Re: [squid-users] Balasan: [squid-users] Problem on ACL config and performance [SquidNT 2.5 Stable 9]
To Problem 2: It doesn't work. It seems to be a general issue. Redirecting from http to ftp results in a timeout of about 30 sec. - Original Message - From: "pujo mulyono" <[EMAIL PROTECTED]> To: "Andreas Woll" <[EMAIL PROTECTED]>; Sent: Tuesday, September 06, 2005 9:13 AM Subject: [squid-users] Balasan: [squid-users] Problem on ACL config and performance [SquidNT 2.5 Stable 9] answer to question 1: you have to place allowed_url or allowed_dstdomain above blocked_url on the http_access rule: http_access allow allowed_url http_access allow allowed_dstdomain http_access deny blocked_url answer to question 2: try using ftp_user anonymous actually i dont like using squid for proxying ftp connection, i have some problem login some ftp servers also. regards, [EMAIL PROTECTED] --- Andreas Woll <[EMAIL PROTECTED]> menulis: I've got a SQUID running on Windows 2000 Server [SQUIDNT 2.5 Stable 9] with DSL-Line. Normally the system is very performant and working fine, but I've encountered two problems: 1. I've implemented a blocking acl (blocked_url) and it worked fine, but some special addresses (allowed_url) to be accessable are still blocked. Is it possible to build an junction between these two acls to get access to special addresses and all non-blocked? For example: sex is blocked and msexchangefaq.de is allowed. 2. I've got performance problems with ftp downloads especially from hp.com There are normal ftp links but it takes quite a long time for squid to start serving the request. here is the squid.conf. http_port 3128 hierarchy_stoplist cgi-bin ? cache_dir ufs E:/Squid/cache 2 16 256 mime_table E:/Squid/etc/mime.conf pid_filename E:/Squid/log/squid.pid dns_nameservers IP1 IP2 ftp_user [EMAIL PROTECTED] diskd_program E:/Squid/libexec/diskd.exe unlinkd_program E:/Squid/libexec/unlinkd.exe auth_param basic children 5 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hours refresh_pattern ftp: 1440 20Percent 10080 refresh_pattern gopher: 1440 0Percent 1440 refresh_pattern . 0 20Percent 4320 visible_hostname SquidNT icon_directory E:/Squid/share/icons error_directory E:/Squid/share/errors/english coredump_dir E:/Squid/cache cache_access_log E:/Squid/log/access.log cache_log E:/Squid/log/cache.log cache_store_log none emulate_httpd_log off client_netmask 0.0.0.0 #Anonymisierung der Clients log_fqdn off log_mime_hdrs off acl QUERY urlpath_regex cgi-bin \? acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 563 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 563 # https, snews acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT acl CORP-NET src "Range 1" acl CORP-NET src "Range 2" acl CORP-NET src "Range 3" acl CORP-NET src "Range 4" acl CORP-NET src "Range 5" acl CORP-NET src "Range 6" acl VPN-ACCESS src "Range 7" acl streaming rep_mime_type ^video/x-ms-asf ^video/x-ms-sf ^audio/mpeg ^audio/x-mpeg ^audio/x-pn-realaudio ^audio/x-pn-realaudio-plugin ^application/x-mms-framed ^application/vnd.ms.wms-hdr.asfv1 acl block_stream urlpath_regex \.(ra?m|ra|rpm|mpe?g?|mov|m3u|pls|ivf|asf|asx|avi|wax|wma|wmv|wvx|wmp|wmx|m1v|mp2|mp3|mpa|mpe|mpv2)($|\?) acl blocked_url url_regex "E:/Squid/etc/squid-block.acl" acl allowed_url url_regex "E:/Squid/etc/squid-allow.acl" no_cache deny QUERY http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow CORP-NET http_access allow VPN-ACCESS http_access deny blocked_url http_access deny all http_reply_access deny block_stream http_reply_access deny streaming http_reply_access allow CORP-NET http_reply_access allow VPN-ACCESS http_reply_access deny blocked_url http_reply_access deny all icp_access deny all snmp_access deny all I would appreciate your help. Thank you. Andreas Apakah Anda Yahoo!? Sekarang dengan penyimpanan 1GB http://id.mail.yahoo.com/
[squid-users] squid and samba don't work
Hi, All! I've RedHat Linux 3 Enterprise Edition with Squid (2.5.STABLE7) and Samba (Version 3.0.0-14.3E) installed on C2.4GHz/512Mb/80Gb computer. Squid configured with Windows domain authentication using samba's winbind. All works fine. When server works for 3 or 4 month and I restart samba's services (smbd, nmbd and winbind) domain authentication doesn't work (wbinfo -u shows nothing, squid doesn't authenticate users, so do apache, which is also installed on this server). There are several strings also appears in squid's cache.log [2005/09/08 10:30:01, 1] utils/ntlm_auth.c:manage_squid_request(1042) fgets() failed! dying. errno=0 (Success) Restarting server computer don't solve this problem. I've found temporary solution. I stop squid, delete all files from squid's cache dir, then run 'squid -Z' command and finally start squid itself. After it all services works for several month... Here is output from df -B M command File system 1M-bloksUsedFree Used%Mouted to /dev/sda210077 2477 7088 26% / /dev/sda1 19810 179 5% /boot none 243 0 243 0% /dev/shm /dev/sda566008 2328 60328 4% /var Any ideas? Thanks in advance. Fyodor
