RE: [squid-users] Hotmail Error forbidden server
> > Previously, everyhing works fine. I never touch anything in > the squid.conf > accept adding some words to block in url_regex. Only today > hotmail cannot be > access. Any suggestion which part of squid.conf do i need to check? > > - Remove the url_regex setup , as a test to make sure that this is not the cause (=set more or less default access controls (again)). Then verify your hotmail access. M.
Re: [squid-users] Hotmail Error forbidden server
Previously, everyhing works fine. I never touch anything in the squid.conf accept adding some words to block in url_regex. Only today hotmail cannot be access. Any suggestion which part of squid.conf do i need to check? - Original Message - From: "Elsen Marc" <[EMAIL PROTECTED]> To: "Yuzz" <[EMAIL PROTECTED]>; "squid-users" Sent: Friday, February 18, 2005 2:50 PM Subject: RE: [squid-users] Hotmail Error forbidden server Dear all, I get this error message today while trying to access www.hotmail.com. Anybody knows how to solve it?everything is fine when i try access www.hotmail.com without proxy 1108662554.433 5 XXX.XXX.XXX.XXX(ipaddress) TCP_DENIED/403 1040 GET Check your access controls (setup) in squid.conf. M.
RE: [squid-users] Configurating Squid
> > Hi, I'm having a big trouble with the conection to my proxy. I've read > already all the manuals that I found, and I have the correct basic > config. Then I try to test it and always without a reason I've got an > ACCESS DENIED... > I'm doing this in a laptop, that is conected to a Router 3com. I've > been reading that I need to forward the gateway or something like > that, I hope that someone could help me in my problem... > - Post the complete error as seen in the browser. - Check squid's access.log for this particular (failing) request. M.
RE: [squid-users] Hotmail Error forbidden server
> > Dear all, > > I get this error message today while trying to access > www.hotmail.com. > Anybody knows how to solve it?everything is fine when i try access > www.hotmail.com without proxy > > 1108662554.433 5 XXX.XXX.XXX.XXX(ipaddress) > TCP_DENIED/403 1040 GET > Check your access controls (setup) in squid.conf. M.
Re: [squid-users] Squid and Tomcat in one machine running WinXP
On Friday 18 February 2005 03:08, Rodrigo de Oliveira wrote: > Hello! I╢m new here and would be very thankful if > someone could solve my problem. > > I want Squid to intercept HTTP requests, deliver them > to the server, receive them from the server, make some > adjusts on the HTML file and deliver them to the > hosts. I got a PC running both a HTTP server (Apache > Tomcat 4.1.24) and Squid 2.5 STABLE 3 > (http://www.adrenalin.to/bofi/setup_squid_2_5_stable_3_eng.exe) > under Windows XP. For test purposes, Tomcat is > listening port 8080 and Squid port 80. Among other > tags, mainly, my squid.conf is: > > http_port 80 > httpd_accel_host 127.0.0.1 > httpd_accel_port 8080 > acl acceleratedHost dst 127.0.0.1/255.255.255.255 > acl acceleratedPort port 8080 > acl all src 0.0.0.0/0.0.0.0 > acl myNet src 10.0.0.0-200.0.0.1/255.255.255.0 > http_access allow acceleratedHost acceleratedPort > http_access allow myNet > http_access deny all > > This way, Squid makes the interception correctly for > localhost's tests, lilke calling > http://127.0.0.1/index.jsp on a browser. But when I > connect a laptop to it, and suposing the IP of the PC > server is 169.254.243.112 in this small LAN, Squid > rejects because of an access denied problem. On the > laptop, I can only reach the server bypassing Squid > through a calling like > http://169.254.243.112:8080/index.jsp on the browser. > What am I doing wrong? Does it work if you dump all http_access except "http_access allow all"? -- vda
Re: [squid-users] Suggestion of hardware requirement
On Fri, 18 Feb 2005 10:47:00 +0530, thomas <[EMAIL PROTECTED]> wrote: > My PIII (2.8 GHz, 512 MB RAm, 40 GM SMART IDE HDD, 100Mbps NIC) > machine running FC2 and Squid. Is this a dedicated server just for Squid, or does it serve other needs as well? > It is expected to server 70 users on for proxing and chaching. Squid.conf has > > cache_dir ufs /var/spool/squid 1000 16 256 > > to assign 1 GB HDD space for cashing and 256 MB RAM. Actually, that line only sets 1GB of cache dir, does not set 256 MB RAM, you'll need to adjust cache_mem for setting the amount of RAM used for cached objects (Squid will actually consume somewhat more than cache_mem RAM, due to overhead). > Is this configuration will work. What other sirective I have to set > better performance. Any suggession or pointer is appreciated. For enhanced performance, consider adding additional RAM, and dedicating much more disk to the cache. You might also look at external issues which could impact performance, such as DNS and your upstream ISP connection. Squid will make good use of as much RAM and disk as you can give it. You can post-process your logs after running for a few weeks to get an idea of how effective the cache is for your particular userbase. If most of what is accessed is SSL and dynamic content, caching doesn't have as much benefit... Kevin Kadow
[squid-users] Suggestion of hardware requirement
My PIII (2.8 GHz, 512 MB RAm, 40 GM SMART IDE HDD, 100Mbps NIC) machine running FC2 and Squid. It is expected to server 70 users on for proxing and chaching. Squid.conf has cache_dir ufs /var/spool/squid 1000 16 256 to assign 1 GB HDD space for cashing and 256 MB RAM. Is this configuration will work. What other sirective I have to set better performance. Any suggession or pointer is appreciated.
[squid-users] Can't set AR with Squid's configure?
I'm running Squid v2.5S8 on a Linux (Fedora Core 2) box. It seems that I can't get configure to, ahem, configure the library manager. If I do: AR=xiar ./configure --set-some-squid-options-here or export AR=xiar ./configure --set-some-squid-options-here I find that configure always selects /usr/bin/ar as the value to assign to the AR variable, then it creates makefiles that use /usr/bin/ar at build time. Configure does respect my setting of CC=mycompiler, but seems resistant to letting me specify the value of AR. How can I persuade configure to use the specified library manager? Thanks.
Re: [squid-users] how to configure squid for 2000 person
杨明 写道: > Our company have 2000 person . I want to use squid as a proxy . > I write a program to test squid , the result is about 600 persist > connection could be established through squid 2.4 ( rh8.0 on p3 1G cpu , 256M > mem) > > > How is your program access squid ? Anyway, do you increase your max open file when you configure and compile your squid ? Try to use ulimit -HSn 16384 before you configure your squid. If your squid is using select syscall, you must increase the FD_SETSIZE,too. > I hope squid could suport 3000 - 4000 persist connection at one time . > HOW TO configure it ? > > my squids served above 8000 connections without problem. > > thanks . >[EMAIL PROTECTED] > 2005-02-18 > >
Re: [squid-users] driver needed...
Hi, Daniel Navarro wrote: I gues somebody have a Asound lan card driver for 8139 model. Is not realtek model, check at www.asound.net. Really need it, specially for windows 2000. Regards, Daniel Navarro Maracay, Venezuela www.csaragua.com/ecodiver This is the squid-users mailing list for general discussion relating to Squid (not Windows drivers). The membership of this list is thousands of Squid users from around the world, and what you are asking for is very very off topic here... reuben
[squid-users] driver needed...
I gues somebody have a Asound lan card driver for 8139 model. Is not realtek model, check at www.asound.net. Really need it, specially for windows 2000. Regards, Daniel Navarro Maracay, Venezuela www.csaragua.com/ecodiver _ Do You Yahoo!? Información de Estados Unidos y América Latina, en Yahoo! Noticias. Visítanos en http://noticias.espanol.yahoo.com
Re: [squid-users] How to serve directory index files...?
