[squid-users] Re: squid-users Digest 5 Feb 2005 11:09:09 -0000 Issue 1829
Thanks Henrik Nordstrom no-query and login=guest:guest123 option in cache_peer has solved muy problem. Now Imy squid.conf is like this- Proxy having IP address 20.20.20.1 has squid.conf has following option #To authenticate with parent proxy 10.10.10.1 cache_peer 10.10.10.1 parent 8080 3130 login=guest:guest123 # use ncsa_auth for authentication auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/passwd auth_param basic children 5 # ACL description acl all src 0.0.0.0/0.0.0.0 acl localnetwork src 20.20.20.0/24 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl Safe_ports port 8080 acl CONNECT method CONNECT acl ncsa_users proxy_auth REQUIRED # authentication for all user required # List of http_access http_access allow localhost http_access allow localnetwork http_access allow ncsa_users http_access allow Safe-ports http_access allow password http_access allow all #OTHERS http_reply_access allow all icp_access allow all http_port 8080 coredump_dir /var/spool/squid https_port 8080 NOW I NEED HELP FOR FOLLOWING. TIA Q1- I am able to browse internet from any of my PC on my netwok (20.20.20.0/24). But users are not being asked for username & password for authentication. What's wrong? Q2- Is the sequence of http_access is correct? If any sequence cxhange required, please suggest. Q3- Is "http_access allow password" required at all? My friend says it is on no use. > > When I am trying to accesses a web page thry browser on the same > > machine where squid is running, error being logged in access.log is > > TIMEOUT_FIRST_UP_PARENT. > > User are being authenticated successfully thru ncsa_auth. > > Are you inside a firewall, requiring you to use a parent to reach the > internet? If so see the FAQ on how to use Squid within a firewalled > network. > > In addition, does your parent support ICP? If not you need to use the > no-query option. > Henrik
RE: [squid-users] Reverse Proxy (Accelerator Mode) and HTTPS RedirectEndless Loop
>> "$url" value ends up squid.mysite.net, redirecting the browser right >> back to squid.mysite.net and causing an endless loop. I tried putting >> squid.mysite.net in the /etc/hosts file to point to the backend web >> server, but it did not seem to matter. Is there anyway this can be >> done? >You are using Squid-2.5 I suppose.. it's idea of https reverse proxied >content is a little wierd (internally looks like http) > >Instead of using a redirector plain access controls in squid.conf can do >the job much easier > >acl port80 port 80 >http_access deny port80 >deny_info https://www.your.site/ port80 In theory this looks like the perfect solution, but it didn't work. Still put in an endless loop. SSL traffic (443) is allowed in the conf file but here is the response I get from squid using the program wget: C:\Program Files\wget>wget http://www.mysite.com --00:39:22-- http://www.mysite.com/ => `index.html.5' Resolving www.mysite.com... x.x.x.x Connecting to www.mysite.com[x.x.x.x]:80... connected. HTTP request sent, awaiting response... 302 Moved Temporarily Location: https://www.mysite.com/ [following] --00:39:22-- https://www.mysite.com/ => `index.html.5' Connecting to www.mysite.com[x.x.x.x]:443... connected. HTTP request sent, awaiting response... 302 Moved Temporarily Location: https://www.mysite.com/ [following] --00:39:22-- https://www.mysite.com/ => `index.html.5' Connecting to www.mysite.com[x.x.x.x]:443... connected. HTTP request sent, awaiting response... 302 Moved Temporarily Location: https://www.mysite.com/ [following] --00:39:23-- https://www.mysite.com/ => `index.html.5' So squid is redirecting to https and port 443 but still seeing the traffic as port 80 by still sending it to deny_info. >you can also use the same in redirector_access to control what is sent to >the redirector. > >alternatively you can use "httpd_accel_port 0" and have the redirector >look for the port number to determine if this request was received on the >http_port or on the https_port. I don't see any redirector working unless I was sending the browser to a different URL other then the site I need the client to go to, which is Squid, causing an endless loop. For example http://my.site.com/ is sent to squid. That is send to the redirector outputting https://my.site.com/. That will be sent back to squid and through the redirector again and again and again in an endless loop. Even if I try to use redirector_access based on port it will not work because squid only sees port 80 for http or https. I tested this by denying port 443 and allowing port 80 and my https requests worked with no problems, confirming squid did not see the 443 deny request in the conf file. Maybe I'm missing something but I am thinking this maybe can't be done with squid 2.5. What else can I try?