[squid-users] strange squid
Hi all, Squid is driving me crazy. Suddenly, from friday 2 squid began stopping browsing. without stopping service or error message anywhere. Just clients can´t browse through proxy but can directly to the internet. Squid restarting doesn´t solve anything. and don´t have any related warning in squid.log. It can happen even 3 times in a morning. so Any idea? Yours from Venezuela. Daniel Navarro __ Correo Yahoo! Espacio para todos tus mensajes, antivirus y antispam ¡gratis! Regístrate ya - http://correo.espanol.yahoo.com/
[squid-users] Auth questions...
Hello all. I am trying to get a way of authenticating users for my squid proxy content filter. I have 3 paths for users to get in. 1. Dialup: I authenticate them from the log files from my IAS server (OK, user="username"). 2. Accelerator access: Passes a username using a custom http header from the client accel program. 3. DSL I get the IP address at signup and add that to a ACL list with an allow. The problem I have is I want to identify the DSL clients another way. Their IP's change too often. I would like to use a custom http header variables that I add to the users browser. The problem is I cannot find anything on doing that. Has any one done something like this before (and can point me in the right direction) OR does anyone know of any other options I have to authenticate my DSL users? Ryan Lamberton FamiLink Company Clean Internet Access
RE: [squid-users] cache hit and byte hit ratio
Thanks Chris I increased my maximum_object size to 128mb ( earlier it was 32 MB ) And I changes replacement policy also. I can see my byte hit ratio has increased to 20-25 %. How can I further increase it. What other parameter I must consider. I have noticed lot of traffic for windows update. Is there any way to cache that. I tried using refresh pattern for same but I still get TCP_MISS. Thanks - LK -Original Message- From: Chris Robertson [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 06, 2005 6:41 PM To: squid-users@squid-cache.org Subject: RE: [squid-users] cache hit and byte hit ratio > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] > Sent: Monday, September 05, 2005 3:22 AM > To: squid-users@squid-cache.org > Subject: [squid-users] cache hit and byte hit ratio > > > Hi > > I am running squid 2.5.10 stable. > I noticed cache hit ratio on my server is 30 % but byte hit ratio is > less than 15 %. > How can I increase byte hit ratio. I want to save BW. I am not able to > save much. > > Thanks > LK What have you done so far? Look into "maximum_object_size", and the "heap LFUDA" cache(and memory)_replacement_policy. They can make a big difference in cache ratios. Chris Disclaimer The information contained in this e-mail, any attached files, and response threads are confidential and may be legally privileged. It is intended solely for the use of individual(s) or entity to which it is addressed and others authorised to receive it. If you are not the intended recipient, kindly notify the sender by return mail and delete this message and any attachment(s) immediately. Save as expressly permitted by the author, any disclosure, copying, distribution or taking action in reliance on the contents of the information contained in this e-mail is strictly prohibited and may be unlawful. Unless otherwise clearly stated, and related to the official business of Accelon Nigeria Limited, opinions, conclusions, and views expressed in this message are solely personal to the author. Accelon Nigeria Limited accepts no liability whatsoever for any loss, be it direct, indirect or consequential, arising from information made available in this e-mail and actions resulting there from. For more information about Accelon Nigeria Limited, please see our website at http://www.accelonafrica.com **
Re: [squid-users] Block HTTP-Tunnel (WOW)
On Tue, 6 Sep 2005, Lasse [iso-8859-1] Mørk wrote: Anyway. It could be interestering to know what to look for in the accesslog A I said in my last message: What you should look out for is odd patterns in - Same client making very many requests to a given server - Long running CONNECT requests - CONNECT requests to odd ports (there is good reasons why the default config restricts CONNECT to a small set of well known ports only). And if you enable log_mime_hdrs these tunnelin agents sometimes can be identified by their request or response headers. If such identification can be done then you can make Squid access rules imposing a general ban of the use of that relay agent (at least until the agent is changed to use other request/response headers...) Regards Henrik
