Re: [squid-users] I need one command
Simply you can use top command. In addition there are a number of ports in ports collection, mostly in sysutils directory, which can provide you useful information about system status. --- Carstea Catalin <[EMAIL PROTECTED]> wrote: > I run squid on my freebsd box and i need to know the > free memory. > In redhat exist a nice command #free to show the > free memory. In > FreeBsd how can i get the same result? > > -- > Any help would be greatly appreciated. > regards, > Carstea Catalin > __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
[squid-users] I need one command
I run squid on my freebsd box and i need to know the free memory. In redhat exist a nice command #free to show the free memory. In FreeBsd how can i get the same result? -- Any help would be greatly appreciated. regards, Carstea Catalin
[squid-users] Reverse Proxy Question
Can one Squid box be setup to accept and proxy requests on two or more different IP addresses and those two or more IP addresses would proxy for two or more realservers? If so how is it setup?
RE: [squid-users] squid monitoring using mrtg
> -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] > Sent: Wednesday, August 17, 2005 12:38 AM > To: [EMAIL PROTECTED]; Chris Robertson; > squid-users@squid-cache.org > Subject: RE: [squid-users] squid monitoring using mrtg > > > Sorry to post it again. > I don't get real time value in this. > How can I get real time value? See http://www.squid-cache.org/mail-archive/squid-users/200508/0168.html and http://www.squid-cache.org/mail-archive/squid-users/200508/0170.html. Chris
Re: [squid-users] I need htpasswd
It is part of Apache distribution. If you have installed Apache before, you can do a locate to find htpasswd. It usually resides beside apache executables. If you don't want to install apache you can download and install htpasswd separately, for example from here: http://www.squid-cache.org/htpasswd/ --- Carstea Catalin <[EMAIL PROTECTED]> wrote: > I need the htpasswd for change my accounts. ( for > FreeBSD) > > -- > Any help would be greatly appreciated. > regards, > Carstea Catalin > __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
[squid-users] REdirect first page after autentication
I want to redirect first page after autentication of my lan users, to my web page. How ca i do this. My users have www.google.com - home page, but i want to redirect after autentication to www.mypage.com(i.e). -- Any help would be greatly appreciated. regards, Carstea Catalin
Re: [squid-users] new to squid
Thanks for the reply, i did not want to compile with too many or too less options, so was not sure ! and another thing is it better to use squid from what CentOS provides or to download it and compile it. Rgds, -Original message- From: [EMAIL PROTECTED] Date: Wed, 17 Aug 2005 20:26:18 +0300 To: squid-users@squid-cache.org Subject: Re: [squid-users] new to squid > Actually, ./configure --help is quite sufficient at displaying > compile-time options and their descriptions. > I would start there. > > Tim Rainier > > > > > Abdock <[EMAIL PROTECTED]> > 08/17/2005 01:09 PM > > To > squid-users@squid-cache.org > cc > > Subject > [squid-users] new to squid > > > > > > > > Dear All, > > I need to set up a tranparent squid box, and want to use CentOS 4, getting > squid from source is great, can anybody help me on the compile lines ? > > Have like 1,000 users. and a bandwidth of 4mb in / 1 mb out. > > > Thanks a lot, > > Ab. > > >
Re: [squid-users] new to squid
Actually, ./configure --help is quite sufficient at displaying compile-time options and their descriptions. I would start there. Tim Rainier Abdock <[EMAIL PROTECTED]> 08/17/2005 01:09 PM To squid-users@squid-cache.org cc Subject [squid-users] new to squid Dear All, I need to set up a tranparent squid box, and want to use CentOS 4, getting squid from source is great, can anybody help me on the compile lines ? Have like 1,000 users. and a bandwidth of 4mb in / 1 mb out. Thanks a lot, Ab.
Re: [squid-users] squid ldap authentication
Hi, At 09.03 17/08/2005, Ashish wrote: Hi, we have in our network Windows Server 2003 and squid proxy. Now i want squid to authenticate through server 2003 active directory. i am using command:- auth_param basic program /usr/lib/squid/squid_ldap_auth -b "ou=Users, dc=example,dc=com" ldapserver but it doesn't authenticate through it. Though the dialog for username and password doeas come but when i enter the username and password it doesn't authenticate though it. Plz tell me where i am going wrong. I have already tried ntlm_auth command. -- Two things: - Anonymous LDAP operations to Active Directory are disabled on Windows Server 2003 domain controllers: http://support.microsoft.com/default.aspx?scid=kb;en-us;326690. - You must specify a username/password for binding to Active Directory, see -D and -w options of squid_ldap_auth. Regards Guido - Guido Serassio Acme Consulting S.r.l. - Microsoft Certified Partner Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY Tel. : +39.011.9530135 Fax. : +39.011.9781115 Email: [EMAIL PROTECTED] WWW: http://www.acmeconsulting.it/
[squid-users] new to squid
Dear All, I need to set up a tranparent squid box, and want to use CentOS 4, getting squid from source is great, can anybody help me on the compile lines ? Have like 1,000 users. and a bandwidth of 4mb in / 1 mb out. Thanks a lot, Ab.