Re: [squid-users] cluster solution
H Matik wrote: On Saturday 05 February 2005 15:24, Askar wrote: hi list what is the best clustering solution for squid cache servers ? LVS ? LVS tunneling or routing. do you serve users or serv content with your cache? What OS you wnat to use? And may be you have some more details, links, bandwidth, size, disks, servers we serv http port 80 via cache, that is "transparent caches" serving web pages to our clients. current we have three cache/proxy server running squid OS FC2, in numbers ? And what is your priority? Performance, link problemas, server problems? What do you wnat to get out of this? we want to implement load balancer to over come link problem, and ofcourse to achieve good performance lvs (I may be wrong) is probably only a load balancer but not the cluster and probably thought for serving content but not users (access users) yep lvs is load balancer, with one computer working as FE (front end) and real servers in back ends. lvs is what ppl suggested to me. Load balance you can probably achieve easier and cheaper (depending on your project size) using only squid on several servers for different content types but may be you answer first my first question I didn't get this? at the movement our caches servers are just configured for http port 80 tranparently however we are sending traffic from our gateway to caches via iproute2 + iptables (mark) Hans regards we are thinking about this http://dragon.linux-vs.org/~dragonfly/ solution based on LVS however im will be kinda glad to get some advices from gurus over here :) regards
[squid-users] [squid-user] Failing to serve cached objects
Date: Sat, 5 Feb 2005 12:09:04 +0100 (CET) From: Henrik Nordstrom <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Cc: Squid Users Subject: Re: [squid-users] Failing to serve cached objects On Sat, 5 Feb 2005 [EMAIL PROTECTED] wrote: > I moved my squid.conf to a newer build of Squid and, Voila! Cached objects > are now > being served. Good. > Pity ACL seems to be broken (all urls are accessible). Then inspect your http_access rules, and see the Squid FAQ Chapter 10 Access Controls. - I will be grateful if you will point out where I have gone wrong here. I thought that the last 3 ACLs defined All IP addresses, All URLs and HTTP protocol; and that the last 3 rules denied access to them. However I can still access www.sex.com from cache. I want it denied by default. # TAG: acl #Recommended minimum configuration: acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 1025-65535 # unregistered ports acl CONNECT method CONNECT acl government urlpath_regex -i .gov acl education urlpath_regex -i .edu acl google dstdomain .google.com.au acl acenet dstdomain .acenet.com.au acl localnet src 192.168.100.0/24 acl ip dst 0.0.0.0/0.0.0.0 acl www urlpath_regex -i www. acl http proto HTTP # TAG: http_access #Recommended minimum configuration: http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny to_localhost http_access allow government http_access allow education http_access allow google http_access allow acenet http_access allow localnet http_access deny ip http_access deny http http_access allow www # TAG: http_reply_access
[squid-users] ACL defaults
Date: Sat, 5 Feb 2005 23:26:41 +0100 (CET) From: Henrik Nordstrom <[EMAIL PROTECTED]> To: Martin Joseph <[EMAIL PROTECTED]> Cc: Squid Users Subject: Re: [squid-users] ACL defaults On Sat, 5 Feb 2005, Martin Joseph wrote: >> If you have http_access lines but none matches the request the action the >> opposite of your last http_access rule. > > Wouldn't it make more sense for squid to DENY any requests after finishing > with the ACL list, thus forcing people to explicitly enable the access they > want to allow? Yes and no. There is many ways of doing access lists. With the current design you can easily do either deny everything which is not allowed or allow only what is allowed and the result will be what you intended. Most people find it easier with explicit rules and is why the suggested standard configuration shipped with Squid looks like (in order) 1. limit cachemgr access 2. deny abuse 3. allow your clients to use the proxy 4. deny everything else --- I can't speak for other people, but I am using Squid in conjunction with a deny by default firewall to limit access to the www. I see no rules in the standard http_access tag which limit access to destinations. The last rule, "deny all" looks like it limits access to destinations, but a clever lawyer or computer programmer can deduce that "all" refers to clients, not destinations. Getting back to the English (the docs may be different in other languages), you have not suggested why the word "deny" is used in your item 4 when the action is to allow all clients not previously denied. John Sutherland Phone & Fax +61 2 4683 1511 9 Meryla Street, Couridjah NSW 2571 Australia
Re: [squid-users] ACL file
On Sun, 6 Feb 2005 [EMAIL PROTECTED] wrote: It seems that Squid allows us to place our ACL definitions in a file separate from squid.conf, but I see no mention of similarly placing http_access rules in a separate file. Is this how it is? Correct. Regards Henrik
[squid-users] ACL file
It seems that Squid allows us to place our ACL definitions in a file separate from squid.conf, but I see no mention of similarly placing http_access rules in a separate file. Is this how it is?
