[squid-users] delay pools based on HIT
i configured delay pools for the user on my squid, i just wonder if i used delay pools, is delay pools limit the bandwidth for the object HIT or SIBLING HIT or PARENT HIT. if delay pools limit that thing, how can ill give a different bandwidth ?
[squid-users] Squids Don't Seem To Peer
I've got 3 servers running squid-2.5.STABLE14. They're set up as accelerators with a redirector, and to peer. I've also turned on cache digests. Here's the relevant info from squid.conf: > http_port 80 > cache_peer squid30 sibling 80 3130 proxy-only > cache_peer squid31 sibling 80 3130 proxy-only > cache_peer squid32 sibling 80 3130 proxy-only > redirect_program squidsaver_new > acl localnet src x.x.x.0/255.255.255.254.0 > redirector_access allow !localnet > acl all src 0.0.0.0/0.0.0.0 > icp_access allow all > httpd_accell_host virtual > httpd_accel_port 80 > httpd_accel_with_proxy on > httpd_accel_uses_host_header on In access.log I get messages like this Squid31: 1152521420.841 322 216.145.59.55 TCP_MISS/200 440756 GET http://f3.x.com/v1/YE7BRLgkxqx5CqRIllTjGS4WbY68R30zXocYQdkCDwa9Z1mmWA7hJAg5cS6gND4WH2FIgZ8QSb3jyq7KHUAjsQ/rosebowl_02_1280.jpg - TMIEOUT_DIRECT/66.218.66.240 image/jpeg ***this works properly, the item doesn't exist in the cache so it goes out and gets it 1152521430.895 237 216.145.59.55 TCP_HIT/200 440763 GET http://f3.x.com/v1/YE7BRLgkxqx5CqRIllTjGS4WbY68R30zXocYQdkCDwa9Z1mmWA7hJAg5cS6gND4WH2FIgZ8QSb3jyq7KHUAjsQ/rosebowl_02_1280.jpg - NONE/- image/jpeg ***this also works properly, the image gets stored in the cache ***I move onto another server Squid30: 1153521711.139 274 216.145.59.55 TCP_MISS/200 440756 GET http://f1.x.com/v1/YE7BRLgkxqx5CqRIllTjGS4WbY68R30zXocYQdkCDwa9Z1mmWA7hJAg5cS6gND4WH2FIgZ8QSb3jyq7KHUAjsQ/rosebowl_02_1280.jpg - TMIEOUT_DIRECT/66.218.66.240 image/jpeg ***squid31 gets a ICP query: 153521710.866 0 squid30 UDP_HIT/000 145 ICP_QUERY http://.com/rosebowl_02_1280.jpg - NONE/- - *** the short url is the long one, post redirection *** but for some reason squid30 never requests the image from squid31, instead it goes to the web server and stores it in it's cache It should be noted that this doesn't always happen. In our test environment they almost always go from peers, and I've seen a few examples use peering in this environment. Thanks, Dan Perron
Re: [squid-users] LDAPv3 problems
fre 2006-07-21 klockan 17:50 -0400 skrev Mike Branda: > Interesting... I didn't realize it was that old. That hardware is > running SuSE 9.3 and is 1 of 2 that have not been rolled up to SuSE 10. It's hard to say how "old" a vendor release is.. Both SuSE and RedHat have the odd policy of not updating package versions but instead backporting patches (and somtimes unsuccessfully so..), causing a major headache for others when support questions is asked outside their own forums as we have no clue what version is really being used other than that it's at least as new as the version indicated. > squid-2.5.STABLE10-5.2 is what is in the SuSE 10 release. After looking > at the previous/current release info for squid, it seems that even it is > out dated by a long shot. I'll have to look at compiling from source > when we upgrade that hardware. 2.5.STABLE10 is only a year old.. and a year newer than 2.5.STABLE5. but current squid-cache.org version is 2.6.STABLE1, and the final 2.5 release was 2.5.STABLE14 (plus two patches). > In any case, I was able to specify -v 3 and get it to work via ldap, > ldaps and with TLS using the proper syntax. Now to implement it in the > conf file Excellent! Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
Re: [squid-users] LDAPv3 problems
On Fri, 2006-07-21 at 22:50 +0200, Henrik Nordstrom wrote: > Please try with a more current version of squid_ldap_auth. 2.5.STABLE5 > is very old, and there was a lot of fixes to squid_ldap_auth over the > years.. > Interesting... I didn't realize it was that old. That hardware is running SuSE 9.3 and is 1 of 2 that have not been rolled up to SuSE 10. squid-2.5.STABLE10-5.2 is what is in the SuSE 10 release. After looking at the previous/current release info for squid, it seems that even it is out dated by a long shot. I'll have to look at compiling from source when we upgrade that hardware. > Current versions of squid_ldap_auth has been verified in LDAPv3 > operations both with and without TLS, and LDAPv2 operations both plain > and SSL wrapped (aka ldaps), and with quite many differnt OpenLDAP > versions and also a few other LDAP libraries. > > squid_ldapauth is a completely different program, distributed separately > by it's authors, separate from the Squid project. > > > squid_ldap_auth never connects. It just sits at a new line and never > > returns to the prompt without a ctrl-c. > > It only connects when you give it a query as input. Syntax on the basic > auth queries can be found in the squid.conf comments, but to keep it > simple it's just > > usernamepassword > > Regards > Henrik Thank you very much!! that was the part I was missing. I found the syntax in squid.conf now. I was just looking for it in the man page and /usr/share/doc/ which was obviously the wrong place. I thought is was strange that strace was stopping at a READ and everything I was sending was getting the ERR response and no query to LDAP took place. I was just feeding in username. In any case, I was able to specify -v 3 and get it to work via ldap, ldaps and with TLS using the proper syntax. Now to implement it in the conf file Thanks again! Mike
