[squid-users] how does 'delay_pool' work ??

[Arianto C Nugroho]

Hi there..
I've been wondering about this for quite sometimes.. searching the
internet doesn't come up good..
for instance i have this design:
the Internet - router -- squid-proxy --- clients
I know that delay_pool could directy control the bandwidth between
the proxy and clients. But how does delay_pool control the bandwidth
between the internet and the proxy server ??
Thanks in advance

RE: [squid-users] how does 'delay_pool' work ??

[Elsen Marc]

 
 Hi there..
 I've been wondering about this for quite sometimes.. searching the
 internet doesn't come up good..
 
 for instance i have this design:
 
 the Internet - router -- squid-proxy --- clients
 
 I know that delay_pool could directy control the bandwidth between
 the proxy and clients. But how does delay_pool control the bandwidth
 between the internet and the proxy server ??
 

 It's the reverse !

 M.

Re: [squid-users] how does 'delay_pool' work ??

[Arianto C Nugroho]

Elsen Marc wrote:
 

Hi there..
I've been wondering about this for quite sometimes.. searching the
internet doesn't come up good..
for instance i have this design:
the Internet - router -- squid-proxy --- clients
I know that delay_pool could directy control the bandwidth between
the proxy and clients. But how does delay_pool control the bandwidth
between the internet and the proxy server ??

 It's the reverse !
  sorry, i don't follow.. what do you mean 'it's the reverse' ??

RE: [squid-users] how does 'delay_pool' work ??

[Elsen Marc]

 ...
 ...
 I know that delay_pool could directy control the bandwidth between
 the proxy and clients. But how does delay_pool control the bandwidth
 between the internet and the proxy server ??
 
  
  
   It's the reverse !
  
 
sorry, i don't follow.. what do you mean 'it's the reverse' ??
 
 
I mean that delay pools control the bandwith between the proxy
and the Internet.

M.

Re: [squid-users] ip_wccp kernel patch for 2.6.x

[Mark Tinka]

 --- Henrik Nordstrom [EMAIL PROTECTED] wrote: 

 It may also be worth noticing that the Linux IP/GRE
 module finally is 
 getting WCCP support, so soon there won't be any
 need to patch the Linux 
 kernel or use cludgy modules like ip_wccp in order
 to use WCCP.

oh now this is some great news.. any ideas on when
this might be, or better yet, which kernel
release..?..

Mark.

 
 Regards
 Henrik
  





___ALL-NEW Yahoo! Messenger - 
all new features - even more fun!  http://uk.messenger.yahoo.com

Re: [squid-users] how does 'delay_pool' work ??

[Arianto C Nugroho]

Elsen Marc wrote:
It's the reverse !
  sorry, i don't follow.. what do you mean 'it's the reverse' ??
 
I mean that delay pools control the bandwith between the proxy
and the Internet.

M.

  hmm.. how ?? how do you tell the remote servers how fast they should
 send data ??

[squid-users] ntlmssp_server_auth: failed to parse NTLMSSP

[David]

Hi Squid People,

Debian testing
Squid 2.5.6-8
Samba/Winbindd 3.0.7-1

From squid.conf:

auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 20
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 2 minutes

auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic
auth_param basic children 5
auth_param basic realm admin
auth_param basic credentialsttl 2 hours

From cache.log:

[2004/10/04 10:13:36, 1] libsmb/ntlmssp.c:ntlmssp_server_auth(549)
  ntlmssp_server_auth: failed to parse NTLMSSP:
[2004/10/04 10:13:36, 1] libsmb/ntlmssp.c:ntlmssp_server_auth(549)
  ntlmssp_server_auth: failed to parse NTLMSSP:
[2004/10/04 10:13:36, 1] libsmb/ntlmssp.c:ntlmssp_server_auth(549)
  ntlmssp_server_auth: failed to parse NTLMSSP:
[2004/10/04 10:13:36, 1] libsmb/ntlmssp.c:ntlmssp_server_auth(549)
  ntlmssp_server_auth: failed to parse NTLMSSP:
[2004/10/04 10:13:36, 1] libsmb/ntlmssp.c:ntlmssp_server_auth(549)
  ntlmssp_server_auth: failed to parse NTLMSSP:
[2004/10/04 10:13:36, 1] libsmb/ntlmssp.c:ntlmssp_server_auth(549)
  ntlmssp_server_auth: failed to parse NTLMSSP:
[2004/10/04 10:13:37, 1] libsmb/ntlmssp.c:ntlmssp_server_auth(549)
  ntlmssp_server_auth: failed to parse NTLMSSP:
[2004/10/04 10:13:37, 1] libsmb/ntlmssp.c:ntlmssp_server_auth(549)
  ntlmssp_server_auth: failed to parse NTLMSSP:
[2004/10/04 10:13:37, 1] libsmb/ntlmssp.c:ntlmssp_server_auth(549)
  ntlmssp_server_auth: failed to parse NTLMSSP:
[2004/10/04 10:13:38, 1] libsmb/ntlmssp.c:ntlmssp_server_auth(549)
  ntlmssp_server_auth: failed to parse NTLMSSP:
[2004/10/04 10:13:39, 1] libsmb/ntlmssp.c:ntlmssp_server_auth(549)
  ntlmssp_server_auth: failed to parse NTLMSSP:

The ntlm authentication seems to be working but the above logs have me worried 
all the same.

I've seen this asked before in the archives but have yet to see any 
resolution.  Am I just being blind?  Does anyone know what is causing this 
and have a fix for it?

Hopefully someone can just send me away with a link to the faq and a flea in 
my ear. ;-)

Cheers,

David.

This email is confidential and is intended solely for the use of the
parties to whom it is addressed.  If you are not the intended
recipient, be advised that you have received this email in error and
that any use, dissemination, forwarding, printing, or copying of this
email is strictly forbidden.  If you have received this email in error
please contact the sender.  Any views or opinions presented are solely
those of the author and do not necessarily represent the views of
Newcastle College.  Although this email and it’s attachments are
believed to be free of any virus or other defects which might affect
any computer or I.T. system into which they are received, no
responsibility is accepted by Newcastle College or any of it’s
associated companies for any loss or damage arising in any way from
the receipt or use thereof.

