Re: [squid-users] Squid accelerator + SSL update
On 17.05 23:19, [EMAIL PROTECTED] wrote: > Squid accelerator + SSL update : > > when client requests https page, Squid accel.(which has installed SSL > certificate) is able to see (by SSL update) http content of this one; I completely do not understand what do you mean. Did you read the FAQ? > 1) What's required reason allowing toSquid to see the HTTP content ? > After this stage what kind of request Accelerator does to remote server? > 2) https or http ?! I hope https. > 3) If I was accelerate (https) Network Associates site for instance, I > should have installed 2 SSL certificates ?! One in Squid accelerator and > the another in Microsoft Windows Update ?! > 4) What's the difference between "THE SQUID CERTIFICATE" and that one inside > MS server ?! > 5) Are Client and Squid accelerator certificates only necessary to > establish first communication towards Accel. regardless MS W.U. , then > Squid does a "true" https request to remote server ?! -- Matus UHLAR - fantomas, [EMAIL PROTECTED] ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. WinError #98652: Operation completed successfully.
[squid-users] squid, debian and delay pools
hi all two questions in one mail..hope no one minds... first off, i'm building a new squid server and want to run it on Debian. Its an Intel 2.2 Gh with 2Gb RAM and 3 x 32 Gb Seagate SCSI drives. my first problem is that when i am installing debian, the hard drives are not found by Debian so i cannot continue with Debian install. Any debian users out there that can assist? or should i just install redhat 9 (coz that OS seems to see hard drives) secondly, i want to (at some point in teh future) use delay pools. can i compile squid with delay pools feature now but not activate it just yet. if yes, will it affect my squid perfromance in any way? many thanks rgds, hement gopal
RE: [squid-users] Via header not inserted and HTTP/1.1 support
> > Hi guys: > > I'm new to Squid, and I'm not getting the Via: xxx header > added to the HTTP > responses from Squid. I do get the X-Cache header all right though. > > The Via header is required by HTTP/1.1, but I noticed that > Squid always > replies with an HTTP/1.0 response. > > The questions are: > 1) Does squid support HTTP/1.1? http://list.cineca.it/cgi-bin/wa?A2=ind0203&L=squid&F=&S=&P=82975 I think the last paragraph in that one, still stands today; but I am not an authoritive source on that issue. > 2) How can I get it to insert the Via: xxx header in its > HTTP/1.0 replies > anyway? > Check with, in my case it is there: http://www.showmyip.com/ M.
RE: [squid-users] Fatal Error
> > List, > > I received this email from my squid cache: > > From: squid > To: [EMAIL PROTECTED] > Subject: The Squid Cache (version 2.5.STABLE4-20040104) died. > > You've encountered a fatal error in the Squid Cache version > 2.5.STABLE4-20040104. > If a core file was created (possibly in the swap directory), > please execute 'gdb squid core' or 'dbx squid core', then > type 'where', > and report the trace back to [EMAIL PROTECTED] > > Thanks! > --- > and this was in the cache.log: > > 2004/05/18 10:04:41| sslReadServer: FD 115: read failure: > (104) Connection > reset by peer > 2004/05/18 10:05:04| sslReadServer: FD 210: read failure: > (104) Connection > reset by peer > 2004/05/18 10:05:04| sslReadServer: FD 216: read failure: > (104) Connection > reset by peer > 2004/05/18 10:07:04| sslReadServer: FD 189: read failure: > (104) Connection > reset by peer > 2004/05/18 10:07:34| sslReadServer: FD 90: read failure: > (104) Connection > reset by peer > 2004/05/18 10:12:12| sslReadServer: FD 82: read failure: > (104) Connection > reset by peer > 2004/05/18 10:17:32| sslReadServer: FD 112: read failure: > (104) Connection > reset by peer > FATAL: Received Segment Violation...dying. >... Please upgrade to 2.5.STABLE5. See whether your problem persists. M.
RE: [squid-users] Squid On Solaris
> > I would like to know if squid will be able to run on a > Ultra-Sparc with > Solaris 8 ? Yes. M.
Re: [squid-users] Re: Plz help... redirector problem
Hi, Thanks for the response. Our vendor has confirmed that the loop back interface is not firewalled and nor is there an implicit rule for it. I have a doubt here - if it were to be firewalled, wudn't it have caused a problem in the beginning itself. Why is this problem occurring after random intervals of time? Kindly clarify this doubt. I set the debug levels to 50,0 50,3 54,0 54,1 to tarce if ipcCreate was failing but no error messages happening there.Plz let me know if there cud be any other possible causes for the error message - WARNING: 'Cannot run' redirector client. Regards and TIA, Deepa --- Henrik Nordstrom <[EMAIL PROTECTED]> wrote: > On Thu, 13 May 2004, Deepa D wrote: > > > We have a firewall running but there is no policy > > that has been added for the loopback interface. > > Make sure that there is no implicit rule which block > traffic on the > loopback interface on your server. Communication > must be allowed on the > loopback interface for Squid to work properly. > > > Squid is being started as root and the the > > cache_effective_user is the default user 'nobody'. > > Ok, > > > Changing it to 'root' threw a fatal error. > > For good reasons. > > > Kindly elaborate on what the problem could be. > > Try manually starting the helper as your > cache_effective_user. "man su" if > you do not know how. > > Regards > Henrik > Yahoo! India Matrimony: Find your partner online. http://yahoo.shaadi.com/india-matrimony/
Re: [squid-users] Delay of initial response from server
Hendrik, My squid.conf has the entire dns_nameservers section commented out as in your example. I may look into providing a local DNS. Adam, My /etc/resolv.conf looks ok. The servers are in the same order that I use directly. I'll try switching the order around anyway to see if that helps. Angela, I haven't seen any error messages from squid, just really long initial delays. Thanks for all the suggestions, Jim -- "You have a good knowledge of Unix and a girlfriend. Not many people can say that." - Neal Stephenson's 'Cryptonomicon' Hendrik Voigtländer said: > Sorry, not familiar with MacOS X, but I assume it has more in common > with Unix as just the "X" ... > > If your resolver is configured correctly, nslookup/lynx works fine. If > your squid is asking another nameserver, this _could_ explain the > phenomenon. Check squid.conf: > > # TAG: dns_nameservers > # Use this if you want to specify a list of DNS name servers > # (IP addresses) to use instead of those given in your > # /etc/resolv.conf file. > # > # Example: dns_nameservers 10.0.0.1 192.172.0.4 > # > #Default: > # none > > I would use an local DNS with the providers DNS as forwarder. > > Regards, Hendrik > > > Jim McCarty wrote: > >> Hmm, I tried using the IP instead and I *do* get almost immediate >> responses Strange thing is, I use the same DNS numbers for my >> Powerbook and I don't see this delay in initial response when I'm at >> home >> and not going through squid. >> >> Also, I can use lynx from the server (on which squid is running) and >> there >> is no delay in accessing any web sites using their fqdn. >> >> Is there some DNS setting I made in my initial setup while on cable that >> I >> need to change now that I'm using a different service? >> >> Thanks again, Jim >> >
