[squid-users] Won't cache html pages
I've just set up Squid, but somehow it will only cache images, CSS, and JS files. How do I get it to cache html pages? Also, many of my pages have no extensions on them, for instance: http://www.example.com/article/today_is_hot How would I cache these pages?
[squid-users] Caching strategy, will this work?
I'd like to have caching in my application. However, it serves up different content depending on if you are logged in or not. I'm thinking, is it possible to offer up a cache for all users not logged in? If say the application determines you are logged in, then it won't use the default cache. However otherwise it will. Then, if you log in, it switches you out of the default cache. Will this work? Good idea or convoluted?
Re: [squid-users] To block perticuler IP for interner access
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Nandika, On Thu, 6 Sep 2007 09:48:16 +0700 nandika rupasinghe [EMAIL PROTECTED] wrote: Dear all I want to block perticular IP for internet browsing on squide proxy. can u help me for necessary steps. You can try the following ACL: acl badip src 192.168.0.5 http_access deny badip You can find all the comprehensive ACL information on the wiki page of Squid. Please read the contents from the following link: http://wiki.squid-cache.org/SquidFaq/SquidAcl#head-c87419712cac704d01cecc7da11cd02f489b6986 Thanking you... warm regurds Nandika - -- With best regards and good wishes, Yours sincerely, Tek Bahadur Limbu System Administrator (TAG/TDG Group) Jwl Systems Department Worldlink Communications Pvt. Ltd. Jawalakhel, Nepal http://wlink.com.np/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (FreeBSD) iD8DBQFG37RtfpE0pz+xqQQRAlVqAJ9lfp2eJJttV7/RUkHEqOCPRpciEQCdEx/0 utTFLYApGlbGty3lgKdnrI8= =Kyi6 -END PGP SIGNATURE-
[squid-users] Re: Akamai-like CDN using squid and a DNS trick
Neil Harkins wrote: If not, perhaps I'll write a tool to tail the log for the hottest objects, look at the headers on disk, and issue PURGE requests. Yuck. I found that a forced reload (i.e., a request with Pragma: no-cache, usually triggered by Shift-Reload in the browser) by a user helps performance, because * stale resources in the cache are replaced by fresh ones, * uncompressed resources in the cache are replaced by compressed ones if the browser supports it. So you can refresh the cache as a user by issuing forced reload requests. Regards, Oliver Schoett
Re: [squid-users] assertion failed: client_side.c:4175
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Henrik, On Thu, 06 Sep 2007 01:42:12 +0200 Henrik Nordstrom [EMAIL PROTECTED] wrote: On tis, 2007-09-04 at 18:49 +0545, Tek Bahadur Limbu wrote: Adrian Chadd wrote: On Tue, Sep 04, 2007, Tek Bahadur Limbu wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi All, I recently upgraded from Squid-2.6.STABLE12 to Squid-2.6.STABLE15 on a FreeBSD-6.1 amd64 machine. I am using the Diskd storage system. The title says it all: http://squidproxy.wordpress.com/2007/09/03/dont-upgrade-to-squid-26stable15-skip-straight-to-squid-26stable16/ :) Hi Adrian, Thanks for the correction. I guess I should downgrade to squid-2.6.STABLE14. 2.6.STABLE16 is out. Also there has been a patch available for this problem the whole week.. http://www.squid-cache.org/Versions/v2/2.6/changesets/11635.patch Thanks for the patch. I will apply the patch later today. Thanking you... Regards Henrik - -- With best regards and good wishes, Yours sincerely, Tek Bahadur Limbu System Administrator (TAG/TDG Group) Jwl Systems Department Worldlink Communications Pvt. Ltd. Jawalakhel, Nepal http://wlink.com.np/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (FreeBSD) iD8DBQFG37XefpE0pz+xqQQRArz0AJ9h+2wWovG45CPF9gTB2KjJ0tZcAQCfTlBk 3/T3+WmsouERB/WXC+RT6NM= =G5Tb -END PGP SIGNATURE-
Re: [squid-users] assertion failed: client_side.c:4175
On tor, 2007-09-06 at 13:55 +0545, Tek Bahadur Limbu wrote: 2.6.STABLE16 is out. Also there has been a patch available for this problem the whole week.. http://www.squid-cache.org/Versions/v2/2.6/changesets/11635.patch Thanks for the patch. I will apply the patch later today. The patch is included in 2.6.STABLE16. Regards Henrik signature.asc Description: This is a digitally signed message part
Re: [squid-users] User Authentication Begins Failing
On tor, 2007-09-06 at 11:06 +0800, Adrian Chadd wrote: I've seen a race condition here. The NCSA helper only reopens the file when it sees the modification time change. Right.. it should add a little margin and not reopen the file if it's being modified just now.. REgards Henrik signature.asc Description: This is a digitally signed message part
[squid-users] latest squid 2.6 stableX or squid 3.0 binaries to download for windows xp
hi To be deployed on windows OS. where can i get the latest binaries version of squid ? 2.6 stable15 or there are later versions of 2.6 ? or 3.0 ? Be a better Globetrotter. Get better travel answers from someone who knows. Yahoo! Answers - Check it out. http://answers.yahoo.com/dir/?link=listsid=396545469
Re: [squid-users] Won't cache html pages
On tor, 2007-09-06 at 14:05 +0800, K J wrote: I've just set up Squid, but somehow it will only cache images, CSS, and JS files. How do I get it to cache html pages? To Squid there is no difference. What matters is what freshness information the server has assigned to the object. http://www.mnot.net/cacheability/ or direct link http://www.ircache.net/cgi-bin/cacheability.py further information http://www.mnot.net/cache_docs/ Regards Henrik signature.asc Description: This is a digitally signed message part
Re: [squid-users] Caching strategy, will this work?
