Re: [squid-users] squid2.5+epoll compile error
On Sat, 20 May 2006, L.TK wrote: > i am runing redhat EL 4. > i patch squid-2.5.STABLE13 with latest epoll patch,and run : > "sh bootstrap.sh" and get flowing output: > > WARNING: Cannot find autoconf version 2.13 > Trying autoconf (GNU Autoconf) 2.59 > autoheader: WARNING: Using auxiliary files such as `acconfig.h', > `config.h.bot' > autoheader: WARNING: and `config.h.top', to define templates for > `config.h.in' You need to install autoconf 2.13 and automake 1.5 before running bootstrap.sh.
[squid-users] squid2.5+epoll compile error
hi,all i am runing redhat EL 4. i patch squid-2.5.STABLE13 with latest epoll patch,and run : "sh bootstrap.sh" and get flowing output: WARNING: Cannot find autoconf version 2.13 Trying autoconf (GNU Autoconf) 2.59 autoheader: WARNING: Using auxiliary files such as `acconfig.h', `config.h.bot' autoheader: WARNING: and `config.h.top', to define templates for `config.h.in' autoheader: WARNING: is deprecated and discouraged. autoheader: autoheader: WARNING: Using the third argument of `AC_DEFINE' and autoheader: WARNING: `AC_DEFINE_UNQUOTED' allows to define a template without autoheader: WARNING: `acconfig.h': autoheader: autoheader: WARNING: AC_DEFINE([NEED_FUNC_MAIN], 1, autoheader: [Define if a function `main' is needed.]) autoheader: autoheader: WARNING: More sophisticated templates can also be produced, see the autoheader: WARNING: documentation. configure.in:13: warning: do not use m4_patsubst: use patsubst or m4_bpatsubst aclocal.m4:628: AM_CONFIG_HEADER is expanded from... configure.in:13: the top level configure.in:1555: warning: AC_CHECK_TYPE: assuming `u_short' is not a type autoconf/types.m4:234: AC_CHECK_TYPE is expanded from... configure.in:1555: the top level configure.in:2553: warning: do not use m4_regexp: use regexp or m4_bregexp aclocal.m4:641: _AM_DIRNAME is expanded from... configure.in:2553: the top level configure.in:13: warning: do not use m4_patsubst: use patsubst or m4_bpatsubst aclocal.m4:628: AM_CONFIG_HEADER is expanded from... configure.in:13: the top level configure.in:1555: warning: AC_CHECK_TYPE: assuming `u_short' is not a type autoconf/types.m4:234: AC_CHECK_TYPE is expanded from... configure.in:1555: the top level configure.in:2553: warning: do not use m4_regexp: use regexp or m4_bregexp aclocal.m4:641: _AM_DIRNAME is expanded from... configure.in:2553: the top level configure.in:2366: error: do not use LIBOBJS directly, use AC_LIBOBJ (see section `AC_LIBOBJ vs LIBOBJS' If this token and others are legitimate, please use m4_pattern_allow. See the Autoconf documentation. autoconf failed Autotool bootstrapping failed. You will need to investigate and correct before you can develop on this source treeWARNING: Cannot find autoconf version 2.13 Trying autoconf (GNU Autoconf) 2.59 autoheader: WARNING: Using auxiliary files such as `acconfig.h', `config.h.bot' autoheader: WARNING: and `config.h.top', to define templates for `config.h.in' autoheader: WARNING: is deprecated and discouraged. autoheader: autoheader: WARNING: Using the third argument of `AC_DEFINE' and autoheader: WARNING: `AC_DEFINE_UNQUOTED' allows to define a template without autoheader: WARNING: `acconfig.h': autoheader: autoheader: WARNING: AC_DEFINE([NEED_FUNC_MAIN], 1, autoheader: [Define if a function `main' is needed.]) autoheader: autoheader: WARNING: More sophisticated templates can also be produced, see the autoheader: WARNING: documentation. configure.in:13: warning: do not use m4_patsubst: use patsubst or m4_bpatsubst aclocal.m4:628: AM_CONFIG_HEADER is expanded from... configure.in:13: the top level configure.in:1555: warning: AC_CHECK_TYPE: assuming `u_short' is not a type autoconf/types.m4:234: AC_CHECK_TYPE is expanded from... configure.in:1555: the top level configure.in:2553: warning: do not use m4_regexp: use regexp or m4_bregexp aclocal.m4:641: _AM_DIRNAME is expanded from... configure.in:2553: the top level configure.in:13: warning: do not use m4_patsubst: use patsubst or m4_bpatsubst aclocal.m4:628: AM_CONFIG_HEADER is expanded from... configure.in:13: the top level configure.in:1555: warning: AC_CHECK_TYPE: assuming `u_short' is not a type autoconf/types.m4:234: AC_CHECK_TYPE is expanded from... configure.in:1555: the top level configure.in:2553: warning: do not use m4_regexp: use regexp or m4_bregexp aclocal.m4:641: _AM_DIRNAME is expanded from... configure.in:2553: the top level configure.in:2366: error: do not use LIBOBJS directly, use AC_LIBOBJ (see section `AC_LIBOBJ vs LIBOBJS' If this token and others are legitimate, please use m4_pattern_allow. See the Autoconf documentation. autoconf failed Autotool bootstrapping failed. You will need to investigate and correct before you can develop on this source tree i use folowing syntax to configure squid: ./configure --enable-asyno-io=60 --enable-cache-digests --enable-underscore --enable-pthreads --enable-storeio --prefix=/var/squid --enable-epoll --disable-poll --disable-select --sysconfdir=/etc --disable-delay-pools --enable-removal-policies --disable-ident-lookups --disable-hostname-checks --with-aio --disable-wccp --enable-linux-netfilter --with-maxfd=32768 and make the source,i get folowing error: gcc -DHAVE_CONFIG_H -DDEFAULT_CONFIG_FILE=\"/etc/squid.conf\" -I. -I. -I../include -I. -I. -I../include -I../include -g -O2 -Wall -D_REENTRANT -c `test -f debug.c || echo './'`debug.c In file included from squid.h:410, from debug.c:36: protos.h:1298: warning: parameter names (without types) in function declaration debug.c:57: error: syntax er
[squid-users] Inconsistency in log files
Hi all, How can this behaviour be explained? PC with IP address 136.186.1.50 retrieves an object via a proxy server (proxy2) which finds that a cache peer (proxy1) already has this object. The hierarchy codes in the logs on proxy2 correctly reports CD_SIBLING_HIT. The same object is retrieved seconds later and the hierarchy code is sometimes NONE and at other times is CD_SIBLING_HIT. Cache peers are configured as proxy-only no-query htcp. proxy2 log: 1147232091.377 8036 136.186.1.50 TCP_MISS/200 9396777 GET http://download.skype.com/SkypeSetup.exe - CD_SIBLING_HIT/proxy1.cc.swin.edu.au application/octet-stream 1147232104.140 6489 136.186.1.50 TCP_MISS/200 9396777 GET http://download.skype.com/SkypeSetup.exe - NONE/- application/octet-stream 1147232138.699 136.186.1.50 TCP_MISS/200 9396777 GET http://download.skype.com/SkypeSetup.exe - NONE/- application/octet-stream 1147232251.653 8340 136.186.1.50 TCP_MISS/200 9396777 GET http://download.skype.com/SkypeSetup.exe - CD_SIBLING_HIT/proxy1.cc.swin.edu.au application/octet-stream proxy1 log: 1147232091.374 7571 136.186.1.117 TCP_HIT/200 9396684 GET http://download.skype.com/SkypeSetup.exe - NONE/- application/octet-stream 1147232104.137 6487 136.186.1.117 TCP_HIT/200 9396684 GET http://download.skype.com/SkypeSetup.exe - NONE/- application/octet-stream 1147232138.696 7774 136.186.1.117 TCP_HIT/200 9396684 GET http://download.skype.com/SkypeSetup.exe - NONE/- application/octet-stream 1147232251.649 8000 136.186.1.117 TCP_HIT/200 9396684 GET http://download.skype.com/SkypeSetup.exe - NONE/- application/octet-stream
Re: [squid-users] Log Format
fre 2006-05-19 klockan 10:07 -0700 skrev Michael Jeung:
> I picked this off a website:
>
> logformat httpd %>a - %un [%{%d/%b/%Y:%H:%M:%S %z}tl] "%rm %ru %rq" %
> Hs %h" "%{User-agent}>h"
> cache_access_log /home/squid/logs/access.log httpd
Please see the description in squid.conf. It's the authorative
documentation on the format tags.
