Re: [squid-users] External ACL allowing denied sites
This site should be denied... What it should be ?? It was working but now started allowing denied sites... uptime is 5 days, i think restarting the server or squid should resolve the problem... But id like to know what it would be causing this issue. My guess is some bug in the helper making it start return wrong information to Squid after some time. I would suggest you add some tracing to the helper to determine more exactly what it's doing and why it returns OK... Note: A squid -k rotate will restart the helper, but any cached results will still be used by Squid subject to your ttl settings in external_acl_type. Regards Henrik
RE: [squid-users] httpd_accel in Squid 2.6.STABLE1 problem
First I added cache_peer virtual parent 80 3130 originserver I doubt your web server is sepaking ICP... try cache_peer virtual parent 80 0 no-query originserver and http_port 80 vhost to the conf file. That part is fine.. * Unable to forward this request at this time. Which means that Squid had considered your cache_peer as dead... Regards Henrik
[squid-users] icons aren't dislayed anymore after squid-2.6 upgrade
Hello everybody. I have a problem with anthony icons after squid-2.5.STABLE14 to squid-2.6.STABLE1 upgrade. When I'm browsing an ftp site, anthony icons aren't displayed on the web page generated by squid. This is my squid.conf acl mynet src 172.16.0.0/23 acl myproto proto HTTP FTP SSL http_access deny !myproto http_access allow mynet I have added the protocol INTERNAL to myproto acl and now icons are displayed again. Is this the fine? TIA
RE: [squid-users] SquidNT 2.6 mswin_check_lm_group.exe problem
I went to the site in your sig last night, and the latest build there (2.6 Stable 1) contained the same binary as my current one (or at least, the same create/modified date). It has updated this morning however... maybe it was cached :dunno: Thanks for your help. -Original Message- From: Guido Serassio [mailto:[EMAIL PROTECTED] Sent: 06 July 2006 06:46 To: Darren Worrall (Eclipse); Laurent Marc 00 Cc: squid-users@squid-cache.org Subject: RE: [squid-users] SquidNT 2.6 mswin_check_lm_group.exe problem Hi, At 23.49 05/07/2006, Darren Worrall (Eclipse) wrote: Apologies, but where might I find them? I think I'm being blonde... In the same place where you have downloaded your binary Where else ? Regards Guido - Guido Serassio Acme Consulting S.r.l. - Microsoft Certified Partner Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY Tel. : +39.011.9530135 Fax. : +39.011.9781115 Email: [EMAIL PROTECTED] WWW: http://www.acmeconsulting.it/ Hammonds Furniture Ltd Nutts Lane Industrial Estate Hinckley Leicestershire LE10 3QQ Tel. +44 (0)1455 251451 Website : http://www.hammonds-uk.com Registered Office: Manor Court Chambers, 126 Manor Court Road, Nuneaton, Warwickshire CV11 5HL, England. Registered in England No.1320508 This document is intended for, and should only be read by, those persons to whom it is addressed. Its contents are confidential and if you have received this message in error, please notify us immediately by telephone and delete all records of the message from your computer. Any form of reproduction, dissemination, copying, disclosure, modification, distribution and / or publication of this message without our prior written consent is strictly prohibited. Neither the author of this message nor their employers accept legal responsibility for the contents of the message. Any views or opinions presented are solely those of the author.