Re: [squid-users] cluster solution
On Sat, 5 Feb 2005, H Matik wrote: lvs (I may be wrong) is probably only a load balancer but not the cluster and probably thought for serving content but not users (access users) LVS is a TCP/IP load balancer, with good cluster support to make the load balancer redundant. LVS is useful in load balancing both servers and proxies, including transparently intercepting proxies if you like. It can even run on the same nodes as the servers, eleminating the need of extra hardware. Regards Henrik
RE: [squid-users] Problem with FTP upload through squid : truncat ed files
On Tue, 25 Jan 2005, Chris Robertson wrote: This does seem to be a function of the interaction between Squid, Mozilla and the ftp service. If I use ftp://[EMAIL PROTECTED] without proxy I am prompted for a password, and can log in. If I try the same with proxy (either Squid2.5Stable7 -> Squid2.5Stable4 -> Squid2.5Stable3 (local proxy, cache parent, cache parent) or just the Squid2.5Stable7 proxy), I don't get prompted for a password, and see the error: This is a bug in Mozilla. On this kind of request Mozilla tells Squid via Basic HTTP authentication to login with a blank password. What it should have done to work proper with Squid is to not send any Basic HTTP authentication on the initial request and wait for Squid to challenge for authentication and then prompt the user for the login information (preferably only password). Regards Henrik
Re: [squid-users] cluster solution
On Saturday 05 February 2005 15:24, Askar wrote: > hi list > what is the best clustering solution for squid cache servers ? > > LVS ? > > LVS tunneling or routing. > do you serve users or serv content with your cache? What OS you wnat to use? And may be you have some more details, links, bandwidth, size, disks, servers in numbers ? And what is your priority? Performance, link problemas, server problems? What do you wnat to get out of this? lvs (I may be wrong) is probably only a load balancer but not the cluster and probably thought for serving content but not users (access users) Load balance you can probably achieve easier and cheaper (depending on your project size) using only squid on several servers for different content types but may be you answer first my first question Hans > we are thinking about this http://dragon.linux-vs.org/~dragonfly/ > solution based on LVS > > however im will be kinda glad to get some advices from gurus over here :) > > > regards -- ___ Infomatik (18)8112.7007 http://info.matik.com.br Mensagens não assinadas com GPG não são minhas. Messages without GPG signature are not from me. ___ pgpZCZwDxpejG.pgp Description: PGP signature
Re: [squid-users] Info on a Solaris installation
On Sat, 5 Feb 2005, bIRGUs wrote: Tnx Henrik, say you the performance of the machine increase only a full load or i can notice endured ? I must increase coda size, correct is it (how report squid book)? Sorry, can you please try reformulating these quetions using other words? Regards Henrik
Re: [squid-users] ACL defaults
On Sat, 5 Feb 2005, Martin Joseph wrote: If you have http_access lines but none matches the request the action the opposite of your last http_access rule. Wouldn't it make more sense for squid to DENY any requests after finishing with the ACL list, thus forcing people to explicitly enable the access they want to allow? Yes and no. There is many ways of doing access lists. With the current design you can easily do either deny everything which is not allowed or allow only what is allowed and the result will be what you intended. Most people find it easier with explicit rules and is why the suggested standard configuration shipped with Squid looks like (in order) 1. limit cachemgr access 2. deny abuse 3. allow your clients to use the proxy 4. deny everything else (see squid.conf.default for the actual rules with comments) Regards Henrik