[squid-users] dedicatd Squid Accelerate to cache MS WIndows Update download
dear Squid.users is there method to cache MS Windows Update dwonloads using "dedicated" Squid acting as Accelerator ? Using Squid as accelerator: I used my client to going www.microsoft.com and that's all right, instead when I click on WindowsUpdate link (http://v4.windowsupdate.microsoft.com) after about 40 seconds browser gets an error. Where can it be error ? 1- When MS Windows Update starts on client, browser runs several javascript functions; perhaps could it (javascript ?!) be the cause of this problem with Squid Accelerator ? 2- Squid Acc. should have to do a simple page request to MS site and ,when Squid receives the anwser from MS , it should have to send it to client. OK ?! I saw http traffic with tcpdump and I noted communication, among client and squid acc., teminates without particolar signs (no reset package, ). __ Tiscali ADSL libera la velocita'! Attiva Senza Canone entro il 17 maggio: navighi a 1,5 euro l'ora per i primi 3 mesi,se scegli il modem e' tuo in comodato gratuito e in piu' hai gratis SuperMail per 12 mesi. Non aspettare, attivala subito! http://abbonati.tiscali.it/adsl/prodotti/640Kbps/
[squid-users] Squid accelerator + SSL update
Squid accelerator + SSL update : when client requests https page, Squid accel.(which has installed SSL certificate) is able to see (by SSL update) http content of this one; 1) What's required reason allowing toSquid to see the HTTP content ? After this stage what kind of request Accelerator does to remote server ? 2) https or http ?! I hope https. 3) If I was accelerate (https) Network Associates site for instance, I should have installed 2 SSL certificates ?! One in Squid accelerator and the another in Microsoft Windows Update ?! 4) What's the difference between "THE SQUID CERTIFICATE" and that one inside MS server ?! 5) Are Client and Squid accelerator certificates only necessary to establish first communication towards Accel. regardless MS W.U. , then Squid does a "true" https request to remote server ?! __ Tiscali ADSL libera la velocita'! Attiva Senza Canone entro il 17 maggio: navighi a 1,5 euro l'ora per i primi 3 mesi,se scegli il modem e' tuo in comodato gratuito e in piu' hai gratis SuperMail per 12 mesi. Non aspettare, attivala subito! http://abbonati.tiscali.it/adsl/prodotti/640Kbps/
[squid-users] auth digest
Hi All I got 2004/05/18 16:32:41| Parsing Config File: Unknown authentication scheme 'digest' when running squid-2.5.STABLE5-20040518 'configured' with ./configure '--enable-removal-policies=lru heap' --enable-gnuregex \ --enable-auth="digest basic" --enable-digest-auth-helpers="password" \ --enable-basic-auth-helpers="NCSA" What am I doing wrong? What did I forget? Ethy H. Brito /"\ InterNexo Ltda. \ / CAMPANHA DA FITA ASCII - CONTRA MAIL HTML (012) 3941-6860X ASCII RIBBON CAMPAIGN - AGAINST HTML MAIL Sao Jose dos Campos / \
[squid-users] Squid On Solaris
I would like to know if squid will be able to run on a Ultra-Sparc with Solaris 8 ? - This mail sent through : http://webmail.coqui.net
Re: [squid-users] Re: Re: Squid performance issue [again]
Good point. Never thought about it... Performance is not the issue after all. I dont mind losing the data in the cache, but if one disk fails the downtime will be much higher with a failing stripe. No need to panic, but I will split them asap. Thanks! Hendrik. Adam Aube wrote: Hendrik Voigtländer wrote: I agree at once with RAID 5. Striping should speed up disk performance the same way squid uses multiple disks, don't you think? Yes, but if all you are doing is striping, then you might be better off splitting the disks - a disk failure will only wipe out part of your cache instead of all of it. Adam
Re: [squid-users] Delay of initial response from server
Sorry, not familiar with MacOS X, but I assume it has more in common with Unix as just the "X" ... If your resolver is configured correctly, nslookup/lynx works fine. If your squid is asking another nameserver, this _could_ explain the phenomenon. Check squid.conf: # TAG: dns_nameservers # Use this if you want to specify a list of DNS name servers # (IP addresses) to use instead of those given in your # /etc/resolv.conf file. # # Example: dns_nameservers 10.0.0.1 192.172.0.4 # #Default: # none I would use an local DNS with the providers DNS as forwarder. Regards, Hendrik Jim McCarty wrote: Hmm, I tried using the IP instead and I *do* get almost immediate responses Strange thing is, I use the same DNS numbers for my Powerbook and I don't see this delay in initial response when I'm at home and not going through squid. Also, I can use lynx from the server (on which squid is running) and there is no delay in accessing any web sites using their fqdn. Is there some DNS setting I made in my initial setup while on cable that I need to change now that I'm using a different service? Thanks again, Jim
Re: [squid-users] Bypassing local address
