Re: [squid-users] Can squid re-load any caches into memory from the disk cache.

[Adrian Chadd]

On Mon, Mar 31, 2008, S.KOBAYASHI wrote:

> Does anyone know how to re-load the object into the memory from the disk
> cache?

At the moment? You have to expire the object and refetch it.

In the future? I could probably adapt the Squid storage layer to suck small 
objects
back into memory - I don't think it'd be that hard to do. I could also probably
write something to dump the memory cache to disk and re-read it on startup.

Poke me if you're interested.



adrian

-- 
- Xenion - http://www.xenion.com.au/ - VPS Hosting - Commercial Squid Support -
- $25/pm entry-level VPSes w/ capped bandwidth charges available in WA -

[squid-users] Squid with Proxifier to use Skype on my phone!!!

[William Sardar]

This is a complicated question; I hope somebody can help!

I want to use skype on my mobile phone through my wifi network (my  
phone has wifi), using an application called fring.


However at university I have to connect to the internet through a  
proxy server. I have the option of using an http or socks proxy and I  
have been using Proxifier on my mac to tunnel my mac-based skype  
traffic through the socks proxy, which works. On my phone there is the  
option to configure a proxy server in the operating system but not in  
Fring. In fact there is no mention of proxy support with fring. But  
the fact of the matter is no matter whether I put in port 8080 (http)  
or 1080 (socks) into my phone's configuration, fring won't connect to  
its network.


I can wait till fring supports proxy servers or I can try and route  
the traffic through my mac then through proxifier like I always have.  
I can get squid working but have no idea how I can get proxifier to  
'proxify' it as when I choose the squid executable in proxifier, like  
I normally do with other apps, proxifier doesn't pick it up.


I realise this is really a proxifier question and I've sent the same  
question to their technical support, but I was wondering whether there  
is support for socks-proxy tunnelling in squid? I couldn't find  
anything myself. Or does somebody know a better solution? I wish I  
could get a tunnelling app on my phone but I can't (symbian s60 3rd  
rev).


William

[squid-users] With Two Internet connection

[Arun Shrimali]

Dear All,

I using 2.6.Stable.4 squid on fedora 6 (planning to switch to fedora 9
(whenever release)) with one internet source. But due to non
reliability of this source we have to hire high cost another reliable
net connection (DSL).

Now I want from squid to use the source one for regular use, but
whenever source one is not available switch over to source two, and
when again net is available from source one, switch back to source
one.

I don't know is that possible or not, if possible can anybody help me
out for that.

regards

Arun

[squid-users] About compiling squid 2.6.STABLE 18 and Opensuse 10.1

[ciracusa]

Hi List.

I'm trying to compile squid 2.6 on Opensuse 10.1 but i'm not find the 
script on /etc/init.d to run squid service.


Please somebody helpme?

Thanks.

Re: [squid-users] Squid with Proxifier to use Skype on my phone!!!

[Amos Jeffries]

William Sardar wrote:

This is a complicated question; I hope somebody can help!

I want to use skype on my mobile phone through my wifi network (my phone 
has wifi), using an application called fring.


However at university I have to connect to the internet through a proxy 
server. I have the option of using an http or socks proxy and I have 
been using Proxifier on my mac to tunnel my mac-based skype traffic 
through the socks proxy, which works. On my phone there is the option to 
configure a proxy server in the operating system but not in Fring. In 
fact there is no mention of proxy support with fring. But the fact of 
the matter is no matter whether I put in port 8080 (http) or 1080 
(socks) into my phone's configuration, fring won't connect to its network.


I can wait till fring supports proxy servers or I can try and route the 
traffic through my mac then through proxifier like I always have. I can 
get squid working but have no idea how I can get proxifier to 'proxify' 
it as when I choose the squid executable in proxifier, like I normally 
do with other apps, proxifier doesn't pick it up.


I realise this is really a proxifier question and I've sent the same 
question to their technical support, but I was wondering whether there 
is support for socks-proxy tunnelling in squid? I couldn't find anything 
myself.


No. Squid is an HTTP-proxy. It handle HTTP requests and only HTTP requests.

Or does somebody know a better solution? I wish I could get a 
tunnelling app on my phone but I can't (symbian s60 3rd rev).


William


Amos
--
Please use Squid 2.6STABLE19 or 3.0STABLE3

[squid-users] FreeBSD 7.0, coss and squid version?

[B. Cook]

Hello all,

I recently decided to try to put coss into my squid.conf and found it  
worked much faster with little effort.  However I found that 3.0.2 has  
an 'authentication' bug, and it seems that 3.0.2 with coss has it's  
own set of 'questionable' events.


Would squid with squidguard and coss work consistently on 2.6.18 ?

Thanks in advance

Re: [squid-users] FreeBSD 7.0, coss and squid version?

[Adrian Chadd]

Coss isn't supported in Squid-3. COSS and SquidGuard should work just
fine in Squid-2.6.18.

On Mon, Mar 31, 2008, B. Cook wrote:
> Hello all,
> 
> I recently decided to try to put coss into my squid.conf and found it  
> worked much faster with little effort.  However I found that 3.0.2 has  
> an 'authentication' bug, and it seems that 3.0.2 with coss has it's  
> own set of 'questionable' events.
> 
> Would squid with squidguard and coss work consistently on 2.6.18 ?
> 
> Thanks in advance

-- 
- Xenion - http://www.xenion.com.au/ - VPS Hosting - Commercial Squid Support -
- $25/pm entry-level VPSes w/ capped bandwidth charges available in WA -

RE: [squid-users] With Two Internet connection

[Mark Barlow]

Hi Arun,
This is I believe going to be a network issue rather than a squid one.
Unless your internet connections are dedicated to the proxy server, I would
say that the best way to achieve this is with a suitable Router capable of
load balancing or failover.  If the connections are dedicated to the proxy
machine, you should be able to control the routing through Fedora by giving
2 default routes and specifying the priority of the routes so that the
primary route is used all the time except when it is down.

