[squid-users] SquidNT NTLM Auth and Workgroup Computer
Hi, When using mswin_ntlm_auth.exe does the SquidNT workstation have to be a member of the domain or can it still work as a Workgroup computer? The workstations connecting to the SquidNT box are members of the domain, but I cant have squidNT box itself on the domain (I have my reasons!).
Re: [squid-users] SquidNT NTLM Auth and Workgroup Computer
On tis, 2007-11-20 at 19:02 +1030, web wrote: > Hi, > > When using mswin_ntlm_auth.exe does the SquidNT workstation have to be a > member of the domain or can it still work as a Workgroup computer? The > workstations connecting to the SquidNT box are members of the domain, > but I cant have squidNT box itself on the domain (I have my reasons!). The server need to be member of the domain, either directly or via a indirect trust connection between domains. Regards Henrik signature.asc Description: This is a digitally signed message part
[squid-users] Problem with AUTH
I activated ACL debugging using: debug_options ALL,1 33,2 Squid 2.6.16-1 logs: 2007/11/20 13:32:52| The request CONNECT lms.fu-berlin.de:443 is DENIED, because it matched 'digestauthentifizierung' 2007/11/20 13:32:52| The reply for CONNECT lms.fu-berlin.de:443 is ALLOWED, because it matched 'digestauthentifizierung' 2007/11/20 13:32:52| The request CONNECT lms.fu-berlin.de:443 is ALLOWED, because it matched 'digestauthentifizierung' 2007/11/20 13:33:07| The request CONNECT lms.fu-berlin.de:443 is DENIED, because it matched 'digestauthentifizierung' 2007/11/20 13:33:07| The reply for CONNECT lms.fu-berlin.de:443 is ALLOWED, because it matched 'digestauthentifizierung' 2007/11/20 13:33:07| The request CONNECT lms.fu-berlin.de:443 is ALLOWED, because it matched 'digestauthentifizierung' 2007/11/20 13:33:22| The request CONNECT lms.fu-berlin.de:443 is DENIED, because it matched 'digestauthentifizierung' 2007/11/20 13:33:22| The reply for CONNECT lms.fu-berlin.de:443 is ALLOWED, because it matched 'digestauthentifizierung' 2007/11/20 13:33:22| The request CONNECT lms.fu-berlin.de:443 is ALLOWED, because it matched 'digestauthentifizierung' 2007/11/20 13:33:40| The request CONNECT lms.fu-berlin.de:443 is DENIED, because it matched 'digestauthentifizierung' 2007/11/20 13:33:40| The reply for CONNECT lms.fu-berlin.de:443 is ALLOWED, because it matched 'digestauthentifizierung' 2007/11/20 13:33:41| The request CONNECT lms.fu-berlin.de:443 is ALLOWED, because it matched 'digestauthentifizierung' 2007/11/20 13:33:52| The request CONNECT lms.fu-berlin.de:443 is DENIED, because it matched 'digestauthentifizierung' 2007/11/20 13:33:52| The reply for CONNECT lms.fu-berlin.de:443 is ALLOWED, because it matched 'digestauthentifizierung' 2007/11/20 13:33:52| The request CONNECT lms.fu-berlin.de:443 is ALLOWED, because it matched 'digestauthentifizierung' According to my config, there are these lines referring to "digestauthentifizierung" # grep -2 digestauthentifizierung squid.conf.WLAN # Rest erlauben -- aber nur authorisiert! # acl digestauthentifizierung proxy_auth REQUIRED http_access allow digestauthentifizierung http_access allow CONNECT digestauthentifizierung # Why would the request be DENIED and ALLOWED at the same time? -- _ Charite - Universitätsmedizin Berlin _ Ralf Hildebrandt i.A. Geschäftsbereich Informationsmanagement Campus Benjamin Franklin Hindenburgdamm 30 | Berlin Tel. +49 30 450 570155 | Fax +49 30 450 570962 [EMAIL PROTECTED] http://www.charite.de - End forwarded message - -- Ralf Hildebrandt (i.A. des IT-Zentrums) [EMAIL PROTECTED] Charite - Universitätsmedizin BerlinTel. +49 (0)30-450 570-155 Gemeinsame Einrichtung von FU- und HU-BerlinFax. +49 (0)30-450 570-962 IT-Zentrum Standort CBFsend no mail to [EMAIL PROTECTED]
[squid-users] load balancing traffic through squid on systems with 2 Internet connections
Hi, I have a System with two Internet connections. Is it possible to configure squid to load balance out going internet traffic through those two Internet Connections? Thank you so much Kind Regards Siju
Re: [squid-users] Invalid Response
Quoting Henrik Nordstrom <[EMAIL PROTECTED]>:
> On fre, 2007-11-09 at 16:25 +0100, [EMAIL PROTECTED] wrote:
>
> > I encounter An "invalid Response" on a particular site.
