[squid-users] unable to open mail.yahoo.com properly
Hi, I am using squid with Stable13 as a transparent proxy. All is working fine. There is a problem with mail.yahoo.com However mail.yahoo.com will let me login. It will display the contents of the mail box. When i click on the mail to see the content it only shows the header and footer of the mail. Does not display the content. however when I copy the blank area and paste it in notepad it i can see the message. Also , it does not let me to see attachment. Some of the button on pages does not work. Like. forward etc. The layout of the page is not displayed properly. Please help Regards, Ajit Get the free Yahoo! toolbar and rest assured with the added security of spyware protection. http://new.toolbar.yahoo.com/toolbar/features/norton/index.php
[squid-users] openldap 2.3.35 failing to start
Hello Resident Experts, Solaris 10, openldap 2.3.35, postgresql 8.0.1, unixODBC 2.2.12 There are the template test sql files for the Postgresql RDBMS that come with the openldap source code. I've compiled everything correctly, evertyhing is working OOTB, I can create new users and search using ldapmodify and ldapsearch respectively, all of the information in the 'persons' postgresql table is getting updated. I've added an additional attribute to persons table 'mail' and made the appropriate ldap_attr_mappings entry, so I can ldapmodify and add mail values to the users in the database. However, when I attempt to add one more additional attribute 'username' with the following ldap_attr_mappings insert into ldap_attr_mappings (id,oc_map_id,name,sel_expr,from_tbls,join_where,add_proc,delete_proc,param_order,expect_retur n) values (16,1,'username','persons.username','persons','persons.username IS NOT NULL','UPDATE persons SET username=? WHERE i d=?','UPDATE persons SET username=NULL WHERE username=? AND id=?',3,0); and attempt to restart openldap, I get the following error: bash-3.00# /usr/local/libexec/slapd -f /usr/local/etc/openldap/slapd.conf -h ldap://bandaboo1.bandaboo.com:81/ -d 256 @(#) $OpenLDAP: slapd 2.3.35 (May 26 2007 23:48:09) $ [EMAIL PROTECTED]:/usr/local/downloads/openldap-2.3.35/servers/slapd WARNING: No dynamic config support for database sql. backend_startup_one: bi_db_open failed! (1) slapd stopped. connections_destroy: nothing to destroy. -- Louis Gonzales [EMAIL PROTECTED] http://www.linuxlouis.net
[squid-users] Re: openldap 2.3.35 failing to start
Dist, I figured out my own issue! Essentially 'username' is not an attribute defined in any of the schema files that I have slapd load; therefor I changed it to 'displayname' which is an attribute in the inetorgperson schema, adjusted the appropriate settings in the postgresql tables, and voila... slapd was happy, I was happy, happiness now shared with you ;) By the way, openldap kicks some major but on Solaris Especially tieing into PostgreSQL(arguably the best opensource RDBMS - sorry don't want a flamewar ;) ) I hope this info helps someone else too. On Fri, 22 Jun 2007, [EMAIL PROTECTED] wrote: Hello Resident Experts, Solaris 10, openldap 2.3.35, postgresql 8.0.1, unixODBC 2.2.12 There are the template test sql files for the Postgresql RDBMS that come with the openldap source code. I've compiled everything correctly, evertyhing is working OOTB, I can create new users and search using ldapmodify and ldapsearch respectively, all of the information in the 'persons' postgresql table is getting updated. I've added an additional attribute to persons table 'mail' and made the appropriate ldap_attr_mappings entry, so I can ldapmodify and add mail values to the users in the database. However, when I attempt to add one more additional attribute 'username' with the following ldap_attr_mappings insert into ldap_attr_mappings (id,oc_map_id,name,sel_expr,from_tbls,join_where,add_proc,delete_proc,param_order,expect_retur n) values (16,1,'username','persons.username','persons','persons.username IS NOT NULL','UPDATE persons SET username=? WHERE i d=?','UPDATE persons SET username=NULL WHERE username=? AND id=?',3,0); and attempt to restart openldap, I get the following error: bash-3.00# /usr/local/libexec/slapd -f /usr/local/etc/openldap/slapd.conf -h ldap://bandaboo1.bandaboo.com:81/ -d 256 @(#) $OpenLDAP: slapd 2.3.35 (May 26 2007 23:48:09) $ [EMAIL PROTECTED]:/usr/local/downloads/openldap-2.3.35/servers/slapd WARNING: No dynamic config support for database sql. backend_startup_one: bi_db_open failed! (1) slapd stopped. connections_destroy: nothing to destroy. -- Louis Gonzales [EMAIL PROTECTED] http://www.linuxlouis.net
RE: [squid-users] windows update through squid -- sharing experience