On Feb 17, 2005, at 3:46 PM, Peter Yohe wrote: Hello, When Squid is in offline mode, how does it know what a default document in a site or directory is if a client does not provide the name of the file? If the client has not requested information, Why would squid need to know the default document ( assuming default.html ) of any site or directory? No request = squid do nothing what are you trying to do with squid? post your squid.conf and we may better answer your questions. Thanks, Peter Yohe The WiderNet Project --- jeff donovan basd network operations (610) 807 5571 x41 AIM xtdonovan
[squid-users] Test script for ICP parents
A simple Perl script (uses the WebCache::ICP module from CPAN) test-icp sends an ICP query to a cache peer and records the response time, optionally print packet contents. The primary reason I wrote this was to graph response time from parent cache servers in Cricket, however the same script can (if $debug is set) be useful for debugging general ICP problems. It could also be useful as an example WebCache::ICP client. Kevin Kadow #!/usr/bin/perl # -*- perl -*- # Copyright (c) 2005 by Kevin Kadow # # The code in this file is made freely available for any purpose # whatsoever. The author does not take any responsibility for the # correctness or suitability of the code. # # ICP Test Script 'test-icp.pl' # Version 0.2 # # Simple script for testing Internet Cache Protocol Servers, # suitable for interactive use, or to be executed from a # response time graphing tool such as Cricket, Hobbit, etc. # # Usage: # # test-icp.pl host[:port] [uri] # # Sends an ICP query for uri to the specified host and port. # See below for default values for port and uri. # # # Debugging # # Remove the "#" in front of $debug=1 for verbose output. # #$debug=1; # # Required modules: # You will almost certainly need to download and install the #Time::HiRes and WebCache::ICP modules from CPAN. # use Time::HiRes qw(gettimeofday); use WebCache::ICP; use Socket; # # Defaults: # Seldom any reason to change these. # $DEFAULT_PORT=3130; $DEFAULT_QUERY="http://www.w3.org/";; $TIMEOUT=10; # # Pick up the host and (optional) query from the command line. # $host=shift; $query=shift; $query=$DEFAULT_QUERY unless($query); $icp = new WebCache::ICP; $icp->opcode("OP_QUERY"); $icp->payload($query); warn "Will query via ICP for \'$query\'\n" if($debug); # In case of failure, print 'U' results for Cricket to parse. # sub death { local($why)[EMAIL PROTECTED]; print "U\nU\n"; die "\nDied on SIG$why"; } $SIG{'INT'}='death'; $SIG{'QUIT'}='death'; $SIG{'PIPE'}='death'; $SIG{'ALRM'}='death'; $port=$DEFAULT_PORT; die("Missing URL on command line.\n") unless($host); if($host=~m/^([^:]+):(\d+)$/) { $host=$1; $port=$2; } $host=&name2address($host); die "Invalid IP address $host\n" unless($host); # # Construct our socket for the ICP query. # warn "Sending packet to $host:$port" if($debug); socket(SOCK, PF_INET, SOCK_DGRAM, getprotobyname('udp')) or die "socket: $!"; my $sin = sockaddr_in($port, inet_aton($host)); die "bad sin" unless($sin); # # Send the packet. # alarm($TIMEOUT); $start = now(); $icp->send(fd => \*SOCK, sin => $sin); # # Get an answer (or timeout due to SIGALRM) # $response= $icp->recv(fd =>\*SOCK); $stop = now(); alarm(0); warn "Back from recv()\n" if($debug); close(SOCK); # # Calculate the elapsed time since we sent the query. # $delta = $stop - $start; $SCALE=100; $delta = (int(0.9+($delta * $SCALE)))/$SCALE; # # Cricket wants a number as the first field of the first line of output. # print $delta," Seconds\n"; # # Process our answer, print as necessary. # $answer = new WebCache::ICP($response); $c=$answer->opcode; print $c,"\t",&code2name( $c ),"\n"; $answer->dump if($debug); exit(0); # # # Subroutines follow # # sub now { my(@t) = gettimeofday(); return $t[0] + ($t[1] / 100.0); } # # Convert an ICP opcode to a human-readable form. # sub code2name { my($code)=(@_); %OPCODENAMES = ( 0 => "OP_INVALID", 1, "OP_QUERY", 2, "OP_HIT", 3, "OP_MISS", 4, "OP_ERR", 10, "OP_SECHO", 11, "OP_DECHO", 21, "OP_MISS_NOFETCH", 22, "OP_DENIED", 23, "OP_HIT_OBJ", ); return($OPCODENAMES{$code}) if($OPCODENAMES{$code}); return "UNDEF $code"; } # # Convert a hostname to a machine-readable form. Die if DNS fails. # sub name2address { my($name)[EMAIL PROTECTED]; my $address; eval {$address=&n2a($name) }; if($@ || !$address) { print "U bad dns\nU cannot resolve dns\n"; die("DNS lookup failed, fatal error"); } return($address); } sub n2a { my($hostname)[EMAIL PROTECTED]; return($hostname) if($hostname=~m/^\d[\d.]+\d$/ ); my($name, $aliases, $addrtype, $length, @addrs,@result); alarm(7); @result = gethostbyname($hostname); alarm(0); unless(@result) { warn "name2address($hostname) Cannot resolve\n" if($debug); return undef; } ($name, $aliases, $addrtype, $length, @addrs) [EMAIL PROTECTED]; ($a, $b, $c, $d) = unpack('C4', $addrs[0]); my($ip)="$a.$b.$c.$d"; warn "$hostname resolves to $ip\n" if($debug); return($ip); } ###EOF###
[squid-users] Hotmail Error forbidden server
Dear all, I get this error message today while trying to access www.hotmail.com. Anybody knows how to solve it?everything is fine when i try access www.hotmail.com without proxy 1108662554.433 5 XXX.XXX.XXX.XXX(ipaddress) TCP_DENIED/403 1040 GET http://loginnet.passport.com/login.srf? - NONE/- - [Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-powerpoint, application/vnd.ms-excel, application/msword, */*\r\nAccept-Language: en-us\r\nHost: loginnet.passport.com\r\nUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)\r\nProxy-Connection: Keep-Alive\r\n] [HTTP/1.0 403 Forbidden\r\nServer: Squid/2.4.STABLE6\r\nMime-Version: 1.0\r\nDate: Thu, 17 Feb 2005 17:49:14 GMT\r\nContent-Type: text/html\r\nContent-Length: 740\r\nExpires: Thu, 17 Feb 2005 17:49:14 GMT\r\nX-Squid-Error: ERR_ACCESS_DENIED 0\r\n\r]
[squid-users] how to configure squid for 2000 person
Our company have 2000 person . I want to use squid as a proxy . I write a program to test squid , the result is about 600 persist connection could be established through squid 2.4 ( rh8.0 on p3 1G cpu , 256M mem) I hope squid could suport 3000 - 4000 persist connection at one time . HOW TO configure it ? thanks . [EMAIL PROTECTED] 2005-02-18
[squid-users] Configurating Squid
Hi, I'm having a big trouble with the conection to my proxy. I've read already all the manuals that I found, and I have the correct basic config. Then I try to test it and always without a reason I've got an ACCESS DENIED... I'm doing this in a laptop, that is conected to a Router 3com. I've been reading that I need to forward the gateway or something like that, I hope that someone could help me in my problem... -- Julio González Camacho ISC :: ITESM-CCM No olvides visitar: www.sitiem.com www.tusdisfraces.com
[squid-users] Squid and Tomcat in one machine running WinXP
Hello! I´m new here and would be very thankful if someone could solve my problem. I want Squid to intercept HTTP requests, deliver them to the server, receive them from the server, make some adjusts on the HTML file and deliver them to the hosts. I got a PC running both a HTTP server (Apache Tomcat 4.1.24) and Squid 2.5 STABLE 3 (http://www.adrenalin.to/bofi/setup_squid_2_5_stable_3_eng.exe) under Windows XP. For test purposes, Tomcat is listening port 8080 and Squid port 80. Among other tags, mainly, my squid.conf is: http_port 80 httpd_accel_host 127.0.0.1 httpd_accel_port 8080 acl acceleratedHost dst 127.0.0.1/255.255.255.255 acl acceleratedPort port 8080 acl all src 0.0.0.0/0.0.0.0 acl myNet src 10.0.0.0-200.0.0.1/255.255.255.0 http_access allow acceleratedHost acceleratedPort http_access allow myNet http_access deny all This way, Squid makes the interception correctly for localhost's tests, lilke calling http://127.0.0.1/index.jsp on a browser. But when I connect a laptop to it, and suposing the IP of the PC server is 169.254.243.112 in this small LAN, Squid rejects because of an access denied problem. On the laptop, I can only reach the server bypassing Squid through a calling like http://169.254.243.112:8080/index.jsp on the browser. What am I doing wrong? Thanks for your attention! Rodrigo de Oliveira ___ Yahoo! Acesso Grátis - Instale o discador do Yahoo! agora. http://br.acesso.yahoo.com/ - Internet rápida e grátis
[squid-users] build no longer fails after system upgrade
Hi, My original post on this matter lacked critical infosorry bout that. I've been able to find where my mistake was, it was not a problem with the patch/or my update. Thanks everyone ! __ Do you Yahoo!? Yahoo! Mail - 250MB free storage. Do more. Manage less. http://info.mail.yahoo.com/mail_250
RE: [squid-users] Caching Windows Update
Instead of caching the Windows Updates, why not set up an SUS server and have them downloaded automatically and installed automatically? SUS (and the subsequent WUS) are free. Brian E. Conklin, MCP+I, MCSE Director of Information Services Mason General Hospital -Original Message- From: Matt Alexander [mailto:[EMAIL PROTECTED] Sent: Thursday, February 17, 2005 12:56 PM To: squid-users@squid-cache.org Subject: [squid-users] Caching Windows Update How would I configure Squid to cache the Windows Update patches? Thanks, ~M -- Get Firefox! http://getfirefox.com/ ===Mason General Hospital 901 Mt. View Drive PO Box 1668 Shelton, WA 98584 http://www.masongeneral.com (360) 426-1611 === This message is intended for the sole use of the individual and entity to whom it is addressed and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If you are not the addressee nor authorized to receive for the addressee, you are hereby notified that you may not use, copy, disclose or distribute to anyone this message or any information contained in the message. If you have received this message in error, please immediately notify the sender and delete the message. Thank you.
