All permitted hosts in this access list will be > > redirected to squid for > > web > > > traffic. > > > > > > Router #Conf t > > > Router (config)# > > > Router (config)# interface fastethernet 0 > > > Router(config-if)# ip wccp web-cache redirect out > > > > > > Router # Conf t > > > Router(config)# > > > Router(config)# Interface serial 0 > > > Router(config-if)# ip wccp redirect exclude in > > > Router(config-if)# ip wccp web-cache redirect out > > > > > > I am assuming that your router serial is connected > > to WAN and FastEthernet > > > > > to LAN. If you have more than one serials you will > > have to enable it on > > all. > > > > > > Regards, > > > Adeel Asher > > > WorldCALL Multimedia > > > Lahore > > > PK > > > > > > -Original Message- > > > >From: Danish Khan [mailto:[EMAIL PROTECTED] > > > > > > >Sent: Wednesday, February 25, 2004 4:31 AM > > > >T0: 'squid' > > > >Subject: [squid-users] WCCP Configuration > > > > > > >Can any body please explain the router > > configuration for WCCP. > > > > > > >Danish Khan > > --- End of Original Message --- > > > > > > > ATTACHMENT part 2 application/pdf name=SQUID.pdf > > > > __ > Do you Yahoo!? > Get better spam protection with Yahoo! Mail. > http://antispam.yahoo.com/tools >
Re: [squid-users] TAG:deny_info - another question
Hello, > Unfortunately there is no % tag for the user name. Should not be hard to > add one I guess. See src/errorpage.c. I am using squid-3.0 so I looked in errorpage.cc and found the errorConvert(char token, ErrorState * err) function. I am not too good with c++ so please excuse my ignorance and basic questions. I see how the URL is setup in the case for 'U'. I see that HttpRequest *r = err->request; I see in HttpRequest.h that HttpRequest is a class with String extacl_user; /* User name returned by extacl lookup */ Now, can I setup another case in errorConvert for the username (maybe 'C' for client ID) and reference 'r->extacl_user' to get the username? Thanks, Murrah Boswell
Re: AW: AW: [squid-users] reverse-proxy for multiple domains
On Thu, 26 Feb 2004, Tim Neto wrote: > 1 Squid firewall machine. Internet: 24.115.66.100 Intranet: 192.168.20.10 > 2 Internal Web Servers. > E-Mail server: 192.168.20.8:80 > Calendar server: 192.168.20.9:81 What I am missing from this is how you want the two servers to look like to the users of the reverse proxy. What URLs should the users request to end up in the respective server? > I can if need be re-align the Calendar server to port 80, but... If you want users to externally request the Calendar server as if it ran on port 80 you should re-align it to actually run on port 80. The use of port 81 for public web servers is not recommended. Public web servers should run on port 80 for http:// or 443 for https://, nothing else. The use of different ports in the public URL than what the actual server runs on is also not recommended, as this often causes problems where the internal port leaks out to the browsers, often as part of plain normal operations. > > So far I have tried the virtual > > httpd_accel_host virtual this is not what you want to use, as explained earlier. You only want this directive if you want to provide IP based accelerator setups, and the use of this directive absolutely REQUIRES a redirector helper to fix up the URLs accordingly. In all other accelerator setups httpd_accel_host SHOULD be set to your main domain name to support prehistoric HTTP/1.0 clients not sending Host headers. > httpd_accel_port 80 ok, but you must then use a redirector to rewrite the port to 81 on requests for the calendar server. The other alternative is to use two http_port directives and virtual accelerator port http_port 80 http_port 81 httpd_accel_port 0 this will use whatever http_port the request was accepted on as port number in the requested URL. > httpd_accel_single_host off > httpd_accel_with_proxy on > httpd_accel_uses_host_header on ok. Regards Henrik
Re: AW: AW: [squid-users] reverse-proxy for multiple domains
On Thu, 26 Feb 2004 [EMAIL PROTECTED] wrote: > we got two webservers an differnet ports and of course different ip's. > i wannted to put a reverse-proxyx in front of them to cache some requests > but i think this is nor what i mentionted in the postings so far? As the servers is on different ports the setup with Squid-2.5 is a little tricky, but only a little. There is two possible approaches a) Use two http_port directives, one per port, and use the virtual port accelerator mode. b) Use a redirector helper to rewrite the port number accordingly. Or you could look into using Squid-3 where this type of configurations is a lot simpler. But be warned that Squid-3.0 is still under development and is not yet released in a STABLE version suitable for production use. But if you can make sure the servers run on standard ports your life will be a bit simpler, and also the risk for problems is much less. Regards Henrik
[squid-users] Corrupt Downloads.