-Original Message- From: Dietrich Radel [mailto:[EMAIL PROTECTED] Sent: 22 June 2007 04:53 To: Jigar Raval Cc: squid-users@squid-cache.org Subject: Re: [squid-users] windows update through squid -- sharing experience Jigar Raval wrote: Hello All, I would like to share my experience about windows updtate service pack 2 and latest version through proxy. We have observed if Windows XP Professional Version 2002, Service Pack2 has automatica update is enable than squid was not allowing to update windows. We had a lot of communication with microsoft but we could not get proper solution. We were trying by different option. We format our system and installed with Windows XP service Pack1 and turn off automatic update and tried to update and we got succeed. Then, we turn off the window automatic update option and try to update, the system updated successfully. Those who have windows update problem, with squid kindly try. If anyone has some different experience,kindly give me suggestion. Thank you. Jigar With SP2, to force Automatic Updates to use the proxy server, use the Windows command proxycfg -u to force AU to use IE browser proxy settings. You can also specify the proxy server manually using the -p switch. The -d switch returns it to default direct access setting. If you have a large number of PCs behind the proxy, WSUS server (a free download from MS for Windows Server 2003) could be an option to save bandwidth and to control what updates are applied. We still use SUS server (it's currenly still receiving new updates even though no longer supported) and tell the AU clients where to get updates via a registry key that is set by group policy. Regards, Dietrich I have to agree with the above. My last company had no end of problems getting Windows updates to work automatically through the Proxy server, it seemed no matter what we let through, it would still not work automatically. (Not a problem with Squid though) When I started at my current company, I implemented WSUS and it saves loads of time and bandwidth. The new version 3 has some neat improvements that cuts down the admin time as well, as it can automatically approve updates. Check out http://www.wsus.info/forums/ if you are interested in implementing it, as a good resource for info.
[squid-users] Delay pools
Greetings, Am having problem restricting download traffic other than http with delay pools. My configuration is : acl limitedfiles url_regex -i ftp .exe .EXE .mp3 .MP3 .vqf .tar.gz .gz .rpm .zip .rar .avi .AVI .mpeg .MPEG .mpe .MPE . mpg .MPG .qt .QT .ram .RAM .rm .RM .iso .ISO .raw .RAW .wav .WAV .mov .MOV .swf .SWF delay_pools 2 delay_class 1 3 delay_access 1 allow xx (My network) delay_parameters 1 375000/375000 375000/375000 32000/20 delay_class 2 2 delay_access 2 allow limitedfiles delay_access 2 deny all delay_parameters 2 9/10 2/2 With squidclient I get the following details. Pool: 2 Class: 2 Aggregate: Max: 10 Restore: 9 Current: 10 Individual: Max: 2 Rate: 2 Current: Not used yet. Is there any problem with the config of delay pool? Regards Sunil
Re: [squid-users] unable to open mail.yahoo.com properly
ajit kumar wrote: Hi, I am using squid with Stable13 as a transparent proxy. All is working fine. There is a problem with mail.yahoo.com However mail.yahoo.com will let me login. It will display the contents of the mail box. When i click on the mail to see the content it only shows the header and footer of the mail. Does not display the content. however when I copy the blank area and paste it in notepad it i can see the message. Also , it does not let me to see attachment. Some of the button on pages does not work. Like. forward etc. The layout of the page is not displayed properly. Hi Ajit, Seems like a weird problem. Are you using a parent proxy? It would help if you could post your squid.conf. What does access.log say? What about cache.log at the time when you are facing the problem? I have had my own share of problems with yahoo mail in the past. But unlike yours, I could not login at all. Thanking you... Please help Regards, Ajit Get the free Yahoo! toolbar and rest assured with the added security of spyware protection. http://new.toolbar.yahoo.com/toolbar/features/norton/index.php
Re: [squid-users] Squid and Windows Update
Henrik Nordstrom wrote: tor 2007-06-21 klockan 14:22 +0100 skrev Julian Pilfold-Bagwell: If I am to guess you might need to allow access to the windows update servers without using authentication. Is it possible to do that while retaining authentication for users? Yes. Just allow access to the windows update servers before where you normally require authentication. Regards Henrik Hi again, Does the first acl line: acl winupdate dstdomain .microsoft.com .windowsupdate.com not do this? I put the always_direct rule in before the mynetwork rule but it doesn't seem to do the trick. Thanks, Jools
