Re: [squid-users] patch external_acl_fuzzy
On 26.11 17:03, Ilya wrote: By "ident-like" phrase I mean that the work of my authentication program will be similar to the work of "classic" ident (rfc 1413). So its work will base on the knowledge of src and dst ports. But the protocol of the communication between C and S will differ. ok, may I know what is the protocol, its purpose and fuinctionality? We want to develop ident-like program to authenticate our Squid users in secure manner. Something like this: Client (Squid`s external module) asks: - who is : local port, remote port : challenge Server (Users` PC) replies: - user : name : HMAC(password, challenge) Client (Squid`s external module) checks the answer and decides whether to grant access or not. I don`t what to describe all technical aspect of the developing of such communication protocol. But it is possible. And the question again: In what cases Squid patched with external_acl_fuzzy gives "0" as %SRCPORT to the external module? wbr, Ilya
Re: [squid-users] ftp access through squid - Firefox vs MSIE
Check the FTP settings in IE under Internet Options -> Advanced. Under the options, there is one called "FTP Folder View" or some thing like that. If that box is checkd ... IE bypasses the proxy settings for FTP and tries to go direct. Lovely Microsoft. Michael. Geir Fossum wrote: Hi, I have a Squid 2.5 stabel7 running on RedHat 9. Why is URL: ftp://ftp.sunet.se in Firefox 1.0 working via squid while the same address in MSIE 6 does not ? Both browsers are set up with the same proxy settings. My firewall denies ftp from all others than the server with squid. Regards, Geir Norway -- Michael Gale Lan Administrator Utilitran Corp. We will not fear the Dark Lord or his Windows product.
[squid-users] ftp access through squid - Firefox vs MSIE
Hi, I have a Squid 2.5 stabel7 running on RedHat 9. Why is URL: ftp://ftp.sunet.se in Firefox 1.0 working via squid while the same address in MSIE 6 does not ? Both browsers are set up with the same proxy settings. My firewall denies ftp from all others than the server with squid. Regards, Geir Norway -- ___ Få gratis E-postadresse hos Spray Mail! - http://mail.spray.no Powered by Outblaze
Re: AW: [squid-users] FATAL: redirect_program /usr/bin/squidguard: (1 3) Permission denied
[EMAIL PROTECTED] wrote: You may check squidguard at the commandline using a little script like this: #!/bin/sh # SG_HOME=/usr/local/squidGuard SG=/usr/local/bin/squidGuard SG_CONF=$SG_HOME/etc/squidguard.conf # LD_LIBRARY_PATH=/usr/local/BerkeleyDB.4.0/lib export LD_LIBRARY_PATH echo "http://www.google.de 10.23.20.134/- - GET" | \ $SG -c $SG_CONF -d This is a nice script, but it is only useful if the script is not run as root but as the squid user. I have managed to crash my squid twice in the middle of the day simply because I forgot to adjust the permission off the .db-files after updating the blacklist. #squidGuard -d as used by the script will just fire up squidGuard logging everything to stdout. If this fails there is no use testing it with the script above... Regards, Hendrik Voigtländer
[squid-users] Re: I have a cache directory, I am not sure if that is squid's cache directory
Yong Bong Fong wrote: > I am wondering if the cache directory I have belongs to squid. > [EMAIL PROTECTED] cache]# ls > 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F log > log-last-clean netdb_state I don't have a system running Squid handy to check, but that does appear to be a Squid cache directory. Adam
[squid-users] Re: I have a cache directory, I am not sure if that is squid's cache directory
Peter Albrecht wrote: > If you're running Linux, you can find out the name of the package to which > this cache directory belongs: > > rpm -qf /var/spool/cache You mean "If you are running a Linux distro that uses RPM". Linux != Red Hat Adam
[squid-users] 'Squid -k reconfigure' changes ownership of the swap.state file