Our setup works fine in this situation: Squid asks the internal DNS. The internal DNS forwards all unknown unknown request the external DNS, but resolvs all local stuff. If you want to take load from your internal DNS, you can put a caching DNS on the squid box. Anyone who uses the automatic proxy config is bypassing the squid for local sites. Additionally all internal sites are not cached (matched with ip-acl = all non-public adresses 192.168.0.0/16 and so on) for those who insist of using the proxy for all traffic. Be careful not to leak internal DNS-Information into the world with this setup. Regards, Hendrik Voigtländer [EMAIL PROTECTED] wrote: Greetings all .. I have a typical problem. I have configured squid for internet access. All Intranet(inside our organizations) sites are bypassed at the browser itself for most of the Users. But some users who work on a physically separate network but access our squid cannot have these addresses bypassed. Thus when they try to access Intranet sites ,they hit the Squid which tries to Query the Internet DNS configured and thus results no IP address and the request dies. Is there anyway in which i can tell the Squid to refer to our Intranet DNS for this particular Intranet URL/URL's ? I guess entry in the hosts file does not help !! Regards , Ashish Uchil DISCLAIMER: The information contained in this message is intended only and solely for the addressed individual or entity indicated in this message and for the exclusive use of the said addressed individual or entity indicated in this message (or responsible for delivery of the message to such person) and may contain legally privileged and confidential information belonging to Tata Consultancy Services. It must not be printed, read, copied, disclosed, forwarded, distributed or used (in whatsoever manner) by any person other than the addressee. Unauthorized use, disclosure or copying is strictly prohibited and may constitute unlawful act and can possibly attract legal action, civil and/or criminal. The contents of this message need not necessarily reflect or endorse the views of Tata Consultancy Services on any subject matter. Any action taken or omitted to be taken based on this message is entirely at your risk and neither the originator of this message nor Tata Consultancy Services takes any responsibility or liability towards the same. Opinions, conclusions and any other information contained in this message that do not relate to the official business of Tata Consultancy Services shall be understood as neither given nor endorsed by Tata Consultancy Services or any affiliate of Tata Consultancy Services. If you have received this message in error, you should destroy this message and may please notify the sender by e-mail. Thank you.
[squid-users] Re: Delay of initial response from server
Jim McCarty wrote: > Hmm, I tried using the IP instead and I *do* get almost immediate > responses Strange thing is, I use the same DNS numbers for my > Powerbook and I don't see this delay in initial response when I'm at home > and not going through squid. > > Also, I can use lynx from the server (on which squid is running) and there > is no delay in accessing any web sites using their fqdn. > > Is there some DNS setting I made in my initial setup while on cable that I > need to change now that I'm using a different service? Squid will normally use the DNS servers in /etc/resolv.conf, but since lynx from the server works fine, that's probably not the problem. You could try reversing the order in /etc/resolv.conf - maybe the first entry is bad, and lynx moves on sooner than Squid. You could also check the dns_nameservers parameter in squid.conf, though that usually isn't set. Adam
[squid-users] Re: Re: Squid performance issue [again]
Hendrik Voigtländer wrote: > I agree at once with RAID 5. > Striping should speed up disk performance the same way squid uses > multiple disks, don't you think? Yes, but if all you are doing is striping, then you might be better off splitting the disks - a disk failure will only wipe out part of your cache instead of all of it. Adam
Re: [squid-users] Delay of initial response from server
Hmm, I tried using the IP instead and I *do* get almost immediate responses Strange thing is, I use the same DNS numbers for my Powerbook and I don't see this delay in initial response when I'm at home and not going through squid. Also, I can use lynx from the server (on which squid is running) and there is no delay in accessing any web sites using their fqdn. Is there some DNS setting I made in my initial setup while on cable that I need to change now that I'm using a different service? Thanks again, Jim -- "You have a good knowledge of Unix and a girlfriend. Not many people can say that." - Neal Stephenson's 'Cryptonomicon' Hendrik Voigtländer said: > Sounds like a DNS-problem to me. Are you probably asking a dead DNS? > If you do, the second DNS will be asked after a timeout. After that, > squid cache the IP. > Try to access some sites using the IP instead of the FQDN. Do you have a > local DNS on your machine? > > Regards, Hendrik > > > Jim McCarty wrote: > >> Hello All, >> >> I'm fairly new to squid (running v2.5 stable on Mac OS 10.2.8) but >> managed to get it running successfully with my old cable connection >> (dynamic IP, server sitting behind Linksys router w/NAT). I would tunnel >> in via ssh and use squid as my proxy from work. >> >> I recently switched to DSL (still dynamic IP, but now sitting behind an >> Actiontec router w/NAT). I still tunnel in via ssh and for the first day >> or two, everything worked great. Then I had connection problem getting >> out of my LAN which meant that my squid cache wasn't working either. I >> tried many things via the command line (over another ssh connection) >> including flushing the cache and restarting the squid process. Turned >> out that the issue was a DNS configuration problem that I resolved once >> I got home. >> >> However, now all of my initial connections (first time access to a site >> or after an extended absence) through squid can take upwards to a minute >> or more before anything is retrieved. I've sat watching the access.log >> and after making the request for a new site in my browser, nothing shows >> up in the access log for quite a while, then a flurry of activity while >> the page loads. Subsequent page requests from the same domain are served >> immediately. >> >> What could cause this kind of problem and how can I fix it? I've >> searched the FAQ and the mail archives but did not see an answer. There >> was a similar query on the list back in 2002 but no answer that I could >> see. >> >> Thanks! >> >> Jim >> >
RE: [squid-users] Delay of initial response from server
