Re: [squid-users] How to block

[Boniforti Flavio]

Mark Elsen wrote:

... www.pandora.com, while not blocking it's URL?
I mean: I'm trying to find out if there's a way to block this "radio
station", which streams via Flash-7 plugin. Any advice for me?




  Check the squid FAQ on access controls.


Yup, I know how to block based on domain URLs and also based on MIME 
Types (req or rep). It just seems that I can't be blocking that site in 
any other way than blocking the domain. Do you all agree?


--
---
Boniforti Flavio
Provincia del Verbano-Cusio-Ossola
Ufficio Informatica

Tecnoparco del Lago Maggiore
Via dell'Industria, 25
28924 Verbania
---

[squid-users] Squid + ntlm authentication with not trusted domains

[Andre Fernando Goldacker]

Hi,

My squid is running with ntlm authentication against MS AD 2k. Is there a way 
to configure squid using ntlm to authenticate users that aren't members of my 
current domain and neither members of a trusted domain? I have a mixed MS 
AD/NT4 environment with some NT4 domains on a WAN. Also, sometimes I have users 
that come with notebooks and I don't want them to join my domain or change 
their workgroup, but they need to go through the proxy. My goal is to get rid 
of MS Proxy 2.0 which I'm currently using and does this job, and squid always 
asks for username and password for that kind of users which have to inform my 
domain\username and pass to go through, I want to know if squid can also like 
MS Proxy "forget" the domain part and authenticate them as if they were part of 
the domain.
Any help will be very much appreciated,

André

[squid-users] problem with "cache_peer" parameter

[gnia gnia]

hi all,


Here is my squid.conf :



#  SQUID CONFIGURATION #


http_port 8080

cache_peer 160.13.1.21 parent 8081 0 no-query default
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_mem 32 MB
cache_swap_low 90
cache_swap_high 95
maximum_object_size 4096 KB
ipcache_size 1024
ipcache_low 90
ipcache_high 95
cache_dir ufs /opt/squid/cache 1000 16 256
cache_access_log /opt/squid/logs/access.log
cache_log /opt/squid/logs/cache.log
cache_store_log none
pid_filename /usr/local/squid/var/logs/squid.pid
client_netmask 255.255.255.255
ftp_user anonymous
hosts_file /etc/hosts

auth_param basic program /usr/local/squid/libexec/ncsa_auth
/usr/local/squid/etc/passwd

auth_param basic children 5
auth_param basic realm gnia
auth_param basic credentialsttl 2 hours

external_acl_type check_ip %SRC %LOGIN
/usr/local/squid/bin/ip_user_check -f
/usr/local/squid/etc/ip_user_check.conf

refresh_pattern ^ftp:   144020% 10080
refresh_pattern ^gopher:14400%  1440
refresh_pattern .   0   20% 4320

quick_abort_min 16 KB
quick_abort_max 16 KB
quick_abort_pct 95


# ACCESS CONTROLS
# -

acl all src 0.0.0.0/0.0.0.0

acl gnia src 160.13.0.0/255.255.0.0
acl ip_src external check_ip

acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80  # http
acl Safe_ports port 21  # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70  # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT

acl site_bull dst "/usr/local/squid/conf/site_bull"
acl acces_bull src "/usr/local/squid/conf/acces_bull"
acl site_cia dst "/usr/local/squid/conf/site_cia"
acl acces_cia src "/usr/local/squid/conf/acces_cia"

http_access allow acces_bull site_bull gnia ip_src
http_access allow acces_cia site_cia gnia ip_src
http_access deny acces_bull
http_access deny acces_cia

http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports

never_direct allow all
http_access allow gnia ip_src

http_access deny all

http_reply_access allow all

icp_access allow all


cache_effective_user squid
cache_effective_group squid

visible_hostname proxy

logfile_rotate 10

ie_refresh off



# END  #








My proxy (160.13.1.21) is behind a firewall

When I connect a proxy client to the web, I receive the following
error message in cache.log :


2005/11/30 11:42:43| Detected DEAD Parent: 160.13.1.21/8081/0
2005/11/30 11:42:43| TCP connection to 160.13.1.21/8081 failed
2005/11/30 11:42:44| Failed to select source for 'http://www.google.fr/'
2005/11/30 11:42:44|   always_direct = 0
2005/11/30 11:42:44|never_direct = 1
2005/11/30 11:42:44|timedout = 0



And there is another warning in access.log :


1133343958.794  2 160.13.54.27 TCP_DENIED/407 1639 GET
http://www.google.fr/ - NONE/- text/html
1133343962.763975 160.13.54.27 TCP_MISS/503 1342 GET
http://www.google.fr/ tpa NONE/- text/html

Any idea?
Thanks in advance!
Regards

[squid-users] Adding SquidGuard to Squid with NTLM Auth

[Noc Phibee]

Hi

a small question:

the redirect directive in config file, are loaded after the 
authentification by

ntlm_auth ?