Re: [squid-users] External ACL allowing denied sites
squid -k rotate didnt worked... service squid restart, now the external acl is working. Helper you mean dnsbl_redir or squid ? How can I add some tracing on it ?? On 7/6/06, Henrik Nordstrom [EMAIL PROTECTED] wrote: This site should be denied... What it should be ?? It was working but now started allowing denied sites... uptime is 5 days, i think restarting the server or squid should resolve the problem... But id like to know what it would be causing this issue. My guess is some bug in the helper making it start return wrong information to Squid after some time. I would suggest you add some tracing to the helper to determine more exactly what it's doing and why it returns OK... Note: A squid -k rotate will restart the helper, but any cached results will still be used by Squid subject to your ttl settings in external_acl_type. Regards Henrik -- []'s Luiz Henrique Ozaki
Re: [squid-users] httpd_accel in Squid 2.6.STABLE1 problem
Jon wrote: First I added cache_peer virtual parent 80 3130 originserver and http_port 80 vhost to the conf file. But I get this error: The following error was encountered: * Unable to forward this request at this time. Hello Jon, You can try with following directive in squid.conf file. cache_peer virtual parent 80 0 no-query originserver -- Thanks, Visolve Squid Team, http://squid.visolve.com
Re: [squid-users] squid 2.6 + transparent + ipfw
For proper transparent operation you need one of these configure options.. Sorry? he said I only use ipfw ... are you sure? To clarify my answer: For proper opertation of transparent interception proxying your method of interception needs to be supported by Squid and enabled with the proper configure argument. If your method of interception is not supported by Squid then support must first be added before it can work proper. However, in real life transparent interception does not need full support very often as most clients do send Host headers which Squid can use. However, a Squid configured for transparent interception will be somewhat upset if support is not available as Squid knows it won't always work. If a client sends a request without a Host header Squid won't be able to know what to do with the request without proper support enabled as the information about the intended destination is then lost. Regards Henrik
[squid-users] SquidNT 2.6 mswin_ntlm_auth.exe problem
Hi, your patch for mswin_check_lm_group.exe is working fine but i have another with (i think) mswin_ntlm_auth.exe : after few minutes, squidNT does not work. When i look in cache.log, i can see : 2006/07/06 12:32:26| WARNING: All ntlmauthenticator processes are busy. 2006/07/06 12:32:26| WARNING: up to 50 pending requests queued 2006/07/06 12:33:00| WARNING: All ntlmauthenticator processes are busy. 2006/07/06 12:33:00| WARNING: up to 58 pending requests queued 2006/07/06 12:33:00| Consider increasing the number of ntlmauthenticator processes to at least 108 in your config file. 2006/07/06 12:33:31| WARNING: All ntlmauthenticator processes are busy. 2006/07/06 12:33:31| WARNING: up to 64 pending requests queued 2006/07/06 12:33:31| Consider increasing the number of ntlmauthenticator processes to at least 114 in your config file. 2006/07/06 12:34:11| WARNING: All ntlmauthenticator processes are busy. 2006/07/06 12:34:11| WARNING: up to 75 pending requests queued 2006/07/06 12:34:11| Consider increasing the number of ntlmauthenticator processes to at least 125 in your config file. 2006/07/06 12:34:42| WARNING: All ntlmauthenticator processes are busy. 2006/07/06 12:34:42| WARNING: up to 88 pending requests queued 2006/07/06 12:34:42| Consider increasing the number of ntlmauthenticator processes to at least 138 in your config file. 2006/07/06 12:35:28| WARNING: All ntlmauthenticator processes are busy. 2006/07/06 12:35:28| WARNING: up to 96 pending requests queued 2006/07/06 12:35:28| Consider increasing the number of ntlmauthenticator processes to at least 146 in your config file. 2006/07/06 12:36:05| WARNING: All