[squid-users] I need htpasswd
I need the htpasswd for change my accounts. ( for FreeBSD) -- Any help would be greatly appreciated. regards, Carstea Catalin
[squid-users] squid-users
[squid-users] squid-users
[squid-users] WCCPv2 on Linux (Gentoo) - Multicast support
Hi all, has anyone configured squid using WCCPv2 working with multiple routers (multicast or unicast notify). Valton
Re: [squid-users] Squid and ACL with two internet connections
> Thankyou so much Chris for the reply but the squid.conf says > > tcp_outgoing_address > # Allows you to map requests to different outgoing IP addresses > # based on the username or sourceaddress of the user making > # the request. > # > # tcp_outgoing_address ipaddr [[!]aclname] ... > # > # Example where requests from 10.0.0.0/24 will be forwareded > # with source address 10.1.0.1, 10.0.2.0/24 forwarded with > # source address 10.1.0.2 and the rest will be forwarded with > # source address 10.1.0.3. > # > # acl normal_service_net src 10.0.0.0/255.255.255.0 > # acl good_service_net src 10.0.1.0/255.255.255.0 > # tcp_outgoing_address 10.0.0.1 normal_service_net > # tcp_outgoing_address 10.0.0.2 good_service_net > # tcp_outgoing_address 10.0.0.3 > # > # Processing proceeds in the order specified, and stops at first > fully > # matching line. > > I my case the source address of the user making the request is same. Then make your acl so it differs between users. The ip acl is just an example. Joost
[squid-users] Problem when using AUFS for "cache_dir" type
Hello, friends! I have just installed Squid on a test server, to evaluate best performance related to the storage type used by the "cache_dir" tag. I have compiled it using these options: ./configure --enable-auth=ntlm,basic --enable-underscores\ --enable-delay-pools --enable-snmp --enable-useragent-log\ --prefix=/usr/local/squid --enable-ssl\ --enable-storeio=diskd,ufs,aufs,null --with-aufs-threads=32\ --enable-external-acl-helpers=wbinfo_group Inside squid.conf cache_dir is configured like this: cache_dir aufs /cache 9000 16 256 And when i tried to create the cache, got this error: FATAL: Unknown cache_dir type 'aufs' Squid Cache (Version 2.5.STABLE10): Terminated abnormally. CPU Usage: 0.003 seconds = 0.002 user + 0.001 sys Maximum Resident Size: 0 KB Page faults with physical i/o: 0 Abortado Does anybody knows what may i have done wrong? Any help is very appreciated! I'm using Fedora Core 3. Thanks in advance! André ___ Yahoo! Acesso Grátis - Internet rápida e grátis. Instale o discador agora! http://br.acesso.yahoo.com/
[squid-users] Question on squidaio_counters
I took a look at the squidaio_counters page today, and saw something strange: In the Squid book, I read, on page 244: 'The cancel counter is normally equal to the close counter'. However, when I look at the statistics of my cache I see the following: open6011915 close 463 cancel 6011881 This is Squid 2.5STABLE10 on Linux kernel 2.4.19, using aufs as cache storage scheme. Is something wrong with Squid, or is the comment in the book no longer valid for the current version of Squid? Joost
RE: [squid-users] Squid - performance
Thanks. What parameters define how much object size one should go for. As per your suggestion I can go for 32mb for 30 GB cache dir. I would like to understand how to derive this value? Thanks for your support. -Original Message- From: Matus UHLAR - fantomas [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 17, 2005 10:15 AM To: squid-users@squid-cache.org Subject: Re: [squid-users] Squid - performance On 16.08 21:25, [EMAIL PROTECTED] wrote: > I am using 2 Scsi hard disk of 36 GB for cache. I have assigned only 15 > GB ( less than 50 % of total disk ) for cache in each disk . > So total cache is 30 GB. > > cache_dir diskd /cache1/squid 15360 16 256 Q1=64 Q2=72 > cache_dir diskd /cache2/squid 15360 16 256 Q1=64 Q2=72 > > > I want to know if squid uses full 30 GB for cache then what will happen? > Shouldn't squid start deleting those cached objects which are not in > use? > Which parameter define that? cache_swap_low and cache_swap_high define, when will squid start removing objects and how much will it remove. cache_replacement_policy defines, how will squid choose which objects to remove. Note that for 36GB disks I have no problems defining cache_dir 3 (the FS becomes filled up to ~86% which is OK) > What parameters do I need to