Thanks bye

Re: [squid-users] RE: ICAP patch for 2.5.STABLE12 breaks ntlm_auth module

[Luca Maranzano]

Hi,

yes, I'd be glad to try it out :-)

Thank you!
Regards,
Luca

On Wed, Nov 30, 2005 at 08:47:45AM +0100, Baumgaertel, Oliver wrote:
>  
> 
> Hello.
> 
> I've been told that they are currently rewriting some bigger parts of it
> and that I am to use an "older" patch.
> 
> However, I have a working (with Stable12), rather current version of the
> ICAP patch, together with some "hotfixes" which help getting rid of some
> assertions without compromising the stability. It already has a working
> fix for the "icap no keep-alive issue" too, which is a big plus,
> especially together with NTLM.
> 
> If you like I'll send those to you.
> 
> regards, Oliver Baumgaertel
> 
> -Original Message-
> From: Luca Maranzano [mailto:[EMAIL PROTECTED] 
> Sent: Dienstag, 29. November 2005 12:37
> To: squid-users@squid-cache.org
> Subject: [squid-users] ICAP patch for 2.5.STABLE12 breaks ntlm_auth
> module
> 
> Hello all,
> 
> I'm trying to add ICAP support to my Squid 2.5.STABLE12 on Debian 3.1.
> 
> I've downloaded the sources and the patch from CVS
> http://devel.squid-cache.org/cgi-bin/diff2/icap-2.5.patch?s2_5
> 
> I've configured Squid with the ntlm authentication module.
> 
> The patch applies fine, but I get the following error during
> compilation in the auth_ntlm module:
> 
> gcc -DHAVE_CONFIG_H -I. -I. -I../../include -I. -I../../include
> -I../../include -I../../src/-m32 -D_LARGEFILE_SOURCE
> -D_FILE_OFFSET_BITS=64 -g -O2 -Wall -D_REENTRANT -c -o
> ntlm/auth_ntlm.o `test -f ntlm/auth_ntlm.c || echo
> './'`ntlm/auth_ntlm.c
> ntlm/auth_ntlm.c: In function `authenticateNTLMFixErrorHeader':
> ntlm/auth_ntlm.c:335: error: structure has no member named
> `proxy_keepalive'
> ntlm/auth_ntlm.c:346: error: structure has no member named
> `proxy_keepalive'
> ntlm/auth_ntlm.c:358: error: structure has no member named
> `proxy_keepalive'
> make[5]: *** [ntlm/auth_ntlm.o] Error 1
> make[5]: Leaving directory `/usr/src/squid-2.5.12/src/auth'
> make[4]: *** [all-recursive] Error 1
> make[4]: Leaving directory `/usr/src/squid-2.5.12/src/auth'
> make[3]: *** [all-recursive] Error 1
> make[3]: Leaving directory `/usr/src/squid-2.5.12/src'
> make[2]: *** [all] Error 2
> make[2]: Leaving directory `/usr/src/squid-2.5.12/src'
> make[1]: *** [all-recursive] Error 1
> make[1]: Leaving directory `/usr/src/squid-2.5.12'
> make: *** [build] Error 2
> 
> The patch changes the proxy_keepalive struct in the ConnStateData which
> is not available in the function authenticateNTLMFixErrorHeader() in
> src/auth/ntlm/auth_ntlm.c.
> 
> Is this a known issue with 2.5.12?
> 
> TIA
> 
> Kind regards,
> Luca

[squid-users] upgrade question stable 2.5 stable 5 to stable 12

[Hement Gopal]

Hi all

I am currently running 2.5 Stable 5 and want to upgrade to Stable 12.

Will my Stable 5 conf file work in Stable 12 ?

Rgds,
Hement

Re: [squid-users] upgrade question stable 2.5 stable 5 to stable 12

[Ronny T. Lampert]

> I am currently running 2.5 Stable 5 and want to upgrade to Stable 12.
> Will my Stable 5 conf file work in Stable 12 ?

Yes. I have updated from S3 until S12, using each version in between.

Look into the cache.log (after starting the new squid) to see if squid
complains about a setting.