>
> What is said in cache.log?
Cache.log doesn't say much on normal debug settings.
With debug on , it says
2007/11/05 15:02:53| parseHttpRequest: end = {}
2007/11/05 15:02:53| parseHttpRequest: prefix_sz = 585, req_line_sz = 121
2007/11/05 15:02:53| clientSetKeepaliveFlag: http_ver = 1.1
2007/11/05 15:02:53| clientSetKeepaliveFlag: method = GET
2007/11/05 15:02:53| The request GET
http://somesite.com/nms/jsp/webForm.jsp?fo=bl&id=S7Nn6isL2ABgb1B35boKb4Z2SiMGMFGb/VEkJUIAIA
is ALLOWED, because it matched 'group_internet'
2007/11/05 15:02:53| clientProcessRequest2: storeGet() MISS
2007/11/05 15:02:53| httpStart: "GET
http://somesite.com/nms/jsp/webForm.jsp?fo=bl&id=S7Nn6isL2ABgb1B35boKb4Z2SiMGMFGb/VEkJUIAIA";
2007/11/05 15:02:53| ctx: enter level 16:
'http://somesite.com/nms/jsp/webForm.jsp?fo=bl&id=S7Nn6isL2ABgb1B35boKb4Z2SiMGMFGb/VEkJUIAIA'
2007/11/05 15:02:53| httpProcessReplyHeader: key
'5C5369ABE7B82C5EC7956CD08C4AFCFC'
2007/11/05 15:02:53| httpProcessReplyHeader: HTTP CODE: 200
2007/11/05 15:02:53| clientBuildReplyHeader: Error, don't keep-alive
2007/11/05 15:02:53| clientSendMoreHeaderData: Appending 1697 bytes after 202
bytes of headers
2007/11/05 15:02:53| The reply for GET
http://somesite.com/nms/jsp/webForm.jsp?fo=bl&id=S7Nn6isL2GABgb1B35boKb4Z2SiMGMFGb/VEkJUIAIA
is ALLOWED, because it matched 'all'
2007/11/05 15:02:53| connStateFree: FD 31
2007/11/05 15:02:53| httpRequestFree:
http://somesite.com/nms/jsp/webForm.jsp?fo=bl&id=S7Nn6isL2ABgb1B35boKb4Z2SiMGMFGb/VEkJUIAIA
2007/11/05 15:02:53| parseHttpRequest: req_hdr = {Host: somesite.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.9)
Gecko/20071025 Firefox/2.0.0.9
Accept: image/png,*/*;q=0.5
Accept-Language: en,en-us;q=0.7,fr-fr;q=0.3
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Proxy-Connection: keep-alive
Proxy-Authorization: Basic x
Access.log with log_mime_headers on says :
[HTTP/1.0 502 Bad Gateway\r\nServer: squid\r\nDate: Mon, 05 Nov 2007 15:54:00
GMT\r\nContent-Type: text/html\r\nContent-Length: 1740\r\nExpires: Mon, 05 Nov
2007 15:54:00 GMT\r\nX-Squid-Error: ERR_INVALID_RESP 0\r\n\r]
>
> > Two tcpdumps, one from the squid server, another one from another internet
> > access point, show strange characters just between the headers and the html
> > stanza. See the "5ea" , then the "1" , and the "0".
>
> The interesting dump is the one between Squid and the requested server.
> Not interesting in seeing a dump of a direct request not using Squid.
>
> As already said those numbers is chunked encoding. Nothing to worry
> about, only seen because you bypassed Squid in this request.
>
> Any yes, Squid-2.6 do handle being thrown chunked encoding even if specs
> do not allow servers to respond with chunked encoding. But some release
> was a little buggy and still barfed.. don't remember exact but it was
> quite a while ago (a year or so..).
We're using 2.6ST 16. Could the workaround be buggy in this version ?