RE: [squid-users] Invalid Response
Hmm I did search for it, but all i find is "TAG: uri_whitespace".. Trying "Allow", the "whitespace" entry in the log Is gone, but the problem is still there : ---cache.log--- 2005/02/17 22:56:48| ctx: enter level 0: 'http://visualiser.xxx.no/cgi-bin/login.exe' 2005/02/17 22:56:48| WARNING: unparseable HTTP header field near {HTTP/1.0 200 Ok Set-Cookie: UserID=GRAFISKTEAM; path=/cgi-bin; expires=Wednesday, 17-Jan-2038 23:00:00 GMT; Set-Cookie: PWD=4752414649534b5445414d; path=/cgi-bin; expires=Wednesday, 17-Jan-2038 23:00:00 GMT; Set-Cookie: Time=1108677430; path=/cgi-bin; expires=Wednesday, 17-Jan-2038 23:00:00 GMT; Refresh: 5; URL=/cgi-bin/intervisindex.exe Pragma: no-cache Content-type: text/html } Best regards, Johan -Original Message- From: Chris Robertson [mailto:[EMAIL PROTECTED] Sent: 17. februar 2005 22:32 To: Johan Henæs; Jacobi Michael CRPH; squid-users@squid-cache.org Subject: RE: [squid-users] Invalid Response You all might find the thread at http://www.mail-archive.com/squid-users@squid-cache.org/msg24333.html more usefull. Specifically the directive given at http://www.mail-archive.com/squid-users@squid-cache.org/msg24383.html. Check the squid.conf.default, as I'm sure usage of that directive (ignore_header_whitespace for the impatient) is outlined there. Chris -Original Message- From: Johan Henæs [mailto:[EMAIL PROTECTED] Sent: Thursday, February 17, 2005 12:04 PM To: Jacobi Michael CRPH; squid-users@squid-cache.org Subject: RE: [squid-users] Invalid Response Pretty much my scenario as well. I do not even know if the company that built the webapp still is around. And I need a newer version of squid for other servers, so I am stuck just like You.. BUT when trying an older version things do work, so if we do not get any better answers - that might be the solution - even though I hate it :-) Johan -Original Message- From: Jacobi Michael CRPH [mailto:[EMAIL PROTECTED] Sent: 17. februar 2005 21:58 To: Johan Henæs; squid-users@squid-cache.org Subject: RE: [squid-users] Invalid Response I know the ORACLE_HOME list is the invalid one. I need a way to get my squid to ingore the problem, since I am having trouble in convincing the owner of the server that this is a bug in their server setup, and that they should fix it, since 'it works for us' and 'what you did broke it'... ;-> Mike Jacobi -Original Message- From: Johan Henæs [mailto:[EMAIL PROTECTED] Sent: Thursday, February 17, 2005 15:34 To: Jacobi Michael CRPH; squid-users@squid-cache.org; ~DMPS PMS400B4L Subject: RE: [squid-users] Invalid Response Hi ! I expeirienced the same problems, and found this : http://www.mail-archive.com/squid-users@squid-cache.org/msg25634.html Best regards, Johan -Original Message- From: Jacobi Michael CRPH [mailto:[EMAIL PROTECTED] Sent: 17. februar 2005 21:22 To: squid-users@squid-cache.org; ~DMPS PMS400B4L Subject: [squid-users] Invalid Response I have just upgrade to 2.5STABLE8-20050217 (from STABLE7). I am getting users that are getting the INVALID RESPONSE error in response to a page with the following headers: GET http://navynt.aera.com/EFP2.pl HTTP/1.1 200 OK Server: Microsoft-IIS/4.0 Date: Thu, 17 Feb 2005 20:35:40 GMT ORACLE_HOME not set! Content-type: text/html Is there a was to get squid to just shut up and ignore that ORACLE_HOME line? Mike Jacobi
RE: [squid-users] Invalid Response
You all might find the thread at http://www.mail-archive.com/squid-users@squid-cache.org/msg24333.html more usefull. Specifically the directive given at http://www.mail-archive.com/squid-users@squid-cache.org/msg24383.html. Check the squid.conf.default, as I'm sure usage of that directive (ignore_header_whitespace for the impatient) is outlined there. Chris -Original Message- From: Johan Henæs [mailto:[EMAIL PROTECTED] Sent: Thursday, February 17, 2005 12:04 PM To: Jacobi Michael CRPH; squid-users@squid-cache.org Subject: RE: [squid-users] Invalid Response Pretty much my scenario as well. I do not even know if the company that built the webapp still is around. And I need a newer version of squid for other servers, so I am stuck just like You.. BUT when trying an older version things do work, so if we do not get any better answers - that might be the solution - even though I hate it :-) Johan -Original Message- From: Jacobi Michael CRPH [mailto:[EMAIL PROTECTED] Sent: 17. februar 2005 21:58 To: Johan Henæs; squid-users@squid-cache.org Subject: RE: [squid-users] Invalid Response I know the ORACLE_HOME list is the invalid one. I need a way to get my squid to ingore the problem, since I am having trouble in convincing the owner of the server that this is a bug in their server setup, and that they should fix it, since 'it works for us' and 'what you did broke it'... ;-> Mike Jacobi -Original Message- From: Johan Henæs [mailto:[EMAIL PROTECTED] Sent: Thursday, February 17, 2005 15:34 To: Jacobi Michael CRPH; squid-users@squid-cache.org; ~DMPS PMS400B4L Subject: RE: [squid-users] Invalid Response Hi ! I expeirienced the same problems, and found this : http://www.mail-archive.com/squid-users@squid-cache.org/msg25634.html Best regards, Johan -Original Message- From: Jacobi Michael CRPH [mailto:[EMAIL PROTECTED] Sent: 17. februar 2005 21:22 To: squid-users@squid-cache.org; ~DMPS PMS400B4L Subject: [squid-users] Invalid Response I have just upgrade to 2.5STABLE8-20050217 (from STABLE7). I am getting users that are getting the INVALID RESPONSE error in response to a page with the following headers: GET http://navynt.aera.com/EFP2.pl HTTP/1.1 200 OK Server: Microsoft-IIS/4.0 Date: Thu, 17 Feb 2005 20:35:40 GMT ORACLE_HOME not set! Content-type: text/html Is there a was to get squid to just shut up and ignore that ORACLE_HOME line? Mike Jacobi
RE: [squid-users] Invalid Response
Pretty much my scenario as well. I do not even know if the company that built the webapp still is around. And I need a newer version of squid for other servers, so I am stuck just like You.. BUT when trying an older version things do work, so if we do not get any better answers - that might be the solution - even though I hate it :-) Johan -Original Message- From: Jacobi Michael CRPH [mailto:[EMAIL PROTECTED] Sent: 17. februar 2005 21:58 To: Johan Henæs; squid-users@squid-cache.org Subject: RE: [squid-users] Invalid Response I know the ORACLE_HOME list is the invalid one. I need a way to get my squid to ingore the problem, since I am having trouble in convincing the owner of the server that this is a bug in their server setup, and that they should fix it, since 'it works for us' and 'what you did broke it'... ;-> Mike Jacobi -Original Message- From: Johan Henæs [mailto:[EMAIL PROTECTED] Sent: Thursday, February 17, 2005 15:34 To: Jacobi Michael CRPH; squid-users@squid-cache.org; ~DMPS PMS400B4L Subject: RE: [squid-users] Invalid Response Hi ! I expeirienced the same problems, and found this : http://www.mail-archive.com/squid-users@squid-cache.org/msg25634.html Best regards, Johan -Original Message- From: Jacobi Michael CRPH [mailto:[EMAIL PROTECTED] Sent: 17. februar 2005 21:22 To: squid-users@squid-cache.org; ~DMPS PMS400B4L Subject: [squid-users] Invalid Response I have just upgrade to 2.5STABLE8-20050217 (from STABLE7). I am getting users that are getting the INVALID RESPONSE error in response to a page with the following headers: GET http://navynt.aera.com/EFP2.pl HTTP/1.1 200 OK Server: Microsoft-IIS/4.0 Date: Thu, 17 Feb 2005 20:35:40 GMT ORACLE_HOME not set! Content-type: text/html Is there a was to get squid to just shut up and ignore that ORACLE_HOME line? Mike Jacobi
RE: [squid-users] Invalid Response
I know the ORACLE_HOME list is the invalid one. I need a way to get my squid to ingore the problem, since I am having trouble in convincing the owner of the server that this is a bug in their server setup, and that they should fix it, since 'it works for us' and 'what you did broke it'... ;-> Mike Jacobi -Original Message- From: Johan Henæs [mailto:[EMAIL PROTECTED] Sent: Thursday, February 17, 2005 15:34 To: Jacobi Michael CRPH; squid-users@squid-cache.org; ~DMPS PMS400B4L Subject: RE: [squid-users] Invalid Response Hi ! I expeirienced the same problems, and found this : http://www.mail-archive.com/squid-users@squid-cache.org/msg25634.html Best regards, Johan -Original Message- From: Jacobi Michael CRPH [mailto:[EMAIL PROTECTED] Sent: 17. februar 2005 21:22 To: squid-users@squid-cache.org; ~DMPS PMS400B4L Subject: [squid-users] Invalid Response I have just upgrade to 2.5STABLE8-20050217 (from STABLE7). I am getting users that are getting the INVALID RESPONSE error in response to a page with the following headers: GET http://navynt.aera.com/EFP2.pl HTTP/1.1 200 OK Server: Microsoft-IIS/4.0 Date: Thu, 17 Feb 2005 20:35:40 GMT ORACLE_HOME not set! Content-type: text/html Is there a was to get squid to just shut up and ignore that ORACLE_HOME line? Mike Jacobi
[squid-users] Caching Windows Update
How would I configure Squid to cache the Windows Update patches? Thanks, ~M -- Get Firefox! http://getfirefox.com/
[squid-users] How to serve directory index files...?