Hi, We have been running Squid Version 2.4.STABLE7 for some time now without problems, though recently I've had a few reports of corrupt downloads. The file download okay and are the correct size (or appear to be) but are corrupt when they are unzipped or executed. I have tested the reported files myself by downloading them with and without the cache and true enough the files are being corrupted by the cache as they pass through it. The file sizes vary between 1-30MB Does anyone have any idea as to why this is happening? Is it time perhaps that I upgraded? Many thanks, Jezz Palmer. Jezz Palmer. Internet Systems Officer. Library and Information Services University of Wales, Swansea Singleton Park Swansea SA2 8PP
Re: [squid-users] Transparent Squid-Cache Servers load-balanced with Cisco IOS SLB vs WCCP
> Maybe this will be useful regarding this subject. > > http://www.geocities.com/tukapr/slbtranscache.html i have cisco 7200 series router IOS 12.2 which seems to support ip slb commands one thing i want to know client have give manually proxy in their browser did you find any performance improvement than using wccp Thanks and Regards > Regards > Valton Hashani > > __ Do you Yahoo!? Get better spam protection with Yahoo! Mail. http://antispam.yahoo.com/tools
RE: [squid-users] Corrupt Downloads.
> > Hi, > > We have been running Squid Version 2.4.STABLE7 for some time > now without > problems, though recently I've had a few reports of corrupt downloads. > The file download okay and are the correct size (or appear to > be) but are > corrupt when they are unzipped or executed. > I have tested the reported files myself by downloading them > with and without > the cache and true enough the files are being corrupted by > the cache as they > pass through it. > > The file sizes vary between 1-30MB > > Does anyone have any idea as to why this is happening? - Are you using any parents offering bad QoS (Quality of Service) ? > Is it time perhaps that I upgraded? - Certainly advizable : to use the latest stable release and verify this issue again. M.
[squid-users] Upload bandwidth limits (was: Putting upper limit on Uploading.)
Hello list, I would like to limit the bandwidth that users in my network use to upload stuff. I googled around and found the following message in the [squid-users] archive: --begin quote-- From: Henrik Nordstrom <[EMAIL PROTECTED]> Date: 25 Jul 2003 13:52:04 +0200 Subject: Re: [squid-users] Putting upper limit on Uploading. fre 2003-07-25 klockan 10.51 skrev ads squid: > Hi can I put limit on uploading data speed that is for > example 2Kbps using squid. So that I will get better > download speed. Not with Squid, but you should be able to use traffic shaping to do more or less the same thing I think. Regards Henrik -end quote- I want to state that conventional traffic shaping (CBQ, HTB & co.) has absolutely no way to know about the intricate acl system in my squid.conf. The only way you could shape uploading outside the squid is to put an agregate bandwidth cap on all the squid connections, and that is not an acceptable solution as it hurts everything, including simple browsing. Or, maybe use that controversial IMQ device to shape the data that comes from the users to squid, which is another problem, as IMQ is not part of the standard kernel, AFAIK. I believe that the proper way to do it would be a duplicate set of delay pools with separate but similar configuration directives which would only apply on the uploading part of the data streams. Most of the code should be reused from the current delay pools, I suppose... Comment please! Mihai Buha
RE: [squid-users] Corrupt Downloads.
