[squid-users] Two levels of reverse proxy
I need to be able to set up two levels of reverse proxy (http accelerators) but I need help with the configuration. I have no trouble configuring just one reverse proxy, but if I try to put a reverse proxy in front of the reverse proxy, I get into trouble. I have several clients located at many sites all connecting to a central origin server. I have a reverse proxy in front of the origin server to speed up things. I also need a local cache near the clients. It looks like this; my client is pointed at squid.local.server, and I need the requests to reach the orign server. I am also using collapsed forwarding. +--+ |Client| | | +--+ | LAN | +--+ | squid.local.server | | | +--+ | INTERNET | +--+ | squid.origin.server | | | +--+ | LAN | +--+ | origin.server| | | +--+ Please advice on how to configure squid.local.server and squid.origin.server. Regards Roland Rabben
Re: [squid-users] Two levels of reverse proxy
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Roland, Why is squid.local.server a reverse proxy? Can't you just run that in 'normal' mode? Cheers Andrew On 02/03/2007, at 10:26 AM, Roland Rabben wrote: I need to be able to set up two levels of reverse proxy (http accelerators) but I need help with the configuration. I have no trouble configuring just one reverse proxy, but if I try to put a reverse proxy in front of the reverse proxy, I get into trouble. I have several clients located at many sites all connecting to a central origin server. I have a reverse proxy in front of the origin server to speed up things. I also need a local cache near the clients. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (Darwin) iD8DBQFF5/MjW126qUNSzvURAnlpAJ9hYtmJhRVAurMRV1b+uyLKSR41xwCfUKBm 5O7mUozp7GVwROfWdKCQqJ8= =PI1m -END PGP SIGNATURE-
[squid-users] [OT] konqueror not able to ntlm authenticate to squid 2.6-stable9
Hi. I'm try to browse the internet from konqueror (kde 3.5.4), but it fail to authenticate when squid is configured with ntlm_auth (that shipped with squid). If I configure msnt_auth, konqueror is able to authenticate to squid. Firefox is working fine with both. Also IE (6sp1) is working fine. Anyone else has seen this behaviour? TIA PS: I have also tested squid-2.6.stable9-20070302
[squid-users] zph patch website broken ?
Hi, I'm using for 2 years ZPH squid patch ( Zero Penalty Hit ), and works great ! if you google in order to find ZPH patch web site, you are redirected to: www.it-academy.bg/zph How ever, this site is not on line anymore. New ZPH squid pacth website is: http://zph.bratcheda.org Below, the original post from ZPH author: Marin Starev. Best regads, and thank you! De: Gmail - Marin Stavrev [mailto:[EMAIL PROTECTED] Enviado el: Jueves, 11 de Enero de 2007 09:23 a.m. Para: [EMAIL PROTECTED] Asunto: RE: [squid-users] zph patch website broken ? Hello Andres, I'm Marin Stavrev, the author of the ZPH patch. The Cisco Academy I've been working in is in a state of transition, and most probably the web site (www.it-academy.bg/zph) will never be restored. I've moved the hosting to another server that some of my friends are using for hosting their projects and were kind enough to allow me to move the ZPH site there. The new address will be: http://zph.bratcheda.org http://haho.bratcheda.org/zph . I have posted this information in the squid developer's forum, but have problems registering in the users one. I'd appreciate if you post this info on my behalf in the users forum. Thank you M. Stavrev
Re: [squid-users] Errors when Starting Squid
Folks, When I start squid, i get the following errors: helperOpenServers: Starting 10 'sqred.plx' processes 2007/03/01 21:45:50| ipcCreate: CHILD: c:/sqred/sqred.plx: (8) Exec format error snip many duplicates I have noticed that it is due to this command in the .conf file url_rewrite_program c:/sqred/sqred.plx When this line is commented, the proxy works fine. Does anyone have an idea as to what the Exec Format error is? Thanks Alan This is squid attempting to start its child processes. As it does so Windows returns the Exec format error error and causes squid to abandon the startup procedure. The Windows Server Documentation indicates this error is given out by windows when a binary file cannot be executed. Usually on corrupt binaries. Check that the c:/sqred/sqred.plx file is actually an executable format in win32 acceptable format. The windows command line should be able to execute it or give you a better description of the problem. Amos
[squid-users] No squid_redirect option SQUID 2.6.STABLE3 ?
