RE: [squid-users] diskd
I am using the squid originally installed with my Fedora Club 3. So I don't know if diskd is active. I am interested on it since I read squid FAQ's recomending it. Use cachemgr - Current Squid Configuration. Check the store method used for the define cache dirs. On Linux aufs behaves better then diskd. M.
RE: [squid-users] Local cache skipped; always goes to parent
It appears that my local cache is completely bypassed in favor of a parent proxy. I need to have my Squid (v2.5S7 + patches) call a parent proxy for authentication. After making what seemed to be reasonable additions to my squid.conf file, I find that I can in fact run through the parent proxy, but that the local cache is not used at all. These are the lines added to my config: cache_peer proxy.domain.tld parent 1080 7 no-query login=myname:mypass acl allsrc src 0.0.0.0/0.0.0.0 never_direct allow allsrc Basically I want the parent cache to be called for any objects that can't be satisfied from the local cache, and that the objects gotten from the parent be cached locally. ... That should happen in this case. Why do you think (proof) that this does not happen ? M.
Re: [squid-users] A question regarding request retries
Henrik, HTTP does not allow proxies to retry POST requests and requires proxies to retry failed GET request. Thanks for your info. I should have looked into the protocol by myself... shame on me! Regards, Ken Sugawara [EMAIL PROTECTED] Linux @ IBM http://www-6.ibm.com/jp/linux/
[squid-users] header_parsing.patch
Hello, I have a question about last patch to 2.5-STABLE7: squid-2.5.STABLE7-header_parsing.patch When I applied it squid periodically exit with errors: 2005/01/25 09:24:41| assertion failed: HttpHeader.c:664: strBuf(s) 2005/01/25 10:59:28| assertion failed: HttpHeader.c:532: 0 2005/01/25 11:00:27| assertion failed: HttpHeader.c:532: 0 2005/01/25 11:24:46| assertion failed: HttpHeaderTools.c:184: list m 2005/01/25 11:25:01| assertion failed: MemBuf.c:197: mb buf sz = 0 2005/01/25 11:31:05| assertion failed: HttpHeader.c:532: 0 2005/01/25 11:50:24| assertion failed: HttpHeaderTools.c:184: list m Without this patch works fine...
Re: [squid-users] Help about delay pool
On Sat, 22 Jan 2005, ansari imtiyaz ahmed khadim husain wrote: Hi Henrick... Can you tell me about the concept of Dynamic Delay Pools. Is it this you refer to? http://2002.iwcw.org/slides/dias.ppt http://www.squid-cache.org/mail-archive/squid-dev/200307/0033.html http://www.cse.mrt.ac.lk/~sumith/msc.htm Regards Henrik
Re: [squid-users] Re: Show a message -- then redirect
On Sun, 23 Jan 2005, [ISO-8859-1] paul kölle wrote: Interception proxying requires you to act as if you were the web server, so you must reconstruct the full URL from the pieces found in the request and connection In principle the data you have are: * Real destination IP address from the connection * URL-Path from the request method * Requested hostname from the Host header if there is one. The odd thing is, the URL-Path seems different if I use REDIRECT and do not configure the client (I'm not getting http://server.tld/path/mysite.html, just /path/mysite.html) This is normal and expected. Read what I said above again. A URL-Path is only the component after the hostname, not a complete URL. Regards Henrik
Re: [squid-users] Problem with FTP upload through squid : truncated files