I had the problem that I just copied the executable over, but didn't update
the error directory, so there were some files missing.
Copying the new error directory over did help.

Cheers,
Ronny

[squid-users] IPv6 Support

[Caceres]

Hi, I have a question for you.

Squid supports HTTP and FTP proxying over IPv6?

I'm searching a proxy Server to perform HTTP and FTP proxy over IPv6 in my
network, and I ask if Squid support IPv6 because I used it in IPv4 networks
in one school project a few years ago.

If Squid doesn't support IPv6, and somebody know another Proxy Server that
supports, please reply to me the name of that application.
 
Thanks in advance,
Paulo Ferreira

./Caceres
-
[EMAIL PROTECTED]

[squid-users] To Use winmx and emule

[sasa]

Hi, I have a problem with access to software like Winmx ed Emule.
My squid.conf is:

http_port 10.0.0.121:3128
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
acl windowsupdate dstdomain .windowsupdate.microsoft.com
no_cache deny windowsupdate
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl Safe_ports port 80   # http
acl CONNECT method CONNECT
acl local_net src 10.0.0.0/255.255.255.0
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny to_localhost
acl our_networks src 10.0.0.0/24
http_access allow our_networks
http_access allow local_net
http_access allow localhost
http_access deny all
http_reply_access allow all

..and in squidguard.conf I have:

destination ok {
 domainlist  ok/domains
 urllist ok/urls
}

destination ok-for-number1 {
 domainlist  ok1/domains
 urllist   ok1/urls

destination ad {
 domainlist  ad/domains
 urllist   ad/urls
 redirect http://10.0.0.122/
}

.. therefore this address can view all web site nothing restriction, but 
however cann't to use winmx and emule.
How I can modify squid.conf for this problem ? without proxy this address 
(ip 10.0.0.122 is a internal client) can use winmx ed emule nothing 
problems.

Thanks.

--
Salvatore. 

Re: [squid-users] To Use winmx and emule

[Mark Elsen]

On 11/30/05, sasa <[EMAIL PROTECTED]> wrote:
> Hi, I have a problem with access to software like Winmx ed Emule.
> My squid.conf is:
>
>

 What does this software do ?
 Note that SQUID is a http proxy only.

 M.

Re: [squid-users] IPv6 Support

[Mark Elsen]

> Hi, I have a question for you.
>
> Squid supports HTTP and FTP proxying over IPv6?

 No.

>
> I'm searching a proxy Server to perform HTTP and FTP proxy over IPv6 in my
> network, and I ask if Squid support IPv6 because I used it in IPv4 networks
> in one school project a few years ago.
>
> If Squid doesn't support IPv6, and somebody know another Proxy Server that
> supports, please reply to me the name of that application.
>

 M.

Re: [squid-users] problem with "cache_peer" parameter

[Mark Elsen]

On 11/30/05, gnia gnia <[EMAIL PROTECTED]> wrote:
> hi all,
>
>
> Here is my squid.conf :
>
>...

  Your local SQUID can´t reach the parent.
   If firewalling exists then this must be allowed.

  See also FAQ ; on using SQUID behind a firewall.

  M.

Re: [squid-users] To Use winmx and emule

[trainier]

Squid should not be getting in way of these applications, unless they 
require some sort of http transaction in order for them to work.
If the latter is the case, you should be able to configure them to access 
the web via http through a proxy server.

Are you using your proxy transparently?

Tim Rainier

"sasa" <[EMAIL PROTECTED]> wrote on 11/30/2005 01:08:27 PM:

> Hi, I have a problem with access to software like Winmx ed Emule.
> My squid.conf is:
> 
> http_port 10.0.0.121:3128
> acl QUERY urlpath_regex cgi-bin \?
> no_cache deny QUERY
> acl windowsupdate dstdomain .windowsupdate.microsoft.com
> no_cache deny windowsupdate
> acl all src 0.0.0.0/0.0.0.0
> acl manager proto cache_object
> acl Safe_ports port 80   # http
> acl CONNECT method CONNECT
> acl local_net src 10.0.0.0/255.255.255.0
> http_access deny !Safe_ports
> http_access deny CONNECT !SSL_ports
> http_access deny to_localhost
> acl our_networks src 10.0.0.0/24
> http_access allow our_networks
> http_access allow local_net
> http_access allow localhost
> http_access deny all
> http_reply_access allow all
> 
> ..and in squidguard.conf I have:
> 
> destination ok {
>   domainlist  ok/domains
>   urllist ok/urls
> }
> 
> destination ok-for-number1 {
>   domainlist  ok1/domains
>   urllist   ok1/urls
> 
> destination ad {
>   domainlist  ad/domains
>   urllist   ad/urls
>   redirect http://10.0.0.122/
> }
> 
> .. therefore this address can view all web site nothing restriction, but 