FYI, I have the same problem. But it seems to be random. Like I click on a link, and nothing happens for a good 15 seconds, at which point I click again, and it suddenly works. And the log shows nothing unusual. And sometimes I get the following error message when clicking on a link: --- ERROR The requested URL could not be retrieved While trying to retrieve the URL: http://www.jobbank.gc.ca/ShowJob_en.asp? The following error was encountered: - Connection Failed The system returned: (101) Network is unreachable The remote host or network may be down. Please try the request again. --- There is a generated by message from my squid proxy. This error seems to be random and, if you click the back button in the browser then retry the link, it loads perfectly (and quickly). Do you get this error message too Jim? -Original Message- From: Jim McCarty [mailto:[EMAIL PROTECTED] Sent: Tuesday, May 18, 2004 1:41 PM To: [EMAIL PROTECTED] Subject: [squid-users] Delay of initial response from server Hello All, I'm fairly new to squid (running v2.5 stable on Mac OS 10.2.8) but managed to get it running successfully with my old cable connection (dynamic IP, server sitting behind Linksys router w/NAT). I would tunnel in via ssh and use squid as my proxy from work. I recently switched to DSL (still dynamic IP, but now sitting behind an Actiontec router w/NAT). I still tunnel in via ssh and for the first day or two, everything worked great. Then I had connection problem getting out of my LAN which meant that my squid cache wasn't working either. I tried many things via the command line (over another ssh connection) including flushing the cache and restarting the squid process. Turned out that the issue was a DNS configuration problem that I resolved once I got home. However, now all of my initial connections (first time access to a site or after an extended absence) through squid can take upwards to a minute or more before anything is retrieved. I've sat watching the access.log and after making the request for a new site in my browser, nothing shows up in the access log for quite a while, then a flurry of activity while the page loads. Subsequent page requests from the same domain are served immediately. What could cause this kind of problem and how can I fix it? I've searched the FAQ and the mail archives but did not see an answer. There was a similar query on the list back in 2002 but no answer that I could see. Thanks! Jim -- "Another possible source of guidance for teenagers is television, but television's message has always been that the need for truth, wisdom and world peace pales by comparison with the need for a toothpaste that offers whiter teeth *and* fresher breath." - Dave Barry
[squid-users] Architecture Question
Hi, Currently we have the following Router -> Hardware Load Balancer -> many real servers. We're looking into using squid for reverse proxy to alleviate some of the load on our real servers. Is there a recommended/best practice for where we should put proxy servers. I'm pretty new to this whole proxy server thing so any help will be greatly appreciated. Thanks, Steve
[squid-users] Re: Gentoo Linux on heavy load machine
unixware wrote: > i am using squid on Redhat in transparent mode > will switching to gentoo linux will improve > performance boz its compiles from source Perhaps. Adding memory and/or getting more/faster disks to hold your cache will likely improve your performance more. Adam
[squid-users] Re: Active Directory Group
Aaron Arnold wrote: > I'm looking for away to setup squid caching to allow me to to > allow group Internet access to the internet and group nointernet well no > access to the inter using a Windows Active Directory group. Is this > possible and will dansguardian get in the way of this?. Yes, this is possible. Use Samba 3.0.x and the wbinfo_group external acl helper. There is documentation on how to set this up in the FAQ and in the list archives. I don't think Dansguardian will get in the way - I think redirectors are checked after the http_access lines (which is where the group membership will be checked). Adam
Re: [squid-users] Re: Squid performance issue [again]
I agree at once with RAID 5. Striping should speed up disk performance the same way squid uses multiple disks, don't you think? Therefore it shouldn't make much of a difference, if I break up our striped cache volume and use those disks independent from each other especially when both are connected to the same controller. Adam Aube wrote: Hwee Khoon, Neo wrote: Just read in http://www.oreilly.com/catalog/squid/chapter/ch08.pdf that you should never use RAID for squid cache directories because it always degrades filesystem performance for squid. RAID 5 will kill Squid performance, but other types shouldn't have much of an impact beyond the normal effects of that RAID setup on I/O performance. Adam
Re: [squid-users] Delay of initial response from server
Sounds like a DNS-problem to me. Are you probably asking a dead DNS? If you do, the second DNS will be asked after a timeout. After that, squid cache the IP. Try to access some sites using the IP instead of the FQDN. Do you have a local DNS on your machine? Regards, Hendrik Jim McCarty wrote: Hello All, I'm fairly new to squid (running v2.5 stable on Mac OS 10.2.8) but managed to get it running successfully with my old cable connection (dynamic IP, server sitting behind Linksys router w/NAT). I would tunnel in via ssh and use squid as my proxy from work. I recently switched to DSL (still dynamic IP, but now sitting behind an Actiontec router w/NAT). I still tunnel in via ssh and for the first day or two, everything worked great. Then I had connection problem getting out of my LAN which meant that my squid cache wasn't working either. I tried many things via the command line (over another ssh connection) including flushing the cache and restarting the squid process. Turned out that the issue was a DNS configuration problem that I resolved once I got home. However, now all of my initial connections (first time access to a site or after an extended absence) through squid can take upwards to a minute or more before anything is retrieved. I've sat watching the access.log and after making the request for a new site in my browser, nothing shows up in the access log for quite a while, then a flurry of activity while the page loads. Subsequent page requests from the same domain are served immediately. What could cause this kind of problem and how can I fix it? I've searched the FAQ and the mail archives but did not see an answer. There was a similar query on the list back in 2002 but no answer that I could see. Thanks! Jim
[squid-users] RE: ntlm_auth and NT groups
Phil Smith wrote:
> Ok added this line for the external_acl_type
>
> external_acl_type NT_global_group %LOGIN /usr/lib/squid/wbinfo_group.pl
>
> and I get this in the cache.log file
> sh: -c: line 1: syntax error near unexpected token `('
> sh: -c: line 1: `wbinfo -Y S-1-5-21-54814608-1071128794-317593308-1927
> Domain Group (2)'
Looks like the shell execution of wbinfo is choking on a domain group with
parenthesis in it. Try renaming "Domain Group (2)" to something without
parenthesis and see if wbinfo_group.pl starts working.