> - Are you using any parents offering bad QoS (Quality of Service) ? No we have no parent's anymore, we've not had for a couple of years now. > > Is it time perhaps that I upgraded? > > - Certainly advizable : to use the latest stable release > and verify this issue again. I don't know why I asked that really, was a bit of a dumb question. :-) I'll get on the case now. Cheers, Jezz. > > > > We have been running Squid Version 2.4.STABLE7 for some time > > now without > > problems, though recently I've had a few reports of corrupt downloads. > > The file download okay and are the correct size (or appear to > > be) but are > > corrupt when they are unzipped or executed. > > I have tested the reported files myself by downloading them > > with and without > > the cache and true enough the files are being corrupted by > > the cache as they > > pass through it. > > > > The file sizes vary between 1-30MB > > > > Does anyone have any idea as to why this is happening? > > - Are you using any parents offering bad QoS (Quality of Service) ? > > M. > > >
Re: [squid-users] NTLM authentication with Windows 2003 Server domain controller
On Thu, 2004-02-26 at 11:49, Graeme Bisset wrote: > Hi, > > Our squid proxy will join domains for NTLM authentication when the NT > server is running anything except Windows 2003 server. Has anyone else > seen this? Is there any known fix or workaround for this problem? Looking in my crystal ball is see (more info please)... are you using mit kerberos 1.3.1? If not, move to it... w3k is picky about which kerberos libraries it'll talk with. which kerberos libraries are you running? version of samba? Cheers, Mark > > We tried the fix described here. > > http://www.squid-cache.org/mail-archive/squid-users/200312/0893.html > > that allows us to view web pages through the proxy on the Windows 2003 > server but we still can't get our box to join a domain controlled by the > 2003 AD server. > > Thanks in advance, > > Graeme -- "...the number of UNIX installations has grown to 10, with more expected..." - Dennis Ritchie and Ken Thompson, June 1972
[squid-users] squid-users-unsubscribe-s.khan=tatainfotech.com@squid-cache.org
[squid-users] squid_ldap_group acl
Hi, I've inherited 2.5Stable1 with following external_acl_type: external_acl_type ldapou %LOGIN /internet/proxy/squid-2.5.STABLE1/libexec/squid_ldap_group -b ou=Groups,ou=Trnava,ou=TRV,DC=eu,DC=sony,DC=com -D CN=sksatrv0ldap,OU=ServiceAccounts,OU=Users,OU=Trnava,OU=Trv,DC=eu,DC=sony,D C=com -w pri8tup -f "(&(cn=%a)(objectClass=group)(member=cn=%v, OU=Users,OU=Trnava,OU=TRV,DC=eu,DC=sony,DC=com))" 43.215.32.4 Can anybody help me with %a %v and %s arguments ? What does these mean ? The user should pass only if member of group called EU-SK-TRN-Internet. But it's not listed anywhere ! Thanks for your time ... :: Peter SILHAVY SONY Slovakia spol. s r.o. IS Department Tel. +421335904266 Trstinska cesta 8, 917 58 Trnava PO BOX 11 Slovak Republic : ** The information contained in this message or any of its attachments may be confidential and is intended for the exclusive use of the addressee(s). Any disclosure, reproduction, distribution or other dissemination or use of this communication is strictly prohibited without the express permission of the sender. The views expressed in this email are those of the individual and not necessarily those of Sony or Sony affiliated companies. Sony email is for business use only. This email and any response may be monitored by Sony United Kingdom Limited. (05) **
RE: [squid-users] Squid -k reconfigure from Web form
On Thu, 26 Feb 2004, Pasi Holmström wrote: > Ok.If want to run program as user squid, how can I do this? I found that it > is possible with directive in httpd.conf, but I didn't manage > to do it. I would recommend using the suexec apache extension (part of standard Apache, but may need to be enabled). See the Apache documentation for details. Regards Henrik
Re: [squid-users] WCCP Configuration