RE: [squid-users] how does 'delay_pool' work ??

[Elsen Marc]

 
 
hmm.. how ?? how do you tell the remote servers how fast 
 they should
   send data ??
 
Really, how do you tell the Internet how fast to serve
your SQUID ?

Sorry , the idea for delay pools is to limit ,if needed or wanted,
bw. resources
that clients can allocate from your Internet connection.

M.

[squid-users] Compiling Squid With Sun LDAP SDK 5.2

[Lewars, Mitchell \(EM, PTL\)]

Any tips on compiling Squid with the Sun Directory Server SDK?

We want to use the Auth_LDAP helper but we would like to use the Sun Directory Server 
SDK.

Thanks

Mitch

Re: [squid-users] ip_wccp kernel patch for 2.6.x

[Henrik Nordstrom]

On Mon, 4 Oct 2004, Mark Tinka wrote:
oh now this is some great news.. any ideas on when
this might be, or better yet, which kernel
release..?..
The next 2.6 release.. (2.6.9 if I am not mistaken)
Regards
Henrik

Re: [squid-users] header is tranprant squid

[A. Sajjad Zaidi]

Hello Kashif,

On Sat, Oct 02, 2004 at 07:57:49PM -0700, Kashif Ali Bukhari wrote:
 
 the problem is that when i check proxy from http://www.all-nettools.com/toolbox
 i get my server IP on u come from why don't i am  getting clint PC IP

That should be what you get since the proxy resends your request and
makes it look like it came from the server. Transparent mode just hides
(to an extent) the existence of the proxy from the user.

If you want to see your own IP, try this site:

http://www.showmyip.com/

though that still shows your proxy's details.

-- 
A. Sajjad Zaidi  http://www.sajjadzaidi.com/
GnuPG Key ID: 0xD7AD0E13
They redundantly repeated themselves over and over again incessantly without end -- 
anon

Re: [squid-users] how does 'delay_pool' work ??

[Henrik Nordstrom]

On Mon, 4 Oct 2004, Arianto C Nugroho wrote:
I know that delay_pool could directy control the bandwidth between
the proxy and clients. But how does delay_pool control the bandwidth
between the internet and the proxy server ??
This is what delay pools controls, amount of traffic each client downloads 
from the Internet via the proxy.

Regards
Henrik

Re: [squid-users] how does 'delay_pool' work ??

[Henrik Nordstrom]

On Mon, 4 Oct 2004, Arianto C Nugroho wrote:
hmm.. how ?? how do you tell the remote servers how fast they should
send data ??
By not reading data from the TCP connection faster than the delay pool 
allows such data to be delivered to the client (or actual delivery speed 
to client if less).

Regards
Henrik

Re: [squid-users] ntlmssp_server_auth: failed to parse NTLMSSP

[Henrik Nordstrom]

On Mon, 4 Oct 2004, David wrote:
[2004/10/04 10:13:36, 1] libsmb/ntlmssp.c:ntlmssp_server_auth(549)
 ntlmssp_server_auth: failed to parse NTLMSSP:
I've seen this asked before in the archives but have yet to see any
resolution.  Am I just being blind?  Does anyone know what is causing this
and have a fix for it?
There is two possible caused by this:
a) A client sent a malformed NTLMSSP authentication packet to your Squid, 
maybe in attempt to exploit bugs in other NTLMSSP implementations or by 
application error..

b) You have clients sending largeish NTLMSSP packets and your Squid is not 
in shape to deal with this 
url:http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE6-ntlmtruncated

If 'b' I would guess authentication is not successful for such clients.
If you see these very often then you should be able to make a pattern of 
which clients is causing this by matching the cache.log timestamps with 
requests in access.log (/407)

Regards
Henrik

[squid-users] Data-Transfer on blocked URL's?

[Peter Schulz-Kraus]

Hello,
how can I understand this?
In access.Log every TCP/DENIED line shows
about 1400 bytes Data-Transfer.
So I had 226 MB (!) TCP/DENIED-Traffic during
the last month. (200 Users)
What does squid do here?
Greetings, Peter

Re: [squid-users] Compiling Squid With Sun LDAP SDK 5.2

[Henrik Nordstrom]

On Mon, 4 Oct 2004, Lewars, Mitchell (EM, PTL) wrote:
Any tips on compiling Squid with the Sun Directory Server SDK?
Assuming the Sun Directory Server SDK implements the standard C 
interfaces to LDAP then it should work just fine, but as always it may 
need some small adjustments to compile with another SDK than used by the 
developers (we use OpenLDAP).

We want to use the Auth_LDAP helper but we would like to use the Sun Directory Server SDK.
Is there any specific reason to why you do not use the OpenLDAP SDK?
Regards
Henrik

Re: [squid-users] Compiling Squid With Sun LDAP SDK 5.2

[Tim Neto]

Why do you need to compile additional helpers.   The standard 
squid_ldap_auth and squid_ldap_group helpers work fine against the 
SunONE Directory server 5.2.  I have been using Squid 2.5 STABLE 5 since 
January against SunONE Directory Server 5.2.   Here are some snippets 
from my Squid config file.

---
auth_param basic program /usr/lib/squid/squid_ldap_auth -h 
ldap_host.your_domain.org -p ldap_port -P -b o=base_ou -f 
(|(uid=%s)(mail=%s))
auth_param basic children 20
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 5 minute
external_acl_type ldap_group %LOGIN /usr/lib/squid/squid_ldap_group -h 
ldap_host.your_domain.org -p ldap_port -P -b o=base_ou  -F 
(|(uid=%s)(mail=%s)) -f 
((cn=%g)(uniquemember=%u)(objectClass=groupOfUniqueNames))
---

I recently added to the LDAP query the ability to authenticate with the 
user's E-Mail address.  This allowed for the distinguishing of duplicate 
users in the LDAP database.   JDough of sub-company-A verses JDough of 
sub-company-B.   The user enters their ID as 
[EMAIL PROTECTED]

Biggest things to watch for are DNS (/etc/hosts) resolution of the LDAP 
host, and your understanding of the structure of your LDAP schema.
Initially I had trouble with querying the LDAP schema.  I was trying to 
make it too complex.