ntlmauthenticator processes are busy. 2006/07/06 12:36:05| WARNING: up to 101 pending requests queued 2006/07/06 12:36:05| Consider increasing the number of ntlmauthenticator processes to at least 151 in your config file. 2006/07/06 12:37:02| WARNING: All ntlmauthenticator processes are busy. 2006/07/06 12:37:02| WARNING: up to 106 pending requests queued 2006/07/06 12:37:02| Consider increasing the number of ntlmauthenticator processes to at least 156 in your config file. 2006/07/06 12:37:39| WARNING: All ntlmauthenticator processes are busy. 2006/07/06 12:37:39| WARNING: up to 108 pending requests queued 2006/07/06 12:37:39| Consider increasing the number of ntlmauthenticator processes to at least 158 in your config file. 2006/07/06 12:38:10| WARNING: All ntlmauthenticator processes are busy. 2006/07/06 12:38:10| WARNING: up to 111 pending requests queued 2006/07/06 12:38:10| Consider increasing the number of ntlmauthenticator processes to at least 161 in your config file. 2006/07/06 12:38:42| WARNING: All ntlmauthenticator processes are busy. 2006/07/06 12:38:42| WARNING: up to 118 pending requests queued 2006/07/06 12:38:42| Consider increasing the number of ntlmauthenticator processes to at least 168 in your config file. 2006/07/06 12:39:13| WARNING: All ntlmauthenticator processes are busy. 2006/07/06 12:39:13| WARNING: up to 123 pending requests queued 2006/07/06 12:39:13| Consider increasing the number of ntlmauthenticator processes to at least 173 in your config file. 2006/07/06 12:39:46| temporary disabling (Bad Gateway) digest from 128.1.0.16 2006/07/06 12:39:57| WARNING: All ntlmauthenticator processes are busy. 2006/07/06 12:39:57| WARNING: up to 129 pending requests queued 2006/07/06 12:39:57| Consider increasing the number of ntlmauthenticator processes to at least 179 in your config file. 2006/07/06 12:40:31| WARNING: All ntlmauthenticator processes are busy. 2006/07/06 12:40:31| WARNING: up to 134 pending requests queued 2006/07/06 12:40:31| Consider increasing the number of ntlmauthenticator processes to at least 184 in your config file. 2006/07/06 12:41:15| WARNING: All ntlmauthenticator processes are busy. 2006/07/06 12:41:15| WARNING: up to 136 pending requests queued 2006/07/06 12:41:15| Consider increasing the number of ntlmauthenticator processes to at least 186 in your config file. 2006/07/06 12:42:07| WARNING: All ntlmauthenticator processes are busy. 2006/07/06 12:42:07| WARNING: up to 143 pending requests queued 2006/07/06 12:42:07| Consider increasing the number of ntlmauthenticator processes to at least 193 in your config file. 2006/07/06 12:43:30| WARNING: All ntlmauthenticator processes are busy. 2006/07/06 12:43:30| WARNING: up to 147 pending requests queued 2006/07/06 12:43:30| Consider increasing the number of ntlmauthenticator processes to at least 197 in your config file. 2006/07/06 12:44:02| WARNING: All ntlmauthenticator processes are busy. 2006/07/06 12:44:02| WARNING: up to 155 pending requests queued 2006/07/06 12:44:02| Consider increasing the number of ntlmauthenticator processes to at least 205 in your config file. 2006/07/06 12:44:41| WARNING: All ntlmauthenticator processes are busy. 2006/07/06 12:44:41| WARNING: up to 161 pending requests queued 2006/07/06 12:44:41| Consider increasing the number of ntlmauthenticator processes
[squid-users] Re: Squid won't debug
ERROR The requested URL could not be retrieved While trying to retrieve the URL: http://localhost:81/ The following error was encountered: * Access Denied. My squid.conf: I doubt it is your complete squid.conf, as an ACL is used that's not present: http_access deny !Safe_ports This ACL is probably also the cause for the error: 81 isn't usually in a list of 'safe ports'. The 'No running copy' error might come from this: pid_filename /var/run/squid.pid Does the user that squid runs as have write access to this file? When you startup the server, is an error printed in /var/log/squid/cache.log? Joost
Re: [squid-users] External ACL allowing denied sites