Mark.

> -Original Message-
> From: Arun Shrimali [mailto:[EMAIL PROTECTED]
> Sent: 31 March 2008 10:40
> To: squid-users@squid-cache.org
> Subject: [squid-users] With Two Internet connection
> 
> Dear All,
> 
> I using 2.6.Stable.4 squid on fedora 6 (planning to switch to fedora 9
> (whenever release)) with one internet source. But due to non
> reliability of this source we have to hire high cost another reliable
> net connection (DSL).
> 
> Now I want from squid to use the source one for regular use, but
> whenever source one is not available switch over to source two, and
> when again net is available from source one, switch back to source
> one.
> 
> I don't know is that possible or not, if possible can anybody help me
> out for that.
> 
> regards
> 
> Arun

Re: [squid-users] FreeBSD 7.0, coss and squid version?

[Amos Jeffries]

B. Cook wrote:

Hello all,

I recently decided to try to put coss into my squid.conf and found it 
worked much faster with little effort.  However I found that 3.0.2 has 
an 'authentication' bug, and it seems that 3.0.2 with coss has it's own 
set of 'questionable' events.


Would squid with squidguard and coss work consistently on 2.6.18 ?

Thanks in advance


The authentication regression has been patched in 3.0 stable 3, now 
available but awaiting the mirror updates to be formally announced.


COSS is not stable in Squid 3.0. Use 2.6 for COSS in production or you 
can help us work out the issues in 3.0 if you have the time.


Amos
--
Please use Squid 2.6STABLE19 or 3.0STABLE3

Re: [squid-users] TPROXY but without bridging?

[admin]

hello

Dnia N Marca 30 2008, 01:12, Henrik Nordstrom napisał(a):
> On Fri, 2008-03-28 at 22:04 +0100, [EMAIL PROTECTED] wrote:
>> Hello,
>>
>> I'm using Squid Cache: Version 2.6.STABLE18
>>
>> Is there posibility to use it as fully transprent proxy (with tproxy)
>> but
>> without bridging interfaces?
>
> Yes, but you must make sure the proxy sees all HTTP traffic in both
> directions. (both outgoing request, and incoming responses).
>
>> to routers a,b... are connected clients. On that routers I have DNAT
>> --to-destiation squid:80
>
> Don't DNAT on the other routers, instead policy route the connections
> using CONNMARK and ip policy rules..
>
> i.e. something like the following on the client routers:
>
> iptables -t mangle -A PREROUTING -i clientinterface -m state --state NEW
> -p tcp --dport 80 -j CONNMARK --set-mark 1
> iptables -t mangle -A PREROUTING -i clientinterface -j CONNMARK
> --restore-mark
> ip route add table 100 default via ip.of.squid.server
> ip rule add fwmark 1 via lookup 100
>
> And on the upstream router (router 0) similar rules routing incoming
> packets with source port 80 to the proxy server instead of the client...
>
> iptables -t mangle -A PREROUTING -i insideinterface -m state --state NEW
> -p tcp --dport 80 -j CONNMARK --set-mark 1
> iptables -t mangle -A PREROUTING -i outsideinterface -j CONNMARK
> --restore-mark
> ip route add table 100 default via ip.of.squid.server
> ip rule add fwmark 1 via lookup 100
>

Are You sure that router should mark packets on inside interface? and
restore at outside interface?

That configuration isn't work for me. When i connect webserwer for switch
(like Router a,b,c..) in squid logs i see that packets flows by squid.
But traffic from outside my net don't want flow by squid. I suppose that
on Router0 i have error.

I testes both:
iptables -t mangle -A PREROUTING -i insideinterface -m state --state NEW \
 -p tcp --dport 80 -j CONNMARK --set-mark 1
iptables -t mangle -A PREROUTING -i outsideinterface -j CONNMARK \
--restore-mark

and
iptables -t mangle -A PREROUTING -i outsideinterface -m state --state NEW \
 -p tcp --sport 80 -j CONNMARK --set-mark 1
iptables -t mangle -A PREROUTING -i outsideinterface -j CONNMARK \
 --restore-mark


Regards,
-- 
Tomasz

[squid-users] how to controll user to download from torrent

[Tarak Ranjan]

Hi List,
i have one squid proxy server . all the traffic(http) has been redirect
to the squid ip:port.
now i want to deny the torrent download , using my Proxy. if anyone help
me or share the experience to do it, then it'll be really appreciable .

/\
Tarak

Re: [squid-users] how to controll user to download from torrent

[Leonardo Rodrigues Magalhães]

Tarak Ranjan escreveu:

Hi List,
i have one squid proxy server . all the traffic(http) has been redirect
to the squid ip:port.
now i want to deny the torrent download , using my Proxy. if anyone help
me or share the experience to do it, then it'll be really appreciable .

  


   basically you cant do that in squid because torrent traffic doesnt 
goes through squid. You'll have to do that in your NAT rules.


   Of course you can use squid to denied downloading the torrent 
control files, those .torrent ones. But this wouldnt deny your users 
from grabbing them through web tunnel sites, attached in email .


   forget squid and goes blocking torrent in your firewall/nat rules, 
there's the right place for P2P controlling.