No point in chasing encryption of the LDAP binds (unless you absolutely 
have to), currently none of the common browers support encryption for 
proxy challenges.

Tim
---
Timothy E. Neto
Computer Systems Engineer Komatsu Canada Limited
Ph#: 905-625-6292 x2651725B Sismet Road
Fax: 905-625-6348 Mississauga, Canada
E-Mail: [EMAIL PROTECTED]  L4W 1P9
---

Lewars, Mitchell (EM, PTL) wrote:
Any tips on compiling Squid with the Sun Directory Server SDK?
We want to use the Auth_LDAP helper but we would like to use the Sun Directory Server 
SDK.
Thanks
Mitch
 

[squid-users] Unable to retrieve files via FTP

[Adam Engel]

All,
I am having trouble being able to retrieve files in the form of:
ftp://ftp.redhat.com/pub/redhat/updates/6.2/i386/libtiff-3.5.5-2.i386.rpm
From IE.
My settings in squid are:
acl FTP_allowed proto FTP
acl Safe_ports port 21  # ftp
acl Safe_ports port 2121# proxied ftp
http_access allow FTP_allowed all
I have changed my IE settings to use ports 2121 and 21 but I am still 
getting Cannot find server
Netstat shows nothing listening on either ports.

What else should I look for?
Regards,
Adam

RE: [squid-users] Unable to retrieve files via FTP

[Elsen Marc]

 
 All,
 
 I am having trouble being able to retrieve files in the form of:
 
 ftp://ftp.redhat.com/pub/redhat/updates/6.2/i386/libtiff-3.5.5
-2.i386.rpm

...
What else should I look for?
 
 Depends what the error in the browser was.
 I tried , but in Mozilla, Squid replies that the given
directory does not exist.

 Things to take into account for IE :

 In advanced internet options :

- Disable folder view for ftp sites
- Disable show friendly error messages.
 
 MS has it's own idea about what 'friendly' means to
 the Internet world :-).

 M.

Re: [squid-users] Unable to retrieve files via FTP

[Klodian Hima]

You need to add in squid.conf the following.

acl Safe_ports port 20  # ftp-date
acl Safe_ports port 1023-65535 # unregistered ports

RG,
Klodi



- Original Message - 
From: Adam Engel [EMAIL PROTECTED]
To: Squid (E-mail) [EMAIL PROTECTED]
Sent: Monday, October 04, 2004 3:19 PM
Subject: [squid-users] Unable to retrieve files via FTP


 All,
 
 I am having trouble being able to retrieve files in the form of:
 
 ftp://ftp.redhat.com/pub/redhat/updates/6.2/i386/libtiff-3.5.5-2.i386.rpm
 
  From IE.
 
 My settings in squid are:
 
 acl FTP_allowed proto FTP
 acl Safe_ports port 21  # ftp
 acl Safe_ports port 2121# proxied ftp
 http_access allow FTP_allowed all
 
 I have changed my IE settings to use ports 2121 and 21 but I am still 
 getting Cannot find server
 Netstat shows nothing listening on either ports.
 
 
 What else should I look for?
 
 Regards,
 Adam
 
 
 


This message contains privileged and confidential information and is 
intended only for the individual named. 
If you are not the intended recepient you should not disseminate, 
distribute, store, print, copy or deliver this message. 
Please notify the sender immediately by e-mail if you have received 
this e-mail by mistake, and immediately delete this e-mail from your system

[squid-users] Patch for load-balancing et HA in Squid-ICAP client

[Stephane DAVY]

Hello,

please find below a message posted on the squid-icapClient ML. Actually,
there is not so much activity on this list even if people are interested
in ICAP stuff in Squid. This message deals with HA and load-balancing,
and testing is needed so any feedback is welcome.

Thanks,

Stéphane



 Objet: [squid-icapClient] Patch for load-balancing et HA
 Date: Mon, 04 Oct 2004 14:54:34 +0200
 Hello all,
 
 here is a patch from Luc Saillard (Alcove company) which implements
 load-balancing and HA. You can define a service using different
 serveurs, and for each request we take the next server if this one is
 reachable:
 icap_service service_1 reqmod_precache icap://server1:1344/wwreqmod
 icap_service service_1 reqmod_precache icap://server2:1344/wwreqmod
 icap_service service_1 reqmod_precache icap://server3:1344/wwreqmod
 
 
 The patch should be applied against the latest tarball available here:
 http://www.squid-cache.org/~wessels/squid-icap-2.5/
 
 Dont' forget to run bootstrap.sh before configure
 
 Feedback is welcome at the following address:
 [EMAIL PROTECTED] and of course on this ML
 
 Enjoy!
 
-- 
Stephane DAVY [EMAIL PROTECTED]
--- squid-icap-2.5-200409161544.orig/src/cache_cf.c	Wed Aug  4 21:47:58 2004
+++ squid-icap-2.5-200409161544/src/cache_cf.c	Tue Sep 28 15:44:03 2004
@@ -2299,13 +2299,27 @@
  */
 
 static void
-icap_service_list_add(icap_service_list ** isl, icap_service * service)
+icap_service_list_add(icap_service_list ** isl, char * service_name)
 {
 icap_service_list **iter;
 icap_service_list *new;
+icap_service  *gbl_service;
+int	  i;
+int		  max_services;
 
 new = memAllocate(MEM_ICAP_SERVICE_LIST);
-new-service = service;
+/* Found all services with that name, and add to the array */
+max_services = sizeof(new-services)/sizeof(icap_service *);
+gbl_service = Config.icapcfg.service_head;
+i=0;
+while(gbl_service  i  max_services) {
+   if (!strcmp(service_name, gbl_service-name)) {
+	  new-services[i++] = gbl_service;
+	  break;
+   }
+   gbl_service = gbl_service-next;
+}
+new-nservices = i;
 
