AW: AW: [squid-users] problems with squid 2.5.Stable7 in accelera tor mode with https
Hello Henrik thanks for your help. I have changed my configuration like this: https_port 192.168.20.10:443 cert=/opt/squid/etc/cert/server.crt key=/opt/squid/etc/cert/server.pem defaultsite=exchange.testnetz.de i think defaultsite is ok. before i have modified the dns, the clients have connect with "http://exchange.testnetz.de/exchange"; the OWA. cache_peer 192.168.20.20 parent 80 0 originserver proxy-only no-query no-digest front-end-https=on login=pass 192.168.20.20 is the IP of the Exchange server (exchange.testnetz.de). My client is connecting the squid with https. Squid try to connect with port 443 (https) the Exchange server but my Exchange is listen to port 80: 09:50:50.341989 192.168.10.10.1583 > 192.168.20.20.443: S 2333132721:2333132721(0) win 5840 (DF) 09:50:50.342175 192.168.20.20.443 > 192.168.10.10.1583: R 0:0(0) ack 2333132722 win 0 I have found a patch for a similiare problem "cache_peer originserver connects to wrong port". If i try to apply this patch, i see the following errors: squid:/usr/src# ls -la total 53060 drwxrwsr-x9 root src 4096 Dec 23 10:49 . drwxr-xr-x 12 root root 4096 Nov 15 13:17 .. drwxrwxrwx 14 1012 1012 4096 Aug 16 2003 squid-3.0-PRE3 lrwxrwxrwx1 root src14 Dec 22 11:02 squid3 -> squid-3.0-PRE3 squid:/usr/src#patch -p0 < squid-3.0.PRE3-originserver_port.patch patching file squid3/src/forward.cc Hunk #1 FAILED at 576. 1 out of 1 hunk FAILED -- saving rejects to file squid3/src/forward.cc.rej squid:/usr/src# Is this patch required ? tino > > > > On Tue, 21 Dec 2004, Glatzel Tino wrote: > > > Hello Henrik, > > > > > > I have tested squid-3.0pre3 the last three days, but > without success. > > I access with the browser of my client to exchange.testnetz.de with > > https. I see the authentication dialog an with netstat -an > i see the > > connections from the client to the squid with port 443. If > i press the > > OK-Button in the authentication dialog i see a message > like: "You will > > left a secure internetconnection" if i press the OK-Button a new > > authentication dialog pops up. At the client i see the > connection with > > port 80 to the squid. My client resolves the name of the > Exchange with > > the ip of the squid. The Squid resolves the name of the > Exchange with > > the real ip-address. Squid is compiled with: > > > > ./configure --prefix=/opt/squid-3.0-PRE3 > > --exec-prefix=/opt/squid-3.0-PRE3 --enable-ssl > > --enable-x-accelerator-vary make make install > > > > squid.conf: > > > > http_port 192.168.20.10:80 accel defaultsite=exchange.testnetz.de > > > > https_port 192.168.20.10:443 accel defaultsite=exchange.testnetz.de > > protocol=http cert=/opt/squid/etc/cert/server.crt > > key=/opt/squid/etc/cert/server.pem > > Don't use protocol=.. there > > And the defaultsite=.. should be the exact name you are > requesting in the > browser, not the actual server name. > > if unsure use the vhost option in which case Squid will > automatically pick > up whatever you typed in your browser and forward this to OWA > for use when > rendering links within the OWA application. > > > cache_peer exchange.testnetz.de parent 80 0 proxy-only originserver > > forceddomain=exchange.testnetz.de front-end-https=on > > Since you accept both http and https you should use > front-end-https=auto > > Don't use forceddomain. This is only needed in a very special case > involving redundant servers needing to be called by their > explicit name. > > Regards > Henrik >
RE: [squid-users] Re: squid shuts down and syslogs complains disk space over limit but I have free disc space
> > Jim_Brouse/[EMAIL PROTECTED] wrote: > > > Squid is shutting down and syslog is reporting the following "Dec 29 > > 10:04:34 squid1 squid[7873]: WARNING: Disk space over limit: 153268 KB > > > 102400 KB > > Squid normally won't shutdown if it is over its configured disk > space limit > - it will aggressively remove objects from the cache until it is below its > configured low water mark. > > What are the contents of cache.log? > I seem to remember seeing this before. IIRC, delete the swap.state file and restart squid are you also rotating your logs often enough? Armin ___ Important Notice: Authorised Financial Services Provider Important restrictions, qualifications and disclaimers ("the Disclaimer") apply to this email. To read this click on the following address or copy into your Internet browser: http://www.absa.co.za/ABSA/EMail_Disclaimer The Disclaimer forms part of the content of this email in terms of section 11 of the Electronic Communications and Transactions Act, 25 of 2002. If you are unable to access the Disclaimer, send a blank e-mail to [EMAIL PROTECTED] and we will send you a copy of the Disclaimer.