--


Atenciosamente / Sincerily,
Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br

Minha armadilha de SPAM, NÃO mandem email
[EMAIL PROTECTED]
My SPAMTRAP, do not email it

Re: [squid-users] About compiling squid 2.6.STABLE 18 and Opensuse 10.1

[Peter Albrecht]

Hi,

> I'm trying to compile squid 2.6 on Opensuse 10.1 but i'm not find the 
> script on /etc/init.d to run squid service.

If you are just looking for the script: Install the Squid package from 10.1 
and use that script (/etc/init.d/squid). Just make sure the script 
contains the path to the new Squid binary and to the configuration file. 
For SUSE, you'll find the configuration file in /etc/squid/squid.conf.

Regards,

Peter

-- 
Peter Albrecht  [EMAIL PROTECTED]
Open Source School GmbH Tel: +49-89-287793-83
Amalienstraße 45 RG Mob: +49-173-3528664
80799 München   Fax: +49-89-287555-63

HRB 172645 - Amtsgericht München
Geschäftsführer: Peter Albrecht, Dr. Markus Wirtz

[squid-users] Unable to access a website through Suse/Squid.

[Terry Dobbs]

Hi,

 

Some users in our company need to access a website
(http://www.franklintraffic.com  ). Any
user that is going through the squid proxy (running on SUSE Linux) is
unable to get to this site, just kind of times out. When I try to get to
this site directly from the SUSE machine I am unable to, it just says
"Document contains no data". This site however works fine from Internet
Explorer on a machine open to the internet (not going through proxy).

 

I have been racking my brain over this one. I am able to ping the
website from the SUSE machine, just cant www to it. Anyone know why this
is? Is it a configuration issue on the server, on the website?

 

I understand this may not be 100% squid related, but im sure others
running squid on SLE have experienced a similar issue?

Re: [squid-users] Transparent LDAP authentication

[julian julian]

I use this config and works ok in producion.
Scenario:
AD Win2k3R2
CentOS: 4.4 and 5.1 
SMB and winbind: 3.0.10 and 3.0.25b
Squid 2.5.STABLE14 AND 2.6STABLE6
Using NTLM authentication



#Define uthentications parameters
#auth_param digest nonce_max_count 50
auth_param ntlm program /usr/bin/ntlm_auth
--helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 10
auth_param ntlm max_challenge_reuses 2
auth_param ntlm max_challenge_lifetime 2 minutes
auth_param ntlm use_ntlm_negotiate off
auth_param basic program /usr/bin/ntlm_auth
--helper-protocol=squid-2.5-basic
auth_param basic children 10
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off


# ACCESS CONTROLS

# define una acl para manejar los grupos de windows
# define acls for user groups manage and indcate whith
helper use (this is provided for SAMBA suite)

external_acl_type nt_group ttl=2 children=10 %LOGIN
/usr/lib/squid/wbinfo_group.pl


# define acls 
acl Sistemas external nt_group sistemas_ # acl para el
manejo del grupos Sistemas
acl InetAccessControl external nt_group
internet_control  # acl para el manejo de grupo
internet_control
acl InetAccessFull external nt_group internet_full
#acl para el manejo de grupo internet_full
acl Autenticados proxy_auth REQUIRED # fuerza el
pedido de autenticacion


# get access using before defined acls

http_access deny urlDenegadas !Sistemas
http_access allow novalida  
http_access allow urlAuditoria auditoria 
http_access allow Sistemas
http_access allow urlPermitidas InetAccessControl
http_access allow InetAccessFull
http_access deny !Autenticados
http_access deny all









--- Philip Kloppers <[EMAIL PROTECTED]>
wrote:

> I have an OpenSuse 10.2 box that runs Samba /
> OpenLDAP as a PDC, as well as
> Squid with delay pools to limit bandwidth dependant
> upon user, group, time
> of day and machine. I have managed to get everything
> working and
> authenticating correctly using smb_ldap_auth and
> smb_ldap_group. However, I
> would like to get the clients to authenticate
> transparently using the domain
> credentials from the initial domain logon, and not
> having to re-authenticate
> every time they open the browser.
> 
> The clients (mostly XP with a few FreeNX terminals
> on various Linux
> flavours) are all set up to use the proxy, and then
> iptables rules blocking
> users from bypassing the proxy, so I am not
> transparently intercepting web
> traffic, as I understand that authentication cannot
> be used with a
> transparent proxy.
> 
> Is single sign-on a possibility without using an M$
> PDC? All the searching
> seems to point to using ntlm_auth for this sort of
> thing.
> 
> Philip
> 
> PS: I have tried using ntlm_auth to authenticate
> against the Samba server...
> the users are able to authenticate correctly, but
> still need to re-enter
> their credentials every time they open their
> browsers.
> 
> 



  

Special deal for Yahoo! users & friends - No Cost. Get a month of Blockbuster 
Total Access now 
http://tc.deals.yahoo.com/tc/blockbuster/text3.com

Re: [squid-users] TPROXY but without bridging?

[Henrik Nordstrom]

mån 2008-03-31 klockan 15:10 +0200 skrev [EMAIL PROTECTED]:
> Are You sure that router should mark packets on inside interface? and
> restore at outside interface?

Yes. It marks outgoing connections, and routes the incoming response
packets based on that.

> That configuration isn't work for me. When i connect webserwer for switch
> (like Router a,b,c..) in squid logs i see that packets flows by squid.
> But traffic from outside my net don't want flow by squid. I suppose that
> on Router0 i have error.

Have you set up the needed policy route routing mark 1 packets to the
Squid server?

Also remember to enable IP forwarding on the Squid server, and make sure
it knows to route the client networks directly to respective client
router...

Regards
Henrik

[squid-users] Slow internet

[Jeremy Kim]

Hello,

Using the squid proxy is really slow. Is there anyway to make it faster?