On Mon, 24 Jan 2005, Henri Walazo wrote: First I download from ftp.redhat.com the file abiword-1.0.4-2.i386.rpm (4.98 MB) (in binary mode) I get this line in access.log : 1106558551.810 14298 192.168.1.3 TCP_MISS/200 5232437 CONNECT ftp.redhat.com:14954 - DIRECT/209.132.176.30 - [Host: ftp.redhat.com:14954\r\n] [] Argh! Whoever wrote this client deserves to be shot in the head. This is serious abuse of the HTTP proxy protocol, and no proxy administrator in his sane mind should allow this unrestricted tunneling of non-HTTP protocols via a HTTP proxy using the CONNECT method. If you want this kind of functionality you SHOULD install a Socks proxy next to Squid (can use the same server with no problem). Using the HTTP proxy CONNECT method for this is both bad and plain stupid approach to the problem. The HTTP proxy protocol does have native support for FTP gatewaying, including the ability to upload files. This involves using the normal GET/PUT HTTP methods via the proxy on ftp:// URLs, not opening transparent tunnels on wild ports using the CONNECT method. There is very good reasons why the default squid.conf shipped with squid explicitly denies this kind of use of the CONNECT method. Regards Henrik
Re: [squid-users] Miscutil required to compile NTLM fakeauth
On Mon, 24 Jan 2005, Oliver Hookins wrote: Sorry if this is a real easy one... I've been trying to compile the NTLM fakeauth helper and it keeps spitting the dummy saying I don't have Miscutil. It's in the lib directory of the Squid source distribution.. cd lib make all cd ../helpers/... make Regards Henrik
Re: [squid-users] Two content-length header failure
On Mon, 24 Jan 2005, Irfan DP wrote: So, is there no way to workaround this problem ? Talk to the site administrator and convince them to have their web server fixed to reply with sane HTTP responses. The response from their server seriously malformed and can not be processed in a meaningful manner. |The response has conflicting content-length headers, and since |content-length is crucial and tells how large the response is Squid can |not deduce what the server actually meant. Regards Henrik
Re: [squid-users] squid and IIS autenthication
On Mon, 24 Jan 2005 [EMAIL PROTECTED] wrote: on some our intranet servers are IIS-servers with intranet pages... and they request windows autentication from domain (when is user logged in 2003 domain to send his credentials from windows..) is some way to learn squid this? See the Squid FAQ on how to configure Squid authentication using winbind. Regards Henrik
Re: [squid-users] URL too large workaround
On Mon, 24 Jan 2005, Irfan DP wrote: dear Hendrik, This is just example the type of URL that have been ruled-out because URL is too big too handle by squid. But, I denied anyway. It might be a kind of worm or anything else. 1106552354.109 4685 202.xxx.xxx.123 TCP_DENIED/400 65598 SEARCH http://202.xxx.xxx.194:80/%90%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c 9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9% c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%! c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9% c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9 %c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9%c9!
[squid-users] M ULTI UPLINK CACHE
HAS ANY ONE HERE TRIED TO DOA MULTI UPLINK CACHE I.E SQUID CONNECTED TO TWO ISPS OR TWO VSAT CONNECTIONS ON THE EXTERNAL SIDE AND TWO INTERNAL NETWORKS 192.XXX.XXX.0 AND 10.XXX.XXX.0 ANY POINTERS TO FAQS OR HOWTOS WILL BE HIGHLY APPRICIATED RAHUL T. KARTHA IT COMMUNICATIONS NCC/AARSLEFF JOINT VENTURE TANZANIA MOROGORO - +255 (0) 23 2601196 +255 748 676713
Re: [squid-users] header_parsing.patch