What is found on the devel.squid-cache.org site is early design notes
and does not necessarily match the implementation. Not all tags
mentioned there have been implemented, and some have been implemented
slightly differently.
For the query string see the strip_query_terms directive.
Regards
Henrik
signature.asc
Description: Detta är en digitalt signerad meddelandedel
Re: [squid-users] max number of files in cache?
fre 2006-05-19 klockan 11:03 -0400 skrev lawrence wang: > today i got a squid crash with this entry in the log: > > 2006/05/19 11:38:16| assertion failed: filemap.c:78: "fm->max_n_files > <= (1 << 24)" > > does this mean that squid has a limit on the maximum number of files > that can be in the cache? Yes, there is a limit of 2^24 objects per cache_dir. How large cache_dir do you have? 2^24 files normally translates to somewhere around 160 GB. Please file a bug report on this issue. Squid should not crash only because there is very many objects in the cache. http://www.squid-cache.org/bugs/ Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
Re: [squid-users] Showing squid version
fre 2006-05-19 klockan 10:47 + skrev Aguiar Magalhaes: > Where can i disable the message showing the squid > version at the bottom of the error pages, denied pages > and others ? You can in the upcoming Squid-2.6 release, and in Squid-3. Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
Re: [squid-users] Log Format
Yep. Those are the pages that I was originally looking at. =)
I guess my question boils down to this: %rq and %rp don't seem to
work for 2.5.STABLE13. Am I the only one who has this problem?
Regards,
Michael Jeung
On May 19, 2006, at 2:21 PM, Visolve squid wrote:
Hello Michael,
Go through these pages for more details of Custom Log Formats with
Squid
http://yergler.net/blog/2005/11/08/custom-log-formats-with-squid/
http://devel.squid-cache.org/customlog/logformat.html.
Thanks,
Visolve Squid Team,
http://squid.visolve.com
On Fri, 2006-05-19 at 10:07 -0700, Michael Jeung wrote:
Hey folks,
I'm trying to get the custom log format working with squid. I
basically want to emulate the apache combined logs format.
I picked this off a website:
logformat httpd %>a - %un [%{%d/%b/%Y:%H:%M:%S %z}tl] "%rm %ru %rq" %
Hs %h" "%{User-agent}>h"
cache_access_log /home/squid/logs/access.log httpd
It works great. However, I need to get the request protocol and
request query string into the log as well. According to the squid
log format documentation, I'm looking for the %rq and %rp variables.
But whenever I add either of those variables in, squid starts
complaining about syntax errors.
For example:
logformat httpd %>a - %un [%{%d/%b/%Y:%H:%M:%S %z}tl] "%rm %ru %rq" %
Hs %h" "%{User-agent}>h"
gives this --
FATAL: Can't parse configuration token: '%rq" %Hs %h"
"%{User-agent}>h"'
Squid Cache (Version 2.5.STABLE13): Terminated abnormally.
CPU Usage: 0.003 seconds = 0.000 user + 0.003 sys
Maximum Resident Size: 0 KB
Page faults with physical i/o: 0
Abort trap (core dumped)
Is there something wrong with the %rp and %rq variables? I'm using
Version 2.5.STABLE13.
Thanks,
Michael Jeung
Re: [squid-users] Log Format
Hello Michael,
Go through these pages for more details of Custom Log Formats with Squid
http://yergler.net/blog/2005/11/08/custom-log-formats-with-squid/
http://devel.squid-cache.org/customlog/logformat.html.
Thanks,
Visolve Squid Team,
http://squid.visolve.com
On Fri, 2006-05-19 at 10:07 -0700, Michael Jeung wrote:
> Hey folks,
>
> I'm trying to get the custom log format working with squid. I
> basically want to emulate the apache combined logs format.