I have squid version Squid2.6STABLE18 on a XP.


The machine I am running this on is a Dell PowerEdge SC 1420 Xeon CPU
2.80GHz and 4GB if ram. I am using three scsi drives.  One to host the
squid and operating system (est.75G Drive) and the other two drives
(est. each 210G drives) as cache drives.


Here are my configurations. Everything else is pretty much set on
default.

#Default:
# http_access deny all
#Recommended minimum configuration:
# Only allow cachemgr access from localhost
http_access allow biblical
http_access allow manager localhost
http_access deny manager
# Deny requests to unknown ports
http_access deny !Safe_ports
# Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports


# And finally deny all other access to this proxy
http_access deny all

# MEMORY CACHE OPTIONS
#Default:
cache_mem 32 MB

#Default:
maximum_object_size_in_memory 8 KB

#Default:
memory_replacement_policy lru

#Default:
cache_replacement_policy heap GDSF

#Default:
cache_dir aufs e:/cache 512 16 256
cache_dir aufs f:/cache 512 16 256

#Default:
store_dir_select_algorithm least-load

#Default:
# max_open_disk_fds 0

#Default:
# minimum_object_size 0 KB

#Default:
# maximum_object_size 4096 KB

#Default:
cache_swap_low 90
cache_swap_high 95

#Default:
# maximum_object_size 4096 KB

#Default:
cache_swap_low 90
cache_swap_high 95

[squid-users] empty cache

[Guillaume Chartrand]

Hi, I've already post with a similar subject but I think it's different. I run 
squid 24h/24h and my cache directory remains empty. I don't know why no object 
is cached on disk.
Here is a brief of my configuration
Squid -v
Squid Cache: Version 2.6.STABLE12
configure options: '--enable-storeio=aufs,null,ufs' '--with-large-files'
Here some of my squid.conf

http_port 3128 transparent
cache_mem 100 MB
maximum_object_size 25600 KB
maximum_object_size_in_memory 24 KB
cache_dir aufs /usr/local/squid/var/cache2 2500 16 256
url_rewrite_program /usr/local/bin/squidGuard -c 
/usr/local/squidGuard/squidGuard.conf
url_rewrite_children 80
acl our_networks src 172.16.0.0/12 
http_access allow our_networks
no_cache deny our_networks
## purger site
acl PURGE method PURGE
http_access allow PURGE localhost
http_access deny PURGE
###
http_access allow localhost
# And finally deny all other access to this proxy
http_access deny all
cache_effective_user squid
#Default:
# wccp_router 0.0.0.0
wccp2_router 172.20.20.11
wccp2_router 172.20.20.12
wccp_version 4
wccp2_forwarding_method 2
wccp2_return_method 2
wccp2_assignment_method 1
wccp2_service standard 0 password=x

all the other option is default option


Guillaume Chartrand
Technicien informatique
Cégep régional de Lanaudière
Centre administratif, Repentigny
(450) 470-0911 poste 7218

RE: [squid-users] empty cache

[Guillaume Chartrand]

If it's useful, the right on the cache directory is
ls -la /usr/local/squid/var/cache2
total 152
drwxr-xr-x   18 squid squid 4096 Mar 30 23:30 .
drwxr-xr-x6 squid squid 4096 Mar 26 11:28 ..
drwxr-x---  258 squid squid 4096 Mar 26 11:28 00
drwxr-x---  258 squid squid 4096 Mar 26 11:28 01
drwxr-x---  258 squid squid 4096 Mar 26 11:28 02
drwxr-x---  258 squid squid 4096 Mar 26 11:28 03
drwxr-x---  258 squid squid 4096 Mar 26 11:28 04
drwxr-x---  258 squid squid 4096 Mar 26 11:28 05
drwxr-x---  258 squid squid 4096 Mar 26 11:28 06
drwxr-x---  258 squid squid 4096 Mar 26 11:28 07
drwxr-x---  258 squid squid 4096 Mar 26 11:28 08
drwxr-x---  258 squid squid 4096 Mar 26 11:28 09
drwxr-x---  258 squid squid 4096 Mar 26 11:28 0A
drwxr-x---  258 squid squid 4096 Mar 26 11:28 0B
drwxr-x---  258 squid squid 4096 Mar 26 11:28 0C
drwxr-x---  258 squid squid 4096 Mar 26 11:28 0D
drwxr-x---  258 squid squid 4096 Mar 26 11:28 0E
drwxr-x---  258 squid squid 4096 Mar 26 11:28 0F
-rw-r-1 squid squid   96 Mar 30 23:30 swap.state
-rw-r-1 squid squid0 Mar 30 23:30 swap.state.last-clean


Guillaume Chartrand
Technicien informatique
Cégep régional de Lanaudière
Centre administratif, Repentigny
(450) 470-0911 poste 7218

-Message d'origine-
De : Guillaume Chartrand [mailto:[EMAIL PROTECTED] 
Envoyé : 31 mars 2008 13:44
À : squid-users@squid-cache.org
Objet : [squid-users] empty cache