Re: [squid-users] ISP cache statistics
--- Emilio Casbas [EMAIL PROTECTED] wrote: #squidclient -p 8080 mgr:[EMAIL PROTECTED] Squid Object Cache: Version 2.6.STABLE10 Start Time: Tue, 19 Jun 2007 06:33:45 GMT Current Time: Wed, 20 Jun 2007 14:39:52 GMT Connection information for squid: Number of clients accessing cache: 2969 Number of HTTP requests received: 7796055 Number of ICP messages received:0 Number of ICP messages sent:0 Number of queued ICP replies: 0 Request failure ratio: 0.00 Average HTTP requests per minute since start: 4047.6 Average ICP messages per minute since start:0.0 Select loop called: 239078105 times, 0.483 ms avg Cache information for squid: Request Hit Ratios: 5min: 35.1%, 60min: 39.8% Byte Hit Ratios:5min: 20.1%, 60min: 13.0% Request Memory Hit Ratios: 5min: 1.3%, 60min: 1.9% Request Disk Hit Ratios:5min: 55.4%, 60min: 51.2% Storage Swap size: 147456200 KB Storage Mem size: 8184 KB Mean Object Size: 18.06 KB Requests given to unlinkd: 0 Median Service Times (seconds) 5 min60 min: HTTP Requests (All): 0.04277 0.03829 Cache Misses: 0.12783 0.12783 Cache Hits:0.00286 0.00179 Near Hits: 0.10281 0.07825 Not-Modified Replies: 0.00091 0.0 DNS Lookups: 0.01852 0.02130 ICP Queries: 0.0 0.0 Resource usage for squid: UP Time:115566.724 seconds CPU Time: 6117.060 seconds CPU Usage: 5.29% CPU Usage, 5 minute avg:9.84% CPU Usage, 60 minute avg: 9.11% Process Data Segment Size via sbrk(): 820728 KB Maximum Resident Size: 0 KB Page faults with physical i/o: 669 Memory usage for squid via mallinfo(): Total space in arena: 820728 KB Ordinary blocks: 809227 KB 1984 blks Small blocks: 0 KB 0 blks Holding blocks: 6108 KB 5 blks Free Small blocks: 0 KB Free Ordinary blocks: 11500 KB Total in use: 815335 KB 99% Total free: 11500 KB 1% Total size:826836 KB Memory accounted for: Total accounted: 626931 KB memPoolAlloc calls: 1074538392 memPoolFree calls: 1049979260 File descriptor usage for squid: Maximum number of file descriptors: 2048 Largest file desc currently in use: 1353 Number of file desc currently in use: 923 Files queued for open: 0 Available number of file descriptors: 1125 Reserved number of file descriptors: 100 Store Disk files open: 1 IO loop method: epoll Internal Data Structures: 8165175 StoreEntries 1758 StoreEntries with MemObjects 1661 Hot Object Cache Items 8164968 on-disk objects Thanks Emilio C. Hi Emilio, What is your server specification? Regards, Zul Get the Yahoo! toolbar and be alerted to new email wherever you're surfing. http://new.toolbar.yahoo.com/toolbar/features/mail/index.php
Re: [squid-users] unable to open mail.yahoo.com properly
Hi, I am having the same problem with the cisco website. The webpage doesnt load. Am getting the following message in access.log. 1182504464.622 2506 x.x.x.x TCP_MISS/502 1338 GET http://www.cisco.com/ - DIRECT/198.133.219.25 text/html On the browser am getting the following error. The following error was encountered: Read Error The system returned: (104) Connection reset by peerRegardsSunil- Original Message - From: Tek Bahadur Limbu [EMAIL PROTECTED] To: ajit kumar [EMAIL PROTECTED] Cc: squid-users@squid-cache.org Sent: Friday, June 22, 2007 10:11 AM Subject: Re: [squid-users] unable to open mail.yahoo.com properly ajit kumar wrote: Hi, I am using squid with Stable13 as a transparent proxy. All is working fine. There is a problem with mail.yahoo.com However mail.yahoo.com will let me login. It will display the contents of the mail box. When i click on the mail to see the content it only shows the header and footer of the mail. Does not display the content. however when I copy the blank area and paste it in notepad it i can see the message. Also , it does not let me to see attachment. Some of the button on pages does not work. Like. forward etc. The layout of the page is not displayed properly. Hi Ajit, Seems like a weird problem. Are you using a parent proxy? It would help if you could post your squid.conf. What does access.log say? What about cache.log at the time when you are facing the problem? I have had my own share of problems with yahoo mail in the past. But unlike yours, I could not login at all. Thanking you... Please help Regards, Ajit Get the free Yahoo! toolbar and rest assured with the added security of spyware protection. http://new.toolbar.yahoo.com/toolbar/features/norton/index.php
Re: [squid-users] Squid and Windows Update - SOLVED!!
