[squid-users] Redirect to specific parent depends on URL
Dear All, I have two ISPs and I'd to redirect to parent based on URL. See my situation below. / ISPA (eth0) e.g. 1.1.1.1 (same proxies of ISPA) (ADSL 512 Kbps) LAN eth3--->LinuxBox--|-- ISPA (eth1) e.g. 1.2.1.1 (same proxies of ISPA) (ADSL 256 Kbps) \ ISPB (eth2) e.g. 1.3.1.1 (ADSL 512 Kbps but not stable) My cache configuration is as show below cache_peer ISPA_Proxy1 parent 8080 3130 no-query cache_peer ISPA_Proxy2 parent 8080 3130 no-query cache_peer ISPA_Proxy3 parent 8080 3130 no-query cache_peer ISPA_Proxy3 parent 8080 3130 no-query cache_peer ISPB_Proxy1 parent 8080 3130 no-query cache_peer ISPB_Proxy1 parent 8080 3130 no-query Here is what I want to do. 1. I want to balance load evenly to both ADSL connection to ISPA. They have same proxy parents. If it is not possible to balance evenly, I'd to set 512 Kbps connection as default and when it fill load, then redirect to 256 Kbps ADSL 2. Some sites are banned by ISPA but ISPB allow. And also some sites banned by ISPB is allow by ISPA. This is the reason why I use two ISP So, I want to redirect banned site of ISPA to ISPB. For e.g. Metacafe is banned by ISPB and I want to redirecto ISPA Any suggestion is highly appricated.? Mr. Crack007
[squid-users] Authentication question
Hi All, If users require authentication in squid before browsing, is there a way for example to tell squid since user has authenticated in IE, if the user plans on using firefox while IE is still running, do not authenticate. Thanks BSD Networking, Microsoft Notworking
Re: [squid-users] Adjusting Parent Cache weight based on acl
> Hi Amos, > > Thanks for the reply, so it seems that squid already does what I need > (in a way). Would you mind expanding on the data accounting comment, All > I could find on google was "ip accounting" in squid. Like I said, the > servers arn't ready yet so I can't test what I need to, but so far it's > looking good :) It's a bit messy, hooking into the ICMP stats in places. But each time squid receives an HTCP or ICP reply it counts as one ping. It looks to me like it was intended for the up/down peer detection, but it has the side-effect of falling nicely into the rtt calculation as a super-fast ping, which then falls over to ever so slightly reduce the weight calculation for that peer. Amos > > Thanks, > > Pieter > > Amos Jeffries wrote: >> >> This is done directly allow.deny to any given peer via ACLs already, >> and indirectly via sucessfull data accounting which modifies the >> weighting. >>> or I want to say something >>> like, when Client A requests it from username "user" and from IP >>> a.b.c.d >>> (say a dial up) then decrease the weight of the adsl proxy. >> >> This is already implemented in all weighted-peering algorithms in squid. >> >> cache_peer_access allows/prevents any data being retrieved from a >> peer. Each time data is successfully retrieved it adds to the >> weighting of the useful source peer. >> > >
Re: [squid-users] How to redirect http://gmail.com to https://gmail.com
> Dear All, > I would like to redirect http://gmail.com to https://gmail.com > because http://gmail.com was banned by our ISP > But they allow https://gmail.com > User only know http://gmail.com but when they visit, it was banned. > Almost the time, I have to go to user and say to use https://gmail.com .. > > Any suggestions is appirciated > Two approaches: 1) automatic teaching clue-by-4 stick for your users: acl badGmail dstdomain gmail.com acl HTTP proto HTTP deny_info http://yourhostname/gmail_is_broken.html badGmail http_access deny HTTP badGmail 2) leave the peons ignorant and MAKE it work: acl badGmail dstdomain gmail.com acl HTTP proto HTTP cache_peer gmail.com 443 0 no-query originserver cache_peer_access gmail.com allow badGmail cache_peer_access gmail.com deny !badGmail never_direct deny HTTP badGmail Amos
Re: [squid-users] Redirect to specific parent depends on URL