check to get best performance and caching. increase cache size for bigger efficiency, but not too big (filesystems filled up too much use to have low performance). > My squid is currently handling 80 req/sec and during peak hours nearly > 1500 users uses caching server. > I can save maximum 15 % to 18 % bandwidth. Is it possible to save more > bandwidth with better performance?? yes, do the above, choose good replacement policy (heap LFUDA or heap GSDF) and increase maximum_object_size (for 2x36 GB I'd use 32 MB and maybe more). -- Matus UHLAR - fantomas, [EMAIL PROTECTED] ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. If Barbie is so popular, why do you have to buy her friends? Disclaimer The information contained in this e-mail, any attached files, and response threads are confidential and may be legally privileged. It is intended solely for the use of individual(s) or entity to which it is addressed and others authorised to receive it. If you are not the intended recipient, kindly notify the sender by return mail and delete this message and any attachment(s) immediately. Save as expressly permitted by the author, any disclosure, copying, distribution or taking action in reliance on the contents of the information contained in this e-mail is strictly prohibited and may be unlawful. Unless otherwise clearly stated, and related to the official business of Accelon Nigeria Limited, opinions, conclusions, and views expressed in this message are solely personal to the author. Accelon Nigeria Limited accepts no liability whatsoever for any loss, be it direct, indirect or consequential, arising from information made available in this e-mail and actions resulting there from. For more information about Accelon Nigeria Limited, please see our website at http://www.accelonafrica.com **
[squid-users] beat it to death....
I am sure this has been gone over before but here is what i am experiencing with also an update. Started testing squid on red hat for Internet Proxy. All was good in our testing until we started getting Zero Sized Reply errors on some websites. After some research I decided to try and upgrade Squid from versio 2.5 STABLE 3.3 to 2.5 STABLE7. Now with this upgrade those sites that were giving the zero size reply are now just coming up with a blank screen. I can hit refresh a time or two on the blank screen and then the page comes up. The site I am testing with is hotmail.com although this does happen on other sites as well. Is there something I can do to get around this. Is there another version that I should try? BY the way, the OS is Red Hat Enterprise Linux 3. Thanks -- The contents of this e-mail (and any attachments) are confidential, may be privileged and may contain copyright material. You may only reproduce or distribute material if you are expressly authorized by us to do so. If you are not the intended recipient, any use, disclosure or copying of this email (and any attachments) is unauthorized. If you have received this e-mail in error, please notify the sender and immediately delete this e-mail and any copies of it from your system. ==
[squid-users] How squid deals with dynamic content pages?
Hello, I'm a newbie squid user, I want to know how squid deals with dynamic content pages. Squid does a temporary cache and then flushes the dynamic content since it's uncacheable or squid doesn't make a temporary cache and simply forwards the content to the user not causing any overhead for the temporary caching? __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Re: [squid-users] IPTABLES + SQUID + TRANSPARENT PROXY
Hi, Definately u have to modify /etc/sysctl.conf file for packet forwarding. sorry as i forgot that to tell u. net.ipv4.ip_forward=1 bye -- Thanks, __ Ashish
Re: [squid-users] IPTABLES + SQUID + TRANSPARENT PROXY
