[squid-users] Rewrite html
dear all , im looking for some kind of Tool for squid to rewrite html pages that squid retrieves in transparent mode , say that i need to add between head /head . thanks! :) -- To be or not to be. -- Shakespeare To do is to be. -- Nietzsche To be is to do. -- Sartre Do be do be do. -- Sinatra
Re: [squid-users] Problem trying to make siblings (proxies) to talk.
On 18.05.07 19:21, Pedro de Medeiros wrote: Thanks a ton! Worked like a charm. :) Cheers, Pedro. On 5/18/07, leongmzlist [EMAIL PROTECTED] wrote: I had this problem as well. Solved by increasing icp timeout. icp_query_timeout 7000 works for me using cache digests should help even a bit more. -- Matus UHLAR - fantomas, [EMAIL PROTECTED] ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. I don't have lysdexia. The Dog wouldn't allow that.
Re: [squid-users] Rewrite html
On Sat, May 19, 2007, Armin ranjbar wrote: dear all , im looking for some kind of Tool for squid to rewrite html pages that squid retrieves in transparent mode , say that i need to add between head /head . thanks! :) Squid can't do it natively yet. The more testers we get for Squid-3 the quicker we can get it released and the quicker you'll be able to do that kind of HTML page rewriting everyone wants to. Adrian
Re: [squid-users] Rewrite html
On Sat, 19 May 2007 17:06:09 +0800 Adrian Chadd [EMAIL PROTECTED] wrote: On Sat, May 19, 2007, Armin ranjbar wrote: dear all , im looking for some kind of Tool for squid to rewrite html pages that squid retrieves in transparent mode , say that i need to add between head /head . thanks! :) Squid can't do it natively yet. The more testers we get for Squid-3 the quicker we can get it released and the quicker you'll be able to do that kind of HTML page rewriting everyone wants to. Adrian do you know any addon , wrapper or redirector than can do it ? something like squid guardian or etc ... ? at the end do you know any other stable proxy software that is able to do this kind of operation ? -- Tomorrow, you can be anywhere.
Re: [squid-users] Rewrite html
On Sat, May 19, 2007, Armin ranjbar wrote: do you know any addon , wrapper or redirector than can do it ? something like squid guardian or etc ... ? at the end do you know any other stable proxy software that is able to do this kind of operation ? Not sure, sorry. Maybe look at dansguardian as an example? Adrian
Re: [squid-users] Rewrite html
I've heard that some people use Apache to do such things. i.e. for adding advertisement to head of the pages in free webhosting services. I guess it could be done using mod_proxy in combination with another module. Hope this helps On 5/19/07, Armin ranjbar [EMAIL PROTECTED] wrote: On Sat, 19 May 2007 17:06:09 +0800 Adrian Chadd [EMAIL PROTECTED] wrote: On Sat, May 19, 2007, Armin ranjbar wrote: dear all , im looking for some kind of Tool for squid to rewrite html pages that squid retrieves in transparent mode , say that i need to add between head /head . thanks! :) Squid can't do it natively yet. The more testers we get for Squid-3 the quicker we can get it released and the quicker you'll be able to do that kind of HTML page rewriting everyone wants to. Adrian do you know any addon , wrapper or redirector than can do it ? something like squid guardian or etc ... ? at the end do you know any other stable proxy software that is able to do this kind of operation ? -- Tomorrow, you can be anywhere. -- Mehdi Sarmadi
[squid-users] FreeBSD + WCCPv2
A few people noted they had issues getting WCCPv2 interception with FreeBSD-6.2 I'm doing some WCCPv2 testing at home and I've made it work under Squid-3. The work in progress document: http://wiki.squid-cache.org/ConfigExamples/FreeBsdAndWccp2 Adrian
[squid-users] squid behind another proxy
Hi Guys! I'm writing down this email because i tried several times perform an specific task with squid and i still not able to reach my aim. I have a computer runing NTLM, another proxy with Micro$oft authentication, i put a Squid behind this proxy and i cannot connect to any internet web pages, i still recieving Time out message from any web page that i'm trying to open. The only thing that i receive besides this error message is the IP address for the page requested. I got from some how-to a rule called cache-per and i set the followings option: cache_peer xxx.xxx.xxx.xxx parent 3128 0 default no-query (I seted the 3128 port in the NTLM as well) Also i tried with cache_peer xxx.xxx.xxx.xxx sibling 3128 0 default no-query and i received the same error. Could you help in order to resolve this problem??? I don't know what to do about it. I will appreciate all your help. -- --- Lucas Coudures Registered Linux User #442566 Blog: http://lucas-coudures.blogspot.com/ Jabber: [EMAIL PROTECTED]
Re: [squid-users] squid behind another proxy
Hi, On Sat, May 19, lucas coudures wrote: I got from some how-to a rule called cache-per and i set the followings option: cache_peer xxx.xxx.xxx.xxx parent 3128 0 default no-query (I seted the 3128 port in the NTLM as well) did you have a line like: never_direct allow all to tell squid, it shall get all pages via the peers and not directly ? -- Gruß Dieter -- I do not get viruses because I do not use MS software. If you use Outlook then please do not put my email address in your address-book so that WHEN you get a virus it won't use my address in the From field. signature.asc Description: Digital signature
[squid-users] How to use external authentication and authorisation helpers ?