Hello Sirs/Madams, I am running SQUID 2.6.STABLE3 on FreeBSD 6.2. I can not find any string like redirect_program here in squid.conf as it is there in Squid 2.5. Has it been removed in SQUID 2.6.STABLE3 or I have committed some mistake in compiling Squid. Best Regards
[squid-users] Mixed Auth and No-Auth?
I have toyed around with the config and read over the
doc on authentication and authorization. Sorry if I
have missed the obvious...
I already have squid and shorewall working together to
make a transparent proxy. Is it possible to require
authentication only for certain domains (for this
example we will call them marginaldomains {flickr,
myspace, google video} )?
Wait! Before you scream. I know you can't
authenticate transparently. But if one wanted to
visit a marginaldomain he could configure his browser
for the proxy directly (ala Firefox quick proxy
extension).
Why would I want to do this? Well I don't want to
have to reconfigure my browser (or anyone who joins my
network) most of the time, or when I leave the
network. But on the occasion that an appropriate
individual needs access to a marginaldomain I want to
have that option.
So in other words is Squid either authenticate or not
authenticated? Or can it be both depending on the ACL?
--
If you don't know how to do something, you don't know how to do it with a
computer. - Anonymous
The fish are biting.
Get more visitors on your site using Yahoo! Search Marketing.
http://searchmarketing.yahoo.com/arp/sponsoredsearch_v2.php
RE: [squid-users] Errors when Starting Squid
Hi Amos, I gave up on the windows port, I installed again on FC5 and then run again. Once I had setup permissions on the scripts, modified squid.conf to suit the script name etc... Squid started and is now running perfectly with a basic re-write script so all it does is put STDIN to STDOUT. Now I need to understand what coming in from STDIN and manipulate it :-) If I get some time I will try to work out why the windows port wont run the .plx file. If I open cmd line in windows, and type the script name, it runs perfectly, so I am not entirely sure why its not running when called by squid Thanks Alan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: 02 March 2007 14:54 To: WRIGHT Alan Cc: squid-users@squid-cache.org Subject: Re: [squid-users] Errors when Starting Squid Folks, When I start squid, i get the following errors: helperOpenServers: Starting 10 'sqred.plx' processes 2007/03/01 21:45:50| ipcCreate: CHILD: c:/sqred/sqred.plx: (8) Exec format error snip many duplicates I have noticed that it is due to this command in the .conf file url_rewrite_program c:/sqred/sqred.plx When this line is commented, the proxy works fine. Does anyone have an idea as to what the Exec Format error is? Thanks Alan This is squid attempting to start its child processes. As it does so Windows returns the Exec format error error and causes squid to abandon the startup procedure. The Windows Server Documentation indicates this error is given out by windows when a binary file cannot be executed. Usually on corrupt binaries. Check that the c:/sqred/sqred.plx file is actually an executable format in win32 acceptable format. The windows command line should be able to execute it or give you a better description of the problem. Amos
Re: [squid-users] No squid_redirect option SQUID 2.6.STABLE3 ?