>
> And yes, Squid do downgrade HTTP/1.1 requests to HTTP/1.0 as it's not
> yet HTTP/1.1 compliant.
>
> Regards
> Henrik
>
Thanks,
Andrew
AW: [squid-users] Problem with AUTH
this is your cache-log right? in access log you should also have denies/allowed lines, right? first DENIED should be the authrequest (HTTP 407) from squid telling the browser to do a (digest) auth. then the browser answers this with the auth credentials. and squid sends the page again. don't know how digest works, but with ntlm auth you have two denied lines... markus >-Ursprüngliche Nachricht- >Von: Ralf Hildebrandt [mailto:[EMAIL PROTECTED] >Gesendet: Dienstag, 20. November 2007 13:42 >An: squid-users@squid-cache.org >Betreff: [squid-users] Problem with AUTH > >I activated ACL debugging using: >debug_options ALL,1 33,2 > >Squid 2.6.16-1 logs: > >2007/11/20 13:32:52| The request CONNECT lms.fu-berlin.de:443 >is DENIED, because it matched 'digestauthentifizierung' >2007/11/20 13:32:52| The reply for CONNECT >lms.fu-berlin.de:443 is ALLOWED, because it matched >'digestauthentifizierung' >2007/11/20 13:32:52| The request CONNECT lms.fu-berlin.de:443 >is ALLOWED, because it matched 'digestauthentifizierung' > >2007/11/20 13:33:07| The request CONNECT lms.fu-berlin.de:443 >is DENIED, because it matched 'digestauthentifizierung' >2007/11/20 13:33:07| The reply for CONNECT >lms.fu-berlin.de:443 is ALLOWED, because it matched >'digestauthentifizierung' >2007/11/20 13:33:07| The request CONNECT lms.fu-berlin.de:443 >is ALLOWED, because it matched 'digestauthentifizierung' > >2007/11/20 13:33:22| The request CONNECT lms.fu-berlin.de:443 >is DENIED, because it matched 'digestauthentifizierung' >2007/11/20 13:33:22| The reply for CONNECT >lms.fu-berlin.de:443 is ALLOWED, because it matched >'digestauthentifizierung' >2007/11/20 13:33:22| The request CONNECT lms.fu-berlin.de:443 >is ALLOWED, because it matched 'digestauthentifizierung' > >2007/11/20 13:33:40| The request CONNECT lms.fu-berlin.de:443 >is DENIED, because it matched 'digestauthentifizierung' >2007/11/20 13:33:40| The reply for CONNECT >lms.fu-berlin.de:443 is ALLOWED, because it matched >'digestauthentifizierung' >2007/11/20 13:33:41| The request CONNECT lms.fu-berlin.de:443 >is ALLOWED, because it matched 'digestauthentifizierung' > >2007/11/20 13:33:52| The request CONNECT lms.fu-berlin.de:443 >is DENIED, because it matched 'digestauthentifizierung' >2007/11/20 13:33:52| The reply for CONNECT >lms.fu-berlin.de:443 is ALLOWED, because it matched >'digestauthentifizierung' >2007/11/20 13:33:52| The request CONNECT lms.fu-berlin.de:443 >is ALLOWED, because it matched 'digestauthentifizierung' > >According to my config, there are these lines referring to >"digestauthentifizierung" > ># grep -2 digestauthentifizierung squid.conf.WLAN ># Rest erlauben -- aber nur authorisiert! ># >acl digestauthentifizierung proxy_auth REQUIRED >http_access allow digestauthentifizierung >http_access allow CONNECT digestauthentifizierung > ># > >Why would the request be DENIED and ALLOWED at the same time? > >-- >_ > > Charite - Universitätsmedizin Berlin >_ > > Ralf Hildebrandt > i.A. Geschäftsbereich Informationsmanagement > Campus Benjamin Franklin > Hindenburgdamm 30 | Berlin > Tel. +49 30 450 570155 | Fax +49 30 450 570962 > [EMAIL PROTECTED] > http://www.charite.de > >- End forwarded message - > >-- >Ralf Hildebrandt (i.A. des IT-Zentrums) >[EMAIL PROTECTED] >Charite - Universitätsmedizin BerlinTel. +49 >(0)30-450 570-155 >Gemeinsame Einrichtung von FU- und HU-BerlinFax. +49 >(0)30-450 570-962 >IT-Zentrum Standort CBFsend no mail to >[EMAIL PROTECTED] >
Re: [squid-users] Problem with AUTH