On tor, 2007-09-06 at 14:06 +0800, K J wrote: I'd like to have caching in my application. However, it serves up different content depending on if you are logged in or not. Which places a great deal of strain on caching within HTTP... HTTP do not like to see different content on the same URL.. It is possible to solve this using Vary, but only if you are not using session cookies on anonymous users. And even then some browsers (mainly Firefox) will get a bit confused not knowing they have to refresh the page when the user logs in.. It is however in most cases possible to utilize a little bit of javascript and style sheets to solve this problem by making the same page display differently depending on the browser state, moving the display logics from the server to the browser. A technique used surprisingly little.. Regards Henrik signature.asc Description: This is a digitally signed message part
Re: [squid-users] latest squid 2.6 stableX or squid 3.0 binaries to download for windows xp
On tor, 2007-09-06 at 02:05 -0700, squid inbox wrote: hi To be deployed on windows OS. where can i get the latest binaries version of squid ? The latest binary release for Windows is 2.6.STABLE14, but I guess Guido will make a 2.6.STABLE16 binary soon. 2.6 stable15 or there are later versions of 2.6 ? You do not want 2.6.STABLE15.. a bit broken.. or 3.0 ? Not yet. Still under development. Regards Henrik signature.asc Description: This is a digitally signed message part
Re: [squid-users] Re: Akamai-like CDN using squid and a DNS trick
On ons, 2007-09-05 at 12:37 -0700, Neil Harkins wrote: On 9/5/07, Oliver Schoett [EMAIL PROTECTED] wrote: Did you notice any ill effects of Bug 7 (http://www.squid-cache.org/bugs/show_bug.cgi?id=7)? This bug makes Squid deliver resources with expiration times in the past, thus causing the clients to revalidate the resources every time they are used. Ugh, first I've heard of this bug. So, in an httpd-accel setup, we're wasting more bandwidth than if we didn't use squid at all!? Can anything be done in the config to mitigate? There is an act-as-origin http_port option in Squid-2.HEAD which solves most of this... Is the STALE state always refreshed by a IMS request? Is there a way to force a purge/re-get instead of an IMS? i.e. It'd be nice if lm-factor percent generated an IMS, but age max resulted in a purge and re-GET... The problem that Squid do not refresh the stored headers when making an IMS, only updating it's internal freshness of the object. Regards Henrik signature.asc Description: This is a digitally signed message part
Re: [squid-users] [solved] Delay Pools, external acl, single sign-on
Thanks very much that solved the problem Henrik Nordstrom wrote: On tis, 2007-09-04 at 15:31 +0200, Martin Perner wrote: The problem is that the script for the single sign-on didn't seem to set the %LOGIN variable. Correct, as authentication has not been used. %EXT_USER is the external_acl_type format tag to use for referencing the usename returned by an external acl helper. Regards Henrik
Re: [squid-users] User Authentication Begins Failing
On Thu, Sep 06, 2007, Henrik Nordstrom wrote: On tor, 2007-09-06 at 11:06 +0800, Adrian Chadd wrote: I've seen a race condition here. The NCSA helper only reopens the file when it sees the modification time change. Right.. it should add a little margin and not reopen the file if it's being modified just now.. You could stat() the file to see if the file size has changed. :P (Or you could just do it right. Maybe some better documentation should appear, coupled with that stat() change an a subsequent warning to stderr. eg ERROR: File size changed; are you not atomically updating your password file! see url X Adrian