Hello, When Squid is in offline mode, how does it know what a default document in a site or directory is if a client does not provide the name of the file? Thanks, Peter Yohe The WiderNet Project 226 International Center The University of Iowa Iowa City, IA 52242
RE: [squid-users] Invalid Response
Hi ! I expeirienced the same problems, and found this : http://www.mail-archive.com/squid-users@squid-cache.org/msg25634.html Best regards, Johan -Original Message- From: Jacobi Michael CRPH [mailto:[EMAIL PROTECTED] Sent: 17. februar 2005 21:22 To: squid-users@squid-cache.org; ~DMPS PMS400B4L Subject: [squid-users] Invalid Response I have just upgrade to 2.5STABLE8-20050217 (from STABLE7). I am getting users that are getting the INVALID RESPONSE error in response to a page with the following headers: GET http://navynt.aera.com/EFP2.pl HTTP/1.1 200 OK Server: Microsoft-IIS/4.0 Date: Thu, 17 Feb 2005 20:35:40 GMT ORACLE_HOME not set! Content-type: text/html Is there a was to get squid to just shut up and ignore that ORACLE_HOME line? Mike Jacobi
[squid-users] Invalid Response
I have just upgrade to 2.5STABLE8-20050217 (from STABLE7). I am getting users that are getting the INVALID RESPONSE error in response to a page with the following headers: GET http://navynt.aera.com/EFP2.pl HTTP/1.1 200 OK Server: Microsoft-IIS/4.0 Date: Thu, 17 Feb 2005 20:35:40 GMT ORACLE_HOME not set! Content-type: text/html Is there a was to get squid to just shut up and ignore that ORACLE_HOME line? Mike Jacobi
FW: [squid-users] "Can't Contact Windbindd. Dying" error
When configuring Squid 2.5 STABLE-8 I used these configure options: --enable-auth="ntlm,basic" --enable-basic-auth-helpers="winbind" --enable-ntlm-auth-helpers="winbind" Should I have included: --with-samba-sources=/usr/local/samba-(version) as well? Is it possible that that might be causing the error mentioned? -Original Message- From: Michael Wassell [mailto:[EMAIL PROTECTED] Sent: Thursday, February 17, 2005 1:17 PM To: squid-users@squid-cache.org Subject: [squid-users] "Can't Contact Windbindd. Dying" error Hi Everyone; I'm in the process of configuring Squid on a linux box. I've successfully configured Samba (3.0.10.0) to communicate with my Windows 2003 domain. I am able to authenticate using both plain-text and ntlm authentication using the wbinfo tool. I also receive a good reply when using 'wbinfo -p'. I've compiled squid (2.5 STABLE-8) with ntlm and basic helpers, everything seemed to go well and Squid has been installed into its default path (/usr/local/squid/). What I am attempting to do is test the nt_auth helper outside of Squid before configuring Squid to use NTLM authentication and I am receiving the error mentioned in the subject line. Can anyone think of any reason why I would be receiving that error if everything checks out okay with winbind? I'm sure that it's something simple that I'm missing... Thanks!
[squid-users] How to get the size of incoming document in cache replacement
Hi, I'm working on implementing a variation of squid's cache replacement policy. My replacement algorithm needs to know the size of an incoming document. How can I get the size of an incoming document when the purge walker is called? Thanks in advance. -Yuan
Re: [squid-users] Two squid instances based on file types? Is it good?
On Thu, 17 Feb 2005 10:17:27 +0100, Marco Crucianelli <[EMAIL PROTECTED]> wrote: > Thanks for your answer Kevin! > On Wed, 2005-02-16 at 17:09 -0600, Kevin wrote: > > On Wed, 16 Feb 2005 21:08:30 +0100, Marco Crucianelli > > <[EMAIL PROTECTED]> wrote: > > > As I would like to cache normal web stuff and big multimedia files, > > > like videos, I was thinking about using two different squid instances > > > running on two different machine. > > > > You could instead use a single instance with two cache_dir locations, one > > with a relatively low max-size to reserve that directory for "small" > > objects. > > Yes, I k now, this was my second option...but I have some doubt on this > solution: > > 1) can I specify different expiral time for each cache dir? I mean: big > multimedia files do not need to be replaced that often in cache right? What mechanism are you using to set expire times? > 2) supposing to have two different cache dir, the first one for normal > web doc and the second one for big multimedia files, whenever squid > needs space to cache, let's say, another web doc (small file) does it > start applying the replacement policy only on the small file cache_dir > or even in the big file cache dir? I don't want it to purge big > multimedia files, when it needs to cache only a small web doc!!! That's a good question. I guess it depends on how the code is implemented, the squid.conf comments say "It is used to initially choose the storedir", but not what happens if the initial storedir is full? > > You might also consider setting the maximum_object_size_in_memory > > relatively low, even if you have quite a bit of RAM to work with. I have > > caches with cache_mem set to 2GB, yet I set m_o_s_i_m to 128KB. > > Well, if I need to cache very big files, let's say about 1GB in size, I > can't set m_o_s to 128kb or I would never cache files bigger than > 128kb...Am I wrong? >From a production cache: $ egrep "^(cache_dir|cache_mem|maximum_)" squid.conf cache_mem 2100 MB maximum_object_size 16383 KB maximum_object_size_in_memory 128 KB cache_dir aufs /squid 1600 16 256 Kevin Kadow
RE: [squid-users] High loads on linux box running squid - tuning
> -Original Message- > From: Finnur Örn Guðmundsson - Skyggnir [mailto:[EMAIL PROTECTED] > Sent: Wednesday, February 16, 2005 11:36 PM > To: squid-users@squid-cache.org > Subject: [squid-users] High loads on linux box running squid - tuning > > > Hi all, > > Im running squid on HP Proliant DL360 (3.06Ghz Xeon / 1Gb ram / 2x 15K disks in raid1) > > We have around 2000-2500 concurrent clients at daytimes > > We recently upgraded the squid box from 866Mhz PIII / 1Gb of ram. It had 100% cpu loads all the time and it was...slow :) > > After i upgraded the box to the 3Ghz Xeon its still performing pretty much the same (Loads from 0.80 to 2.00). Now i am running Squid 2.5.STABLE3-6.3E2 (from RHEL 3 Update 4). I am by no means a squid expert (go figure:) but here are the parameters i have changed from defaults (after googling for awile). > > cache_mem 128 MB > cache_swap_low 80 > cache_swap_high 100 > maximum_object_size 1024 KB > cache_dir aufs /var/spool/squid 4000 16 256 (i know i do not have alot of cacheing space, but this is a temp proxy solution) > cache_store_log none > request_body_max_size 12 MB > half_closed_clients off > > The system is running 2.4.21-27 in non hyperthreading mode. (1 cpu) > > Is there anything i can do to quickly lower the load? How many users can one put on a box like this? I have been google-ing alot and have seen talk about 2500-5000 on one box, not unlike this one. Is this wrong? > > Kær kveðja / Best regards, > Finnur Ö. Guðmundsson > System Engineer - System Operations > [EMAIL PROTECTED] No one has asked what your ACLs look like. They can have a major impact on performance (especially if you are using any regex rules). 60 requests/sec should be simple for a server of that power to handle. I have a 3GHz Dell box running RH9 (Squid2.5STABLE5) that peaks over 70 req/s, using less than 65% of the CPU. System load has never broken 1.50. This box is also serving requests it receives via satellite, which seems to push CPU usage up dramatically. So, my question is... What do your ACLs look like? Chris
[squid-users] Follow-up: "Can't Contact Windbindd. Dying" error
Sorry, I meant to say wb_auth helper, not nt_auth helper. ;-)
[squid-users] "Can't Contact Windbindd. Dying" error
Hi Everyone; I'm in the process of configuring Squid on a linux box. I've successfully configured Samba (3.0.10.0) to communicate with my Windows 2003 domain. I am able to authenticate using both plain-text and ntlm authentication using the wbinfo tool. I also receive a good reply when using 'wbinfo -p'. I've compiled squid (2.5 STABLE-8) with ntlm and basic helpers, everything seemed to go well and Squid has been installed into its default path (/usr/local/squid/). What I am attempting to do is test the nt_auth helper outside of Squid before configuring Squid to use NTLM authentication and I am receiving the error mentioned in the subject line. Can anyone think of any reason why I would be receiving that error if everything checks out okay with winbind? I'm sure that it's something simple that I'm missing... Thanks!