Good day. I have squid 2.5-stable7 installed on linux 2.4.27 box (Slackware 10). When I try reconfigure squid with 'Squid -k reconfigure' it dies with this messages in cache.log: ---[cache.log start]- 2004/11/10 18:19:29| Reconfiguring Squid Cache (version 2.5.STABLE7)... 2004/11/10 18:19:29| FD 20 Closing HTTP connection FATAL: Received Segment Violation...dying. 2004/11/10 18:19:29| storeDirWriteCleanLogs: Starting... 2004/11/10 18:19:30| Finished. Wrote 43060 entries. 2004/11/10 18:19:30| Took 0.1 seconds (542194.5 entries/sec). 2004/11/10 18:19:53| Starting Squid Cache version 2.5.STABLE7 for i686-pc-linux-gnu... 2004/11/10 18:19:53| Process ID 10994 2004/11/10 18:19:53| With 1024 file descriptors available 2004/11/10 18:19:53| Performing DNS Tests... 2004/11/10 18:19:53| Successful DNS name lookup tests... 2004/11/10 18:19:53| DNS Socket created at 0.0.0.0, port 61012, FD 4 2004/11/10 18:19:53| Adding nameserver 127.0.0.1 from /etc/resolv.conf 2004/11/10 18:19:53| Adding nameserver [..cuted..] from /etc/resolv.conf 2004/11/10 18:19:53| Adding nameserver [..cuted..] from /etc/resolv.conf 2004/11/10 18:19:53| helperOpenServers: Starting 10 'squidGuard' processes 2004/11/10 18:19:54| Unlinkd pipe opened on FD 19 2004/11/10 18:19:54| Swap maxSize 512000 KB, estimated 39384 objects 2004/11/10 18:19:54| Target number of buckets: 1969 2004/11/10 18:19:54| Using 8192 Store buckets 2004/11/10 18:19:54| Max Mem size: 131072 KB 2004/11/10 18:19:54| Max Swap size: 512000 KB 2004/11/10 18:19:54| Store logging disabled 2004/11/10 18:19:54| /squid.cache/swap.state: (13) Permission denied FATAL: storeUfsDirOpenSwapLog: Failed to open swap log. Squid Cache (Version 2.5.STABLE7): Terminated abnormally. CPU Usage: 0.030 seconds = 0.020 user + 0.010 sys Maximum Resident Size: 0 KB Page faults with physical i/o: 345 ---[cache.log end]--- when I look at swap.state this file I notice that ownership has changed to "root.squid" instead of original "squid.squid". After manually change ownershp back to "squid.squid" Squid start normally. When I reconfigure it with 'squid -k shutdown ' ... 'squid' all done well. ---[squid.conf begin] cache_effective_user=squid cache_effective_user=squid cache_dir ufs /squid.cache 500 16 256 ---[squid.conf end]-- Squid configure string: ./configure --disable-wccp --disable-snmp --enable-delay-pools \ --disable-ident-lookups --prefix=/usr/local --mandir=/usr/man \ --sysconfdir=/etc/squid --localstatedir=/var/squid --enable-async-io \ --enable-err-languages='English Russian-koi8-r' Any ideas? Some help would be appreciate. Thanks in advance. -- Best regards and excuse for my English :-) Jafar Aliev usn.ru administrator
[squid-users] Squid 2.5Stable7 with NTLM -- Number of maximum children
Hello, I use Samba-3.0.8pre1 in a ADS Domain and Squid 2.5Stable7 for NTLM Authentication. With the following parameters, it works fine. auth_param ntlm children 13 auth_param ntlm max_challenge_reuses 0 auth_param ntlm max_challenge_lifetime 20 minutes auth_param ntlm program /opt/samba/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp after changing the auth_param ntlm children to 14 squid can't start. I see the following errors: Nov 26 16:45:01 squid squid[1204]: Squid Parent: child process 1206 exited due to signal 9 Nov 26 16:45:01 squid squid[1233]: Squid Parent: child process 1235 started Nov 26 16:45:01 squid (squid): Failed to create unlinkd subprocess Nov 26 16:45:01 squid squid[1233]: Squid Parent: child process 1235 exited due to signal 6 Nov 26 16:45:04 squid squid[1233]: Squid Parent: child process 1256 started Nov 26 16:45:05 squid (squid): Failed to create unlinkd subprocess Nov 26 16:45:05 squid squid[1233]: Squid Parent: child process 1256 exited due to signal 6 Nov 26 16:45:08 squid squid[1233]: Squid Parent: child process 1277 started Nov 26 16:45:08 squid (squid): Failed