[squid-users] SSL GATEWAYING PATCH
Is ok if I apply SSL GATEWAYING PATCH to SQUID2.5-STABLE6 in this way? Is it ok using "patch -p0" ot I have to use "patch -p1"? I'm recompiling all starting from an rpm.src packet. [EMAIL PROTECTED] BUILD]# patch -p0 < ssl-2_5.patch patching file squid/configure.in Hunk #1 succeeded at 1224 (offset -2 lines). patching file squid/src/HttpHeader.c Hunk #1 succeeded at 129 (offset -1 lines). patching file squid/src/access_log.c patching file squid/src/acl.c Hunk #1 succeeded at 101 (offset -2 lines). Hunk #2 succeeded at 188 (offset -6 lines). Hunk #3 succeeded at 270 (offset -10 lines). Hunk #4 succeeded at 699 (offset -96 lines). Hunk #5 succeeded at 925 (offset -100 lines). Hunk #6 succeeded at 1807 (offset -108 lines). Hunk #7 succeeded at 2302 (offset -112 lines). Hunk #8 succeeded at 2722 (offset -115 lines). patching file squid/src/cache_cf.c Hunk #2 succeeded at 1480 (offset -55 lines). Hunk #3 succeeded at 1546 (offset -55 lines). Hunk #4 succeeded at 2408 (offset -55 lines). Hunk #5 succeeded at 2445 (offset -55 lines). patching file squid/src/cf.data.pre Hunk #4 succeeded at 407 with fuzz 2. Hunk #5 FAILED at 511. Hunk #6 succeeded at 1744 (offset -9 lines). Hunk #7 succeeded at 2290 (offset -23 lines). 1 out of 7 hunks FAILED -- saving rejects to file squid/src/cf.data.pre.rej patching file squid/src/client_side.c Hunk #1 succeeded at 859 (offset -10 lines). Hunk #2 succeeded at 3445 (offset -56 lines). Hunk #3 succeeded at 3551 (offset -56 lines). Hunk #4 succeeded at 3776 (offset -56 lines). patching file squid/src/comm.c Hunk #1 succeeded at 589 (offset -1 lines). Hunk #2 succeeded at 629 (offset -1 lines). Hunk #3 succeeded at 659 (offset -1 lines). Hunk #4 succeeded at 673 (offset -1 lines). Hunk #5 succeeded at 693 (offset -1 lines). patching file squid/src/comm_select.c patching file squid/src/defines.h patching file squid/src/enums.h Hunk #1 succeeded at 137 (offset -2 lines). Hunk #2 succeeded at 244 (offset -3 lines). Hunk #3 succeeded at 290 (offset -3 lines). Hunk #4 succeeded at 607 (offset -4 lines). Hunk #5 succeeded at 739 (offset -4 lines). patching file squid/src/external_acl.c Hunk #1 succeeded at 93 (offset -4 lines). Hunk #2 succeeded at 106 (offset -4 lines). Hunk #3 succeeded at 261 (offset -13 lines). Hunk #4 succeeded at 336 (offset -13 lines). Hunk #5 succeeded at 589 (offset -13 lines). patching file squid/src/forward.c patching file squid/src/globals.h patching file squid/src/http.c Hunk #1 succeeded at 867 (offset -54 lines). Hunk #2 succeeded at 957 (offset -54 lines). Hunk #3 succeeded at 1032 (offset -54 lines). Hunk #4 succeeded at 1067 (offset -54 lines). patching file squid/src/mem.c patching file squid/src/peer_select.c patching file squid/src/ssl_support.c patching file squid/src/ssl_support.h patching file squid/src/structs.h Hunk #2 succeeded at 347 (offset -10 lines). Hunk #3 succeeded at 497 (offset -11 lines). Hunk #4 succeeded at 701 (offset -12 lines). Hunk #5 succeeded at 713 (offset -12 lines). Hunk #6 succeeded at 808 (offset -12 lines). Hunk #7 succeeded at 837 (offset -12 lines). Hunk #8 succeeded at 1003 (offset -12 lines). Hunk #9 succeeded at 1076 (offset -11 lines). Hunk #10 succeeded at 1347 (offset -11 lines). patching file squid/src/typedefs.h Hunk #1 succeeded at 68 with fuzz 1 (offset -1 lines). Hunk #2 succeeded at 346 (offset -2 lines). After this executing the Mandrake squid.spec other patches will pe applied: Patch0: %{name}-2.5.STABLE2-make.patch.bz2 Patch1: %{name}-2.5-config.patch.bz2 Patch2: %{name}-2.5.STABLE3-user_group.patch.bz2 Patch3: %{name}-2.5.STABLE2-ssl.patch.bz2 Patch4: %{name}-2.5.STABLE5-pipe.patch.bz2 Patch5: follow_xff-2.5.patch.bz2 Patch6: http://dansguardian.org/downloads/squid-xforward_logging.patch.bz2 Patch7: squid-2.5.STABLE5-ntlm_fetch_string.patch.bz2 Patch100: http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE6-ufs_no _valid_dir.patch.bz2 Patch101: http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE6-ldap_h elpers.patch.bz2 Patch102: http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE6-concur rent_dns_lookups.patch.bz2 Patch103: http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE6-reques t_header_max_size.patch.bz2 Patch104: http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE6-partia l_hit_is_miss.patch.bz2 Patch105: http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE6-HEAD.p atch.bz2 Patch106: http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE6-ufs_cr eate_error.patch.bz2 Patch107: http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE6-basic_ auth_caseinsensitive.patch.bz2 Patch108: http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE6-active _requests_delaypool.patch.bz2 Patch109: http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE6-client _db_gc.patch.bz2 Patch110: http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.
[squid-users] Drop url
Hi All, First of all let me explain u my scenario. My Network ---> Proxy --> Router ---> Internet All requests of port 80 are redirecting to port 8080 on proxy using the following iptables rule. iptables -t nat -A PREROUTING -s 202.125.139.0/255.255.255.0 -p tcp -m tcp --dport 80 -j REDIRECT --to-port 8080 Its working perfect. My requirement is, I don't want to redirect fpnet.galileo.com to my proxy. How I can do this and with which chain I should work. I mean FORWARD chain or PREROUTING or POSTROUTING. Thanx in advance. Regards, Tom
[squid-users] RE: transparent proxy problem
Yes, I have the hotmail fix. This seems to be a separate problem. -Original Message- From: Adam Aube [mailto:[EMAIL PROTECTED] Sent: Wednesday, December 29, 2004 10:27 PM To: squid-users@squid-cache.org Subject: Re: transparent proxy problem Tsillas, Demetrios J wrote: > The following accesses fail to show up using IE6 and transparent proxy. > These are accesses to download an attachment from a hotmail message. > The screen is blank. It works fine if I configure a non-transparent > proxy. Haven't tried it with other browsers. I'm using 2.5-stable7. Have you implemented the workaround for Hotmail problems discussed on the list over the past few days? > 1104368893.994228 192.168.128.20 TCP_MISS/302 850 GET = > http://65.54.184.250/cgi-bin/saferd/ourview.jpg? - DIRECT/65.54.184.250 > = text/html > 1104368894.375376 192.168.128.20 TCP_MISS/200 715 GET = > http://65.54.184.250/cgi-bin/getmsg/ourview.jpg? - DIRECT/65.54.184.250 > = image/jpeg These logs show an HTTP redirect and then a successful fetch. Other than the file size being rather small for an image file, nothing is amiss here. Adam
[squid-users] SQUID + SSL GATEWAYING + OutlookWebAccess REVERSE PROXY
I don't know if I have patched it correctly but now squid starts up. Could you tell me the right configuration for SQUID to ACT as an SSL REVERSE PROXY? Reading some posts I have put these values: redirect_program /usr/bin/squidGuard -c /etc/squid/squidGuard.conf https_port 443 cert=/etc/squid/key.crt key=/etc/squid/key.key httpd_accel_host owamail.cim-italia.it httpd_accel_port 0 httpd_accel_uses_host_header on never_direct allow all acl owa dstdomain owamail.cim-italia.it cache_peer_access owamail.cim-italia.it allow owa cache_peer_access owamail.cim-italia.it deny all visible_hostname owamail.cim-italia.it But squid tells me: 2004/12/30 15:09:56| squid.conf line 140: never_direct allow all 2004/12/30 15:09:56| aclParseAccessLine: ACL name 'all' not found. 