[squid-users] setup squid for two type of users
I have two type of user in my network: navegacion, for browse all internet navegainterna, for browse only my 2 sites but my second group of users can not browse any site How Can I setup for get it? my current configuration in squid.conf is: http_port 0.0.0.0:3128 ssl_unclean_shutdown off icp_port 0 udp_incoming_address 0.0.0.0 udp_outgoing_address 255.255.255.255 icp_query_timeout 0 maximum_icp_query_timeout 2000 mcast_icp_query_timeout 2000 dead_peer_timeout 10 seconds hierarchy_stoplist cgi-bin hierarchy_stoplist ? no_cache Deny QUERY cache_mem 134217728 bytes cache_swap_low 90 cache_swap_high 95 maximum_object_size 4194304 bytes minimum_object_size 0 bytes maximum_object_size_in_memory 8192 bytes ipcache_size 1024 ipcache_low 90 ipcache_high 95 fqdncache_size 1024 cache_replacement_policy heap GDSF memory_replacement_policy heap GDSF cache_dir diskd /var/spool/squid 2000 16 256 Q1=64 Q2=72 cache_access_log /var/log/squid/access.log cache_log /var/log/squid/cache.log cache_store_log none emulate_httpd_log off log_ip_on_direct on mime_table /etc/squid/mime.conf log_mime_hdrs off pid_filename /var/run/squid.pid debug_options ALL,1 log_fqdn off client_netmask 255.255.255.255 ftp_user Squid@ ftp_list_width 32 ftp_passive on ftp_sanitycheck on dns_retransmit_interval 5 seconds dns_timeout 300 seconds hosts_file /etc/hosts diskd_program /usr/lib/squid/diskd unlinkd_program /usr/lib/squid/unlinkd redirect_program /usr/bin/squidGuard redirect_program -c redirect_program /etc/squid/squidguard.conf redirect_children 5 redirect_rewrites_host_header on authenticate_cache_garbage_interval 3600 seconds authenticate_ttl 3600 seconds authenticate_ip_ttl 0 seconds wais_relay_port 0 request_header_max_size 10240 bytes quick_abort_min 16 KB quick_abort_max 16 KB quick_abort_pct 95 negative_ttl 300 seconds positive_dns_ttl 21600 seconds negative_dns_ttl 300 seconds range_offset_limit 0 bytes connect_timeout 120 seconds peer_connect_timeout 30 seconds read_timeout 900 seconds request_timeout 300 seconds persistent_request_timeout 60 seconds client_lifetime 86400 seconds half_closed_clients on pconn_timeout 120 seconds ident_timeout 10 seconds shutdown_lifetime 30 secondsrequest_body_max_size 0 bytes acl QUERY urlpath_regex cgi-bin acl QUERY urlpath_regex \? acl localnet src 192.168.1.0/255.255.255.0 acl localhost src 127.0.0.1 acl safe_ports port 80 acl safe_ports port 1025-65535 acl safe_ports port 443 acl safe_ports port 210 acl safe_ports port 70 acl safe_ports port 21 acl CONNECT method CONNECT acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl navegainterna src 192.168.1.10-192.168.1.150 acl navegacion src 192.168.1.200-192.168.1.227 acl mtps dstdomain mycompany1.com mycompany2.net http_access Allow manager localnet http_access Allow localhost http_access Deny !safe_ports http_access Allow navegainterna mtps http_access Allow navegacion http_access Deny CONNECT http_access Deny all http_reply_access Allow all icp_access Deny all ident_lookup_access Deny all reply_body_max_size 0 Allow all cache_mgr [EMAIL PROTECTED] cache_effective_user squid cache_effective_group squid visible_hostname proxy.mtps.net announce_period 31536000 seconds announce_host tracker.ircache.net announce_port 3131 httpd_accel_port 80 httpd_accel_single_host off httpd_accel_with_proxy off httpd_accel_uses_host_header off dns_testnames netscape.com dns_testnames internic.net dns_testnames nlanr.net dns_testnames microsoft.com logfile_rotate 0 tcp_recv_bufsize 0 bytes err_html_text memory_pools on memory_pools_limit 0 bytes forwarded_for on log_icp_queries off icp_hit_stale off minimum_direct_hops 4 minimum_direct_rtt 400 cachemgr_passwd XX all store_avg_object_size 13 KB store_objects_per_bucket 20 client_db on netdb_low 900 netdb_high 1000 netdb_ping_period 300 seconds query_icmp off test_reachability off buffered_logs on reload_into_ims off icon_directory /usr/share/squid/icons error_directory /usr/share/squid/errors/Spanish minimum_retry_timeout 5 seconds maximum_single_addr_tries 3 snmp_port 0 snmp_access Deny all snmp_incoming_address 0.0.0.0 snmp_outgoing_address 255.255.255.255 as_whois_server whois.ra.net wccp_router 0.0.0.0 wccp_version 4 wccp_incoming_address 0.0.0.0 wccp_outgoing_address 255.255.255.255 delay_pools 0 delay_initial_bucket_level 50 incoming_icp_average 6 incoming_http_average 4 incoming_dns_average 4 min_icp_poll_cnt 8 min_dns_poll_cnt 8 min_http_poll_cnt 8 max_open_disk_fds 0 offline_mode off uri_whitespace strip nonhierarchical_direct on prefer_direct off strip_query_terms on coredump_dir none redirector_bypass off ignore_unknown_nameservers on client_persistent_connections on server_persistent_connections on pipeline_prefetch off request_entities off high_response_time_warning 0 high_page_fault_warning 0 high_memory_warning 0 bytes store_dir_select_algorithm least-load ie_refresh off vary_ignore_expire off sleep_after_fork 0
[squid-users] tos - setsockopt() problem
hi all, has anyone noticed on fc3 a tos setsockopt() problem ?? if i try to set tos_outgoing to 0x8 it works just fine. set it to 0xEE and no tos marking happens. tested this with the zph patch and it behaves the same. debugging the setsockopt() yields "success" but the tos field remains unchanged. zph with 8 works, but 192 does not. curious. thanks! charles shick
[squid-users] Fwd: Problemas al intentar bajar un archivo con el squid-2.5.8
first sorry my english... im having this problem when i try to download certain file: ERROR The requested URL could not be retrieved While trying to process the request: GET /cisci2005/Reviewers/download.asp?aux1=C170JB HTTP/1.1 Host: www.iiisci.org User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7) Gecko/20040616 Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive Referer: http://www.iiisci.org/cisci2005/Reviewers/select_download.asp Cookie: ASPSESSIONIDAQCASDQR=JPHFNPNBAPCPCEPPMJECFGDH; ASPSESSIONIDSCTBQDRQ=HEPNNFOBCKFEMIANNLNNGKCM The following error was encountered: * * Invalid Response * The HTTP Response message received from the contacted server could not be understood or was otherwise malformed. Please contact the site operator. Your cache administrator may be able to provide you with more details about the exact nature of the problem if needed. Your cache administrator is recently we upgrade squid from 2.5.4 to 2.5.8, with the version 2.5.4 we dont have this problem. ___ Advertencia: Este mensaje contiene la opinion personal del remitente y la Universidad Catolica Nuestra Senora de la Asuncion no asume responsabilidad alguna con relacion al contenido del presente mensaje. Cualquier consulta realizar por favor a [EMAIL PROTECTED] . Protected by LED -- "La juventud envejece, la inmadurez se supera, la ignorancia puede ser educada y la borrachera se pasa; pero la estupidez es para siempre" Aristofanes ___ Advertencia: Este mensaje contiene la opinion personal del remitente y la Universidad Catolica Nuestra Senora de la Asuncion no asume responsabilidad alguna con relacion al contenido del presente mensaje. Cualquier consulta realizar por favor a [EMAIL PROTECTED] . Protected by LED
[squid-users] run squid without install
Hi, I downloaded the stable7 version of squid, after that I pathed the sources with xff patch. Now I have the old squid running over a production machine. I'd like to try the new squid to check if it works, but I dont want reinstall it and rewrite the old, so can I try the latest build without install it ? Something like # ./src/squid -f /newconfigfile/squid.conf and I change the binding port in the config file.. could it works ? Greetings Luigi. __ Do you Yahoo!? Yahoo! Mail - 250MB free storage. Do more. Manage less. http://info.mail.yahoo.com/mail_250
Re: [squid-users] squid + winbind weird behavior
" winbind privileged pipe permissions (Samba-3.X) ntlm_auth requires access to the privileged winbind pipe in order to function properly. You enable this access by changing group of the winbind_privileged directory to the group you run Squid as (cache_effective_group setting in squid.conf). chgrp squid /path/to/winbind_privileged " I've added squid group, added user nobody into it and put it in my squid.conf. But as you can see below, there's only read perms for squid group, so the error is still there. 4 drwxr-s--- 2 root squid 4096 2005-02-17 14:15 winbindd_privileged I don't know how the hell this worked for others, since other users from squid will only have read access to the dir, when they should have execute permissions too. Anyways, thanks for the answer. Paulo Pires Qui, 2005-02-17 às 00:40 +0100, Henrik Nordstrom escreveu: > On Wed, 16 Feb 2005, Paulo Pires wrote: > > > chown nobody /usr/local/samba-3.0.10/var/locks/winbindd_privileged > > > > This solved the thing. We can't change the perms cause it's a socket, so > > it's better to change the owner to the user which runs squid. > > You should change the group, not the owner.. > > http://www.squid-cache.org/Doc/FAQ/FAQ-23.html#ss23.5 > http://us4.samba.org/samba/docs/man/winbindd.8.html > > Changing the owner will make Samba quite upset about the security. > > Regards > Henrik
RE: [squid-users] authenticate for all site except one
> > Hi all > > I am running squid 2.5 stable 5. > > I get my users to autheticate for all external sites.but I would > like to configure squid so that I have the option to let some > external > sites be available without autentication? > > Sample squid.conf entries (off hand) acl authenticated proxy_auth REQUIRED acl sites_without_auth dstdomain *.foo.com(e.g) http_access allow sites_without_auth http_access allow authenticated http_access deny all M.