to create unlinkd subprocess Nov 26 16:45:08 squid squid[1233]: Squid Parent: child process 1277 exited due to signal 6 Nov 26 16:45:11 squid squid[1233]: Squid Parent: child process 1298 started Nov 26 16:45:12 squid (squid): Failed to create unlinkd subprocess Nov 26 16:45:12 squid squid[1233]: Squid Parent: child process 1298 exited due to signal 6 Nov 26 16:45:15 squid squid[1233]: Squid Parent: child process 1319 started Nov 26 16:45:15 squid (squid): Failed to create unlinkd subprocess Nov 26 16:45:15 squid squid[1233]: Squid Parent: child process 1319 exited due to signal 6 Nov 26 16:45:15 squid squid[1233]: Exiting due to repeated, frequent failures Whats wrong ? Can anyone help me? tino
[squid-users] Trouble installing squid_auth_ldap
I am having problems installing squid_auth_ldap v2.0.7 onto my FreeDSB 4.10 Release 4 machine. I already have openldap-client-2.1.30 on there. At first, the make file couldn't find some of the include files, but that seemed to be quickly solved by creating symbolic links from the /usr/local/include directory to the /usr/include diirectory. Now, I'm still failing out of the make file with the following feedback: gcc -I ../helpers -c squid_auth_ldap/main.c In file included from squid_auth_ldap/../helpers/util.h:51, from squid_auth_ldap/main.c:20: /usr/include/netdb.h:204: warning: useless keyword or type name in empty declaration /usr/include/netdb.h:204: warning: empty declaration gcc -I ../helpers -c squid_auth_ldap/ldap_utils.c gcc -I ../helpers -c squid_auth_ldap/logging.c gcc -I ../helpers -c squid_auth_ldap/readconf.c gcc -I ../helpers -c squid_auth_ldap/options.c gcc -I ../helpers -c squid_auth_ldap/tools.c gcc -I ../helpers -c helpers/rfc1738.c In file included from /usr/include/sys/types.h:48, from /usr/include/sys/time.h:40, from helpers/util.h:44, from helpers/rfc1738.c:44: /usr/include/sys/inttypes.h:12: warning: useless keyword or type name in empty declaration /usr/include/sys/inttypes.h:12: warning: empty declaration /usr/include/sys/inttypes.h:13: warning: useless keyword or type name in empty declaration /usr/include/sys/inttypes.h:13: warning: empty declaration /usr/include/sys/inttypes.h:14: warning: useless keyword or type name in empty declaration /usr/include/sys/inttypes.h:14: warning: empty declaration In file included from /usr/include/sys/time.h:40, from helpers/util.h:44, from helpers/rfc1738.c:44: /usr/include/sys/types.h:61: redefinition of `uint16_t' /usr/include/sys/inttypes.h:17: `uint16_t' previously declared here /usr/include/sys/types.h:62: redefinition of `uint32_t' /usr/include/sys/inttypes.h:18: `uint32_t' previously declared here /usr/include/sys/types.h:63: redefinition of `uint64_t' /usr/include/sys/inttypes.h:19: `uint64_t' previously declared here In file included from helpers/util.h:51, from helpers/rfc1738.c:44: /usr/include/netdb.h:204: warning: useless keyword or type name in empty declaration /usr/include/netdb.h:204: warning: empty declaration *** Error code 1 Stop in /root/squid_auth_ldap-2.0.7. I have also tried to use ldap_auth v0.2 without success. I get the following error: freebsd# ldap_auth -d -b -D cn=admin,o=organization -w password ldaps://192.168.1.2:636/o=organization ldap_auth running with debug flag! This is NOT recommended on production servers LDAP URL: ldaps://192.168.1.2:636/o=organization Options: bind dn: cn=admin,o=organization, bind pw: password, bind/userpass: bind admin password ldap_bind_s(3): Can't contact LDAP server I need to be able to authenticate Novell users on a Netware 6.5 server from squid using secure ldap (port 636). I have used web-based java programs that are able to connect to and authentication against the Novell Netware 6.5 server, so I know it works. Any help is greatly appreciated. Thanks! Carissa * Carissa Srugis [EMAIL PROTECTED]
Re: [squid-users] startup: rebuild store/delay serving requests?
