Re: [squid-users] how can I query squid cache?
ying lcs wrote:
Thanks for all the help.
One more question (hopefully the last),
is it possible for me to link in the squidclient in my c/c++ program?
I would like to do this "squidclient -H "Cache-Control: only-if-cached\n"
'http://www.freebsd.org/' | head -1 | awk '{ if ($2=="200") print
"cached!"; else print "not cached"; }'"
programically in my program.
While it would be possible, you might want to use functions for speaking
proxy http directly instead. If you can't find any it is quite simple to
generate the whole query yourself; here's an example using netcat:
echo "GET http://www.freebsd.org/ HTTP/1.0\nCache-Control:
only-if-cached\n\n" | nc | head
--
Andreas
[squid-users] NTLM auth and JAVA authentication
Hi all, I am unable to authenticate to my squid proxies from Java enabled web sites using the Java Platform standard edition 6 (v1.6.0, which is the latest version). I am using NTLM authentication and have tried with squid 2.5 stable14 and also 2.6 stable13. When I try access one of these pages, I am constantly asked for my login credentials (username, password and domain) and no matter how many times I enter the correct details, the java login box keeps reappearing. Any ideas on how to get this working? Regards Paolo Biancolli This communication is intended for the addressee only. It is confidential. If you have received this communication in error, please notify us immediately and destroy the original message. You may not copy or disseminate this communication without the permission of the University. Only authorized signatories are competent to enter into agreements on behalf of the University and recipients are thus advised that the content of this message may not be legally binding on the University and may contain the personal views and opinions of the author, which are not necessarily the views and opinions of The University of the Witwatersrand, Johannesburg. All agreements between the University and outsiders are subject to South African Law unless the University agrees in writing to the contrary.
Re: [squid-users] Re: squid_kerb_auth - Negotiate
On Wed, 11 Jul 2007 21:55:56 +0100 "Markus Moeller" <[EMAIL PROTECTED]> wrote: > The return code 102 of parseNegTokenInit usually means the token is > not a SPNEGO token. Could you sned me the complete token ? Sure, here it is (full debug output (level 9) can also be sent if needed) 2007/07/11 17:00:22| squid_kerb_auth: Got 'YR YIICTAYGKwYBBQUCoIICQDCCAjygMDAuBgk qhkiC9xIBAgIGCSqGSIb3EgECAgYKKoZIhvcSAQICAwYKKwYBBAGCNwICCqKCAgYEggICYIIB/gYJKoZI hvcSAQICAQBuggHtMIIB6aADAgEFoQMCAQ6iBwMFACCjggEhYYIBHTCCARmgAwIBBaEUGxJTVFVER U5USS5QT0xJVE8uSVSiIjAgoAMCAQKhGTAXGwRIVFRQGw9zcXVpZC5wb2xpdG8uaXSjgdcwgdSgAwIBEK EDAgEDooHHBIHEWyFsulqOVPaP44POoDEBOs1Gz02LEdTBrYYGsJTDp4RGOUuEwY+GHPaJSSx/HtNNq76 XwssFV6tmiqsJw3MVwZ5EyakJwyYVjEbSuB9qmoOCOGFUmdiaogv9mQayHyOZXJA+54wmYmXn19RpOx7g WpCYtoxZ9MBtanCWMSWp6glY0jVpi/hHdPzTD8uGQ2asR/kcqHxdPTslL1pH5uC+Bunk6C9ukVj9/Oe9e dQRFsBHwHw14aaKQKmPQnH4liYcqFjRvqSBrjCBq6ADAgEBooGjBIGgX7XTlG0dTRI7Uz42jvA47p09tu 5Yh7zu/BuNKLILo4WcC1JGThjBQQZyL5cKWqmLIsI4+hUpeUdvIuU8J642Hnv2xZ3rcMloSWWeflan682 8a8ONLUq9sUnUgxWMOrFpDEkmL7bUhGB7kniaOCAH552mp86gHHOeYHb/QU7c9rSFHb4HcnGYw9QuUSlE n0Xd9w52gYAqz7x7qwAeEi0+Zg==' from squid (length: 795). 2007/07/11 17:00:22| squid_kerb_auth: parseNegTokenInit failed with rc=102 2007/07/11 17:00:22| squid_kerb_auth: gss_accept_sec_context() failed: A token was invalid. Mechanism is incorrect It was sent by a Firefox 2.0.0.4 on a Win2000 Computer. > > Which Kerberos release are you using ? Debian Etch current one. krb5 (1.4.4-7etch2) Uoah, that's old!, didn't notice before. Do you think kerberos 1.5.* or even 1.6.* will work better? (aka should i upgrade kerberos to make things works?) Tomorrow i think i'll do some other tests with ie7 and maybe i'll try with a different kerberos version. Regards -- Miolinux
Re: [squid-users] NTLM auth and JAVA authentication
On Thu, 12 Jul 2007 09:35:06 +0200 "Paolo Biancolli" <[EMAIL PROTECTED]> wrote: > > Hi all, > > I am unable to authenticate to my squid proxies from Java enabled web > sites using the Java Platform standard edition 6 (v1.6.0, which is the > latest version). I am using NTLM authentication and have tried with > squid 2.5 stable14 and also 2.6 stable13. When I try access one of > these pages, I am constantly asked for my login credentials (username, > password and domain) and no matter how many times I enter the correct > details, the java login box keeps reappearing. > > Any ideas on how to get this working? I had the same issue. Reverting the patch http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE12-ntlm_nonpersistent.patch solved the problem for me. Regards Jörg
