Re: [squid-users] Google Images and Blacklists
Hi, I went to google and did a google image search for "test" and if I see the image location then its http://tbn0.google.com/images?q=tbn:ikGI0NaN_FcpSM:http://static.howstuffworks.com/gif/nuclear-test-1.jpg I assume you are maintaing your black list with dst or dstdomain. Using url_regex should do the trick as you can see that the images are from google domain itself. Regards, Roshan On 12/21/07, Cailen Pratt <[EMAIL PROTECTED]> wrote: > Hi guys, > > I'm wondering if there is any way to filter images.google.com.au using my > blacklist? I have an extensive blacklist which works great however if I go > to Google Images, I can search images that belong to domains in my > blacklist. I don't want to block images.google.com.au because I would like > users to still have access to this functionality. I'm running Squid Version > 2.6.STABLE5 > > Thanks in advance. > >
Re: Fwd: [squid-users] Squid, SNMP and MRTG
Yes you dont need to use cfgmaker to monitor squid. There is a link to mrtg-squid.cfg file here http://chrismiles.info/unix/mrtg/ Also a little tutorial at http://techspalace.blogspot.com/2007/12/mrtg-for-squid.html Regards, Roshan Karki On 12/21/07, Tek Bahadur Limbu <[EMAIL PROTECTED]> wrote: > Hi Indunil, > > You don't use the cfgmaker with Squid as you normally do with Linux > network interfaces. > > You need the SNMP OIDs for graphing Squid MRTG. > > Put something like the below in your mrtg.cfg file: > > > Target[1cacheServerRequests]: > cacheServerRequests&cacheServerRequests:[EMAIL PROTECTED]:3001 > MaxBytes[1cacheServerRequests]: 1000 > Title[1cacheServerRequests]: Server Requests @ cacheproxy88 > Options[1cacheServerRequests]: nopercent > PageTop[1cacheServerRequests]: Server Requests @ cacheproxy88 > YLegend[1cacheServerRequests]: requests/sec > ShortLegend[1cacheServerRequests]: req/s > LegendI[1cacheServerRequests]: Requests > LegendO[1cacheServerRequests]: > Legend1[1cacheServerRequests]: Requests > Legend2[1cacheServerRequests]: > > > Target[2cacheHttpInOutKb]: > cacheHttpInKb&cacheHttpOutKb:[EMAIL PROTECTED]:3001 * 1024 * 8 > MaxBytes[2cacheHttpInOutKb]: 10 > Title[2cacheHttpInOutKb]: HTTP In/Out Traffic @ cacheproxy88 > Options[2cacheHttpInOutKb]: nopercent > PageTop[2cacheHttpInOutKb]: HTTP In/Out Traffic @ cacheproxy88 > YLegend[2cacheHttpInOutKb]: Bits/second > ShortLegend[2cacheHttpInOutKb]: Bits/s > LegendI[2cacheHttpInOutKb]: HTTP In > LegendO[2cacheHttpInOutKb]: HTTP Out > Legend1[2cacheHttpInOutKb]: HTTP In > Legend2[2cacheHttpInOutKb]: HTTP Out > > > The most important thing to note is in the Target parameter. > > > Check out the following site for more help and information about SNMP > and Squid: > > http://www.onlamp.com/pub/a/onlamp/2004/03/25/squid.html > > Thanking you... > > > > Indunil Jayasooriya wrote: > > Hi again, > > > > before running this command pl make the mrtg working directory like > > "/var/www/mrtg" > > > > Yes, I made it. pls see below > > > > [EMAIL PROTECTED] ~]# mkdir /var/www/mrtgnew > > > > after making the directory run this command > > > > cfgmaker --global 'WorkDir: /mrtg_working_dir_path/' --output > > /etc/mrtg/mrtg.cfg [EMAIL PROTECTED] > > > > yes , I did it. pls see below > > > > [EMAIL PROTECTED] ~]# cfgmaker --global 'WorkDir: /var/www/mrtgnew' > > --output > > /etc/mrtg/mrtgnew.cfg [EMAIL PROTECTED] > > It worked. > > then, I checked my /etc/mrtg/mrtgnew.cfg . it is a traditinal mrtg.cfg file. > > > > > > after running this make a entry in /etc/mrtg/mrtg.cfg > > LoadMIBs: /etc/squid/mib.txt > > Yes, I added it. > > > > this is my full /etc/mrtg/mrtgnew.cfg > > > > [EMAIL PROTECTED] mrtgnew]# cat /etc/mrtg/mrtgnew.cfg > > # Created by > > # /usr/bin/cfgmaker --global 'WorkDir: /var/www/mrtgnew' --output > > /etc/mrtg/mrtgnew.cfg [EMAIL PROTECTED] > > > > > > ### Global Config Options > > > > # for UNIX > > # WorkDir: /home/http/mrtg > > > > # or for NT > > # WorkDir: c:\mrtgdata > > > > ### Global Defaults > > > > # to get bits instead of bytes and graphs growing to the right > > # Options[_]: growright, bits > > > > EnableIPv6: no > > WorkDir: /var/www/mrtgnew > > LoadMIBs: /etc/squid/mib.txt > > ## > > # System: mail.douglas.lk > > # Description: Linux mail.douglas.lk 2.6.9-55.EL #1 Fri Apr 20 > > 16:35:59 EDT 2007 i686 > > # Contact: [EMAIL PROTECTED] > > # Location: Unknown > > ## > > > > > > ### Interface 1 >> Descr: 'lo' | Name: '' | Ip: '127.0.0.1' | Eth: '' ### > > ### The following interface is commented out because: > > ### * it is a Software Loopback interface > > # > > # Target[localhost_1]: 1:[EMAIL PROTECTED]: > > # SetEnv[localhost_1]: MRTG_INT_IP="127.0.0.1" MRTG_INT_DESCR="lo" > > # MaxBytes[localhost_1]: 125 > > # Title[localhost_1]: Traffic Analysis for 1 -- mail.douglas.lk > > # PageTop[localhost_1]: Traffic Analysis for 1 -- mail.douglas.lk > > # > > #System: mail.douglas.lk in Unknown > > #Maintainer: [EMAIL PROTECTED] > > #Description:lo > > #ifType: softwareLoopback (24) > > #ifName: > > #Max Speed: 1250.0 kBytes/s > > #Ip: 127.0.0.1 (localhost) > > # > > > > > > ### Interface 2 >> Descr: 'eth0' | Name: '' | Ip: '192.168.122.54' | > > Eth: '00-11-5b-78-db-ad' ## The following interface is commented > > out because: > > ### * it is operationally DOWN > > # > > # Target[localhost_2]: 2:[EMAIL PROTECTED]: > > # SetEnv[localhost_2]: MRTG_INT_IP="192.168.122.54" MRTG_INT_DESCR="eth0" > > # MaxBytes[localhost_2]: 125 > > # Title[localhost_2]: Traffic Analysis for 2 -- mail.douglas.lk > > # PageTop[localhost_2]: Traffic Analysis for 2 -- mail.douglas.lk > > # > > #System: mail.douglas.lk in Unknown > > #Maintainer: [EMAIL PROTECTED] > > #Description:eth0 > > #ifType: ethernetC
Re: [squid-users] 2.7 vs 3.0
ChangeLog may help you !! On Dec 21, 2007 10:43 PM, Adrian Chadd <[EMAIL PROTECTED]> wrote: > > On Sat, Dec 22, 2007, Count Of Dracula wrote: > > > > You want 2.6STABLE17 right now, and 2.7 when it is released. =] 3.0 > > > > isn't really ready for a production environment yet. > > > > Can you please explain what is a difference between Squid 2.6,2.7 and > > 3.0 ? Why there is a Squid 2.7 branch? > > Because there are users who aren't ready to move to Squid-3.0 for > various reasons, and there's life left in that branch. > > > > Adrian > > -- > - Xenion - http://www.xenion.com.au/ - VPS Hosting - Commercial Squid Support > - > -- Sds. Alexandre J. Correa Onda Internet / OPinguim.net http://www.ondainternet.com.br http://www.opinguim.net
Re: [squid-users] clustering squid
On Fri, Dec 21, 2007, Mar Matthias Darin wrote: > >I am looking to utilize squid as a reverse proxy for a medium sized > >implementation that will need to scale to a lot of requests/sec (a lot > >is a relative/unknown term). I found this very informative thread: > >http://www.squid-cache.org/mail-archive/squid-users/200704/0089.html > > I have written some software that will make managing the log files a bit > easier. You can consolidate the logs to a signle system (and file if you > wish)(via TCP connections) and the logs are rotated automatically each > night (without effecting Squid). Also it handles log data above 2gigs > easily. The software is GPL licensed. The url is in my signature. hm, you could easily write a logfile helper process or plugin to pipe those logfiles over a TCP or UDP socket without even touching the disk. That'll be in Squid-2.7 and Squid-3.1 when they're released. Adrian -- - Xenion - http://www.xenion.com.au/ - VPS Hosting - Commercial Squid Support -
Re: [squid-users] 2.7 vs 3.0
