[squid-users] Compile ldapdigest under FreeBSD 6.1
Hello. Sorry for my poor English. I've already wrote an email to [EMAIL PROTECTED] about this problem yesterday, but I still got no answer. I`m trying to compile ldapdigest under FreeBSD 6.1, but it fails: = gcc -I/usr/local/include -I/root/squid-2.5.STABLE14/include -I/usr/include/rpcsvc/ -I. -L/usr/local/lib -L/root/squid-2.5.STABLE14/lib -o ldapdigest ldapdigest.o edir_ldapext.o -lldap -llber -lcrypt -lm -lresolv -lnsl -lmiscutil /usr/bin/ld: cannot find -lmiscutil*** Error code 1 = Strings from Makefile: LIBS= -lldap -llber -lcrypt -lm -lresolv -lnsl -lmiscutil CFLAGS = -I/usr/local/include -I/root/squid-2.5.STABLE14/include -I/usr/include/rpcsvc/ -I. LDFLAGS = -L/usr/local/lib -L/root/squid-2.5.STABLE14/lib So, all libraries and headers (except "libmiscutil.so*") exists in system. Where I can get this library? Thanks. -- With best regards, Vladimir.
Re: [squid-users] One Squid and 2 DG Connection Restriction Howto ??
Hi Chris, I've already tried that config. It does not work for my config because I am using xforwardedfor setting. Therefore Squid recognize all clients with their internal IP adresses. So i have to allow my network address to connect squid. This causes any client capable of changing proxy settings may connect Squid directly instead of DG which is not desired. In scenario, using only 1 computer with squid and DG installed, there is nothing to worry about. Because http_port is 127.0.0.1:3128 so only local DG can connect. However if 2. DG tries to connect, i have to change http_port to 3128 only. So, i assume http_port settings may be the answer. So is there an answer? On 8/11/06, Chris Robertson <[EMAIL PROTECTED]> wrote: Birol AKBAY wrote: > Hi, > I have 2 computers, let say > A :192.168.0.10 > and > B : 192.168.0.11 > > For A, > Squid 2.6 Stable1, DG 2.9.7.1 are installed. > > For B, > Only DG 2.9.7.5 is installed. > > My purpose is; > Squid must listen only 127.0.0.1:3128(for comp. A) and 192.168.0.28 > for requests from Computer B's IP. Other connection requests should be > discarded. All requests should be forwarded to squid from DG installed > on A and B. > > To do this; > I changed http_port to 3128 from 127.0.0.1:3128. In this case, any > client who can change his/her proxy settings is able to connect proxy > directly.(As expected) This works, but not suitable for my purpose. > > What will be the correct conf? For what it's worth, I have not migrated to Squid 2.6 yet. These instructions may not work. This is extremely simplified, but... acl DansB src 192.168.0.11 http_access allow DansB http_access allow localhost http_access deny all ...should cover your needs. Placement in a full squid.conf is left as an exercise for the reader (Hint 1: keep the http_access lines listed as a group. Hint 2: the http_access deny all should already be part of your squid.conf). > > A simple diagram for struc. > --- > > Client Group 1 > B > | > Client Group 2 > A - Internet > > Chris -- Birol AKBAY [EMAIL PROTECTED]
[squid-users] Squid -2.6 with Tproxy
Hi, I have squid 2.6 STABLE 2 running on FC 2.6.15.2. It is working fine in transparent mode. But I am trying to use Tproxy so that all the requests will spoofed to show the clients IP address and not the cache server. The patches have been applied to the kernel, compiled and applied as per procedure. After restarting the system the modules ipt_tproxy and ipt_TPROXY are loaded. The problem starts when I apply the following iptables rule iptables -t tproxy -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j TPROXY --on-port 3128 The traffic stops going thru the cache server. If the rule is removed the traffic goes smoothly. Cache.log shows the following error tproxy ip=192.168.10.11,0x9eec383e,port=0 ERROR ASSIGN There seems to be no proper documentation for implementation of tproxy with squid on the net. Pls. advice. Regards Sunil
Re: [squid-users] log clients ip from helper program
Henrik Nordstrom wrote: On Thu, 2006-08-10 at 14:57 +0700, Beast wrote: Is there any way to log client's IP from within a helper program. Not from within auth helpers no. The data isn't send there as the authentication scheme cache does not account for the client IP, only the login+password so having the IP sent would confuse some helper authors into thinking that the IP could be used as part of the authentication process. Thanks. However, it would be a usefull feature if we could use IP, username/password pair to authenticate user, so user could only use one username from one IP. --beast
Re: [squid-users] Squid-2.6.STABLE2: "Not our vary marker object"