[squid-users] Re: Re: squid_kerb_auth - Negotiate
The token seems alright. If you use a recent Kerberos implementation you should compile with -DHAVE_SPNEGO which will avoid the use of the spnego helper routines. If you don't run a recent Kerberos implementation make sure that you use: for Linux: -D__LITTLE_ENDIAN__ for Solaris: -D__BIG_ENDIAN__ As this is important for the spnegohelper. Regards Markus "miolinux" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > On Wed, 11 Jul 2007 21:55:56 +0100 > "Markus Moeller" <[EMAIL PROTECTED]> wrote: > >> The return code 102 of parseNegTokenInit usually means the token is >> not a SPNEGO token. Could you sned me the complete token ? > > Sure, here it is (full debug output (level 9) can also be sent if > needed) > > 2007/07/11 17:00:22| squid_kerb_auth: Got 'YR > YIICTAYGKwYBBQUCoIICQDCCAjygMDAuBgk > qhkiC9xIBAgIGCSqGSIb3EgECAgYKKoZIhvcSAQICAwYKKwYBBAGCNwICCqKCAgYEggICYIIB/gYJKoZI > hvcSAQICAQBuggHtMIIB6aADAgEFoQMCAQ6iBwMFACCjggEhYYIBHTCCARmgAwIBBaEUGxJTVFVER > U5USS5QT0xJVE8uSVSiIjAgoAMCAQKhGTAXGwRIVFRQGw9zcXVpZC5wb2xpdG8uaXSjgdcwgdSgAwIBEK > EDAgEDooHHBIHEWyFsulqOVPaP44POoDEBOs1Gz02LEdTBrYYGsJTDp4RGOUuEwY+GHPaJSSx/HtNNq76 > XwssFV6tmiqsJw3MVwZ5EyakJwyYVjEbSuB9qmoOCOGFUmdiaogv9mQayHyOZXJA+54wmYmXn19RpOx7g > WpCYtoxZ9MBtanCWMSWp6glY0jVpi/hHdPzTD8uGQ2asR/kcqHxdPTslL1pH5uC+Bunk6C9ukVj9/Oe9e > dQRFsBHwHw14aaKQKmPQnH4liYcqFjRvqSBrjCBq6ADAgEBooGjBIGgX7XTlG0dTRI7Uz42jvA47p09tu > 5Yh7zu/BuNKLILo4WcC1JGThjBQQZyL5cKWqmLIsI4+hUpeUdvIuU8J642Hnv2xZ3rcMloSWWeflan682 > 8a8ONLUq9sUnUgxWMOrFpDEkmL7bUhGB7kniaOCAH552mp86gHHOeYHb/QU7c9rSFHb4HcnGYw9QuUSlE > n0Xd9w52gYAqz7x7qwAeEi0+Zg==' from squid (length: 795). > 2007/07/11 17:00:22| squid_kerb_auth: parseNegTokenInit failed with rc=102 > 2007/07/11 17:00:22| squid_kerb_auth: gss_accept_sec_context() failed: A > token was invalid. Mechanism is incorrect > > It was sent by a Firefox 2.0.0.4 on a Win2000 Computer. > > >> >> Which Kerberos release are you using ? > > > Debian Etch current one. > krb5 (1.4.4-7etch2) > > Uoah, that's old!, didn't notice before. > Do you think kerberos 1.5.* or even 1.6.* will work better? (aka should > i upgrade kerberos to make things works?) > > Tomorrow i think i'll do some other tests with ie7 and maybe i'll try with > a different kerberos version. > > Regards > > -- > Miolinux >
Re: [squid-users] cachemgr.cgi - display raw text
From: "Ming-Ching Tiew" <[EMAIL PROTECTED]> > > it (correctly) display the formatted html text asking > me for name and password, and but when I click > continue it displayed this text on the browser rather than > formatted html, it looks to me there are extra text in front > of the output which confuses the browser. > I worked around the problem by doing this in a new cgi :- # cat cmgr.cgi #!/bin/sh /mnt/squid/libexec/cachemgr.cgi | sed -e '1,8d' Everything works perfectly after this. Regards.
Re: [squid-users] Re: Re: squid_kerb_auth - Negotiate
On Thu, 12 Jul 2007 09:51:23 +0100 "Markus Moeller" <[EMAIL PROTECTED]> wrote: > The token seems alright. If you use a recent Kerberos implementation > you should compile with -DHAVE_SPNEGO which will avoid the use of the > spnego helper routines. If you don't run a recent Kerberos > implementation make sure that you use: > for Linux: > -D__LITTLE_ENDIAN__ > for Solaris: > -D__BIG_ENDIAN__ > > As this is important for the spnegohelper. Hi, i've just updated the kdc and the krb5libs on squid host to the "testing" version of debian [krb5 (1.6.dfsg.1-5)]. Now it works! Thank you very much. There's however something i would ask you: With newer kerberos libs works out of the box (./configure;make;make install), however i tried to compile squid_kerb_auth with -DHAVE_SPNEGO adding it to do.sh, but got some warning cc1: warnings being treated as errors squid_kerb_auth.c: In function ‘main’: squid_kerb_auth.c:195: warning: unused variable ‘kerberosTokenLength’ squid_kerb_auth.c:180: warning: unused variable ‘rc’ so i removed "-Werror" from do.sh and it compiled. With both "standard" and "DHAVE_SPNEGO" version of the helper i noticed a strange behaviour in logs: 2007/07/12 12:35:15| squid_kerb_auth: Got 'YR YIICTAYGKwYBBQUCoIICQDCCA jygMDAuBgkqhkiC9xIBAgIGCSqGSIb3EgECAgYKKoZIhvcSAQICAwYKKwYBBAGCNwICCqKC AgYEggICYIIB/gYJKoZIhvcSAQICAQBuggHtMIIB6aADAgEFoQMCAQ6iBwMFACCjggE hYYIBHTCCARmgAwIBBaEUGxJTVFVERU5USS5QT0xJVE8uSVSiIjAgoAMCAQKhGTAXGwRIVF RQGw9zcXVpZC5wb2xpdG8uaXSjgdcwgdSgAwIBEKEDAgEDooHHBIHEULBIf35R+xfVHAyVv JcwKbcUUWOzN9q3OgCHceBDUn+L2yYFugILBpLUQ/C3rz++qrpbyLTgc6z2LSssE6sbxDH+ ibG7k73QH5tE8l+sj4NTj217RiwGBMJnUNCP8PMFmYOWmqlYBg9pZzJDTa4KbXtx6i7I3LU ve9wG+YI69f+xVndLN3y3hRbEJgMJcteS9hWrlN3LkiUlH7B0GWcIVqxrADqyHv7hJBhOJF jDw/O8G6AEc6tLCTBZr7fyfZXnaaJcUKSBrjCBq6ADAgEBooGjBIGgpYqE+KOUv+iVkKGc0 eiqzCFI6kiNKt1cwXnTUc8lAwxxPZNfi+CrlfvQc4XsSeJcj0kIeUw0KRSVt0u+fjIA1PVF P8DJmgM443lj7icj7qS0sccPwBD1BL8UX+Q444rFRESr206w+U1VXO92m0WYuqXTehXGZqc tYwNeNpXmLYZ96/rMpyA7h/bCKCG9l5bfcE/4mBpVm24O2//BeKrtXw==' from squid (length: 795). 