Hi, I've already post with a similar subject but I think it's different. I run 
squid 24h/24h and my cache directory remains empty. I don't know why no object 
is cached on disk.
Here is a brief of my configuration
Squid -v
Squid Cache: Version 2.6.STABLE12
configure options: '--enable-storeio=aufs,null,ufs' '--with-large-files'
Here some of my squid.conf

http_port 3128 transparent
cache_mem 100 MB
maximum_object_size 25600 KB
maximum_object_size_in_memory 24 KB
cache_dir aufs /usr/local/squid/var/cache2 2500 16 256
url_rewrite_program /usr/local/bin/squidGuard -c 
/usr/local/squidGuard/squidGuard.conf
url_rewrite_children 80
acl our_networks src 172.16.0.0/12 
http_access allow our_networks
no_cache deny our_networks
## purger site
acl PURGE method PURGE
http_access allow PURGE localhost
http_access deny PURGE
###
http_access allow localhost
# And finally deny all other access to this proxy
http_access deny all
cache_effective_user squid
#Default:
# wccp_router 0.0.0.0
wccp2_router 172.20.20.11
wccp2_router 172.20.20.12
wccp_version 4
wccp2_forwarding_method 2
wccp2_return_method 2
wccp2_assignment_method 1
wccp2_service standard 0 password=x

all the other option is default option


Guillaume Chartrand
Technicien informatique
Cégep régional de Lanaudière
Centre administratif, Repentigny
(450) 470-0911 poste 7218

Re: [squid-users] Slow internet

[julian julian]

I really never used squid on Windows plataform, but i
think it culd be run as good as in linux enviromet.
What user validation method are you implemented? a
missconfig squid.conf could be a cause. Check your
cache.log for validation erros.





--- Jeremy Kim <[EMAIL PROTECTED]> wrote:

> Hello,
> 
> Using the squid proxy is really slow. Is there
> anyway to make it faster?
> 
> 
> I have squid version Squid2.6STABLE18 on a XP.
> 
> 
> The machine I am running this on is a Dell PowerEdge
> SC 1420 Xeon CPU
> 2.80GHz and 4GB if ram. I am using three scsi
> drives.  One to host the
> squid and operating system (est.75G Drive) and the
> other two drives
> (est. each 210G drives) as cache drives.
> 
> 
> Here are my configurations. Everything else is
> pretty much set on
> default.
> 
> #Default:
> # http_access deny all
> #Recommended minimum configuration:
> # Only allow cachemgr access from localhost
> http_access allow biblical
> http_access allow manager localhost
> http_access deny manager
> # Deny requests to unknown ports
> http_access deny !Safe_ports
> # Deny CONNECT to other than SSL ports
> http_access deny CONNECT !SSL_ports
> 
> 
> # And finally deny all other access to this proxy
> http_access deny all
> 
> # MEMORY CACHE OPTIONS
> #Default:
> cache_mem 32 MB
> 
> #Default:
> maximum_object_size_in_memory 8 KB
> 
> #Default:
> memory_replacement_policy lru
> 
> #Default:
> cache_replacement_policy heap GDSF
> 
> #Default:
> cache_dir aufs e:/cache 512 16 256
> cache_dir aufs f:/cache 512 16 256
> 
> #Default:
> store_dir_select_algorithm least-load
> 
> #Default:
> # max_open_disk_fds 0
> 
> #Default:
> # minimum_object_size 0 KB
>   
> #Default:
> # maximum_object_size 4096 KB
> 
> #Default:
> cache_swap_low 90
> cache_swap_high 95
> 
> #Default:
> # maximum_object_size 4096 KB
> 
> #Default:
> cache_swap_low 90
> cache_swap_high 95
> 
> 
> 



  

Special deal for Yahoo! users & friends - No Cost. Get a month of Blockbuster 
Total Access now 
http://tc.deals.yahoo.com/tc/blockbuster/text3.com

Re: [squid-users] TPROXY but without bridging?

[admin]

Hello Henrik,

Now tproxy works but http://devel.squid-cache.org/cgi-bin/test shows
source address of connection as ip of my squid not my test client computer
behind router A.

On squid i have:
w3cache ~ # dmesg | grep TPROXY
NF_TPROXY: Transparent proxy support initialized, version 4.1.0
NF_TPROXY: Copyright (c) 2006-2007 BalaBit IT Ltd.
w3cache ~ # ip rule
0:  from all lookup local
32764:  from all fwmark 0x2 lookup 100
32766:  from all lookup main
32767:  from all lookup default
w3cache ~ # ip route show table 100
local default dev lo  scope host
w3cache ~ # iptables -n -t mangle -L PREROUTING
Chain PREROUTING (policy ACCEPT)
target prot opt source   destination
TPROXY tcp  --  0.0.0.0/00.0.0.0/0   tcp dpt:80
TPROXY redirect 0.0.0.0:3128 mark 0x2/0x2
DIVERT tcp  --  0.0.0.0/00.0.0.0/0   socket

Squid with http_port 3128 transparent tproxy

On router 0 and routers A,B... config from your post.
Mayby this version of tproxy doesn't correct work?

Dnia Pn Marca 31 2008, 18:40, Henrik Nordstrom napisał(a):
> mĂĽn 2008-03-31 klockan 15:10 +0200 skrev [EMAIL PROTECTED]:
>> Are You sure that router should mark packets on inside interface? and
>> restore at outside interface?
>
> Yes. It marks outgoing connections, and routes the incoming response
> packets based on that.
>
>> That configuration isn't work for me. When i connect webserwer for
>> switch
>> (like Router a,b,c..) in squid logs i see that packets flows by squid.
>> But traffic from outside my net don't want flow by squid. I suppose that
>> on Router0 i have error.
>
> Have you set up the needed policy route routing mark 1 packets to the
> Squid server?
>
> Also remember to enable IP forwarding on the Squid server, and make sure
> it knows to route the client networks directly to respective client
> router...
>
> Regards
> Henrik
>
>


-- 
Tomasz Kolaj
Administrator sieci
ABP Computer

Re: [squid-users] Slow internet

[Jeremy Kim]

I actually started with squid on a suse 10.2 but it had problems of its
own.  It would be working fine but once in a while it would have these
long delays.  I think it was when cache was being swapped. 