> however cann't to use winmx and emule.
> How I can modify squid.conf for this problem ? without proxy this 
address 
> (ip 10.0.0.122 is a internal client) can use winmx ed emule nothing 
> problems.
> Thanks.
> 
> --
> Salvatore. 
> 

Re: [squid-users] Squid + ntlm authentication with not trusted domains

[Mark Elsen]

> Hi,
>
> My squid is running with ntlm authentication against MS AD 2k. Is there a way 
> to configure squid using ntlm to authenticate users that aren't members of my 
> current domain and neither members of a trusted domain? I have a mixed MS 
> AD/NT4 environment with some NT4 domains on a WAN. Also, sometimes I have 
> users that come with notebooks and I don't want them to join my domain or 
> change their workgroup, but they need to go through the proxy. My goal is to 
> get rid of MS Proxy 2.0 which I'm currently using and does this job, and 
> squid always asks for username and password for that kind of users which have 
> to inform my domain\username and pass to go through, I want to know if squid 
> can also like MS Proxy "forget" the domain part and authenticate them as if 
> they were part of the domain.
> Any help will be very much appreciated,
>

 Put them in a reserved ip address range; and let these addresses use
 the proxy without authentication.

 M.

Re: [squid-users] IPv6 Support

[trainier]

Mark Elsen <[EMAIL PROTECTED]> wrote on 11/30/2005 01:14:43 PM:

> > Hi, I have a question for you.
> >
> > Squid supports HTTP and FTP proxying over IPv6?
> 
>  No.
> 

No?  Squid 2.5, in the least, supports http opver IPv6.
Not sure on FTP.

> >
> > I'm searching a proxy Server to perform HTTP and FTP proxy over IPv6 
in my
> > network, and I ask if Squid support IPv6 because I used it in IPv4 
networks
> > in one school project a few years ago.
> >
> > If Squid doesn't support IPv6, and somebody know another Proxy Server 
that
> > supports, please reply to me the name of that application.
> >
> 
>  M.

RES: [squid-users] Squid + ntlm authentication with not trusted domains

[Andre Fernando Goldacker]

> Hi,
>
> My squid is running with ntlm authentication against MS AD 2k. Is
there a way to configure squid using ntlm to authenticate users that
aren't members of my current domain and neither members of a trusted
domain? I have a mixed MS AD/NT4 environment with some NT4 domains on a
WAN. Also, sometimes I have users that come with notebooks and I don't
want them to join my domain or change their workgroup, but they need to
go through the proxy. My goal is to get rid of MS Proxy 2.0 which I'm
currently using and does this job, and squid always asks for username
and password for that kind of users which have to inform my
domain\username and pass to go through, I want to know if squid can also
like MS Proxy "forget" the domain part and authenticate them as if they
were part of the domain.
> Any help will be very much appreciated,
>

> Put them in a reserved ip address range; and let these addresses use
the proxy without authentication.

> M.

Thanks for the tip Mark I think it can do the job for the notebooks, but
I can't leave the domains I mentioned without authentication because
each of them is a whole factory with an average of 300 users accessing
the internet for each one (there are 3 of them). Do you (or anyone else)
have anything else in mind that may help?

Thanks in advance,

Re: [squid-users] To Use winmx and emule

[Guido Leisker]

I did use Emule throug a squid-proxy and it worked fine. See the 
documentaion of your Emule-Client, to make the specific settings.


IMO you dont need any specific settings in the squid-conf.

[EMAIL PROTECTED] wrote:
Squid should not be getting in way of these applications, unless they 
require some sort of http transaction in order for them to work.
If the latter is the case, you should be able to configure them to access 
the web via http through a proxy server.


Are you using your proxy transparently?