Well, it just worked a few minutes and then started allowing denied sites... On 7/6/06, Luiz Henrique Ozaki [EMAIL PROTECTED] wrote: squid -k rotate didnt worked... service squid restart, now the external acl is working. Helper you mean dnsbl_redir or squid ? How can I add some tracing on it ?? On 7/6/06, Henrik Nordstrom [EMAIL PROTECTED] wrote: This site should be denied... What it should be ?? It was working but now started allowing denied sites... uptime is 5 days, i think restarting the server or squid should resolve the problem... But id like to know what it would be causing this issue. My guess is some bug in the helper making it start return wrong information to Squid after some time. I would suggest you add some tracing to the helper to determine more exactly what it's doing and why it returns OK... Note: A squid -k rotate will restart the helper, but any cached results will still be used by Squid subject to your ttl settings in external_acl_type. Regards Henrik -- []'s Luiz Henrique Ozaki -- []'s Luiz Henrique Ozaki
Re: [squid-users] External ACL allowing denied sites
Oh... just find it what it was... I added some syslog into the helper and the problem is in the helper not in squid... =D Soon im gonna publish this external_acl based on DNS in sf.net =] On 7/6/06, Luiz Henrique Ozaki [EMAIL PROTECTED] wrote: Well, it just worked a few minutes and then started allowing denied sites... On 7/6/06, Luiz Henrique Ozaki [EMAIL PROTECTED] wrote: squid -k rotate didnt worked... service squid restart, now the external acl is working. Helper you mean dnsbl_redir or squid ? How can I add some tracing on it ?? On 7/6/06, Henrik Nordstrom [EMAIL PROTECTED] wrote: This site should be denied... What it should be ?? It was working but now started allowing denied sites... uptime is 5 days, i think restarting the server or squid should resolve the problem... But id like to know what it would be causing this issue. My guess is some bug in the helper making it start return wrong information to Squid after some time. I would suggest you add some tracing to the helper to determine more exactly what it's doing and why it returns OK... Note: A squid -k rotate will restart the helper, but any cached results will still be used by Squid subject to your ttl settings in external_acl_type. Regards Henrik -- []'s Luiz Henrique Ozaki -- []'s Luiz Henrique Ozaki -- []'s Luiz Henrique Ozaki
[squid-users] squid-2.6-STABLE1: Authentication Configuration Options
I've downloaded squid-2.6-STABLE1 but have issues with identifying the configuration options that I need to enable based on the ./ configure --help descriptions. The problem that I'm trying to solve involves Windows-based corporate web servers that require authentication to access a subset of the information stored on the server. I have two load-balanced Squid servers at my facility. They have been in operation for roughly 10 years. Some users will configure their browsers, manually, to use the servers, n.b. there is no load balancing in this instance. Others will configure their browsers to use an automatic configuration file while others will enable the web proxy automatic detection feature or their browsers. The last two cases are supported by a single proxy.pac/wpad.dat configuration file. The only restriction on using the Squid servers is that the user's system be physically connected to the network. There is no need for user authentication to be able to use the Squid server. In the past, I have added exceptions to the proxy.pac file that instruct the browser to bypass Squid for servers that use the WWW-Authenticate: Negotiate headers; however, there are now servers that require authentication for specific directories. One can add exceptions in the proxy.pac file for the specific URL. Unfortunately, without modifying the Windows Registry to disable proxy caching, Internet Explorer users will continue to use Squid while all other browsers will go directly to the server. What configuration options are needed to provide full support the Windows WWW-Authenticate methods to eliminate the 401.1 and 401.2 errors? Merton Campbell Crockett [EMAIL PROTECTED]