On Sat, Dec 22, 2007, Count Of Dracula wrote: > > > You want 2.6STABLE17 right now, and 2.7 when it is released. =] 3.0 > > > isn't really ready for a production environment yet. > > Can you please explain what is a difference between Squid 2.6,2.7 and > 3.0 ? Why there is a Squid 2.7 branch? Because there are users who aren't ready to move to Squid-3.0 for various reasons, and there's life left in that branch. Adrian -- - Xenion - http://www.xenion.com.au/ - VPS Hosting - Commercial Squid Support -
Re: [squid-users] clustering squid
Hello, Terry writes: I am looking to utilize squid as a reverse proxy for a medium sized implementation that will need to scale to a lot of requests/sec (a lot is a relative/unknown term). I found this very informative thread: http://www.squid-cache.org/mail-archive/squid-users/200704/0089.html I have written some software that will make managing the log files a bit easier. You can consolidate the logs to a signle system (and file if you wish)(via TCP connections) and the logs are rotated automatically each night (without effecting Squid). Also it handles log data above 2gigs easily. The software is GPL licensed. The url is in my signature. --- Logger: Taking control of system logs. http://freshmeat.net/projects/slogger/
[squid-users] Video streaming
Hi all, Any way to bypass the proxy for any form of internet video streaming, like apple's movie trailers, abc.com where users can watch full episodes or even netflix or blockbuster. I do not mind a pac file if it cannot be done from squid.conf. Thanks BSD Networking, Microsoft Notworking
Re: [squid-users] ntlm_auth and basic auth.
On Dec 21, 2007 2:23 PM, Filip Ruymen <[EMAIL PROTECTED]> wrote: > Hello, > > here is the configuration I'm using: > > auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/passwd > auth_param basic children 10 > auth_param basic realm Squid proxy-caching web server > auth_param basic credentialsttl 2 hour > auth_param ntlm program /usr/lib/squid/ntlm_auth eu.ansell.com/brufps1 > auth_param ntlm children 10 > > Both of the authentication ways are working fine on their own. > When I configure them both, the following happens: > On a machine joined on the domain, but logged in as local user, it > asks for a username and password (which is normal expected behaviour). > When I enter the username and password, it asks me over and over again > for the username and password. > > I think it's using the ntlm_auth at that time instead of the basic auth. The easiest way of knowing is by looking at the authentication prompt window. Two lines -> basic. Three lines -> ntlm. > Is there a way I can change this so that when a local user (not a > domain user) logs on, they have to enter the basic authentication? No. You have no way of knowing whether one user is local or domain until she has tried logging on - and failed auth if she's a local user. -- /kinkie
Re: [squid-users] 2.7 vs 3.0
> > You want 2.6STABLE17 right now, and 2.7 when it is released. =] 3.0 > > isn't really ready for a production environment yet. Can you please explain what is a difference between Squid 2.6,2.7 and 3.0 ? Why there is a Squid 2.7 branch? Thanks Joy
Re: Fwd: [squid-users] Squid, SNMP and MRTG
Hi Indunil, You don't use the cfgmaker with Squid as you normally do with Linux network interfaces. You need the SNMP OIDs for graphing Squid MRTG. Put something like the below in your mrtg.cfg file: Target[1cacheServerRequests]: cacheServerRequests&cacheServerRequests:[EMAIL PROTECTED]:3001 MaxBytes[1cacheServerRequests]: 1000 Title[1cacheServerRequests]: Server Requests @ cacheproxy88 Options[1cacheServerRequests]: nopercent PageTop[1cacheServerRequests]: Server Requests @ cacheproxy88 YLegend[1cacheServerRequests]: requests/sec ShortLegend[1cacheServerRequests]: req/s LegendI[1cacheServerRequests]: Requests LegendO[1cacheServerRequests]: Legend1[1cacheServerRequests]: Requests Legend2[1cacheServerRequests]: Target[2cacheHttpInOutKb]: cacheHttpInKb&cacheHttpOutKb:[EMAIL PROTECTED]:3001 * 1024 * 8 MaxBytes[2cacheHttpInOutKb]: 