 if (*isl) {
 	iter = isl;
@@ -2400,7 +2414,7 @@
 for (iter = c-services; iter; iter = iter-next) {
 	service = icap_service_lookup(iter-key);
 	if (service) {
-	icap_service_list_add(isl, service);
+	icap_service_list_add(isl, iter-key);
 	} else {
 	debug(3, 0) (icap_class_process (line %d): skipping service %s in class %s\n, config_lineno, iter-key, c-name);
 	}
@@ -2493,7 +2507,9 @@
 		c-hidden = 1;
 		wordlistAdd(c-services, A-service_name);
 		c-isl = memAllocate(MEM_ICAP_SERVICE_LIST);
-		c-isl-service = s;
+		/* FIXME:luc: check what access do */
+		c-isl-services[0] = s;
+		c-isl-nservices = 1;
 		icap_class_add(c);
 		A-class = c;
 	} else {
@@ -2592,7 +2608,9 @@
 	printf(  %s: \n, c_iter-name);
 	printf(services = \n);
 	for (isl_iter = c_iter-isl; isl_iter; isl_iter = isl_iter-next) {
-	printf(  %s\n, isl_iter-service-name);
+	   int i;
+	   for (i = 0; i  isl_iter-nservices; i++)
+	 printf(  %s\n, isl_iter-services[i]-name);
 	}
 }
 debug(3, 0) (IcapConfig: access =\n);
--- squid-icap-2.5-200409161544.orig/src/icap_common.c	Sat Apr  3 23:12:55 2004
+++ squid-icap-2.5-200409161544/src/icap_common.c	Tue Sep 28 15:36:03 2004
@@ -140,6 +140,8 @@
 icapService(icap_service_t type, request_t * r)
 {
 icap_service_list *isl_iter;
+int is_iter;
+
 debug(81, 8) (icapService: type=%s\n, icapServiceToStr(type));
 if (NULL == r) {
 	debug(81, 8) (icapService: no request_t\n);
@@ -150,10 +152,27 @@
 	return NULL;
 }
 for (isl_iter = r-class-isl; isl_iter; isl_iter = isl_iter-next) {
-	if (type == isl_iter-service-type) {
-	debug(81, 8) (icapService: found service %s\n, isl_iter-service-name);
-	return isl_iter-service;
-	}
+/* TODO:luc: Do a round-robin, choose a random value ? 
+	 * For now, we use a simple round robin with checking is the
+	 * icap server is available */
+	is_iter = isl_iter-last_service_used;
+	do
+	 {
+	   is_iter = (is_iter + 1) % isl_iter-nservices;
+	   debug(81, 9) (icapService: checking service %s/id=%d\n,isl_iter-services[is_iter]-name,is_iter);
+	   if (type == isl_iter-services[is_iter]-type)
+	{
+	  if (!isl_iter-services[is_iter]-unreachable)
+	   {
+		 debug(81, 8) (icapService: found service %s/id=%d\n, isl_iter-services[is_iter]-name,is_iter);
+		 isl_iter-last_service_used = is_iter;
+		 return isl_iter-services[is_iter];
+	   }
+	  debug(81, 8) (icapService: found service %s/id=%d, but it's unreachable. I don't want to use it\n, isl_iter-services[is_iter]-name,is_iter);
+	  /* FIXME:luc: in response mod, if we return an NULL pointer, user can bypass
+	   * the filter, is it normal ? */
+	}
+	 } while (is_iter != isl_iter-last_service_used);
 }
 debug(81, 8) (icapService: no service found\n);
 return NULL;
--- 

RE: [squid-users] Unable to retrieve files via FTP

[Adam Engel]

At 03:26 PM 10/4/2004 +0200, Elsen Marc wrote:
 All,

 I am having trouble being able to retrieve files in the form of:

 ftp://ftp.redhat.com/pub/redhat/updates/6.2/i386/libtiff-3.5.5
-2.i386.rpm
...
What else should I look for?
 Things to take into account for IE :
 In advanced internet options :
- Disable folder view for ftp sites
- Disable show friendly error messages.
 MS has it's own idea about what 'friendly' means to
 the Internet world :-).
 M.
I added port 20, like the previous post suggested. However I am still 
unable to get files from an ftp link from a website. Because of your 
comment about Mozilla not being able to retrieve the file, I tried a 
different file from freshrpms.net. Without the 'friendly' error message, 
the page just said Done. No file was retrieved. There is nothing in the 
log files about this.  I dont see an entry in access.log either.

Anything else I am missing?
Adam

Re: [squid-users] Unable to retrieve files via FTP

[Klodian Hima]

Do yopu have any firewall or router with access-lists in front of your squid
box?
If yes, check rules on this equipments.


- Original Message - 
From: Adam Engel [EMAIL PROTECTED]
To: Squid (E-mail) [EMAIL PROTECTED]
Sent: Monday, October 04, 2004 5:12 PM
Subject: RE: [squid-users] Unable to retrieve files via FTP


 At 03:26 PM 10/4/2004 +0200, Elsen Marc wrote:

 
   All,
  
   I am having trouble being able to retrieve files in the form of:
  
   ftp://ftp.redhat.com/pub/redhat/updates/6.2/i386/libtiff-3.5.5
 -2.i386.rpm
 
  ...
  What else should I look for?
 
   Things to take into account for IE :
 
   In advanced internet options :
 
  - Disable folder view for ftp sites
  - Disable show friendly error messages.
 
   MS has it's own idea about what 'friendly' means to
   the Internet world :-).
 
   M.

 I added port 20, like the previous post suggested. However I am still
 unable to get files from an ftp link from a website. Because of your
 comment about Mozilla not being able to retrieve the file, I tried a
 different file from freshrpms.net. Without the 'friendly' error message,
 the page just said Done. No file was retrieved. There is nothing in the
 log files about this.  I dont see an entry in access.log either.

 Anything else I am missing?

 Adam






This message contains privileged and confidential information and is 
intended only for the individual named. 
If you are not the intended recepient you should not disseminate, 
distribute, store, print, copy or deliver this message. 
Please notify the sender immediately by e-mail if you have received 
this e-mail by mistake, and immediately delete this e-mail from your system

Re: [squid-users] Data-Transfer on blocked URL's?