On 26.11 16:05, Elsen Marc wrote: > > I see that on squid startup, is takes some time while squid > > rebuilds its > > storage and validates entries in it. > > > > What does that mean, what operations is squid doing in that time? > > - Guess like kind of 'fsck-ing' the store ; watching out > for duplicate url's. Purging such cased e.d. > > > Doesn't that make responses somewhat slower? > > As it involves io and store access is locked (swap_fail_miss), probably. Thanks for explanation. > > I have a "farm" of 3 squid caches, hidden behind L3 switch, so I have > > one IP that users connect to. If the squid is slower while rebuilding > > and validating its storage, it is possible without any harm to > > configure squid to do both actions first, and start serving requests > > later. > >% squid -h >... >-FDon't serve any requests until store is rebuilt >... Oh, my mistake: sorry. -- Matus UHLAR - fantomas, [EMAIL PROTECTED] ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Fighting for peace is like fucking for virginity...
RE: [squid-users] startup: rebuild store/delay serving requests?
> Hello, > > I see that on squid startup, is takes some time while squid > rebuilds its > storage and validates entries in it. > > What does that mean, what operations is squid doing in that time? - Guess like kind of 'fsck-ing' the store ; watching out for duplicate url's. Purging such cased e.d. > Doesn't that make responses somewhat slower? As it involves io and store access is locked (swap_fail_miss), probably. > > I have a "farm" of 3 squid caches, hidden behind L3 switch, > so I have one > IP that users connect to. If the squid is slower while rebuilding and > validating its storage, it is possible without any harm to > configure squid > to do both actions first, and start serving requests later. % squid -h ... -FDon't serve any requests until store is rebuilt ... M.
[squid-users] startup: rebuild store/delay serving requests?
Hello, I see that on squid startup, is takes some time while squid rebuilds its storage and validates entries in it. What does that mean, what operations is squid doing in that time? Doesn't that make responses somewhat slower? I have a "farm" of 3 squid caches, hidden behind L3 switch, so I have one IP that users connect to. If the squid is slower while rebuilding and validating its storage, it is possible without any harm to configure squid to do both actions first, and start serving requests later. would that have performance effect? -- Matus UHLAR - fantomas, [EMAIL PROTECTED] ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. "They say when you play that M$ CD backward you can hear satanic messages." "That's nothing. If you play it forward it will install Windows."
Re: [squid-users] FATAL: Received Segment Violation...dying.
* Dave Inabinet ([EMAIL PROTECTED]): > FreeBSD 4.10 > Squid 2.5 Stable ports build Which portversion do you use? I could not reproduce this locally, using the port's current version 2.5.7_3 (-STABLE7 plus all applicable patches) on FreeBSD 4.10. > I have blocked this site that is causing the proxy abuse message. > > When I try to browse this site - www.verschk.com - nothing comes up. > Arin shows it somewhere in Canada. Fellow colleague thinks it is a > spyware site. > > What kind of a URL could cause Squid to die like this? > > My cache_log: > 2004/11/24 08:48:30| ipcacheParse: No Address records in response to > 'entimg.msn.com' This is interesting, entimg.msn.com does resolve here: [EMAIL PROTECTED] [~] % dnsip entimg.msn.com 213.203.217.113 213.203.217.107 [EMAIL PROTECTED] [~] % dnsname `dnsip entimg.msn.com` akamai-deploy-05b.dus1.de.inetbone.net akamai-deploy-03b.dus1.de.inetbone.net > 2004/11/24 08:48:55| httpSendRequestEntryDone: Likely proxy abuse > detected '172.20.241.217' -> 'http://www.verschk.com/list. > asp' > FATAL: Received Segment Violation...dying. A patch that I think was supposed to adressed this very problem was issued on June 8 against 2.5-STABLE5; it was integrated into the FreeBSD port in version 2.5.5_9. If you run an older version of the port, this might be the problem.