Quoting Ralf Hildebrandt <[EMAIL PROTECTED]>: According to my config, there are these lines referring to > "digestauthentifizierung" > > # grep -2 digestauthentifizierung squid.conf.WLAN > # Rest erlauben -- aber nur authorisiert! > # > acl digestauthentifizierung proxy_auth REQUIRED > http_access allow digestauthentifizierung > http_access allow CONNECT digestauthentifizierung > > # > > Why would the request be DENIED and ALLOWED at the same time? > Have you tried removing the line : http_access allow CONNECT digestauthentifizierung. You shouldn't need it, imho. Andrew
Re: [squid-users] Problem with AUTH
* [EMAIL PROTECTED] <[EMAIL PROTECTED]>: > Quoting Ralf Hildebrandt <[EMAIL PROTECTED]>: > > According to my config, there are these lines referring to > > "digestauthentifizierung" > > > > # grep -2 digestauthentifizierung squid.conf.WLAN > > # Rest erlauben -- aber nur authorisiert! > > # > > acl digestauthentifizierung proxy_auth REQUIRED > > http_access allow digestauthentifizierung > > http_access allow CONNECT digestauthentifizierung > > > > # > > > > Why would the request be DENIED and ALLOWED at the same time? > > > > Have you tried removing the line : > http_access allow CONNECT digestauthentifizierung. > > You shouldn't need it, imho. Because "http_access allow digestauthentifizierung" already allows everything? -- Ralf Hildebrandt (i.A. des IT-Zentrums) [EMAIL PROTECTED] Charite - Universitätsmedizin BerlinTel. +49 (0)30-450 570-155 Gemeinsame Einrichtung von FU- und HU-BerlinFax. +49 (0)30-450 570-962 IT-Zentrum Standort CBFsend no mail to [EMAIL PROTECTED]
Re: [squid-users] Problem with AUTH
On tis, 2007-11-20 at 13:41 +0100, Ralf Hildebrandt wrote: > Why would the request be DENIED and ALLOWED at the same time? It's not. only denied. But the access denied response is allowed. admittedly with a slightly odd debug message... regards henrik
Re: [squid-users] Problem with AUTH
* Henrik Nordstrom <[EMAIL PROTECTED]>: > On tis, 2007-11-20 at 13:41 +0100, Ralf Hildebrandt wrote: > > > Why would the request be DENIED and ALLOWED at the same time? > > It's not. only denied. OK > But the access denied response is allowed. admittedly with a slightly > odd debug message... Meaning: The request is denied, but at least one gets a proper "Access denied"-page back? -- Ralf Hildebrandt (i.A. des IT-Zentrums) [EMAIL PROTECTED] Charite - Universitätsmedizin BerlinTel. +49 (0)30-450 570-155 Gemeinsame Einrichtung von FU- und HU-BerlinFax. +49 (0)30-450 570-962 IT-Zentrum Standort CBFsend no mail to [EMAIL PROTECTED]
Re: [squid-users] ntlm_auth not showing users connect into access.log file
David PAZOS wrote: Hello, I've configured squid and it seems to be working as it logs which ip goes to which website but... I can't see the AD users. I've tested ./ntlm_auth with several usernames and it worked... If you have any idea of what the problem could be, it will be really appreciate! ;) I'm running Squid 3.0 RC1 on Gentoo 2007.0 with samba 3.0.26a and krb5-1.5.3-r1 Here is my squid.conf file : ### http_port 8080 cache_mgr [EMAIL PROTECTED] cache_effective_user squid cache_effective_group squid ftp_user [EMAIL PROTECTED] visible_hostname myservername.mydomain.local logfile_rotate 1 cache_mem 256 MB cache_access_log /var/log/squid/access.log cache_dir ufs /var/cache/squid/ncache 1024 16 256 log_ip_on_direct off debug_options ALL,1 hosts_file /etc/hosts auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp auth_param ntlm children 30 #auth_param ntlm max_challenge_reuses 0 #auth_param ntlm max_challenge_lifetime 2 minutes auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic auth_param basic children 5 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hours acl all src 0.0.0.0/0.0.0.0 acl local_network src 192.168.1.0/24 127.0.0.1/32 http_access allow local_network Anyone surfing from 192.168.1.0/24 is allowed at this point. No authentication requested or required. acl SSL_ports port 443 563 acl