Re: [squid-users] load balancing traffic through squid on systems with 2 Internet connections
On tor, 2007-11-22 at 13:57 +0530, Siju George wrote: > method as I use now then even through the outgoing address will be > changed for 50% of the packets those same packets will be routed out > through the default interface only :-( There is two related components needed to make multipath routing work properly for hosts connected to multiple ISPs a) You need multi-path balancing support in the routing, balancing the outgoing sessions on the available paths. The primary function of this is to select the proper source IP. b) You need policy routing based on source IP to route already assigned traffic out via the correct ISP. Regards Henrik signature.asc Description: This is a digitally signed message part
[squid-users] blocking audio/video/radio streaming
Hi, I want to block.online radio/audio/video streaming using squid . i have done this acl blockfiles urlpath_regex -i "/etc/squid/multimedia.files.acl" http_access deny blockfiles the content of the multimedia.files.acl \.[Aa][Vv][Ii]$ \.[Mm][Pp][Gg]$ \.[Mm][Pp][Ee][Gg]$ \.[Mm][Pp]3$ \.(afx|asf|asx|au|avi|divx|m3u|mov|mp2|mp3|mpeg|mp g|qt|ra|ram|rm|viv|vivo|vob|vqf|wav|wma|wmv|vbs|shs|pif)($|\?) but it's not working. Thanks- Tarak Online Learning|Certifications|Learning Solutions : www.liqwidkrystal.com
[squid-users] Have squid display webpage when user authenticated
- I would like to have a webpage display when a user is first authenticated on my squid proxy. For example, they start by configuring their browser for the proxy, and then go to "yahoo.com". But before they see yahoo.com, the proxy will first display a page says "You are surfing via a proxy.. click here to continue to your page"... From that point on they will not be asked again. Is this possible with squid? Thank you - Be a better sports nut! Let your teams follow you with Yahoo Mobile. Try it now. http://mobile.yahoo.com/sports;_ylt=At9_qDKvtAbMuh1G1SQtBI7ntAcJ
Re: [squid-users] Invalid Response
On fre, 2007-11-23 at 15:49 +0100, [EMAIL PROTECTED] wrote: > Taken from "Wireshark> Follow TCP Stream" . Tcpdump was done on the squid > server. > > HTTP/1.1 200 OK > Date: Mon, 05 Nov 2007 14:22:52 GMT > Server: Apache/2.0.52 (Red Hat) > Transfer-Encoding: chunked > Content-Length: 1532 > Connection: close > Content-Type: text/html; charset=utf-8 > > 5ea > > > > (3 lines more than what you aked for) It's a broken message. It's not allowed to have both Content-Length and Transfer-Encoding: chunked. This violates a MUST NOT requirement in the HTTP specifications. Additionally there is another MUST NOT requirement which forbids chunked encoding to at all be used in responses to HTTP/1.0 requests (Squid is still 1.0). But Squid do handle this if seen.. (too many servers getting this wrong, and Squid is progressing towards HTTP/1.1 support) So two major errors in that HTTP response. But yes, Squid should not barf this loudly on this, and is infact already fixed but forgot to merge that to 2.6.. not sure why.. You can find the patch at http://www.squid-cache.org/Versions/v2/HEAD/changesets/11708.patch Regards Henrik signature.asc Description: This is a digitally signed message part
Re: [squid-users] Invalid Response
Quoting Henrik Nordstrom <[EMAIL PROTECTED]>: > On tor, 2007-11-22 at 10:45 +0100, [EMAIL PROTECTED] wrote: > > > I looked to the HTTP headers and found nothing strange (But I'm no expert > on > > this) : > > - I checked the spaces before and after the ":" > > - I also checked the blank lines between the header's section and the html > body > > section. > > Can you attach the complete headers so we can take a look? (status line > down to the blank line after the headers) > Taken from "Wireshark> Follow TCP Stream" . Tcpdump was done on the squid server. HTTP/1.1 200 OK Date: Mon, 05 Nov 2007 14:22:52 GMT Server: Apache/2.0.52 (Red Hat) Transfer-Encoding: chunked Content-Length: 1532 Connection: close Content-Type: text/html; charset=utf-8 5ea (3 lines more than what you aked for) Regards, Andrew
[squid-users] Access.log
Hi all, How can have the access.log display the source of the client IP using my proxy server rather than the IP address of the proxy itself. Thanks BSD Networking, Microsoft Notworking
[squid-users] Audio/video streaming blocking
Hi, I want to block.online radio/audio/video streaming using squid . i have done this acl blockfiles urlpath_regex -i "/etc/squid/multimedia.files.acl" http_access deny blockfiles the content of the multimedia.files.acl \.[Aa][Vv][Ii]$ \.[Mm][Pp][Gg]$ \.[Mm][Pp][Ee][Gg]$ \.[Mm][Pp]3$ \.(afx|asf|asx|au|avi|divx|m3u|mov|mp2|mp3|mpeg|mp g|qt|ra|ram|rm|viv|vivo|vob|vqf|wav|wma|wmv|vbs|shs|pif)($|\?) but it's not working. Thanks- Tarak Online Learning|Certifications|Learning Solutions : www.liqwidkrystal.com