> Dear All, > I have two ISPs and I'd to redirect to parent based on URL. See my > situation below. > > / ISPA (eth0) e.g. 1.1.1.1 (same > proxies of ISPA) (ADSL 512 Kbps) > LAN eth3--->LinuxBox--|-- ISPA (eth1) e.g. 1.2.1.1 (same proxies of > ISPA) (ADSL 256 Kbps) > \ ISPB (eth2) e.g. 1.3.1.1 > (ADSL 512 Kbps but not stable) > My cache configuration is as show below > cache_peer ISPA_Proxy1 parent 8080 3130 no-query > cache_peer ISPA_Proxy2 parent 8080 3130 no-query > cache_peer ISPA_Proxy3 parent 8080 3130 no-query > cache_peer ISPA_Proxy3 parent 8080 3130 no-query > > cache_peer ISPB_Proxy1 parent 8080 3130 no-query > cache_peer ISPB_Proxy1 parent 8080 3130 no-query > > Here is what I want to do. > 1. I want to balance load evenly to both ADSL connection to ISPA. > They have same proxy parents. > If it is not possible to balance evenly, I'd to set 512 Kbps > connection as default and when it fill load, then redirect to 256 Kbps > ADSL Depends on how your squid was built. You fail to say which version and release you are talking about. Look up the cache_peer options, several of them are for load balancing. You want one of the weighted algorithms, probably carp. http:/www.squid-cache.org/Versions/v2/2.6/cache_peer.html > 2. Some sites are banned by ISPA but ISPB allow. And also some sites > banned by ISPB is allow by ISPA. > This is the reason why I use two ISP > So, I want to redirect banned site of ISPA to ISPB. For e.g. > Metacafe is banned by ISPB and I want to redirecto ISPA cache_peer_access http:/www.squid-cache.org/Versions/v2/2.6/cache_peer_access.html I'm assuming you are one of the multitude on squid2.6 since you don't say. > > Any suggestion is highly appricated.? > > Mr. Crack007 > Amos
[squid-users] Squid and Netflix don't like each other
Netflix has an online watch movies now thing going. It appears that IE has to send the follow requests to fire it off, these are from my access.log http://index.ehub.netflix.com/item/? http://69.53.224.31/data/11/? http://www.netflix.com/WatchNowEvent All seems fine until the last step, then the little activex control returns a screen that says: Server Connection Error Make sure your computer has a live connection to the Internet and that security software is not blocking the Netflix Movie Viewer's access. If you have an active, unblocked connection, close all browser windows, then try to play a movie again. For further information, see our Internet and Server Connection Error FAQ. If the problem persists, or you would like assistance, please contact Netflix technical support and report the following error code(s): MediaError(10) I have squid3 running as transparent proxy with wccp2 so I setup an access list and put my workstation on it, and the silly movie runs just fine. My cache.log is showing this line, but I have to stress that its possible that its not my client doing this, but it is an amazing coincidence: 2007/12/16 21:48:40| clientParseRequestMethod: Unsupported method in request '^SBitTorrent protocolex' 2007/12/16 21:48:40| clientProcessRequest: Invalid Request Can someone offer some suggestions with this? Bypassing the cache is doable, but sorta defeats the purpose of the cache. Thanks Dave
Re: [squid-users] Squid and Netflix don't like each other
On Sun, Dec 16, 2007, Dave Overton wrote: > 2007/12/16 21:48:40| clientParseRequestMethod: Unsupported method in request > '^SBitTorrent protocolex' > 2007/12/16 21:48:40| clientProcessRequest: Invalid Request You'll have to provide a dump of the whole request/reply exchange to see whats going on. Adrian -- - Xenion - http://www.xenion.com.au/ - VPS Hosting - Commercial Squid Support -
[squid-users] Force Squid
Dear All, How to force squid to refresh cache for specific site? Can you give me some example in refresh pattern? Thanks a lot Regards, Nikolas
RE: [squid-users] Force Squid
Dear Dieter, I am not using squidclient, is there any way to overcome this? Thanks a lot Regards, Nikolas -Original Message- From: Dieter Bloms [mailto:[EMAIL PROTECTED] Sent: Monday, December 17, 2007 2:07 PM To: Nikolas Cc: squid-users@squid-cache.org Subject: Re: [squid-users] Force Squid Hi, On Mon, Dec 17, Nikolas wrote: > How to force squid to refresh cache for specific site? Can you give me > some example in refresh pattern? you may use squidclient -r for this. -- Gruß Dieter -- I do not get viruses because I do not use MS software. If you use Outlook then please do not put my email address in your address-book so that WHEN you get a virus it won't use my address in the >From field.
Re: RE: [squid-users] Force Squid
Hi, On Mon, Dec 17, Nikolas wrote: > I am not using squidclient, is there any way to overcome this? > Thanks a lot telnet, netcat, ..., make your own programm. -- Gruß Dieter -- I do not get viruses because I do not use MS software. If you use Outlook then please do not put my email address in your address-book so that WHEN you get a virus it won't use my address in the From field. pgpvBHsudQr48.pgp Description: PGP signature