Tim Rainier

"sasa" <[EMAIL PROTECTED]> wrote on 11/30/2005 01:08:27 PM:



Hi, I have a problem with access to software like Winmx ed Emule.
My squid.conf is:

http_port 10.0.0.121:3128
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
acl windowsupdate dstdomain .windowsupdate.microsoft.com
no_cache deny windowsupdate
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl Safe_ports port 80   # http
acl CONNECT method CONNECT
acl local_net src 10.0.0.0/255.255.255.0
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny to_localhost
acl our_networks src 10.0.0.0/24
http_access allow our_networks
http_access allow local_net
http_access allow localhost
http_access deny all
http_reply_access allow all

..and in squidguard.conf I have:

destination ok {
 domainlist  ok/domains
 urllist ok/urls
}

destination ok-for-number1 {
 domainlist  ok1/domains
 urllist   ok1/urls

destination ad {
 domainlist  ad/domains
 urllist   ad/urls
 redirect http://10.0.0.122/
}

.. therefore this address can view all web site nothing restriction, but 




however cann't to use winmx and emule.
How I can modify squid.conf for this problem ? without proxy this 


address 

(ip 10.0.0.122 is a internal client) can use winmx ed emule nothing 
problems.

Thanks.

--
Salvatore. 

[squid-users] Is "https_port" required for transparent (reverse) proxying?

[Tim Neto]

Squid Cache: Version 2.5.STABLE11
configure options:  --host=i386-redhat-linux --build=i386-redhat-linux 
--target=i386-redhat-linux-gnu
   --prefix=/usr --exec-prefix=/usr 
--bindir=/usr/bin
   --sbindir=/usr/sbin --sysconfdir=/etc 
--datadir=/usr/share
   --includedir=/usr/include --libdir=/usr/lib 
--libexecdir=/usr/libexec
   --localstatedir=/var 
--sharedstatedir=/usr/com --mandir=/usr/share/man
   --infodir=/usr/share/info --exec_prefix=/usr 
--libexecdir=/usr/lib/squid
   --localstatedir=/var 
--sysconfdir=/etc/squid--enable-poll --enable-snmp
   --enable-removal-policies=heap,lru 
--enable-storeio=aufs,coss,diskd,ufs
   --enable-ssl --with-openssl=/usr/kerberos 
--enable-delay-pools

   --enable-linux-netfilter --with-pthreads
   
--enable-basic-auth-helpers=LDAP,NCSA,PAM,SMB,SASL,MSNT

   --enable-ntlm-auth-helpers=SMB,winbind
   
--enable-external-acl-helpers=ip_user,ldap_group,unix_group,wbinfo_group,winbind_group


https_port config file line definition:

  https_port 209.202.99.178:443 cert=/etc/squid/webmail.pem

When I enable the above line in my configuration file squid fails to 
start.  In the /var/log/messages I get:


Nov 30 17:28:14 proxy1 squid[3818]: Squid Parent: child process 3820 
exited with status 0

Nov 30 17:28:24 proxy1 squid[5338]: Squid Parent: child process 5340 started
Nov 30 17:28:24 proxy1 (squid): Failed to acquire SSL private key: 
error:0906D06C:PEM routines:PEM_read_bio:no start line
Nov 30 17:28:24 proxy1 squid[5338]: Squid Parent: child process 5340 
exited due to signal 6

Nov 30 17:28:27 proxy1 squid[5338]: Squid Parent: child process 5389 started
Nov 30 17:28:28 proxy1 (squid): Failed to acquire SSL private key: 
error:0906D06C:PEM routines:PEM_read_bio:no start line
Nov 30 17:28:28 proxy1 squid[5338]: Squid Parent: child process 5389 
exited due to signal 6

Nov 30 17:28:31 proxy1 squid[5338]: Squid Parent: child process 5437 started
Nov 30 17:28:32 proxy1 (squid): Failed to acquire SSL private key: 
error:0906D06C:PEM routines:PEM_read_bio:no start line
Nov 30 17:28:32 proxy1 squid[5338]: Squid Parent: child process 5437 
exited due to signal 6

Nov 30 17:28:35 proxy1 squid[5338]: Squid Parent: child process 5483 started
Nov 30 17:28:35 proxy1 (squid): Failed to acquire SSL private key: 
error:0906D06C:PEM routines:PEM_read_bio:no start line
Nov 30 17:28:35 proxy1 squid[5338]: Squid Parent: child process 5483 
exited due to signal 6

Nov 30 17:28:38 proxy1 squid[5338]: Squid Parent: child process 5530 started
Nov 30 17:28:39 proxy1 (squid): Failed to acquire SSL private key: 
error:0906D06C:PEM routines:PEM_read_bio:no start line
Nov 30 17:28:39 proxy1 squid[5338]: Squid Parent: child process 5530 
exited due to signal 6
Nov 30 17:28:39 proxy1 squid[5338]: Exiting due to repeated, frequent 
failures


From the default squid.conf file (the one with the documentation 
comments), I noticed this:


#  TAG: https_port
#Usage:  [ip:]port cert=certificate.pem [key=key.pem] [options...]
#
#The socket address where Squid will listen for HTTPS client
#requests.
#
#This is really only useful for situations where you are running
#squid in accelerator mode and you want to do the SSL work at the
#accelerator level.
#
#   You may specify multiple socket addresses on multiple lines,
#   each with their own SSL certificate and/or options.