Re: [squid-users] LDAPv3 problems
fre 2006-07-21 klockan 16:06 -0400 skrev Mike Branda: > I am using squid-2.5.STABLE5-42.21 to access openldap2-2.2.27-6 LDAPv3. > I am running SuSE which includes 2 versions of squid ldap auth via RPM. Please try with a more current version of squid_ldap_auth. 2.5.STABLE5 is very old, and there was a lot of fixes to squid_ldap_auth over the years.. Current versions of squid_ldap_auth has been verified in LDAPv3 operations both with and without TLS, and LDAPv2 operations both plain and SSL wrapped (aka ldaps), and with quite many differnt OpenLDAP versions and also a few other LDAP libraries. squid_ldapauth is a completely different program, distributed separately by it's authors, separate from the Squid project. > squid_ldap_auth never connects. It just sits at a new line and never > returns to the prompt without a ctrl-c. It only connects when you give it a query as input. Syntax on the basic auth queries can be found in the squid.conf comments, but to keep it simple it's just usernamepassword Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
Re: [squid-users] TCP_MISS/503
fre 2006-07-21 klockan 15:28 +0200 skrev Fabio: > hi everyone > I have a BIG problem I can't solve with my squid. > sometimes (randomly) I have an error in retrieving the URL > in logs it appears as: > 1153487449.160 2211 10.91.195.69 TCP_MISS/503 1660 GET > http://www.sing365.com/music/lyric.nsf/Disposition-lyrics-Tool/C574A6A82533DECC48256A57002CEDB3 > - > NONE/- text/html Anything in cache.log? What appears in the browser? Note: if using MSIE then you probably need to disable "Show user friendly error messages" in the advanced internet settings to stop IE from replacing the error message with a generic "an error occurred" message designed by Microsoft to make users less aware of what is going on... > from what it's depends? Can be a wide variety of different things unfortunately. > where can I find the explanation of the error codes? The FAQ has a section explaining many. In this case TCP_MISS indicates it was a cache miss, and /503 indicates that Squid could not contact the requested server for some reason. The full details was shown in the error message sent to the client. Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
[squid-users] LDAPv3 problems
Hello! I am using squid-2.5.STABLE5-42.21 to access openldap2-2.2.27-6 LDAPv3. I am running SuSE which includes 2 versions of squid ldap auth via RPM. they are: :~ # which squid_ldap_auth /usr/sbin/squid_ldap_auth :~ # which squid_ldapauth /usr/sbin/squid_ldapauth In trying to test the commands from the cli, I can get squid_ldapauth to connect to the server via test account with an /etc/squid_ldapauth.conf file of: # ldap-server : pdc.wackyworld.tv ldap-port : 389 ldap-suffix : dc=wackyworld,dc=tv ldap-filter : (uid=%s) ldap-passwdfield: userPassword ldap-binddn : uid=bobo,ou=Users,dc=wackyworld,dc=tv ldap-password : bobo1 but I get this in the logs: Jul 21 14:39:45 pdc slapd[26580]: conn=739 fd=16 ACCEPT from IP=#removed#:38137 (IP=0.0.0.0:389) Jul 21 14:39:45 pdc slapd[26580]: conn=739 op=0 BIND dn="uid=bobo,ou=Users,dc=wackyworld,dc=tv" method=128 Jul 21 14:39:45 pdc slapd[26580]: conn=739 op=0 RESULT tag=97 err=2 text=historical protocol version requested, use LDAPv3 instead Jul 21 14:39:45 pdc slapd[26580]: conn=739 fd=16 closed So it's trying LDAPv2. The only options for this command are usage: squid_ldapauth [-h] [-v] [-q] [-l] -h this help text -v verbose mode - default is off -q log queries - default is off -l togle usage of syslog - default is on so I can't use v3. the other command: squid_ldap_auth never connects. It just sits at a new line and never returns to the prompt without a ctrl-c. I've tried many different variations of: squid_ldap_auth -b "ou=Users,dc=wackyworld,dc=tv" -s sub -h pdc.wackyworld.tv -p 389 -v 3 -f "uid=%s" including using several -D dn's -w "passwords" that are acl'd in LDAP for all access. Still no connect in the LDAP logs and the program hangs at a new line. Any Ideas? I can ldapsearch with success all day from the same machine squid resides on. It works fine. Why won't squid_ldap_auth connect? How can I debug? I see nothing in syslog and the man page says: --snip-- Debug mode where each step taken will get reported in detail. Useful for understanding what goes wrong if the results is not what is expected. --/snip-- at the end but no option flag is listed. I've tried strace but see nothing useful. Thanks. Mike Branda