Damián Mantelli (A.C.A.R.A) wrote: Thanks for your help, I will perform my iptables with that information, but I have a second cuestion, must I set additional modules into the Kernel? Or set something in /etc/sysctl.conf ? something like net.ipv4.ip_forward=1.. only needed if your cache server also working as gateway Thanks Damián. -Mensaje original- De: Ashish [mailto:[EMAIL PROTECTED] Enviado el: Miércoles, 17 de Agosto de 2005 03:45 a.m. Para: Damián Mantelli (A. C. A. R. A ) CC: squid-users@squid-cache.org Asunto: Re: [squid-users] IPTABLES + SQUID + TRANSPARENT PROXY Hi , The following u need to do for making squid as transparent proxy:- iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128 iptables -A INPUT -j ACCEPT -m state --state NEW,ESTABLISHED,RELATED -i eth1 -p tcp --dport 3128 iptables -A OUTPUT -j ACCEPT -m state --state NEW,ESTABLISHED,RELATED -o eth0 -p tcp --dport 80 iptables -A INPUT -j ACCEPT -m state --state ESTABLISHED,RELATED -i eth0 -p tcp --sport 80 iptables -A OUTPUT -j ACCEPT -m state --state ESTABLISHED,RELATED -o eth1 -p tcp --sport 80 iptables -t nat -A PREROUTING -i eth1 -s ! 192.168.1.100 -p tcp --dport 80 -j DNAT --to 192.168.1.100:3128 iptables -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -d 192.168.1.100 -j SNAT --to 192.168.1.1 iptables -A FORWARD -s 192.168.1.0/24 -d 192.168.1.100 -i eth1 -o eth1 -m state --state NEW,ESTABLISHED,RELATED -p tcp --dport 3128 -j ACCEPT iptables -A FORWARD -d 192.168.1.0/24 -s 192.168.1.100 -i eth1 -o eth1 -m state --state ESTABLISHED,RELATED -p tcp --sport 3128 -j ACCEPT make the following changes in squid.conf:- httpd_accel_host virtual httpd_accel_port 80 httpd_accel_with_proxy on httpd_accel_uses_host_header on Thanks Ashish Malik
Re: RES: [squid-users] Windows update hangs
On Wed, 17 Aug 2005, Lasse [iso-8859-1] Mørk wrote: Argh. I think it works now :) It still prompts, but only just before showing the update list. hm. weird. But anyway, it seems like it runs pretty good damn faster. Thanks. Old you big one. This happened to me as well. When I reviewed the logs, it was this site that was prompting for authentication. I don't think this will prevent Windows Update from working however. TCP_DENIED/407 1797 GET http://c.microsoft.com/trans_pixel.asp? - NONE/- text/html -Mike acl win1 dstdomain http://*.update.microsoft.com No, protocol shouldn't be in a dstdomain acl. The correct acl is: acl win1 dstdomain .update.microsoft.com If you want the protocol too you need the 'proto' acl type. Joost
RE: [squid-users] Fwd: Problems with authentication
Hi maybe you must order your rules like this. (1) auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/.password auth_param basic children 5 auth_param basic realm YOUR PROXY NAME HERE - ALL ACCESS WILL BE REGISTERED (2) acl password proxy_auth REQUIRED (3) http_access allow password This must be configured into your squid.conf NOTE: my squid version it´s 2.5.STABLE9 and works fine NOTE2: obviusly the numbers enclosed between brackets they must not be inside the file squid.conf Atte. Damián Mantelli -Mensaje original- De: Begoña F [mailto:[EMAIL PROTECTED] Enviado el: Miércoles, 17 de Agosto de 2005 04:31 a.m. Para: squid-users@squid-cache.org Asunto: [squid-users] Fwd: Problems with authentication Hello, I have the same problem with this ACL: acl password proxy_auth root acl ea src 192.168.0.0/255.255.0.0 acl all src 0.0.0.0/0.0.0.0 acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl manager proto cache_object acl SSL_ports port 443 563 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 563 # https, snews acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT http_access allow manager http_access allow localhost http_access allow password http_access allow ea http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access deny all AND THE SAME ERROR: Bungled squid.conf line 444: acl password proxy_auth root Thanks. -- Forwarded message -- From: Begoña F <[EMAIL PROTECTED]> Date: 11-ago-2005 13:34 Subject: Problems with authentication To: squid-users@squid-cache.org Hello, I sent this mail last month, but I couldn't see the list, I repeat the problem, thanks a lot. I have problems with the authentication. I've followed the faq's rules: acl prueba proxy_auth REQUIRED acl network src 192.168.0.0/255.255.0.0 acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 http_access allow localhost http_access allow prueba network root user1 http_access deny all 2. External authenticator program. % cd helpers/basic_auth/NCSA % make % make install 3. Password file 4. Configure the external authenticator in squid.conf. For ncsa_auth you need to give the pathname to the executable and the password file as an argument. For example: auth_param basic program /usr/local/squid/libexec/ncsa_auth /usr/local/squid/etc/passwd But I'm not able to start Squid: /var/messages: squid: Bungled squid.conf line 444: acl prueba proxy_auth REQUIRED Thanks for your help.
