[squid-users] mime type based extension blocking
Hai, I am very new to this group and coudn't find answer for my query in the archives. I want to block certain extensions to get downloaded.(for ex. exe) It works fine with the following rule. acl exe-filter urlpath_regex -i \.exe\?* http_access deny exe-filter But it also blocks urls which contains exe in it, though its not an exe download.I heard that we can solve this issue by implementing squid2.5 and using http_reply_access rep_mime_type. Can you please send me the correct syntax to use for my case? Please help me Sarav __ Do you Yahoo!? Yahoo! Domains Claim yours for only $14.70/year http://smallbusiness.promotions.yahoo.com/offer
[squid-users] How can I uninstall squid from FreeBSD?
Hi Frndz, Please suggest me regarding the question mentioned as Subject. Thank you. Regards Pundaleek ERNET Helpdesk
Re: [squid-users] Re: Re: Help with GAIM through squid!
Gents, I think this not a squid problem. I'm having the same problem with the new versions of Gaim, while it worked with older versions. So I suggest you to contact Gaim developers. B Adam Aube wrote: Boniforti Flavio wrote: Do these two lines do the job? acl SSL_ports port 22 443 460 563 1863 5190 1 acl Safe_ports port 1025-65535 # unregistered ports Yes, those lines work - unless there is traffic on other ports that also needs to be allowed. Check your access.log to see. Adam -- You can find me on Google or Yahoo... search for Schelstraete Bart or Bart Schelstraete Schelstraete Bart http://www.hansbeke.com email: bart at schelstraete.org
Re: [squid-users] How can I set a daily maximum download amount ? (2nd post....)
On Thu, May 20, 2004 at 01:37:03PM +0200, Valter Dal Bo wrote: Seeing that nobody has ever acknowledged receiving or reading this messages, I'm posting it again. :-) You have received a reply. Christoph -- ~ ~ .signature [Modified] 3 lines --100%--3,41 All
Re: [squid-users] mime type based extension blocking
On Sat, May 22, 2004 at 11:05:41PM -0700, saravanan ganapathy wrote: I am very new to this group and coudn't find answer for my query in the archives. I want to block certain extensions to get downloaded.(for ex. exe) It works fine with the following rule. acl exe-filter urlpath_regex -i \.exe\?* http_access deny exe-filter But it also blocks urls which contains exe in it, though its not an exe download.I heard that we can solve this issue by implementing squid2.5 and using http_reply_access rep_mime_type. Use the rep_mime_type if you can. That allows you to filter based on the MIME type that the web server returns. By the way... this may be better if you insist on using the urlpath_regex: acl exe-filter urlpath_regex -i \.(zip|exe|cmd)($|\?) Christoph -- ~ ~ .signature [Modified] 3 lines --100%--3,41 All
[squid-users] dedicatd Squid Accelerate
is there method to cache MS Windows Update dwonloads using dedicated Squid acting as Accelerator ? Using Squid as accelerator: I used my client to going www.microsoft.com and that's all right, instead when I click on WindowsUpdate link (http://v4.windowsupdate.microsoft.com) after about 40 seconds browser gets an error. Where can it be error ? 1- When MS Windows Update starts on client, browser runs several javascript functions; perhaps could it (javascript ?!) be the cause of this problem with Squid Accelerator ? 2- Squid Acc. should have to do a simple page request to MS site and ,when Squid receives the anwser from MS , it should have to send it to client. OK ?! I saw http traffic with tcpdump and I noted communication, among client and squid acc., teminates without particolar signs (no reset package, ). __ Tiscali ADSL libera la velocita'! Attiva Senza Canone entro il 31 maggio: navighi a 1,5 euro l'ora per i primi 3 mesi,se scegli il modem e' tuo in comodato gratuito e in piu' hai gratis SuperMail per 12 mesi. Non aspettare, attivala subito! http://abbonati.tiscali.it/adsl/prodotti/640Kbps/
[squid-users] TCP_DENIED/403 1402 GET
Hello, I searched the archives, edited my ACLs, but I can't figure this one out. A Version 2.5.STABLE5 that seemed to be working fine is now rejecting users with an access denied message. My access log has entries like the following: 1085339278.198 2 192.168.253.14 TCP_DENIED/403 1352 GET http://slashdot.org/ - NONE/- text/html 1085340459.256 2 192.168.253.14 TCP_DENIED/403 1356 GET http://macintouch.com/ - NONE/- text/html My squid box is sitting in a DMZ behind the firewall, so I'd like to just run pretty lax security on it. The conf file, which I'm trying to keep simple, has the following ACLs: acl all src 0.0.0.0/255.255.255.255 http_access allow src 192.168.0.0/255.255.0.0 http_access allow all # Added out of frustration http_access deny all Thoughts? --jorn smime.p7s Description: S/MIME cryptographic signature