* Merton Campbell Crockett <[EMAIL PROTECTED]>: > It appears to be fairly consistent; however, it only occurs with two > MSN.COM sites: The one shown above (STB.MSN.COM) and a second site > HP.MSN.COM. We see it for: # awk '/vary / {print $11}' cache.log |awk -F/ '{print $3}'| sort |uniq -c | sort -n 1 www.netscape.de 3 a.as-eu1.falkag.net 12 img.web.de 20 us.js2.yimg.com 32 hp.msn.com 44 www.spiegel.de 47 www.heise.de 79 include.ebaystatic.com 194 stb.msn.com 449 a.as-eu.falkag.net -- Ralf Hildebrandt (i.A. des IT-Zentrums) [EMAIL PROTECTED] Charite - Universitätsmedizin BerlinTel. +49 (0)30-450 570-155 Gemeinsame Einrichtung von FU- und HU-BerlinFax. +49 (0)30-450 570-962 IT-Zentrum Standort CBF send no mail to [EMAIL PROTECTED]
Re: [squid-users] Squid -2.6 with Tproxy
Your iptables patch not complete fc5 use iptables rpm source, you need iptables from tar.gz/bz source - uninstall the iptables rpm, - download tar.gz/bz source from netfilter.org - patch it with iptables-1.3-cttproxy.diff before ./configure rgds, Tino - Original Message - From: "Sunil K.P." <[EMAIL PROTECTED]> To: Sent: Friday, August 11, 2006 4:33 PM Subject: [squid-users] Squid -2.6 with Tproxy Hi, I have squid 2.6 STABLE 2 running on FC 2.6.15.2. It is working fine in transparent mode. But I am trying to use Tproxy so that all the requests will spoofed to show the clients IP address and not the cache server. The patches have been applied to the kernel, compiled and applied as per procedure. After restarting the system the modules ipt_tproxy and ipt_TPROXY are loaded. The problem starts when I apply the following iptables rule iptables -t tproxy -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j TPROXY --on-port 3128 The traffic stops going thru the cache server. If the rule is removed the traffic goes smoothly. Cache.log shows the following error tproxy ip=192.168.10.11,0x9eec383e,port=0 ERROR ASSIGN There seems to be no proper documentation for implementation of tproxy with squid on the net. Pls. advice. Regards Sunil
Re: [squid-users] How to control the bandwidth of websites using squid?
On Fri, 2006-08-11 at 14:51 +0530, Jamshid KP wrote: > Thx for your reply.. > > As am a newbie in Squid ..I dont know where exactly in the Delay pool > part which I need to enter the website url . Can you please be more > detail? See the FAQ for a quick primer. http://wiki.squid-cache.org/SquidFaq/MiscFeatures?highlight=% 28delay_pools%29#head-fd9b4b7ba1854a3c21796173af9d0b9aee33e376 The selection of what to delay how is done by delay_access. More information on access lists is also in the FAQ http://wiki.squid-cache.org/SquidFaq/SquidAcl Regards Henrik
Re: [squid-users] Squid -2.6 with Tproxy
Sunil, im trying to do the same that you are trying, i patched iptables 1.3.5 & 1.3.4 and the problem persist. Tino, have you work this succesfully? could you told me version have you used?(i refer iptables, patch aplied, kernel used, patch tproxy used...) Im using kernel 2.6.15.2 with balabit tproxy patch iptables 1.3.5 and squid 2.6 STABLE2 and always squid debug mode show me the same that show Sunil. I think that my problem is on iptables version and his patch. Regards, Angel M. > Your iptables patch not complete > fc5 use iptables rpm source, you need iptables from tar.gz/bz source > - uninstall the iptables rpm, > - download tar.gz/bz source from netfilter.org > - patch it with iptables-1.3-cttproxy.diff before ./configure > > > rgds, > Tino > > - Original Message - > From: "Sunil K.P." <[EMAIL PROTECTED]> > To: > Sent: Friday, August 11, 2006 4:33 PM > Subject: [squid-users] Squid -2.6 with Tproxy > > > > Hi, > > > > I have squid 2.6 STABLE 2 running on FC 2.6.15.2. > > It is working fine in transparent mode. > > > > But I am trying to use Tproxy so that all the requests will spoofed to > > show the clients IP address and not the cache server. > > The patches have been applied to the kernel, compiled and applied as per > > procedure. > > After restarting the system the modules ipt_tproxy and ipt_TPROXY are > > loaded. > > > > The problem starts when I apply the following iptables rule > > iptables -t tproxy -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j > > TPROXY --on-port 3128 > > > > The traffic stops going thru the cache server. If the rule is removed > > the traffic goes smoothly. > > Cache.log shows the following error > > tproxy ip=192.168.10.11,0x9eec383e,port=0 ERROR ASSIGN > > > > There seems to be no proper documentation for implementation of tproxy > > with squid on the net. > > Pls. advice. > > > > Regards > > Sunil > -- Angel Mieres - [EMAIL PROTECTED] / Gentoo has you...