Re: [squid-users] SPEED LIMIT TO 10kbps
Hi check this example: acl users src 192.168.0.1/32 #asumed 192.168.0.1 is user IP . .. http_access allow users .. .. delay_pools 1 delay_class 1 3 delay_access 1 allow users delay_access 1 deny all delay_parameters 1 -1/-1 32000/32000 1250/32000 #asumed 256 is top speed 1250=10 Kbps Gretings At 12:37 AM 11/26/2004, you wrote: hello i am new to linux. i have DSL 256CIR internet connection for 25 users and i want to access my user only 10kbps per user speed. what i ADD or EDIT in squid.conf #squid.conf acl myusers src 192.168.100.0/255.255.255.0 http_access allow myusers http_access deny all i think some delay_pool command work here but i dont have any experience about delay pools. please help me regarding this. Thankyou & best regards, Shiraz Gul Khan (03002061179) Onezero Inc.
Re: [squid-users] Squid + Iptables + MSN/Jabber problem
Hi, I am using this and it works fine. acl IT src 10.1.1.0/255.255.255.224 acl MSN_Messenger dstdomain .msgr.hotmail.com http_access allow IT MSN_Messenger http_access deny MSN_Messenger Hope it will help you. Bye. - Original Message - From: "digitalfx" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, November 26, 2004 1:31 PM Subject: [squid-users] Squid + Iptables + MSN/Jabber problem Im having a big problems to deny/allow traffic, (i mean traffic, not just web filtering) perhaps someone could clarify me some things... Squid as it says in its guides is an http proxy, so all other kind of traffic goes trought the firewall/iptables/nat.. ? Only http/ftp is "intercepted" by squid? I have supervisor users who can use msn/jabber, and operators who shouldn't use. I tried some acls from this mailing list like acl msnmessenger url_regex -i gateway.dll http_access deny msnmessenger but didnt work 100% Also tried with the acls listed in http://www.squid-cache.org/mail-archive/squid-users/200407/0210.html The main problem is that pcs with jabber can connect without any problem (it bypass squid) and msn windows pcs are blocked ONLY if the proxy settings is configured in the browser. If not, the browser can't navigate, but msn goes online. Im not using transparent cause i need auth_program line to validate users. The firewall nat im using is monmothas script, but if i block msn using iptables, ill block all my users and thats is not the idea. Other thing i dont known what im doing wrong, is i cant connect to ftps using the proxy. Thnxs, in adv. for any help. acl msnmessenger url_regex -i gateway.dll http_access deny msnmessenger acl msnlogin dstdomain nexus.passport.com http_access deny msnlogin deny_info TCP_RESET msnlogin auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/squidpasswd acl user_passwords proxy_auth REQUIRED acl avanzados proxy_auth "/etc/squid/squidpasswd" http_access deny !localnetwork http_access deny !safe_ports http_access deny prohibidos http_access allow localnetwork user_passwords !prohibidos http_access allow localhost http_access deny all # Main Options /sbin/depmod -a /sbin/modprobe ip_tables /sbin/modprobe ip_conntrack /sbin/modprobe ip_conntrack_ftp /sbin/modprobe iptable_nat /sbin/modprobe ip_nat_ftp IPTABLES="/sbin/iptables" TCP_ALLOW="22 20 21 25 110 443 80" UDP_ALLOW="68 6112 6119 4000" INET_IFACE="eth0" LAN_IFACE="eth1" INTERNAL_LAN="10.0.0.0/16" MASQ_LAN="10.0.0.0/16" SNAT_LAN="" DROP="TREJECT" DENY_ALL="" DENY_HOSTWISE_TCP="" DENY_HOSTWISE_UDP="" BLACKHOLE="" BLACKHOLE_DROP="DROP" ALLOW_HOSTWISE_TCP="" ALLOW_HOSTWISE_UDP="" TCP_FW="" UDP_FW="" MANGLE_TOS_OPTIMIZE="FALSE" DHCP_SERVER="TRUE" BAD_ICMP="5 9 10 15 16 17 18" ENABLE="Y" PROXY="10.0.0.1:8080" MY_IP="10.0.0.1 This message contains privileged and confidential information and is intended only for the individual named. If you are not the intended recepient you should not disseminate, distribute, store, print, copy or deliver this message. Please notify the sender immediately by e-mail if you have received this e-mail by mistake, and immediately delete this e-mail from your system