Re: [squid-users] Basic Pam authentification problem with on mandrake 9.0
Looks fine to me. On fre, 2007-11-23 at 10:46 +, Edjé wrote: > Hello thank you for interest to my problem: > But it doesn't success. > I send you what permissions on files seem to be: > -rwsr-xrr-x1 root squid 5060 Aug 6 2002 /usr/lib/squid/pam_auth > For lib directory of squid (/usr/lib/squid): > drwxr-x--- 4 root squid4096 Oct 31 17:46 squid/ > > What do you think about? > > Selon Henrik Nordstrom <[EMAIL PROTECTED]>: > > > On tor, 2007-11-15 at 08:10 +, Edjé wrote: > > > > Selon Henrik Nordstrom <[EMAIL PROTECTED]>: > > > > > > > > > On mÃ¥n, 2007-11-05 at 09:52 +, Edjé wrote: > > > > > > > > > > > But some unix accounts authentication succeeded while others failed. > > More > > > > > if i > > > > > > do the test on the server with /usr/lib/squid/pam_auth the problem > > > > > > is > > the > > > > > same. > > > > > > This version(squid-2.4.STABLE7-2mdk) does it have a problem with > > Mandrake > > > > > 9.0? > > > > > What can i do? > > > > > > > > Do you use shadow passwords? In such case squid_pam_auth needs to be > > > > installed setuid root. > > > > > > > What this means? How can i do it? Thank you to help me understand. > > > > It means that if your system is using shadow passwords (most UNIX:es do > > these days) then squid_pam_auth needs to be installed setuserid root. > > > > chown root /usr/local/squid/libexec/squid_pam_auth > > chmod u+s /usr/local/squid/libexec/squid_pam_auth > > > > I'd also recommend restricting access to /usr/local/squid/libexec/ if > > you allow users to login on the proxy server. > > > > chgrp squid /usr/local/squid/libexec/ > > chmod o= /usr/local/squid/libexec/ > > > > assuming you have a group for squid.. > > > > Regards > > Henrik > > > > > -- > "Heureux ceux qui sont conscients de leur pauvreté spirituelle." - Mat 5:3(Les > Saintes Ecritures - Traduction du monde nouveau). > > > Ce message a été envoyé depuis le serveur de messagerie de l'Université de > Lomé. > Université de Lomé > BP 1515 > Lomé TOGO. signature.asc Description: This is a digitally signed message part
[squid-users] Content Filter for Squid with Gui / Web Console
Sorry but I'm going to be a pain for the next couple minutes. We have been using Dansguardian as a contnet filter for quite a long time and a client has requested a Content filter which plugs into squid and has a gui where they can black list and white list certain sites. Does anyone know of an application that meets these requirements? I've searching the Net but I can't quite find the right one so I hoped that one of you has had a similar request and resolved it?? -- Janco van der Merwe Open Solutions Tel: 011 305 2887 Cell: 083 291 8536 Fax: 0866978875 __ Think not those faithful who praise all thy words and actions; but those who kindly reprove thy faults. Socrates
Re: [squid-users] Basic Pam authentification problem with on mandrake 9.0
Hello thank you for interest to my problem: But it doesn't success. I send you what permissions on files seem to be: -rwsr-xrr-x1 root squid 5060 Aug 6 2002 /usr/lib/squid/pam_auth For lib directory of squid (/usr/lib/squid): drwxr-x--- 4 root squid4096 Oct 31 17:46 squid/ What do you think about? Selon Henrik Nordstrom <[EMAIL PROTECTED]>: > On tor, 2007-11-15 at 08:10 +, Edjé wrote: > > > Selon Henrik Nordstrom <[EMAIL PROTECTED]>: > > > > > > > On mÃÂ¥n, 2007-11-05 at 09:52 +, Edjé wrote: > > > > > > > > > But some unix accounts authentication succeeded while others failed. > More > > > > if i > > > > > do the test on the server with /usr/lib/squid/pam_auth the problem is > the > > > > same. > > > > > This version(squid-2.4.STABLE7-2mdk) does it have a problem with > Mandrake > > > > 9.0? > > > > What can i do? > > > > > > Do you use shadow passwords? In such case squid_pam_auth needs to be > > > installed setuid root. > > > > > What this means? How can i do it? Thank you to help me understand. > > It means that if your system is using shadow passwords (most UNIX:es do > these days) then squid_pam_auth needs to be installed setuserid root. > > chown root /usr/local/squid/libexec/squid_pam_auth > chmod u+s /usr/local/squid/libexec/squid_pam_auth > > I'd also recommend restricting access to /usr/local/squid/libexec/ if > you allow users to login on the proxy server. > > chgrp squid /usr/local/squid/libexec/ > chmod o= /usr/local/squid/libexec/ > > assuming you have a group for squid.. > > Regards > Henrik > -- "Heureux ceux qui sont conscients de leur pauvreté spirituelle." - Mat 5:3(Les Saintes Ecritures - Traduction du monde nouveau). Ce message a été envoyé depuis le serveur de messagerie de l'Université de Lomé. Université de Lomé BP 1515 Lomé TOGO.
