[squid-users] Accelerator and ICP
I'm setting up a squid proxy to reduce load on a partner's origin servers. Right now I have two machines, and am using Apache mod_proxy, because it was quick to setup, but I'd like to switch to squid so I can check my cache peer before going to the origin server, and also generate better statistics. (The partner really wants us to reduce the amount of traffic going to their servers) It looks like I definitely want to do something like http_port 80 httpd_accel_host partner.example.org httpd_accel_port 80 And maybe I need to add httpd_accel_with_proxy on cache_peer otherhost sibling 3128 3130 I'm worried that by adding httpd_accel_with_proxy on, I may be opening my servers up to proxy the world for everybody (especially if I don't write good acls) Would it be better to setup squid as a 'regular' proxy on port 3128, and configure apache on port 80 to be an accelerator proxy using squid? Thanks, Richard
Re: [squid-users] Redirection
azeem ahmad wrote: From: Basia Nowak [EMAIL PROTECTED] To: dev singh [EMAIL PROTECTED] CC: squid-users@squid-cache.org Subject: Re: [squid-users] Redirection Date: Fri, 3 Jun 2005 20:09:31 +0100 (BST) Hi. --- dev singh [EMAIL PROTECTED] wrote: and make the following prerouting through iptables iptables -t nat PREROUTING -i eth1 --port 80 REDIRECT --dport 8080 Hi The above rule will work on the squid box this is what others didn't tell you And you need a DNAT rule on the NAT box to tell all traffic destined to port 8080 where to go (Main rule) and since you have a Cisco in your vicinity why not deploy WCCP? Anyways hope it helps it's a network thing in conjuction with netfilter hackery. Niceday Bab. Ronny But... these are no any squid server on my NAT router! Port 8080 on router is closed. Proxy server is on other server. I cannont change it. I can only make someting like this: WAN Router ---switch ---Server A Server B But I want to know other way to make transparent squid without routing change. -- Cheers Barbara hi Barbara give some details. which server is connected to internet??? with which ur lan clients connect, do clients connect to ur router and u have proxy on server A and NAT on server B. do u want ur clients request coming through ur LAN router to be redirected to ur proxy server A. Regards Azeem ___ Does your mail provider give you FREE antivirus protection? Get Yahoo! Mail http://uk.mail.yahoo.com _ Express yourself instantly with MSN Messenger! Download today it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ -- *** / ''We can't become what we need to be by remaining what we are''\ \ ,, ,,/ ***
[squid-users] Check mail using Proxy server
Hi, Can any one tell me how can i check mail using proxy server. Where should I give mail server address in squid.conf file. -- Shahnawaz Iqbal NOTICE: This communication may contain CONFIDENTIAL AND PROPRIETARY INFORMATION. If you are not the intended recipient, or believe you have received this communication in error, please do not print, copy, re-transmit, disseminate, or otherwise use the information. In addition, please indicate to the sender that you have received this communication in error and delete the copy you received. Thank you.
Re: [squid-users] Redirection
Hi, --- azeem ahmad [EMAIL PROTECTED] wrote: give some details. which server is connected to internet??? with which ur lan clients connect, do clients connect to ur router and u have proxy on server A and NAT on server B. do u want ur clients request coming through ur LAN router to be redirected to ur proxy server A. OK. Once again. I have server 'A' and server 'B'. Both had public IP address (PI status from RIPE NCC). Server 'A' and server 'B' is connected via switch to router WAN. S 'A' Switch S 'B' ^ | WAN -+ So, directly connected to internet is 'A' 'B'. Its world access. Now: On server 'A' (and ONLY) I make squid 2.4 proxy server. On server 'B' I make NAT router. People are connected to internet via server 'B'. Now... I want to force proxy server on server 'B' from 'A'. I cannont use simple redir on port with iptables because these are no any proxy on server 'A'. Machine on server 'A' is 10x better from machine on server 'B'. I cannont make NAT on server 'A'. I make proxy config to make transparent proxy and proxy works on 8080 port. Now only 1% users use my proxy ;/ -- I greet Barbara ___ How much free photo storage do you get? Store your holiday snaps for FREE with Yahoo! Photos http://uk.photos.yahoo.com
Odp: Re: [squid-users] Redirection