Re: [squid-users] External ACL allowing denied sites
tor 2006-07-06 klockan 06:19 -0300 skrev Luiz Henrique Ozaki: squid -k rotate didnt worked... probably did, but you need to account for the external_acl_ttl in your test.. service squid restart, now the external acl is working. Helper you mean dnsbl_redir or squid ? How can I add some tracing on it ?? The helper is dnsbl_redir. Tracing can be added by a simple fprintf(stderr, ...) or if C++ std.cerr ... Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
Re: [squid-users] External ACL allowing denied sites
tor 2006-07-06 klockan 09:43 -0300 skrev Luiz Henrique Ozaki: Oh... just find it what it was... I added some syslog into the helper and the problem is in the helper not in squid... =D Good.. (for me ;-) To test the helper from command line simply have it running in interactive mode and paste queries to the terminal one at a time. Also works from inside gdb or any other debugger. Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
Re: [squid-users] squid 2.6 + transparent + ipfw
ons 2006-07-05 klockan 15:04 -0300 skrev Edinilson J. Santos: Here I'm having the same problem with Linux. When I try to do a transparent proxy with: iptables -t nat -A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j REDIRECT --to-port 3128 I can see in cache.log hundreds of messages like: 2006/07/04 18:39:20| Failed to select source for 'http://www.britos.com.br/imgs/menu/logistica_down.gif' 2006/07/04 18:39:20| always_direct = -1 2006/07/04 18:39:20|never_direct = 0 2006/07/04 18:39:20|timedout = 0 http://www.squid-cache.org/Versions/v2/2.6/changesets/10801.patch perhaps? Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
RE: [squid-users] Tproxy Headers
tor 2006-07-06 klockan 07:53 +0800 skrev Steven Wilton: Copy the file to /usr/include/linux/netfilter_ipv4/ip_tproxy.h or if you don't have root access (or don't want to mess with system headers), create a linux/netfilter_ipv4 directory under the Squid include directory and copy the file there... Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
Re: [squid-users] How do I handle SSL traffic in a transparent proxy setup
ons 2006-07-05 klockan 16:04 -0400 skrev Tim Duncan: In a transparent proxy environment where I have no control over the user's browser configuration settings, how do I handle requests for https:// web sites. http:// sites are served up just fine, but https:// sites fail. You don't. https can not be intercepted. You must allow this via NAT or similar. Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
Re: [squid-users] object refresh question
ons 2006-07-05 klockan 13:58 -0700 skrev Mike Leong: 1. is it possible, when doing the HEAD command on the CGI, have it return the last mod date, but not execute the CPU intensive stuff. What you can to support is If-Modified-Since, which is used both by clients and Squid to send cache validations. Requires your CGI to return a Last-Modified and to know how to compare current status to the If-Modified-Since header when getting a request.. Which this in place it will be all automatic.. (assuming your CGI is smart to skip the CPU intensive stuff if If-Modified-Since indicates the previous response is still fresh). Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
Re: [squid-users] icons aren't dislayed anymore after squid-2.6 upgrade
tor 2006-07-06 klockan 10:16 +0200 skrev Marco Berizzi: I have added the protocol INTERNAL to myproto acl and now icons are displayed again. Is this the fine? Yes.. Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
[squid-users] Digest problem with 2.6STABLE1
I have just updated a couple of my caches to 2.6STABLE1, and noticed that the other web caches are no longer getting digests from the updated caches, but seem to be receiving a 404 response with the message This cache is currently building its digest. Have I broken something during the upgrade, or is this a real bug? Michael Young
Re: [squid-users] Squid won't debug