RE: [squid-users] Startup fails
> -Original Message- > From: Bob Ambroso [mailto:[EMAIL PROTECTED] > Sent: Thursday, September 08, 2005 11:20 AM > To: squid-users@squid-cache.org > Subject: RE: [squid-users] Startup fails > > > It is a url_regex acl.and calls a file stored locally that is > about 7mb. How then do I use this list of banned sites to > control access without the use of url_regex? url_regex can be very cpu intensive, especially for long lists. You will get better performance from dst or dstdomain acls. > > Thanks for any and all replies.. > > \Bob > > -Original Message- > From: Chris Robertson [mailto:[EMAIL PROTECTED] > Sent: Thursday, September 08, 2005 9:44 AM > To: squid-users@squid-cache.org > Subject: RE: [squid-users] Startup fails > > > -Original Message- > > From: Bob Ambroso [mailto:[EMAIL PROTECTED] > > Sent: Thursday, September 08, 2005 7:46 AM > > To: squid-users@squid-cache.org > > Subject: [squid-users] Startup fails > > > > > > I have a basic squid install and I added an acl that uses a list of > > banned sites. The list is quite comprehensive (say 7mb) and > when squid > > tries to start it chugs along then fails with kerneL out of memory.. > > > > The machine I am using is a PII with 384 megs of ram. When > I use top I > > can see that while it is starting squid will use most of the ram > > (289-369 mb's of ram) till it fails... Without the text > file it start > > up no problem.. I created the list using MS notepad (not > sure if that > > is what is causing the problem but thought I would throw it out > > there..) I > > have tweaked some of the default settings without any luck. > > > > \Bob > > > > Bob Ambroso > > Whittier Public Library > > 7344 S. Washington Ave > > Whittier, CA 90602 > > (562) 464-3452 > > What does kind of ACL are you using to call this file? > "url_regex" (or indeed anything involving regex) would be > very bad in this case. > > Chris > > This electronic message transmission is a PRIVATE communication which contains information which may be confidential or privileged. The information is intended to be for the use of the individual or entity named above. If you are not the intended recipient, please be aware that any disclosure, copying, distribution or use of the contents of this information is prohibited. Please notify the sender of the delivery error by replying to this message, or notify us by telephone (877-633-2436, ext. 0), and then delete it from your system.
RE: [squid-users] Startup fails
It is a url_regex acl.and calls a file stored locally that is about 7mb. How then do I use this list of banned sites to control access without the use of url_regex? Thanks for any and all replies.. \Bob -Original Message- From: Chris Robertson [mailto:[EMAIL PROTECTED] Sent: Thursday, September 08, 2005 9:44 AM To: squid-users@squid-cache.org Subject: RE: [squid-users] Startup fails > -Original Message- > From: Bob Ambroso [mailto:[EMAIL PROTECTED] > Sent: Thursday, September 08, 2005 7:46 AM > To: squid-users@squid-cache.org > Subject: [squid-users] Startup fails > > > I have a basic squid install and I added an acl that uses a list of > banned sites. The list is quite comprehensive (say 7mb) and when squid > tries to start it chugs along then fails with kerneL out of memory.. > > The machine I am using is a PII with 384 megs of ram. When I use top I > can see that while it is starting squid will use most of the ram > (289-369 mb's of ram) till it fails... Without the text file > it start up > no problem.. I created the list using MS notepad (not sure if that is > what is causing the problem but thought I would throw it out > there..) I > have tweaked some of the default settings without any luck. > > \Bob > > Bob Ambroso > Whittier Public Library > 7344 S. Washington Ave > Whittier, CA 90602 > (562) 464-3452 What does kind of ACL are you using to call this file? "url_regex" (or indeed anything involving regex) would be very bad in this case. Chris
RE: [squid-users] Startup fails