2004/12/30 15:09:56| squid.conf line 140: never_direct allow all 2004/12/30 15:09:56| aclParseAccessLine: Access line contains no ACL's, skipping 2004/12/30 15:09:56| squid.conf, line 142: No cache_peer 'owamail.cim-italia.it' 2004/12/30 15:09:56| squid.conf, line 143: No cache_peer 'owamail.cim-italia.it' Please help me Thanks a lot Regards Michele -Original Message- From: Ratti Michele [mailto:[EMAIL PROTECTED] Sent: Thursday, December 30, 2004 2:25 PM To: squid-users@squid-cache.org Cc: Henrik Nordstrom Subject: [squid-users] SSL GATEWAYING PATCH Is ok if I apply SSL GATEWAYING PATCH to SQUID2.5-STABLE6 in this way? Is it ok using "patch -p0" ot I have to use "patch -p1"? I'm recompiling all starting from an rpm.src packet. [EMAIL PROTECTED] BUILD]# patch -p0 < ssl-2_5.patch patching file squid/configure.in Hunk #1 succeeded at 1224 (offset -2 lines). patching file squid/src/HttpHeader.c Hunk #1 succeeded at 129 (offset -1 lines). patching file squid/src/access_log.c patching file squid/src/acl.c Hunk #1 succeeded at 101 (offset -2 lines). Hunk #2 succeeded at 188 (offset -6 lines). Hunk #3 succeeded at 270 (offset -10 lines). Hunk #4 succeeded at 699 (offset -96 lines). Hunk #5 succeeded at 925 (offset -100 lines). Hunk #6 succeeded at 1807 (offset -108 lines). Hunk #7 succeeded at 2302 (offset -112 lines). Hunk #8 succeeded at 2722 (offset -115 lines). patching file squid/src/cache_cf.c Hunk #2 succeeded at 1480 (offset -55 lines). Hunk #3 succeeded at 1546 (offset -55 lines). Hunk #4 succeeded at 2408 (offset -55 lines). Hunk #5 succeeded at 2445 (offset -55 lines). patching file squid/src/cf.data.pre Hunk #4 succeeded at 407 with fuzz 2. Hunk #5 FAILED at 511. Hunk #6 succeeded at 1744 (offset -9 lines). Hunk #7 succeeded at 2290 (offset -23 lines). 1 out of 7 hunks FAILED -- saving rejects to file squid/src/cf.data.pre.rej patching file squid/src/client_side.c Hunk #1 succeeded at 859 (offset -10 lines). Hunk #2 succeeded at 3445 (offset -56 lines). Hunk #3 succeeded at 3551 (offset -56 lines). Hunk #4 succeeded at 3776 (offset -56 lines). patching file squid/src/comm.c Hunk #1 succeeded at 589 (offset -1 lines). Hunk #2 succeeded at 629 (offset -1 lines). Hunk #3 succeeded at 659 (offset -1 lines). Hunk #4 succeeded at 673 (offset -1 lines). Hunk #5 succeeded at 693 (offset -1 lines). patching file squid/src/comm_select.c patching file squid/src/defines.h patching file squid/src/enums.h Hunk #1 succeeded at 137 (offset -2 lines). Hunk #2 succeeded at 244 (offset -3 lines). Hunk #3 succeeded at 290 (offset -3 lines). Hunk #4 succeeded at 607 (offset -4 lines). Hunk #5 succeeded at 739 (offset -4 lines). patching file squid/src/external_acl.c Hunk #1 succeeded at 93 (offset -4 lines). Hunk #2 succeeded at 106 (offset -4 lines). Hunk #3 succeeded at 261 (offset -13 lines). Hunk #4 succeeded at 336 (offset -13 lines). Hunk #5 succeeded at 589 (offset -13 lines). patching file squid/src/forward.c patching file squid/src/globals.h patching file squid/src/http.c Hunk #1 succeeded at 867 (offset -54 lines). Hunk #2 succeeded at 957 (offset -54 lines). Hunk #3 succeeded at 1032 (offset -54 lines). Hunk #4 succeeded at 1067 (offset -54 lines). patching file squid/src/mem.c patching file squid/src/peer_select.c patching file squid/src/ssl_support.c patching file squid/src/ssl_support.h patching file squid/src/structs.h Hunk #2 succeeded at 347 (offset -10 lines). Hunk #3 succeeded at 497 (offset -11 lines). Hunk #4 succeeded at 701 (offset -12 lines). Hunk #5 succeeded at 713 (offset -12 lines). Hunk #6 succeeded at 808 (offset -12 lines). Hunk #7 succeeded at 837 (offset -12 lines). Hunk #8 succeeded at 1003 (offset -12 lines). Hunk #9 succeeded at 1076 (offset -11 lines). Hunk #10 succeeded at 1347 (offset -11 lines). patching file squid/src/typedefs.h Hunk #1 succeeded at 68 with fuzz 1 (offset -1 lines). Hunk #2 succeeded at 346 (offset -2 lines). After this executing the Mandrake squid.spec other patches will pe applied: Patch0: %{name}-2.5.STABLE2-make.patch.bz2 Patch1: %{name}-2.5-config.patch.bz2 Patch2: %{name}-2.5.STABLE3-user_group.patch.bz2 Patch3: %{name}-2.5.STABLE2-ssl.patch.bz2 Patch4:
Re: AW: AW: [squid-users] problems with squid 2.5.Stable7 in accelera tor mode with https
On Thu, 30 Dec 2004, Glatzel Tino wrote: i think defaultsite is ok. before i have modified the dns, the clients have connect with "http://exchange.testnetz.de/exchange"; the OWA. The defaultsite should be the name clients should use to connect to the accelerator. cache_peer 192.168.20.20 parent 80 0 originserver proxy-only no-query no-digest front-end-https=on login=pass Ok. 192.168.20.20 is the IP of the Exchange server (exchange.testnetz.de). My client is connecting the squid with https. Squid try to connect with port 443 (https) the Exchange server but my Exchange is listen to port 80: Make sure you use a current snapshot release of Squid-3. The old developer pre release 3.0.PRE3 is obsolete and is having too many problems to mention. Regards Henrik
[squid-users] Re: SSL GATEWAYING PATCH
On Thu, 30 Dec 2004, Ratti Michele wrote: Is ok if I apply SSL GATEWAYING PATCH to SQUID2.5-STABLE6 in this way? The ssl update patch is for the current version of Squid-2.5 around the date the patch was generated (show at the top of the patch). It is very unlikely the patch will apply cleanly to 2.5.STABLE6. But it should apply cleanly to 2.5.STABLE7 with most patches or the current squid-2.5 nightly snapshots. Regards Henrik
Re: [squid-users] SQUID + SSL GATEWAYING + OutlookWebAccess REVERSE PROXY
On Thu, 30 Dec 2004, Ratti Michele wrote: redirect_program /usr/bin/squidGuard -c /etc/squid/squidGuard.conf Why are you using squidGuard if this is to be a reverse proxy? https_port 443 cert=/etc/squid/key.crt key=/etc/squid/key.key ok. httpd_accel_host owamail.cim-italia.it ok. httpd_accel_port 0 why? Should most likely be 80. httpd_accel_uses_host_header on ok. never_direct allow all ok. acl owa dstdomain owamail.cim-italia.it cache_peer_access owamail.cim-italia.it allow owa cache_peer_access owamail.cim-italia.it deny all visible_hostname owamail.cim-italia.it There should be a cache_peer definition of owamail.cim-italia.it as well. But squid tells me: 2004/12/30 15:09:56| squid.conf line 140: never_direct allow all 2004/12/30 15:09:56| aclParseAccessLine: ACL name 'all' not found. Exacly what it says. You need to define the 'all' acl before you can use it. Should be defined as acl all src 0.0.0.0/0 2004/12/30 15:09:56| squid.conf, line 142: No cache_peer 'owamail.cim-italia.it' What it says. You haven't defined the owamail.cim-italia.it peer for Squid to use. Regards Henrik
RE: [squid-users] Re: Squid Error: No Running Copy
On Wed, 29 Dec 2004, Hansrod wrote: Dec 28 16:52:27 localhost (squid): Could not find any nameservers. Please check your /etc/resolv.conf file or use the 'dns_nameservers' option in squid.conf. Have you done the above? Regards Henrik
Re: [squid-users] Drop url
On Thu, 30 Dec 2004, Tom Frankus wrote: My requirement is, I don't want to redirect fpnet.galileo.com to my proxy. How I can do this and with which chain I should work. I mean FORWARD chain or PREROUTING or POSTROUTING. PREROUTING, but ACCEPT:ing the traffic before the REDIRECT rule. Regards Henrik
[squid-users] Cache refresh after edit using Zope