Re: [squid-users] assertion failed: client_side.c:4175
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Henrik, On Thu, 06 Sep 2007 10:21:34 +0200 Henrik Nordstrom [EMAIL PROTECTED] wrote: On tor, 2007-09-06 at 13:55 +0545, Tek Bahadur Limbu wrote: 2.6.STABLE16 is out. Also there has been a patch available for this problem the whole week.. http://www.squid-cache.org/Versions/v2/2.6/changesets/11635.patch Thanks for the patch. I will apply the patch later today. The patch is included in 2.6.STABLE16. Sorry for the confusion:) I have already downloaded 2.6.STABLE16 and I am installing it right now!! Thanking you.. Regards Henrik - -- With best regards and good wishes, Yours sincerely, Tek Bahadur Limbu System Administrator (TAG/TDG Group) Jwl Systems Department Worldlink Communications Pvt. Ltd. Jawalakhel, Nepal http://wlink.com.np/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (FreeBSD) iD8DBQFG39rDfpE0pz+xqQQRAsloAKDDyOSRC0YneJr5ZBJM4mbcBnUlrwCgkwiJ AhHyPwtfSkr9PiCLVC3oa+o= =VKea -END PGP SIGNATURE-
Re: [squid-users] latest squid 2.6 stableX or squid 3.0 binaries to download for windows xp
Hi, At 11.27 06/09/2007, Henrik Nordstrom wrote: On tor, 2007-09-06 at 02:05 -0700, squid inbox wrote: hi To be deployed on windows OS. where can i get the latest binaries version of squid ? The latest binary release for Windows is 2.6.STABLE14, but I guess Guido will make a 2.6.STABLE16 binary soon. 2.6 stable15 or there are later versions of 2.6 ? You do not want 2.6.STABLE15.. a bit broken.. Correct, I have missed the release of STABLE15 binaries for this reason. Today I have build STABLE16 binaries, they are in the testing phase, I'm expecting to publish the new build in 1-2 days. Regards Guido - Guido Serassio Acme Consulting S.r.l. - Microsoft Certified Partner Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY Tel. : +39.011.9530135 Fax. : +39.011.9781115 Email: [EMAIL PROTECTED] WWW: http://www.acmeconsulting.it/
Re: [squid-users] squid -k rotate does nothing
Thanks for the help. The problem has been resolved. It was an ownership problem in a place that I didn't think to look. The owner of the log directory somehow got changed to a UID that doesn't match a user. After fixing that, rotate works properly. Wet Mogwai wrote: My squid machine stopped rotating logs recently. The last time rotate worked was the day before I copied the access.log to my laptop for the first time. The only changes made to the configuration that day were the good.hosts , bad.hosts, good.ip, and bad.ip files. After making the new files for the ACLs, I ran squid -k reload. I tried setting the logfile_rotate option in squid.conf in case it was ignoring the default. I have checked ownership and permissions. Everything seems right. It is still writing to the log, so it is getting to be quite large. I could write my own rotate script, but I'd rather get the existing function working. This has been working properly for at least a year and a half. What could have caused squid to quit rotating? I am running Squid Cache: Version 2.5.STABLE14 on FreeBSD 6.1-RELEASE-p8 (SQUID_KERNEL). Logrotate is in the ports tree, but it is not installed. -- View this message in context: http://www.nabble.com/squid--k-rotate-does-nothing-tf4378437.html#a12524517 Sent from the Squid - Users mailing list archive at Nabble.com.