I am new to squid and I try to understand how squid has to be configured for authentication and authorisation. For example if I want to authenticate a user with NTLM or Negotiate and authorise depending on ldap group memberships. I was thinking that I need: auth_param ntlm program /path/to/samba/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp auth_param ntlm keep_alive on auth_param ntlm children 5 external_acl_type ldap_group ttl=3600 negative_ttl=3600 children=5 %LOGIN /path/to/helper url=ldap://server.com bind=DC=SERVER,DC=COM acl ntlm proxy_auth REQUIRED acl ldap_check external ldap_group SQUID_USER http_access allow ldap_check # And finally deny all other access to this proxy http_access deny all What I was wondering is how does the authentication helper get invoked ? Do I need also http_access allow ntlm or will ldap_check know that ntlm authentication has to be invoked to get %LOGIN details ? Thank you Markus
[squid-users] GUI for squid
hello my name is Lucas Coudures and i am from argentina My English is very bad but i am in a proyect to implement squid in my university and i cant find a mailing list of squid in spanish. I am looking for a GUI to config Squid remotely (remote access ), i tried webmin but it have to many options and i want something simple to administrate Squid thanks -- --- Lucas Coudures Registered Linux User #442566 Blog: http://lucas-coudures.blogspot.com/ Jabber: [EMAIL PROTECTED]
Re: [squid-users] WCCP / no return traffic on gre interface
Hi Henrik, I caught this thread as I was fighting the same issue, and this dialogue got me much farther. But not quite there so i have a question if you do not mind. I have a Cisco 1841 doing wccpv2 with an ACL that, for now, trap only my wifi laptops web traffic on the DSL egress BVI1 interface. Squid is a Gentoo Linux box on a 10.0.0.20/24 address, off FastEtherenet0/0.1. My Wifi Station is 10.0.2.10/24 off FastEtherenet0/0.5. Squid listening on port 3128 transparent, iptables REDIRECT from 80 to 3128. wccp0 gre tunnel is up and shows traffic recieved from the router. Squid works great as I have firefox manually using 10.0.0.20 port 80 as a proxy, so my iptables redirect is doing it's job, and Squid is happy as a proxy. When I run IE7 on the same laptop with no proxy, I see my router catch it, and send ther request to my proxy. The eth0/wccp0 port has it come in (tshark -i wccp0 shows the web request, tshark -i eth0 -R ip proto gre shows the gre traffic of the same) But Squid in debug mode shows no hit to the proxy server process. I suspect that the WCCPv2 is working, but the traffic is not making it to Squid from the end of the GRE tunnel. Debug from router: WCCP-PKT:S00: Received valid Here_I_Am packet from 10.0.0.20 w/rcv_id 0B48 WCCP-PKT:S00: Sending I_See_You packet to 10.0.0.20 w/ rcv_id 0B49 WCCP-PKT:S00: Received valid Here_I_Am packet from 10.0.0.20 w/rcv_id 0B49 WCCP-PKT:S00: Sending I_See_You packet to 10.0.0.20 w/ rcv_id 0B4A Debug ip packet (permit gre any any) IP: s=222.222.222.222 (FastEthernet0/0.5), d=10.0.0.20 (FastEthernet0/0.1), IP: g=10.0.0.20, len 80, forward, proto=47 IP: s=222.222.222.222 (FastEthernet0/0.5), d=10.0.0.20 (FastEthernet0/0.1), IP: g=10.0.0.20, len 80, forward, proto=47 My router has a loopback of 222.222.222.222 so I would know it easily in tunnel config. The real outside IP it was using was 209.162.205.230 on BVI1 and that is where