On Tue, 25 Jan 2005 [EMAIL PROTECTED] wrote: When I applied it squid periodically exit with errors: 2005/01/25 09:24:41| assertion failed: HttpHeader.c:664: strBuf(s) 2005/01/25 11:00:27| assertion failed: HttpHeader.c:532: 0 2005/01/25 11:24:46| assertion failed: HttpHeaderTools.c:184: list m 2005/01/25 11:25:01| assertion failed: MemBuf.c:197: mb buf sz = 0 Without this patch works fine... Ouch.. Can you please try if you get the same with a nightly snapshot? And did you remember a make clean after applying the patch? Regards Henrik
Re: [squid-users] Enforcing Refresh patterns
What version of squid are you using? Native Squid 2.5.STABLE7 under Windows XP C:\squid\sbinsquid -v Squid Cache: Version 2.5.STABLE7-NT configure options: --enable-win32-service --enable-underscores --enable-storeio='ufs awin32 null' --enable-removal-policies='heap lru' --enable-snmp --enable-htcp --disable-wccp --enable-useragent-log --enable-referer-log --enable-auth='basic ntlm digest' --enable-basic-auth-helpers='LDAP ncsa_auth win32_locallogon' --enable-ntlm-auth-helpers=NTLMSSP-WIN32 --enable-external-acl-helpers='win32_group ldap_group' --prefix=c:/squid Compiled as Windows System Service. Can you post the full section out of your access.log, of a request where this happens, with log_mime_hdrs on (Just post 1 request logged) Here is a simple web page request, for the image - just search for edit.gif. 1106658618.290 1015 127.0.0.1 TCP_MISS/200 7944 GET http://10.10.10.100:7778/pob/servlet/Controler? - DIRECT/10.10.10.100 text/html [Accept: */*\r\nAccept-Language: bg\r\nPragma: no-cache\r\nUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)\r\nHost: 10.10.10.100:7778\r\nProxy-Connection: Keep-Alive\r\nCookie: JSESSIONID=0524d2c335214438bc8e9353b54b419b.rAzOpRbCmhCNa30Lcybtah0Iah0Iah0Iah0K-xnyb6aL-AnAc3uRaxaPn38I-huKa30xml1KqR9Q-BnDr6XNo64IqR1zmRfMrkOIp6XxmkKxaxiSaNqTawbKpQ8xq6Xw8QfznA5Pp7ftolbGmkTy\r\n] [HTTP/1.1 200 OK\r\nDate: Tue, 25 Jan 2005 13:10:17 GMT\r\nCache-Control: private\r\nServer: Oracle9iAS/9.0.2 Oracle HTTP Server Oracle9iAS-Web-Cache/9.0.2.0.0 (N)\r\nContent-Length: 7428\r\nContent-Type: text/html; charset=windows-1251\r\nSet-Cookie: JSESSIONID=0524d2c335214438bc8e9353b54b419b.rAzOpRbCmhCNa30Lcybtah0Iah0Iah0Iah0K-xnyb6aL-AnAc3uRaxaPn38I-huKa30xml1KqR9Q-BnDr6XNo64IqR1zmRfMrkOIp6XxmkKxaxiSaNqTawbKpQ8xq6Xw8QfznA5Pp7ftolbGmkTy; Path=/\r\nConnection: Close\r\n\r] 1106658618.322 47 127.0.0.1 TCP_MISS/304 302 GET http://10.10.10.100:7778/pob/styles/styles2.css - DIRECT/10.10.10.100 application/octet-stream [Accept: */*\r\nReferer: http://10.10.10.100:7778/pob/servlet/Controler?control=NewFormDOC_DEF_ID=13\r\nAccept-Language: bg\r\nPragma: no-cache\r\nIf-Modified-Since: Wed, 19 Jan 2005 08:01:14 GMT; length=6740\r\nUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)\r\nHost: 10.10.10.100:7778\r\nProxy-Connection: Keep-Alive\r\nCookie: JSESSIONID=0524d2c335214438bc8e9353b54b419b.rAzOpRbCmhCNa30Lcybtah0Iah0Iah0Iah0K-xnyb6aL-AnAc3uRaxaPn38I-huKa30xml1KqR9Q-BnDr6XNo64IqR1zmRfMrkOIp6XxmkKxaxiSaNqTawbKpQ8xq6Xw8QfznA5Pp7ftolbGmkTy\r\n] [HTTP/1.1 304 Not Modified\r\nDate: Tue, 25 Jan 2005 13:10:18 GMT\r\nCache-Control: private\r\nServer: Oracle9iAS/9.0.2 Oracle HTTP Server Oracle9iAS-Web-Cache/9.0.2.0.0 (N)\r\nContent-Length: 0\r\nContent-Type: application/octet-stream\r\nConnection: Close\r\n\r] 1106658618.322 47 127.0.0.1 TCP_MISS/304 302 GET http://10.10.10.100:7778/pob/styles/calendar.css - DIRECT/10.10.10.100 application/octet-stream [Accept: */*\r\nReferer: http://10.10.10.100:7778/pob/servlet/Controler?control=NewFormDOC_DEF_ID=13\r\nAccept-Language: bg\r\nPragma: no-cache\r\nIf-Modified-Since: Wed, 19 Jan 2005 08:01:14 GMT; length=4765\r\nUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)\r\nHost: 10.10.10.100:7778\r\nProxy-Connection: Keep-Alive\r\nCookie: JSESSIONID=0524d2c335214438bc8e9353b54b419b.rAzOpRbCmhCNa30Lcybtah0Iah0Iah0Iah0K-xnyb6aL-AnAc3uRaxaPn38I-huKa30xml1KqR9Q-BnDr6XNo64IqR1zmRfMrkOIp6XxmkKxaxiSaNqTawbKpQ8xq6Xw8QfznA5Pp7ftolbGmkTy\r\n] [HTTP/1.1 304 Not Modified\r\nDate: Tue, 25 Jan 2005 13:10:18 GMT\r\nCache-Control: private\r\nServer: Oracle9iAS/9.0.2 Oracle HTTP Server Oracle9iAS-Web-Cache/9.0.2.0.0 (N)\r\nContent-Length: 0\r\nContent-Type: application/octet-stream\r\nConnection: Close\r\n\r] 1106658618.322 32 127.0.0.1 TCP_MISS/304 216 GET http://10.10.10.100:7778/pob/javascript/autolist.js - DIRECT/10.10.10.100 - [Accept: */*\r\nReferer: http://10.10.10.100:7778/pob/servlet/Controler?control=NewFormDOC_DEF_ID=13\r\nAccept-Language: bg\r\nPragma: no-cache\r\nIf-Modified-Since: Wed, 19 Jan 2005 08:01:14 GMT; length=1922\r\nUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)\r\nHost: 10.10.10.100:7778\r\nProxy-Connection: Keep-Alive\r\nCookie: JSESSIONID=0524d2c335214438bc8e9353b54b419b.rAzOpRbCmhCNa30Lcybtah0Iah0Iah0Iah0K-xnyb6aL-AnAc3uRaxaPn38I-huKa30xml1KqR9Q-BnDr6XNo64IqR1zmRfMrkOIp6XxmkKxaxiSaNqTawbKpQ8xq6Xw8QfznA5Pp7ftolbGmkTy\r\n] [HTTP/1.1 304 Not Modified\r\nDate: Tue, 25 Jan 2005 13:10:18 GMT\r\nAllow: GET, HEAD\r\nServer: Oracle9iAS-Web-Cache/9.0.2.0.0\r\nContent-Length: 0\r\nKeep-Alive: timeout=0, max=999\r\n\r] 1106658618.353 31 127.0.0.1 TCP_MISS/304 216 GET http://10.10.10.100:7778/pob/javascript/functions.js - DIRECT/10.10.10.100 - [Accept: */*\r\nReferer:
Re: [squid-users] header_parsing.patch
On Tue, 25 Jan 2005, Henrik Nordstrom wrote: On Tue, 25 Jan 2005 [EMAIL PROTECTED] wrote: When I applied it squid periodically exit with errors: 2005/01/25 09:24:41| assertion failed: HttpHeader.c:664: strBuf(s) 2005/01/25 11:00:27| assertion failed: HttpHeader.c:532: 0 2005/01/25 11:24:46| assertion failed: HttpHeaderTools.c:184: list m 2005/01/25 11:25:01| assertion failed: MemBuf.c:197: mb buf sz = 0 Without this patch works fine... This problem most likely identified and fixed in Bug #1207. The patch has been updated with this fix. Regards Henrik
Re: [squid-users] squid not caching files to disk
On Mon, 24 Jan 2005, Ben O'Shea wrote: The NTLM layer (no caching): no_cache deny QUERY cache_dir null /null The caching layer: no_cache deny QUERY cache_dir ufs /var/spool/squid 23000 16 256 no warnings in cache.log or from output of squid -k parse Looks fine. Is there any patches applied to your 2.5.STABLE5? Please try upgrading to 2.5.STABLE7 to rule out any possibilities you are running into an already known problem. Regards Henrik
[squid-users] PAM autent not working
Hi, please help me with setup of PAM authentication in squid. i'm using squid ver 2.5 stable 5 (on a redhat fedora core 2 box), and am unable to setup authentication (i have verified that entering the username/password directly into pam_auth modele works ... is such a configuration logical? : --- auth_param basic program /usr/lib/squid/pam_auth auth_param basic children 5 auth_param basic realm Squid auth_param basic credentialsttl 2 hours acl pam-autent proxy_auth REQUIRED acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 563 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 563 # https, snews acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access deny to_localhost http_access allow pam-autent Mait