[Henrik Nordstrom]

On Mon, 4 Oct 2004, Peter Schulz-Kraus wrote:
In access.Log every TCP/DENIED line shows
about 1400 bytes Data-Transfer.
This is the error message telling the user access was denied.
If you are using NTLM authentication you will see quite many of these due 
to the nature of the NTLM authentication protocol.

So I had 226 MB (!) TCP/DENIED-Traffic during
the last month. (200 Users)
Between the clients and your Squid yes. 0 of this is Internet traffic.
Regards
Henrik

RE: [squid-users] Unable to retrieve files via FTP

[Henrik Nordstrom]

On Mon, 4 Oct 2004, Adam Engel wrote:
I added port 20, like the previous post suggested. However I am still unable 
to get files from an ftp link from a website. Because of your comment about 
Mozilla not being able to retrieve the file, I tried a different file from 
freshrpms.net. Without the 'friendly' error message, the page just said 
Done. No file was retrieved. There is nothing in the log files about this. 
I dont see an entry in access.log either.
Is your browser configured to use the proxy for ftp:// requests?
Regards
Henrik

[squid-users] Problems with Java and NTML authenication (java.io.IOException when using NTLM authenication)

[Adam Pearse]

This message is simply to be used for searching in the future as I
have found many people asking this question and not getting a concise
answer back. This is my contribution to the problem.

Environment:
squid-2.5.STABLE5-4
samba-3.0.7

Squid is configured to use NTLM authenication for all outbound http
connections to the Internet. squid.conf contains the following:

auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 30
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 2 minutes

auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic
auth_param basic children 15
auth_param basic realm Some Domain Name
auth_param basic credentialsttl 2 hours


Problem:
If Squid is configured to use auth_param ntlm only (so auth_param
basic lines are not present or commented out, unlike the above
example), sites that use java applets such as
http://javatester.org/version.html, will error out with a
java.io.IOException in the java console. This seems to apply to older
(pre 1.4 ??) versions of java. We ran into the problem using Oracle's
JInitiator Control Panel 1.1.8.16.

Solution:
Ensure you have the following in your squid.conf

auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic
auth_param basic children 15
auth_param basic realm Some Domain Name
auth_param basic credentialsttl 2 hours

This will then prompt the user for username and password.

Please feel free to add comments to this but in attempting to
troubleshoot this particular problem, I found several people asking
the questions and no answers were given.

[squid-users] add a header to each page?

[Matt Ashfield]

Hi All

I'm wondering if the following is possible:

I'd like to place a banner at the top of all pages that are served up via my
caching server. Similar to what happens when you click on an outside link in
a hotmail message. What happens is you are taken to the page, but a hotmail
header is added to the top part of the page. 

We've tried a few things, but haven't managed to get it to work just right
yet.

Any ideas?

Thanks

Matt
[EMAIL PROTECTED]

[squid-users] Squid x AD - performace problem

[Rodrigo Delgadinho]

Hello masters,

I need a help.
I have a Squid server where the users are acessing the Internet
without authetication, and I have configured the Squid to authenticate
with Active Directory and it is working fine in the Lab environment,
but when I tryed to use during the business time I have some problems
that I guess to be just hardware limitation, but I am not sure about
that and maybe I can get a better configuration than this.

I have tried to use the follow conf:

auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 5
auth_param ntlm max_challenge_reuses 1
auth_param ntlm max_challenge_lifetime 20 minutes
auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours

external_acl_type wbinfo_group_helper  %LOGIN
/usr/local/squid/libexec/wbinfo_group.pl
acl proxy_users external wbinfo_group_helper proxy_users

acl users_AD proxy_auth REQUIRED
http_access allow user_AD proxy_users
http_access deny all

When I use the conf like that I got the follow error message:

 aclMatchExternal: 'wbinfo_group_helper' queue overload. Request rejected.
 aclMatchExternal: 'wbinfo_group_helper' queue overload. Request rejected.
 aclMatchExternal: 'wbinfo_group_helper' queue overload. Request rejected.
 WARNING: All ntlmauthenticator processes are busy.

and some users could authenticate on the AD but others had problem.
I incresed the numbers of childrens for the auth_ntlm and
external_acl gradually until the error has gone:
( I have about 4000 users).

auth_param ntlm children 50
auth_param basic children 50
external_acl_type wbinfo_group_helper ttl=900  children=125 %LOGIN
/usr/local/squid/libexec/wbinfo_group.pl

The problem after that was that de CPU utilization went to 100%, and
he users got stucked due access performace. The average proccess
number of the server went to 400. I have tryed something to decrease
the CPU utilization, as stripped the header of wbinfo, and took of
logging, but without success.
So, I did a fallback and I am figuring out how to solve that.


Thanks in advance for any help.

Rodrigo D.

Re: [squid-users] X-Authenticated-User without ICAP?

[Christoph Haas]

On Sun, Oct 03, 2004 at 11:12:12PM +0200, Henrik Nordstrom wrote:
 On Sun, 3 Oct 2004, Christoph Haas wrote:
 
 is there a patch for Squid that adds something like an
 X-Authenticated-User header to outgoing requests? I'm using a parent
 proxy that needs that information. X-Forwarded-For only seems to provide
 the IP address. I'm using LDAP authentication (so no foul tricks with
 NTLM). :)
 
 See the login= cache_peer option.

D'oh. This was too obvious for me. Using squid for six years and I still
don't know all options. :)

Thanks. This seems to save me from ICAP trouble.

 Christoph

-- 
~
~
.signature [Modified] 3 lines --100%--3,41 All

Re: [squid-users] add a header to each page?

[Christoph Haas]

On Mon, Oct 04, 2004 at 01:40:02PM -0300, Matt Ashfield wrote:
 I'd like to place a banner at the top of all pages that are served up via my
 caching server. Similar to what happens when you click on an outside link in
 a hotmail message. What happens is you are taken to the page, but a hotmail
 header is added to the top part of the page. 

Squid cannot (yet) do content-altering so you are out of luck here.
But have you looked at privoxy? It has mechanisms for doing anything you
like to the content of a page.