Re: [squid-users] TCP_DENIED/403 1402 GET
On Sun, May 23, 2004 at 03:35:13PM -0500, jorn wrote: Hello, I searched the archives, edited my ACLs, but I can't figure this one out. A Version 2.5.STABLE5 that seemed to be working fine is now rejecting users with an access denied message. My access log has entries like the following: 1085339278.198 2 192.168.253.14 TCP_DENIED/403 1352 GET http://slashdot.org/ - NONE/- text/html 1085340459.256 2 192.168.253.14 TCP_DENIED/403 1356 GET http://macintouch.com/ - NONE/- text/html My squid box is sitting in a DMZ behind the firewall, so I'd like to just run pretty lax security on it. The conf file, which I'm trying to keep simple, has the following ACLs: acl all src 0.0.0.0/255.255.255.255 http_access allow src 192.168.0.0/255.255.0.0 http_access allow all # Added out of frustration http_access deny all Thoughts? Try this: debug_options ALL,1 33,2 and watch your cache.log to see which ACL blocks you. Christoph -- ~ ~ .signature [Modified] 3 lines --100%--3,41 All
Re: [squid-users] TCP_DENIED/403 1402 GET
On May 23, 2004, at 3:57 PM, Christoph Haas wrote: Try this: debug_options ALL,1 33,2 and watch your cache.log to see which ACL blocks you. Christoph -- My cache.log seemed to show no more interesting data than before, which is essentially startup data and nothing else. Even when I set : debug_options ALL,7 I seem to get no more data. Odd. smime.p7s Description: S/MIME cryptographic signature
Re: [squid-users] TCP_DENIED/403 1402 GET
On May 23, 2004, at 3:57 PM, Christoph Haas wrote: Try this: debug_options ALL,1 33,2 and watch your cache.log to see which ACL blocks you. Christoph -- My cache.log seemed to show no more interesting data than before, which is essentially startup data and nothing else. Even when I set : debug_options ALL,7 I seem to get no more data. Odd. smime.p7s Description: S/MIME cryptographic signature
Re: [squid-users] TCP_DENIED/403 1402 GET
On Sun, May 23, 2004 at 04:32:23PM -0500, jorn wrote: On May 23, 2004, at 3:57 PM, Christoph Haas wrote: Try this: debug_options ALL,1 33,2 and watch your cache.log to see which ACL blocks you. Christoph My cache.log seemed to show no more interesting data than before, which is essentially startup data and nothing else. Even when I set : debug_options ALL,7 I seem to get no more data. Odd. May I assume you have restarted squid? Christoph -- ~ ~ .signature [Modified] 3 lines --100%--3,41 All
Re: [squid-users] TCP_DENIED/403 1402 GET
On May 23, 2004, at 4:49 PM, Christoph Haas wrote: May I assume you have restarted squid? Christoph A fair question. :) The answer is yes, several times. I even started it and kept it from running in the background: squid -N -d 9 Nothing useful came up on my console; nothing. I'm a bit confused. :-/ smime.p7s Description: S/MIME cryptographic signature
Re: [squid-users] TCP_DENIED/403 1402 GET
It seems that your netmask ACL on ALL is a bit messy, try not to use 255.255.255.255, use 0.0.0.0 instead... Hello, I searched the archives, edited my ACLs, but I can't figure this one out. A Version 2.5.STABLE5 that seemed to be working fine is now rejecting users with an access denied message. My access log has entries like the following: 1085339278.198 2 192.168.253.14 TCP_DENIED/403 1352 GET http://slashdot.org/ - NONE/- text/html 1085340459.256 2 192.168.253.14 TCP_DENIED/403 1356 GET http://macintouch.com/ - NONE/- text/html My squid box is sitting in a DMZ behind the firewall, so I'd like to just run pretty lax security on it. The conf file, which I'm trying to keep simple, has the following ACLs: acl all src 0.0.0.0/255.255.255.255 http_access allow src 192.168.0.0/255.255.0.0 http_access allow all # Added out of frustration http_access deny all Thoughts? --jorn
Fw: [squid-users] TCP_DENIED/403 1402 GET