Which linux version do you use for your linux?

Also I am not running any user authentication right now on my XP squid.


On Mon, 2008-03-31 at 10:56 -0700, julian julian wrote:
> I really never used squid on Windows plataform, but i
> think it culd be run as good as in linux enviromet.
> What user validation method are you implemented? a
> missconfig squid.conf could be a cause. Check your
> cache.log for validation erros.
> 
> 
> 
> 
> 
> --- Jeremy Kim <[EMAIL PROTECTED]> wrote:
> 
> > Hello,
> > 
> > Using the squid proxy is really slow. Is there
> > anyway to make it faster?
> > 
> > 
> > I have squid version Squid2.6STABLE18 on a XP.
> > 
> > 
> > The machine I am running this on is a Dell PowerEdge
> > SC 1420 Xeon CPU
> > 2.80GHz and 4GB if ram. I am using three scsi
> > drives.  One to host the
> > squid and operating system (est.75G Drive) and the
> > other two drives
> > (est. each 210G drives) as cache drives.
> > 
> > 
> > Here are my configurations. Everything else is
> > pretty much set on
> > default.
> > 
> > #Default:
> > # http_access deny all
> > #Recommended minimum configuration:
> > # Only allow cachemgr access from localhost
> > http_access allow biblical
> > http_access allow manager localhost
> > http_access deny manager
> > # Deny requests to unknown ports
> > http_access deny !Safe_ports
> > # Deny CONNECT to other than SSL ports
> > http_access deny CONNECT !SSL_ports
> > 
> > 
> > # And finally deny all other access to this proxy
> > http_access deny all
> > 
> > # MEMORY CACHE OPTIONS
> > #Default:
> > cache_mem 32 MB
> > 
> > #Default:
> > maximum_object_size_in_memory 8 KB
> > 
> > #Default:
> > memory_replacement_policy lru
> > 
> > #Default:
> > cache_replacement_policy heap GDSF
> > 
> > #Default:
> > cache_dir aufs e:/cache 512 16 256
> > cache_dir aufs f:/cache 512 16 256
> > 
> > #Default:
> > store_dir_select_algorithm least-load
> > 
> > #Default:
> > # max_open_disk_fds 0
> > 
> > #Default:
> > # minimum_object_size 0 KB
> > 
> > #Default:
> > # maximum_object_size 4096 KB
> > 
> > #Default:
> > cache_swap_low 90
> > cache_swap_high 95
> > 
> > #Default:
> > # maximum_object_size 4096 KB
> > 
> > #Default:
> > cache_swap_low 90
> > cache_swap_high 95
> > 
> > 
> > 
> 
> 
> 
>   
> 
> Special deal for Yahoo! users & friends - No Cost. Get a month of Blockbuster 
> Total Access now 
> http://tc.deals.yahoo.com/tc/blockbuster/text3.com

Re: [squid-users] TPROXY but without bridging?

[Henrik Nordstrom]

mån 2008-03-31 klockan 20:00 +0200 skrev [EMAIL PROTECTED]:

> Now tproxy works but http://devel.squid-cache.org/cgi-bin/test shows
> source address of connection as ip of my squid not my test client computer
> behind router A.

Any errors/warnings about tproxy in cache.log?

Regards
Henrik

Re: [squid-users] Multiple url_rewrite_program

[Henrik Nordstrom]

sön 2008-03-30 klockan 17:17 +0300 skrev Andrei-Florian Staicu:
> Hello list,
> 
> Could you tell me if I can have different url_rewrite_programs for 
> different acls?

No, but you can make the url rewrite program take different actions
based on pretty much anything you can express in acls..

url rewriters have access to

- requested URL
- user name (if using ident or authentication)
- requesting client IP
- HTTP method
- and a bit more (see FAQ for full details)

Regards
Henrik

Re: [squid-users] With Two Internet connection

[Henrik Nordstrom]

mån 2008-03-31 klockan 15:09 +0530 skrev Arun Shrimali:

> Now I want from squid to use the source one for regular use, but
> whenever source one is not available switch over to source two, and
> when again net is available from source one, switch back to source
> one.

That's really more a routing question than a Squid question. If you make
the routing switch over properly Squid and every other TCP/IP
application you have will just work.

Regards
Henrik

Re: [squid-users] TPROXY but without bridging?

[admin]

Dnia Pn Marca 31 2008, 20:48, Henrik Nordstrom napisał(a):
>  2008-03-31 klockan 20:00 +0200 skrev [EMAIL PROTECTED]:
>
>> Now tproxy works but http://devel.squid-cache.org/cgi-bin/test shows
>> source address of connection as ip of my squid not my test client
>> computer
>> behind router A.
>
> Any errors/warnings about tproxy in cache.log?
>
No, log attached.