[squid-users] Reverse Proxy Basic Authentication
We use both Squid 2.5 and 2.6 as reverse proxies for our production web site. 2.5 seem to pass basic authentication without an issue. We can not get this to work in 2.6. Looking at the release notes it is not clear to me what if anything would need to be changed in the config file to allow this to work with 2.6. Here is my config file: http_port 80 defaultsite=10.10.1.145 https_port 443 cert=/etc/squid/8-22-08.pem key=/etc/squid/8-22-08key.pem options=NO_SSLv2 cipher=DEFAULT:!EXPORT:!LOW defaultsite=10.10.1.145 acl QUERY urlpath_regex cgi-bin \? no_cache deny QUERY acl JS url_regex .js$ no_cache deny JS acl CSS url_regex .css$ no_cache deny CSS acl ASMX url_regex .asmx no_cache deny ASMX auth_param basic children 5 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hours #Suggested default: refresh_pattern ^ftp: 144020% 10080 refresh_pattern ^gopher:14400% 1440 refresh_pattern . 0 20% 4320 refresh_pattern -i \.jpg$ 0 100% 10080 refresh_pattern -i \.gif$ 0 100% 10080 refresh_pattern -i \.png$ 0 100% 10080 refresh_pattern -i \.bmp$ 0 100% 10080 #Recommended minimum configuration: acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl CONNECT method CONNECT acl port80 myport 80 acl port443 port 443 acl port563 port 563 acl TheOriginServer dst 10.10.1.145 #Recommended minimum configuration: # Only allow cachemgr access from localhost http_access allow manager localhost http_access deny manager http_access allow port563 http_access allow port443 http_access allow port80 http_access allow TheOriginServer http_access deny all http_reply_access allow all icp_access allow all cache_peer 10.10.1.145 parent 80 0 no-query originserver deny_info https://www.example.com/ port80 coredump_dir /var/spool/squid visible_hostname https://www.example.com/ logfile_rotate 9 negative_ttl 0 minutes
[squid-users] Redirect first page
Hi, My squid has config as a Transpersant Proxy Server. I want to redirect the first page to a disclaimer web page when the user first time connect to browse the web site. Anybody know how to do it? Thank you very much.
[squid-users] high performance filesystem on squid
Hello, I'm looking for the highest performance possible out of freebsd and squid. I've got a box with scsi disks that i want to work the best. I've heard of xfs and reiserfs, but believe those are linux only? Right now in my current setup i'm running it on ufs2 with softupdates, i'd like to know if this is the best or if there's a better way to do things? This will be on a freebsd 6.2 box. Thanks. Dave.
[squid-users] W3C Extented Log Format
Hello all, I'm trying to use the logformat setting in Squid 2.6 to log in the W3C Extended log format. More specifically, we are trying to emulate W3C Extended under IIS. ( http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/676400bc-8969-4aa7-851a-9319490a9bbb.mspx?mfr=true) Everything is working great, especially the patch I found here, which added the ability to get the cs-uri-stem field: http://www.squid-cache.org/Versions/v2/HEAD/changesets/11444.patch That patch was a major part in getting this to work, but the only part that is missing is the cs-uri-query field. There doesn't seem to be any way to get just this information. I looked at the source in access_log.c, and it seems that there was a plan to add this functionality, but it was abandoned because of strip_query_terms: Line 277 access_log.c /*LFT_REQUEST_QUERY, * // * this is not needed. see strip_query_terms */ Going off of the patch above, it appears simple enough to add this functionality, however I'm not familiar enough with the Squid code base to know where to look. In the above patch, it was just a matter of implementing LFT_REQUEST_URLPATH with out = strBuf(al-request-urlpath);. Does something like al-request-query exist? Or would this be a little harder to implement? Also, here is what I have so far to get W3C logging in Squid in case anybody else needs this log format: date %{%Y-%m-%d}tg time %{%X}tg c-ip %a cs-username %ul s-ip %la s-port %lp cs-method %rm cs-uri-stem %rp cs-uri-query - sc-status %Hs sc-bytes %st cs-bytes %st time-taken %tr cs-version HTTP/%rv cs-host %{Host}h cs(User-Agent) %{User-Agent}h cs(Cookie) %{Cookie}h cs(Referrer) %{Referer}h One last thing, I had to use sed on the log files to convert %20's in the User-Agent and Cookie header fields into +'s for it to really look like IIS logs: sed 's/%20/+/g' Any help or direction is appreciated. Thanks.
Re: [squid-users] Redirect first page
On fre, 2007-09-07 at 00:04 +0800, Alvin wrote: Hi, My squid has config as a Transpersant Proxy Server. I want to redirect the first page to a disclaimer web page when the user first time connect to browse the web site. Anybody know how to do it? Thank you very much. See the session external acl helper. There is an example of such use in the man page. Regards Henrik signature.asc Description: This is a digitally signed message part
Re: [squid-users] high performance filesystem on squid
On tor, 2007-09-06 at 12:55 -0400, Dave wrote: Hello, I'm looking for the highest performance possible out of freebsd and squid. I've got a box with scsi disks that i want to work the best. I've heard of xfs and reiserfs, but believe those are linux only? Right now in my current setup i'm running it on ufs2 with softupdates, i'd like to know if this is the best or if there's a better way to do things? This will be on a freebsd 6.2 box. My recommendations: softupdates, and noatime. cache_dir aufs, using the kernel threads package. Regards Henrik signature.asc Description: This is a digitally signed message part
Re: [squid-users] Caching strategy, will this work?