2007/07/12 12:35:15| squid_kerb_auth: parseNegTokenInit failed with rc=102 2007/07/12 12:35:15| squid_kerb_auth: AF oYGLMIGIoAMKAQChCwYJKoZIgvcSAQI ConQEcmBwBgkqhkiG9xIBAgICAG9hMF+gAwIBBaEDAgEPolMwUaADAgEBokoESLjO9CJpkO4 +UlWAzvSF1DUq620yHD9C1+wnoHbTv6LKzjsN2Se9s7r99fXHEzCK77mXdd10fwhoz7ot+NH U74gmPWgO7Pe2PA== [EMAIL PROTECTED] 2007/07/12 12:35:15| authenticateStart: auth_user_request '0x8423310' Is it normal to get parseNegTokenInit rc=102 error anyway before authenticating the user? Thanks, -- Miolinux
[squid-users] time ACL
Hi all, Is there a way to restrict some users access to the internet at a particular time or this is glabol, applies to everyone who has their proxy setting pointed to the server. Thank you BSD Networking, Microsoft Notworking
Re: [squid-users] time ACL
Yes, there's an acl named time that's described in squid.conf. # acl aclname time [day-abbrevs] [h1:m1-h2:m2] # day-abbrevs: # S - Sunday # M - Monday # T - Tuesday # W - Wednesday # H - Thursday # F - Friday # A - Saturday # h1:m1 must be less than h2:m2 You can make it work in conjunction with other acls. Regards, Isnard Em Qui, 2007-07-12 às 07:04 -0400, Monah Baki escreveu: > Hi all, > > Is there a way to restrict some users access to the internet at a > particular time or this is glabol, applies to everyone who has their > proxy setting pointed to the server. > > Thank you > > > BSD Networking, Microsoft Notworking > > >
[squid-users] Re: Re: Re: squid_kerb_auth - Negotiate
Thanks for the feedback. I will fix the compile warnings. You will always get the 102 error when using firefox as it uses plain GSSAPI token and not SPNEGO token. My code tries to convert an SPNEGO token to a GSSAPI token and if the original token was already a GSSAPI token the routine returns a 1xx error. Regards Markus "miolinux" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] On Thu, 12 Jul 2007 09:51:23 +0100 "Markus Moeller" <[EMAIL PROTECTED]> wrote: > The token seems alright. If you use a recent Kerberos implementation > you should compile with -DHAVE_SPNEGO which will avoid the use of the > spnego helper routines. If you don't run a recent Kerberos > implementation make sure that you use: > for Linux: > -D__LITTLE_ENDIAN__ > for Solaris: > -D__BIG_ENDIAN__ > > As this is important for the spnegohelper. Hi, i've just updated the kdc and the krb5libs on squid host to the "testing" version of debian [krb5 (1.6.dfsg.1-5)]. Now it works! Thank you very much. There's however something i would ask you: With newer kerberos libs works out of the box (./configure;make;make install), however i tried to compile squid_kerb_auth with -DHAVE_SPNEGO adding it to do.sh, but got some warning cc1: warnings being treated as errors squid_kerb_auth.c: In function 'main': squid_kerb_auth.c:195: warning: unused variable 'kerberosTokenLength' squid_kerb_auth.c:180: warning: unused variable 'rc' so i removed "-Werror" from do.sh and it compiled. With both "standard" and "DHAVE_SPNEGO" version of the helper i noticed a strange behaviour in logs: 2007/07/12 12:35:15| squid_kerb_auth: Got 'YR YIICTAYGKwYBBQUCoIICQDCCA jygMDAuBgkqhkiC9xIBAgIGCSqGSIb3EgECAgYKKoZIhvcSAQICAwYKKwYBBAGCNwICCqKC AgYEggICYIIB/gYJKoZIhvcSAQICAQBuggHtMIIB6aADAgEFoQMCAQ6iBwMFACCjggE hYYIBHTCCARmgAwIBBaEUGxJTVFVERU5USS5QT0xJVE8uSVSiIjAgoAMCAQKhGTAXGwRIVF RQGw9zcXVpZC5wb2xpdG8uaXSjgdcwgdSgAwIBEKEDAgEDooHHBIHEULBIf35R+xfVHAyVv JcwKbcUUWOzN9q3OgCHceBDUn+L2yYFugILBpLUQ/C3rz++qrpbyLTgc6z2LSssE6sbxDH+ ibG7k73QH5tE8l+sj4NTj217RiwGBMJnUNCP8PMFmYOWmqlYBg9pZzJDTa4KbXtx6i7I3LU ve9wG+YI69f+xVndLN3y3hRbEJgMJcteS9hWrlN3LkiUlH7B0GWcIVqxrADqyHv7hJBhOJF jDw/O8G6AEc6tLCTBZr7fyfZXnaaJcUKSBrjCBq6ADAgEBooGjBIGgpYqE+KOUv+iVkKGc0 eiqzCFI6kiNKt1cwXnTUc8lAwxxPZNfi+CrlfvQc4XsSeJcj0kIeUw0KRSVt0u+fjIA1PVF P8DJmgM443lj7icj7qS0sccPwBD1BL8UX+Q444rFRESr206w+U1VXO92m0WYuqXTehXGZqc tYwNeNpXmLYZ96/rMpyA7h/bCKCG9l5bfcE/4mBpVm24O2//BeKrtXw==' from squid (length: 795). 2007/07/12 12:35:15| squid_kerb_auth: parseNegTokenInit failed with rc=102 2007/07/12 12:35:15| squid_kerb_auth: AF oYGLMIGIoAMKAQChCwYJKoZIgvcSAQI ConQEcmBwBgkqhkiG9xIBAgICAG9hMF+gAwIBBaEDAgEPolMwUaADAgEBokoESLjO9CJpkO4 +UlWAzvSF1DUq620yHD9C1+wnoHbTv6LKzjsN2Se9s7r99fXHEzCK77mXdd10fwhoz7ot+NH U74gmPWgO7Pe2PA== [EMAIL PROTECTED] 2007/07/12 12:35:15| authenticateStart: auth_user_request '0x8423310' Is it normal to get parseNegTokenInit rc=102 error anyway before authenticating the user? Thanks, -- Miolinux