 Christoph

-- 
~
~
.signature [Modified] 3 lines --100%--3,41 All

Re: [squid-users] Blocking mixed URLs

[Christian Ricardo dos Santos]

Didn't work...

The squid DENY any requisition to the PERMIT sites, after remove the
character ^ of each entry from the file txtgeneral2.txt everything back to
normal...

Do I need change anything else ?

- Original Message - 
From: Andreas Pettersson [EMAIL PROTECTED]
To: Christian Ricardo dos Santos [EMAIL PROTECTED]
Cc: squid-users [EMAIL PROTECTED]
Sent: Thursday, September 30, 2004 5:58 PM
Subject: Re: [squid-users] Blocking mixed URLs


 Sorry but I am a begginer, I never ever heard about this dstdomain.

 How about this # sed 's/^/\^/' txtgeneral.txt ? I should use it instead
 http_access allow txtlan general !download ?

No no :)
sed is basically a utility used to manipulate text.
Running this (in a shell):

sed 's/^/\^/' txtgeneral.txt  txtgeneral2.txt

will add ^ in front of each line in txtgeneral.txt and put the result in
txtgeneral2.txt.
You can then use the new file in the url_regex acl.
Do not change the http_access row.

For more details regarding access control, check out
http://www.squid-cache.org/Doc/FAQ/FAQ-10.html

/Andreas

[squid-users] wbinfo_group_helper queue overload

[Rodrigo Delgadinho]

Hello guys,

I need a help.
I have a Squid server where the users are acessing the Internet
without authetication, and I have configured the Squid to authenticate
with Active Directory and it is working fine in the Lab environment,
but when I tryed to use during the business time I have some problems
that I guess to be just hardware limitation, but I am not sure about
that and maybe I can get a better configuration than this.

I have tried to use the follow conf:

auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 5
auth_param ntlm max_challenge_reuses 1
auth_param ntlm max_challenge_lifetime 20 minutes
auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours

external_acl_type wbinfo_group_helper  %LOGIN
/usr/local/squid/libexec/wbinfo_group.pl
acl proxy_users external wbinfo_group_helper proxy_users

acl users_AD proxy_auth REQUIRED
http_access allow user_AD proxy_users
http_access deny all

When I use the conf like that I got the follow error message:

 aclMatchExternal: 'wbinfo_group_helper' queue overload. Request rejected.
 aclMatchExternal: 'wbinfo_group_helper' queue overload. Request rejected.
 aclMatchExternal: 'wbinfo_group_helper' queue overload. Request rejected.
 WARNING: All ntlmauthenticator processes are busy.

and some users could authenticate on the AD but others had problem.
I incresed the numbers of childrens for the auth_ntlm and
external_acl gradually until the error has gone:
( I have about 4000 users).

auth_param ntlm children 50
auth_param basic children 50
external_acl_type wbinfo_group_helper ttl=900  children=125 %LOGIN
/usr/local/squid/libexec/wbinfo_group.pl

The problem after that was that de CPU utilization went to 100%, and
he users got stucked due access performace. The average proccess
number of the server went to 400. I have tryed something to decrease
the CPU utilization, as stripped the header of wbinfo, and took of
logging, but without success.
I would like to understand de parameters in the line
of external_acl_type. Should I use children command or concurrency ?
What is the diference ? And how ttl parameter works ?
So, I did a fallback and I wonder if I can solve it
changing my configuration.

Thanks in advance for any help.

Rodrigo D.

[squid-users] Uploading files

[Jose Costa]

Currently I´m using Squid 2.5 stable5 in Fedora Core2.
It´s a rpm upgraded using yum.

I have one access list that let all my local network
access any location.

I´m having problems uploading files to yahoo mail, for
example. I use yahoo webmail and try to attach a file
it takes a long time and do not attach it. When I
remove proxy settings from my IE it works fine and
fast.

I have a fw rule(iptables) in my squid box that let
just squid and ssh in and new, related and established
out. 

Any help or idea will be great.

Thanks.

José Costa





___ 
Yahoo! Acesso Grátis - Internet rápida e grátis. Instale o discador agora! 
http://br.acesso.yahoo.com/

[squid-users] reduce wan link traffic-- query

[Joel n.solanki]

Dear squid gurus,

I have configured squid cache server for my organization.
Idea behind this is to reduce wan link traffic so that i can utilize
that bandwidth for other new customers.

Now i want to test wheather it is reducing the overall bandwidth or not.
my squidclient mgr_client_list tell me this

HTTP: 195075 Requests, 57193 Hits ( 29%)

So i guess hits is the bandwidth saving. M i right ?
if not then plz let me know i m wrong.
I want to test wheather my wan bandwidth has reduced the traffic or not?
How do i test?

I have kept mrtg on squid cache server on both lan and wan ethernet. and
i have kept mrtg on other router connected through squid server.

monitoring it tells me some similar values so i m stuck up that my squid
is caching or not and wheather i have reduced my wan link usage.

Any ideas...
Any help will be greatly appreciated.


-- 
Joel N.Solanki
Network Administrator
Mobile: 91-9426353268
Phone No: 0265-550001/2/3/4/5 Ext: 211/212
Digtial 2 Virtual Internet Service Provider.
http://www.packetraptor.com/
http://www.d2visp.com/
Gujarat (India)

Re: [squid-users] Uploading files

[Christoph Haas]

On Mon, Oct 04, 2004 at 03:27:09PM -0300, Jose Costa wrote:
 Currently I?m using Squid 2.5 stable5 in Fedora Core2.
 It?s a rpm upgraded using yum.
 
 I have one access list that let all my local network
 access any location.
 
 I?m having problems uploading files to yahoo mail, for
 example. I use yahoo webmail and try to attach a file
 it takes a long time and do not attach it. When I
 remove proxy settings from my IE it works fine and
 fast.
 
 I have a fw rule(iptables) in my squid box that let
 just squid and ssh in and new, related and established
 out. 

Check your request_body_max_size. It defines how large requests (like in
forms (like in uploads)) may be.

You should see something in your access.log by the way that could help.

 Christoph

-- 
~
~
.signature [Modified] 3 lines --100%--3,41 All

[squid-users] AD2003 +Squid NTLM Auth.