--- Awie <[EMAIL PROTECTED]> wrote: > > /sbin/modprobe ip_wccp > > echo 1 > /proc/sys/net/ipv4/ip_forward > > /sbin/iptables -t nat -A PREROUTING -i eth0 -p tcp > > --dport 80 -j REDIRECT --to-port 3128 > > > > First line is load ip_wccp after every reboot > > Second will enable ip forwarding > > Does it be needed to enable ip forwarding if I only > have 1 N this command is needed when you are using Virtual interface like for GRE tunnel i think here it is not needed > Thx & Rgds, > > Awie > > > Third line will enable iptables > > > > Thanks and Regards > > > > > > > > --- Adeel Asher <[EMAIL PROTECTED]> wrote: > > > Dear Mahmood Ahmed > > > > > > Here is the Linux configuration: > > > > > > Patching Kernel with WCCP v1 Support > > > > > > The following steps are needed: > > > > > > 1.Download the ip_wccp.c from > > > > > > http://www.squid-cache.org/WCCP-support/Linux/ip_wccp.c > > > .Compile ip_wccp.c > > > using the following command: > > > > > > gcc -D__KERNEL__ > -I/usr/src/linux-2.4.18-3/include > > > -Wall -Wstrict-prototypes > > > \ > > > -O2 -fomit-frame-pointer -fno-strict-aliasing > -pipe > > > -fno-strength-reduce \ > > > -m386 -DCPU=386 -DMODULE -DMODVERSIONS -include > \ > > > > /usr/src/linux-2.4.18-3/include/linux/modversions.h > > > -c ip_wccp.c > > > > > > After this, the compiled ip_wccp.o will be > created. > > > > > > 2.Copy ip_wccp.o to > > > /lib/modules/2.4.18-3/kernel/net/ipv4/ip_wccp.o. > > > > > > [EMAIL PROTECTED] ip_wccp.o > > > /lib/modules/2.4.18-3/kernel/net/ipv4/ip_wccp.o. > > > > > > Then edit /lib/modules/2.4.18-3/modules.dep > > > Add the line: > > > /lib/modules/2.4.18-3/kernel/net/ipv4/ip_wccp.o: > > > > > > 3. Test the module with: > > > /sbin/modprobe ip_wccp > > > /sbin/depmod -a -e > > > This should report no errors. > > > > > > > > > > > > > > > > > > > > > > > > -Original Message- > > > From: Mahmood Ahmed > > > [mailto:[EMAIL PROTECTED] > > > Sent: Thursday, February 26, 2004 2:42 AM > > > To: [EMAIL PROTECTED] > > > Cc: [EMAIL PROTECTED] > > > Subject: RE: [squid-users] WCCP Configuration > > > > > > Hello Adeel > > > > > > can you please also explain the step by step > (like > > > you did below) wccp > > > configuration for OS (Redhat 9.0) and Squid too. > > > > > > Regards > > > > > > Mahmood Ahmed > > > Buraak Telecommunications Pvt. Ltd. > > > > > > - > > > > > > This mail has been sent using Buraak Net's > Mailing > > > System > > > (http://www.buraak.net.pk) > > > > > > -- Original Message --- > > > From: "Adeel Asher" <[EMAIL PROTECTED]> > > > To: "'squid'" <[EMAIL PROTECTED]> > > > Sent: Wed, 25 Feb 2004 10:34:45 +0500 > > > Subject: RE: [squid-users] WCCP Configuration > > > > > > > Here You Go > > > > > > > > Router # > > > > Router (config)# ip wccp version 1 > > > > Router (config)# ip wccp web-cache > redirect-list > > > 125 > > > > Router (config)# ip wccp web-cache redirect > out > > > > Router (config)# ip wccp redirect exclude in > > > > Router (config)# ip wccp web-cache redirect > out > > > > > > > > Access-List 125 > > > > > > > > permit ip 192.168.92.0 0.0.0.255 any > > > > permit ip 192.168.93.0 0.0.0.255 any > > > > permit ip 192.168.94.0 0.0.0.255 any > > > > permit ip 192.168.95.0 0.0.0.255 any > > > > permit ip 192.168.96.0 0.0.0.255 any > > > > permit ip 192.168.97.0 0.0.0.255 any > > > > permit ip 192.168.98.0 0.0.0.255 any > > > > > > > > All permitted hosts in this access list will > be > > > redirected to squid for > > > web > > > > traffic. > > > > > > > > Router #Conf t > > > > Router (config)# > > > > Router (config)# interface fastethernet 0 > > > > Router(config-if)# ip wccp web-cache redirect > out > > > > > > > > Router # Conf t > > > > Router(config)# > > > > Router(config)# Interface serial 0 > > > > Router(config-if)# ip wccp redirect exclude in > > > > > Router(config-if)# ip wccp web-cache redirect > out > > > > > > > > I am assuming that your router serial is > connected > > > to WAN and FastEthernet > > > > > > > to LAN. If you have more than one serials you > will > > > have