Hi, At 17.00 02/03/2007, Santosh Rani wrote: Hello Sirs/Madams, I am running SQUID 2.6.STABLE3 on FreeBSD 6.2. I can not find any string like redirect_program here in squid.conf as it is there in Squid 2.5. Has it been removed in SQUID 2.6.STABLE3 or I have committed some mistake in compiling Squid. No, you have only missed to read the release notes of Squid 2.6: The name of the redirect_program directive is changed in 2.6. Regards Guido - Guido Serassio Acme Consulting S.r.l. - Microsoft Certified Partner Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY Tel. : +39.011.9530135 Fax. : +39.011.9781115 Email: [EMAIL PROTECTED] WWW: http://www.acmeconsulting.it/
RE: [squid-users] ERR_INVALID_REQ - Invalid Request
Hi Adrian, Thank you for your reply. I have Ubuntu Edgy and I installed squid with apt-get. Is there a way to tell what options were used to configure it? Thanks! Angela -Original Message- From: Adrian Chadd [mailto:[EMAIL PROTECTED] Sent: March 1, 2007 5:10 PM To: Angela Burrell Cc: squid users Subject: Re: [squid-users] ERR_INVALID_REQ - Invalid Request On Thu, Mar 01, 2007, Angela Burrell wrote: Transparent redirection: This is the line in my firewall that redirects the HTTP requests from port 80 to port 3328: iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3328 When I comment out this line, clients on the LAN can get through to the Internet. When the above line is implemented, we get the following error in all browsers, to all hosts. ERR_INVALID_REQ The following error was encountered: Invalid Request Some aspect of the HTTP Request is invalid. Possible problems: Missing or unknown request method Missing URL Missing HTTP Identifier (HTTP/1.0) Request is too large Content-Length missing for POST or PUT requests Illegal character in hostname; underscores are not allowed Your cache administrator is webmaster. Generated Wed, 28 Feb 2007 22:49:09 GMT by squid (squid/2.6.STABLE1) Here is my squid.conf file, hoping it will help. http_port 3328 You need to add 'transparent' to this line, ie: http_port 3328 transparent And make sure you've compiled squid with --enable-linux-netfilter . (And you also should upgrade, there's quite a few nasty bugs between squid-2.6.STABLE1 and Squid-2.6.STABLE9.) Adrian
Re: [squid-users] Errors when Starting Squid
Hi, At 22.52 01/03/2007, WRIGHT Alan wrote: Folks, When I start squid, i get the following errors: helperOpenServers: Starting 10 'sqred.plx' processes 2007/03/01 21:45:50| ipcCreate: CHILD: c:/sqred/sqred.plx: (8) Exec format error You should read the Windows Compatibility Notes in the release notes of Squid 2.6: On Windows you must also specify the command interpreter needed for the execution of scripts. Regards Guido - Guido Serassio Acme Consulting S.r.l. - Microsoft Certified Partner Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY Tel. : +39.011.9530135 Fax. : +39.011.9781115 Email: [EMAIL PROTECTED] WWW: http://www.acmeconsulting.it/
Re: [squid-users] NTLM Process failure in 2.5
Hi, At 23.51 28/02/2007, Matthew Smith wrote: hello! I am seeing very similar behaviour in squid 2.5 as what is mentioned in this bug report: http://www.squid-cache.org/bugs/show_bug.cgi?id=1681 From what I can tell, the patch was only applied to 2.6. Is this because patches are no longer issued to 2.5? Or does that specific problem only effect 2.6? Sorry, but Squid 2.5 is no more maintained. Regards Guido - Guido Serassio Acme Consulting S.r.l. - Microsoft Certified Partner Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY Tel. : +39.011.9530135 Fax. : +39.011.9781115 Email: [EMAIL PROTECTED] WWW: http://www.acmeconsulting.it/
RE: [squid-users] Errors when Starting Squid
Alan, A couple of possibilities here. First, when you open the command line do you just type the script name? If so and it works, are there any other sqred.plx files on the disk (somewhere in the path)? Is the folder sqred in the path? Have you tried changing / to \ in the squid.conf command? Dave -Original Message- From: WRIGHT Alan [mailto:[EMAIL PROTECTED] Sent: Friday, March 02, 2007 11:14 AM To: [EMAIL PROTECTED] Cc: squid-users@squid-cache.org Subject: RE: [squid-users] Errors when Starting Squid Hi Amos, I gave up on the windows port, I installed again on FC5 and then run again. Once I had setup permissions on the scripts, modified squid.conf to suit the script name etc... Squid started and is now running perfectly with a basic re-write script so all it does is put STDIN to STDOUT. Now I need to understand what coming in from STDIN and manipulate it :-) If I get some time I will try to work out why the windows port wont run the .plx file. If I open cmd line in windows, and type the script name, it runs perfectly, so I am not entirely sure why its not running