Re: [squid-users] time ACL
How do I write the acl in such a way if all users IP is 192.169.10.0/32 but from Monday-Friday 192.168.10.6 and 192.168.10.7 can only use it from 10AM to 12PM. Thank you > Yes, there's an acl named time that's described in squid.conf. > > # acl aclname time [day-abbrevs] [h1:m1-h2:m2] > # day-abbrevs: > # S - Sunday > # M - Monday > # T - Tuesday > # W - Wednesday > # H - Thursday > # F - Friday > # A - Saturday > # h1:m1 must be less than h2:m2 > > You can make it work in conjunction with other acls. > > > Regards, > > Isnard > > > Em Qui, 2007-07-12 às 07:04 -0400, Monah Baki escreveu: >> Hi all, >> >> Is there a way to restrict some users access to the internet at a >> particular time or this is glabol, applies to everyone who has their >> proxy setting pointed to the server. >> >> Thank you >> >> >> BSD Networking, Microsoft Notworking >> >> >> >
Re: [squid-users] time ACL
Never mind, found it. AclDefnitions acl abc src 172.161.163.85 acl xyz src 172.161.163.86 acl asd src 172.161.163.87 acl morning time 06:00-11:00 acl lunch time 14:00-14:30 acl evening time 16:25-23:59 Access Controls http_access allow abc morning http_access allow xyz morning lunch http_access allow asd lunch Thanks > How do I write the acl in such a way if all users IP is 192.169.10.0/32 > but from Monday-Friday 192.168.10.6 and 192.168.10.7 can only use it from > 10AM to 12PM. > > Thank you > > >> Yes, there's an acl named time that's described in squid.conf. >> >> # acl aclname time [day-abbrevs] [h1:m1-h2:m2] >> # day-abbrevs: >> # S - Sunday >> # M - Monday >> # T - Tuesday >> # W - Wednesday >> # H - Thursday >> # F - Friday >> # A - Saturday >> # h1:m1 must be less than h2:m2 >> >> You can make it work in conjunction with other acls. >> >> >> Regards, >> >> Isnard >> >> >> Em Qui, 2007-07-12 às 07:04 -0400, Monah Baki escreveu: >>> Hi all, >>> >>> Is there a way to restrict some users access to the internet at a >>> particular time or this is glabol, applies to everyone who has their >>> proxy setting pointed to the server. >>> >>> Thank you >>> >>> >>> BSD Networking, Microsoft Notworking >>> >>> >>> >> > >
Re: [squid-users] time ACL
Try that... acl special_ips src 192.168.10.6/255.255.255.255 192.168.10.7/255.255.255.255 acl network src 192.168.10.0/255.255.255.0 acl special_time time MTWHF 10:00-12:00 http_access deny special_ips !special_time http_access allow network http_access deny all It will deny special_ips for time not in special_time scope, allow the rest of the network and deny the rest. Regards, Isnard Em Qui, 2007-07-12 às 08:06 -0400, Monah Baki escreveu: > How do I write the acl in such a way if all users IP is 192.169.10.0/32 > but from Monday-Friday 192.168.10.6 and 192.168.10.7 can only use it from > 10AM to 12PM. > > Thank you > > > > Yes, there's an acl named time that's described in squid.conf. > > > > # acl aclname time [day-abbrevs] [h1:m1-h2:m2] > > # day-abbrevs: > > # S - Sunday > > # M - Monday > > # T - Tuesday > > # W - Wednesday > > # H - Thursday > > # F - Friday > > # A - Saturday > > # h1:m1 must be less than h2:m2 > > > > You can make it work in conjunction with other acls. > > > > > > Regards, > > > > Isnard > > > > > > Em Qui, 2007-07-12 às 07:04 -0400, Monah Baki escreveu: > >> Hi all, > >> > >> Is there a way to restrict some users access to the internet at a > >> particular time or this is glabol, applies to everyone who has their > >> proxy setting pointed to the server. > >> > >> Thank you > >> > >> > >> BSD Networking, Microsoft Notworking > >> > >> > >> > > > >
[squid-users] Squid + ntlm stops working after several days
Hi, I'm using squid (3.0.PRE5, Debian 3.1) with NTLM authentication (winbind, windows 2003 domain). After several days, squid stops delivering websites to the users. When I request a Website, an entry is made in the access.log but my username is not listed there. Example: 1184237654.584 7 192.168.1.2 TCP_DENIED/407 2412 GET http://www.google.de/ - NONE/- text/html When I restart squid everything works fine again... Anyone an idea what's happening here??? ITSM - Gesellschaft für Informationstechnologie und Services Meiß mbH Marco Hahnen [EMAIL PROTECTED] +49 (0) 2173 / 10 64 8-79 (Phone) +49 (0) 2173 / 10 64 8-48 (Fax) 0800 / 800 4357 (Hotline) Postanschrift: ITSM GmbH Heinrich-von-Stephan-Str. 9 40764 Langenfeld http://www.itsm.de http://www.profree.de Eingetragen beim Amtsgericht Düsseldorf (HRB 46382) - Geschäftsführer Norbert Meiß und Beate Meiß __ Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den Absender, und vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser Mail sind nicht gestattet. This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden.