>>> -Original Message- >>> From: Bob Ambroso [mailto:[EMAIL PROTECTED] >>> Sent: Thursday, September 08, 2005 7:46 AM >>> To: squid-users@squid-cache.org >>> Subject: [squid-users] Startup fails >>> >>> >>> I have a basic squid install and I added an acl that uses a list of >>> banned sites. The list is quite comprehensive (say 7mb) and when squid >>> tries to start it chugs along then fails with kerneL out of memory.. >>> >>> The machine I am using is a PII with 384 megs of ram. When I use top I >>> can see that while it is starting squid will use most of the ram >>> (289-369 mb's of ram) till it fails... Without the text file >>> it start up >>> no problem.. I created the list using MS notepad (not sure if that is >>> what is causing the problem but thought I would throw it out >>> there..) I >>> have tweaked some of the default settings without any luck. >>> >>> \Bob >>> >>> Bob Ambroso >>> Whittier Public Library >>> 7344 S. Washington Ave >>> Whittier, CA 90602 >>> (562) 464-3452 >> >> -Original Message- >> From: Chris Robertson [mailto:[EMAIL PROTECTED] >> Sent: Thursday, September 08, 2005 9:44 AM >> To: squid-users@squid-cache.org >> Subject: RE: [squid-users] Startup fails >> >> What does kind of ACL are you using to call this file? >> "url_regex" (or >> indeed anything involving regex) would be very bad in this case. >> >> Chris >> > > -Original Message- > From: Bob Ambroso [mailto:[EMAIL PROTECTED] > Sent: Thursday, September 08, 2005 8:54 AM > To: Chris Robertson > Subject: RE: [squid-users] Startup fails > > > Indeed it is url_regex > What should I do to control access to banned sites using this type of > text file? > \Bob > Please reply to the list. There are others out there who may have more accurate information than I. Use dstdomain instead of url_regex. You might also want to read the FAQ section on ACLs (http://www.squid-cache.org/Doc/FAQ/FAQ-10.html). Chris
RE: [squid-users] Startup fails
> -Original Message- > From: Bob Ambroso [mailto:[EMAIL PROTECTED] > Sent: Thursday, September 08, 2005 7:46 AM > To: squid-users@squid-cache.org > Subject: [squid-users] Startup fails > > > I have a basic squid install and I added an acl that uses a list of > banned sites. The list is quite comprehensive (say 7mb) and when squid > tries to start it chugs along then fails with kerneL out of memory.. > > The machine I am using is a PII with 384 megs of ram. When I use top I > can see that while it is starting squid will use most of the ram > (289-369 mb's of ram) till it fails... Without the text file > it start up > no problem.. I created the list using MS notepad (not sure if that is > what is causing the problem but thought I would throw it out > there..) I > have tweaked some of the default settings without any luck. > > \Bob > > Bob Ambroso > Whittier Public Library > 7344 S. Washington Ave > Whittier, CA 90602 > (562) 464-3452 What does kind of ACL are you using to call this file? "url_regex" (or indeed anything involving regex) would be very bad in this case. Chris
RE: [squid-users] squid_ldap_group issue.
Hi, At 18.26 08/09/2005, Hillaert, Todd wrote: Thanks for the reply, Please, when replying, CC the squid-users list too. Ive switched the config to external_acl_type ldap_group %LOGIN C:/squid/libexec/squid_ldap_group.exe .. and received the same results as before, We need to know what is wrongly parsed. If you have a working cachemgr.cgi, you can use it to see the currently loaded in memory squid configuration. Or you can use squidclient from command line: squidclient -U manager -W configuredpwd mgr:config To do this, you need to configure the cachemgr_passwd directive in squid.conf. Regards Guido - Guido Serassio Acme Consulting S.r.l. - Microsoft Certified Partner Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY Tel. : +39.011.9530135 Fax. : +39.011.9781115 Email: [EMAIL PROTECTED] WWW: http://www.acmeconsulting.it/
Re: [squid-users] Squid Win32 AD Lookup
Hi, At 03.06 06/09/2005, Mark Unwin wrote: I have setup Squid for Win32, and it is functioning fine. Management wish to log user names for those using the proxy. I have installed ident for Windows on a few boxes - this is working fine (logging the usernames in c:\squid\log\access.log) I have the logs being parsed (daily) into a MySQL database, and some php scripts generating reports as needed. This is all good - thanks to the Squid guys. My question is - how can I enable Squid (on Win32), to automatically store the user name of the user, in the log, using an Active Directory lookup ? Thus avoiding the need to install an ident service on each Windows machine. Squid.conf examples would be much appreciated. Look for NTLM authentication in the mailing list archive, there are many and many threads about this on the squid-users list. Configuration samples are provided in the SquidNT documentation. Regards Guido - Guido Serassio Acme Consulting S.r.l. - Microsoft Certified Partner Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY Tel. : +39.011.9530135 Fax. : +39.011.9781115 Email: [EMAIL PROTECTED] WWW: http://www.acmeconsulting.it/
Re: [squid-users] txt file acl with squid on xp via cygwin