>
> I picked this off a website:
>
> logformat httpd %>a - %un [%{%d/%b/%Y:%H:%M:%S %z}tl] "%rm %ru %rq" %
> Hs %h" "%{User-agent}>h"
> cache_access_log /home/squid/logs/access.log httpd
>
> It works great. However, I need to get the request protocol and
> request query string into the log as well. According to the squid
> log format documentation, I'm looking for the %rq and %rp variables.
> But whenever I add either of those variables in, squid starts
> complaining about syntax errors.
>
> For example:
> logformat httpd %>a - %un [%{%d/%b/%Y:%H:%M:%S %z}tl] "%rm %ru %rq" %
> Hs %h" "%{User-agent}>h"
>
> gives this --
> FATAL: Can't parse configuration token: '%rq" %Hs %h"
> "%{User-agent}>h"'
>
> Squid Cache (Version 2.5.STABLE13): Terminated abnormally.
> CPU Usage: 0.003 seconds = 0.000 user + 0.003 sys
> Maximum Resident Size: 0 KB
> Page faults with physical i/o: 0
> Abort trap (core dumped)
>
> Is there something wrong with the %rp and %rq variables? I'm using
> Version 2.5.STABLE13.
>
> Thanks,
> Michael Jeung
>
>
Re: [squid-users] max number of files in cache?
2.5STABLE13, with epoll patch. On 5/19/06, Mark Elsen <[EMAIL PROTECTED]> wrote: > today i got a squid crash with this entry in the log: > > 2006/05/19 11:38:16| assertion failed: filemap.c:78: "fm->max_n_files > <= (1 << 24)" > > does this mean that squid has a limit on the maximum number of files > that can be in the cache? > - SQUID version ? M.
[squid-users] Accelerator and Chaining
My organization has two geographical data centers with one in Germany the other in United States. Users in EMEA access the Germany Squid accelerator for all HTTP/HTTPS based requests for servers globally but within their own organizational domain. Those same users who wish to access the United States organizational domain are attempting to chain through our proxy here in the States but are receiving the following error: --- The following error was encountered: Unable to forward this request at this time. This request could not be forwarded to the origin server or to any parent caches. The most likely cause for this error is that: The cache administrator does not allow this cache to make direct connections to origin servers, and All configured parent caches are currently unreachable. --- Any ideas and/or suggestions would be greatly appreciated. If you need additional information from me please let me know. Best regards, Brian Klauss Systems Integration Analyst, Specialist BAX Global - Denver Data Center email: [EMAIL PROTECTED]
Re: [squid-users] Mixed environment performance
Kevin wrote: On 5/18/06, Nathan Bell <[EMAIL PROTECTED]> wrote: Top download speed is the same for both linux and windows boxes, but overall browsing is significantly slower on the windows boxes. At first I thought the problem was with the windows boxes not receiving the dns information quickly, but tests have shown otherwise. I assume this is a non-transparent proxy? How are you configuring the proxy settings on the clients? What browsers are used? Are different browsers (Firefox vs IE vs Opera) from the same workstation equally slow? I am using squid as non-transparent proxy. Mostly everyone is using Firefox and IE, and both are effectively the same speed. When I configure Windows clients for non-transparent authentication, I set them up with a PAC script so they don't perform DNS lookups unless they are going to an intranet destination. This improves performance and reliability -- how much depends on how bad your DNS servers are. (The one place we cannot use PAC is on Mac.) I was setting everyone up manually with proxy:8080, but now I've set up our proxy host as wpad.actarg.com with a wpad.dat file (a PAC script as you suggested) and now things are running smoothly. Thanks for your help. For other people with the same problem, this website seems to help the most: http://nscsysop.hypermart.net/proxypac.html Is there a performance penalty for having pc_hosts that don't authenticate along side unix_hosts that do? Is squid trying to access a non-existant ident server on the windows stations? I believe so, but this is one area where my skills are rusty. A sniffer capture would show you what is really going on in the inside of the network. Can you provide more details on the browser configuration? There are tunables in Firefox for how clients make connections through the browser, these can make a significant difference to performance. Kevin
[squid-users] Log Format
Hey folks,
I'm trying to get the custom log format working with squid. I
basically want to emulate the apache combined logs format.