Safe_ports port 21 70 80 210 280 443 488 563 591 777 1025-65535 acl CONNECT method CONNECT http_access deny !Safe_ports http_access deny CONNECT !SSL_ports acl AuthorizedUsers proxy_auth REQUIRED http_access deny !AuthorizedUsers http_access allow all Here is a view of the access.log file of squid ### 1195130391.112104 192.168.1.34 TCP_MISS/200 512 GET http://www.google-analy$ Yup. That IP matches. :o) 1195130392.236 1303 192.168.1.34 TCP_MISS/200 20433 GET http://media.ldlc.com$ 1195130392.280 35 192.168.1.34 TCP_MISS/200 717 GET http://www.hardware.fr/$ 1195130416.467317 192.168.1.34 TCP_MISS/200 2736 GET http://www.danstapomme$ 1195130416.613109 192.168.1.34 TCP_MISS/200 503 GET http://www.danstapomme.$ 1195130416.617112 192.168.1.34 TCP_MISS/200 1394 GET http://www.danstapomme$ 1195130416.849347 192.168.1.34 TCP_MISS/200 24973 GET http://www.danstapomm$ 1195130416.915 31 192.168.1.34 TCP_MISS/404 571 GET http://www.danstapomme.$ Here is aview of cache.log of squid ### 007/11/15 13:37:13| Starting Squid Cache version 3.0.RC1 for i686-pc-linux-gnu$ 2007/11/15 13:37:13| Process ID 8219 2007/11/15 13:37:13| With 1024 file descriptors available 2007/11/15 13:37:13| DNS Socket created at 0.0.0.0, port 40818, FD 7 2007/11/15 13:37:13| Adding nameserver 192.168.1.251 from /etc/resolv.conf 2007/11/15 13:37:13| helperStatefulOpenServers: Starting 30 'ntlm_auth' process$ 2007/11/15 13:37:14| helperOpenServers: Starting 5 'ntlm_auth' processes 2007/11/15 13:37:14| User-Agent logging is disabled. 2007/11/15 13:37:14| Referer logging is disabled. 2007/11/15 13:37:14| Unlinkd pipe opened on FD 47 2007/11/15 13:37:14| Local cache digest enabled; rebuild/rewrite every 3600/360$ 2007/11/15 13:37:14| Swap maxSize 1048576 KB, estimated 80659 objects 2007/11/15 13:37:14| Target number of buckets: 4032 2007/11/15 13:37:14| Using 8192 Store buckets 2007/11/15 13:37:14| Max Mem size: 262144 KB 2007/11/15 13:37:14| Max Swap size: 1048576 KB 2007/11/15 13:37:14| Version 1 of swap file with LFS support detected... 2007/11/15 13:37:14| Rebuilding storage in /var/cache/squid/ncache (CLEAN) 2007/11/15 13:37:14| Using Least Load store dir selection 2007/11/15 13:37:14| Current Directory is /root 2007/11/15 13:37:14| Loaded Icons. 2007/11/15 13:37:14| Accepting HTTP connections at 0.0.0.0, port 8080, FD 49. 2007/11/15 13:37:14| HTCP Disabled. 2007/11/15 13:37:14| Ready to serve requests. 2007/11/15 13:37:14| Done reading /var/cache/squid/ncache swaplog (267 entries) 2007/11/15 13:37:14| Finished rebuilding storage from disk. 2007/11/15 13:37:14| 267 Entries scanned 2007/11/15 13:37:14| 0 Invalid entries. 2007/11/15 13:37:14| 0 With invalid flags. 2007/11/15 13:37:14| 267 Objects loaded. 2007/11/15 13:37:14| 0 Objects expired. 2007/11/15 13:37:14| 0 Objects cancelled. 2007/11/15 13:37:14| 0 Duplicate URLs purged. 2007/11/15 13:37:14| 0 Swapfile clashes avoided. 2007/11/15 13:37:14| Took 0.075 seconds (3.6e+03 objects/sec). 2007/11/15 13:37:14| Beginning Validation Procedure 2007/11/15 13:37:14| Completed Validation Procedure 2007/11/15 13:37:14| Validated 559 Entries 2007/11/15 13:37:14| store_swap_size = 2784 2007/11/15 13:37:15| storeLateRelease: released 0 objects Hope you will find something wierd in my config because I've redone it twice and I don't know what I've missed... You might want to peruse th
Re: [squid-users] load balancing traffic through squid on systems with 2 Internet connections
From: "Siju George" <[EMAIL PROTECTED]> > > I have a System with two Internet connections. > Is it possible to configure squid to load balance out going internet > traffic through those two Internet Connections? > This is assuming that you are running Linux :- Just set up multiple routing and weight assignment. You might have to turn off kernel option which caches multiple routing.