This patch was aplied to squid:
tproxy-squid-2.6-STABLE18.20080304-110716-1204625236.patch
-- 
Tomasz-- cut --
2008/04/01 04:54:56| Starting Squid Cache version 2.6.STABLE18 for x86_64-pc-linux-gnu
2008/04/01 04:54:56| Process ID 17575
2008/04/01 04:54:56| With 1024 file descriptors available
2008/04/01 04:54:56| Using epoll for the IO loop
2008/04/01 04:54:56| DNS Socket created at 0.0.0.0, port 40871, FD 6
2008/04/01 04:54:56| Adding domain abp.pl from /etc/resolv.conf
2008/04/01 04:54:56| Adding nameserver 82.160.43.13 from /etc/resolv.conf
2008/04/01 04:54:56| Adding nameserver 82.160.43.5 from /etc/resolv.conf
2008/04/01 04:54:56| Adding nameserver 82.160.1.1 from /etc/resolv.conf
2008/04/01 04:54:56| User-Agent logging is disabled.
2008/04/01 04:54:56| Referer logging is disabled.
2008/04/01 04:54:56| Unlinkd pipe opened on FD 11
2008/04/01 04:54:56| Swap maxSize 4096 KB, estimated 3150769 objects
2008/04/01 04:54:56| Target number of buckets: 157538
2008/04/01 04:54:56| Using 262144 Store buckets
2008/04/01 04:54:56| Max Mem  size: 1048576 KB
2008/04/01 04:54:56| Max Swap size: 4096 KB
2008/04/01 04:54:56| Local cache digest enabled; rebuild/rewrite every 3600/3600 sec
2008/04/01 04:54:56| Rebuilding storage in /var/cache/squid/dysk1 (DIRTY)
2008/04/01 04:54:56| Rebuilding storage in /var/cache/squid/dysk2 (DIRTY)
2008/04/01 04:54:56| Rebuilding storage in /var/cache/squid/dysk3 (DIRTY)
2008/04/01 04:54:56| Rebuilding storage in /var/cache/squid/dysk4 (DIRTY)
2008/04/01 04:54:56| Using Least Load store dir selection
2008/04/01 04:54:56| Set Current Directory to /var/cache/squid
2008/04/01 04:54:56| Loaded Icons.
2008/04/01 04:54:57| Accepting transparently proxied HTTP connections at 0.0.0.0, port 3128, FD 17.
2008/04/01 04:54:57| Accepting ICP messages at 0.0.0.0, port 3130, FD 18.
2008/04/01 04:54:57| HTCP Disabled.
2008/04/01 04:54:57| WCCP Disabled.
2008/04/01 04:54:57| Ready to serve requests.
2008/04/01 04:54:57| Done scanning /var/cache/squid/dysk1 (0 entries)
2008/04/01 04:54:57| Done scanning /var/cache/squid/dysk2 (0 entries)
2008/04/01 04:54:57| Done scanning /var/cache/squid/dysk3 (0 entries)
2008/04/01 04:54:57| Done scanning /var/cache/squid/dysk4 (0 entries)
2008/04/01 04:54:57| Finished rebuilding storage from disk.
2008/04/01 04:54:57| 0 Entries scanned
2008/04/01 04:54:57| 0 Invalid entries.
2008/04/01 04:54:57| 0 With invalid flags.
2008/04/01 04:54:57| 0 Objects loaded.
2008/04/01 04:54:57| 0 Objects expired.
2008/04/01 04:54:57| 0 Objects cancelled.
2008/04/01 04:54:57| 0 Duplicate URLs purged.
2008/04/01 04:54:57| 0 Swapfile clashes avoided.
2008/04/01 04:54:57|   Took 0.4 seconds (   0.0 objects/sec).
2008/04/01 04:54:57| Beginning Validation Procedure
2008/04/01 04:54:57|   Completed Validation Procedure
2008/04/01 04:54:57|   Validated 0 Entries
2008/04/01 04:54:57|   store_swap_size = 0k
2008/04/01 04:54:57| storeLateRelease: released 0 objects
-- cut --

Re: [squid-users] HTTPS upstream cache problem

[Daniel Becker]

Hi,

thanks for your answer. Just to be sure, that means, that it is not the 
fault of my squid configuration, but a configuration error of the peer 
webserver?


Regards,
Daniel

Re: [squid-users] OpenBSD 4.2+Squid3_Stable1+Windows AD

[Luca Dell'Oca]

Hi,
thanks for the code, but I got an error anyway. These are the steps I took:
- I removed the ports tree and deployed a fresh one
- moved to samba dir, created a samba_winbind.patch and copied in it the
code you gave
- patch -p1 < samba_winbind.patch, without any error
- env FLAVOR=winbind make install

The compiler runned for a while, and then stops here. Do not know how to fix
it.

Luca.

===>  Building package for samba-3.0.25b-winbind
Create /usr/ports/packages/i386/all/samba-3.0.25b-winbind.tgz
Switching to /usr/ports/net/samba/pkg/PFRAG.shared-main
Error in package:
/usr/ports/net/samba/w-samba-3.0.25b-winbind/fake-i386-winbind//usr/local/%%winbind%%
 
does not exist
===>  Cleaning for samba-3.0.25b-winbind
rm -f /usr/ports/packages/i386/all/samba-3.0.25b-winbind.tgz
/usr/ports/packages/i386/ftp/samba-3.0.25b-winbind.tgz
/usr/ports/packages/i386/cdrom/samba-3.0.25b-winbind.tgz
*** Error code 1

Stop in /usr/ports/net/samba (line 1373 of
/usr/ports/infrastructure/mk/bsd.port.mk).
*** Error code 1

Stop in /usr/ports/net/samba (line 1861 of
/usr/ports/infrastructure/mk/bsd.port.mk).
*** Error code 1

Stop in /usr/ports/net/samba (line 1403 of
/usr/ports/infrastructure/mk/bsd.port.mk).




Macroendrix wrote:
> 
> Use this code:
> -
> ...
> -
> 100% tested with Squid2.6Stable18 and Samba 3.0.25 in OpenBSD 4.2...
> 
> Have fun!
> 

-- 
View this message in context: 
http://www.nabble.com/OpenBSD-4.2%2BSquid3_Stable1%2BWindows-AD-tp15151088p16398734.html
Sent from the Squid - Users mailing list archive at Nabble.com.

Re: [squid-users] Can squid re-load any caches into memory from the disk cache.

[Henrik Nordstrom]

mån 2008-03-31 klockan 14:24 +0900 skrev S.KOBAYASHI:

> Does anyone know how to re-load the object into the memory from the disk
> cache?