On Thu, Jul 06, 2006 at 09:44:10AM +0530, Visolve Squid wrote: John Oliver wrote: [EMAIL PROTECTED] squid-2.5.STABLE14]# /usr/local/squid/sbin/squid -k debug squid: ERROR: No running copy Squid is not running Start Squid first then debug it #/usr/local/squid/sbin/squid #/usr/local/squid/sbin/squid -k debug Huh! That's... counterintuitive :-) ERROR The requested URL could not be retrieved While trying to retrieve the URL: http://localhost:81/ The following error was encountered: * Access Denied. Access control configuration prevents your request from being allowed at this time. Please contact your service provider if you feel this is incorrect. I tried http_access allow all since I'm using Squid as an accelerator, but that didn't work. Check your iptables setting. #iptables -L If there is any rule set for denying port 81,remove it and then try it again. I do not use iptables, or any other firewall software on this host. But the message I get (above) is from Squid. Also you can check to know whether the port 81 is opened. #telnet localhost 81 Yes, that was the first thing I verified :-) -- *** * John Oliver http://www.john-oliver.net/ * * * ***
[squid-users] Re: Squid won't debug
On Thu, Jul 06, 2006 at 01:33:21PM +0200, Joost de Heer wrote: ERROR The requested URL could not be retrieved While trying to retrieve the URL: http://localhost:81/ The following error was encountered: * Access Denied. My squid.conf: I doubt it is your complete squid.conf, as an ACL is used that's not present: http_access deny !Safe_ports This ACL is probably also the cause for the error: 81 isn't usually in a list of 'safe ports'. AHH CRIMINY!! That's it :-) The first time I set this up, I was bright enough to add an ACL for 81 before I even started monkeying around. This time, though... Thanks, Joost! -- *** * John Oliver http://www.john-oliver.net/ * * * ***
[squid-users] Re: SquidNT 2.6 mswin_ntlm_auth.exe problem
Hi Laurent, At 13.13 06/07/2006, Laurent Marc 00 wrote: Hi, your patch for mswin_check_lm_group.exe is working fine Good, you can find now an updated package with a mswin_check_lm_group.exe that doesn't need the protocol=2.5 option. but i have another with (i think) mswin_ntlm_auth.exe : after few minutes, squidNT does not work. When i look in cache.log, i can see : 2006/07/06 12:47:59| WARNING: All ntlmauthenticator processes are busy. 2006/07/06 12:47:59| WARNING: up to 188 pending requests queued 2006/07/06 12:47:59| Consider increasing the number of ntlmauthenticator processes to at least 238 in your config file. In squid.conf i have : auth_param ntlm program c:/squid/libexec/mswin_ntlm_auth.exe auth_param ntlm children 50 i try with 30 or 50 children but the problem is the same. Strange problem, it seems that Squid doesn't receive any response from ntlm helpers. Some more info are needed: - Do you had before 2.6 a working 2.5 setup on the same machine ? - What OS on the proxy and what Windows domain (NT, 2000 or 2003) ? - How many concurrent users ? Regards Guido - Guido Serassio Acme Consulting S.r.l. - Microsoft Certified Partner Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY Tel. : +39.011.9530135 Fax. : +39.011.9781115 Email: [EMAIL PROTECTED] WWW: http://www.acmeconsulting.it/
[squid-users] About squid performance when transparent proxy WCCP. [signed]
Hi, I am looking to use squid as a transparent proxy using WCCP with two different gateway routers. What would be the extra cost of enabling the WCCP to an additional router? Cost in terms of speed, memory usage and over all performance. Links on WCCP with multiple routers and discussion regarding the effect on the squid process is appreciated. regds, Rajendra. -- - [ SECURITY NOTICE ] - To: [EMAIL PROTECTED] For your security, [EMAIL PROTECTED] digitally signed this message on 06 July 2006 at 17:34:25 UTC. Verify this digital signature at http://www.ciphire.com/verify. [ CIPHIRE DIGITAL SIGNATURE ] Q2lwaGlyZSBTaWcuAjhzcXVpZC11c2Vyc0BzcXVpZC1jYWNoZS5vcmcAcmFqZW5k cmFAc3ViaXN1Lm5ldC5ucABlbWFpbCBib2R5AC4BAAB8AHwBoUmtRC4B AACHAgACAAIAAgAge41wR4L+bXcWdThKam3FEHwmE/qn1pYTspEfujVuk+0BAHcW 34bSvF8RoB15amIjv339V+ZaGrEv2mG92v+dvY8Rl5FBTiidjXjOxQhcBCpISpPL 8psRIp5L4hqTjv/+cLtwWvcDU2lnRW5k -- [ END DIGITAL SIGNATURE ] --