Re: [squid-users] load balancing traffic through squid on systems with 2 Internet connections
From: "Ming-Ching Tiew" <[EMAIL PROTECTED]> > > This is assuming that you are running Linux :- > Just set up multiple routing and weight assignment. > You might have to turn off kernel option which > caches multiple routing. > I meant MULTI PATH routing. Important Warning! *** This electronic communication (including any attached files) may contain confidential and/or legally privileged information and is only intended for the use of the person to whom it is addressed. If you are not the intended recipient, you do not have permission to read, use, disseminate, distribute, copy or retain any part of this communication or its attachments in any form. If this e-mail was sent to you by mistake, please take the time to notify the sender so that they can identify the problem and avoid any more mistakes in sending e-mail to you. The unauthorised use of information contained in this communication or its attachments may result in legal action against any person who uses it.
Re: [squid-users] load balancing traffic through squid on systems with 2 Internet connections
On Nov 21, 2007 6:29 AM, Ming-Ching Tiew <[EMAIL PROTECTED]> wrote: > > From: "Ming-Ching Tiew" <[EMAIL PROTECTED]> > > > > This is assuming that you are running Linux :- > > Just set up multiple routing and weight assignment. > > You might have to turn off kernel option which > > caches multiple routing. > > > Thank you so much Ching for your kind response:-) I am running OpenBSD with route-to option in PF http://www.openbsd.org/faq/pf/pools.html#outgoing Is there any option to do it in the "squid.conf" file? I know there is a "tcp_outgoing_address" option. just wondering if it is possible to make it use all outgoing IP address in a round-robin manner :-) Thank you so much once again. Kind Regards Siju
Re: [squid-users] load balancing traffic through squid on systems with 2 Internet connections
From: "Siju George" <[EMAIL PROTECTED]> > > Is there any option to do it in the "squid.conf" file? > > I know there is a "tcp_outgoing_address" option. > > just wondering if it is possible to make it use all outgoing IP > address in a round-robin manner :-) > As far as I know, you could do "split access" using the 'tcp_outgoing_address' method, but you can't get squid to use it in round-robin manner. I might be wrong. :-)
[squid-users] Can't cache dynamic image file..
Hello Squid users. I am using squid for server accelerator. But my squid server can't cache dynamic image. My origin server use not local disk. That use network file system and send image file using ASP function. ( response.write 'filename' ) -- [user] -- (HTTP) -- [squid] -- (HTTP) -- [web server] -- (CIFS) -- [file server] -- Orign server URL like this. example) http://www.test.com/download.asp?write=%2Fabcd%2F2007%2F20%2F96%2Ftest%2EGIF http://www.test.com/download.asp?write=%2Fabcd%2F2007%2F20%2F96%2Fgood%2EGIF http://www.test.com/download.asp?write=%2Fabcd%2F2007%2F20%2F96%2Fnice%2EGIF File of download.asp read image from file server, and then write to user. How can I do cache dynamic image ? Thank for reading this.
Re: [squid-users] Can't cache dynamic image file..
Look at the 'cache' directive and refresh patterns. Adrian On Wed, Nov 21, 2007, Seonkyu Park wrote: > Hello Squid users. > > I am using squid for server accelerator. > > But my squid server can't cache dynamic image. > > My origin server use not local disk. > > That use network file system and send image file using ASP function. ( > response.write 'filename' ) > > -- > [user] -- (HTTP) -- [squid] -- (HTTP) -- [web server] -- (CIFS) -- [file > server] > -- > > Orign server URL like this. > > example) > http://www.test.com/download.asp?write=%2Fabcd%2F2007%2F20%2F96%2Ftest%2EGIF > http://www.test.com/download.asp?write=%2Fabcd%2F2007%2F20%2F96%2Fgood%2EGIF > http://www.test.com/download.asp?write=%2Fabcd%2F2007%2F20%2F96%2Fnice%2EGIF > > > > File of download.asp read image from file server, and then write to user. > > How can I do cache dynamic image ? > > Thank for reading this. > -- - Xenion - http://www.xenion.com.au/ - VPS Hosting - Commercial Squid Support - - $25/pm entry-level VPSes w/ capped bandwidth charges available in WA -
Re: [squid-users] load balancing traffic through squid on systems with 2 Internet connections
On Wed, Nov 21, 2007, Ming-Ching Tiew wrote: > As far as I know, you could do "split access" using > the 'tcp_outgoing_address' method, but you can't > get squid to use it in round-robin manner. > > I might be wrong. :-) I don't think there is, but making squid do that with a small source patch wouldn't be difficult. Adrian -- - Xenion - http://www.xenion.com.au/ - VPS Hosting - Commercial Squid Support -
[squid-users] External Helper - %{Hdr:member} ?