And by the way, 192.168.0.0/255.255.0.0 is correct? are you using class B on 192.168? instead of using class C? - Original Message - From: Jose Nathaniel Nengasca [EMAIL PROTECTED] To: Squid Mailing List [EMAIL PROTECTED] Sent: Monday, May 24, 2004 11:12 AM Subject: Re: [squid-users] TCP_DENIED/403 1402 GET It seems that your netmask ACL on ALL is a bit messy, try not to use 255.255.255.255, use 0.0.0.0 instead... Hello, I searched the archives, edited my ACLs, but I can't figure this one out. A Version 2.5.STABLE5 that seemed to be working fine is now rejecting users with an access denied message. My access log has entries like the following: 1085339278.198 2 192.168.253.14 TCP_DENIED/403 1352 GET http://slashdot.org/ - NONE/- text/html 1085340459.256 2 192.168.253.14 TCP_DENIED/403 1356 GET http://macintouch.com/ - NONE/- text/html My squid box is sitting in a DMZ behind the firewall, so I'd like to just run pretty lax security on it. The conf file, which I'm trying to keep simple, has the following ACLs: acl all src 0.0.0.0/255.255.255.255 http_access allow src 192.168.0.0/255.255.0.0 http_access allow all # Added out of frustration http_access deny all Thoughts? --jorn
Re: Fw: [squid-users] TCP_DENIED/403 1402 GET
On Mon, 24 May 2004, Jose Nathaniel Nengasca wrote: And by the way, 192.168.0.0/255.255.0.0 is correct? are you using class B on 192.168? instead of using class C? Network classes are meaningless in the context of Squid Access Control Lists. Either of the following forms will match any host assigned an IP address with 192.168 in the high-order octets of the source address. acl localnet src 192.168.0.0/16 acl localnet src 192.168.0.0/255.255.0.0 The following acl shouldn't match anything as the netmask requires all octets of the IP address to be 0B. acl all src 0.0.0.0/255.255.255.255 The following acl matches all IP addresses. acl all src 0.0.0.0/0.0.0.0 The following should work. http_access allow localnet http_access deny !localnet http_access allow all Merton Campbell Crockett - Original Message - From: Jose Nathaniel Nengasca [EMAIL PROTECTED] To: Squid Mailing List [EMAIL PROTECTED] Sent: Monday, May 24, 2004 11:12 AM Subject: Re: [squid-users] TCP_DENIED/403 1402 GET It seems that your netmask ACL on ALL is a bit messy, try not to use 255.255.255.255, use 0.0.0.0 instead... Hello, I searched the archives, edited my ACLs, but I can't figure this one out. A Version 2.5.STABLE5 that seemed to be working fine is now rejecting users with an access denied message. My access log has entries like the following: 1085339278.198 2 192.168.253.14 TCP_DENIED/403 1352 GET http://slashdot.org/ - NONE/- text/html 1085340459.256 2 192.168.253.14 TCP_DENIED/403 1356 GET http://macintouch.com/ - NONE/- text/html My squid box is sitting in a DMZ behind the firewall, so I'd like to just run pretty lax security on it. The conf file, which I'm trying to keep simple, has the following ACLs: acl all src 0.0.0.0/255.255.255.255 http_access allow src 192.168.0.0/255.255.0.0 http_access allow all # Added out of frustration http_access deny all Thoughts? --jorn -- BEGIN: vcard VERSION:3.0 FN: Merton Campbell Crockett ORG:General Dynamics Advanced Information Systems; Intelligence and Exploitation Systems N: Crockett;Merton;Campbell EMAIL;TYPE=internet:[EMAIL PROTECTED] TEL;TYPE=work,voice,msg,pref: +1(805)497-5045 TEL;TYPE=work,fax: +1(805)497-5050 TEL;TYPE=cell,voice,msg:+1(805)377-6762 END:vcard
Re: [squid-users] How can I uninstall squid from FreeBSD?
* User PUNDALEEK P Belamge ([EMAIL PROTECTED]): [I am the current maintainer of the FreeBSD squid ports] Hi Frndz, Please suggest me regarding the question mentioned as Subject. As Adam Aube already said: if you installed squid via the ports system, first use pkg_delete. Since pkg_delete just removes the static parts of the installation (binaries, documentation and data files) but not the squid user, your cache and your cache logs, you need to remove these manually. To remove the squid user, use pw userdel -r -n squid (if the squid user is named squid, which is the default when installing squid via the ports system). Do not remove the nobody user, though! Then remove /usr/local/squid (I assume that you left the cache and log directories in this directory) and any remains of /usr/local/etc/squid (this directory will be emptied and deleted by pkg_delete if you did not modify the supplied configuration).
Re: [squid-users] squid real-time statistic
On Sat, 22 May 2004 19:16:46 +0200 Andreas Pettersson [EMAIL PROTECTED] wrote: With squidclient you can see all ongoing file transfers by using this command: # squidclient -p port mgr:active_requests where port is the port on which squid is listening. Hope this can help you. /Andreas Is there any way to terminate some current connection? wbr, Ilya