I picked this off a website:
logformat httpd %>a - %un [%{%d/%b/%Y:%H:%M:%S %z}tl] "%rm %ru %rq" %
Hs %h" "%{User-agent}>h"
cache_access_log /home/squid/logs/access.log httpd
It works great. However, I need to get the request protocol and
request query string into the log as well. According to the squid
log format documentation, I'm looking for the %rq and %rp variables.
But whenever I add either of those variables in, squid starts
complaining about syntax errors.
For example:
logformat httpd %>a - %un [%{%d/%b/%Y:%H:%M:%S %z}tl] "%rm %ru %rq" %
Hs %h" "%{User-agent}>h"
gives this --
FATAL: Can't parse configuration token: '%rq" %Hs %h"
"%{User-agent}>h"'
Squid Cache (Version 2.5.STABLE13): Terminated abnormally.
CPU Usage: 0.003 seconds = 0.000 user + 0.003 sys
Maximum Resident Size: 0 KB
Page faults with physical i/o: 0
Abort trap (core dumped)
Is there something wrong with the %rp and %rq variables? I'm using
Version 2.5.STABLE13.
Thanks,
Michael Jeung
Re: [squid-users] max number of files in cache?
today i got a squid crash with this entry in the log: 2006/05/19 11:38:16| assertion failed: filemap.c:78: "fm->max_n_files <= (1 << 24)" does this mean that squid has a limit on the maximum number of files that can be in the cache? - SQUID version ? M.
[squid-users] max number of files in cache?
today i got a squid crash with this entry in the log: 2006/05/19 11:38:16| assertion failed: filemap.c:78: "fm->max_n_files <= (1 << 24)" does this mean that squid has a limit on the maximum number of files that can be in the cache?
Re: [squid-users] Showing squid version
Hello Aguiar, You should compile squid by making the following changes in squid source file errorpage.c Edit src/errorpage.c Line:69 >From "Generated %T by %h (%s)\n" To "Generated %T by %h \n" Thanks, Visolve Squid Team, http://squid.visolve.com On Fri, 2006-05-19 at 10:47 +, Aguiar Magalhaes wrote: > Hi list, > > Where can i disable the message showing the squid > version at the bottom of the error pages, denied pages > and others ? > > I was looking for but i can't find this information > even in html files on the error directory. > > I'm using the 2.5 version. > > Thanks, > > Aguiar > > > > ___ > Abra sua conta no Yahoo! Mail: 1GB de espaço, alertas de e-mail no celular e > anti-spam realmente eficaz. > http://br.info.mail.yahoo.com/ >
Re: [squid-users] Squid Authentification modes
Hello Julien, No, you can use one scheme of authentication at a time. For more details refer Squid-cache.org FAQ. Thanks, Visolve Squid Team, http://squid.visolve.com On Fri, 2006-05-19 at 11:04 +0200, REMY Julien wrote: > Hello, > > I sets up a proxy with Squid. I use the authentification mode msntauth for > the users present in Active Directory. > > In my company, in addition to the users present in Active Directory, there > are some users who have local accounts in a workgroup. This Workgroup, thanks > to a gateway, is join at the domain. > On the other hand, these users are not in Active Directory. > > I wanted to know if that were possible to use two modes of authentification. > In addition to the mode of authentification msntauth, I would like to use the > ncsa_auth mode. > > Is this possible? > > Thank you >
RE: [squid-users] thoughts about squidGuard?
You can run more than one version of BerkeleyDB. I was running version 4.2 and 3.2.9 at the same time. -Original Message- From: Philip Hachey [mailto:[EMAIL PROTECTED] Sent: Friday, May 19, 2006 9:09 AM To: Visolve squid Cc: squid-users@squid-cache.org Subject: Re: [squid-users] thoughts about squidGuard? Visolve squid <[EMAIL PROTECTED]> wrote on 2006-05-18 08:24:19: > you can visit this page for more details of squidguard. > :http://cri.univ-tlse1.fr/documentations/cache/squidguard_en.html > That's what I was hoping for: a package with all of the patches. Unfortunately, I read this: "It needs a recent version of Berkeley Database (> 3.2 but < 4.x) " Since I'm using DB 4.2 and I do not wish to downgrade, I think I'll pass. Thanks for the info, though! Philip Hachey
Re: [squid-users] thoughts about squidGuard?