RE: [squid-users] IPTABLES + SQUID + TRANSPARENT PROXY
Thanks for your help, I will perform my iptables with that information, but I have a second cuestion, must I set additional modules into the Kernel? Or set something in /etc/sysctl.conf ? something like net.ipv4.ip_forward=1.. Thanks Damián. -Mensaje original- De: Ashish [mailto:[EMAIL PROTECTED] Enviado el: Miércoles, 17 de Agosto de 2005 03:45 a.m. Para: Damián Mantelli (A. C. A. R. A ) CC: squid-users@squid-cache.org Asunto: Re: [squid-users] IPTABLES + SQUID + TRANSPARENT PROXY Hi , The following u need to do for making squid as transparent proxy:- iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128 iptables -A INPUT -j ACCEPT -m state --state NEW,ESTABLISHED,RELATED -i eth1 -p tcp --dport 3128 iptables -A OUTPUT -j ACCEPT -m state --state NEW,ESTABLISHED,RELATED -o eth0 -p tcp --dport 80 iptables -A INPUT -j ACCEPT -m state --state ESTABLISHED,RELATED -i eth0 -p tcp --sport 80 iptables -A OUTPUT -j ACCEPT -m state --state ESTABLISHED,RELATED -o eth1 -p tcp --sport 80 iptables -t nat -A PREROUTING -i eth1 -s ! 192.168.1.100 -p tcp --dport 80 -j DNAT --to 192.168.1.100:3128 iptables -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -d 192.168.1.100 -j SNAT --to 192.168.1.1 iptables -A FORWARD -s 192.168.1.0/24 -d 192.168.1.100 -i eth1 -o eth1 -m state --state NEW,ESTABLISHED,RELATED -p tcp --dport 3128 -j ACCEPT iptables -A FORWARD -d 192.168.1.0/24 -s 192.168.1.100 -i eth1 -o eth1 -m state --state ESTABLISHED,RELATED -p tcp --sport 3128 -j ACCEPT make the following changes in squid.conf:- httpd_accel_host virtual httpd_accel_port 80 httpd_accel_with_proxy on httpd_accel_uses_host_header on Thanks Ashish Malik
Re: [squid-users] Squid and ACL with two internet connections
On 8/17/05, Chris Robertson <[EMAIL PROTECTED]> wrote: > > -Original Message- > > From: Siju George [mailto:[EMAIL PROTECTED] > > Sent: Tuesday, August 16, 2005 4:23 AM > > To: squid-users > > Subject: [squid-users] Squid and ACL with two internet connections > > > > > > Hi all, > > > > I have a computer running Squid. > > > > It is connected to a LAN and two internet connections using 3 NICs > > > > how will I configure it so that access from the LAN to a set of > > websites will go through one Internet connection and access to all > > other websites will go through the other internet connection > > > > Thankyou so much > > > > kind regards > > > > Siju > > > > Look into the tcp_outgoing_address directive. > Thankyou so much Chris for the reply but the squid.conf says tcp_outgoing_address # Allows you to map requests to different outgoing IP addresses # based on the username or sourceaddress of the user making # the request. # # tcp_outgoing_address ipaddr [[!]aclname] ... # # Example where requests from 10.0.0.0/24 will be forwareded # with source address 10.1.0.1, 10.0.2.0/24 forwarded with # source address 10.1.0.2 and the rest will be forwarded with # source address 10.1.0.3. # # acl normal_service_net src 10.0.0.0/255.255.255.0 # acl good_service_net src 10.0.1.0/255.255.255.0 # tcp_outgoing_address 10.0.0.1 normal_service_net # tcp_outgoing_address 10.0.0.2 good_service_net # tcp_outgoing_address 10.0.0.3 # # Processing proceeds in the order specified, and stops at first fully # matching line. I my case the source address of the user making the request is same. I want the same user to be able to connect through squid and use one internet connection for a set of websites and the other internet connection for all other websites. Thankyou so much for the response kind regards Siju
Re: [squid-users] ACLs
When I said 192.168.X.X. I want to say to control machines with ip-address from 192.168.0.1 to 192.168.255.254. I am grateful to Diego Woitasen say to me: acl myclients src 192.168.0.0/16 or 255.255.0.0 http_access allow myclients Is it correct? Thanks.
Re: [squid-users] Squid - performance
On 16.08 21:25, [EMAIL PROTECTED] wrote: > I am using 2 Scsi hard disk of 36 GB for cache. I have assigned only 15 > GB ( less than 50 % of total disk ) for cache in each disk . > So total cache is 30 GB. > > cache_dir diskd /cache1/squid 15360 16 256 Q1=64 Q2=72 > cache_dir diskd /cache2/squid 15360 16 256 Q1=64 Q2=72 > > > I want to know if squid uses full 30 GB for cache then what will happen? > Shouldn't squid start deleting those cached objects which are not in > use? > Which parameter define that? cache_swap_low and cache_swap_high define, when will squid start removing objects and how much will it remove. cache_replacement_policy defines, how will squid choose which objects to remove. Note that for 36GB disks I have no problems defining cache_dir 3 (the FS becomes filled up to ~86% which is OK) > What parameters do I need to check to get best performance and caching. increase cache size for bigger efficiency, but not too big (filesystems filled up too much use to have low performance). > My squid is currently handling 80 req/sec and during peak hours nearly > 1500 users uses caching server. > I can save maximum 15 % to 18 % bandwidth. Is it possible to save more > bandwidth with better performance?? yes, do the above, choose good replacement policy (heap LFUDA or heap GSDF) and increase maximum_object_size (for 2x36 GB I'd use 32 MB and maybe more). -- Matus UHLAR - fantomas, [EMAIL PROTECTED] ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. If Barbie is so popular, why do you have to buy her friends?