Adam
Re: [squid-users] Problem accessing a site
I can't reach it either. If the server is down, squid can do nothing about it. See "Adam Aube: Re: Time out error" Regards, Hendrik [EMAIL PROTECTED] wrote: When i am directed to this site from the main page ,it gives the following error after a long time . While trying to retrieve the URL: http://apps.ultimatix.org:8000/pls/ETCS/oraclemypage.home The following error was encountered: Connection Failed The system returned: (110) Connection timed out The remote host or network may be down. Please try the request again. Access.log shows 1084891400.152 221196 157.227.247.27 TCP_MISS/000 0 POST http://apps.ultimatix.org:8000/pls/ETCS/oraclemypage.home - NONE/- - Please let me know if i have to configure some extra acl's or http access statements for this type of connections I would appreciate any kind of help in this regards. Thanks Ashish Uchil DISCLAIMER: The information contained in this message is intended only and solely for the addressed individual or entity indicated in this message and for the exclusive use of the said addressed individual or entity indicated in this message (or responsible for delivery of the message to such person) and may contain legally privileged and confidential information belonging to Tata Consultancy Services. It must not be printed, read, copied, disclosed, forwarded, distributed or used (in whatsoever manner) by any person other than the addressee. Unauthorized use, disclosure or copying is strictly prohibited and may constitute unlawful act and can possibly attract legal action, civil and/or criminal. The contents of this message need not necessarily reflect or endorse the views of Tata Consultancy Services on any subject matter. Any action taken or omitted to be taken based on this message is entirely at your risk and neither the originator of this message nor Tata Consultancy Services takes any responsibility or liability towards the same. Opinions, conclusions and any other information contained in this message that do not relate to the official business of Tata Consultancy Services shall be understood as neither given nor endorsed by Tata Consultancy Services or any affiliate of Tata Consultancy Services. If you have received this message in error, you should destroy this message and may please notify the sender by e-mail. Thank you.
[squid-users] Re: Delay of initial response from server
Jim McCarty wrote: > However, now all of my initial connections (first time access to a site > or after an extended absence) through squid can take upwards to a > minute or more before anything is retrieved. I've sat watching the > access.log and after making the request for a new site in my browser, > nothing shows up in the access log for quite a while, then a flurry of > activity while the page loads. Subsequent page requests from the same > domain are served immediately. DNS lookup problems, perhaps? Adam
[squid-users] Active Directory Group
I'm looking for away to setup squid caching to allow me to to allow group Internet access to the internet and group nointernet well no access to the inter using a Windows Active Directory group. Is this possible and will dansguardian get in the way of this?.
[squid-users] Delay of initial response from server
Hello All, I'm fairly new to squid (running v2.5 stable on Mac OS 10.2.8) but managed to get it running successfully with my old cable connection (dynamic IP, server sitting behind Linksys router w/NAT). I would tunnel in via ssh and use squid as my proxy from work. I recently switched to DSL (still dynamic IP, but now sitting behind an Actiontec router w/NAT). I still tunnel in via ssh and for the first day or two, everything worked great. Then I had connection problem getting out of my LAN which meant that my squid cache wasn't working either. I tried many things via the command line (over another ssh connection) including flushing the cache and restarting the squid process. Turned out that the issue was a DNS configuration problem that I resolved once I got home. However, now all of my initial connections (first time access to a site or after an extended absence) through squid can take upwards to a minute or more before anything is retrieved. I've sat watching the access.log and after making the request for a new site in my browser, nothing shows up in the access log for quite a while, then a flurry of activity while the page loads. Subsequent page requests from the same domain are served immediately. What could cause this kind of problem and how can I fix it? I've searched the FAQ and the mail archives but did not see an answer. There was a similar query on the list back in 2002 but no answer that I could see. Thanks! Jim -- "Another possible source of guidance for teenagers is television, but television's message has always been that the need for truth, wisdom and world peace pales by comparison with the need for a toothpaste that offers whiter teeth *and* fresher breath." - Dave Barry
[squid-users] Fatal Error
List, I received this email from my squid cache: From: squid To: [EMAIL PROTECTED] Subject: The Squid Cache (version 2.5.STABLE4-20040104) died. You've encountered a fatal error in the Squid Cache version 2.5.STABLE4-20040104. If a core file was created (possibly in the swap directory), please execute 'gdb squid core' or 'dbx squid core', then type 'where', and report the trace back to [EMAIL PROTECTED] Thanks! --- and this was in the cache.log: 2004/05/18 10:04:41| sslReadServer: FD 115: read failure: (104) Connection reset by peer 2004/05/18 10:05:04| sslReadServer: FD 210: read failure: (104) Connection reset by peer 2004/05/18 10:05:04| sslReadServer: FD 216: read failure: (104) Connection reset by peer 2004/05/18 10:07:04| sslReadServer: FD 189: read failure: (104) Connection reset by peer 2004/05/18 10:07:34| sslReadServer: FD 90: read failure: (104) Connection reset by peer 2004/05/18 10:12:12| sslReadServer: FD 82: read failure: (104) Connection reset by peer 2004/05/18 10:17:32| sslReadServer: FD 112: read failure: (104) Connection reset by peer FATAL: Received Segment Violation...dying. 2004/05/18 10:36:58| storeDirWriteCleanLogs: Starting... 2004/05/18 10:36:58| WARNING: Closing open FD8 - I could not find a core file on the system. Any suggestions or comments? proxy01bldr:/usr/local/squid/var/logs # ../../sbin/squid -v Squid Cache: Version 2.5.STABLE4-20040104 configure options: --enable-storeio=ufs,aufs,diskd --enable-snmp proxy01bldr:/usr/local/squid/var/logs # cat /etc/SuSE-release SuSE Linux 8.0 (i386) VERSION = 8.0 Thanks much, Grant
[squid-users] Re: Time out error
User PUNDALEEK P Belamge wrote: >For some sites, after making a request, I am getting the following > error. Plz help me regarding this. > ERROR > The requested URL could not be retrieved > While trying to retrieve the URL: http://www.google.co.uk/search? > The following error was encountered: > Connection Failed > The system returned: >(60) Operation timed out > The remote host or network may be down. Please try the request again. > Your cache administrator is webmaster. This could be caused by a down/congested link between the Squid box and the remote server or problems at the remote site. It could be a firewall dropping the packets to those servers. It's probably not a Squid problem. Adam
[squid-users] Problem accessing a site
When i am directed to this site from the main page ,it gives the following error after a long time . While trying to retrieve the URL: http://apps.ultimatix.org:8000/pls/ETCS/oraclemypage.home The following error was encountered: Connection Failed The system returned: (110) Connection timed out The remote host or network may be down. Please try the request again. Access.log shows 1084891400.152 221196 157.227.247.27 TCP_MISS/000 0 POST http://apps.ultimatix.org:8000/pls/ETCS/oraclemypage.home - NONE/- - Please let me know if i have to configure some extra acl's or http access statements for this type of connections I would appreciate any kind of help in this regards. Thanks Ashish Uchil DISCLAIMER: The information contained in this message is intended only and solely for the addressed individual or entity indicated in this message and for the exclusive use of the said addressed individual or entity indicated in this message (or responsible for delivery of the message to such person) and may contain legally privileged and confidential information belonging to Tata Consultancy Services. It must not be printed, read, copied, disclosed, forwarded, distributed or used (in whatsoever manner) by any person other than the addressee. Unauthorized use, disclosure or copying is strictly prohibited and may constitute unlawful act and can possibly attract legal action, civil and/or criminal. The contents of this message need not necessarily reflect or endorse the views of Tata Consultancy Services on any subject matter. Any action taken or omitted to be taken based on this message is entirely at your risk and neither the originator of this message nor Tata Consultancy Services takes any responsibility or liability towards the same. Opinions, conclusions and any other information contained in this message that do not relate to the official business of Tata Consultancy Services shall be understood as neither given nor endorsed by Tata Consultancy Services or any affiliate of Tata Consultancy Services. If you have received this message in error, you should destroy this message and may please notify the sender by e-mail. Thank you.