Visolve squid <[EMAIL PROTECTED]> wrote on 2006-05-18 08:24:19: > you can visit this page for more details of squidguard. > :http://cri.univ-tlse1.fr/documentations/cache/squidguard_en.html > That's what I was hoping for: a package with all of the patches. Unfortunately, I read this: "It needs a recent version of Berkeley Database (> 3.2 but < 4.x) " Since I'm using DB 4.2 and I do not wish to downgrade, I think I'll pass. Thanks for the info, though! Philip Hachey
[squid-users] multiple redirect programs
I have a question concerning the use of multiple redirectors in squid. In the archives I've found the answer to my question: "how can I use multiple redirect programs?". Or that's what I was thinking. I use a small shell script redirect.sh: #!/bin/sh /usr/local/bin/SquidClamAV_Redirector.py -c /etc/squid/SquidClamAV_Redirector.conf | /usr/bin/squidGuard -c /etc/squid/squidGuard.conf And in squid.conf I define: redirect_program /path/redirect.sh But with these 2 redirect programs nothing in filtered. When I define one of those it works: with /usr/local/bin/SquidClamAV_Redirector.py -c /etc/squid/SquidClamAV_Redirector.conf anti-virus filtering works. with /usr/bin/squidGuard -c /etc/squid/squidGuard.conf squidGuard filtering works. But with both redirectors defind nothing is filtered. What am I doing wrong? Thx. Pol.
Re: [squid-users] ACL for multiple users with multiple options
Hello, You should not use AND in http_access. You can use allow C M http_access allow C M Thanks, Visolve Squid Team, http://squid.visolve.com On Fri, 2006-05-19 at 06:14 +, mohammad imran wrote: > Hay All > > I am using squid in MS environment on testing base,We are using ISA Server > in production environment. > > I want to implement ACL for different users with different Options i.e. > > Giving some users MSN messenger acess not to all. > > I have made An access list > > acl C src 192.168.7.138/255.255.255.255 & > acl Mport 1080# msn messenger > > now how can i use these in http_access > I have tried > > http_access allow C AND M > > But this is not working error is "AclParseAccesLine ACL Name "AND" not > Found. > > > One more Question Is that I MS ISA Server2004 there is option of http > filtering so we can filter from > http header and block some signatures e.g. msn messenger using http .Can we > do the same here in squid. > > Very greateful to you for ur patience and support. > > Regards > Ever Smiling Imran > >
[squid-users] Showing squid version
Hi list, Where can i disable the message showing the squid version at the bottom of the error pages, denied pages and others ? I was looking for but i can't find this information even in html files on the error directory. I'm using the 2.5 version. Thanks, Aguiar ___ Abra sua conta no Yahoo! Mail: 1GB de espaço, alertas de e-mail no celular e anti-spam realmente eficaz. http://br.info.mail.yahoo.com/
[squid-users] Content-Length and range header
Everyone
How could I define an acl for multipart file download or big
filesize download?
At the first look, It seems I need sth like this:
acl lessthan3MB rep_header Content-Length ^(1|2)?+[0-9]{0,6}?$
acl multiparts rep_header range [0-9]+
Could I use them so? Am I in the right way?
What are your oppinions?