Hi, At 23.20 07/09/2005, Kyle Dunn wrote: I need my squid running on XP via cygwin to point to a file residing in C:\squid\etc\blocked.txt. squid returns a file not found when trying multiple combinations of syntax including cygdrive/c/squid/etc/blocked.txt etc/blocked.txt and many other combinations i have tried. please help i currently have it set as: acl blocked url_regex "etc/blocked.txt" in the squid.conf file It should work using c:/squid/etc/blocked.txt Regards Guido - Guido Serassio Acme Consulting S.r.l. - Microsoft Certified Partner Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY Tel. : +39.011.9530135 Fax. : +39.011.9781115 Email: [EMAIL PROTECTED] WWW: http://www.acmeconsulting.it/
[squid-users] Startup fails
I have a basic squid install and I added an acl that uses a list of banned sites. The list is quite comprehensive (say 7mb) and when squid tries to start it chugs along then fails with kerneL out of memory.. The machine I am using is a PII with 384 megs of ram. When I use top I can see that while it is starting squid will use most of the ram (289-369 mb's of ram) till it fails... Without the text file it start up no problem.. I created the list using MS notepad (not sure if that is what is causing the problem but thought I would throw it out there..) I have tweaked some of the default settings without any luck. \Bob Bob Ambroso Whittier Public Library 7344 S. Washington Ave Whittier, CA 90602 (562) 464-3452 This electronic transmission, and any documents attached hereto, may contain confidential and/or legally privileged information. The information is intended for the sole use of the recipient named above. If you have received this electronic message in error, please notify the sender and delete the electronic message. Any disclosure, copying, distribution, or use of the contents of information received in error is strictly prohibited.
Re: [squid-users] make install-strip fails
Hi, At 02.07 07/09/2005, Leonardo Rodrigues Magalhães wrote: Hello Guys, I tried to use 'make install-strip' instead of 'make install' but that fails. You can try the following: In the squid source directory run make install, after: cd src make install-strip cd ../helpers make install-strip Regards Guido - Guido Serassio Acme Consulting S.r.l. - Microsoft Certified Partner Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY Tel. : +39.011.9530135 Fax. : +39.011.9781115 Email: [EMAIL PROTECTED] WWW: http://www.acmeconsulting.it/
[squid-users] remote 403 error through squid
Having an issue with a particular website giving me a 403 forbidden error. Details: If i hit the website as http://we.bs.ite/ I get a 403 error from the webserver there, I'm guessing its denying me a directory listing. When I bypass the proxy and use the same url the page loads correctly. Interestingly, when I go through squid and enter the url as http://we.bs.ite// (note the extra slash) it comes up fine. Is this a misconfiguration on my end or the remote web servers issue? This seems to be the only site I'm having an issue with. Thanks, Thomas
Re: [squid-users] squid_ldap_group issue.
Hi, Il 16.25 08/09/2005 Hillaert, Todd ha scritto: Hi, I'm running squid (Squid Cache version 2.5.STABLE10-NT) on a Windows 2003 server. cut >external_acl_type ldap_group %LOGIN C:\squid\libexec\squid_ldap_group.exe -b DC=MyCompany,DC=com -D CN=adquery,OU=MySite,DC=MyCompany,DC=com -w adpassword -f &(objectclass=person)(sAMAccountName=%v)(memberof=cn=%a,cn=users,dc=MyCompany,dc=com)) adserver.mycompany.com So far I've tried the squid.config file in dos format as well as UNIX format, and I've tried numerous combinations of " and ' around the squid_ldap_group.exe and its parameters. so far all have the same result, it's like no switches are being passed to squid_ldap_group.exe any suggestions would be greatly appreciated, thanks in advance for your time. Try using "/" char instead of "\" in the program path as specified in the SquidNT documentation. Regards Guido - Guido Serassio Acme Consulting S.r.l. - Microsoft Certified Partner Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY Tel. : +39.011.9530135 Fax. : +39.011.9781115 Email: [EMAIL PROTECTED] WWW: http://www.acmeconsulting.it/
Re: [squid-users] steps to verify
On 9/8/05, kashif Mazhar <[EMAIL PROTECTED]> wrote: > I am feeling from last few days that my squid is not working > satiosfactorilly, i have check the stope.log and access.log everythign > seems very fine hits are also normal.and bandwidth is also enough..but > still i am not satisfy with it..is it my some mental confusion or > there would be any thing wrong ..every month i also rotate squid logs. When you rotate logs, you might consider running a log parser such as "Calamaris" against the logged events. > so plz tell me comprehensively abt the steps to tunned the squida and > verify it's effeciency.. Please define "effeciency". Kevin Kadow -- efficacious (adj) having the power to produce a desired effect
Re: [squid-users] steps to verify