RE: [squid-users] Squid + Iptables + MSN/Jabber problem
> > Im having a big problems to deny/allow traffic, (i mean > traffic, not just > web > filtering) perhaps someone could clarify me some things... > > Squid as it says in its guides is an http proxy, so all other kind of > traffic goes trought the firewall/iptables/nat.. ? Only http/ftp is > "intercepted" by squid? > ... - There is nothing 'intercepted' by squid. For none-transparant setups; the user's browser must be configured to use the (squid) proxy by proxy config mechanisms albeit auto (pac file) or manual settings. - Squid can not be used as a native ftp proxy and or will not handle and certainly not intercept ftp traffic. M.
[squid-users] Squid + Iptables + MSN/Jabber problem
Im having a big problems to deny/allow traffic, (i mean traffic, not just web filtering) perhaps someone could clarify me some things... Squid as it says in its guides is an http proxy, so all other kind of traffic goes trought the firewall/iptables/nat.. ? Only http/ftp is "intercepted" by squid? I have supervisor users who can use msn/jabber, and operators who shouldn't use. I tried some acls from this mailing list like acl msnmessenger url_regex -i gateway.dll http_access deny msnmessenger but didnt work 100% Also tried with the acls listed in http://www.squid-cache.org/mail-archive/squid-users/200407/0210.html The main problem is that pcs with jabber can connect without any problem (it bypass squid) and msn windows pcs are blocked ONLY if the proxy settings is configured in the browser. If not, the browser can't navigate, but msn goes online. Im not using transparent cause i need auth_program line to validate users. The firewall nat im using is monmothas script, but if i block msn using iptables, ill block all my users and thats is not the idea. Other thing i dont known what im doing wrong, is i cant connect to ftps using the proxy. Thnxs, in adv. for any help. acl msnmessenger url_regex -i gateway.dll http_access deny msnmessenger acl msnlogin dstdomain nexus.passport.com http_access deny msnlogin deny_info TCP_RESET msnlogin auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/squidpasswd acl user_passwords proxy_auth REQUIRED acl avanzados proxy_auth "/etc/squid/squidpasswd" http_access deny !localnetwork http_access deny !safe_ports http_access deny prohibidos http_access allow localnetwork user_passwords !prohibidos http_access allow localhost http_access deny all # Main Options /sbin/depmod -a /sbin/modprobe ip_tables /sbin/modprobe ip_conntrack /sbin/modprobe ip_conntrack_ftp /sbin/modprobe iptable_nat /sbin/modprobe ip_nat_ftp IPTABLES="/sbin/iptables" TCP_ALLOW="22 20 21 25 110 443 80" UDP_ALLOW="68 6112 6119 4000" INET_IFACE="eth0" LAN_IFACE="eth1" INTERNAL_LAN="10.0.0.0/16" MASQ_LAN="10.0.0.0/16" SNAT_LAN="" DROP="TREJECT" DENY_ALL="" DENY_HOSTWISE_TCP="" DENY_HOSTWISE_UDP="" BLACKHOLE="" BLACKHOLE_DROP="DROP" ALLOW_HOSTWISE_TCP="" ALLOW_HOSTWISE_UDP="" TCP_FW="" UDP_FW="" MANGLE_TOS_OPTIMIZE="FALSE" DHCP_SERVER="TRUE" BAD_ICMP="5 9 10 15 16 17 18" ENABLE="Y" PROXY="10.0.0.1:8080" MY_IP="10.0.0.1