I am using Squid in accelerator mode to cache complex pages generated by Zope. I use a combination of Python and DTML to update individual database records. This Method ends with a redirect to the publicly viewable page that has just been modified, however to view my changes I need to force a refresh manually using . Could Zope somehow tell Squid to perform the refresh? Or could an acl be used to specify this? __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Re: [squid-users] Re: SSL Reverse Proxy to Exchange 2003 OWA
Dear Squid GURU, There are many such error meessages in cache.log. SQUID does not shut down with each such message. I see at least 15-16 such eeror messages after which squid is stopped. I am sure no body issued "Control-C" though I was starting squid with -DYNCd3 options. I have tried starting squid like /usr/local/squid/sbin/squid but no process starts. I could start squid with -N option only. Though in squid-2.5STABLE7 I could start squid only with ./squid command. Am I doing anything wrong? Attaching squid.conf. Please see the cahce.log entries (summarised)- 2004/12/29 12:53:26| clientNegotiateSSL: Error negotiating SSL connection on FD 91: error::lib(0):func(0):reason(0) (5/0) FATAL: Received Segment Violation...dying. 2004/12/29 14:55:27| storeDirWriteCleanLogs: Starting... 2004/12/29 14:55:27| WARNING: Closing open FD 11 2004/12/29 14:55:27| Finished. Wrote 6 entries. 2004/12/29 17:14:05| storeLateRelease: released 0 objects FATAL: Received Segment Violation...dying. 2004/12/29 21:12:40| storeDirWriteCleanLogs: Starting... 2004/12/29 21:12:40| WARNING: Closing open FD 11 2004/12/29 21:12:40| Finished. Wrote 6 entries 2004/12/30 19:39:36| clientNegotiateSSL: Error negotiating SSL connection on FD 15: error::lib(0):func(0):reason(0) (5/-1) 2004/12/30 19:46:40| Preparing for shutdown after 1285 requests 2004/12/30 19:46:40| Waiting 0 seconds for active connections to finish 2004/12/30 19:46:40| FD 11 Closing HTTP connection 2004/12/30 19:46:40| FD 12 Closing HTTP connection 2004/12/30 19:46:41| Shutting down... 2004/12/30 19:46:41| FD 13 Closing ICP connection 2004/12/30 19:46:41| Closing unlinkd pipe on FD 9 Please help to solve this problem. Rakesh Jha - Original Message - From: "Henrik Nordstrom" <[EMAIL PROTECTED]> To: "Rakesh Kumar" <[EMAIL PROTECTED]> Cc: ; "Henrik Nordstrom" <[EMAIL PROTECTED]> Sent: Tuesday, December 28, 2004 04:12 PM Subject: [squid-users] Re: SSL Reverse Proxy to Exchange 2003 OWA > > > On Tue, 28 Dec 2004, Rakesh Kumar wrote: > > > With Squid-3 I have strated working well with OWA but now facing another > > problem. After some two-three conenction I am getting following error in > > cache.log - > > > > 2004/12/28 12:42:11| clientNegotiateSSL: Error negotiating SSL connection on > > FD > > 36: error::lib(0):func(0):reason(0) (5/0) > > This is usually seen when the client aborts the connection during the > initial SSL negotiations. > > > 2004/12/28 12:43:17| Preparing for shutdown after 236 requests > > This is someone terminating Squid, either with "Control-C" if run > interactively or by "squid -k shutdown". > > Regards > Henrik > begin 666 rkjsquid.txt M:'1T<%]P;W)T([EMAIL PROTECTED] -"FAT='!S7W!O<[EMAIL PROTECTED]>CHT-#,@9&5F875L M='-I=&4];6%I;"YX>7HN8V]M('!R;W1O8V]L/6AT=' @8V5R=#TO=7-R+VQO M#0IC86PO'EZ+F-O;2YC'EZ+F-O;2YK97D-"@T*'EZ+F-O;2!P M87)E;[EMAIL PROTECTED] @,"!N;RUQ=65R>2!P2UO;FQY(&]R:6=I;G-E5]S M=&]P;&ES="!C9VDM8FEN(#\-"@T*86-L(%%515)9('5R;'!A=&A?2!1545260T*#0IC86-H95]D:7(@ M=69S("]U'DM8V%C:&EN M9R!W96(@2 A4V%F95]P;W)T2!#3TY.14-4("%34TQ?<&]R=',-"@T*:'1T<%]A8V-E2!A;&P-"@T*:'1T<%]R97!L>5]A8V-E
[squid-users] Hotmail problems
I have tried the posted fix for the recent hotmail problems, but squid gives an error with the header command. I must have an old version of squid. Its on a cacheraq from sun/cobalt. Is there a way to fix this issue with older versions of squid? tony
[squid-users] Re: Hotmail problems