[squid-users] cluster solution
hi list what is the best clustering solution for squid cache servers ? LVS ? LVS tunneling or routing. we are thinking about this http://dragon.linux-vs.org/~dragonfly/ solution based on LVS however im will be kinda glad to get some advices from gurus over here :) regards
Re: [squid-users] Squid e Radius
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Henrik Nordstrom ha scritto: | On Fri, 4 Feb 2005, bIRGUs wrote: | |> But i have a question, can i use accounting resources? | | | No, there is no sessions in HTTP to relate accounting to. | | Regards | Henrik | | | tnx Henrik, it was that i'm thinking. Regards, Ale - -- ### Choose Windows. Choose the eXPerience. Choose flashy menus on your fucking server. Choose Exchange. Choose IIS. Choose Code Red, Nimda, the Lovebug, and a sexy Melissa... Choose Outlook and end up wondering where your stupid .docs are Choose not to choose. Let Micro$oft do it for you. But why would I want to do a thing like that? I choose not to be chosen: I choose something else. The reasons? There are too many reasons. And who needs reasons when you've got Linux? by PULHAS Inc. ### bIRGUs is a trademark registered © 1997 by me END OF TRASMISSION... -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (MingW32) iD8DBQFCBOQSaad7+YaOy5URAh5GAKCQLJPGQfFBNtZu36Y6fUvoAnwYcgCg1xar 1IdYkGlZHUwnN3ulR2PkGcM= =p8nq -END PGP SIGNATURE-
Re: [squid-users] Transparent proxy problem... bug?
On Sat, 5 Feb 2005, Danny wrote: I'm currently using Squid 2.5 as a transparent proxy and it has always loaded every page fine. This is the first time entering the proxy information into the browser has made a difference. The URL is: http://www.goodbrush.com/ When loaded properly the website titled "The Art of Craig Mullins" comes up. But when I load it with Squid working transparently I get the neverlan.net website. Have you set squid.conf properly for transparent interception proxying? Specifically the "httpd_accel_uses_host_header on" directive. What does access.log say? Regards Henrik
Re: [squid-users] external_acl_type problem. Please help.
Hi, At 15.51 05/02/2005, Henrik Nordstrom wrote: On Sat, 5 Feb 2005, [ISO-8859-1] Flávio Henrique wrote: But I trying to use external_acl_type too, but not working. Always I got Access Denied, even when the script returns OK (at least I got "OK" in console). Is there any errors from "squid -k parse"? Did you try the script running as your cache_effective_user or as root? Many permission errors go unnoticed when testing helpers as root. external_acl_type autorizacao %LOGIN "/etc/squid/modulos/users.sh" acl autorizados externalautorizacao acl LAN1src 192.168.100.0/24 http_access allow LAN1 autorizados http_access denyall Looks fine to me. No obvious configuration errors from what I can tell. My be a username format problem in the external ACL helper: Flávio is using NTLM and basic Samba authentication, so the username should provided to the external acl helper as domain\\username. Flávio: try to output to stderr what users.sh is receiving from squid and look into cache.log. Regards Guido - Guido Serassio Acme Consulting S.r.l. - Microsoft Certified Partner Via Gorizia, 69 10136 - Torino - ITALY Tel. : +39.011.3249426 Fax. : +39.011.3293665 Email: [EMAIL PROTECTED] WWW: http://www.acmeconsulting.it/
Re: [squid-users] external_acl_type problem. Please help.