TIA
Best Regards
--
Mehdi Sarmadi
Re: [squid-users] memory leaks
>> > Try switching to ext3 or xfs. If that helps you, it was reisersfs >> problem. >> > Also, you may try 2.6 kernel, but I'd try to switch to xfs first. > > On 18.05.06 17:50, Edvard Chitro wrote: >> Which one is faster ? Ext2 or xfs ? > > do NOT use ext2, unless you are prepared to wait for fsck or rebuild > filesystem (and loosing the cache) each time machine/power crashes. Power is really stable I have UPS ... > >> Ext3 is the slowest of all ... > > no, there are slower filesystems, e.g. FAT32. > You can choose ext3, just use bigger commit interval (e.g. 30 secs). > > Did you have disk performance problems? If not, don't say ext3 is the > slowest. It's STABLE. >From my practice Ext3 is really slow ... its just slow when there are a lot of small files in a directory even directory listing is slow ... OK I will first try ext2 ... if it crashes then switch to ext3 ... > -- > Matus UHLAR - fantomas, [EMAIL PROTECTED] ; http://www.fantomas.sk/ > Warning: I wish NOT to receive e-mail advertising to this address. > Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. > Chernobyl was an Windows 95 beta test site. >
[squid-users] Squid Authentification modes
Hello, I sets up a proxy with Squid. I use the authentification mode msntauth for the users present in Active Directory. In my company, in addition to the users present in Active Directory, there are some users who have local accounts in a workgroup. This Workgroup, thanks to a gateway, is join at the domain. On the other hand, these users are not in Active Directory. I wanted to know if that were possible to use two modes of authentification. In addition to the mode of authentification msntauth, I would like to use the ncsa_auth mode. Is this possible? Thank you
Re: [squid-users] Digest Authentication and Brute Force Attack
>>I verified using current 2.5.STABLE (what will become 2.5.STABLE14), but
>>the digest code has not changed in a long time.. last functional change
>>was in 2.5.STABLE10 where support for %m in error pages was added.
I dont't use Squid digest autheticator. I use an external digest helper:
auth_param digest program
/usr/local/prod/squid-2.5.STABLE12/libexec/usi-digest-auth.sh
auth_param digest children 5
auth_param digest realm PrxUSI
The script usi-digest-auth.sh read on its stdinput username:realm from
Squid.
Then the script search that userid:realm on a LDAP server to get a
precalculated digest H1 ( where H1=hash("username":"realm":"password") ).
The digest is returnet to Squid to continue with the digest authentication.
Well, now I enabled log_mime_hdrs as you suggested: great feature !
First request, no login information provided:
1148024924.321296 10.182.35.253 TCP_DENIED/407 1726 GET http://www.google.com/ - NONE/- text/html [Accept: */*\r\nAccept-Language: it\r\nCookie:
PREF=ID=72f8a58c6ef30649:TM=1142353686:LM=1142353686:S=-KyqRUkowquuC-y0\r\nUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Q312461; SV1; .NET
CLR 1.0.3705; .NET CLR 1.1.4322; .NET CLR 2.0.50727)\r\nHost: www.google.com\r\nProxy-Connection: Keep-Alive\r\nProxy-Authorization: Digest
username="", realm="PrxUSI", qop="auth", algorithm="MD5", uri="/", nonce="U3htREAOQQgz+X10",
nc=0001, cnonce="17254ae1d382f9711385427739bc6271", response="6d72bf69c588a1c6cdef5f3d81b0c53f"\r\n] [HTTP/1.0 407 Proxy Authentication
Required\r\nServer: squid/2.5.STABLE12\r\nMime-Version: 1.0\r\nDate: Fri, 19 May 2006 07:48:44 GMT\r\nContent-Type: text/html\r\nContent-Length: 1307\r\nE
xpires: Fri, 19 May 2006 07:48:44 GMT\r\nX-Squid-Error: ERR_CACHE_ACCESS_DENIED 0\r\nProxy-Authenticate:
Digest realm="PrxUSI", nonce="XHhtRPAOQQjS8Fx+", qop="auth", stale=false\r\n\r]
Second request, unknown account used:
1148024945.939470 10.182.35.253 TCP_DENIED/407 1726 GET http://www.google.com/ - NONE/- text/html [Accept: */*\r\nAccept-Language:
it\r\nProxy-Authorization: Digest username="foouser", realm="PrxUSI", qop="auth", algorithm="MD5", uri="/",
nonce="XHhtRPAOQQjS8Fx+", nc=0001, cnonce="606767c30059191f5b7c0e2d253f1278",
response="5fdaa2a2a45154678c42020bb0062bf0"\r\nUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Q312461; SV1; .NET CLR 1.0.3705; .NET
CLR 1.1.4322; .NET CLR 2.0.50727)\r\nHost: www.google.com\r\nProxy-Connection: Keep-Alive\r\nCookie:
PREF=ID=72f8a58c6ef30649:TM=1142353686:LM=1142353686:S=-KyqRUkowquuC-y0\r\n] [HTTP/1.0 407 Proxy Authentication Required\r\nServer:
squid/2.5.STABLE12\r\nMime-Version: 1.0\r\nDate: Fri, 19 May 2006 07:49:05 GMT\r\nContent-Type: text/html\r\nContent-Length: 13
07\r\nExpires: Fri, 19 May 2006 07:49:05 GMT\r\nX-Squid-Error: ERR_CACHE_ACCESS_DENIED
0\r\nProxy-Authenticate: Digest realm="PrxUSI", nonce="cXhtRIgSQQh3KOZo",
qop="auth", stale=false\r\n\r]
Third request, known account but invalid password:
1148024983.585714 10.182.35.253 TCP_DENIED/407 1726 GET http://www.google.com/ - NONE/- text/html [Accept: */*\r\nAccept-Language: it\r\nCookie:
PREF=ID=72f8a58c6ef30649:TM=1142353686:LM=1142353686:S=-KyqRUkowquuC-y0\r\nUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Q312461; SV1; .NET
CLR 1.0.3705; .NET CLR 1.1.4322; .NET CLR 2.0.50727)\r\nHost: www.google.com\r\nProxy-Connection: Keep-Alive\r\nProxy-Authorization: Digest
username="US01170", realm="PrxUSI", qop="auth", algorithm="MD5", uri="/", nonce="cXhtRIgSQQh3KOZo",
nc=0001, cnonce="7581984ebe5ffb1b4d0ed53e1719f9e5", response="915786a36b8ab9fcbb6b9d0f57e70dde"\r\n] [HTTP/1.0 407 Proxy Authentication
Required\r\nServer: squid/2.5.STABLE12\r\nMime-Version: 1.0\r\nDate: Fri, 19 May 2006 07:49:43 GMT\r\nContent-Type: text/html\r\nContent-Length: 13
07\r\nExpires: Fri, 19 May 2006 07:49:43 GMT\r\nX-Squid-Error: ERR_CACHE_ACCESS_DENIED
0\r\nProxy-Authenticate: Digest realm="PrxUSI", nonce="l3htRKATQQiheZ5x",
qop="auth", stale=false\r\n\r]
Fourth request, correct login (US01170)
1148025030.781526 10.182.35.253 TCP_MISS/302 475 GET http://www.google.com/ US01170 DIRECT/66.249.85.104 text/html [Accept: */*\r\nAccept-Language:
it\r\nCookie: PREF=ID=72f8a58c6ef30649:TM=1142353686:LM=1142353686:S=-KyqRUkowquuC-y0\r\nUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;
Q312461; SV1; .NET CLR 1.0.3705; .NET CLR 1.1.4322; .NET CLR 2.0.50727)\r\nHost: www.google.com\r\nProxy-Connection: Keep-Alive\r\nProxy-Authorization: Digest
username="US01170", realm="PrxUSI", qop="auth", algorithm="MD5", uri="/", nonce="u3htRLhJLQh/w38a",
nc=0001, cnonce="8ee6f046d2c4b6f146095942a588039f", response="a0fe96905ac8937ab42804f890f8b452"\r\n] [HTTP/1.0 302 Found\r\nLocation:
http://www.google.it/\r\nCache-Control: private\
r\nContent-Type: text/html\r\nServer: GWS/2.1\r\nContent-Length: 218\r\nDate:
Fri, 19 May 2006 07:50:30 GMT\r\nConnection: Keep-Alive\r\n\r]
Thank you ve
Re: [squid-users] memory leaks
> > Try switching to ext3 or xfs. If that helps you, it was reisersfs problem. > > Also, you may try 2.6 kernel, but I'd try to switch to xfs first. On 18.05.06 17:50, Edvard Chitro wrote: > Which one is faster ? Ext2 or xfs ? do NOT use ext2, unless you are prepared to wait for fsck or rebuild filesystem (and loosing the cache) each time machine/power crashes. > Ext3 is the slowest of all ... no, there are slower filesystems, e.g. FAT32. You can choose ext3, just use bigger commit interval (e.g. 30 secs). Did you have disk performance problems? If not, don't say ext3 is the slowest. It's STABLE. -- Matus UHLAR - fantomas, [EMAIL PROTECTED] ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Chernobyl was an Windows 95 beta test site.