Hello List,
I've been trying to send different information to the external helper
via the %{Hdr:member} parameter, but to no avail.
%{Host} and %{HOST} work wonderfully - assuming there is 'no' case
sensitivity?
Where I seem to be failing is, attempting to send any other HTTP host
header information, just is not working for me.
For example if I try:
%{Referer} I'm getting a "-" which means nothing was passed.
I've also tried:
%{Referer:absoluteURI} - where I'm treating "Referer" as "Hdr" and
"absoluteURI" as "member"
Is that the correct syntax?
I'm using http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html as a
reference to the different data/information I can send. Are there any
limitations to what squid can handle through the %{Hdr:;member} parameter?
Help as always, is appreciated.
Thanks List,
Re: [squid-users] load balancing traffic through squid on systems with 2 Internet connections
Hi George, Siju George wrote: Hi, I have a System with two Internet connections. Is it possible to configure squid to load balance out going internet traffic through those two Internet Connections? To keep things simple, you can just use the "tcp_outgoing_address" parameter in squid.conf. Thanking you... Thank you so much Kind Regards Siju -- With best regards and good wishes, Yours sincerely, Tek Bahadur Limbu System Administrator (TAG/TDG Group) Jwl Systems Department Worldlink Communications Pvt. Ltd. Jawalakhel, Nepal http://www.wlink.com.np http://teklimbu.wordpress.com
Re: [squid-users] Can't cache dynamic image file..
Thank you for replying to my e-mail. 1) Edit '/etc/squid/mime.conf' & added \.asp$ image/jpeg anthony-image.gif - image +download 2) tail /var/log/squid/access.log 1.1.1.1 - - [21/Nov/2007:15:42:23 +0900] "http://www.test.com/download.asp?write=%2Fabcd%2F2007%2F20%2F96%2Ftest%2EGIF HTTP/1.1" 200 59044 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)" TCP_MISS:FIRST_UP_PARENT 1.1.1.1 - - [21/Nov/2007:15:42:28 +0900] "http://www.test.com/download.asp?write=%2Fabcd%2F2007%2F20%2F96%2Ftest%2EGIF HTTP/1.1" 200 59044 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)" TCP_MISS:FIRST_UP_PARENT HTTP code is 200. So I can see image file but always TCP_MISS occured. How can I do 'TCP_MEM_HIT' or 'TCP_HIT' ? > Look at the 'cache' directive and refresh patterns. > > > > Adrian > > > On Wed, Nov 21, 2007, Seonkyu Park wrote: >> Hello Squid users. >> >> I am using squid for server accelerator. >> >> But my squid server can't cache dynamic image. >> >> My origin server use not local disk. >> >> That use network file system and send image file using ASP function. ( >> response.write 'filename' ) >> >> -- >> [user] -- (HTTP) -- [squid] -- (HTTP) -- [web server] -- (CIFS) -- [file >> server] >> -- >> >> Orign server URL like this. >> >> example) >> http://www.test.com/download.asp?write=%2Fabcd%2F2007%2F20%2F96%2Ftest%2EGIF >> >> http://www.test.com/download.asp?write=%2Fabcd%2F2007%2F20%2F96%2Fgood%2EGIF >> http://www.test.com/download.asp?write=%2Fabcd%2F2007%2F20%2F96%2Fnice%2EGIF >> >> >> >> File of download.asp read image from file server, and then write to user. >> >> How can I do cache dynamic image ? >> >> Thank for reading this. >> > > -- > - Xenion - http://www.xenion.com.au/ - VPS Hosting - Commercial Squid Support > - > - $25/pm entry-level VPSes w/ capped bandwidth charges available in WA - >