* On 08/09/05 19:07 +0500, kashif Mazhar wrote: > Good evening, > > I am feeling from last few days that my squid is not working > satiosfactorilly, i have check the stope.log and access.log everythign > seems very fine hits are also normal.and bandwidth is also enough..but > still i am not satisfy with it..is it my some mental confusion or > there would be any thing wrong ..every month i also rotate squid > logs.. > > so plz tell me comprehensively abt the steps to tunned the squida and > verify it's effeciency.. Clearly, you just need brain-tuning ;-)) At least that one first, it will remove the doubts you have right now. It will also help you to ask subjective questions! -Wash http://www.netmeister.org/news/learn2quote.html -- +==+ |\ _,,,---,,_ | Odhiambo Washington<[EMAIL PROTECTED]> Zzz /,`.-'`'-. ;-;;,_ | Wananchi Online Ltd. www.wananchi.com |,4- ) )-,_. ,\ ( `'-'| Tel: +254 20 313985-9 +254 20 313922 '---''(_/--' `-'\_) | GSM: +254 722 743223 +254 733 744121 +==+ "A raccoon tangled with a 23,000 volt line today. The results blacked out 1400 homes and, of course, one raccoon." -- Steel City News
Re: [squid-users] Configuring squid.conf via a broswer
* On 08/09/05 08:00 -0600, Kyle Dunn wrote: > How do i enable this configuration via a browser as I have seen others do? Webmin, perhaps? But surely, webmin is not supposed to read squid.conf and understand it for you, neither can it do all the nifty stuff you can do if you read the FAQ, the documentation and configured all that stuff. Perhaps you want to just run Microshit Proxy? ;) -Wash http://www.netmeister.org/news/learn2quote.html -- +==+ |\ _,,,---,,_ | Odhiambo Washington<[EMAIL PROTECTED]> Zzz /,`.-'`'-. ;-;;,_ | Wananchi Online Ltd. www.wananchi.com |,4- ) )-,_. ,\ ( `'-'| Tel: +254 20 313985-9 +254 20 313922 '---''(_/--' `-'\_) | GSM: +254 722 743223 +254 733 744121 +==+ Question: Man Invented Alcohol, God Invented Grass. Who do you trust?
[squid-users] squid_ldap_group issue.
Hi, I'm running squid (Squid Cache version 2.5.STABLE10-NT) on a Windows 2003 server. I'm having trouble with the authentication helper program starting properly. >From the command line I can run squid_ldap_group.exe against Active Directory >and receive ERR for bad input, and OK for good input, for example: >C:\squid\libexec\squid_ldap_group.exe -b DC=MyCompany,DC=com -D >CN=adquery,OU=MySite,DC=MyCompany,DC=com -w adqpassword -f >&(objectclass=person)(sAMAccountName=%v)(memberof=cn=%a,cn=users,dc=MyCompany,dc=com)) > adserver.mycompany.com >validUserName badGroup >ERR >validUserName ProxyAllowed >OK When if copy that working line into the squid.config file as below: >external_acl_type ldap_group %LOGIN C:\squid\libexec\squid_ldap_group.exe -b >DC=MyCompany,DC=com -D CN=adquery,OU=MySite,DC=MyCompany,DC=com -w adpassword >-f >&(objectclass=person)(sAMAccountName=%v)(memberof=cn=%a,cn=users,dc=MyCompany,dc=com)) > adserver.mycompany.com >acl Proxy_Allowed external ldap_group ProxyAllowed >http_access allow Proxy_Allowed I see this in my cache.log -- 2005/09/07 17:30:12| helperOpenServers: Starting 5 'C:\squid\libexec\squid_ldap_group.exe' processes squid_ldap_group version 2.17-2.5 Usage: squid_ldap_group -b basedn -f filter [options] ldap_server_name -b basedn (REQUIRED)base dn under where to search for groups -f filter (REQUIRED)group search filter pattern. %v = user, %a = group -B basedn (REQUIRED)base dn under where to search for users -F filter (REQUIRED)user search filter pattern. %s = login -s base|one|sub search scope -D binddn DN to bind as to perform searches -w bindpasswd password for binddn -W secretfile read password for binddn from file secretfile -h server LDAP server (defaults to localhost) -p port LDAP server port (defaults to 389) -P persistent LDAP connection -c timeout connect timeout -t timelimitsearch time limit -R do not follow referrals -a never|always|search|find when to dereference aliases -v 2|3 LDAP version -Z TLS encrypt the LDAP connection, requires LDAP version 3 -g first query parameter is base DN extension for this query -S Strip NT domain from usernames If you need to bind as a user to perform searches then use the -D binddn -w bindpasswd or -D binddn -W secretfile options squid_ldap_group version 2.17-2.5 ...same as above 4 more times... So far I've tried the squid.config file in dos format as well as UNIX format, and I've tried numerous combinations of " and ' around the squid_ldap_group.exe and its parameters. so far all have the same result, it's like no switches are being passed to squid_ldap_group.exe any suggestions would be greatly appreciated, thanks in advance for your time. Todd
[squid-users] Configuring squid.conf via a broswer
How do i enable this configuration via a browser as I have seen others do?