[squid-users] Help Error squid !!!
Hello ! When i try to do : ./configure --enable-auth="LDAP" --enable-basic-auth-helpers="LDAP" --enable-LDAP-auth-helpers="LDAP" it is O.K but when i made : make i had this error: make[3]: *** no rule to make target 'libldap.a', need by 'all-am'.stop. make[3]: Leaving directory '/root/Desktop/software/squid-2.6.stable2/src/auth' make[2]: ***[all-recursive] error 1 make[2]: Leaving directory '/root/Desktop/software/squid-2.6.stable2/src' make[1]: ***[all] error 2 make[1]: Leaving directory '/root/Desktop/software/squid-2.6.stable2/src' make: ***[all-recursive] error 1 Someone could help me Thz Ale
[squid-users] Caching pages based on cookies
Is there any way to have squid cache pages differently based on a cookie? I know I can put 'Cookie' in the vary header, but this would cache based on all cookies in a user's browser. I'm interested in caching based on a single cookie. Mark
[squid-users] how to install squid_ldap_auth
Hello anybody know how to install squid_ldap_auth with squid in Debian Sarge 3.1. I read all article but i had problem to install it: When i try to do : ./configure --enable-auth="LDAP" --enable-basic-auth-helpers="LDAP" --enable-LDAP-auth-helpers="LDAP" it is O.K but when i made : make i had this error: make[3]: *** no rule to make target 'libldap.a', need by 'all-am'.stop. make[3]: Leaving directory '/root/Desktop/software/squid-2.6.stable2/src/auth' make[2]: ***[all-recursive] error 1 make[2]: Leaving directory '/root/Desktop/software/squid-2.6.stable2/src' make[1]: ***[all] error 2 make[1]: Leaving directory '/root/Desktop/software/squid-2.6.stable2/src' make: ***[all-recursive] error 1 Someone could help me Thz
Re: [squid-users] Howto for Squid in Active Directory (on Debian)
Hi! I´ve tried to use squid with winbind and couldn´t put it working. Then I realized that it is not worth (at least in my case): it too boring to add a user to some group and wait Active Diretory to replicate the changes to ensure squid gets them. I use ntlm_auth and files containing "domain\username" to build my access lists. It works really nice! And you don´t need samba installed (at least I didn´t, running on Fedora 4 and installing squid from the RPM package). If you need any help, just let me know. Regards, Luis Talora Odhiambo WASHINGTON escreveu: * On 10/08/06 14:37 +0200, Mario Iseli wrote: | Hello, | | on the Internet i find tousands of Howtos how to install Squid, | windbind, etc. Noone of them is working! Can anyone give my some hints | where I find a good tutorial obout how to install a Squid with | authentication (to Active Directory) and how to handle with Windows | group-privileges? Is it necessary to execute "winbindd --set-auth-user | bla%blabla"? What happens if the password of "bla" changes? http://kb.papercutsoftware.com/Main/ConfiguringSquidProxyToAuthenticateWithActiveDirectory -Wash http://www.netmeister.org/news/learn2quote.html DISCLAIMER: See http://www.wananchi.com/bms/terms.php -- +==+ |\ _,,,---,,_ | Odhiambo Washington<[EMAIL PROTECTED]> Zzz /,`.-'`'-. ;-;;,_ | Wananchi Online Ltd. www.wananchi.com |,4- ) )-,_. ,\ ( `'-'| Tel: +254 20 313985-9 +254 20 313922 '---''(_/--' `-'\_) | GSM: +254 722 743223 +254 733 744121 +==+ Never eat more than you can lift. -- Miss Piggy
Re: [squid-users] please help squid stop responding after 6-7 houres
squid learner wrote: squid in start run very good but after 6-7 hours it stop responding it losses connection even i am unable to use webmin through any connected pc until i manually restart the squid box but the ping is OK it shows that squid box is connected __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com Check the cache.log for some indication of what's going on. Supplying your Squid version, OS and squid.conf might help the list determine where the problem lies. Chris
Re: [squid-users] One Squid and 2 DG Connection Restriction Howto ??