The remark about "This is really only useful for situations where you 
are running squid in accelerator mode and you want to do the SSL work at 
the accelerator level." makes me question whether I need an "https_port" 
directive.


So do I need "https_port" for transparent (reverse) proxying in 2.5 
STABLE 11?


If yes, then how do I approach resolving the errors I am getting?

Thanks.

Tim

--
---
Timothy E. Neto
Computer Systems Engineer Komatsu Canada Limited
Ph#: 905-625-6292 x2651725B Sismet Road
Fax: 905-625-6348 Mississauga, Canada
E-Mail: [EMAIL PROTECTED]  L4W 1P9
---

RE: [squid-users] Squid + ntlm authentication with not trusted domains

[flandercan]

 
Hi,

After spending some time looking at the ntlm auth from squid, because it
didn’t do exactly what I wanted I wrote a perl program this way I could make
it check the AD using ntlm_auth to see if a user existed and was a member of
a group, then check to see if the user was in a specific database this way
my normal users could exist in the AD and my tempory short term users (some
students) could exist in a postgres database. Then rather than point
squid.conf to the ntlm_auth I point it to my perl app. It works well and
means I can do other fancy things with authentication in the future.

Hope that helps get you where your going 

Paul




flandercan.co.uk
Paul Flanders
[EMAIL PROTECTED] 
http://www.flandercan.co.uk



-Original Message-
From: Mark Elsen [mailto:[EMAIL PROTECTED] 
Sent: 30 November 2005 18:21
To: Andre Fernando Goldacker
Cc: squid-users@squid-cache.org
Subject: Re: [squid-users] Squid + ntlm authentication with not trusted
domains

> Hi,
>
> My squid is running with ntlm authentication against MS AD 2k. Is there a
way to configure squid using ntlm to authenticate users that aren't members
of my current domain and neither members of a trusted domain? I have a mixed
MS AD/NT4 environment with some NT4 domains on a WAN. Also, sometimes I have
users that come with notebooks and I don't want them to join my domain or
change their workgroup, but they need to go through the proxy. My goal is to
get rid of MS Proxy 2.0 which I'm currently using and does this job, and
squid always asks for username and password for that kind of users which
have to inform my domain\username and pass to go through, I want to know if
squid can also like MS Proxy "forget" the domain part and authenticate them
as if they were part of the domain.
> Any help will be very much appreciated,
>

 Put them in a reserved ip address range; and let these addresses use  the
proxy without authentication.

 M.

--
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.1.362 / Virus Database: 267.13.10/189 - Release Date: 30/11/2005
 

-- 
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.362 / Virus Database: 267.13.10/189 - Release Date: 30/11/2005
 

[squid-users] Prefetching in Squid

[mohinder garg]

Hi,

 Can anybody tell me, does squid provides prefetching of objects?
 if yes, how?

 Thanks in advance

regards

--
Mohinder Paul
Software Engineer
NET Devices Inc.
Bangalore-95, India.
Contact No. +91 80 55171314 (O)
  +91 9886176467 (M)

Re: [squid-users] Prefetching in Squid

[James Gray]

On Thursday 01 December 2005 15:06, mohinder garg wrote:
> Hi,
>
>  Can anybody tell me, does squid provides prefetching of objects?
>  if yes, how?

Not natively, but you could use "wget".  From the wget man page:

--delete-after
This option tells Wget to delete every single file it downloads, after
having done so.  It is useful for pre-fetching popular pages through a
proxy, e.g.:
   wget -r -nd --delete-after http://whatever.com/~popular/page/

The -r option is to retrieve recursively, and -nd to not create
directories.

HTH,

James


pgpsL2v30XzsP.pgp
Description: PGP signature

[squid-users] Squid and RADIUS

[mohinder garg]

Hi,

I want to use RADIUS for authentication in squid. can anybody tell me
how can i do this.

Thanks
regards
--
Mohinder Paul
Software Engineer
NET Devices Inc.
Bangalore-95, India.
Contact No. +91 80 55171314 (O)
  +91 9886176467 (M)