Re: [squid-users] Squid - performance
On 8/17/05, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > What parameters do I need to check to get best performance and caching. > My squid is currently handling 80 req/sec and during peak hours nearly > 1500 users uses caching server. That is a respectable traffic volume. IMHO, the best thing you can do to improve a cache and the end user experience is to add as much RAM as you can afford (as the box can take). Another option might be to implement multiple Squid peers in parallel, varying the object purge policy and max/min object sizes amongst the different cache peers. I've only recently started to play with this idea, now that I have six "parent" caches each with between 1-4GB of RAM and 16-36GB of dedicated FCAL-attached cache disk storage. > What parameter do I need to poll to check object hit rate? > There are other parameters also like Byte Hit rate, request Hit ratio > etc. How can I get detail on this. Is there any website for this? You probably don't want to poll to get these statistics, but instead run something like "calamaris" nightly or weekly to get the _average_ hit rate over a longer time period. > Is it really impossible to get better performance > and more caching up to 30% Your real world cache hit/byte ratios (are going to be for the most part defined by two variables over which you have little or no control -- the requests sourced by your users, and how "cache friendly" are the content (and headers) served up by the remote servers. If you could force your customers to only ever visit three web sites which provide purely static content with "Expires" and "Last-Modified" headers, then your cache rate could be substantially higher :) Realistically, aside from adding cache disk/mem to ensure the cache doesn't have to toss out any data it might need later, the other tunables available in squid can be risky at best. If you make adjustments to the "freshness" calculations, your users may start to complain about getting old stale copies of pages from the cache long after the source web site has updated their content. Kevin Kadow
RE: [squid-users] squid monitoring using mrtg
Sorry to post it again. I don't get real time value in this. How can I get real time value? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 16, 2005 8:56 PM To: [EMAIL PROTECTED]; squid-users@squid-cache.org Subject: RE: [squid-users] squid monitoring using mrtg Thanks Its working now. LK -Original Message- From: Chris Robertson [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 16, 2005 7:54 PM To: squid-users@squid-cache.org Subject: RE: [squid-users] squid monitoring using mrtg > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] > Sent: Tuesday, August 16, 2005 1:54 AM > To: squid-users@squid-cache.org > Subject: [squid-users] squid monitoring using mrtg > > > Hi > I am trying to poll squid using SNMP. > I am using squid MIB file from > http://chrismiles.info/unix/mrtg/squid-mib.txt > > I am getting maximum stats but I am not getting any data in "Number of > clients accessing cache" > > What is wrong there. > > My mrtg config is > > ## > ## > # > Target[cacheClients]: > cacheClients&cacheClients:[EMAIL PROTECTED]:3401 > MaxBytes[cacheClients]: 10 > Title[cacheClients]: Number of Clients Edit the following line... > Options[cacheClients]: growright, nopercent to read... Options[cacheClients]: growright, nopercent, gauge ...and you should be set. cacheClients does not increase with time. > PageTop[cacheClients]: Number of clients accessing cache > @ DALE > YLegend[cacheClients]: clients/sec > ShortLegend[cacheClients]: clients/s > LegendI[cacheClients]: Num Clients > LegendO[cacheClients]: > Legend1[cacheClients]: Num Clients > Legend2[cacheClients]: > ## > ## > ### > Thanks Chris Disclaimer The information contained in this e-mail, any attached files, and response threads are confidential and may be legally privileged. It is intended solely for the use of individual(s) or entity to which it is addressed and others authorised to receive it. If you are not the intended recipient, kindly notify the sender by return mail and delete this message and any attachment(s) immediately. Save as expressly permitted by the author, any disclosure, copying, distribution or taking action in reliance on the contents of the information contained in this e-mail is strictly prohibited and may be unlawful. Unless otherwise clearly stated, and related to the official business of Accelon Nigeria Limited, opinions, conclusions, and views expressed in this message are solely personal to the author. Accelon Nigeria Limited accepts no liability whatsoever for any loss, be it direct, indirect or consequential, arising from information made available in this e-mail and actions resulting there from. For more information about Accelon Nigeria Limited, please see our website at http://www.accelonafrica.com ** Disclaimer The information contained in this e-mail, any attached files, and response threads are confidential and may be legally privileged. It is intended solely for the use of individual(s) or entity to which it is addressed and others authorised to receive it. If you are not the intended recipient, kindly notify the sender by return mail and delete this message and any attachment(s) immediately. Save as expressly permitted by the author, any disclosure, copying, distribution or taking action in reliance on the contents of the information contained in this e-mail is strictly prohibited and may be unlawful. Unless otherwise clearly stated, and related to the official business of Accelon Nigeria Limited, opinions, conclusions, and views expressed in this message are solely personal to the author. Accelon Nigeria Limited accepts no liability whatsoever for any loss, be it direct, indirect or consequential, arising from information made available in this e-mail and actions resulting there from. For more information about Accelon Nigeria Limited, please see our website at http://www.accelonafrica.com **