to enable it on > > > all. > > > > > > > > Regards, > > > > Adeel Asher > > > > WorldCALL Multimedia > > > > Lahore > > > > PK > > > > > > > > -Original Message- > > > > >From: Danish Khan > [mailto:[EMAIL PROTECTED] > > > > > > > > >Sent: Wednesday, February 25, 2004 4:31 AM > > > > >T0: 'squid' > > > > >Subject: [squid-users] WCCP Configuration > > > > > > > > >Can any body please explain the router > > > configuration for WCCP. > > > > > > > > >Danish Khan > > > --- End of Original Message --- > > > > > > > > > > > ATTACHMENT part 2 application/pdf name=SQUID.pdf > > > > > > > > __ > > Do you Yahoo!? > > Get better spam protection with Yahoo! Mail. > > http://antispam.yahoo.com/tools > >
[squid-users] Perl script for blocking rogue Squid-killing port 80 scanning worms
Perl script. Detects descriptor-sapping port 80 worms. Substitute in your own specific values for $city and "whereever.com". Everything else should be fairly straightforward. Run it every five minutes out of cron. I hope this helps some people. Worms were becoming a headache for me. Paul #!/usr/bin/perl $city = 'CityName'; main: { open( SQUID, "tail -9000 /var/log/squid/access.log |" ); $x = ; @w = split(/\s+/, $x ); @x = split(/\./, $w[0] ); $seconds = time - $x[0]; $minutes = $seconds / 60; $limit = int(30 * $minutes); while( ) { @w = split(/\s+/, $_ ); @x = split(/\//, $w[6] ); $xip = $w[2] .'-'. $x[2]; # client ip - requested host unless (defined $unique{$xip}) { $ip{$w[2]}++; $unique{$xip}++; } else { $un_ip{$w[2]}++; } } close( SQUID ); @ips = keys( %ip ); foreach $ip ( @ips ) { my $tot = $un_ip{$ip} + $ip{$ip}; my $ratio = $ip{$ip} / $tot * 100; # print "$ip $ip{$ip} $limit$ratio \n"; if ($ip{$ip} > $limit && $ratio > 90) { $ipt1 = '/sbin/iptables -t nat -I PREROUTING -s'; $ipt2 = '-p tcp -m tcp --dport 80 -j DROP'; system( "$ipt1 $ip $ipt2" ); send_email( '[EMAIL PROTECTED]' ); } } } sub send_email { my $email = shift; my $message = "To: $email From: [EMAIL PROTECTED] Subject: IP blocked in $city Server: $city The IP address $ip tried to scan $ip{$ip} hosts in $seconds seconds ($minutes min). The IP as been automagically blocked in the IP tables of the squid server. The customer should be contacted immediately of the infection. He or she will be unable to surf the web until we manually remove the IPTABLE entry. . "; use Net::Telnet(); $t = new Net::Telnet( Timeout => 600, Port => 25, Prompt => '/.*/'); $t->dump_log( "dump_log" ); $t->open("smtp.whereever.com"); $t->waitfor( '/220 .*\n/' ); $t->print( 'helo Squid_Killer' ); $t->waitfor( '/250 .*\n/' ); $t->print( 'mail from: <[EMAIL PROTECTED]>' ); $t->waitfor( '/250 .*\n/' ); $t->print( 'rcpt to: <'. $email .'>' ); $t->waitfor( '/250 .*\n/' ); $t->print( 'data' ); $t->waitfor( '/354 .*\n/' ); $t->print( $message ); $t->waitfor( '/250 .*\n/' ); $t->print( 'quit' ); $t->close; }
AW: AW: [squid-users] reverse-proxy for multiple domains
hi, i guess i mixed something up or my english is not as good as it shut be. i read this manual http://squid.visolve.com/white_papers/reverseproxy.htm#ee and thought: "this is what you need." we got two webservers an differnet ports and of course different ip's. i wannted to put a reverse-proxyx in front of them to cache some requests but i think this is nor what i mentionted in the postings so far? regards martin > -Ursprungliche Nachricht- > Von: Henrik Nordstrom [mailto:[EMAIL PROTECTED] > Gesendet: Donnerstag, 26. Februar 2004 13:57 > An: [EMAIL PROTECTED] > Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] > Betreff: Re: AW: [squid-users] reverse-proxy for multiple domains > > > On Thu, 26 Feb 2004 [EMAIL PROTECTED] wrote: > > > Why httpd_accel_port 0? > > > > cause i read it somewhere i don't remember anymore. i > thought the port must > > be zero in connection with the virtual httpd_accel_host. > > Enabling httpd_accel_port virtual mode enables port-based > virtual hosts. > > > do i have to change it to the port of the web-server? > > This is required. > > > These