10 Title[2cacheHttpInOutKb]: HTTP In/Out Traffic @ cacheproxy88 Options[2cacheHttpInOutKb]: nopercent PageTop[2cacheHttpInOutKb]: HTTP In/Out Traffic @ cacheproxy88 YLegend[2cacheHttpInOutKb]: Bits/second ShortLegend[2cacheHttpInOutKb]: Bits/s LegendI[2cacheHttpInOutKb]: HTTP In LegendO[2cacheHttpInOutKb]: HTTP Out Legend1[2cacheHttpInOutKb]: HTTP In Legend2[2cacheHttpInOutKb]: HTTP Out The most important thing to note is in the Target parameter. Check out the following site for more help and information about SNMP and Squid: http://www.onlamp.com/pub/a/onlamp/2004/03/25/squid.html Thanking you... Indunil Jayasooriya wrote: Hi again, before running this command pl make the mrtg working directory like "/var/www/mrtg" Yes, I made it. pls see below [EMAIL PROTECTED] ~]# mkdir /var/www/mrtgnew after making the directory run this command cfgmaker --global 'WorkDir: /mrtg_working_dir_path/' --output /etc/mrtg/mrtg.cfg [EMAIL PROTECTED] yes , I did it. pls see below [EMAIL PROTECTED] ~]# cfgmaker --global 'WorkDir: /var/www/mrtgnew' --output /etc/mrtg/mrtgnew.cfg [EMAIL PROTECTED] It worked. then, I checked my /etc/mrtg/mrtgnew.cfg . it is a traditinal mrtg.cfg file. after running this make a entry in /etc/mrtg/mrtg.cfg LoadMIBs: /etc/squid/mib.txt Yes, I added it. this is my full /etc/mrtg/mrtgnew.cfg [EMAIL PROTECTED] mrtgnew]# cat /etc/mrtg/mrtgnew.cfg # Created by # /usr/bin/cfgmaker --global 'WorkDir: /var/www/mrtgnew' --output /etc/mrtg/mrtgnew.cfg [EMAIL PROTECTED] ### Global Config Options # for UNIX # WorkDir: /home/http/mrtg # or for NT # WorkDir: c:\mrtgdata ### Global Defaults # to get bits instead of bytes and graphs growing to the right # Options[_]: growright, bits EnableIPv6: no WorkDir: /var/www/mrtgnew LoadMIBs: /etc/squid/mib.txt ## # System: mail.douglas.lk # Description: Linux mail.douglas.lk 2.6.9-55.EL #1 Fri Apr 20 16:35:59 EDT 2007 i686 # Contact: [EMAIL PROTECTED] # Location: Unknown ## ### Interface 1 >> Descr: 'lo' | Name: '' | Ip: '127.0.0.1' | Eth: '' ### ### The following interface is commented out because: ### * it is a Software Loopback interface # # Target[localhost_1]: 1:[EMAIL PROTECTED]: # SetEnv[localhost_1]: MRTG_INT_IP="127.0.0.1" MRTG_INT_DESCR="lo" # MaxBytes[localhost_1]: 125 # Title[localhost_1]: Traffic Analysis for 1 -- mail.douglas.lk # PageTop[localhost_1]: Traffic Analysis for 1 -- mail.douglas.lk # #System: mail.douglas.lk in Unknown #Maintainer: [EMAIL PROTECTED] #Description:lo #ifType: softwareLoopback (24) #ifName: #Max Speed: 1250.0 kBytes/s #Ip: 127.0.0.1 (localhost) # ### Interface 2 >> Descr: 'eth0' | Name: '' | Ip: '192.168.122.54' | Eth: '00-11-5b-78-db-ad' ## The following interface is commented out because: ### * it is operationally DOWN # # Target[localhost_2]: 2:[EMAIL PROTECTED]: # SetEnv[localhost_2]: MRTG_INT_IP="192.168.122.54" MRTG_INT_DESCR="eth0" # MaxBytes[localhost_2]: 125 # Title[localhost_2]: Traffic Analysis for 2 -- mail.douglas.lk # PageTop[localhost_2]: Traffic Analysis for 2 -- mail.douglas.lk # #System: mail.douglas.lk in Unknown #Maintainer: [EMAIL PROTECTED] #Description:eth0 #ifType: ethernetCsmacd (6) #ifName: #Max Speed: 1250.0 kBytes/s #Ip: 192.168.122.54 () # ### Interface 3 >> Descr: 'eth1' | Name: '' | Ip: '192.168.4.6' | Eth: '00-50-ba-83-41-d9' ### Target[localhost_3]: 3:[EMAIL PROTECTED]: SetEnv[localhost_3]: MRTG_INT_IP="192.168.4.6" MRTG_INT_DESCR="eth1" MaxBytes[localhost_3]: 1250 Title[localhost_3]: Traffic Analysis for 3 -- mail.douglas.lk PageTop[localhost_3]: Traffic Analysis for 3 -- mail.douglas.lk System: mail.douglas.lk in Unknown Maintainer: [EMAIL PROTECTED] Description:eth1 ifType: ethernetCsmacd (6) ifName: Max Speed: 12.5 MBytes/s Ip: 192.168.4.6 (mail.douglas.lk) ### Interface 4 >> Descr: 'sit0' | Name
Re: [squid-users] Setting up squid as an accel proxy