Re: [squid-users] Re: Abnormal End (Squid 2.5S8)
My Squid is running very well for more than 24 hours after applying the DNS patch. Thx & Rgds, Awie - Original Message - From: "Awie" <[EMAIL PROTECTED]> To: "M A Young" <[EMAIL PROTECTED]>; "Henrik Nordstrom" <[EMAIL PROTECTED]> Cc: "Squid-users" Sent: Wednesday, February 16, 2005 10:41 PM Subject: Re: [squid-users] Re: Abnormal End (Squid 2.5S8) > > > > > On Wed, 16 Feb 2005, M A Young wrote: > > > > > > > I suggest you make sure you have applied the post 2.5S8 major patch > for > > > > odd DNS responses. This supposedly affects earlier versions of squid > as > > > > well, but it seems to cause us many more crashes when we moved from > 2.5S7 > > > > to 2.5S8RC3 which have stopped now we have applied this patch. > > > > > > There was also many other segfault errors corrected between RC3 and > > > STABLE8 so it's hard to tell which of the bugs was causing your problems > > > without having a backtrace of the segfault, but yes, the DNS patch is > good > > > to have. > > > > I did have backtraces of the problem, and the crashes matched the > > symptoms of the DNS crash, so I am pretty sure this was actually the > > problem, though of course the other segfaults may have made it more likely > > to occur. > > > > Michael Young > > Thanks for answer. > > Yes, I have applied all 2.5S8 since couple of hours ago. I will monitor for > couple of days and post here the update. > > Thx & Rgds, > > Awie > > >
[squid-users] authenticate for all site except one
Hi all I am running squid 2.5 stable 5. I get my users to autheticate for all external sites.but I would like to configure squid so that I have the option to let some external sites be available without autentication? Is this possible? Rgds, Hement Gopal
[squid-users] strange behavior with GET queries containing +(plus) signs
Browser makes the following request: GET http://www.google.com/search?q=c%2B%2B But squid transforms it to: GET /search?q=c++ (This was discovered using tcpdump) And so, google returns incorrect search results for my query. When I use direct connection to internet, all is ok. Other special symbols with codes less 127 (like & and ?) shows the same problem. -- To understand my English you must be Russian =)
RE: [squid-users] Re: High loads on linux box running squid - tuning
Hi all, Thanks for all the help. I just compiled a new verison of squid (stable8) and changed to diskd. This seems to be a bit better. I am also going to ask for more RAM to put in the server. Thanks alot! Kær kveðja / Best regards, Finnur Ö. Guðmundsson System Engineer - System Operations [EMAIL PROTECTED] TM Software - Skyggnir Holtasmári 1, IS- 201 Kópavogur, Iceland tel: + 354 545 3000-fax + 354 545 3001 www.t.is This e-mail message and any attachments is confidential and may be privileged. If you are not the intended recipient, please uphold strict confidentiality and neither read, copy, nor otherwise make use of the content in any way and notify sender immediately, by replying to this message or by sending an e-mail, and destroy all copies of this message and any attachments. Any non work related opinions contained in this message are those of the author and are not given or endorsed by TM Software TölvuMyndir through which this message is sent. -Original Message- From: news [mailto:[EMAIL PROTECTED] On Behalf Of Maik Ihde Sent: 17. febrúar 2005 10:49 To: squid-users@squid-cache.org Subject: [squid-users] Re: High loads on linux box running squid - tuning Finnur Örn Guðmundsson - Skyggnir t.is> writes: > Im running squid on HP Proliant DL360 (3.06Ghz Xeon / 1Gb ram / 2x 15K > disks in raid1) We have two similar Caches. DL360G4 Models, however they have 2GB Ram and we don't use raid but have disks configured as a stripe set, since there is no data we need to protect. > We have around 2000-2500 concurrent clients at daytimes Well, we have less users but are running TM Viruswall on these Boxes. > After i upgraded the box to the 3Ghz Xeon its still performing pretty > much the same (Loads from 0.80 to 2.00). Squid does benefit from Memory and Disk Performace a lot, CPU is not that important. Your Machine is probably Swapping a lot? -> check that. > cache_dir aufs /var/spool/squid 4000 16 256 (i know i do not have alot > of cacheing space, but this is a temp > proxy solution) We use diskd and have configured the cache dir Partition as ReiserFS instead of Ext3, also it is mounted with noatun,noatail. > Is there anything i can do to quickly lower the load? How many users > can one put on a box like this? I have been > google-ing alot and have seen talk about 2500-5000 on one box, not > unlike this one. Is this wrong? Put more Ram into the box and I suggest to use ReiserFS and diskd. Our machines can do 50-60 req/s and CPU Load is mostly about 0.5 - and that's with the Viruswall between the Squid and the Internet which obviously costs performance. HTH Maik
Re: [squid-users] High loads on linux box running squid - tuning
On Thu, Feb 17, 2005 at 09:23:57AM -, Finnur Örn Guðmundsson - Skyggnir wrote: > [EMAIL PROTECTED] log]# squid -v > Squid Cache: Version 2.5.STABLE3 Running almost 2 years old version probably doesn't help either. -hk
Re: [squid-users] don't restart redirectors
Thanks everybody! I thought that I need to change the source.. just checking before reinventing the wheel. ;-) Btw, I'm using 'squid -k rotate'. Best []s Leonardo Barbosa - Original Message - From: "Henrik Nordstrom" <[EMAIL PROTECTED]> To: "Leo" <[EMAIL PROTECTED]> Cc: Sent: Wednesday, February 16, 2005 8:35 PM Subject: Re: [squid-users] don't restart redirectors On Wed, 16 Feb 2005, Leo wrote: I'm using Squid 2.5 and I'd like to know if there is a way to rotate squid log files without restarting the redirectors. Not without modifying the code. I'm running some redirectors that I created, and don't want to restart them because it takes some time to load files, etc, and I'm going to rotate squid logs very often... Use the source B-) Regards Henrik
[squid-users] http_reply_access and windows groups
Hi !! We are trying to prevent the download of software from some of our users, and we have managed do to that, for test purposes, using http_reply_access combined with user acls. Now that everything is ok, we would like to apply these rules combined with windows groups (we use ntlm authentication). We have read a message posted by Henrik Nordstrom stating that http_reply_access cannot wait for external acl, but suggesting the following workaround: "You can work around this quite well (but not 100%) by making sure the same acls is evaluated in http_access, allowing Squid to cache the result before processing your http_reply_access rules. A simple method to have acls evaluated in http_access without affecting the http_access outcome is to use combine them with a dummy acl that will never match anything acl nothing src 0.0.0.0/32 http_access deny acl_that_needs_to_be_evaluated nothing somewhere before where access is allowed.." I didn´t really understand how does it work... By doing this, can I use "acl_thar_needs_to_be_evaluated", wich, in our case, would be an external acl using wbinfo_group.pl, in a http_reply_access rule? Or, better yet, is there a simpler way to do that? Thanks in advance, Carlos Zottmann.