[squid-users] acl to deny https url from one src addy
Hi list, What's the best way to stop a particular IP address from getting access to a https url? I've tried: acl badurl url_regex ^https://bad.site/* acl badaddy src 1.2.3.4/32 http_access deny badurl badaddy and that works for plain http urls, but doesn't for httpS, presumably because of the connect method bypassing the acl? and adding http_access deny CONNECT badurl badaddy didn't fix it. Naturally I'm overlooking something? Steve
Re: [squid-users] patch external_acl_fuzzy
> >On 26.11 13:08, Ilya wrote: > >>I try to develop ident-like program. So I need to know my > >>port, remote port, my address, remote address. > On Fri, 26 Nov 2004 11:00:49 +0100 > Matus UHLAR - fantomas <[EMAIL PROTECTED]> wrote: > >why? Is there something bad with squid ident support? On 26.11 17:03, Ilya wrote: > By "ident-like" phrase I mean that the work of my > authentication program will be similar to the work of > "classic" ident (rfc 1413). So its work will base on the > knowledge of src and dst ports. But the protocol of the > communication between C and S will differ. ok, may I know what is the protocol, its purpose and fuinctionality? -- Matus UHLAR - fantomas, [EMAIL PROTECTED] ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Your mouse has moved. Windows NT will now restart for changes to take to take effect. [OK]
Re: [squid-users] patch external_acl_fuzzy
On Fri, 26 Nov 2004 11:00:49 +0100 Matus UHLAR - fantomas <[EMAIL PROTECTED]> wrote: On 26.11 13:08, Ilya wrote: I try to develop ident-like program. So I need to know my port, remote port, my address, remote address. why? Is there something bad with squid ident support? By "ident-like" phrase I mean that the work of my authentication program will be similar to the work of "classic" ident (rfc 1413). So its work will base on the knowledge of src and dst ports. But the protocol of the communication between C and S will differ. Question: I patched squid with http://devel.squid-cache.org/projects.html#external_acl_fuzzy. Squid.conf: I used parameters . %SRC %SRCPORT %MYADDR %MYPORT external_ident . Squid Version: Version 2.5.STABLE7 But in external_ident %SRCPORT is always equal to 0! Other parameters are correct. Do you have any ideas? wbr, Ilya
Re: [squid-users] patch external_acl_fuzzy
On 26.11 13:08, Ilya wrote: > I try to develop ident-like program. So I need to know my > port, remote port, my address, remote address. why? Is there something bad with squid ident support? > I patched squid with > http://devel.squid-cache.org/projects.html#external_acl_fuzzy. > > Squid.conf: I used parameters . %SRC %SRCPORT %MYADDR > %MYPORT external_ident . > Squid Version: Version 2.5.STABLE7 > > But in external_ident %SRCPORT is always equal to 0! Other > parameters are correct. > > Do you have any ideas? > > wbr, > Ilya -- Matus UHLAR - fantomas, [EMAIL PROTECTED] ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. 2B|!2B, that's a question!
Re: [squid-users] parent/sibling configuration
On 26.11 10:39, tikbalang ph wrote: > is there a way to configure squid to be a parent proxy and ms isa to > be the sibling proxy? If the ms isa does support ICP or HTCP, you can configure it as sibling. You can configure squid to be a parent proxy for squid, and for any other http proxy that supports parent proxy setting that is not somehow broken. -- Matus UHLAR - fantomas, [EMAIL PROTECTED] ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Silvester Stallone: Father of the RISC concept.