Amos, Is the redirector requirement something new? We don't have it on our current Squid configuration which is running on version 2.2 STABLE 13. Jake Martin C. Jacobson (Jake) Office of the DNI CIO Intelligence Community Enterprise Services Comm: (301) 317-7214 Secure: 369-6362 - Original Message - From: "Amos Jeffries" <[EMAIL PROTECTED]> To: "Martin Jacobson (Jake)" <[EMAIL PROTECTED]> Cc: "Amos Jeffries" <[EMAIL PROTECTED]>, "squid-users" Sent: Thursday, December 20, 2007 6:26:01 PM (GMT-0500) America/New_York Subject: Re: [squid-users] Setting up squid as an accel proxy > Amos, > > I am taking a step or two back and try to explain what I want to do with > Squid. I know this can be done because I am doing it with Squid version > 2.2. I really want to upgrade to 2.6 but my configuration is just not > working. > > I need to take my public URL which is a Linux server running squid. Squid > is listening on port 80 for all in bound request and when it gets one it > proxies the request to my back-end server which is a search engine. I > don't want squid to do any caching of content, I just want it to proxy all > web requests coming to www.jakesite.com. > > So in the above example, my public URL www.jakesite.com. > My search engine's URL is search.jakesite.com:8000/ > > When someone comes to www.jakesite.com with their browser, they should be > presented the HTML search engine's page which is not on www.jakesite.com > but is coming from search.jakesite.com:8000/ > > I hope that this makes more sense. Again, thanks for your help. It make sense and yes I understood that was what you want. To do it you need a redirector which re-writes the URL http_port 80 accel defaultsite=www.jakesite.com with a url_rewriter_program and location_rewriter_program for their config settings see "OPTIONS FOR URL REWRITING" in http://www.squid-cache.org/Versions/v2/2.6/cfgman/ Once that is done the URL are changed to squid retrieves the pages from search.jakesite.com:8000 as any normal web request. Amos > > Jake > > - Original Message - > From: "Amos Jeffries" <[EMAIL PROTECTED]> > To: "Martin Jacobson (Jake)" <[EMAIL PROTECTED]> > Cc: "squid-users" > Sent: Thursday, December 20, 2007 3:40:00 AM (GMT-0500) America/New_York > Subject: Re: [squid-users] Setting up squid as an accel proxy > > Martin Jacobson (Jake) wrote: >> Amos, >> >> I have upgraded to STABLE17 but I still have the same issue. >> >> Basically I want to be able to go to URL in my browser like this: >> http://linproxy1.mysite.com/. (linproxy1 is running squid) >> >> and have squid proxy the default search page from: >> http://searchengine.mysite.com/ > > Well, to CHANGE the URL like that you will need to use a redirector, not > a peer. > To peer as a forward-proxy squid simply imitates a server and has DNS > pointed at it. The peer still needs to understand when requests for > linproxy1.mysite.com arrive at it from squid through the private channel. > >> >> Config settings: >> http_port linproxy1.mysite.com:80 accel > > Could do with defaultsite=linproxy1.mysite.com to un-break some broken > client software. > >> cache_peer 10.2.234.9 parent 80 0 no-query originserver >> name=searchengine proxy-only > > proxy-only in accelerators does away with almost all of the actual > benefit of 'acceleration' squid provides through caching unchanged > content. > > Should work though as log as the peer knows its hosting > inproxy1.mysite.com. > > Amos > >> >> >> Martin C. Jacobson (Jake) >> >> - Original Message - >> From: "Amos Jeffries" <[EMAIL PROTECTED]> >> To: "Martin Jacobson (Jake)" <[EMAIL PROTECTED]> >> Cc: "squid-users" >> Sent: Tuesday, December 18, 2007 8:50:08 PM (GMT-0500) America/New_York >> Subject: Re: [squid-users] Setting up squid as an accel proxy >> >>> I don't understand why I am having so much trouble getting something >>> that >>> seems to be so simple working. I have downloaded