[squid-users] steps to verify
Good evening, I am feeling from last few days that my squid is not working satiosfactorilly, i have check the stope.log and access.log everythign seems very fine hits are also normal.and bandwidth is also enough..but still i am not satisfy with it..is it my some mental confusion or there would be any thing wrong ..every month i also rotate squid logs.. so plz tell me comprehensively abt the steps to tunned the squida and verify it's effeciency.. Thankx. Kashif
[squid-users] Distributing Bandwidth ::
hi, how can I make sure that all users get an equal amount of bandwidth in squid? I would like to avoid one abusing user blocking the others and sucking all available bandwidth. However, if that's the only user using squid at that time, it's ok for her to use all available bandwidth. Would it be possible to have such a setup, and how? thank you :) Marco
Re: [squid-users] Can external_acl_type(or something else) work in 2.4 stable 6
On 9/7/05, FamiLink Admin <[EMAIL PROTECTED]> wrote: > Hello all: > I have this working on Squid 2.5 stable 3 but need to know if it would work > on 2.4 stable 6 and what I would need to change if it does (I don't see > "external" as an option in 2.4) I also read (Squid, the Definitive Guide - > O'REILY) that this is not part of 2.4 stable 6, so is there any other way to > get it working? > >... The external_acl_type is only available in squid 2.5 M.
Re: [squid-users] strange problem with www.evangel.org.sg
On 08.09 17:34, Tay Teck Wee wrote: > From: Tay Teck Wee <[EMAIL PROTECTED]> > Date: Thu, 8 Sep 2005 17:34:42 +0800 (CST) > Subject: Re: [squid-users] strange problem with www.evangel.org.sg > To: Matus UHLAR - fantomas <[EMAIL PROTECTED]>, squid-users@squid-cache.org ^^ pardon me, I do NOT need direct reply - that's why I have set up Mail-Followup-To: squid-users@squid-cache.org in my emails' headers > Just like to check if you are able to view the site > http://www.evangel.org.sg in your browser(configured > to go thru your squid-box)? > > My experience: > www.evangel.org.sg - not ok > evangel.org.sg - ok > 203.127.19.66 - ok I confirm. That server is broken in more ways, not just invalid HTTP/1.1 reply. -- Matus UHLAR - fantomas, [EMAIL PROTECTED] ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. The early bird may get the worm, but the second mouse gets the cheese.