[squid-users] How to test squid using squid client
Hi, I am reading "Test Squid" section here: http://www.deckle.co.za/squid-users-guide/Starting_Squid I am able to get squid running, but when I do the step of " ./squidclient http://www.squid-cache.org/"; to test the squid, I get the following permission denied error. Can you please me how I can test a running squid the first time? $ ./squidclient http://www.squid-cache.org/ HTTP/1.0 403 Forbidden Server: squid/2.6.STABLE13 Date: Thu, 12 Jul 2007 15:54:53 GMT Content-Type: text/html Content-Length: 1073 Expires: Thu, 12 Jul 2007 15:54:53 GMT X-Squid-Error: ERR_ACCESS_DENIED 0 X-Cache: MISS from [EMAIL PROTECTED] Via: 1.0 [EMAIL PROTECTED]:3128 (squid/2.6.STABLE13) Proxy-Connection: close http://www.w3.org/TR/html4/loose.dtd";> ERROR: The requested URL could not be retrieved ERROR The requested URL could not be retrieved While trying to retrieve the URL: http://www.squid-cache.org/";>http://www.squid-cache.org/ The following error was encountered: Access Denied. Access control configuration prevents your request from being allowed at this time. Please contact your service provider if you feel this is incorrect. Your cache administrator is mailto:webmaster";>webmaster. Generated Thu, 12 Jul 2007 15:54:53 GMT by [EMAIL PROTECTED] (squid/2.6.STABLE13)
Re: [squid-users] How to test squid using squid client
Did you set up the acl in your squid.conf? Squid is configured to block all connections by default. Look for these lines in your squid.conf: --- # Example rule allowing access from your local networks. Adapt # to list your (internal) IP networks from where browsing should # be allowed #acl our_networks src 192.168.1.0/24 192.168.2.0/24 #http_access allow our_networks # And finally deny all other access to this proxy http_access deny all --- EDIT THESE: #acl our_networks src 192.168.1.0/24 192.168.2.0/24 #http_access allow our_networks Thank you, John Yatsko, Jr. Technology Assistant Erie County Public Library 160 East Front St Erie PA 16507 (814) 451-7307 - Original Message - From: "ying lcs" <[EMAIL PROTECTED]> To: Sent: Thursday, July 12, 2007 12:00 PM Subject: [squid-users] How to test squid using squid client Hi, I am reading "Test Squid" section here: http://www.deckle.co.za/squid-users-guide/Starting_Squid I am able to get squid running, but when I do the step of " ./squidclient http://www.squid-cache.org/"; to test the squid, I get the following permission denied error. Can you please me how I can test a running squid the first time? $ ./squidclient http://www.squid-cache.org/ HTTP/1.0 403 Forbidden Server: squid/2.6.STABLE13 Date: Thu, 12 Jul 2007 15:54:53 GMT Content-Type: text/html Content-Length: 1073 Expires: Thu, 12 Jul 2007 15:54:53 GMT X-Squid-Error: ERR_ACCESS_DENIED 0 X-Cache: MISS from [EMAIL PROTECTED] Via: 1.0 [EMAIL PROTECTED]:3128 (squid/2.6.STABLE13) Proxy-Connection: close http://www.w3.org/TR/html4/loose.dtd";> ERROR: The requested URL could not be retrieved type="text/css"> ERROR The requested URL could not be retrieved While trying to retrieve the URL: http://www.squid-cache.org/";>http://www.squid-cache.org/ The following error was encountered: Access Denied. Access control configuration prevents your request from being allowed at this time. Please contact your service provider if you feel this is incorrect. Your cache administrator is mailto:webmaster";>webmaster. Generated Thu, 12 Jul 2007 15:54:53 GMT by [EMAIL PROTECTED] (squid/2.6.STABLE13)
[squid-users] commSetTcpNoDelay invalid argument
I was running Squid 2.4 for about 5 years. This morning I installed version 2.6 and am now getting this error in my cache.log: 2007/07/12 12:14:06| commSetTcpNoDelay: FD 114: (22) Invalid argument 2007/07/12 12:14:06| commSetTcpNoDelay: FD 141: (22) Invalid argument 2007/07/12 12:14:06| commSetTcpNoDelay: FD 120: (22) Invalid argument 2007/07/12 12:14:08| commSetTcpNoDelay: FD 114: (22) Invalid argument 2007/07/12 12:14:08| commSetTcpNoDelay: FD 114: (22) Invalid argument Is there a fix available? Thank you, John Yatsko, Jr. Technology Assistant Erie County Public Library 160 East Front St Erie PA 16507 (814) 451-7307
[squid-users] squid_ldap_group problems
Hy, I'm trying to test the squid_ldap_group acl and i have a problem : (When i test with squid_ldap_auth it's Ok) I have a group : cn=groupe-autorise, ou=groups, ou=cramif, dc=cramif.cnamts, dc=fr and in this group i have a user : uid=dbabouloul,ou=users,ou=cramif,dc=cramif.cnamts,dc=fr When i want to test the ACL, i have always the same message ERR [root]# /usr/lib/squid/squid_ldap_group -b "ou=cramif,dc=cramif.cnamts,dc=fr" -f "(&(cn=%a)(member=uid=%v,*)(objectclass=groupOfNames))" -h 55.171.210.72 -p 389 -D "cn=user,dc=cramif.cnamts,dc=fr" -w password dbabouloul groupe-autorise ERR Can you help me ? Thanks You LDIF File for the group : dn: cn=groupe-autorise, ou=groups, ou=cramif, dc=cramif.cnamts, dc=fr cn: groupe-autorise objectclass: top objectclass: groupOfNames description: Utilisateurs autorisés pour accès Internet member: uid=dbabouloul,ou=users,ou=cramif,dc=cramif.cnamts,dc=fr "Le contenu de ce courriel et ses éventuelles pièces jointes sont confidentiels. Ils s’adressent exclusivement à la personne destinataire. Si cet envoi ne vous est pas destiné, ou si vous l’avez reçu par erreur,et afin de ne pas violer le secret des correspondances, vous ne devez pas le transmettre à d’autres personnes ni le reproduire. Merci de le renvoyer à l’émetteur et de le détruire. Attention : L’Organisme de l'émetteur du message ne pourra être tenu responsable de l’altération du présent courriel. Il appartient au destinataire de vérifier que les messages et pièces jointes reçus ne contiennent pas de virus. Les opinions contenues dans ce courriel et ses éventuelles pièces jointes sont celles de l’émetteur. Elles ne reflètent pas la position de l’Organisme sauf s’il en est disposé autrement dans le présent courriel."
Re: [squid-users] Log file question??