[squid-users] RE: SquidNT 2.6 mswin_ntlm_auth.exe problem
The machine is a windows 2000 server SP4 + all patches. I was with SquidNT2.5 stable14 on this machine and it was working fine. The domain is a 2003 native mode. I have 700 users but i don't know exactly how many are concurrent. i think maybe there this 100 users concurrent maximum. Regards Laurent -Message d'origine- De : Guido Serassio [mailto:[EMAIL PROTECTED] Envoyé : jeudi 6 juillet 2006 19:02 À : Laurent Marc 00 Cc : squid-users@squid-cache.org Objet : Re: SquidNT 2.6 mswin_ntlm_auth.exe problem Hi Laurent, At 13.13 06/07/2006, Laurent Marc 00 wrote: Hi, your patch for mswin_check_lm_group.exe is working fine Good, you can find now an updated package with a mswin_check_lm_group.exe that doesn't need the protocol=2.5 option. but i have another with (i think) mswin_ntlm_auth.exe : after few minutes, squidNT does not work. When i look in cache.log, i can see : 2006/07/06 12:47:59| WARNING: All ntlmauthenticator processes are busy. 2006/07/06 12:47:59| WARNING: up to 188 pending requests queued 2006/07/06 12:47:59| Consider increasing the number of ntlmauthenticator processes to at least 238 in your config file. In squid.conf i have : auth_param ntlm program c:/squid/libexec/mswin_ntlm_auth.exe auth_param ntlm children 50 i try with 30 or 50 children but the problem is the same. Strange problem, it seems that Squid doesn't receive any response from ntlm helpers. Some more info are needed: - Do you had before 2.6 a working 2.5 setup on the same machine ? - What OS on the proxy and what Windows domain (NT, 2000 or 2003) ? - How many concurrent users ? Regards Guido - Guido Serassio Acme Consulting S.r.l. - Microsoft Certified Partner Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY Tel. : +39.011.9530135 Fax. : +39.011.9781115 Email: [EMAIL PROTECTED] WWW: http://www.acmeconsulting.it/
Re: [squid-users] please about ip cache FQDN reposted
squid learner wrote: FQDN Cache Statistics: FQDNcache Entries: 1 FQDNcache Requests: 0 FQDNcache Hits: 0 FQDNcache Negative Hits: 0 FQDNcache Misses: 0 Blocking calls to gethostbyaddr(): 0 FQDN Cache Contents: Address Flg TTL Cnt Hostnames 127.0.0.1 H -001 3 squidlearner localhost.localdomain localhost = IP Cache Statistics: IPcache Entries: 6 IPcache Requests: 8240 IPcache Hits: 8237 IPcache Negative Hits: 0 IPcache Misses: 3 Blocking calls to gethostbyname(): 1 Attempts to release locked entries: 0 IP Cache Contents: Hostname Flg lstrefTTL N proxy.cyberia.net.sa 4 33480 1( 0) 212.107.116.243-OK proxy.jeel.com 5 33480 1( 0) 212.162.130.80-OK proxy.awalnet.net.sa 5 33480 1( 0) 212.93.193.87-OK localhostH 52924 -1 1( 0) 127.0.0.1-OK localhost.localdomainH 52924 -1 1( 0) 127.0.0.1-OK modi H 52924 -1 1( 0) 127.0.0.1-OK This server is only using parents, and therefore relies on them to do DNS lookups. It just needs to know the IPs for the parent caches i have this problem in ipcache that other one squid box have lot of ip but this stops on from first day other one has good and long list FQDN Cache Statistics: FQDNcache Entries: 419 FQDNcache Requests: 74566 FQDNcache Hits: 30504 FQDNcache Negative Hits: 33004 FQDNcache Misses: 11058 Blocking calls to gethostbyaddr(): 0 FQDN Cache Contents: Address Flg TTL Cnt Hostnames 212.118.154.7N -40125 0 212.118.154.8N -606614 0 82.167.33.172 -623208 1 82-167-33-172.odsplus.com 66.228.124.2-1624217 1 66.228.124.2-reverse.egmix.com 67.15.103.14-17635 1 ev1s-67-15-103-14.ev1servers.net 209.172.60.170 -392710 1 ip-209-172-60-170.reverse.privatedns.com 209.172.60.171 -582202 1 ip-209-172-60-171.reverse.privatedns.com 194.165.42.44N -208202 0 209.172.60.172 -392685 1 ip-209-172-60-172.reverse.privatedns.com 66.218.69.11-962416 1 cache.search.vip.scd.yahoo.com 85.234.143.96 -1082499 1 85-234-143 very long list . IP Cache Statistics: IPcache Entries: 920 IPcache Requests: 474793 IPcache Hits: 345651 IPcache Negative