Re: [squid-users] strange problem with www.evangel.org.sg
Thanks for the reply. Just like to check if you are able to view the site http://www.evangel.org.sg in your browser(configured to go thru your squid-box)? My experience: www.evangel.org.sg - not ok evangel.org.sg - ok 203.127.19.66 - ok Regards, Tay --- Matus UHLAR - fantomas <[EMAIL PROTECTED]> wrote: > On 07.09 23:12, Tay Teck Wee wrote: > > Sorry I really dun get your message. > > That webserver is broken, invalid, bad. The error > may be caused by this > problem. > > > GET /index.html HTTP/1.0 > > > > HTTP/1.1 200 OK > > If client uses HTTP/1.0 protocol, server MUST NOT > request HTTP/1.1 but this > one does. This is violation of HTTP protocol and > such server is not supposed > to work, correctly, which also means unexpected > results. > > Squid sends this request to the server: > > GET / HTTP/1.0 > Via: 1.0 proxy1.nextra.sk:3128 (squid/2.5.STABLE10) > X-Forwarded-For: 195.168.29.2 > Host: www.evangel.org.sg > Cache-Control: no-cache, must-revalidate, > max-age=259200 > Connection: keep-alive > > simply trying showed that the server is not able to > understand > Cache-Control: max-age=259200 and refuses the > request. > > -- > Matus UHLAR - fantomas, [EMAIL PROTECTED] ; > http://www.fantomas.sk/ > Warning: I wish NOT to receive e-mail advertising to > this address. > Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek > reklamnu postu. > Honk if you love peace and quiet. > Send instant messages to your online friends http://asia.messenger.yahoo.com
Re: [squid-users] Acl List Order
On Thu, Sep 08, 2005 at 05:55:48PM +0930, Mark Day wrote: > How could I extend the following lines to allow groups of IP's > > acl restrictedusers src 192.168.100.127/255.255.255.255 > acl unrestrictedusers src 192.168.100.45/255.255.255.255 A bit complicated. This does the same: acl restrictedusers src 192.168.100.127 acl unrestrictedusers src 192.168.100.45 If you want multiple IPs you can either put them on the same line like this: acl group-of-ips src 192.168.100.126 192.168.100.129 192.168.100.5 ...or use external files... acl group-of-ips src "/etc/squid/ips.txt" And create that file with one IP address or network per line. See also the documentation at www.squid-cache.org about ACLs or my Wiki entry at workaround.org/moin/HowSquidAclsWork Christoph -- ~ ~ ~ ".signature" [Modified] 3 lines --100%--3,41 All
RE: [squid-users] Acl List Order
Thanks Chris. It's working but no it's time to tweak. How could I extend the following lines to allow groups of IP's acl restrictedusers src 192.168.100.127/255.255.255.255 acl unrestrictedusers src 192.168.100.45/255.255.255.255 Cheers, mark. > -Original Message- > From: Christoph Haas [mailto:[EMAIL PROTECTED] > Sent: Wednesday, 7 September 2005 11:43 PM > To: squid-users@squid-cache.org > Subject: Re: [squid-users] Acl List Order > > On Wed, Sep 07, 2005 at 08:35:42PM +0930, Mark Day wrote: > > Could anyone help me sort the order of my ACL lists? > > [...] > > I assume your problem has been solved on IRC already. Just to > save others time. :) > > Christoph > -- > ~ > ~ > ~ > ".signature" [Modified] 3 lines --100%--3,41 >All > >
RE: [squid-users] Acl List Order
Thanks Chris. It's working but no it's time to tweak. How could I extend the following lines to allow groups of IP's acl restrictedusers src 192.168.100.127/255.255.255.255 acl unrestrictedusers src 192.168.100.45/255.255.255.255 Cheers, mark. > -Original Message- > From: Christoph Haas [mailto:[EMAIL PROTECTED] > Sent: Wednesday, 7 September 2005 11:43 PM > To: squid-users@squid-cache.org > Subject: Re: [squid-users] Acl List Order > > On Wed, Sep 07, 2005 at 08:35:42PM +0930, Mark Day wrote: > > Could anyone help me sort the order of my ACL lists? > > [...] > > I assume your problem has been solved on IRC already. Just to > save others time. :) > > Christoph > -- > ~ > ~ > ~ > ".signature" [Modified] 3 lines --100%--3,41 >All > >
Re: [squid-users] strange problem with www.evangel.org.sg
On 07.09 23:12, Tay Teck Wee wrote: > Sorry I really dun get your message. That webserver is broken, invalid, bad. The error may be caused by this problem. > GET /index.html HTTP/1.0 > > HTTP/1.1 200 OK If client uses HTTP/1.0 protocol, server MUST NOT request HTTP/1.1 but this one does. This is violation of HTTP protocol and such server is not supposed to work, correctly, which also means unexpected results. Squid sends this request to the server: GET / HTTP/1.0 Via: 1.0 proxy1.nextra.sk:3128 (squid/2.5.STABLE10) X-Forwarded-For: 195.168.29.2 Host: www.evangel.org.sg Cache-Control: no-cache, must-revalidate, max-age=259200 Connection: keep-alive simply trying showed that the server is not able to understand Cache-Control: max-age=259200 and refuses the request. -- Matus UHLAR - fantomas, [EMAIL PROTECTED] ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Honk if you love peace and quiet.