and installed >>> squid-2.6.STABLE16 on my Linux box. >> >> Please use STABLE17, 16 has a major security bug. >> >>> I want to proxy my search engine's >>> search page so I don't want squid caching the pages. I just want squid >>> to >>> act as a reverse proxy. After reading "Squid The Definitive Guide" and >>> lots of posts on the web, I still can't get it to work. It would seem >>> that the following basic config file should do the trick. This is >>> based >>> on http://wiki.squid-cache.org/SquidFaq/ReverseProxy >>> >>> http_port 80 accel defaultsite=linproxy1.mysite.com >>> cache_peer searchengine.mysite.com parent 80 0 no-query originserver >>> http_access allow all >>> >>> I can get squid to run with no errors, but it doesn't reverse proxy the >>> search engine's search page. With my browser I can go directly to the >>> search engine with no problems, but I get a "Connection has timed out" >>> error when I try to go through linproxy1. >>> >> >> So http://linproxy1.mysite.com is the publicly accessible website for >>
[squid-users] Proxy switch too slow
Dear Squid Users, I have setup squid proxy such as below so that it will switch to another proxy parent if first proxy fail. ==> peer_connect_timeout=10 cache_peer cache1 parent 8080 3130 no-query connect-timeout=5 cache_peer cache2 parent 8080 3130 no-query connect-timeout=5 cache_peer cache3 parent 8080 3130 no-query connect-timeout=5 cache_peer cache4 parent 8080 3130 no-query connect-timeout=5 cache_peer cache5 parent 8080 3130 no-query connect-timeout=5 ===> but if first proxy fail, it takes about 3-5 minutes to switch to next proxy parent I want to switch to next proxy as soon as first proxy fail . Any suggestions,
Re: [squid-users] ntlm_auth and basic auth.
Hello, here is the configuration I'm using: auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/passwd auth_param basic children 10 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hour auth_param ntlm program /usr/lib/squid/ntlm_auth eu.ansell.com/brufps1 auth_param ntlm children 10 Both of the authentication ways are working fine on their own. When I configure them both, the following happens: On a machine joined on the domain, but logged in as local user, it asks for a username and password (which is normal expected behaviour). When I enter the username and password, it asks me over and over again for the username and password. I think it's using the ntlm_auth at that time instead of the basic auth. Is there a way I can change this so that when a local user (not a domain user) logs on, they have to enter the basic authentication? This whole system works just fine, when I use a computer that is not joined to the domain, then I just enter the basic auth username and password and it goes swiftly and without a problem on the internet. Thanks for any advice Filip Ruymen On 19/12/2007, Adrian Chadd <[EMAIL PROTECTED]> wrote: > On Wed, Dec 19, 2007, Filip Ruymen wrote: > > Hello all, > > > > Here is my problem. > > I have configured squid to do authentication by ntlm which works fine. > > My problem at the moment is that external users (not from our company) > > need to have access to the internet too. I want to implement some kind > > of basic authentication in supplement of the ntlm authentication. > > > > But I don't have an idea on how to do this. > > Any advice would be fine. > > You can have a basic and ntlm helper section in Squid. Just setup > basic authentication as per the large amount of documentation out > there on the internet. > > > > Adrian > > -- Vriendelijke Groeten Filip Ruymen
[squid-users] Squid-2.7 branched (was [EMAIL PROTECTED]: cvs commit: squid configure.in])