Which places a great deal of strain on caching within HTTP... HTTP do not like to see different content on the same URL.. It is possible to solve this using Vary, but only if you are not using session cookies on anonymous users. And even then some browsers (mainly Firefox) will get a bit confused not knowing they have to refresh the page when the user logs in.. Could you tell me more about Vary? What is it and how do I use it? It is however in most cases possible to utilize a little bit of javascript and style sheets to solve this problem by making the same page display differently depending on the browser state, moving the display logics from the server to the browser. A technique used surprisingly little.. So do you think my strategy is feasible? How would you use javascript to do this? Could you perhaps give a simple example?
Re: [squid-users] high performance filesystem on squid
Hi, Thanks for your reply. That helps a lot, i didn't get very far with xfs and reiserfs on freebsd, they appear to be read only. Currently on one box squid has it's cache under the /usr filesystem, if i add the noatime option to fstab and remount it will i brake anything? And you reference the kernel threads package, what is that, do i need to recompile my kernel or add a package for it? Thanks. Dave. - Original Message - From: Henrik Nordstrom [EMAIL PROTECTED] To: Dave [EMAIL PROTECTED] Cc: squid-users@squid-cache.org Sent: Thursday, September 06, 2007 2:25 PM Subject: Re: [squid-users] high performance filesystem on squid
[squid-users] Squid authenticating against ADS without prompting the user
The hard drive on the Squid proxy just died, and I'm trying to get the replacement to work. The proxy was running on Fedora Core 3 using Squid 2 and Samba 3.x. The replacement is running Fedora Core 6 and Squid 2.6 STABLE7 and Samba 3.0.23. I have managed to join the replacement to and have it authenticate against our Active Directory Domain here. However unlike it's predecessor it prompts the user for name and password the first time. Unfortunately I didn't setup the original and the admin that did the setup is no longer here. Can anyone give me some pointers to what I might have missed configuring?
Re: [squid-users] User Authentication Begins Failing
On Thu, Sep 06, 2007, Henrik Nordstrom wrote: With a 2 seconds or so margin on the stat time you should not need to care. Also solves the double password change within the same second problem... but yes checking the size as well do not hurt. Patch adding a 2 seconds margin to the stat time is attached. Yup, sounds good. But! if (stat(argv[1], sb) == 0) { if (sb.st_mtime != change_time) { - read_passwd_file(argv[1]); - change_time = sb.st_mtime; + int diff = time(NULL) - sb.st_mtime; + if (diff 2 || diff 0) { + read_passwd_file(argv[1]); + change_time = sb.st_mtime; + } Could you explain to me the intent of this? The 2 second time check only kicks in if the file's already been read because the mtime has changed. Thats just possibly reading the file twice in quick succession if its been 2 seconds since it last changed? I can't see how that fixes the race condition. I still think checking the filesize and having a whinge is the better option. I'd also suggest checking the inode number but that definitely doesn't pick up people truncate+writing contents and may not work in all situations/FSes.. Adrian
[squid-users] TPROXY on new kernel. 2.6.22
hello all, I have problem install squid in new kernel using tproxy patch, as we know new kernel and iptables using xtable for ip filtering that i only found xt_TPROXY.h and not found ip_tproxy.h. ip_tproxy.h cannot be found on new patch kernel 2.6.22 checking for linux/netfilter_ipv4/ip_tproxy.h... no I need advice about this problem. Best Regards, ogeb Take the Internet to Go: Yahoo!Go puts the Internet in your pocket: mail, news, photos more. http://mobile.yahoo.com/go?refer=1GNXIC
Re: [squid-users] Squid authenticating against ADS without prompting the user
Hi Darren, Can you provide a copy of the squid.conf as well as the smb.conf and the commands you ran to join the server to the domain? Thanks Ian On 9/7/07, Darren Maskowitz [EMAIL PROTECTED] wrote: The hard drive on the Squid proxy just died, and I'm trying to get the replacement to work. The proxy was running on Fedora Core 3 using Squid 2 and Samba 3.x. The replacement is running Fedora Core 6 and Squid 2.6 STABLE7 and Samba 3.0.23. I have managed to join the replacement to and have it authenticate against our Active Directory Domain here. However unlike it's predecessor it prompts the user for name and password the first time. Unfortunately I didn't setup the original and the admin that did the setup is no longer here. Can anyone give me some pointers to what I might have missed configuring?