[Michael Wray]

Authenticating Server: 2003 with Active Directory Enabled
Squid Server: FreeBSD 5.1
Samba: 3.0.7,1
Other package info in package list at bottom.

The DNS server is on the 2003 Server with the proper kerberos and ldap
entries in the DNS server. (Passes Active Directory DNS utility tests)

Responses are sent in LM, NTLM, NTLM2 when negotiated.

Signing requirements are not configured. (Choices: Enable, or not
configured).

Have read, and followed to best of my ability the squid FAQ and
winbind/nmb/samba man pages.  Things that work: All of the command line
based tests work, as you will see when you look below.  But when I try to
authenticate with a browser I get denied, and the following info in
cache.log and log.winbindd.  If I modify the permissions on
/var/db/samba/winbindd_privileged, that breaks the wbinfo tests saying that
the permissions on that file are incorrect.

Note: when I went to build samba --with-ads on freebsd it complaind about
KRB5 and asked for HEIMDAL instead...so I am actually using HEIMDAL not
KRB5, as Samba refused to compile with KRB5 but compiled fine with HEIMDAL.
Squid works great unauthenticated, but fails all auth tests when using an
actual browser.  The squid-helper passes basic auth tests from the command
line, but when using a browser such as netscape which should use BASIC auth
mode, it denies with the same messages in the logs as IE failing on
challenge/response.



-tail of access.log---

1096907971.215  4 192.168.1.110 TCP_DENIED/407 3715 GET
http://www.microsoft.com/isapi/redir.dll? - NONE/- text/html
1096908014.779  3 192.168.1.110 TCP_DENIED/407 3674 GET
http://www.microsoft.com/isapi/redir.dll? - NONE/- text/html
1096908014.840 11 192.168.1.110 TCP_DENIED/407 3701 GET
http://www.microsoft.com/isapi/redir.dll? - NONE/- text/html
1096908014.848  7 192.168.1.110 TCP_DENIED/407 3674 GET
http://www.microsoft.com/isapi/redir.dll? - NONE/- text/html
1096908017.003  7 192.168.1.110 TCP_DENIED/407 3701 GET
http://www.microsoft.com/isapi/redir.dll? - NONE/- text/html
1096908017.010  6 192.168.1.110 TCP_DENIED/407 3674 GET
http://www.microsoft.com/isapi/redir.dll? - NONE/- text/html
1096908017.487  6 192.168.1.110 TCP_DENIED/407 3701 GET
http://www.microsoft.com/isapi/redir.dll? - NONE/- text/html
1096908017.493  6 192.168.1.110 TCP_DENIED/407 3674 GET
http://www.microsoft.com/isapi/redir.dll? - NONE/- text/html
1096908018.007  6 192.168.1.110 TCP_DENIED/407 3701 GET
http://www.microsoft.com/isapi/redir.dll? - NONE/- text/html
1096908018.013  6 192.168.1.110 TCP_DENIED/407 3674 GET
http://www.microsoft.com/isapi/redir.dll? - NONE/- text/html



---



--tail of cache.log 

[2004/10/04 11:40:17, 0] utils/ntlm_auth.c:winbind_pw_check(439)
  Login for user [EMAIL PROTECTED] failed due to [winbind
client not authorized to use winbindd_pam_auth_crap.  Ensure permissions on
/var/db/samba/winbindd_privileged are set correctly.]
[2004/10/04 11:40:17, 0] utils/ntlm_auth.c:manage_squid_ntlmssp_request(612)
  NTLMSSP BH: NT_STATUS_ACCESS_DENIED
2004/10/04 11:40:17| authenticateNTLMHandleReply: Error validating user via
NTLM. Error returned 'BH NT_STATUS_ACCESS_DENIED'
[2004/10/04 11:40:18, 0] utils/ntlm_auth.c:winbind_pw_check(439)
  Login for user [EMAIL PROTECTED] failed due to [winbind
client not authorized to use winbindd_pam_auth_crap.  Ensure permissions on
/var/db/samba/winbindd_privileged are set correctly.]
[2004/10/04 11:40:18, 0] utils/ntlm_auth.c:manage_squid_ntlmssp_request(612)
  NTLMSSP BH: NT_STATUS_ACCESS_DENIED
2004/10/04 11:40:18| authenticateNTLMHandleReply: Error validating user via
NTLM. Error returned 'BH NT_STATUS_ACCESS_DENIED'




-tail of log.winbindd--

[2004/10/04 11:42:00, 0] libsmb/cliconnect.c:cli_session_setup_spnego(759)
  Kinit failed: Unknown error -1765328228
[2004/10/04 11:42:00, 0] libsmb/cliconnect.c:cli_session_setup_spnego(759)
  Kinit failed: Unknown error -1765328228
[2004/10/04 11:43:01, 1] libsmb/clikrb5.c:ads_krb5_mk_req(313)
  krb5_cc_get_principal failed (No such file or directory)
[2004/10/04 11:43:01, 0] libads/kerberos.c:ads_kinit_password(136)
  kerberos_kinit_password host/HOST@ failed: Unknown error -1765328228
[2004/10/04 11:43:01, 1] nsswitch/winbindd_ads.c:ads_cached_connection(81)
  ads_connect for domain DOMAIN failed: Unknown error -1765328228

-
- wbinfo -a   

host:~  # wbinfo -a gooduser%goodpass
plaintext password authentication succeeded
challenge/response password authentication succeeded

-

--wbinfo 

Re: [squid-users] Re: performance

[azeem ahmad]

From: Matus UHLAR - fantomas [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: [squid-users] Re: performance
Date: Sun, 3 Oct 2004 13:53:59 +0200
 azeem ahmad wrote:
  since the day i got my cache full (two partitions of 3 gb each) i m 
facing
  the problem of low speed.