Hi Henrik, At 15.48 05/02/2005, Henrik Nordstrom wrote: On Sat, 5 Feb 2005, Serassio Guido wrote: external_acl_type autorizacao %LOGIN "/etc/squid/modulos/users.sh" acl autenticadosproxy_auth REQUIRED acl autorizados externalautorizacao acl LAN1src 192.168.100.0/24 http_access allow LAN1 autorizados http_access denyall There is a logical error here: you don't trigger the user authentication, try: Err, the above does trigger authentication. An external_acl_type using %LOGIN will trigger authentication, just like an proxy_auth acl does. True: my mistake, I have forgotten that this problem was fixed some releases ago. Regards Guido - Guido Serassio Acme Consulting S.r.l. - Microsoft Certified Partner Via Gorizia, 69 10136 - Torino - ITALY Tel. : +39.011.3249426 Fax. : +39.011.3293665 Email: [EMAIL PROTECTED] WWW: http://www.acmeconsulting.it/
[squid-users] Transparent proxy problem... bug?
I'm currently using Squid 2.5 as a transparent proxy and it has always loaded every page fine. This is the first time entering the proxy information into the browser has made a difference. The URL is: http://www.goodbrush.com/ When loaded properly the website titled "The Art of Craig Mullins" comes up. But when I load it with Squid working transparently I get the neverlan.net website. Is this a bug with Squid?
Re: [squid-users] Help..
--- Askar <[EMAIL PROTECTED]> escribió: > Chris Robertson wrote: > > >>-Original Message- > >>From: Ahmad Arif [mailto:[EMAIL PROTECTED] > >>Sent: Friday, February 04, 2005 1:46 AM > >>To: squid-users@squid-cache.org > >>Subject: [squid-users] Help.. > >> > >> > >>DEar Squid Master, > >> > >>I need your help, I plan to install 2 version of > squid in the same machine > >> > >> > >Redhat 9. is it possible ? > > > > > >>Many thanks for your help.. > >> > >>AArif > >> > >> > > > >It is possible. You just need a separate > squid.conf file for each instance > >of Squid. Each conf file has to specify a > different listening port, > >different cache directories, and different log > files (or none at all). You > >can use the same squid binary (of you don't want to > use different versions > >of squid) and just point each instance at a > different conf file like: > > > >/sbin/squid -f /etc/squid1.conf > >/sbin/squid -f /etc/squid2.conf > > > >Chris > > > > > > > any benefit of running two instances of squid on a > single machine? > > No benefit at all _ Do You Yahoo!? Información de Estados Unidos y América Latina, en Yahoo! Noticias. Visítanos en http://noticias.espanol.yahoo.com
Re: [squid-users] Squid e Radius
On Fri, 4 Feb 2005, bIRGUs wrote: But i have a question, can i use accounting resources? No, there is no sessions in HTTP to relate accounting to. Regards Henrik
Re: [squid-users] external_acl_type problem. Please help.
On Sat, 5 Feb 2005, [ISO-8859-1] Flávio Henrique wrote: But I trying to use external_acl_type too, but not working. Always I got Access Denied, even when the script returns OK (at least I got "OK" in console). Is there any errors from "squid -k parse"? Did you try the script running as your cache_effective_user or as root? Many permission errors go unnoticed when testing helpers as root. external_acl_type autorizacao %LOGIN "/etc/squid/modulos/users.sh" acl autorizados externalautorizacao acl LAN1src 192.168.100.0/24 http_access allow LAN1 autorizados http_access denyall Looks fine to me. No obvious configuration errors from what I can tell. Regards Henrik
Re: [squid-users] external_acl_type problem. Please help.
On Sat, 5 Feb 2005, Serassio Guido wrote: external_acl_type autorizacao %LOGIN "/etc/squid/modulos/users.sh" acl autenticadosproxy_auth REQUIRED acl autorizados externalautorizacao acl LAN1src 192.168.100.0/24 http_access allow LAN1 autorizados http_access denyall There is a logical error here: you don't trigger the user authentication, try: Err, the above does trigger authentication. An external_acl_type using %LOGIN will trigger authentication, just like an proxy_auth acl does. Regards Henrik
Re: [squid-users] external_acl_type problem. Please help.