James Byrne wrote: I am not very experienced with this and sorry for my stupid question, but i was wondering about log files, i have a white list proxy set up, and i need to know which log file i need to use to get the urls that the proxy blocked. Also the default path if that is not hard. Thanks so much in advance for your help. Check the access.log for any lines containing TCP_DENIED/403. More details on the access.log are available at http://wiki.squid-cache.org/SquidFaq/SquidLogs#head-9726ca355b50b0f794212297fc345fe217a4108b As for the default path... That depends entirely on how Squid was compiled. Run "squid -v" and look for --prefix, and --localstatedir. That should give you a starting point. They default to /usr/local/squid and /usr/local/squid/var respectively, which would put your logs in /usr/local/squid/var/log. But it's likely that your distribution has changed the defaults. Chris
Re: [squid-users] squid_ldap_group problems
Firs try to perform ldap search using some utilities for your ldap server (it doesn't seem to be Windows AD). Gilles ROUTIER wrote: Hy, I'm trying to test the squid_ldap_group acl and i have a problem : (When i test with squid_ldap_auth it's Ok) I have a group : cn=groupe-autorise, ou=groups, ou=cramif, dc=cramif.cnamts, dc=fr and in this group i have a user : uid=dbabouloul,ou=users,ou=cramif,dc=cramif.cnamts,dc=fr When i want to test the ACL, i have always the same message ERR [root]# /usr/lib/squid/squid_ldap_group -b "ou=cramif,dc=cramif.cnamts,dc=fr" -f "(&(cn=%a)(member=uid=%v,*)(objectclass=groupOfNames))" -h 55.171.210.72 -p 389 -D "cn=user,dc=cramif.cnamts,dc=fr" -w password dbabouloul groupe-autorise ERR Can you help me ? Thanks You LDIF File for the group : dn: cn=groupe-autorise, ou=groups, ou=cramif, dc=cramif.cnamts, dc=fr cn: groupe-autorise objectclass: top objectclass: groupOfNames description: Utilisateurs autorisés pour accès Internet member: uid=dbabouloul,ou=users,ou=cramif,dc=cramif.cnamts,dc=fr "Le contenu de ce courriel et ses éventuelles pièces jointes sont confidentiels. Ils s’adressent exclusivement à la personne destinataire. Si cet envoi ne vous est pas destiné, ou si vous l’avez reçu par erreur,et afin de ne pas violer le secret des correspondances, vous ne devez pas le transmettre à d’autres personnes ni le reproduire. Merci de le renvoyer à l’émetteur et de le détruire. Attention : L’Organisme de l'émetteur du message ne pourra être tenu responsable de l’altération du présent courriel. Il appartient au destinataire de vérifier que les messages et pièces jointes reçus ne contiennent pas de virus. Les opinions contenues dans ce courriel et ses éventuelles pièces jointes sont celles de l’émetteur. Elles ne reflètent pas la position de l’Organisme sauf s’il en est disposé autrement dans le présent courriel."
Re: [squid-users] squid in accelerator mode: invalidation of site contents
Kinkie wrote: On 7/2/07, martin sarsale <[EMAIL PROTECTED]> wrote: Dear all: We're developing the new version of our CMS and we would like to use squid in accelerator mode to speed up our service. From the application side, we know exactly when the data changed and we would like to invalidate all cached data for that site. Is this possible? maybe using squidclient or something. We can't do this purging url by url since it doesn't makes much sense (and we don't have the url list!). We want to wipe out every cached object for mysite.com. You can't do that on the squid side either, since squid doesn't index objects by URL but by hash. The only way is to PURGE the relevant object. You can reduce quite a lot the window of staleness by specifying in every response the HTTP header: Cache-Control: s-maxage=XXX, public, proxy-revalidate (reference taken from: http://www.mnot.net/cache_docs/) by choosing the right XXX value (the time in seconds before the object expires) you'll be able to find the right balance between higher load on the backend (smaller values of XXX) and higher chance of serving stale content (higher values of XXX) (sorry for the delay) I understand what you are proposing with that header but IMHO that's valid for a 'dumb' system who cannot determine when it was modified. Since my system has this feature (I know the exact date the content as altered) I would like to let Squid handling ALL the work except when is really needed. I understand about object hashes... does it hashes the full URL (ie, including domain?) because if domain was hashed separately I could purge the entire domain hash. Any other hints? unofficial patches? alternative products? squid forks? thanks
[squid-users] external authenticator
Hi I would like to know if theres some standard procedure to inject user info to squid from an external authenticator. kind regards -- Ing.Guillermo Gomez S.
Re: [squid-users] squid in accelerator mode: invalidation of site contents
You can purge the complete content of the cache, just have to Clear the swap.state file and restart squid. echo "" > /var/cache/squid/swap.state Hope this helps. Regards, Pablo On 7/12/07, martin sarsale <[EMAIL PROTECTED]> wrote: Kinkie wrote: > On 7/2/07, martin sarsale <[EMAIL PROTECTED]> wrote: >> Dear all: >> We're developing the new version of our CMS and we would like to use >> squid in accelerator mode to speed up our service. >> >> From the application side, we know exactly when the data changed and we >> would like to invalidate all cached data for that site. Is this >> possible? maybe using squidclient or something. >> >> We can't do this purging url by url since it doesn't makes much sense >> (and we don't have the url list!). We want to wipe out every cached >> object for mysite.com. > > You can't do that on the squid side either, since squid doesn't index > objects by URL but by hash. The only way is to PURGE the relevant > object. > > You can reduce quite a lot the window of staleness by specifying in > every response the HTTP header: > > Cache-Control: s-maxage=XXX, public, proxy-revalidate > > (reference taken from: http://www.mnot.net/cache_docs/) > by choosing the right XXX value (the time in seconds before the object > expires) you'll be able to find the right balance between higher load > on the backend (smaller values of XXX) and higher chance of serving > stale content (higher values of XXX) (sorry for the delay) I understand what you are proposing with that header but IMHO that's valid for a 'dumb' system who cannot determine when it was modified. Since my system has this feature (I know the exact date the content as altered) I would like to let Squid handling ALL the work except when is really needed. I understand about object hashes... does it hashes the full URL (ie, including domain?) because if domain was hashed separately I could purge the entire domain hash. Any other hints? unofficial patches? alternative products? squid forks? thanks
[squid-users] How to listen streaming audio * without bypass * squid ?