when called by squid Thanks Alan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: 02 March 2007 14:54 To: WRIGHT Alan Cc: squid-users@squid-cache.org Subject: Re: [squid-users] Errors when Starting Squid Folks, When I start squid, i get the following errors: helperOpenServers: Starting 10 'sqred.plx' processes 2007/03/01 21:45:50| ipcCreate: CHILD: c:/sqred/sqred.plx: (8) Exec format error snip many duplicates I have noticed that it is due to this command in the .conf file url_rewrite_program c:/sqred/sqred.plx When this line is commented, the proxy works fine. Does anyone have an idea as to what the Exec Format error is? Thanks Alan This is squid attempting to start its child processes. As it does so Windows returns the Exec format error error and causes squid to abandon the startup procedure. The Windows Server Documentation indicates this error is given out by windows when a binary file cannot be executed. Usually on corrupt binaries. Check that the c:/sqred/sqred.plx file is actually an executable format in win32 acceptable format. The windows command line should be able to execute it or give you a better description of the problem. Amos
RE: [squid-users] Errors when Starting Squid
Yes Guido, your right, I missed that on the rel notes :-O Thanks for the pointer Regards Alan -Original Message- From: Guido Serassio [mailto:[EMAIL PROTECTED] Sent: 02 March 2007 16:27 To: WRIGHT Alan; squid-users@squid-cache.org Subject: Re: [squid-users] Errors when Starting Squid Hi, At 22.52 01/03/2007, WRIGHT Alan wrote: Folks, When I start squid, i get the following errors: helperOpenServers: Starting 10 'sqred.plx' processes 2007/03/01 21:45:50| ipcCreate: CHILD: c:/sqred/sqred.plx: (8) Exec format error You should read the Windows Compatibility Notes in the release notes of Squid 2.6: On Windows you must also specify the command interpreter needed for the execution of scripts. Regards Guido - Guido Serassio Acme Consulting S.r.l. - Microsoft Certified Partner Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY Tel. : +39.011.9530135 Fax. : +39.011.9781115 Email: [EMAIL PROTECTED] WWW: http://www.acmeconsulting.it/
RE: [squid-users] No squid_redirect option SQUID 2.6.STABLE3 ?
It has? What did it change to? -Original Message- From: Guido Serassio [mailto:[EMAIL PROTECTED] Sent: March 2, 2007 11:22 AM To: Santosh Rani; squid-users@squid-cache.org Subject: Re: [squid-users] No squid_redirect option SQUID 2.6.STABLE3 ? Hi, At 17.00 02/03/2007, Santosh Rani wrote: Hello Sirs/Madams, I am running SQUID 2.6.STABLE3 on FreeBSD 6.2. I can not find any string like redirect_program here in squid.conf as it is there in Squid 2.5. Has it been removed in SQUID 2.6.STABLE3 or I have committed some mistake in compiling Squid. No, you have only missed to read the release notes of Squid 2.6: The name of the redirect_program directive is changed in 2.6. Regards Guido - Guido Serassio Acme Consulting S.r.l. - Microsoft Certified Partner Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY Tel. : +39.011.9530135 Fax. : +39.011.9781115 Email: [EMAIL PROTECTED] WWW: http://www.acmeconsulting.it/
[squid-users] NTLM realm Parameter
Hi, I run 2.6.STABLE9. I notice that the ntlm_auth does not have a realm parameter. How hard would it be to add this? The resulting proxy prompt in Firefox has where the realm name should be. Thanks, Chris
RE: [squid-users] No squid_redirect option SQUID 2.6.STABLE3 ?
url_rewrite_program -Original Message- From: Angela Burrell [mailto:[EMAIL PROTECTED] Sent: 02 March 2007 17:10 To: Guido Serassio; Santosh Rani; squid-users@squid-cache.org Subject: RE: [squid-users] No squid_redirect option SQUID 2.6.STABLE3 ? It has? What did it change to? -Original Message- From: Guido Serassio [mailto:[EMAIL PROTECTED] Sent: March 2, 2007 11:22 AM To: Santosh Rani; squid-users@squid-cache.org Subject: Re: [squid-users] No squid_redirect option SQUID 2.6.STABLE3 ? Hi, At 17.00 02/03/2007, Santosh Rani wrote: Hello Sirs/Madams, I am running SQUID 2.6.STABLE3 on FreeBSD 6.2. I can not find any string like redirect_program here in squid.conf as it is there in Squid 2.5. Has it been removed in SQUID 2.6.STABLE3 or I have committed some mistake in compiling Squid. No, you have only missed to read the release notes of Squid 2.6: The name of the redirect_program directive is changed in 2.6. Regards Guido - Guido Serassio Acme Consulting S.r.l. - Microsoft Certified Partner Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY Tel. : +39.011.9530135 Fax. : +39.011.9781115 Email: [EMAIL PROTECTED] WWW: http://www.acmeconsulting.it/
[squid-users] apt-get http headers