RE: [squid-users] diskd
So I won´t worry anymore, will keep aufs. :) Daniel Navarro Maracay, Venezuela www.csaragua.com/ecodiver --- Elsen Marc [EMAIL PROTECTED] escribió: I am using the squid originally installed with my Fedora Club 3. So I don't know if diskd is active. I am interested on it since I read squid FAQ's recomending it. Use cachemgr - Current Squid Configuration. Check the store method used for the define cache dirs. On Linux aufs behaves better then diskd. M. _ Do You Yahoo!? Información de Estados Unidos y América Latina, en Yahoo! Noticias. Visítanos en http://noticias.espanol.yahoo.com
Re: [squid-users] PAM autent not working
On Tue, 25 Jan 2005, Mait Mandel wrote: please help me with setup of PAM authentication in squid. i'm using squid ver 2.5 stable 5 (on a redhat fedora core 2 box), and am unable to setup authentication (i have verified that entering the username/password directly into pam_auth modele works ... Did you also verify this as the cache_effective_user your Squid is configured to run as? Verifying pam_auth running as root is not very meaningful. You need to verify it running as the user Squid runs as. Regards Henrik
Re: [squid-users] Problem with FTP upload through squid : truncat ed files
I already tried this, but mozilla doesn't ask me for a password, instead I get an error page : ERROR The requested URL could not be retrieved The FTP server was too busy while trying to retrieve the URL: ftp://[EMAIL PROTECTED]/ Squid sent the following FTP command: USER myuser and then received this reply Service not available, closing control connection. (I replaced the real user by myuser in the error message) But if I put my password after the user name, it works Thanks anyway Henri On Mon, 24 Jan 2005 09:41:57 -0900, Chris Robertson [EMAIL PROTECTED] wrote: -Original Message- From: Henri Walazo [mailto:[EMAIL PROTECTED] Sent: Monday, January 24, 2005 2:15 AM To: Elsen Marc Cc: squid-users@squid-cache.org Subject: Re: [squid-users] Problem with FTP upload through squid : truncated files Thanks, it works with Mozilla 1.7.5 However, is it possible to connect to a ftp site through mozilla without typing the user and password in plain text in the url ? ftp://[EMAIL PROTECTED] You will be prompted for the password, and it will not show up in the browser bar or on the webpage. Chris
RE: [squid-users] Problem with FTP upload through squid : truncat ed files
This does seem to be a function of the interaction between Squid, Mozilla and the ftp service. If I use ftp://[EMAIL PROTECTED] without proxy I am prompted for a password, and can log in. If I try the same with proxy (either Squid2.5Stable7 - Squid2.5Stable4 - Squid2.5Stable3 (local proxy, cache parent, cache parent) or just the Squid2.5Stable7 proxy), I don't get prompted for a password, and see the error: -- An FTP authentication failure occurred while trying to retrieve the URL: ftp://[EMAIL PROTECTED]/ Squid sent the following FTP command: PASS yourpassword and then received this reply Login incorrect. -- Cest la vie, Chris -Original Message- From: Henri Walazo [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 25, 2005 8:08 AM To: Chris Robertson Cc: squid-users@squid-cache.org Subject: Re: [squid-users] Problem with FTP upload through squid : truncat ed files I already tried this, but mozilla doesn't ask me for a password, instead I get an error page : ERROR The requested URL could not be retrieved The