Hi guys, I hope one of you will be able to help! We are using squid-2.5.STABLE12-18.6 (non-transparent proxy) I use a very minimal configuration (see above) I allow everything from my local network to anywhere (im in testing phase) All the web access is working ... but when I try to listen some radios, like CNN Radio or CBN Radio (from Brazil) It doesn't work, I can see the the access is granted by the proxy, I can see the total length of the movie but it's not buffering, so the video never start! There is some examples: CCN RADIO - > www.cnn.com CBN RADIO -> www.cbn.com.br Some audio/video stuff seems work fine (like CNN PostCast, or some CNN Videos), but the radio don't work!! I think this could be a bug because I clearly see in the log that the access is OK ... but the video never start! If I remove the proxy (bypass squid) ... all working But I can't do a firewall direct access (for many reasons) for all existent radio/streaming sites... There is any tip or configuration to listen these radios *** without bypass squid *** ? I tested with others site which use the same application sequence, and it's working ... And it keep running for some minutes, and after I stopped! Somebody can try to access this site from their environment using Squid? Just to see if I'm the only one! ### My squid.conf ### http_port 3128 hierarchy_stoplist cgi-bin ? acl QUERY urlpath_regex cgi-bin \? no_cache deny QUERY emulate_httpd_log off cache_access_log /var/log/squid/access.log cache_log /var/log/squid/cache.log cache_store_log /var/log/squid/store.log error_directory /usr/share/squid/errors/Portuguese/ refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern . 0 20% 4320 acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl SSL_ports port 443 563 7773 acl Safe_ports port 80 81 8080 21 443 563 70 210 1025-65535 554 acl purge method PURGE acl CONNECT method CONNECT http_access allow manager localhost http_access deny manager http_access allow purge localhost http_access deny purge http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow all http_reply_access allow all icp_access allow all coredump_dir /var/spool/squid cache_effective_user squid cache_effective_group nogroup logfile_rotate 0 cache_mem 64 MB
Re: [squid-users] How to test squid using squid client
Thanks. But how can I tell squidclient is retrieved the content from the cache if I execute the same url the second time? Thank you. On 7/12/07, John Yatsko, Jr. <[EMAIL PROTECTED]> wrote: Did you set up the acl in your squid.conf? Squid is configured to block all connections by default. Look for these lines in your squid.conf: --- # Example rule allowing access from your local networks. Adapt # to list your (internal) IP networks from where browsing should # be allowed #acl our_networks src 192.168.1.0/24 192.168.2.0/24 #http_access allow our_networks # And finally deny all other access to this proxy http_access deny all --- EDIT THESE: #acl our_networks src 192.168.1.0/24 192.168.2.0/24 #http_access allow our_networks Thank you, John Yatsko, Jr. Technology Assistant Erie County Public Library 160 East Front St Erie PA 16507 (814) 451-7307 - Original Message - From: "ying lcs" <[EMAIL PROTECTED]> To: Sent: Thursday, July 12, 2007 12:00 PM Subject: [squid-users] How to test squid using squid client > Hi, > > I am reading "Test Squid" section here: > http://www.deckle.co.za/squid-users-guide/Starting_Squid > > I am able to get squid running, but when I do the step of " > ./squidclient http://www.squid-cache.org/"; to test the squid, I get > the following permission denied error. > > Can you please me how I can test a running squid the first time? > > > $ ./squidclient http://www.squid-cache.org/ > HTTP/1.0 403 Forbidden > Server: squid/2.6.STABLE13 > Date: Thu, 12 Jul 2007 15:54:53 GMT > Content-Type: text/html > Content-Length: 1073 > Expires: Thu, 12 Jul 2007 15:54:53 GMT > X-Squid-Error: ERR_ACCESS_DENIED 0 > X-Cache: MISS from [EMAIL PROTECTED] > Via: 1.0 [EMAIL PROTECTED]:3128 (squid/2.6.STABLE13) > Proxy-Connection: close > > "http://www.w3.org/TR/html4/loose.dtd";> > > ERROR: The requested URL could not be retrieved > type="text/css"> > > ERROR > The requested URL could not be retrieved > > > While trying to retrieve the URL: > http://www.squid-cache.org/";>http://www.squid-cache.org/ > > The following error was encountered: > > > > Access Denied. > > > Access control configuration prevents your request from > being allowed at this time. Please contact your service provider if > you feel this is incorrect. > > Your cache administrator is mailto:webmaster";>webmaster. > > > > > > Generated Thu, 12 Jul 2007 15:54:53 GMT by [EMAIL PROTECTED] > (squid/2.6.STABLE13) > >
Re: [squid-users] squid_ldap_group problems
You could try something like this: /usr/lib/squid/squid_ldap_group -R -b "ou=cramif,dc=cramif,dc=cnamts,dc=fr" -D "cn=username,cn=users,dc=cramif,dc=cnamts,dc=fr" -w "password" -f "(&(objectclass=person)(sAMAccountName=%v)(memberof=cn=%a,dc=cramif,dc=cnamts,dc=fr))" -h 55.171.210.72 Replace username and password with a valid administrator's credentials. Replace "users" with the OU where that admin account lives. Cheers, Dietrich Andrew Kozhevnicov wrote: Firs try to perform ldap search using some utilities for your ldap server (it doesn't seem to be Windows AD). Gilles ROUTIER wrote: Hy, I'm trying to test the squid_ldap_group acl and i have a problem : (When i test with squid_ldap_auth it's Ok) I have a group : cn=groupe-autorise, ou=groups, ou=cramif, dc=cramif.cnamts, dc=fr and in this group i have a user : uid=dbabouloul,ou=users,ou=cramif,dc=cramif.cnamts,dc=fr When i want to test the ACL, i have always the same message ERR [root]# /usr/lib/squid/squid_ldap_group -b "ou=cramif,dc=cramif.cnamts,dc=fr" -f "(&(cn=%a)(member=uid=%v,*)(objectclass=groupOfNames))" -h 55.171.210.72 -p 389 -D "cn=user,dc=cramif.cnamts,dc=fr" -w password dbabouloul groupe-autorise ERR Can you help me ? Thanks You LDIF File for the group : dn: cn=groupe-autorise, ou=groups, ou=cramif, dc=cramif.cnamts, dc=fr cn: groupe-autorise objectclass: top objectclass: groupOfNames description: Utilisateurs autorisés pour accès Internet member: uid=dbabouloul,ou=users,ou=cramif,dc=cramif.cnamts,dc=fr "Le contenu de ce courriel et ses éventuelles pièces jointes sont confidentiels. Ils s’adressent exclusivement à la personne destinataire. Si cet envoi ne vous est pas destiné, ou si vous l’avez reçu par erreur,et afin de ne pas violer le secret des correspondances, vous ne devez pas le transmettre à d’autres personnes ni le reproduire. Merci de le renvoyer à l’émetteur et de le détruire. Attention : L’Organisme de l'émetteur du message ne pourra être tenu responsable de l’altération du présent courriel. Il appartient au destinataire de vérifier que les messages et pièces jointes reçus ne contiennent pas de virus. Les opinions contenues dans ce courriel et ses éventuelles pièces jointes sont celles de l’émetteur. Elles ne reflètent pas la position de l’Organisme sauf s’il en est disposé autrement dans le présent courriel."
Re: [squid-users] commSetTcpNoDelay invalid argument
On Thu, Jul 12, 2007, John Yatsko, Jr. wrote: > I was running Squid 2.4 for about 5 years. This morning I installed version > 2.6 and am now getting this error in my cache.log: > > 2007/07/12 12:14:06| commSetTcpNoDelay: FD 114: (22) Invalid argument > 2007/07/12 12:14:06| commSetTcpNoDelay: FD 141: (22) Invalid argument > 2007/07/12 12:14:06| commSetTcpNoDelay: FD 120: (22) Invalid argument > 2007/07/12 12:14:08| commSetTcpNoDelay: FD 114: (22) Invalid argument > 2007/07/12 12:14:08| commSetTcpNoDelay: FD 114: (22) Invalid argument Under which platform? Adrian
Re: [squid-users] How to listen streaming audio * without bypass * squid ?