[squid-users] invalid HTTP header
Hi ! I have upgraded an old squid-proxy to version (Squid Cache: Version 2.5.STABLE7) running Fedora Core 3 (rpms) I have also tried to install "Squid Cache: Version 3.0-PRE3-20050213".. Using the squid-servar as a www accelerator, accessing a web-server I get an "invalid request" error message in my browser, together with these lines in the logs : --- 2005/02/17 11:58:58| ctx: enter level 1: 'http://visualiser..no/cgi-bin/login.exe' 2005/02/17 11:58:58| WARNING: ignoring unparseable HTTP header field near 'HTTP/1.0 200 Ok' 2005/02/17 11:58:58| WARNING: found whitespace in HTTP header {
[squid-users] Re: High loads on linux box running squid - tuning
Finnur Ãrn GuÃmundsson - Skyggnir t.is> writes: > Im running squid on HP Proliant DL360 (3.06Ghz Xeon / 1Gb ram / 2x 15K disks in raid1) We have two similar Caches. DL360G4 Models, however they have 2GB Ram and we don't use raid but have disks configured as a stripe set, since there is no data we need to protect. > We have around 2000-2500 concurrent clients at daytimes Well, we have less users but are running TM Viruswall on these Boxes. > After i upgraded the box to the 3Ghz Xeon its still performing pretty much the same (Loads from 0.80 to 2.00). Squid does benefit from Memory and Disk Performace a lot, CPU is not that important. Your Machine is probably Swapping a lot? -> check that. > cache_dir aufs /var/spool/squid 4000 16 256 (i know i do not have alot of cacheing space, but this is a temp > proxy solution) We use diskd and have configured the cache dir Partition as ReiserFS instead of Ext3, also it is mounted with noatun,noatail. > Is there anything i can do to quickly lower the load? How many users can one put on a box like this? I have been > google-ing alot and have seen talk about 2500-5000 on one box, not unlike this one. Is this wrong? Put more Ram into the box and I suggest to use ReiserFS and diskd. Our machines can do 50-60 req/s and CPU Load is mostly about 0.5 - and that's with the Viruswall between the Squid and the Internet which obviously costs performance. HTH Maik
Re: RE: [squid-users] High loads on linux box running squid - tuning
Hi, On Thu, Feb 17, Finnur Örn Guðmundsson - Skyggnir wrote: > > Im running squid on HP Proliant DL360 (3.06Ghz Xeon / 1Gb ram / 2x 15K > > disks in raid1) We use HP Proliant ML370 with 2.8 GHz Xeon. I saw a significant load reduce as i switched from aufs to diskd. -- Gruß Dieter -- I do not get viruses because I do not use MS software. If you use Outlook then please do not put my email address in your address-book so that WHEN you get a virus it won't use my address in the From field. pgpoAaUjHVvg2.pgp Description: PGP signature
Re: [squid-users] Squid, virtual IP and Layer 7 switching...any idea?
Thanks for your answer Henrik > > > Here comes the funny part...well...I do even need that these two squid > > could use two different squid_parent via ICP. Going this way, I do need > > that the squid having the layer 7 switch in front could even use their > > real IP address to communicate with their own squid_parent. Could I use > > something like this in squid.conf to make everything work? > > > > udp_incoming_address real_ip_address > > udp_outgoing_address 255.255.255.255 > > Not need to do this, just leave them at the defaults allowing Squid to use > the real IP of your server as provided by the OS. > > Same thing for tcp_outgoing_address. > > Regards > Henrik Well, maybe I was not that clear in my explanation (my english fault! : P) I was speaking about the same squid behind the layer 7 switch! I mean, those two squid behind the layer 7 switch must conect on one side with the layer 7 switch, using the Virtual IP address, and on the other side with other two parent squid with their real IP address...or something like this! That's why I was asking if I should modify udp_incoming_address and udp_outgoing_address! But I have another doubt too: those two directives (udp_incoming_address and udp_outgoing_address) change the ip address that squid uses to make ICP queries, what happens after squid has queried using ICP, I mean, what address does it use to retrieve the content it needs from the parent_squid? Does it use the virtual IP address or the real one? Thanks you very much for you patience Henrik! Marco
RE: [squid-users] High loads on linux box running squid - tuning
[EMAIL PROTECTED] log]# squid -v Squid Cache: Version 2.5.STABLE3 configure options: --host=i386-redhat-linux --build=i386-redhat-linux --target=i386-redhat-linux-gnu --program-prefix= --prefix=/usr --exec-prefix=/usr --bindir=/usr/bin --sbindir=/usr/sbin --sysconfdir=/etc --datadir=/usr/share --includedir=/usr/include --libdir=/usr/lib --libexecdir=/usr/libexec --localstatedir=/var --sharedstatedir=/usr/com --mandir=/usr/share/man --infodir=/usr/share/info --exec_prefix=/usr --bindir=/usr/sbin --libexecdir=/usr/lib/squid --localstatedir=/var --sysconfdir=/etc/squid --enable-poll --enable-snmp --enable-removal-policies=heap,lru --enable-storeio=aufs,coss,diskd,null,ufs --enable-ssl --with-openssl=/usr/kerberos --enable-delay-pools --enable-linux-netfilter --with-pthreads --enable-basic-auth-helpers=LDAP,NCSA,PAM,SMB,SASL,MSNT,winbind --enable-ntlm-auth-helpers=SMB,winbind,fakeauth --enable-external-acl-helpers=ip_user,ldap_group,unix_group,wbinfo_group,winbind_group --enable-auth=basic,ntlm --enable-useragent-log --enable-referer-log The average http reqs/sec seem to be: 60 /s (from mrtg) Kær kveðja / Best regards, Finnur Ö. Guðmundsson System Engineer - System Operations [EMAIL PROTECTED] TM Software - Skyggnir Holtasmári 1, IS- 201 Kópavogur, Iceland tel: + 354 545 3000-fax + 354 545 3001 www.t.is This e-mail message and any attachments is confidential and may be privileged. If you are not the intended recipient, please uphold strict confidentiality and neither read, copy, nor otherwise make use of the content in any way and notify sender immediately, by replying to this message or by sending an e-mail, and destroy all copies of this message and any attachments. Any non work related opinions contained in this message are those of the author and are not given or endorsed by TM Software TölvuMyndir through which this message is sent. -Original Message- From: Elsen Marc [mailto:[EMAIL PROTECTED] Sent: 17. febrúar 2005 09:20 To: Finnur Örn Guðmundsson - Skyggnir Subject: RE: [squid-users] High loads on linux box running squid - tuning > > [EMAIL PROTECTED] log]# free > total used free shared > buffers cached > Mem: 10254321009236 16196 0 > 164296 394932 > -/+ buffers/cache: 450008 575424 > Swap: 2097112 285002068612 > > 3097 squid 25 0 72060 70M 1928 S62.5 7.0 11:07 > 0 squid > ps : - what is your average http reqs/sec ? - what is the output of : % squid -v M.
Re: [squid-users] Two squid instances based on file types? Is it good?
Thanks for your answer Kevin! On Wed, 2005-02-16 at 17:09 -0600, Kevin wrote: > On Wed, 16 Feb 2005 21:08:30 +0100, Marco Crucianelli > <[EMAIL PROTECTED]> wrote: > > As I would like to cache normal web stuff and big multimedia files, > > like videos, I was thinking about using two different squid instances > > running on two different machine. > > You could instead use a single instance with two cache_dir locations, one > with a relatively low max-size to reserve that directory for "small" objects. > Yes, I k now, this was my second option...but I have some doubt on this solution: 1) can I specify different expiral time for each cache dir? I mean: big multimedia files do not need to be replaced that often in cache right? 2) supposing to have two different cache dir, the first one for normal web doc and the second one for big multimedia files, whenever squid needs space to cache, let's say, another web doc (small file) does it start applying the replacement policy only on the small file cache_dir or even in the big file cache dir? I don't want it to purge big multimedia files, when it needs to cache only a small web doc!!! > You might also consider setting the maximum_object_size_in_memory > relatively low, even if you have quite a bit of RAM to work with. I have > caches with cache_mem set to 2GB, yet I set m_o_s_i_m to 128KB. > > > Kevin Kadow Well, if I need to cache very big files, let's say about 1GB in size, I can't set m_o_s to 128kb or I would never cache files bigger than 128kb...Am I wrong? TIA Marco
Re: [squid-users] Two squid instances based on file types? Is it good?