Birol AKBAY wrote: Hi Chris, I've already tried that config. It does not work for my config because I am using xforwardedfor setting. Ah, new information... Therefore Squid recognize all clients with their internal IP adresses. So i have to allow my network address to connect squid. This causes any client capable of changing proxy settings may connect Squid directly instead of DG which is not desired. In scenario, using only 1 computer with squid and DG installed, there is nothing to worry about. Because http_port is 127.0.0.1:3128 so only local DG can connect. However if 2. DG tries to connect, i have to change http_port to 3128 only. So, i assume http_port settings may be the answer. So is there an answer? Are you using XFF strictly for logging, or do you have ACLs? If it's strictly for logging (and XFF on 2.6 behaves like the XFF patch for 2.5) then omitting "acl_uses_indirect_client on" would solve your problem, but you are probably aware of that... So, in this case, I'd use iptables... iptables -A INPUT -i lo -j ACCEPT iptables -A INPUT -p tcp --dport 3128 -s 192.168.2.11 -j ACCEPT iptables -A INPUT -p tcp --dport 3128 -j REJECT ...or something like that. Chris
Re: [squid-users] log clients ip from helper program
Beast wrote: Henrik Nordstrom wrote: On Thu, 2006-08-10 at 14:57 +0700, Beast wrote: Is there any way to log client's IP from within a helper program. Not from within auth helpers no. The data isn't send there as the authentication scheme cache does not account for the client IP, only the login+password so having the IP sent would confuse some helper authors into thinking that the IP could be used as part of the authentication process. Thanks. However, it would be a usefull feature if we could use IP, username/password pair to authenticate user, so user could only use one username from one IP. --beast Look into max_user_ip and authenticate_ip_ttl. If you want to limit where each user can log in from, that is doable with ACLs. Chris
Re: [squid-users] FATAL: xcalloc: Unable to allocate 1 blocks of 4112 bytes!
On 8/10/06, Adrian Chadd <[EMAIL PROTECTED]> wrote: On Thu, Aug 10, 2006, Pranav Desai wrote: > Hello, > > I am doing some performance testing on FC5 with squid 2.6-S2 > > I am getting the following error when I use cache_mem 4 GB > > FATAL: xcalloc: Unable to allocate 1 blocks of 4112 bytes! > Squid Cache (Version 2.6.STABLE2): Terminated abnormally. It sounds like you've hit a process limit. Try 'ulimit -a' to see whats going on. I checked it, it looks fine. cat /proc/sys/fs/file-nr 92100 32768 ulimit -a -- core file size (blocks, -c) 0 data seg size (kbytes, -d) unlimited file size (blocks, -f) unlimited pending signals (-i) 131072 max locked memory (kbytes, -l) 32 max memory size (kbytes, -m) unlimited open files (-n) 32768 pipe size(512 bytes, -p) 8 POSIX message queues (bytes, -q) 819200 stack size (kbytes, -s) 8192 cpu time (seconds, -t) unlimited max user processes (-u) 131072 virtual memory (kbytes, -v) unlimited file locks (-x) unlimited when I run it without cache_mem (i.e. default value), it runs fine, without crashing at the same load. Let me know if you need any other details. -- Pranav Adrian -- -- http://pd.dnsalias.org
[squid-users] Caching a QueryString with parameters
Hey Guys, It's a pleasure to be part of the squid community. I'm a big squid fan and mostly I use Squid as my transparent proxy/cache between my Apache and my Zope application and Squid makes my environment happen. Today I´ve got a bunch of MISS because some users were getting straight to a page with some parameters on the querystring. I know that this is totally normal and expected, but I would like to know if it's possible to cache situations where you have thousands of requests to a page with parameters on the querystring, like: http://www.mysite.com/mypage?myparameter=myoption Thank you very much and greetings from Brazil! JOC
Re: [squid-users] FATAL: xcalloc: Unable to allocate 1 blocks of 4112 bytes!