FTP server was too busy while trying to retrieve the URL: ftp://[EMAIL PROTECTED]/ Squid sent the following FTP command: USER myuser and then received this reply Service not available, closing control connection. (I replaced the real user by myuser in the error message) But if I put my password after the user name, it works Thanks anyway Henri On Mon, 24 Jan 2005 09:41:57 -0900, Chris Robertson [EMAIL PROTECTED] wrote: -Original Message- From: Henri Walazo [mailto:[EMAIL PROTECTED] Sent: Monday, January 24, 2005 2:15 AM To: Elsen Marc Cc: squid-users@squid-cache.org Subject: Re: [squid-users] Problem with FTP upload through squid : truncated files Thanks, it works with Mozilla 1.7.5 However, is it possible to connect to a ftp site through mozilla without typing the user and password in plain text in the url ? ftp://[EMAIL PROTECTED] You will be prompted for the password, and it will not show up in the browser bar or on the webpage. Chris
Re: [squid-users] M ULTI UPLINK CACHE
On Tuesday 25 January 2005 10:43, RAHUL T. KARTHA wrote: HAS ANY ONE HERE TRIED TO DOA MULTI UPLINK CACHE I.E if you are interested in this we do have several ISPs running this but look first, what and how much internal networks you run does not matter at this stage if you are running BGP you do it at router level and you can use one front-end cache if you are running some load-balance with Cisco-CEF or similar you do it also at router level and can use one front-end cache if you are otherwise pseudo-multi-homed as lots of people do with one IP-link and another or several ADSL where you need NAT you better put one cache for each link and a chield as main cache for your network. You can then use parent weight or some policy routing on OS-Level to get what you want and with some good ideas you get a certain balance and even redundance since squid do not query a dead parent if you configure it right. We tried linux iproute2 and policy routing on BSD for single caches but the performance of the former example is really better, BTW both gave bad results when one link died and even stopped to serve correctly, but sure depends of what you want and how much you can spend in this (weak and watch time ;) and money) Hans -- ___ Mensagens no assinadas com GPG no so minhas. Messages without GPG signature are not from me. ___ pgp4VzlT1HER0.pgp Description: PGP signature
[squid-users] squid auth. using basic and ntlm
Hi. I have runing a squid proxy that use ntlm to restict internet user access with my samba 3.x PDC. But some windows programs need to use basic auth (like msn messenger) how can I do to IE get ntlm auth, and the others program get basic auth. my squid.conf is # ntlm auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp auth_param ntlm children 5 auth_param ntlm max_challenge_reuses 0 auth_param ntlm max_challenge_lifetime 2 hour auth_param ntlm use_ntlm_negotiate off # basic auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic auth_param basic children 5 auth_param basic realm Servidor de acceso a Internet auth_param basic credentialsttl 2 hour auth_param basic casesensitive off in that order. But like that IE works fine, but msn messenger don't, seems to be like msn mssgr don't get the basic auth config. Buth if I revert the order, basic first, IE ask for user and password and msn mssgr works fine. I want that IE don't ask for a passwd, and msn messeger can work. thanks. -- Xavier Callejas El Salvador E-Mail + MSN: xcallejas at ibcinc.com.sv ICQ: 6224 -- Open your Mind, use Open Source.