Re: [squid-users] TCP_MISS/503
Fabio wrote: hi everyone I have a BIG problem I can't solve with my squid. sometimes (randomly) I have an error in retrieving the URL in logs it appears as: 1153487449.160 2211 10.91.195.69 TCP_MISS/503 1660 GET http://www.sing365.com/music/lyric.nsf/Disposition-lyrics-Tool/C574A6A82533DECC48256A57002CEDB3 - NONE/- text/html 1153487449.332 1 10.91.195.69 TCP_MISS/503 1538 GET http://www.sing365.com/favicon.ico - NONE/- text/html 1153487455.352 45 10.91.195.69 TCP_MISS/503 1660 GET http://www.sing365.com/music/lyric.nsf/Disposition-lyrics-Tool/C574A6A82533DECC48256A57002CEDB3 - NONE/- text/html from what it's depends? where can I find the explanation of the error codes? regards, Hello Fabio, *TCP_MISS* message will come when the requested object is not in the cache. For more details about squid status codes visit at: http://wiki.squid-cache.org/SquidFaq/SquidLogs#head-2914f3a846d41673d4ae34018142e672b8f258ce. -- Thanks, Visolve Squid Team, http://squid.visolve.com
Re: [squid-users] squid 2.6STABLE1 strips authentication headers
fre 2006-07-21 klockan 01:43 +0400 skrev Anton Golubev: > I wonder if it is a proper behavior of the squid to strip authentication > headers, then it configured as accelerating proxy? It's configurable. See the cache_peer directive. Default unless told otherwise is to strip, as it doesn't know if the peer server is within the same administrative realm as Squid.. Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
[squid-users] TCP_MISS/503
hi everyone I have a BIG problem I can't solve with my squid. sometimes (randomly) I have an error in retrieving the URL in logs it appears as: 1153487449.160 2211 10.91.195.69 TCP_MISS/503 1660 GET http://www.sing365.com/music/lyric.nsf/Disposition-lyrics-Tool/C574A6A82533DECC48256A57002CEDB3 - NONE/- text/html 1153487449.332 1 10.91.195.69 TCP_MISS/503 1538 GET http://www.sing365.com/favicon.ico - NONE/- text/html 1153487455.352 45 10.91.195.69 TCP_MISS/503 1660 GET http://www.sing365.com/music/lyric.nsf/Disposition-lyrics-Tool/C574A6A82533DECC48256A57002CEDB3 - NONE/- text/html from what it's depends? where can I find the explanation of the error codes? regards, fabio
[squid-users] Shortening URLs passing through a squid hierarchy
Hi, I am responsible for a large number of squid caches serving most of the schools in Oxfordshire. We have a central 'farm' of squid caches which are the upstream parents to each of the school's local squid cache. At one particular school I have a headmaster who hosts the school's blog site on a remote web server running a product by Userland. When the school tries to access the site through our cache hierarchy, the browser shows: Can't coerce the string "34 10" into a number because it contains non-numeric characters. If the school uses one of the central caches as their proxy it works. It appears to me that this is a problem with the remote site being unable to handle large strings in the request and I have found a bug for this. I have tried to get assistance from the software company without luck. Due to the way we are going to re-configure our central servers I need to find a workaround to this problem. Is there a way to get Squid to shorten the length of the address going to the remote site? Regards Doug Irvine School's Support Team Leader Oxfordshire County Council 3rd Floor Clarendon House Shoe Lane Oxford OX1 2DP 01865 815888 Mobile 07776163426 The information in this e-mail, together with any attachments, is confidential. If you have received this message in error you must not print off, copy, use or disclose the contents. The information may be covered by legal and/or professional privilege. Please delete from your system and inform the sender of the error. As an e-mail can be an informal method of communication, the views expressed may be personal to the sender and should not be taken as necessarily representing the views of the Oxfordshire County Council. As e-mails are transmitted over a public network the Oxfordshire County Council cannot accept any responsibility for the accuracy or completeness of this message. It is your responsibility to carry out all necessary virus checks. You should be aware that all emails received and sent by this Council are subject to the Freedom of Information Act 2000 and therefore may be disclosed to other parties under that Act. www.oxfordshire.gov.uk
[squid-users] does squid 2.6 support setting cache_peer port in redirector script?
With squid 2.5 I can make my redirector script to return something like http://targethost.com:1234/somefile.htm where squid will internal proxy the request to port 1234 of targesthost.com. But I can't seems to do the same with squid 2.6 the port I set in the return string appears to be ignored. Is there any configuration directive I need set in order to enable this feature? Many thanks. Tor.