RE: [squid-users] Squid - performance
Thanks What parameter do I need to poll to check object hit rate? There are other parameters also like Byte Hit rate, request Hit ratio etc. How can I get detail on this. Is there any website for this? Is it really impossible to get better performance and more caching up to 30% Thanks - Lokesh -Original Message- From: Mark Elsen [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 17, 2005 8:53 AM To: Lokesh Khanna Cc: squid-users@squid-cache.org Subject: Re: [squid-users] Squid - performance On 8/16/05, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > Hi > > I am running squid 2-5-10 stable on Redhat 9 as transparent proxy. Box > is having 2 GB memory. > As per my squid config > Cache_mem 256 mb > maximum_object_size_in_memory 200 KB > maximum_object_size 1024 KB > cache_replacement_policy heap GDSF > memory_replacement_policy heap GDSF > half_closed_clients off > > > I am using 2 Scsi hard disk of 36 GB for cache. I have assigned only 15 > GB ( less than 50 % of total disk ) for cache in each disk . > So total cache is 30 GB. > > cache_dir diskd /cache1/squid 15360 16 256 Q1=64 Q2=72 > cache_dir diskd /cache2/squid 15360 16 256 Q1=64 Q2=72 > > > I want to know if squid uses full 30 GB for cache then what will happen? > Shouldn't squid start deleting those cached objects which are not in > use? > Which parameter define that? None , squid will cleanup swap space automatically if needed to store new objects. > > What parameters do I need to check to get best performance and caching. > My squid is currently handling 80 req/sec and during peak hours nearly > 1500 users uses caching server. > I can save maximum 15 % to 18 % bandwidth. Is it possible to save more > bandwidth with better performance?? > > Difficult , I have the same performance for a similar cache. Note that your object hit rate may be higher though. M. Disclaimer The information contained in this e-mail, any attached files, and response threads are confidential and may be legally privileged. It is intended solely for the use of individual(s) or entity to which it is addressed and others authorised to receive it. If you are not the intended recipient, kindly notify the sender by return mail and delete this message and any attachment(s) immediately. Save as expressly permitted by the author, any disclosure, copying, distribution or taking action in reliance on the contents of the information contained in this e-mail is strictly prohibited and may be unlawful. Unless otherwise clearly stated, and related to the official business of Accelon Nigeria Limited, opinions, conclusions, and views expressed in this message are solely personal to the author. Accelon Nigeria Limited accepts no liability whatsoever for any loss, be it direct, indirect or consequential, arising from information made available in this e-mail and actions resulting there from. For more information about Accelon Nigeria Limited, please see our website at http://www.accelonafrica.com **
Re: [squid-users] Squid - performance
On 8/16/05, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > Hi > > I am running squid 2-5-10 stable on Redhat 9 as transparent proxy. Box > is having 2 GB memory. > As per my squid config > Cache_mem 256 mb > maximum_object_size_in_memory 200 KB > maximum_object_size 1024 KB > cache_replacement_policy heap GDSF > memory_replacement_policy heap GDSF > half_closed_clients off > > > I am using 2 Scsi hard disk of 36 GB for cache. I have assigned only 15 > GB ( less than 50 % of total disk ) for cache in each disk . > So total cache is 30 GB. > > cache_dir diskd /cache1/squid 15360 16 256 Q1=64 Q2=72 > cache_dir diskd /cache2/squid 15360 16 256 Q1=64 Q2=72 > > > I want to know if squid uses full 30 GB for cache then what will happen? > Shouldn't squid start deleting those cached objects which are not in > use? > Which parameter define that? None , squid will cleanup swap space automatically if needed to store new objects. > > What parameters do I need to check to get best performance and caching. > My squid is currently handling 80 req/sec and during peak hours nearly > 1500 users uses caching server. > I can save maximum 15 % to 18 % bandwidth. Is it possible to save more > bandwidth with better performance?? > > Difficult , I have the same performance for a similar cache. Note that your object hit rate may be higher though. M.
Re: [squid-users] Fwd: Problems with authentication
On 8/17/05, Begoña F <[EMAIL PROTECTED]> wrote: > Hello, > > I have the same problem with this ACL: > > acl password proxy_auth root > acl ea src 192.168.0.0/255.255.0.0 > acl all src 0.0.0.0/0.0.0.0 > acl localhost src 127.0.0.1/255.255.255.255 > acl to_localhost dst 127.0.0.0/8 > acl manager proto cache_object > acl SSL_ports port 443 563 > acl Safe_ports port 80 # http > acl Safe_ports port 21 # ftp > acl Safe_ports port 443 563 # https, snews > acl Safe_ports port 70 # gopher > acl Safe_ports port 210 # wais > acl Safe_ports port 1025-65535 # unregistered ports > acl Safe_ports port 280 # http-mgmt > acl Safe_ports port 488 # gss-http > acl Safe_ports port 591 # filemaker > acl Safe_ports port 777 # multiling http > acl CONNECT method CONNECT > > http_access allow manager > http_access allow localhost > http_access allow password > http_access allow ea > http_access deny !Safe_ports > http_access deny CONNECT !SSL_ports > http_access deny all > > AND THE SAME ERROR: > > Bungled squid.conf line 444: acl password proxy_auth root > > > Check the faq on a detailed example on how to configure ncsa auth. Try to follow this example exactly and watch out for syntax errors. M.