On Fri, Aug 11, 2006, Pranav Desai wrote: > On 8/10/06, Adrian Chadd <[EMAIL PROTECTED]> wrote: > >On Thu, Aug 10, 2006, Pranav Desai wrote: > >> Hello, > >> > >> I am doing some performance testing on FC5 with squid 2.6-S2 > >> > >> I am getting the following error when I use cache_mem 4 GB Ah - which platform are you running this on? Is it being compiled in proper 64 bit mode? I've never run squid with 4 gigabytes of RAM for cache_mem and i've never had a computer with enough memory to let me do so. :) adrian
Re: [squid-users] please help squid stop responding after 6-7 houres
--- Chris Robertson <[EMAIL PROTECTED]> wrote: > squid learner wrote: > > squid in start run very good but after 6-7 hours > it > > stop responding it losses connection > > even i am unable to use webmin through any > connected > > pc until i manually restart the squid box > > > > but the ping is OK it shows that squid box is > connected > Check the cache.log for some indication of what's > going on. > > Supplying your Squid version, OS and squid.conf > might help the list > determine where the problem lies. > > Chris > redhat 9.0 STABLE13 squid.conf maximum_object_size 9 MB # proxy from isp acl all src 0.0.0.0/0.0.0.0 never_direct allow all cache_mem 64 MB cache_store_log none acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 #===adition for ip statics hierarchy_stoplist cgi-bin ? acl QUERY urlpath_regex cgi-bin \? no_cache deny QUERY logfile_rotate 10 #=== up to here #here your network acl lan src 192.168.1.0/255.255.255.0 acl SSL_ports port 443 563 acl Safe_ports port 80 21 443 563 70 210 1025-65535 acl Safe_ports port 280 acl Safe_ports port 488 acl Safe_ports port 591 acl Safe_ports port 777 acl CONNECT method CONNECT refresh_pattern ^ftp: 144090% 10080 refresh_pattern ^gopher:14400% 1440 refresh_pattern . 99% 0 override-expire reload-into-ims override-lastmod quick_abort_min 16 KB quick_abort_max 16 KB quick_abort_pct 95 negative_ttl 0 minutes positive_dns_ttl 24 hours negative_dns_ttl 1 minutes range_offset_limit 0 KB connect_timeout 120 minutes peer_connect_timeout 30 seconds read_timeout 15 minutes request_timeout 60 seconds client_lifetime 1 day pconn_timeout 120 seconds shutdown_lifetime 30 seconds http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow lan http_access deny all icp_access allow all miss_access allow all cache_mgr [EMAIL PROTECTED] visible_hostname adenet.com unique_hostname adenet.com cache_effective_user squid cache_effective_group squid httpd_accel_host vertual httpd_accel_port 80 httpd_accel_with_proxy on httpd_accel_uses_host_header on cache_access_log /usr/local/squid/var/logs/access.log #== cache_dir diskd /usr/local/squid/var/cache1 1 16 256 Q1=72 Q2=64 http_port 8080 http_port 3128 PLEASE :- iS IT POSSIBLE YOU CAN CHECK IT REMOTLY ? HOW? WHAT I HAVE TO PROVIDE ISP IP AND OPEN PORTS ! IF YOU GIVE SOME IDIA ABOUT IT APRESEATED THANK YOU __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Re: [squid-users]
sarg is too cpu sensitive. try lightsquid perl base program . perfect thing... On 8/10/06, Zahir <[EMAIL PROTECTED]> wrote: just installed sarg 2.2.1 (rpm) under rhel 4. I tried to start the service by service sarg start and it's saying "unrecognized service". Pls tell me how to run sarg. I am running sarg as #sarg -l "accesslogpath" -o "outputdir" -d "date" Is it the correct way to run sarg ? Other thing I wanna ask u is I want to have realtime report. I tried to find sargrealtime.php and there's no such a file. Also I cudn't see sarg-php folder. Pls tell me how can I view the realtime report Thanks in advance for your reply -- Best Regards NIMA SADEGHIAN
Re: [squid-users] please help squid stop responding after 6-7 houres
On Fri, Aug 11, 2006, squid learner wrote: > cache_dir diskd /usr/local/squid/var/cache1 1 16 > 256 Q1=72 Q2=64 I suggest you use AUFS under Linux. I've heard of strange issues with diskd and it might be related to your issues. Adrian