[squid-users] Re: URL forwarding, how ??
Abbiss, Mark wrote: > What I am trying to do first is filter requests on my proxy that are for a > number of different URL's and pass the requests for those URL's on to the > server which hosts that site. > > Each URL is hosted by a differnet server, so for example > > develop.travel.com -> 10.50.1.1 > stageing.travel.com -> 10.50.1.2 > live.travel.com -> 10.50.1.3 > etc etc This is done automatically by the DNS system. Add those hosts to your DNS servers, and it will be done for you. Adam
[squid-users] Re: Squid not refreshing cache for some URL's
Peter Rundle wrote: > I've got a problem with my squid cache not refreshing for certain urls > like; > >http://www.bom.gov.au/weather/national/charts/synoptic.shtml According to the Cacheability Test Engine (Google for it), that URL has no Expires, Cache Control, or Last-Modified header, so Squid has no way of knowing when newer content is available. This is the fault of the remote site, not Squid. Adam
[squid-users] Via header not inserted and HTTP/1.1 support
Hi guys: I'm new to Squid, and I'm not getting the Via: xxx header added to the HTTP responses from Squid. I do get the X-Cache header all right though. The Via header is required by HTTP/1.1, but I noticed that Squid always replies with an HTTP/1.0 response. The questions are: 1) Does squid support HTTP/1.1? 2) How can I get it to insert the Via: xxx header in its HTTP/1.0 replies anyway? I've searched the FAQ, docs, etc., they are rather poor and don't mention these matters. Thanks for your help, Ruben
[squid-users] Re: Squid performance issue [again]
Hwee Khoon, Neo wrote: > Just read in http://www.oreilly.com/catalog/squid/chapter/ch08.pdf that > you should never use RAID for squid cache directories because it always > degrades filesystem performance for squid. RAID 5 will kill Squid performance, but other types shouldn't have much of an impact beyond the normal effects of that RAID setup on I/O performance. Adam
[squid-users] RE: efficient IP ACLs
Michael Pophal wrote: > I assumed, it is a matter of ACL number. I can have 10 ACLs or 1 ACL in > the squid. But I don't know, how squid does handle this internally, so > you may be right and it doesn't matter anyway. > Sure, I want to permit only the allowed IPs on the proxy, but it is also > a matter of performance. We have about 7600 IP ACLs, which could be > reduced by compacting them to lager subnets. In an absolute sense, reducing the number of acls will improve Squid performance (as well as making your config files easier to read). In reality, Squid normally bottlenecks on disk I/O well before anything else. Adam
[squid-users] Re: NTLM / Winbind 3 / NSSWITCH
[EMAIL PROTECTED] wrote: > I've still the problem with logging the authentification via NTLM. > I think it's not my squid.conf... I'have problems with the communication > between NT-PDC - Squid - Client, but Winbind alone works properly > (response: success). Do you have success for both plaintext and challenge response? Post the output of 'wbinfo -a user%password' if you are not sure. > I think it might coult be that it's the NSSWITCH.conf... am I on the wrong > path? Yes. nsswitch.conf has nothing to do with integrating Squid with a Windows-style domain. You only need nsswitch.conf when you want your entire system (not just Squid) to use the domain as an information source. Adam
[squid-users] Re: Uninstalling Squid
P.V.Sankar wrote: > I would like to know how to uninstall squid on Linux platform. My > requirement is i want upgrade from squid version squid-2.5.STABLE1 to > squid-2.5.STABLE5. You don't need to uninstall first to upgrade. Just install over it. Adam
[squid-users] Re: [Ilugc] RE: [squid-users] NCSA auth
hello srinivasa, Thanks For help. I did not find icp_port 0: " #--please add following lines after icp_port 0 " However there is : # icp_port 3130 so I put the lines there. I hope it is ok Thanks Varun Srinivasa Rao Katta wrote: Varun, How are you? Please add following lines into /etc/squid.conf #--please add following lines after icp_port 0 auth_param basic program /usr/lib/squid/ncsa_auth /usr/lib/squid/etc/passwd auth_param basic children 5 auth_param basic realm Tell me your user name and password auth_param basic credentialsttl 30 minutes #--- #-Please add following line before any http_access starts -- acl authentic proxy_auth REQUIRED http_access allow authentic #--- Please use /usr/bin/htpasswd -c /usr/lib/squid/etc/passwd user-id passwd for to add the user and passwd to NCSA database. Please stop/start the squid daemon after added above things. /etc/init.d squid stop /etc/init.d squid start Please letme know,If you have any questions or concerns. Best of Luck. Thanks, Srinivas -Original Message- From: Varun [mailto:[EMAIL PROTECTED] Sent: Saturday, May 15, 2004 8:37 AM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: [squid-users] NCSA auth hello, I want to use NCSA based auth with IP of machines. I am using now only IP for acl as follows : acl abc src 192.168.0.1 http_access allow abc I want to add say username and password also for auth using NCSA. I believe I need to add the following line in squid.conf authenticate_program /usr/local/squid/bin/ncsa_auth /usr/local/squid/etc/passwd I am not sure exactly where to add the above line. Futher I need to create the file passwd in /usr/local/squid/etc/ Howto add username and password to the file passwd? What should I add to my present acl in squid.conf to add NCSA auth with username and password ? Thanks in advance Varun ___ To unsubscribe, email [EMAIL PROTECTED] with "unsubscribe address" in the subject or body of the message. http://www.ae.iitm.ac.in/mailman/listinfo/ilugc
[squid-users] NTLM / Winbind 3 / NSSWITCH
Hi I've still the problem with logging the authentification via NTLM. I think it's not my squid.conf... I'have problems with the communication between NT-PDC - Squid - Client, but Winbind alone works properly (response: success). I think it might coult be that it's the NSSWITCH.conf... am I on the wrong path? # nsswitch.conf: passwd: files winbind3 shadow: files group: files winbind3 hosts: files nisplus nis dns bootparams: nisplus [NOTFOUND=return] files ethers: files netmasks: files networks: files protocols: files rpc:files services: files netgroup: nisplus publickey: nisplus automount: files nisplus aliases:files nisplus # Is this correct configured for the NTLM/Winbind usage? Thx