Re: [squid-users] Unsupported method issue
On 8/17/05, Diamond King <[EMAIL PROTECTED]> wrote: > Hi there. Im using squid version 2.5.STABLE10 and runs > on fedora core 4 linux box. Basically, everything is > working fine but i get annoyed of the following lines > in my /var/log/messages as well as cache.log :- > > 2005/08/17 14:46:02| clientReadRequest: FD 49 Invalid > Request > 2005/08/17 14:46:42| parseHttpRequest: Unsupported > method 'REGISTER' > 2005/08/17 14:46:42| clientReadRequest: FD 89 Invalid > Request > 2005/08/17 14:48:25| parseHttpRequest: Unsupported > method 'REGISTER' > 2005/08/17 14:48:25| clientReadRequest: FD 39 Invalid > Request > 2005/08/17 14:49:01| parseHttpRequest: Unsupported > method 'REGISTER' > 2005/08/17 14:49:01| clientReadRequest: FD 149 Invalid > Request > > > This happens on our other squid servers as well, which > is located at remote site. > Some of your clients are usint this method : http://docs.sun.com/source/816-7154-10/dninit.html#25620 You can add this method to extension_methods in squid.conf. As an exercise : don´t do this blindly; try to under stand the implications: M.
Re: [squid-users] squid ldap authentication
On 8/17/05, Ashish <[EMAIL PROTECTED]> wrote: > Hi, > >we have in our network Windows Server 2003 and squid > proxy. Now i want squid to authenticate through server 2003 active > directory. i am using command:- > > auth_param basic program /usr/lib/squid/squid_ldap_auth -b "ou=Users, > dc=example,dc=com" ldapserver > > but it doesn't authenticate through it. Though the dialog for username > and password doeas come but when i enter the username and password it > doesn't authenticate though it. Plz tell me where i am going wrong. I > have already tried ntlm_auth command. > -- - What´s in access.log , and cache.log ? - Check the man page on squid_ldap_auth for configuration info. - Windows 2003 : witch patch level ? - Samba version ? Note that some Windows 2003 patch level requires an upto date samba release. Check the archives, using search tool(s); - Include squid version used in postings. M.
[squid-users] Fwd: Problems with authentication
Hello, I have the same problem with this ACL: acl password proxy_auth root acl ea src 192.168.0.0/255.255.0.0 acl all src 0.0.0.0/0.0.0.0 acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl manager proto cache_object acl SSL_ports port 443 563 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 563 # https, snews acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT http_access allow manager http_access allow localhost http_access allow password http_access allow ea http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access deny all AND THE SAME ERROR: Bungled squid.conf line 444: acl password proxy_auth root Thanks. -- Forwarded message -- From: Begoña F <[EMAIL PROTECTED]> Date: 11-ago-2005 13:34 Subject: Problems with authentication To: squid-users@squid-cache.org Hello, I sent this mail last month, but I couldn't see the list, I repeat the problem, thanks a lot. I have problems with the authentication. I've followed the faq's rules: acl prueba proxy_auth REQUIRED acl network src 192.168.0.0/255.255.0.0 acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 http_access allow localhost http_access allow prueba network root user1 http_access deny all 2. External authenticator program. % cd helpers/basic_auth/NCSA % make % make install 3. Password file 4. Configure the external authenticator in squid.conf. For ncsa_auth you need to give the pathname to the executable and the password file as an argument. For example: auth_param basic program /usr/local/squid/libexec/ncsa_auth /usr/local/squid/etc/passwd But I'm not able to start Squid: /var/messages: squid: Bungled squid.conf line 444: acl prueba proxy_auth REQUIRED Thanks for your help.
[squid-users] squid ldap authentication
Hi, we have in our network Windows Server 2003 and squid proxy. Now i want squid to authenticate through server 2003 active directory. i am using command:- auth_param basic program /usr/lib/squid/squid_ldap_auth -b "ou=Users, dc=example,dc=com" ldapserver but it doesn't authenticate through it. Though the dialog for username and password doeas come but when i enter the username and password it doesn't authenticate though it. Plz tell me where i am going wrong. I have already tried ntlm_auth command. -- Thanks, __ Ashish