AW: [squid-users] I have a cache directory, I am not sure if that is squid's cache directory
You may find out the location of your squid.conf - maybe /usr/local/squid/etc grep cache_dir squid.confshows the cachedir of squid. Mit freundlichem Gruß/Yours sincerely Werner Rost GM-FIR - Netzwerk ZF Boge Elastmetall GmbH Friesdorfer Str. 175, 53175 Bonn, Deutschland/Germany Telefon/Phone +49 228 3825 - 420 Telefax/Fax +49 228 3825 - 398 [EMAIL PROTECTED] -Ursprüngliche Nachricht- Von: Peter Albrecht [mailto:[EMAIL PROTECTED] Gesendet: Freitag, 26. November 2004 09:04 An: [EMAIL PROTECTED] Betreff: Re: [squid-users] I have a cache directory, I am not sure if that is squid's cache directory Hello, >I am wondering if the cache directory I have belongs to squid. the > reason is because that cache directory is at the path /var/spool/cache > i.e not under the squid directory. I read from other people that most > have a cache directory under the squid directory path such as > /var/squid/cache. If you're running Linux, you can find out the name of the package to which this cache directory belongs: rpm -qf /var/spool/cache But I would say this does not look like a squid cache directory. Regards, Peter -- Peter Albrecht, Novell, [EMAIL PROTECTED]
Fwd: AW: [squid-users] I have a cache directory, I am not sure if that is squid's cache directory
I guess this should have gone to the list. -- Forwarded Message -- Subject: AW: [squid-users] I have a cache directory, I am not sure if that is squid's cache directory Date: Friday 26 November 2004 09:39 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] You may find out the location of your squid.conf - maybe /usr/local/squid/etc grep cache_dir squid.confshows the cachedir of squid. Mit freundlichem Gruß/Yours sincerely Werner Rost GM-FIR - Netzwerk ZF Boge Elastmetall GmbH Friesdorfer Str. 175, 53175 Bonn, Deutschland/Germany Telefon/Phone +49 228 3825 - 420 Telefax/Fax +49 228 3825 - 398 [EMAIL PROTECTED] -Ursprüngliche Nachricht- Von: Peter Albrecht [mailto:[EMAIL PROTECTED] Gesendet: Freitag, 26. November 2004 09:04 An: [EMAIL PROTECTED] Betreff: Re: [squid-users] I have a cache directory, I am not sure if that is squid's cache directory Hello, >I am wondering if the cache directory I have belongs to squid. the > reason is because that cache directory is at the path /var/spool/cache > i.e not under the squid directory. I read from other people that most > have a cache directory under the squid directory path such as > /var/squid/cache. If you're running Linux, you can find out the name of the package to which this cache directory belongs: rpm -qf /var/spool/cache But I would say this does not look like a squid cache directory. Regards, Peter -- Peter Albrecht, Novell, [EMAIL PROTECTED] --- -- Peter Albrecht, Novell, [EMAIL PROTECTED]
Re: [squid-users] I have a cache directory, I am not sure if that is squid's cache directory
Hello, >I am wondering if the cache directory I have belongs to squid. the > reason is because that cache directory is at the path /var/spool/cache > i.e not under the squid directory. I read from other people that most > have a cache directory under the squid directory path such as > /var/squid/cache. If you're running Linux, you can find out the name of the package to which this cache directory belongs: rpm -qf /var/spool/cache But I would say this does not look like a squid cache directory. Regards, Peter -- Peter Albrecht, Novell, [EMAIL PROTECTED]
RE: [squid-users] I have a cache directory, I am not sure if that is squid's cache directory
> Dear all, > >I am wondering if the cache directory I have belongs to squid. the > reason is because that cache directory is at the path > /var/spool/cache >... To find out the current used cache directory : use cachemgr -> Current Squid Configuration. M.