On Thu, Jul 12, 2007, Rejaine Monteiro wrote: > Hi guys, > > I hope one of you will be able to help! > > We are using squid-2.5.STABLE12-18.6 (non-transparent proxy) Update to squid-2.6stable13 (or stable14 if its out yet) and re-try. Adrian
[squid-users] SNMP & Squid 2.6STABLE12 problems
Hi list, I am trying to configure Squid 2.6STABLE12 to accept SNMP queries, but so far have been unsuccessful. Squid was configured with --enable-snmp. The appropriate lines from squid.conf are: snmp_port 3401 acl snmppublic snmp_community public snmp_access allow snmppublic all snmp_access deny all snmp_incoming_address 0.0.0.0 snmp_outgoing_address 0.0.0.0 When I try to use snmpwalk (from NET-SNMP v5.3.1) with 'snmpwalk -c public localhost:3401 .1.3.6.1.4.1.3495.1.1' I receive a 'snmpwalk: Timeout' message. When I examine cache.log I see many entries of 'Failed SNMP agent query from : 127.0.0.1.'. I have confirmed using netstat that squid is listening on 3401 with UDP. What I am doing wrong? Kind Regards, Ken.
RE: [squid-users] SNMP & Squid 2.6STABLE12 problems
To answer my own question...(why do you always find a solution only minutes after posting a Q :-) The reason for the errors was that the new snmpwalk program defaults to using the SNMP v3 protocol which it appears Squid does not understand. If I use a command of 'snmpwalk -v 1 -c public udp:localhost:3401 .1.3.6.1.4.1.3495.1.1' I get the results expected. Cheers, Ken. -Original Message- From: Ken Thomson Sent: Friday, 13 July 2007 2:15 PM To: squid-users@squid-cache.org Subject: [squid-users] SNMP & Squid 2.6STABLE12 problems Hi list, I am trying to configure Squid 2.6STABLE12 to accept SNMP queries, but so far have been unsuccessful. Squid was configured with --enable-snmp. The appropriate lines from squid.conf are: snmp_port 3401 acl snmppublic snmp_community public snmp_access allow snmppublic all snmp_access deny all snmp_incoming_address 0.0.0.0 snmp_outgoing_address 0.0.0.0 When I try to use snmpwalk (from NET-SNMP v5.3.1) with 'snmpwalk -c public localhost:3401 .1.3.6.1.4.1.3495.1.1' I receive a 'snmpwalk: Timeout' message. When I examine cache.log I see many entries of 'Failed SNMP agent query from : 127.0.0.1.'. I have confirmed using netstat that squid is listening on 3401 with UDP. What I am doing wrong? Kind Regards, Ken.
Re: [squid-users] NTLM auth and JAVA authentication
On Thu, Jul 12, 2007, Joerg Schuetter wrote: > On Thu, 12 Jul 2007 09:35:06 +0200 > "Paolo Biancolli" <[EMAIL PROTECTED]> wrote: > > > > > Hi all, > > > > I am unable to authenticate to my squid proxies from Java enabled web > > sites using the Java Platform standard edition 6 (v1.6.0, which is the > > latest version). I am using NTLM authentication and have tried with > > squid 2.5 stable14 and also 2.6 stable13. When I try access one of > > these pages, I am constantly asked for my login credentials (username, > > password and domain) and no matter how many times I enter the correct > > details, the java login box keeps reappearing. > > > > Any ideas on how to get this working? > > I had the same issue. Reverting the patch > http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE12-ntlm_nonpersistent.patch Would you mind creating a bugzilla report with the details of your issue and that this patch fixed it? I keep seeing this problem crop up on the mailing list and you are the first person to suggest a fix. I'd like it to be in bugzilla so someone (with spare time) can look into it in more depth. Adrian
Re: [squid-users] how can I query squid cache?
Will this idea work if i just send out a HTTP HEAD reqest?
instead of HTTP GET?
I basically want to avoid loading the whole file just to check if
squid cache has certain url in its cache.
Thank you.
On 7/12/07, Andreas Pettersson <[EMAIL PROTECTED]> wrote:
ying lcs wrote:
> Thanks for all the help.
> One more question (hopefully the last),
> is it possible for me to link in the squidclient in my c/c++ program?
>
> I would like to do this "squidclient -H "Cache-Control: only-if-cached\n"
> 'http://www.freebsd.org/' | head -1 | awk '{ if ($2=="200") print
> "cached!"; else print "not cached"; }'"
>
> programically in my program.
While it would be possible, you might want to use functions for speaking
proxy http directly instead. If you can't find any it is quite simple to
generate the whole query yourself; here's an example using netcat:
echo "GET http://www.freebsd.org/ HTTP/1.0\nCache-Control:
only-if-cached\n\n" | nc | head
--
Andreas
Re: [squid-users] how can I query squid cache?
ying lcs wrote: Will this idea work if i just send out a HTTP HEAD reqest? instead of HTTP GET? Yes, I think it would. -- Andreas
Re: [squid-users] NTLM auth and JAVA authentication
On Fri, 13 Jul 2007 14:12:08 +0800 Adrian Chadd <[EMAIL PROTECTED]> wrote: > On Thu, Jul 12, 2007, Joerg Schuetter wrote: > > On Thu, 12 Jul 2007 09:35:06 +0200 > > "Paolo Biancolli" <[EMAIL PROTECTED]> wrote: > > > > > > > > Hi all, > > > > > > I am unable to authenticate to my squid proxies from Java enabled > > > web sites using the Java Platform standard edition 6 (v1.6.0, > > > which is the latest version). I am using NTLM authentication and > > > have tried with squid 2.5 stable14 and also 2.6 stable13. When I > > > try access one of these pages, I am constantly asked for my login > > > credentials (username, password and domain) and no matter how > > > many times I enter the correct details, the java login box keeps > > > reappearing. > > > > > > Any ideas on how to get this working? > > > > I had the same issue. Reverting the patch > > http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE12-ntlm_nonpersistent.patch > > Would you mind creating a bugzilla report with the details of your > issue and that this patch fixed it? > > I keep seeing this problem crop up on the mailing list and you are the > first person to suggest a fix. I'd like it to be in bugzilla so > someone (with spare time) can look into it in more depth. I already did but forgot to mention in my reply, have a look at #2008.