Hi everyone, Squid-2.7 has been branched but hasn't been released yet. If you're tracking Squid-2.HEAD in preparation for 2.7 then please adjust your CVS tags. I'm about to start dumping some performance related tidyups into Squid-2.HEAD; if you feel like being a guinea pig then please let me know. Else, stick with SQUID_2_7 for now until Squid-2.7.STABLE1 is announced. Adrian Date: Fri, 21 Dec 2007 04:36:59 -0700 (MST) From: Henrik Nordstrom <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: cvs commit: squid configure.in hno 2007/12/21 04:36:59 MST Modified files:(Branch: SQUID_2_7) .configure.in Log: 2.7 branched Revision ChangesPath 1.430.2.1 +3 -3 squid/configure.in
Fwd: [squid-users] Squid, SNMP and MRTG
Hi again, before running this command pl make the mrtg working directory like "/var/www/mrtg" Yes, I made it. pls see below [EMAIL PROTECTED] ~]# mkdir /var/www/mrtgnew after making the directory run this command cfgmaker --global 'WorkDir: /mrtg_working_dir_path/' --output /etc/mrtg/mrtg.cfg [EMAIL PROTECTED] yes , I did it. pls see below [EMAIL PROTECTED] ~]# cfgmaker --global 'WorkDir: /var/www/mrtgnew' --output /etc/mrtg/mrtgnew.cfg [EMAIL PROTECTED] It worked. then, I checked my /etc/mrtg/mrtgnew.cfg . it is a traditinal mrtg.cfg file. after running this make a entry in /etc/mrtg/mrtg.cfg LoadMIBs: /etc/squid/mib.txt Yes, I added it. this is my full /etc/mrtg/mrtgnew.cfg [EMAIL PROTECTED] mrtgnew]# cat /etc/mrtg/mrtgnew.cfg # Created by # /usr/bin/cfgmaker --global 'WorkDir: /var/www/mrtgnew' --output /etc/mrtg/mrtgnew.cfg [EMAIL PROTECTED] ### Global Config Options # for UNIX # WorkDir: /home/http/mrtg # or for NT # WorkDir: c:\mrtgdata ### Global Defaults # to get bits instead of bytes and graphs growing to the right # Options[_]: growright, bits EnableIPv6: no WorkDir: /var/www/mrtgnew LoadMIBs: /etc/squid/mib.txt ## # System: mail.douglas.lk # Description: Linux mail.douglas.lk 2.6.9-55.EL #1 Fri Apr 20 16:35:59 EDT 2007 i686 # Contact: [EMAIL PROTECTED] # Location: Unknown ## ### Interface 1 >> Descr: 'lo' | Name: '' | Ip: '127.0.0.1' | Eth: '' ### ### The following interface is commented out because: ### * it is a Software Loopback interface # # Target[localhost_1]: 1:[EMAIL PROTECTED]: # SetEnv[localhost_1]: MRTG_INT_IP="127.0.0.1" MRTG_INT_DESCR="lo" # MaxBytes[localhost_1]: 125 # Title[localhost_1]: Traffic Analysis for 1 -- mail.douglas.lk # PageTop[localhost_1]: Traffic Analysis for 1 -- mail.douglas.lk # #System: mail.douglas.lk in Unknown #Maintainer: [EMAIL PROTECTED] #Description:lo #ifType: softwareLoopback (24) #ifName: #Max Speed: 1250.0 kBytes/s #Ip: 127.0.0.1 (localhost) # ### Interface 2 >> Descr: 'eth0' | Name: '' | Ip: '192.168.122.54' | Eth: '00-11-5b-78-db-ad' ## The following interface is commented out because: ### * it is operationally DOWN # # Target[localhost_2]: 2:[EMAIL PROTECTED]: # SetEnv[localhost_2]: MRTG_INT_IP="192.168.122.54" MRTG_INT_DESCR="eth0" # MaxBytes[localhost_2]: 125 # Title[localhost_2]: Traffic Analysis for 2 -- mail.douglas.lk # PageTop[localhost_2]: Traffic Analysis for 2 -- mail.douglas.lk # #System: mail.douglas.lk in Unknown #Maintainer: [EMAIL PROTECTED] #Description:eth0 #ifType: ethernetCsmacd (6) #ifName: #Max Speed: 1250.0 kBytes/s #Ip: 192.168.122.54 () # ### Interface 3 >> Descr: 'eth1' | Name: '' | Ip: '192.168.4.6' | Eth: '00-50-ba-83-41-d9' ### Target[localhost_3]: 3:[EMAIL PROTECTED]: SetEnv[localhost_3]: MRTG_INT_IP="192.168.4.6" MRTG_INT_DESCR="eth1" MaxBytes[localhost_3]: 1250 Title[localhost_3]: Traffic Analysis for 3 -- mail.douglas.lk PageTop[localhost_3]: Traffic Analysis for 3 -- mail.douglas.lk System: mail.douglas.lk in Unknown Maintainer: [EMAIL PROTECTED] Description:eth1 ifType: ethernetCsmacd (6) ifName: Max Speed: 12.5 MBytes/s Ip: 192.168.4.6 (mail.douglas.lk) ### Interface 4 >> Descr: 'sit0' | Name: '' | Ip: '' | Eth: '00-00-00-00-41-d9' ### ### The following interface is commented out because: ### * it is administratively DOWN ### * it is operationally DOWN ### * has a speed of 0 which makes