[squid-users] Error Message
All, My apologize if this post is OT. I typed command dmesg and found many messages below in my Squid machine. TCP: Treason uncloaked! Peer 202.108.67.134:1099/8080 shrinks window 3327054514:3327055323. Repaired. TCP: Treason uncloaked! Peer 202.108.67.134:1552/8080 shrinks window 3447726284:3447727816. Repaired. Would you tell me what is the meaning of those lines? Is it a serious issue? Thx Rgds, Awie
[squid-users] mail box and mail content is not shown
I am using Squid-3 as SSL proxy for OWA (Exchange 2003). The issue is that with latest snapshots of Squid-3-PRE3 frequently mailboxes do not open and mail content is not shown. Sometimes I can read mails from my Inbox but opening mail from other boxes takes infinite times / does not open. However with Squid-3-PRE3 (no snapshot) I do not have such delay but I have other issue with squid as squid process gets killed due to fragmentation error after receiving 16 SSL negotiation errors. Any help? Thanks regards, Rakesh Kumar ## Attention: This e-mail message is privileged and confidential. If you are not the intended recipient please delete the message and notify the sender. Any views or opinions presented are solely those of the author. ##
[squid-users] System messages
All, I found a lot of messages below in cache.log: 2005/01/26 13:24:11| httpReadReply: Excess data from GET http://search.lycos.com/default.asp?lpv=1loc=searchhptab=webquery=mailto+comp.id; 2005/01/26 13:24:11| httpReadReply: Excess data from GET http://search.lycos.com/default.asp?lpv=1loc=searchhptab=webquery=java.sun.com+email; 2005/01/26 13:24:12| httpReadReply: Excess data from GET http://search.lycos.com/default.asp?lpv=1loc=searchhptab=webquery=mailto+myconradbali.com; 2005/01/26 13:24:12| httpReadReply: Excess data from GET http://search.lycos.com/default.asp?lpv=1loc=searchhptab=webquery=mail+comp.id; 2005/01/26 13:24:12| httpReadReply: Excess data from GET http://search.lycos.com/default.asp?lpv=1loc=searchhptab=webquery=mailto+comp.id; 2005/01/26 13:24:13| httpReadReply: Excess data from GET http://search.lycos.com/default.asp?lpv=1loc=searchhptab=webquery=mailto+comp.id; 2005/01/26 13:24:13| httpReadReply: Excess data from GET http://search.lycos.com/default.asp?lpv=1loc=searchhptab=webquery=comp.id+contact+e-mail; Please tell me what the means. Your answer is very appreciated. Thx Rgds, Awie
RE: [squid-users] Error Message
All, My apologize if this post is OT. I typed command dmesg and found many messages below in my Squid machine. TCP: Treason uncloaked! Peer 202.108.67.134:1099/8080 shrinks window 3327054514:3327055323. Repaired. TCP: Treason uncloaked! Peer 202.108.67.134:1552/8080 shrinks window 3447726284:3447727816. Repaired. Would you tell me what is the meaning of those lines? Is it a serious issue? Google is your friend : http://www.experts-exchange.com/Security/Linux_Security/Q_20598156.html (e.g). M.
RE: [squid-users] Problem with FTP upload through squid : truncat ed files
That's not normal, ty t42p running debian only gets past 55°c when it is running in my bag -Original Message- From: Henri Walazo [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 25, 2005 6:08 PM To: Chris Robertson Cc: squid-users@squid-cache.org Subject: Re: [squid-users] Problem with FTP upload through squid : truncat ed files I already tried this, but mozilla doesn't ask me for a password, instead I get an error page : ERROR The requested URL could not be retrieved The FTP server was too busy while trying to retrieve the URL: ftp://[EMAIL PROTECTED]/ Squid sent the following FTP command: USER myuser and then received this reply Service not available, closing control connection. (I replaced the real user by myuser in the error message) But if I put my password after the user name, it works Thanks anyway Henri On Mon, 24 Jan 2005 09:41:57 -0900, Chris Robertson [EMAIL PROTECTED] wrote: -Original Message- From: Henri Walazo [mailto:[EMAIL PROTECTED] Sent: Monday, January 24, 2005 2:15 AM To: Elsen Marc Cc: squid-users@squid-cache.org Subject: Re: [squid-users] Problem with FTP upload through squid : truncated files Thanks, it works with Mozilla 1.7.5 However, is it possible to connect to a ftp site through mozilla without typing the user and password in plain text in the url ? ftp://[EMAIL PROTECTED] You will be prompted for the password, and it will not show up in the browser bar or on the webpage. Chris