Re: [squid-users] Bypassing local address
This can be done with a proxy configuration file. The file needs to be
accessible by an internal network Web Server. Like:
http://our-orgs-server.internal.net/proxy.pac
The contents of the proxy.pac file could look like:
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
function FindProxyForURL(url, host)
{
// Direct connections to non-FQDN hosts
if (isPlainHostName(host)) {
return "DIRECT";
}
// Direct connections to local domain
if (dnsDomainIs(host, ".internal.net") ||
dnsDomainIs(host, ".sub-org1.net") ||
dnsDomainIs(host, ".sub-org2.net") ||
dnsDomainIs(host, "192.168.")||
dnsDomainIs(host, "192.168.20.250") ||
dnsDomainIs(host, "www.peer-org.com")) {
return "DIRECT";
}
else
if (url.substring(0, 5) == "http:" ||
url.substring(0, 6) == "https:" ||
url.substring(0, 6) == "snews:";) {
return "PROXY proxy1.internal.net:3128;" +
"PROXY proxy2.internal.net:3128";
}
else
if (url.substring(0, 4) == "ftp:") {
return "PROXY proxy1.internal.net:3128;" +
"PROXY proxy2.internal.net:8081";
}
else
if (url.substring(0, 6) == "socks:") {
return "PROXY proxy2.internal.net:1080;";
}
else
{
// Otherwise use proxy servers
return "DIRECT";
}
}
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
The proxy.pac file may be used by IE, Mozilla (FireFox/Thunderbird),
Netscape.IE proxy.pac setting may be done via group policies.
Hope this helps...
Tim
--
Timothy E. Neto
Computer Systems Engineer Komatsu Canada Limited
Ph#: 905-625-6292 x265 1725B Sismet Road
Fax: 905-625-6348 Mississauga, Ontario, Canada
E-Mail: [EMAIL PROTECTED] L4W 1P9
--
Animateur cyber de Saint-Thonan (Stéphane Ascoët) wrote:
Hello,
You should configure browsers so they don't use proxy for this domain.
[squid-users] Bypassing local address
Hello, You should configure browsers so they don't use proxy for this domain. -- Mail, Camino & AW6.2.9 under eMac OS X.2.8 (viruses ? what's that ? :-) ) Sincerely, Stephane http://stephaneascoet.ifrance.com
AW: [squid-users] Re: Squid as Protocol changer
We can't use SSH because the "extreme" old system isn't able to support it. Extremly bad I know ! -Ursprüngliche Nachricht- Von: Adam Aube [mailto:[EMAIL PROTECTED] Gesendet: Dienstag, 18. Mai 2004 02:49 An: [EMAIL PROTECTED] Betreff: [squid-users] Re: Squid as Protocol changer Maurer Roland MKG-Bank wrote: > We want to use http over internet to look on an "telnet" UNIX host in our > firm. Squid does not support this. However, you can setup Squid's acls to permit the CONNECT method over port 23, then use a tool that tunnels through proxies using the CONNECT method to connect. Search Google for "tunnel proy CONNECT" for more info. I have to ask, though - why not just use SSH? Adam --- Diese Nachricht ist vertraulich und nur fuer die bezeichneten Empfaenger bestimmt. Wenn Sie nicht der vorgesehene Adressat dieser E-Mail oder dessen Vertreter sein sollten, so beachten Sie bitte, dass jede Form der Kenntnisnahme, Veroeffentlichung, Vervielfaeltigung oder Weitergabe des Inhalts dieser E-Mail unzulaessig ist. Wir bitten Sie, sich in diesem Fall mit dem Absender der E-Mail in Verbindung zu setzen. Wir weisen ausserdem darauf hin, dass E-Mails verloren gehen, veraendert oder verfaelscht werden koennen. Herkoemmliche E-Mails sind nicht gegen den Zugriff von Dritten geschuetzt und deshalb ist auch die Vertraulichkeit unter Umstaenden nicht gewahrt. Der Inhalt der E-Mail ist nur rechtsverbindlich, wenn er unsererseits durch einen Brief entsprechend bestaetigt wird. Sollte trotz der von uns verwendeten Virenschutz-Programme durch die Zusendung von E-Mails ein Virus in Ihre Systeme gelangen, so haften wir nicht fuer eventuell hieraus entstehende Schaeden. The information transmitted is confidential and intended only for the person or entity to which it is addressed. If you are not the intended addressee of this e-mail or his representative, please be aware that any kind of review, publication, reproduction or retransmission of the content of this e-mail is prohibited. In this case your are requested to contact the sender of the e-mail. Furthermore, we point out that e-mails may get lost, be changed or falsified. Normal e-mails are not protected against access by third parties and consequently their confidentiality may not be assured in certain circumstances. The content of this e-mail is only legally binding if it is confirmed by a letter from our side. Should any virus enter your systems in connection with this e-mail despite our use of antivirus software, we cannot be held liable for any possible damages. ---
Re: [squid-users] Multi NIC
yes it will work - Original Message - From: "adrian.wells" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, May 18, 2004 11:30 AM Subject: [squid-users] Multi NIC > Is it possible to have one instance of Squid servicing two NIC's on > different address ranges as I need to service another domain on my squid box > > e.g. > > Outward facing > > 217.xxx.xxx.xxx (This is working now) > > Inward Facing > > 100.xxx.xxx.xxx (This is working now) > > > > I want to add anther inward facing NIC, say > > 10.xxx.xxx.xxx > > Is it just a case of issueing another http_port instruction > > so that my confg will look like > > http_port 100.xxx.xxx.xxx:port > http_port 10.xxx.xxx.xxx:port > udp_incoming_address 217.xxx.xxx.xxx.xxx > > etc. > > Kind regards > Adrian > >
Re: [squid-users] Uninstalling Squid
P.V.Sankar wrote: Hello, I would like to know how to uninstall squid on Linux platform. My requirement is i want upgrade from squid version squid-2.5.STABLE1 to squid-2.5.STABLE5. Regards, Sankar see http://www.squid-cache.org/mail-archive/squid-users/200305/0207.html Emilio C. smime.p7s Description: S/MIME Cryptographic Signature
RE: [squid-users] Swapin MD5 mismatch
> > Dear all, > Iam running squid and after 20 minutes (or more) i found > warning message " 1 > swapin MD5 mismatch" and all user can't browsing, to resolve > problem i do > "killall squid" and then i restart squid. > > Can any body help me to fix this problem... http://www.squid-cache.org/Doc/FAQ/FAQ-12.html#ss12.37 This shouldn't prevent your users from browsing. If so however, which error is returned in the browser, then ? Do you have other errors in SQUID's cache.log ? Which version of squid are you using ? On which platform/os/version ? M.