no sense # # Target[localhost_4]: 4:[EMAIL PROTECTED]: # SetEnv[localhost_4]: MRTG_INT_IP="" MRTG_INT_DESCR="sit0" # MaxBytes[localhost_4]: 0 # Title[localhost_4]: Traffic Analysis for 4 -- mail.douglas.lk # PageTop[localhost_4]: Traffic Analysis for 4 -- mail.douglas.lk # #System: mail.douglas.lk in Unknown #Maintainer: [EMAIL PROTECTED] #Description:sit0 #ifType: Encapsulation Interface (131) #ifName: #Max Speed: 0.0 Bytes/s # and here is my /etc/snmp/snmpd.conf file [EMAIL PROTECTED] mrtgnew]# cat /etc/snmp/snmpd.conf com2sec local localhost public com2sec mynetwork 192.1.54.0/24 public com2sec mynetwork 192.168.9.0/24 public group MyRWGroup v1 local group MyROGroup v1 mynetwork group MyRWGroup v1 otherv3user view all included .1 80 access MyROGroup "" any noauth exact all none none access MyRWGroup "" any noauth exact all all all syscontact [EMAIL PROTECTED] then , I ran below command. it worked too. [EMAIL PROTECTED] mrtgnew]# indexmaker --output=/var/www/mrtgnew/indexnew.html /etc/mrtg/mrtgnew.cfg then, I ran below commands 3 times. [EMAIL PROTECTED] mrtgnew]# indexmaker --output=/var/www/mrtgnew/indexnew.html /etc/mrtg/mrtgnew.cfg [EMAIL PROTECTED] mrtgnew]# env LANG=C /usr/bin/mrtg /etc/mrtg/mrtgnew.cfg Rateup WARNING: /usr/bin/ra
[squid-users] Squid, SNMP and MRTG
Hi all, I am going to monitor squid proxy server. So I have added below lines squid.conf file. acl snmpmanager src 192.1.54.62 acl snmppublic snmp_community public snmp_port 3401 snmp_access allow snmppublic snmpmanager snmp_access deny all snmp_incoming_address 0.0.0.0 snmp_outgoing_address 0.0.0.0 below URL helped me http://www.squid-cache.org/mail-archive/squid-users/200010/0751.html in addition to that, below squid wiki also helped me. http://wiki.squid-cache.org/SquidFaq/SquidSnmp Any way, here are outputs of the snmpwalk commands. [EMAIL PROTECTED] ~]# snmpwalk -v2c -c public 192.1.54.62:3401 .1.3.6.1.4.1.3495.1.1 SNMPv2-SMI::enterprises.3495.1.1.1.0 = INTEGER: 232 SNMPv2-SMI::enterprises.3495.1.1.2.0 = INTEGER: 4464 SNMPv2-SMI::enterprises.3495.1.1.3.0 = Timeticks: (101615) 0:16:56.15 the below command with -m /etc/squid/mib.txt [EMAIL PROTECTED] ~]# snmpwalk -m /etc/squid/mib.txt -v2c -c public 192.1.54.62:3401 .1.3.6.1.4.1.3495.1.1 SQUID-MIB::cacheSysVMsize.0 = INTEGER: 232 SQUID-MIB::cacheSysStorage.0 = INTEGER: 4464 SQUID-MIB::cacheUptime.0 = Timeticks: (99625) 0:16:36.25 They both give outputs. I have already installed snmp and mrtg RPMs. pls see below for installed RPMs. [EMAIL PROTECTED] ~]# rpm -qa |grep snmp net-snmp-utils-5.1.2-11.EL4.11 net-snmp-5.1.2-11.EL4.10 net-snmp-libs-5.1.2-11.EL4.10 [EMAIL PROTECTED] ~]# rpm -qa |grep mrtg mrtg-2.10.15-2a Now, I need to generate mrtg.cfg file. How to do it? if I generate mrt.cfg, I will be able to issue the command env LANG=C /usr/bin/mrtg /etc/mrtg/mrtg.cfg and indexmaker commad to generate index.html as follows. indexmaker --output=/var/www/mrtg/index.html /etc/mrtg/mrtg.cfg Any advice pls? -- Thank you Indunil Jayasooriya
[squid-users] ADS Authentication
HI, I would like to authenticate my users to an Windows ADS. This is working fine with the following entrys in my squid.conf. auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp --require-membership-of=CORPORIS\\domänen-benutzer auth_param ntlm children 5 auth_param ntlm use_ntlm_negotiate on auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic --require-membership-of=CORPORIS\\domänen-benutzer auth_param basic children 5 auth_param basic realm ELIXIA Proxy Server auth_param basic credentialsttl 2 hours auth_param basic casesensitive off authenticate_cache_garbage_interval 10 seconds authenticate_ttl 0 seconds acl auth proxy_auth REQUIRED I was wondering if it is possible to identify more than just one group. I would like to authenticate several groups with different rights. Thanks for any help Christian