Hi Henrik, It's cured. You were right about allowing access to winupdate. The confusing aspect is that some time back, we had to wrestle for a day to get it working after Windows updated itself. It turned out that you had to use the always_direct directive to get it work as it would crash out otherwise. Don't know what Microsoft have done to Windows Update but it now has to go back to http_allow. Thanks again, much appreciated, All the best, Julian Pilfold-Bagwell
Re: [squid-users] Squid as a content filter proxy: whitelist approach
[EMAIL PROTECTED] wrote: I know it's possible (and perhaps written in stone in an RFC) to have the client maintain a proxy exclusion list, but that would be unmanageble in this sort of setup. Is it? You use a centrally provided proxy.pac to control the browser. You don't need a complete whitelist in the proxy.pac, just sufficient to avoid wasting too much bandwidth. Thanks for your response. I've done a bit of digging around but have found little info on proxy.pac files. Can i assume, before i do more digging around, that I can put an exclusion list in a .pac file, and have squid push it transparently to each web browser client upon first http request? No. Each browser must be setup to load the .pac itself. WPAD with DNS/DHCP can be used to push .pac to the browser but the method was never standardised and each browser is still different. The transparency is important, as getting each user to configure their browser is out of the question in this setup. Then you will need to test the WPAD methods and give your users instructions and hope they follow them. I can already see problems with exclusion lists becoming large enough to take a substantial time to download to the clients. You started having troubles the moment you started having customers. Welcome to the world of network admins. Again, one could imagine an proxy exclusion list held on the squid server, that when a URL request is received by squid, if it matches the exclusion list, squid could answer go directly to destination, but i doubt that is part of the http-proxy protocol. cheers Jack
[squid-users] stopping TCP_IMS_HIT
Hello all, I've the squid 2.6 stable13 running on x.x.7.3 stepup as web accel. I want to stop the TCP_IMS_HIT/304 requests going to parent cache_peer located at x.x.7.1 My squid.conf http_port 80 accel defaultsite=www.x.com cache_peer x.x.7.1 parent 80 0 no-query originserver weight=1 Regards, Suhaib.
[squid-users] Google Safe Browsing API - Integration with squid?
This might be interesting to anyone using squid to do malware filtering. It needs some kind of integration work before squid can utilize it. http://code.google.com/apis/safebrowsing/ The Malware Block List is another way to filter web traffic. http://www.malware.com.br/ -- Andreas
Re: [squid-users] Google Safe Browsing API - Integration with squid?
On Fri, Jun 22, 2007, Andreas Pettersson wrote: This might be interesting to anyone using squid to do malware filtering. It needs some kind of integration work before squid can utilize it. http://code.google.com/apis/safebrowsing/ The Malware Block List is another way to filter web traffic. http://www.malware.com.br/ There's also http://www.phishtank.org/ . Who would like to see external_acl helpers which allow Squid to use phishtank.org and google safebrowsing lists? Adrian
Re: [squid-users] How Bad is CONNECT and Should I Prevent It?