directives control how Squid reconstructs the complete > requested URL > on accelerated requests > > > httpd_accel_uses_host_header tells Squid to use the Host > header of the > request if available. > > httpd_accel_host tells what host name to use if > httpd_accel_uses_host_header is not enabled or if the request > does not > have a Host header. > > httpd_accel_port tells what port to use in the reconstructed > url. If 0 > then the port number of the http_port will be used. > > > So if you have > > http_accel_host virtual > http_accel_port 0 > http_accel_uses_host_header off (or request without Host header) > > > http_port 1.2.3.4: > > then the URL as seen by Squid will become > > http://1.2.3.4:/path/to/file > > and this is the URL Squid will try to retreive, which most > likely is not > what you want unless you are using a redirector to fix up > this URL into > something which makes sense. > > > The recommended accelerator setup for Squid-2.5 is > > # Host to assume if there is no Host header > httpd_accel_host your.main.domain.name > > # Normal web port > httpd_accel_port 80 > > # Domain based virtual host support > httpd_accel_uses_host_header on > > # Required for RFC compliance > httpd_accel_with_proxy on > > > > Then add the accelerated hostnames to /etc/hosts with the > addresses of the > real web servers, and configure Squid access controls to > limit what may be > accessed > > # Base ACLs > acl all src 0.0.0.0/0 > acl port80 port 80 > acl http proto http > > # Give access only to our accelerated servers > acl ourwebsites dstdomain accelerated.web.name > other.accelerated.web.name > http_access allow http port80 ourwebsites > > # Deny all other uses > http_access deny all > > > > For Squid-3 the setup is a little different, but Squid-3.0 is not yet > released so more on that later. > > > Regards > Henrik >
[squid-users] Using Simple Authentication for incoming reverse proxy connections
I've setup squid 3.0 to do reverse proxying for Exchange OWA/SSL. I'd like to setup some simple authentication that requires a username and password to be allowed in to proxy into toward the exchange server. Is there an easy way to do this? I don't need to connect to any backend database. The username and password can reside on the Linux box. Thanks, Eric
[squid-users] Effective cache peering
Hello again. I've been reading a little bit on cache peering in the FAQ, and I have a fairly good handle on how it works in general, now. I guess I have a couple of questions, though, that I'd appreciate answered by someone who's implemented it already. Cache server #1: I want to configure him to think "allow cache #2 to ask me if I have content he wants". Cache server #2: I want to configure him to think "I'm going to check my local cache, then ask Cache #1 if he has my content, then check the Internet's content". What's the absolute minimum configuration for this? I imagine it involves a cache_peer directive and an ACL of some kind. The communications uses ICP on port 3130/udp, correct? If Cache #1 does not have the content cache #2 is asking for, will it retrieve it? Are there any pitfalls I should know in general - i.e. what is the behavior by cache #2 if cache #1 is unreachable? Thanks for your input... Paul
Re: [squid-users] Compile WCCP module in Alpha
On Fri, 27 Feb 2004, Awie wrote: > Would you tell me what I should change the command to make it work in Alpha? > Your answer is very appreciated. Save the gcc line from when building modules when building the kernel. Then adjust this to refer to ip_wccp instead of whatever module it was compiling. Regards Henrik
Re: [squid-users] errorpage.cc and errorConvert question
On Thu, 26 Feb 2004, OTR Comm wrote: > Then I modified my query string in ERR_FORWARDING_DENIED to pickup the > value for 'C', i.e., > > URL=http://216.19.43.110/cgi-bin/squidsearch/FD_Handler.cgi?url=%U&ident=%C Should have worked. Make sure you run your modified version of Squid. Regards Henrik
Re: [squid-users] Adding a disk ?