the ip wccp web-cache redirect out command lives. A sniff on my proxy server, as I have IE7 do a google search: goonie ~ # tshark -R gre Capturing on eth0 8.212647 mater.nickellson.com - po-in-f147.google.com TCP 2087 http [SYN] Seq=0 Len=0 MSS=1260 WS=0 11.218921 mater.nickellson.com - po-in-f147.google.com TCP 2087 http [SYN] Seq=0 Len=0 MSS=1260 WS=0 17.255232 mater.nickellson.com - po-in-f147.google.com TCP 2087 http [SYN] Seq=0 Len=0 MSS=1260 WS=0 This is how I am surmizing WCCPv2 is OK, as I get the GRE redirect. Squid cache.log under debug: 2007/05/19 15:31:37| wccp2HereIam: sending to service id 0 2007/05/19 15:31:37| Sending HereIam packet size 144 2007/05/19 15:31:37| Incoming WCCPv2 I_SEE_YOU length 132. 2007/05/19 15:31:37| Complete packet received 2007/05/19 15:31:37| Incoming WCCP2_I_SEE_YOU Received ID old=3039 new=3040. 2007/05/19 15:31:37| Cleaning out cache list 2007/05/19 15:31:37| checking cache list: (140a:140a) 2007/05/19 15:31:37| Change not detected (5 = 5) I think I have followed the bunny trail pretty far here and I wold love some advice on how to debug this further. How can I see between the redirect packet landing on eth0 from the wccp0 tunnel to why iptables never gets it to squid? iptables -t nat -L Chain PREROUTING (policy ACCEPT) target prot opt source destination ACCEPT 0-- anywhere 10.0.2.0/24 REDIRECT tcp -- anywhere anywheretcp dpt:http redir ports 3128 ACCEPT 0-- anywhere 10.0.0.0/24 REDIRECT tcp -- anywhere anywheretcp dpt:http redir ports 3128 ip addr show wccp0 4: [EMAIL PROTECTED]: POINTOPOINT,NOARP,UP,1 mtu 1476 qdisc noqueue link/gre 10.0.0.20 peer 222.222.222.222 inet 10.0.0.20/32 scope global wccp0 Nick -- Nick Ellson Dad CCDA, CCNP, CCSP, CCAI, MCSE 2000, Security+, Network+ Network Hobbyist, VFR Private Pilot.
Re: [squid-users] WCCP / no return traffic on gre interface
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Nick Ellson wrote: I think I have followed the bunny trail pretty far here and I wold love some advice on how to debug this further. How can I see between the redirect packet landing on eth0 from the wccp0 tunnel to why iptables never gets it to squid? iptables -t nat -L Chain PREROUTING (policy ACCEPT) target prot opt source destination ACCEPT 0-- anywhere 10.0.2.0/24 REDIRECT tcp -- anywhere anywheretcp dpt:http redir ports 3128 ACCEPT 0-- anywhere 10.0.0.0/24 REDIRECT tcp -- anywhere anywheretcp dpt:http redir ports 3128 I think the PREROUTING destination is not 10.0.2.0/24 or 10.0.0.0/24. PREROUTING would see the decapsulated packet, so it would see the real destination. My iptables are iptables -A PREROUTING -i wccp1 -p tcp -m tcp --dport 80 -j REDIRECT \ --to-ports 3128 iptables -A PREROUTING -i wccp1 -p tcp -m tcp --dport 8000 -j REDIRECT \ --to-ports 3128 iptables -A PREROUTING -i wccp1 -p tcp -m tcp --dport 8080 -j REDIRECT \ --to-ports 3128 ip addr show wccp0 4: [EMAIL PROTECTED]: POINTOPOINT,NOARP,UP,1 mtu 1476 qdisc noqueue link/gre 10.0.0.20 peer 222.222.222.222 inet 10.0.0.20/32 scope global wccp0 Nick - -- A: Because it destroys the flow of conversation. Q: Why is top posting dumb? - -- Juan Nicolás Ruiz| Corporación Parque Tecnológico de Mérida | Centro de Cálculo Cientifico ULA [EMAIL PROTECTED] | Avenida 4, Edif. Gral Masini, Ofic. B-32 +58-(0)274-252-4192 | Mérida - Edo. Mérida. Venezuela PGP Key fingerprint = CDA7 9892 50F7 22F8 E379 08DA 9A3B 194B D641 C6FF -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD4DBQFGT6dhmjsZS9ZBxv8RAtQUAJdMrKVyw1rUozLJqlO5lMGoRPrrAJ9CXcYL 5HbNeNAxzk7pqXVgOmrpUA== =1ox6 -END PGP SIGNATURE-