Re: [squid-users] Swapin MD5 mismatch
David Kandou wrote: Dear all, Iam running squid and after 20 minutes (or more) i found warning message " 1 swapin MD5 mismatch" and all user can't browsing, to resolve problem i do "killall squid" and then i restart squid. Can any body help me to fix this problem... Regards, David Kandou http://www.squid-cache.org/Doc/FAQ/FAQ-12.html#ss12.37 Emilio C. smime.p7s Description: S/MIME Cryptographic Signature
[squid-users] IDENT + external acl type
Hi folks, I'm trying to get external acl's to work with IDENT reply after I gave up NTLM auth. When I configure squid to use it like this : external_acl_type ident_auth concurrency=5 ttl=900 cache=5 %IDENT /root/auth.sh acl browsing external ident_auth http_access allow browsing and the script contains this : !/bin/sh # mysqluser=user mysqlpass=pass mysqlprog=`which mysql` if [ "$mysqlprog" = "" ]; then echo "MySQL not found!" exit 1 fi while read username; do # echo $username status=`$mysqlprog -h -u $mysqluser -p$mysqlpass -D postfix -e "SELECT clear FROM users WHERE email='$username'"` if [ "$status" = "" ]; then echo "ERR" else echo "OK" fi done This works ok, for a couple of requests, but when doing more than a few requests (like 10) from one pc, some of the GET requests do not get authenticated, so some websites display page without or with a few images, or don't display at all. I tried fiddling with authenticate_cache_garbage_interval 5 minutes authenticate_ttl 1 hour but this did not help. Is there any way to debug this, or are there any known problems with this type of setup ? This is my squid version, on debian sarge. Squid Cache: Version 2.5.STABLE5 configure options: --prefix=/usr --exec_prefix=/usr --bindir=/usr/sbin --sbindir=/usr/sbin --libexecdir=/usr/lib/squid --sysconfdir=/etc --localstatedir=/var/spool/squid --datadir=/usr/share/squid --enable-async-io --with-pthreads --enable-storeio=ufs,aufs,diskd,null --enable-linux-netfilter --enable-arp-acl --enable-removal-policies=lru,heap --enable-snmp --enable-delay-pools --enable-htcp --enable-poll --enable-cache-digests --enable-underscores --enable-referer-log --enable-useragent-log --enable-auth=basic,digest,ntlm i386-debian-linux Thanks, Pieterjan Heyse Scheppersintituut Wetteren Cooppallaan 128 9230 Wetteren Tel: 09 3692072 Fax: 09 3661348 mailto:[EMAIL PROTECTED]
[squid-users] Swapin MD5 mismatch
Dear all, Iam running squid and after 20 minutes (or more) i found warning message " 1 swapin MD5 mismatch" and all user can't browsing, to resolve problem i do "killall squid" and then i restart squid. Can any body help me to fix this problem... Regards, David Kandou
[squid-users] Uninstalling Squid
Hello, I would like to know how to uninstall squid on Linux platform. My requirement is i want upgrade from squid version squid-2.5.STABLE1 to squid-2.5.STABLE5. Regards, Sankar
[squid-users] Multi NIC
Is it possible to have one instance of Squid servicing two NIC's on different address ranges as I need to service another domain on my squid box e.g. Outward facing 217.xxx.xxx.xxx (This is working now) Inward Facing 100.xxx.xxx.xxx (This is working now) I want to add anther inward facing NIC, say 10.xxx.xxx.xxx Is it just a case of issueing another http_port instruction so that my confg will look like http_port 100.xxx.xxx.xxx:port http_port 10.xxx.xxx.xxx:port udp_incoming_address 217.xxx.xxx.xxx.xxx etc. Kind regards Adrian
[squid-users] URL forwarding, how ??
Dear Squid-List, I am a complete SQUID beginner (< 1 week) but have been asked to configure our new installation and am in need of help ! What I am trying to do first is filter requests on my proxy that are for a number of different URL's and pass the requests for those URL's on to the server which hosts that site. Each URL is hosted by a differnet server, so for example develop.travel.com -> 10.50.1.1 stageing.travel.com -> 10.50.1.2 live.travel.com -> 10.50.1.3 etc etc But I have no idea which ACL's and rules I need to put into my config to get this working. Any hints would be greatly appreciated. Many thanks, Mark Abbiss