Greetings, I'm not sure if this is a problem with squid or not, but was told it might be. Currently if I run apt-get with http repositories sometimes (but not all the time) it comes back with message like this, usually gzip or bzip2 errors I think: 99% [5 Sources bzip2 0] [Waiting for headers] [Waiting for headers] [Waiting for headers] [Waiting for headers]bzip2: (stdin) is not a bzip2 file. and errors like: Sub-process bzip2 returned an error code (2) If I change the repositories to ftp they all work fine. I go through a proxy server and http_proxy is set correctly. I was told this could be a problem with squid modifying the headers. I do not know too much about Squid. It is installed on our proxy server which is owned and configured by a company providing our institution with free Internet. I do have access to the server. I checked under Header Access Control under webmin. It says that no header access control rules have been defined. So maybe that isn't the problem. Anyhow, would really appreciate it if anyone can help me with this problem. Thanks, -Kevin No need to miss a message. Get email on-the-go with Yahoo! Mail for Mobile. Get started. http://mobile.yahoo.com/mail
Re: [squid-users] ERR_INVALID_REQ - Invalid Request
[EMAIL PROTECTED]:~$ squid -v Squid Cache: Version 2.6.STABLE1 configure options: '--prefix=/usr' '--exec_prefix=/usr' '--bindir=/usr/sbin' '--sbindir=/usr/sbin' '--libexecdir=/usr/lib/squid' '--sysconfdir=/etc/squid' '--localstatedir=/var/spool/squid' '--datadir=/usr/share/squid' '--enable-async-io' '--with-pthreads' '--enable-storeio=ufs,aufs,diskd,null' '--enable-linux-netfilter' '--enable-linux-proxy' '--enable-arp-acl' '--enable-epoll' '--enable-removal-policies=lru,heap' '--enable-snmp' '--enable-delay-pools' '--enable-htcp' '--enable-cache-digests' '--enable-underscores' '--enable-referer-log' '--enable-useragent-log' '--enable-auth=basic,digest,ntlm' '--enable-carp' '--with-large-files' 'i386-debian-linux' 'build_alias=i386-debian-linux' 'host_alias=i386-debian-linux' 'target_alias=i386-debian-linux' That is what I get when I try it with squid -v on my Ubuntu box Angela Burrell wrote: Hi Adrian, Thank you for your reply. I have Ubuntu Edgy and I installed squid with apt-get. Is there a way to tell what options were used to configure it? Thanks! Angela -Original Message- From: Adrian Chadd [mailto:[EMAIL PROTECTED] Sent: March 1, 2007 5:10 PM To: Angela Burrell Cc: squid users Subject: Re: [squid-users] ERR_INVALID_REQ - Invalid Request On Thu, Mar 01, 2007, Angela Burrell wrote: Transparent redirection: This is the line in my firewall that redirects the HTTP requests from port 80 to port 3328: iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3328 When I comment out this line, clients on the LAN can get through to the Internet. When the above line is implemented, we get the following error in all browsers, to all hosts. ERR_INVALID_REQ The following error was encountered: Invalid Request Some aspect of the HTTP Request is invalid. Possible problems: Missing or unknown request method Missing URL Missing HTTP Identifier (HTTP/1.0) Request is too large Content-Length missing for POST or PUT requests Illegal character in hostname; underscores are not allowed Your cache administrator is webmaster. Generated Wed, 28 Feb 2007 22:49:09 GMT by squid (squid/2.6.STABLE1) Here is my squid.conf file, hoping it will help. http_port 3328 You need to add 'transparent' to this line, ie: http_port 3328 transparent And make sure you've compiled squid with --enable-linux-netfilter . (And you also should upgrade, there's quite a few nasty bugs between squid-2.6.STABLE1 and Squid-2.6.STABLE9.) Adrian -- Craig Van Tassle Network Support E-Mail: [EMAIL PROTECTED] Cell: 815-276-3075 8200 Ridgefield Road Crystal Lake, IL 60012 Chemtool, INC
[squid-users] Cannot see any URL's coming into my script from STDIN
Folks, I have setup the following cfg in squid.conf url_rewrite_program c:/perl/bin/perl.exe c:/sqred/sqred.pl Squid runs fine, but I do not see any URL's into my script. My script is setup to read STDIN and then pop it into a file so that I can read it. For some reason, this file is never populated by Squid, but if i run it manually and enter some text into STDIN then it populates the file fine. Am I missing something in squid config? or is it something else? Thanks Alan
Re: [squid-users] NTLM realm Parameter
fre 2007-03-02 klockan 12:41 -0500 skrev Chris Nighswonger: Hi, I run 2.6.STABLE9. I notice that the ntlm_auth does not have a realm parameter. How hard would it be to add this? The resulting proxy prompt in Firefox has where the realm name should be. The NTLM and Negotiate schemes as specified by Microsoft does not have a realm.. just one of many deviations from the HTTP protocol standars. Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
Re: [squid-users] Mixed Auth and No-Auth?