Hits: 575 IPcache Misses: 97629 Blocking calls to gethostbyname(): 1 Attempts to release locked entries: 0 This servers is not using parents and is requesting the web pages directly. Therefore it needs to perform the DNS queries itself. IP Cache Contents: Hostname Flg lstrefTTL N proxy.saudi.net.sa 41468 1( 0) 62.149.112.37-OK adsl.awalnet.net.sa 41559 1( 0) 212.93.193.87-OK www.6aar.com43 34499 1( 0) 216.185.39.176-OK www.google.com.sa 44145 4( 0) 216.239.59.99-OK 216.239.59.103-OK 216.239.59.104-OK 216.239.59.147-OK www.galaak.com1001 10500 1( 0) 147.202.47.35-OK www.nabde.com 1232 4841 1( 0) 72.232.16.130-OK www.6rp.net 1337 8524 1( 0)216.80.7.102-OK www.chatrank.com 1358 1866 1( 0)67.15.103.32-OK www.3iny.com 1359 3474 1( 0)72.29.89.178-OK srv19.doook.com 1372175 1( 0)74.52.21.195-OK www.google.com1385 -1325 4( 0) 216.239.59.103-OK 216.239.59.104-OK 216.239.59.147-OK216.239.59.99-OK update.real.com 2427 also very long list... i didnt get any diffrence what i may make mistake Chris
RE: [squid-users] httpd_accel in Squid 2.6.STABLE1 problem
Is there another way since I have multiple backend servers? Thanks, Jon -Original Message- From: Henrik Nordstrom [mailto:[EMAIL PROTECTED] Sent: Thursday, July 06, 2006 2:24 PM To: Jon Subject: RE: [squid-users] httpd_accel in Squid 2.6.STABLE1 problem tor 2006-07-06 klockan 12:26 -0400 skrev Jon: Thanks for the reply and I tried cache_peer virtual parent 80 0 no-query originserver but it gave me an error The following error was encountered: Unable to determine IP address from host name for virtual Change virtual to whatever your backend server is itt needs to be either the IP or a valid host name. Regards Henrik
RE: [squid-users] httpd_accel in Squid 2.6.STABLE1 problem
tor 2006-07-06 klockan 15:09 -0400 skrev Jon: Is there another way since I have multiple backend servers? The intended method is one cache_peer per backend, and cache_peer_access/domain to select which requests gets sent where. Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
[squid-users] Squid/SquidGuard: info of user and category
hello list, I don't know, if this is the correct forum for my question. Sorry, if not. I want to equip my old laptop with a web-filtering software, so that the children of my sister can use it as a surfbox. The laptop runs FreeBSD 6.1 and I installed squid from the ports (version 2.5.14), which works fine at the moment (no complex tasks here ;-) ). Then I added squidguard, also from the ports (version 1.2.0). I used a simple config, which principly works: it blocked some of the sites mentioned in the blacklists - and google(??).=3D20 OK, maybe. So I wanted to put me (and later all adults) in a group with more freedom. But this did not work. It seems to me, that squidguard ignores infos about the user. I found this web page (http://www.onlamp.com/lpt/a/6473) which contained a cgi-script, which makes some infos available. And right, there is no info about the user, who requests the page, and about the category (which will be interesting later). So the question is, where can I start to debug this situation? Is there=3D20 something (an option or so) I missed, when compiling/installing squid/squidguard? Or is it a config-problem of squid (I can of course provide configs - when I know it's the right place here). Thank you for any hint Karsten -- Karsten Rothemund [EMAIL PROTECTED] /\ PGP-Key: 0x7019CAA5 \ / Fingerprint: E752 C759 B9B2 2057 E42F \ ASCII Ribbon Campaign 50EE 47AC A7CE 7019 CAA5 / \ Against HTML Mail and News pgpNOALJojtpq.pgp Description: PGP signature
Re: [squid-users] httpd_accel in Squid 2.6.STABLE1 problem
Jon wrote: tor 2006-07-06 klockan 12:26 -0400 skrev Jon: Thanks for the reply and I tried cache_peer virtual parent 80 0 no-query originserver but it gave me an error The following error was encountered: Unable to determine IP address from host name for virtual Hello Jon, You can try with Server IP address instead of virual . cache_peer [Ip address] parent 80 0 no-query originserver -- Thanks, Visolve Squid Team, http://squid.visolve.com