On Fri, 27 Feb 2004, aiggno wrote: > Hi all, > > My squid with 1 disk is running at 10.000 req/min (167req/s). The peak > request of the system with 1 disk (seek time is about 6-12 ms) is 1000/6-12, > around 83 - 167 req/s. Does it true ? Sounds very high for a single drive. Usually the peak is seen somewhere around 30-50 req/s depending on the speed of the drive. Please note that there is a considerably higher stress on the drives when the cache is full than when running with a mostly empty cache. > Now, i want to add 1 more disk to increase the peak request. What I have to > do are: > - Plug the new disk, create the partition > - Adding one more line cache_dir ... in squid.conf file > - Run squid -z command Yes. > Is it affect to the current files in the old cache_dir ? Adding a new cache_dir does not affect the already cached files in other cache_dir. Regards Henrik
Re: [squid-users] Effective cache peering
On Fri, 27 Feb 2004, Paul Seaman wrote: > Cache server #1: I want to configure him to think "allow cache #2 to ask me > if I have content he wants". Then cache 1 needs to http_access allow cache 2, and optionally if you want cache 1 to strincly enforce that cache 2 is not allowed to try to configure caceh 1 as parent then also miss_access deny. But in normal peering configurations there is no reason to use miss_access unless the two proxies are under different administrative control and the administrators of cache 1 does not trust the administrators of cache 2 to behave. > Cache server #2: I want to configure him to think "I'm going to check my > local cache, then ask Cache #1 if he has my content, then check the > Internet's content". This is cache_peer sibling relation using ICP or cache-digests. Regards Henrik
Re: [squid-users] TAG:deny_info - another question - Solved
Hello, > Examples on how most of these can be accessed can be found in > ClientHttpRequest::logRequest() and clientPrepareLogWithRequestDetails() > (both found in client_side.cc) where the information is prepared for > logging in access.log. Thanks Henrik - This was the lead I needed! I found the code for access to the username in clientPrepareLogWithRequestDetails and added another case in errorConvert to pass the username: case 'C': if (r->auth_user_request) { if (authenticateUserRequestUsername(r->auth_user_request)) p = xstrdup(authenticateUserRequestUsername(r->auth_user_request)); authenticateAuthUserRequestUnlock(r->auth_user_request); r->auth_user_request = NULL; } else { p = "[unknown]"; } break; So now my query string: URL=http://216.19.43.110/cgi-bin/squidsearch/FD_Handler.cgi?url=%U&ident=%C passes the username in %C RESULTS FROM FD_Handler.cgi : 'QUERY_STRING : url=http://www.usatoday.com/&ident=otrcomm' Thanks for your help and patience, Murrah Boswell
Re: [squid-users] How to check open proxy
On Fri, 27 Feb 2004, Winanjaya wrote: > How to make sure that my squid is NOT Open Proxy? .. pls advice .. thanks There is some tools out on the Internet you can use for this purpose. A small list can be found here: http://spamlinks.port5.com/tools-proxy.htm#web Regards Henrik
Re: [squid-users] TAG:deny_info - another question - Solved
On Fri, 27 Feb 2004, OTR Comm wrote: > case 'C': > if (r->auth_user_request) { > if (authenticateUserRequestUsername(r->auth_user_request)) > p = > xstrdup(authenticateUserRequestUsername(r->auth_user_request)); > authenticateAuthUserRequestUnlock(r->auth_user_request); > r->auth_user_request = NULL; The last two lines should not be here (Unlock and = NULL). If you do this then the user information will be lost for access.log and also http_reply_access may fail if you plan on using authentication there.. Also you should not use xstrdup here. Regards Henrik
Re: [squid-users] Adding a disk ?
Hi Henrik, May I ask you some more about using disk in squid ? Now, with about 160 req/s and my cache_dir is 15 GB. With addition disk (36 GB), do I just add a maximum partition to the squid (the whole disk) ? With so much webpages that generated automatically nowadays (I mean the content of the webpages change rapidly), do I need to have a large cache_dir ? With my new 36 GB disk, what is the best capacity of the new cache_dir ? Many thanks for your help. Best regards, Aiggno - Original Message - From: "Henrik Nordstrom" <[EMAIL PROTECTED]> To: "aiggno" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Friday, February 27, 2004 2:00 PM Subject: Re: [squid-users] Adding a disk ? > On Fri, 27 Feb 2004, aiggno wrote: > > > Hi all, > > > > My squid with 1 disk is running at 10.000 req/min (167req/s). The peak > > request of the system with 1 disk (seek time is about 6-12 ms) is 1000/6-12, > > around 83 - 167 req/s. Does it true ? > > Sounds very high for a single drive. Usually the peak is seen somewhere > around 30-50 req/s depending on the speed of the drive. > > Please note that there is a considerably higher stress on the drives when > the cache is full than when running with a mostly empty cache. > > > Now, i want to add 1 more disk to increase the peak request. What I have to > > do are: > > - Plug the new disk, create the partition > > - Adding one more line cache_dir ... in squid.conf file > > - Run squid -z command > > Yes. > > > Is it affect to the current files in the old cache_dir ? > > Adding a new cache_dir does not affect the already cached files in other > cache_dir. > > Regards > Henrik > > >