[squid-users] MySAR
Hi, Has anyone used mysar and what is your opinion about it? -- Janco van der Merwe Open Solutions Tel: 011 305 2887 Cell: 083 291 8536 Fax: 0866978875 __ Think not those faithful who praise all thy words and actions; but those who kindly reprove thy faults. Socrates
Re: [squid-users] Blocking IP's from accessing Squid
On 22.11.07 13:29, Reid wrote: > I need to block a large number of IP addresses from accessing squid. Is > this something that squid can do efficiently? do you run reverse, or just open proxy? -- Matus UHLAR - fantomas, [EMAIL PROTECTED] ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. "The box said 'Requires Windows 95 or better', so I bought a Macintosh".
Re: [squid-users] Access.log
On fre, 2007-11-23 at 09:45 -0500, Monah Baki wrote: > Hi all, > > How can have the access.log display the source of the client IP using > my proxy server rather than the IP address of the proxy itself. Normally access.log of the proxy shows the ip of the client. Is there anything special about your setup which may hide the ip? I.e DansGuardian or similar proxy between the client and squid, or NAT rules messing things up? Or are you referring to the web servers access.log when seeing requests forwareded via the proxy? Regards Henrik signature.asc Description: This is a digitally signed message part
Re: [squid-users] blocking audio/video/radio streaming
Tarak Ranjan wrote: Hi, I want to block.online radio/audio/video streaming using squid . i have done this acl blockfiles urlpath_regex -i "/etc/squid/multimedia.files.acl" http_access deny blockfiles the content of the multimedia.files.acl \.[Aa][Vv][Ii]$ \.[Mm][Pp][Gg]$ \.[Mm][Pp][Ee][Gg]$ \.[Mm][Pp]3$ \.(afx|asf|asx|au|avi|divx|m3u|mov|mp2|mp3|mpeg|mp g|qt|ra|ram|rm|viv|vivo|vob|vqf|wav|wma|wmv|vbs|shs|pif)($|\?) but it's not working. Thanks- Tarak This will only work on streaming sites who don't care about data theft. Most websites protect their media content by serving it out of scripts instead of D/L'able files. That change the URI to anything they can imagine. What you want to do is block based on reply mime-type using rep_mime_type ACL and http_reply_access permissions. http://www.squid-cache.org/Versions/v2/2.6/acl.html http://www.squid-cache.org/Versions/v2/2.6/http_reply_access.html Amos
Re: [squid-users] Invalid Response
On tor, 2007-11-22 at 10:45 +0100, [EMAIL PROTECTED] wrote: > I looked to the HTTP headers and found nothing strange (But I'm no expert on > this) : > - I checked the spaces before and after the ":" > - I also checked the blank lines between the header's section and the html > body > section. Can you attach the complete headers so we can take a look? (status line down to the blank line after the headers) Regards Henrik signature.asc Description: This is a digitally signed message part
Re: [squid-users] MySAR
On Friday 23 November 2007 6:45:11 pm Janco van der Merwe wrote: > Hi, > > Has anyone used mysar and what is your opinion about it? Yes, I am using MySAR and it is the best that I have used so far in terms of the accuracy of the report, it is the only report that have served our corporate requirement. The only drawback is the MySQL backend which has the tendency to become very slow when generating reports when the amount of data is more than 5GB. regards, Kenneth
Re: [squid-users] load balancing traffic through squid on systems with 2 Internet connections
On tor, 2007-11-22 at 08:19 +0100, Matus UHLAR - fantomas wrote: > We have squid servers behind L3 switch (balancer) which uses the > 'sourcehash' technique for balancing requests because of this reason. Maybe > such functionality could be integrated into squid. Or into packetfilter :) That's a good coding project for some interested volunteer. Extend tcp_outgoing_address with a "sourcehash" selector.. Regards Henrik signature.asc Description: This is a digitally signed message part
[squid-users] question about filesystems and directories for cache.
Hello, I'm installing a new squid server (I have a couple running already), but this is going to server as gateway for about 450 clients. I have a good piece of hardware for it, but I have just two hard discs RAID 1 mirrored. I'll like to get the best performance of this servers, and I think that the iowait would be the bottle neck of this setup. So, I'm looking forward to configure the system in the most optimums way... I'm being reading the wiki and the mailing list to know, which is the best filesystem to use, for now I have chose ext3 based on comments on the list, also, I have passed the nodev,nosuid,noexec,noatime flags to fstab in order to get a security and faster performance. I am not sure how to setup the caching directories what would be better to have one directory for store the cache, or have more than one... to use ufs, aufs or diskd. For now based on comments at the wiki, I have chose to have four directories using diskd. I would like to know, what you guys think about this, or if you have some comments or experience about this little tweaks to improve performance. Any comments are welcome, BR, Matías