Hi, At 15.09 05/02/2005, Flávio Henrique wrote: Hi guys. I hope someone can cast a light in my problem here. I'm using squid-2.5STABLE4 on Mandrake 10. I'm using winbind authentication and it works fine. But I trying to use external_acl_type too, but not working. Always I got Access Denied, even when the script returns OK (at least I got "OK" in console). Please, someone can see anything wrong here: thank you in advance. SQUID.CONF (...) auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp auth_param ntlm children 5 auth_param ntlm max_challenge_reuses 0 auth_param ntlm max_challenge_lifetime 20 minutes auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic auth_param basic children 5 auth_param basic realm Informe seu usuário e senha auth_param basic credentialsttl 2 hours external_acl_type autorizacao %LOGIN "/etc/squid/modulos/users.sh" acl autenticadosproxy_auth REQUIRED acl autorizados externalautorizacao acl LAN1src 192.168.100.0/24 http_access allow LAN1 autorizados http_access denyall There is a logical error here: you don't trigger the user authentication, try: http_access allow autenticados LAN1 autorizados Regards Guido - Guido Serassio Acme Consulting S.r.l. - Microsoft Certified Partner Via Gorizia, 69 10136 - Torino - ITALY Tel. : +39.011.3249426 Fax. : +39.011.3293665 Email: [EMAIL PROTECTED] WWW: http://www.acmeconsulting.it/
[squid-users] external_acl_type problem. Please help.
Hi guys. I hope someone can cast a light in my problem here. I'm using squid-2.5STABLE4 on Mandrake 10. I'm using winbind authentication and it works fine. But I trying to use external_acl_type too, but not working. Always I got Access Denied, even when the script returns OK (at least I got "OK" in console). Please, someone can see anything wrong here: thank you in advance. SQUID.CONF (...) auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp auth_param ntlm children 5 auth_param ntlm max_challenge_reuses 0 auth_param ntlm max_challenge_lifetime 20 minutes auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic auth_param basic children 5 auth_param basic realm Informe seu usuário e senha auth_param basic credentialsttl 2 hours external_acl_type autorizacao %LOGIN "/etc/squid/modulos/users.sh" acl autenticadosproxy_auth REQUIRED acl autorizados externalautorizacao acl LAN1src 192.168.100.0/24 http_access allow LAN1 autorizados http_access denyall
RE: [squid-users] no filtering with DB files
>... > > > As stated , check what's in squidGuard.log concerning the > db files > > (loading). > > squidGuard can not use db 2.0.4 (indeed). > > Okay it works now with 3.2.9 db > 2.7.7 would build, but squidguard 1.2.0 would not read it. Thanks for > your assistance. > Ok, M.
Re: [squid-users] Info on a Solaris installation
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Henrik Nordstrom ha scritto: | | On Solaris I would start with aufs, if there is problems fall back on | diskd. | | aufs was originally designed for Solaris. | | Regards | Henrik Tnx Henrik, say you the performance of the machine increase only a full load or i can notice endured ? I must increase coda size, correct is it (how report squid book)? Have experience with PAM_Radius and squid ? ### bIRGUs is a trademark registered © 1997 by me END OF TRASMISSION... -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (MingW32) iD8DBQFCBK5saad7+YaOy5URAtt/AJ43LF1GkruHKctDtGSxEku9y8MgogCfQQud E27DzhUbuM3w3h4TdnvTuVc= =PSzc -END PGP SIGNATURE-
Re: [squid-users] Info on a Solaris installation
On Sat, 5 Feb 2005, bIRGUs wrote: I'm reading the squidBook i know that asincronous method (diskd or aufs) ~ is better (for obvious reasons). On Solaris I would start with aufs, if there is problems fall back on diskd. aufs was originally designed for Solaris. Regards Henrik