Re: [squid-users] WCCP / no return traffic on gre interface
Hi Nicolas, I was using this WIKI to configure, and thought the same thing you did.. would not my destination be anything BUT my local net? Then at the end of this WIKI there is a guy that has my type of set-up. Interception Caching with Linux 2.6.18, ip_gre, Squid-2.6 and cisco IOS 12.4(6)T2 by ReubenFarrelly http://wiki.squid-cache.org/SquidFaq/InterceptionProxy So I tried the ! my net approach, though i noticed he used DNAT.. Not=20 sure why. Anyway, I get hits, but still nothing into Squid. iptables -t nat -L -v Chain PREROUTING (policy ACCEPT 2968 packets, 969K bytes) pkts bytes target prot opt in out source destination 64 3328 DNAT tcp -- wccp0 any 10.0.0.0/16 !10.0.0.0/16 tcp dpt:http to:10.0.0.20:3128 The counter only climbs when I try to surf from IE7. So it's getting hit. I want to try yours now and see what happens. iptables -t nat -L -v Chain PREROUTING (policy ACCEPT 5763 packets, 1846K bytes) pkts bytes target prot opt in out source destination 12 624 REDIRECT tcp -- wccp0 any anywhere anywhere tcp dpt:http redir ports 3128 Hr, got hits, but same result.. the browser justs sits there. No logs in Squid. Nick -- Nick Ellson Dad CCDA, CCNP, CCSP, CCAI, MCSE 2000, Security+, Network+ Network Hobbyist, VFR Private Pilot.
Re: [squid-users] WCCP / no return traffic on gre interface
On Sat, May 19, 2007, Nick Ellson wrote: Hi Nicolas, I was using this WIKI to configure, and thought the same thing you did.. would not my destination be anything BUT my local net? Then at the end of this WIKI there is a guy that has my type of set-up. Interception Caching with Linux 2.6.18, ip_gre, Squid-2.6 and cisco IOS 12.4(6)T2 by ReubenFarrelly Try http://wiki.squid-cache.org/ConfigExamples/ Also, make sure you've got ip forwarding turned on, and rp filtering turned off. Adrian
Re: [squid-users] GUI for squid
On Sat, May 19, 2007, lucas coudures wrote: hello my name is Lucas Coudures and i am from argentina My English is very bad but i am in a proyect to implement squid in my university and i cant find a mailing list of squid in spanish. I am looking for a GUI to config Squid remotely (remote access ), i tried webmin but it have to many options and i want something simple to administrate Squid You could try the Squid plugin for Webmin. To be honest though, Squid isn't that hard to configure for most setups; you could try finding a squid-cluey person in your neighbourhood to give you a hand or you could ask here. (Personally I've wanted to write one for quite some time now, and it seems a popular request. If someone would like to fund this then please let us know..) Adrian
Re: [squid-users] WCCP / no return traffic on gre interface
Hi Adrian, From the section I quoted in the WIKI I did this: echo 0 /proc/sys/net/ipv4/conf/default/accept_source_route echo 0 /proc/sys/net/ipv4/conf/default/rp_filter echo 1 /proc/sys/net/ipv4/ip_forward I'll look at some of the other configs, but would you think having the counters increment on the IPTABLES rules would mean that they are being utilized and would be handled by Squid? Nick -- Nick Ellson Dad CCDA, CCNP, CCSP, CCAI, MCSE 2000, Security+, Network+ Network Hobbyist, VFR Private Pilot.