Tony Loosle wrote: > I have tried the posted fix for the recent hotmail problems, but squid > gives an error with the header command. > > I must have an old version of squid. Its on a cacheraq from sun/cobalt. > > Is there a way to fix this issue with older versions of squid? What version of Squid? Solutions have been posted for 2.5 and 2.4. Adam
[squid-users] Explanation for TAG's
Hello, I wolud like to know detail information regardig the following TAG's in Squid 3.0 Pre 3. 1. ssl_engine 2. sslproxy_cipher What does these TGA's meant for and how to be used. Provide me with some examples. Thanks, Ramesh M.
RE: [squid-users] Re: Squid Error: No Running Copy
Hi Thomas, I managed to get the squid service started (it was the n/w cable that was faulty!) - anyway I have configured squid & it works fine on the local machine but I cannot connect to the net on another WinME machine (I have configured this machine to connect through a proxy server in the Internet Explorer settings)- is there something that I am missing? Below is the configuration of my squid.conf file:- #Recommended minimum configuration: auth_param basic children 5 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hours #Suggested default: refresh_pattern ^ftp: 144020% 10080 refresh_pattern ^gopher:14400% 1440 refresh_pattern . 0 20% 4320 #Examples: #acl myexample dst_as 1241 #acl password proxy_auth REQUIRED #acl fileupload req_mime_type -i ^multipart/form-data$ #acl javascript rep_mime_type -i ^application/x-javascript$ #Recommended minimum configuration: acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 563 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 563 # https, snews acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT http_access allow all # Only allow cachemgr access from localhost #http_access allow manager localhost #http_access deny manager # Deny requests to unknown ports #http_access deny !Safe_ports # Deny CONNECT to other than SSL ports #http_access deny CONNECT !SSL_ports #http_access allow localhost #http_access deny all #Allow ICP queries from everyone icp_access allow all # Leave coredumps in the first cache dir coredump_dir /var/spool/squid I am using a ADSL connection & have setup PPP to connect & that works fine. Also I am using to connect to MSN messenger & that works fine but Yahoo messenger does'nt seem to connect! Any ideas on this? Thanks. -Original Message- From: Thomas Ristic [mailto:[EMAIL PROTECTED] Sent: 28 December 2004 10:46 AM To: Hansrod Cc: squid-users@squid-cache.org Subject: Re: [squid-users] Re: Squid Error: No Running Copy Am Di, den 28.12.2004 schrieb Hansrod um 9:00: > Hi guys, > > I have installed Fedora Core 2 & squid with it. However squid does not > start-up, I have tried all the ways, even tried the mailing posts but they > suggest a .pid file missing, which I searched for using the 'ps' command yet > there is no trace of it in the system, I even did a file search, but > nothing! I have even re-installed the OS on another machine & also on the > same machine but still the problem persists. Can anyone help me on this? Are there any errors during the installation of the squid rpm? What ist the output of "/sbin/service squid start"? What is written to "/var/log/messages" during the execution of "/sbin/service squid start"? What is the output of "/sbin/service squid status" after the start? Maybe the fedora-users list would be a better place for questions like this anyways... Regards Thomas -- No virus found in this incoming message. Checked by AVG Anti-Virus. Version: 7.0.296 / Virus Database: 265.6.5 - Release Date: 2004/12/26 -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.296 / Virus Database: 265.6.6 - Release Date: 2004/12/28