Re: [squid-users] Accessing allowed URLs from MySQL
On Thu, 3 Feb 2005, Glynn Robinson wrote: I'm currently setting up a new Squid proxy server to replace an existing one. The current proxy utilises an ACL which connects to a MySQL database and extracts a number of allowed URLs from a table. The problem is, I'm having trouble replicating this behaviour in the new proxy. The current squid.conf file has a number of references to MySQL - including information regarding the name of the database, the user and password etc Sounds like your old Squid included an inofficial patch for integration with MySQL. Probably the patch by Matthew Naylor linked from the devel.squid-cache.org. Unfortunately his page is not available anymore but it is archived by the WayBackMatchine (great tool btw) http://web.archive.org/web/*/http://www-users.york.ac.uk/~mfn100/squid_mysql.html To my knowledge noone has written an external_acl replacement for this yet. If you know a little of programming in any language with mysql support you are welcome to take a stab at this. To give some scale on the project writing an mysql external_acl helper in for example perl should not be much more than a handful of lines, plus command line parameter parsing, usage instructions etc if desired to make it easy to use. Regards Henrik
Re: [squid-users] Failing to serve cached objects
On Sat, 5 Feb 2005 [EMAIL PROTECTED] wrote: I moved my squid.conf to a newer build of Squid and, Voila! Cached objects are now being served. Good. Pity ACL seems to be broken (all urls are accessible). Then inspect your http_access rules, and see the Squid FAQ Chapter 10 Access Controls. Regards Henrik
Re: [squid-users] TIMEOUT_FIRST_UP_PARENT error in access.log of squid
On Sat, 5 Feb 2005, thomas wrote: When I am trying to accesses a web page thry browser on the same machine where squid is running, error being logged in access.log is TIMEOUT_FIRST_UP_PARENT. User are being authenticated successfully thru ncsa_auth. Are you inside a firewall, requiring you to use a parent to reach the internet? If so see the FAQ on how to use Squid within a firewalled network. In addition, does your parent support ICP? If not you need to use the no-query option. Regards Henrik
Re: [squid-users] Problem with applet files embedded within html???
On Sat, 5 Feb 2005, Glenn Baptista wrote: Henrik can you offer some opinion on when Squid ver 3 will be a production release When the developers are confident in the quality of the release. and whether I am facing a problem because of the digest authentication not being copied properly. Hightly unlikely. digest helpers either works fine or not at all. All the helper is responsible for is to keep track of your password, the digest authentication process as such is fully managed by Squid. Regards Henrik
[squid-users] Info on a Solaris installation
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 HI to list, ~ i must reinstalling an old squid with the 2.5.S7 on a Solaris (SPARC) machine. Which method advised for cache fs? I'm reading the squidBook i know that asincronous method (diskd or aufs) ~ is better (for obvious reasons). That you say? The squid is for 1000 user approximately. Good day ### bIRGUs is a trademark registered © 1997 by me END OF TRASMISSION... -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (MingW32) iD8DBQFCBKhxaad7+YaOy5URAqZRAKDwMppvT/fDBmD+CH761iOCXqrqoACgiWbR i9jSpPQDW4XnOeakyyGPD3U= =4oc+ -END PGP SIGNATURE-
Re: [squid-users] Problem with applet files embedded within html???