Hello on server B: iptables -t nat -A PREROUTING -i lan_iface -s lan_users_subnet -p tcp --dport 80 -j DNAT --to squid_box:80 iptables -t nat -A POSTROUTING -o out_iface_connected_to_switch -d squid_box -p tcp --dport 80 -j SNAT --to wan_iface on server A: iptables -t nat -A PREROUTING -s server_A_wan_ip -p tcp --dport 80 -j REDIRECT --to 8080 Basia Nowak [EMAIL PROTECTED] 06/04/05 1:08 pm Hi, --- azeem ahmad [EMAIL PROTECTED] wrote: give some details. which server is connected to internet??? with which ur lan clients connect, do clients connect to ur router and u have proxy on server A and NAT on server B. do u want ur clients request coming through ur LAN router to be redirected to ur proxy server A. OK. Once again. I have server 'A' and server 'B'. Both had public IP address (PI status from RIPE NCC). Server 'A' and server 'B' is connected via switch to router WAN. S 'A' Switch S 'B' ^ | WAN -+ So, directly connected to internet is 'A' 'B'. Its world access. Now: On server 'A' (and ONLY) I make squid 2.4 proxy server. On server 'B' I make NAT router. People are connected to internet via server 'B'. Now... I want to force proxy server on server 'B' from 'A'. I cannont use simple redir on port with iptables because these are no any proxy on server 'A'. Machine on server 'A' is 10x better from machine on server 'B'. I cannont make NAT on server 'A'. I make proxy config to make transparent proxy and proxy works on 8080 port. Now only 1% users use my proxy ;/ -- I greet Barbara ___ How much free photo storage do you get? Store your holiday snaps for FREE with Yahoo! Photos http://uk.photos.yahoo.com
[squid-users] Re: Password expiration
I will also like to known if there is a way to only logon once to squid, what I mean is I open IE and it ask me for a username and password and when I open a 2nd IE page I am once again asked for a username and password again. Is there a way that once you have an IE page opened you are not asked for authentication again. The second IE is a new process, so it doesn't know the authentication headers of the first one. If you open the second browser with ctrl+n, the headers are copied. You could also use a tabbed browser (like Firefox), proxy authentication is shared between the tabs. Joost
RE: [squid-users] dstdomain acl is not working for IP addresses- squid-STABLE10
I am still looking for help. I realized that this IP number doesn't have a reverse lookup, but, in this case, how to solve the problem? If I use the IP the URL is loaded fine. Perhaps an external acl which does - a reverse DNS lookup for IP addresses, and denies domains without a reverse DNS - Compares the rDNS lookup with your blacklist Joost
[squid-users] NCSA Query
Hello all, Im using NCSA authentication and I have some questions: 1. How can I set that If a user is login to pc 1, he cannot login to pc 2 or if he is login to pc 1 and he logins to pc 2, his account to pc1will be authomatically logouts. 2. How can I set that if a user is idle for x number minutes, the system will log him out automatically? 3.Is there away to set that if a user login to his computer using his browser. no matter how many browser he opens it will not ask for a password? Thank you very much, Wennie
Re: [squid-users] Check mail using Proxy server
Squid is an HTTP proxy. Bart On Sat, 2005-06-04 at 17:04 +0600, Shahnawaz Iqbal wrote:
RE: Odp: Re: [squid-users] Redirection
hi Barbara. i hope the rules told by Pawe³ Staszewsk should work fine. Regards Azeem From: Pawe³ Staszewski [EMAIL PROTECTED] To: [EMAIL PROTECTED] CC: squid-users@squid-cache.org Subject: Odp: Re: [squid-users] Redirection Date: Sat, 04 Jun 2005 13:29:58 +0200 Hello on server B: iptables -t nat -A PREROUTING -i lan_iface -s lan_users_subnet -p tcp --dport 80 -j DNAT --to squid_box:80 iptables -t nat -A POSTROUTING -o out_iface_connected_to_switch -d squid_box -p tcp --dport 80 -j SNAT --to wan_iface on server A: iptables -t nat -A PREROUTING -s server_A_wan_ip -p tcp --dport 80 -j REDIRECT --to 8080 Basia Nowak [EMAIL PROTECTED] 06/04/05 1:08 pm Hi, --- azeem ahmad [EMAIL PROTECTED] wrote: give some details. which server is connected to internet??? with which ur lan clients connect, do clients connect to ur router and u have proxy on server A and NAT on server B. do u want ur clients request coming through ur LAN router to be redirected to ur proxy server A. OK. Once again. I have server 'A' and server 'B'. Both had public IP address (PI status from RIPE NCC). Server 'A' and server 'B' is connected via switch to router WAN. S 'A' Switch S 'B' ^ | WAN -+ So, directly connected to internet is 'A' 'B'. Its world access. Now: On server 'A' (and ONLY) I make squid 2.4 proxy server. On server 'B' I make NAT router. People are connected to internet via server 'B'. Now... I want to force proxy server on server 'B' from 'A'. I cannont use simple redir on port with iptables because these are no any proxy on server 'A'. Machine on server 'A' is 10x better from machine on server 'B'. I cannont make NAT on server 'A'. I make proxy config to make transparent proxy and proxy works on 8080 port. Now only 1% users use my proxy ;/ -- I greet Barbara ___ How much free photo storage do you get? Store your holiday snaps for FREE with Yahoo! Photos http://uk.photos.yahoo.com _ Express yourself instantly with MSN Messenger! Download today it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