Thanks Henrik for your answer, I know that lru does not take in account any size information. But my question is, even if not taking in account any size information, supposing to have two different cache_dir, one for big multimedia files and another one for small normal web doc, whenever squid needs space to cache a new web doc, for instance, will it even start the replacement policy on the cache_dir for big multimedia files, or only in the cache_dir for small web doc? Thanks in advance! Marco On Wed, 2005-02-16 at 22:27 +0100, Henrik Nordstrom wrote: > On Wed, 16 Feb 2005, Marco Crucianelli wrote: > > > As I would like to cache normal web stuff and big multimedia files, like > > videos, I was thinking about using two different squid instances running > > on two different machine. This idea was led by the fact that I'm not > > sure on how squid uses replacement algorithm. I'd bettere explain it: if > > I use only one squid, having small files (html pages) and huge files > > togheter (big videos) in the same cache, I guess, will make big files > > the first candidates to be replaced in cache, right? > > Depends on the removal policy used. The default lru policy (Least Recently > Used) only considers when the object was last accessed, not the size. > > The heap based policies includes the object size in the weight. > > Regards > Henrik
Re: [squid-users] auth popup is not comming
HI, Yes i am getting the authentication window if i try to browse bypassing the squid. Regards babu On Thu, 13 Jan 2005 13:21:05 +0100, Elsen Marc <[EMAIL PROTECTED]> wrote: > > > > Hi, > > I am running the squid in the transparent mode. While i abrowsing a > > secured site it should give a popup window for giving theuser name and > > passwd, but if i browse these site through squid the popupwindow is > > not comming and i am getting 401 error. > > > > If i reuest thissitr without squid i am getting the popup window. > > > > What configurationshould i change in the squid to get the > > popup window? > > > > Does it work, when the browser is set to use > SQUID directly (through proxy settings) ? > > M. >
RE: [squid-users] High loads on linux box running squid - tuning
[EMAIL PROTECTED] log]# free total used free sharedbuffers cached Mem: 10254321009236 16196 0 164296 394932 -/+ buffers/cache: 450008 575424 Swap: 2097112 285002068612 3097 squid 25 0 72060 70M 1928 S62.5 7.0 11:07 0 squid Kær kveðja / Best regards, Finnur Ö. Guðmundsson System Engineer - System Operations [EMAIL PROTECTED] TM Software - Skyggnir Holtasmári 1, IS- 201 Kópavogur, Iceland tel: + 354 545 3000-fax + 354 545 3001 www.t.is This e-mail message and any attachments is confidential and may be privileged. If you are not the intended recipient, please uphold strict confidentiality and neither read, copy, nor otherwise make use of the content in any way and notify sender immediately, by replying to this message or by sending an e-mail, and destroy all copies of this message and any attachments. Any non work related opinions contained in this message are those of the author and are not given or endorsed by TM Software TölvuMyndir through which this message is sent. -Original Message- From: Elsen Marc [mailto:[EMAIL PROTECTED] Sent: 17. febrúar 2005 08:54 To: Finnur Örn Guðmundsson - Skyggnir; squid-users@squid-cache.org Subject: RE: [squid-users] High loads on linux box running squid - tuning > Hi all, > > Im running squid on HP Proliant DL360 (3.06Ghz Xeon / 1Gb ram / 2x 15K > disks in raid1) > > We have around 2000-2500 concurrent clients at daytimes > > We recently upgraded the squid box from 866Mhz PIII / 1Gb of ram. It > had 100% cpu loads all the time and it was...slow :) > > After i upgraded the box to the 3Ghz Xeon its still performing pretty > much the same (Loads from 0.80 to 2.00). > Now i am running Squid 2.5.STABLE3-6.3E2 (from RHEL 3 Update 4). I am > by no means a squid expert (go figure:) but here are the parameters i > have changed from defaults (after googling for awile). > > cache_mem 128 MB > cache_swap_low 80 > cache_swap_high 100 > maximum_object_size 1024 KB > cache_dir aufs /var/spool/squid 4000 16 256 (i know i do not have alot > of cacheing space, but this is a temp proxy solution) cache_store_log > none request_body_max_size 12 MB half_closed_clients off > > The system is running 2.4.21-27 in non hyperthreading mode. (1 cpu) > > Is there anything i can do to quickly lower the load? How many users > can one put on a box like this? I have been google-ing alot and have > seen talk about 2500-5000 on one box, not unlike this one. Is this > wrong? > - Check whether the SQUID process has adequate mem. (not swapping) with : % free % top (check SIZE versus RSS of Squid process). - I would also advise to have a go with the default setting of 'cache_mem' see how that influences CPU usage. - From FAQ : http://www.squid-cache.org/Doc/FAQ/FAQ-11.html#ss11.46 (Probably does not apply). M.
RE: [squid-users] High loads on linux box running squid - tuning
> Hi all, > > Im running squid on HP Proliant DL360 (3.06Ghz Xeon / 1Gb ram > / 2x 15K disks in raid1) > > We have around 2000-2500 concurrent clients at daytimes > > We recently upgraded the squid box from 866Mhz PIII / 1Gb of > ram. It had 100% cpu loads all the time and it was...slow :) > > After i upgraded the box to the 3Ghz Xeon its still > performing pretty much the same (Loads from 0.80 to 2.00). > Now i am running Squid 2.5.STABLE3-6.3E2 (from RHEL 3 Update > 4). I am by no means a squid expert (go figure:) but here are > the parameters i have changed from defaults (after googling > for awile). > > cache_mem 128 MB > cache_swap_low 80 > cache_swap_high 100 > maximum_object_size 1024 KB > cache_dir aufs /var/spool/squid 4000 16 256 (i know i do not > have alot of cacheing space, but this is a temp proxy solution) > cache_store_log none > request_body_max_size 12 MB > half_closed_clients off > > The system is running 2.4.21-27 in non hyperthreading mode. (1 cpu) > > Is there anything i can do to quickly lower the load? How > many users can one put on a box like this? I have been > google-ing alot and have seen talk about 2500-5000 on one > box, not unlike this one. Is this wrong? > - Check whether the SQUID process has adequate mem. (not swapping) with : % free % top (check SIZE versus RSS of Squid process). - I would also advise to have a go with the default setting of 'cache_mem' see how that influences CPU usage. - From FAQ : http://www.squid-cache.org/Doc/FAQ/FAQ-11.html#ss11.46 (Probably does not apply). M.
Re: [squid-users] Problems with iptables
On Wed, 16 Feb 2005, Rafhael Almeida wrote: greetings, i have Problems with iptables in fedora Core 2, please somebody have link?? or manuals?? man iptables http://www.netfilter.org/ Regards Henrik
[squid-users] High loads on linux box running squid - tuning
Hi all, Im running squid on HP Proliant DL360 (3.06Ghz Xeon / 1Gb ram / 2x 15K disks in raid1) We have around 2000-2500 concurrent clients at daytimes We recently upgraded the squid box from 866Mhz PIII / 1Gb of ram. It had 100% cpu loads all the time and it was...slow :) After i upgraded the box to the 3Ghz Xeon its still performing pretty much the same (Loads from 0.80 to 2.00). Now i am running Squid 2.5.STABLE3-6.3E2 (from RHEL 3 Update 4). I am by no means a squid expert (go figure:) but here are the parameters i have changed from defaults (after googling for awile). cache_mem 128 MB cache_swap_low 80 cache_swap_high 100 maximum_object_size 1024 KB cache_dir aufs /var/spool/squid 4000 16 256 (i know i do not have alot of cacheing space, but this is a temp proxy solution) cache_store_log none request_body_max_size 12 MB half_closed_clients off The system is running 2.4.21-27 in non hyperthreading mode. (1 cpu) Is there anything i can do to quickly lower the load? How many users can one put on a box like this? I have been google-ing alot and have seen talk about 2500-5000 on one box, not unlike this one. Is this wrong? Kær kveðja / Best regards, Finnur Ö. Guðmundsson System Engineer - System Operations [EMAIL PROTECTED] TM Software - Skyggnir Holtasmári 1, IS- 201 Kópavogur, Iceland tel: + 354 545 3000-fax + 354 545 3001 www.t.is This e-mail message and any attachments is confidential and may be privileged. If you are not the intended recipient, please uphold strict confidentiality and neither read, copy, nor otherwise make use of the content in any way and notify sender immediately, by replying to this message or by sending an e-mail, and destroy all copies of this message and any attachments. Any non work related opinions contained in this message are those of the author and are not given or endorsed by TM Software TölvuMyndir through which this message is sent.
Re: [squid-users] build failing after sys upgrade
On 16.02 12:22, Ray Charles wrote: > I am sure that my problem is a direct result of a > recent system update that ran yesterday. I kind of > thought my kerberos needed updating but doing so > didn't make a difference. > > A vinilla squid build works but when I apply the patch > for collapsed_forwarding I get the following errors: you hace not specified what kind of 'sys do you use'. btw, did you 'make clean' and probably re-run configure before trying re-build squid? -- Matus UHLAR - fantomas, [EMAIL PROTECTED] ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. I feel like I'm diagonally parked in a parallel universe.