On 6/21/07, Chuck Kollars [EMAIL PROTECTED] wrote: I think what we really need is just the much simpler blacklist/whitelist capability. If we can transparently intercept, and give a thumbs-up/thumbs-down to every destination IP address (perhaps after doing a reverse DNS lookup on it), that's all we need. No need to transparently intercept for this, and no need for new code. Just configure the client to proxy SSL via Squid, and use the existing ACLs to set the policy for the 'CONNECT' method, similar to what I showed in a previous post in this thread. In my experience, fingerprinting the type of traffic turns out to not be very useful ...after all the difficulty of implementing it. Why? Fingerprinting is relatively easy, but is not nearly as effective (or invasive) as doing true MITM where you actually break the end-to-end encryption to inspect the payload. 1) There's legitimate traffic on 443 that's not web traffic (for example LogMeIn or SSH). Forbidding everything that's non-web is just shooting yourself in the foot. I strongly disagree: LogMeIn and SSH-over-443 are illegitimate, and should be forbidden in any environment with real security policy (that is, anywhere except a public ISP). 2) A big problem is https: proxies, as they're real easy to use and will completely bypass all filters. But they _do_ look like web traffic, so they couldn't be forbidden by reasonable fingerprinting. True. That's where a blacklist/whitelist for general HTTPS traffic comes in. Or better yet, use real MITM interception, and the https: proxies no longer bypass your filters, since no SSL/TLS traffic can make it out of your network alive. Kevin
[squid-users] Re: Squid auth box will not appear for everyone.
I have just replaced my old squid box with a new one, the old proxy was set to do local administration and the new one is set to do LDAP. I do have the authentication working for most of the users but there is a few that will not get prompted for a box and I can#39;t figure it out? One that cannot work is the quot;samequot; as my workstation, it has the same patching level, same browser version and we are on the same subnet. but Her machine never presents with a popup for the username while mine will, and it worked before I added the new box. Any suggestions would be awesome.!
[squid-users] reverse proxy tutorial version dependant?
Hi all I am trying to set up a reverse proxy. I found a tutorial which seems pretty different from others at http://wiki.squid-cache.org/SquidFaq/ReverseProxy Is this tutorial by any chance only for squid 2.6 upwards? I am configuring it on squid 2.5. Actually there is a statement in the tutorial which is confusing me Note: The accel option to http_port is optional and should only be specified for 2.6.STABLE8 and later. In all versions Squid-2.6 and later specifying one of defaultsite or vhost is sufficient. Thanks in advance. Babar -- Get a Free E-mail Account at Mail.com! Choose From 100+ Personalized Domains Visit http://www.mail.com today
Re: [squid-users] Re: Squid auth box will not appear for everyone.
Manual settings sent out via GP On 6/22/07, D E Radel [EMAIL PROTECTED] wrote: Dan OConnor wrote: I have just replaced my old squid box with a new one, the old proxy was set to do local administration and the new one is set to do LDAP. I do have the authentication working for most of the users but there is a few that will not get prompted for a box and I can#39;t figure it out? One that cannot work is the quot;samequot; as my workstation, it has the same patching level, same browser version and we are on the same subnet. but Her machine never presents with a popup for the username while mine will, and it worked before I added the new box. Any suggestions would be awesome.! How are your computers finding out about the proxy? Manual settings, automatic detection or specific proxy.pac file? regards, Dietrich
RE: [squid-users] access.log
Instead of moving only the file you can change the name using the same cron so the name of the file will be access.log-day-month-year-hour-minute --- Fernando Rodriguez -Mensaje original- De: Firas A. Mubarak [mailto:[EMAIL PROTECTED] Enviado el: miƩrcoles, 20 de junio de 2007 01:19 p.m. Para: Fernando Rodriguez; squid-users@squid-cache.org Asunto: Re: [squid-users] access.log this is a very good idea i likd it thank you very much, but once it rotate it just overwrite the previous log file. i want to keep all the access.log files stored for 6 momths . any ideas ? thnx - Original Message - From: Fernando Rodriguez [EMAIL PROTECTED] To: 'Firas A. Mubarak' [EMAIL PROTECTED]; squid-users@squid-cache.org Sent: Wednesday, June 20, 2007 5:29 PM Subject: RE: [squid-users] access.log I made a litle shell script that does that but instead of ftp y rsync to another server whare the file is processed I use centos 4 so I created an entry in crontab where I run this every 8 minutes #!/bin/bash rsync /var/log/squid/access.log -e ssh [EMAIL PROTECTED]:webcache1.log cat /dev/null /var/log/squid/access.log squid -k rotate Hope this helps --- Fernando Rodriguez -Mensaje original- De: Firas A. Mubarak [mailto:[EMAIL PROTECTED] Enviado el: miƩrcoles, 20 de junio de 2007 09:24 a.m. Para: squid-users@squid-cache.org Asunto: [squid-users] access.log Dear All, I have to store my access.log files for 6 months. i need to log rotate the file every 6 hours and then get it uploaded to a local FTP server automatically. any ideas ? Thanks Firas