On Thu, 3 Feb 2005, Glenn Baptista wrote: However when I request pages with java applets within, I get a TCP_DENIED message in the squid.log file. Which JRE are you using? Does the JRE version you are using support Digest authentication? Regards Henrik
Re: [squid-users] ACL defaults
On Sat, 5 Feb 2005 [EMAIL PROTECTED] wrote: For the tag http_access, my .conf says:- "NOTE on default values: If there are no 'access' lines present, the default is to deny the request." This implies DENY BY DEFAULT which is a common convention in this context. No it does not. Read the first part of that sentence again. However all following text contradicts that. e.g.:- "If none of the access lines causes a 'match', the default is the opposite of the last line in the list. If the last line was deny, then the default is allow. Conversly, if the last line is allow, the default will be deny. For these reasons, it is a good idea to have an 'deny all' or 'allow all' entry at the end of your access lists to avoid POTENTIAL CONFUSION." I see no contradiction here. If you have no http_access rules AT ALL all requests will be denied as you have not configured the access controls. If you have http_access lines but none matches the request the action the opposite of your last http_access rule. Regards Henrik
[squid-users] Info on a Solaris installation
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 HI to list, ~ i must reinstalling an old squid with the 2.5.S7 on a Solaris (SPARC) machine. Which method advised for cache fs? I'm reading the squidBook i know that asincronous method (diskd or aufs) ~ is better (for obvious reasons). That you say? The squid is for 1000 user approximately. Good day - -- ### Choose Windows. Choose the eXPerience. Choose flashy menus on your fucking server. Choose Exchange. Choose IIS. Choose Code Red, Nimda, the Lovebug, and a sexy Melissa... Choose Outlook and end up wondering where your stupid .docs are Choose not to choose. Let Micro$oft do it for you. But why would I want to do a thing like that? I choose not to be chosen: I choose something else. The reasons? There are too many reasons. And who needs reasons when you've got Linux? by PULHAS Inc. ### bIRGUs is a trademark registered © 1997 by me END OF TRASMISSION... -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (MingW32) iD8DBQFCBKbTaad7+YaOy5URAj8yAJ95XgMNSvMl9EAIBLivm021oG/fdgCfWopw iV/HOm+rJ1fmVQWBFcNtsBg= =rMes -END PGP SIGNATURE-
Re: [squid-users] Problem with applet files embedded within html???
Hi, At 07.46 05/02/2005, Glenn Baptista wrote: Hello, I had earlier posted a message detailing problems with digest authentication (digest_pw_auth copied) from Squid Pre 3 run from within squid 2.5 Stable 7. The earlier message is appended below. The problem however does not occur when I use Squid Pre 3 version completely. Henrik can you offer some opinion on when Squid ver 3 will be a production release, and whether I am facing a problem because of the digest authentication not being copied properly. All I did was copy the digest_pw_auth executable from pre 3 to the libexec folder where squid was installed. It works fine however when I request any other pages. When I disable the authentication with the same configuration, even the applets can be loaded? See this thread: http://www.squid-cache.org/mail-archive/squid-users/200501/0762.html If the applet doesn't support user authentication it doesn't work with any type of proxy or authentication schema. Regards Guido - Guido Serassio Acme Consulting S.r.l. - Microsoft Certified Partner Via Gorizia, 69 10136 - Torino - ITALY Tel. : +39.011.3249426 Fax. : +39.011.3293665 Email: [EMAIL PROTECTED] WWW: http://www.acmeconsulting.it/
Re: [squid-users] Squid-NTLM does not work
Hi, At 10.51 05/02/2005, Ahmad Arif wrote: Please hilfe, i Try to configure squid-2.5.STABLE2 using the following : Use latest Squid 2.5 release: NTLM support in STABLE2 is very buggy. --enable-auth="ntlm,basic" --enable-basic-auth-helpers="winbind" --enable-ntlm-auth-helpers="winbind" --enable-external-acl-helpers="wb_group" Wrong external helper name, use: --enable-external-acl-helpers="winbind_group" But, you are planning to use Samba 2 as back-end ? If you are planning to use Samba 3, you need only: --enable-external-acl-helpers="wbinfo_group" and ntlm_auth from Samba 3 must be used for both basic and ntlm authentication. See previous threads on this list. Regards Guido - Guido Serassio Acme Consulting S.r.l. - Microsoft Certified Partner Via Gorizia, 69 10136 - Torino - ITALY Tel. : +39.011.3249426 Fax. : +39.011.3293665 Email: [EMAIL PROTECTED] WWW: http://www.acmeconsulting.it/
[squid-users] Squid-NTLM does not work
Please hilfe, i Try to configure squid-2.5.STABLE2 using the following : --enable-auth="ntlm,basic" --enable-basic-auth-helpers="winbind" --enable-ntlm-auth-helpers="winbind" --enable-external-acl-helpers="wb_group" but I cannot make and make install and in the /usr/local/squid/libexec/ i cannot find wb_auth and wb_ntlm what'wrong with this MAny Thanks AArif