fre 2007-03-02 klockan 08:13 -0800 skrev mdnorth32: Wait! Before you scream. I know you can't authenticate transparently. But if one wanted to visit a marginaldomain he could configure his browser for the proxy directly (ala Firefox quick proxy extension). Fine. Why would I want to do this? Well I don't want to have to reconfigure my browser (or anyone who joins my network) most of the time, or when I leave the network. But on the occasion that an appropriate individual needs access to a marginaldomain I want to have that option. No problem. So in other words is Squid either authenticate or not authenticated? Or can it be both depending on the ACL? It's always depending on the ACL. Squid does not request authentication until required by ACL processing. So a rule requiring authentication only for some sites looks like http_access allow marginaldomains authenticated_users http_access deny marginaldomains before where general access is allowed.. Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
Re: [squid-users] NTLM realm Parameter
On 3/2/07, Henrik Nordstrom [EMAIL PROTECTED] wrote: fre 2007-03-02 klockan 12:41 -0500 skrev Chris Nighswonger: Hi, I run 2.6.STABLE9. I notice that the ntlm_auth does not have a realm parameter. How hard would it be to add this? The resulting proxy prompt in Firefox has where the realm name should be. The NTLM and Negotiate schemes as specified by Microsoft does not have a realm.. I was looking at the source a bit and noticed that the header was constructed differently for ntlm_auth. just one of many deviations from the HTTP protocol standars. Notice that the terms Microsoft and Mavrick begin with the same letter Thanks, Chris
[squid-users] Re: ERR_INVALID_REQ - Invalid Request
Based on the responses I have received from this list, I have made the following change: Original line: http_port 3328 Changed line: http_port 3328 transparent I have determined that my squid was configured with --enable-linux-netfilter. I also changed no_cache deny QUERY to cache deny QUERY, altough squid did not give me an error about this. Then I received a new error from my web browser. It was something about the request cannot be forwarded at this time, squid is not allowed to contact servers directly and there are no parent proxies available or something like that. So I had to add the following to my squid.conf: always_direct allow all Is this a correct? Is this supposed to be in my configuration or is it a hack/security risk/workaround? I read the documentation and I don't really understand it, but it did get me past that error. Now I have a new problem once again. My DNS lookups were timing out, squid was reporting the dnsserver returned: TIMEOUT I checked my /etc/resolv.conf and it has listed the 2 DNS servers that I got from my ISP when I connected (using pon/poff) So, for some reason squid is NOT reading my /etc/resolv.conf file. To work around this problem I have added the following line to my squid.conf file: dns_nameservers XXX.XXX.XXX.XXX According to documentation, I should NOT need the above line if I do indeed have an /etc/resolv.conf file. So this is an obvious band-aid that needs to be fixed!! My DNS servers change every time I reconnect. But when the line is there... IT FINALLY WORKS( Once I figured out that redirect_program was changed to url_rewrite_program) [rant] honestly, that pees me off - why change the name of a variable if it has the same function? To make it so that people cannot use their tried and true conf files when they upgrade, that's why. [/rant] To recap, my questions are: 1. Is always_direct allow all supposed to be there? 2. How to get squid to read my /etc/resolv.conf file? Thank you very much. Angela Burrell -Original Message- From: Angela Burrell [mailto:[EMAIL PROTECTED] Sent: March 1, 2007 2:42 PM To: squid users Subject: ERR_INVALID_REQ - Invalid Request Hi I hope someone can help me! I am running Squid 2.6.STABLE1 on Ubuntu Edgy 6.10 (Kernel 2.6.17-amd64). Squid is listening on port 3328. I am in the process of changing servers from Mandrake MNF, Kernel 2.4.18-8 with Squid 2.4.STABLE7. I want my configurations to be exactly the same, so I have copied over lots of things like my squid.conf and my firewall script. The configuration file I have included currently works with my old server. On my new Ubuntu server the squid program starts up OK. Oh, I also have SquidGuard running. This is the line in my firewall that redirects