On 02.10 20:29, Adam Aube wrote:
 If the proxy is slow after the cache fills up, then your system is 
likely
 running out of RAM and beginning to swap. What is the output of free?

another possibility is that he filled up the filesystem too much,
filesystems usually slow up when they are filled over 90%.
the swap is being used on my system but a little bit like upto 15MB. its a 
dual 667 pentium machine with 18GB 1RPM SCSI and 256 RD RAM. there are 
only 12 clients. is it not enough for 12 clients. there are two cache disks 
/cache1 and /cache2 both are seperate partitions of 2950MB each and free 
space is 163MB on both disks. what should i do now. i have set cache_mem 
32MB.  plz help me out
Regards
Azeem

_
Add photos to your e-mail with MSN 8. Get 2 months FREE*. 
http://join.msn.com/?page=features/featuredemail

[squid-users] Browser auto-complete and squid

[Nick]

On most web browsers have URL auto-completion. If put a single word URL 
in the location bar. If the DNS lookup fails, the browser prepends www. 
and appends .com to the name then tries again. If the new URL DNS lookup 
matches, the URL is loaded.

So, if I type in BBC into the location bar, bbc fails. The browser then 
tries www.bbc.com. This is valid. Mozilla will then take me to 
www.bbc.com (which in this case, immediately re-directs me to bbc.co.uk)

When the browser points to a caching proxy, it never fails a DNS lookup 
so the browser auto-complete never cuts in. I can't think of any browser 
level solution, however, this functionality could easily be employed at 
the caching proxy level.

I would like a way to set squid so that if it received a one-word URL, 
it first tries to resolve the URL (It may be a valid hostname on the 
local network). If resolution fails, it tries prepending www and 
appending .com to the URL. If the new URL is valid, sends a redirect to 
the web browser to the new URL. This is important where I have deployed 
a cybercafe with Squid as the caching proxy; many users expect the URL 
auto-complete to work.

Any ideas how I could add this functionality to squid would be great.

[squid-users] problem in https sites

[Subramanian Narayanan]

Hi All,
   After successfully configuring squid for NTLM
authentication. I am not able to access https
sites.ie. For the first time when I type the https URL
in the IE browser it says Invalid URL ( though the url
is correct ). And for the second time it is going
successfully after pressing the Go link in the IE.
Is there any option need to be set in squid
configuration. Anybody faced this kind of problem.Can
anybody please help me. Thanks in advance.



___
Do you Yahoo!?
Declare Yourself - Register online to vote today!
http://vote.yahoo.com

[squid-users] Re: reduce wan link traffic-- query

[Adam Aube]

Joel n.solanki wrote:

 Now i want to test wheather it is reducing the overall bandwidth or not.
 my squidclient mgr_client_list tell me this
 
 HTTP: 195075 Requests, 57193 Hits ( 29%)
 
 So i guess hits is the bandwidth saving. M i right ?

No. This is the percentage of requests, not bytes, that have been served
from the cache. For bandwidth savings, you need to measure the bytes.

I would suggest using Calamaris (linked to from the Squid website, under
Logfile Analysis). It parses your access.log and gives a variety of useful
statistics, including bandwidth savings (the byte percentage of HITs).

Adam

[squid-users] Re: problem in https sites

[Adam Aube]

Subramanian Narayanan wrote:

After successfully configuring squid for NTLM
 authentication. I am not able to access https
 sites.ie. For the first time when I type the https URL
 in the IE browser it says Invalid URL ( though the url
 is correct ). And for the second time it is going
 successfully after pressing the Go link in the IE.

Check under Internet Options - Advanced and make sure that IE is not set to
use HTTP 1.1 through proxy connections.

Adam

[squid-users] GET/PUT Question - AGAIN

[OTR Comm]

Hello,

I managed to get squid to accept a single file that I can push to it
from a MS Windows application that I am developing.

Now I am trying to send two during the same session.  But I am having
problems.

BTW: squid is listening on 216.19.43.110:3128, and my Windows platform
is pushing from 192.168.1.254

When I push the first file, squid comes back with 'HTTP/1.0 200 OK'

Using snort to monitor port 3128, I get:

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

10/04-19:06:13.740922 216.19.43.110:3128 - 192.168.1.254:2160
TCP TTL:64 TOS:0x0 ID:34359 IpLen:20 DgmLen:40 DF
***A Seq: 0x40A75EE0  Ack: 0x7701A35C  Win: 0x2DA0  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

10/04-19:06:13.744075 216.19.43.110:3128 - 192.168.1.254:2160
TCP TTL:64 TOS:0x0 ID:34360 IpLen:20 DgmLen:58 DF
***AP*** Seq: 0x40A75EE0  Ack: 0x7701A35C  Win: 0x2DA0  TcpLen: 20
48 54 54 50 2F 31 2E 30 20 32 30 30 20 4F 4B 0D  HTTP/1.0 200 OK.
0A 00..

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

10/04-19:06:13.744403 216.19.43.110:3128 - 192.168.1.254:2160
TCP TTL:64 TOS:0x0 ID:34361 IpLen:20 DgmLen:40 DF
***A***F Seq: 0x40A75EF2  Ack: 0x7701A35C  Win: 0x2DA0  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

10/04-19:06:13.744573 192.168.1.254:2160 - 216.19.43.110:3128
TCP TTL:128 TOS:0x0 ID:60795 IpLen:20 DgmLen:40 DF
***A Seq: 0x7701A35C  Ack: 0x40A75EF3  Win: 0xFADE  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

afer squid recives and caches the first file.  Then when I send the
second file, I see it go past in snort, but squid doesn't acknowledge
that it came in.  No errors, nothing shows up as I am tailing on the
cache.log (with custom debugging hooks), and nothing shows up in
store.log or access.log.  The file sizes are correct, and the 'PUT'
header contains the correct Content-Length for the second file, but it
will not cache.

What I see in snort after the second file transfers is a response back
from squid:

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

10/04-19:06:22.789730 216.19.43.110:3128 - 192.168.1.254:2160
TCP TTL:64 TOS:0x0 ID:0 IpLen:20 DgmLen:40 DF
*R** Seq: 0x40A75EF3  Ack: 0x0  Win: 0x0  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

I don't know why squid is sending back ID:0, Ack:0x0, and Win:0x0

Am I missing something that my PUSH client is suppose to send squid to
tell it to get ready for another file?

Thanks,
Murrah Boswell