the HTTP requests from port 80 to port 3328: iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3328 When I comment out this line, clients on the LAN can get through to the Internet. When the above line is implemented, we get the following error in all browsers, to all hosts. ERR_INVALID_REQ The following error was encountered: Invalid Request Some aspect of the HTTP Request is invalid. Possible problems: Missing or unknown request method Missing URL Missing HTTP Identifier (HTTP/1.0) Request is too large Content-Length missing for POST or PUT requests Illegal character in hostname; underscores are not allowed Your cache administrator is webmaster. Generated Wed, 28 Feb 2007 22:49:09 GMT by squid (squid/2.6.STABLE1) Here is my squid.conf file, hoping it will help. http_port 3328 icp_port 0 hierarchy_stoplist cgi-bin ? acl QUERY urlpath_regex cgi-bin \ ? no_cache deny QUERY cache_mem 16 MB cache_dir diskd /var/spool/squid 1000 16 256 # Redirector redirect_program /usr/local/bin/squidGuard -c /etc/squid/squidGuard.conf redirect_children 32 half_closed_clients off refresh_pattern ^ftp:144020%10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern .0 20% 4320 # ACLs acl Eth1 src 192.168.1.0/255.255.255.0 acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl SSL_ports port 443 563 acl Safe_ports port 80 21 443 563 70 210 1025-65535 acl Safe_ports 280 488 591 777 22 acl CONNECT method CONNECT acl PURGE method PURGE # the below line is to set the local website not to cache acl erc dstdomain .ercsarnia.ca acl erc dstdomain .ercsarnia.com always_direct allow erc no_cache deny erc http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow localhost http_access allow Eth1 http_access allow PURGE localhost http_access deny PURGE http_access deny all icp_access allow all miss_access allow all # The below line is for compatibility with Hotmail # anonymize_headers deny Accept-Encoding # doesn't work with squid 2.6? # user/group cache_effective_user squid
Re: [squid-users] Cannot see any URL's coming into my script from STDIN
fre 2007-03-02 klockan 21:58 +0100 skrev WRIGHT Alan: Folks, I have setup the following cfg in squid.conf url_rewrite_program c:/perl/bin/perl.exe c:/sqred/sqred.pl Squid runs fine, but I do not see any URL's into my script. My script is setup to read STDIN and then pop it into a file so that I can read it. Have you remembered to disable output buffering for the file? Output buffering need to be disabled per file your want to have unbuffered. If not the output will only appear when sufficient amount of URLs have been written, or the helper exits.. Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
Re: [squid-users] Re: US DST times changes
ons 2007-02-28 klockan 08:33 -0800 skrev Joel Jaeggli: Normally logs are in unix time format (number of seconds since the epoc) so they're not concerned with dst (or timezones for that matter). cache.log is.. and so is access.log if using a custom log format with time logged in local time zone. but as said before, fixing the OS timezones is sufficient. Squid uses whatever timezone definitions your OS have, nothing special. REgards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
Re: [squid-users] Reverse proxy config question
ons 2007-02-28 klockan 23:03 +0100 skrev Patrick Donker: Maybe somebody is willing to help me configuring my squid 2.5.14 to both reverse proxy my hosts, and the same time act as a transparant proxy for the local net clients. Upgrade. Reverse proxying is much saner in Squid-2.6. Doing what you ask in 2.5 is a bit of a mess.. - Restrict the outside world to only use my proxy for visiting the sites on my local net (192.168.1.x / 192.168.2.x / 192.168.10.x / 192.168.100.x) - Open the proxy for local net users to the internet Both done in http_access but with different ACLs. http_access allow our_networks http_access allow our_sites http_access deny all Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
Re: [squid-users] Re: ERR_INVALID_REQ - Invalid Request
fre 2007-03-02 klockan 18:44 -0500 skrev Angela Burrell: Then I received a new error from my web browser. It was something about the request cannot be forwarded at this time, squid is not allowed to contact servers directly and there are no parent proxies available or something like that. Thats because you are using an broken Squid version (Bug #1650). This bug was fixed 2006/07/04 21:51:15. Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