It gets into the filesystem cache memory, but not the whole way into the
Squid cache_mem...

Regards
Henrik

Re: [squid-users] Unable to access a website through Suse/Squid.

[Henrik Nordstrom]

mån 2008-03-31 klockan 11:30 -0400 skrev Terry Dobbs:


> I have been racking my brain over this one. I am able to ping the
> website from the SUSE machine, just cant www to it. Anyone know why this
> is? Is it a configuration issue on the server, on the website?

There is quite many broken firewalls out on the Internet which falls
down when clients & servers have modern TCP/IP implementations such as
Linux..

The Squid FAQ has workarounds for most of them.

http://wiki.squid-cache.org/SquidFaq/SystemWeirdnesses#head-699d810035c099c8b4bff21e12bb365438a21027
and
http://wiki.squid-cache.org/SquidFaq/SystemWeirdnesses#head-4920199b311ce7d20b9a0d85723fd5d0dfc9bc84

There is more, but these two is the most common ones..

some sites have also been seen having problems with tcp timestamping,
but these are very rare today..

Regards
Henrik

Re: [squid-users] Not sure how to summarize this request :)

[Henrik Nordstrom]

fre 2008-03-28 klockan 21:27 -0400 skrev Tuc at T-B-O-H.NET:
>   The FreeBSD box has 2 VPN's. One is over a wireless broadband link,
> the other over a Satellite. During the normal course of operation, everything
> goes over the quicker broadband link. When that link is down, though, a
> program automatically changes the default route to go over the satellite link.
> Of course, satellite is pretty slow. There is, however, an accelerator on the
> satellite link. The down side is that you have to address it directly by
> sending all traffic to 192.168.0.1 port 87.
> 
>   Is there a good way to implement this that won't be difficult to
> support?

For smoothests operations you need a small script that monitors the link
and reconfigures Squid as needed.

It is also possible to set up Squid to use a parent as a last-restort,
but only after long delays on every connection..

Regards
Henrik

RE: [squid-users] Unable to access a website through Suse/Squid.

[Terry Dobbs]

Yea, I did stumble across those a few days ago, and tried doing what it said to 
no avail.

Can other people here access this site using Suse Linux?

-Original Message-
From: Henrik Nordstrom [mailto:[EMAIL PROTECTED] 
Sent: Monday, March 31, 2008 3:15 PM
To: Terry Dobbs
Cc: squid-users@squid-cache.org
Subject: Re: [squid-users] Unable to access a website through Suse/Squid.

mån 2008-03-31 klockan 11:30 -0400 skrev Terry Dobbs:


> I have been racking my brain over this one. I am able to ping the
> website from the SUSE machine, just cant www to it. Anyone know why this
> is? Is it a configuration issue on the server, on the website?

There is quite many broken firewalls out on the Internet which falls
down when clients & servers have modern TCP/IP implementations such as
Linux..

The Squid FAQ has workarounds for most of them.

http://wiki.squid-cache.org/SquidFaq/SystemWeirdnesses#head-699d810035c099c8b4bff21e12bb365438a21027
and
http://wiki.squid-cache.org/SquidFaq/SystemWeirdnesses#head-4920199b311ce7d20b9a0d85723fd5d0dfc9bc84

There is more, but these two is the most common ones..

some sites have also been seen having problems with tcp timestamping,
but these are very rare today..

Regards
Henrik

Re: [squid-users] Multiple url_rewrite_program

[Andrei-Florian Staicu]

Henrik Nordstrom wrote:

sön 2008-03-30 klockan 17:17 +0300 skrev Andrei-Florian Staicu:
  

Hello list,

Could you tell me if I can have different url_rewrite_programs for 
different acls?



No, but you can make the url rewrite program take different actions
based on pretty much anything you can express in acls..

url rewriters have access to

- requested URL
- user name (if using ident or authentication)
*- requesting client IP*
- HTTP method
- and a bit more (see FAQ for full details

I think that's what I need. I'll read the FAQ. Thanks

[squid-users] no access.log

[nairb rotsak]

Hello all,

I have a squid installation running on Ubuntu 7.04.  That version of squid is 
2.6.5.  I have ntlm-help and am using it with Dansguardian.  It all works, but 
when someone complained of being blocked by something they should not have, I 
naturally went to /var/log/squid/access.log.  Only to find out it wasn't 
there??  I can't find another squid access.log anywhere else on the box (I 
built it remotely, but the guy there says he didn't do anything).

I have recreated the access.log file with the same permissions and ownership as 
the rest of the files in the /var/log/squid directory.  Since the 'dpkg -L 
squid' doesn't show access.log as one of the files packaged with the package 
itself, I am assuming that squid creates this file itself.

Since this guy is trying to use SARG to get a record of where everyone is 
going.. this isn't going well.

Any clues on where to start to get this back.  I guess I can apt-get remove 
squid, purge it, then re-install.  But I wanted to see if anyone else had ever 
seen this.

thanks,

bk




  

Like movies? Here's a limited-time offer: Blockbuster Total Access for one 
month at no cost. 
http://tc.deals.yahoo.com/tc/blockbuster/text4.com

Re: [squid-users] OpenBSD 4.2+Squid3_Stable1+Windows AD

[Henrik Nordstrom]

mån 2008-03-31 klockan 12:07 -0700 skrev Luca Dell'Oca:
> Hi,
> thanks for the code, but I got an error anyway. These are the steps I took:

At this point I would recomment you to install Samba from source
manually, not using ports.

It's not a complex procedure, and you do not need to do any of the
NSS/nsswitch/PAM OS integration, just install Samba with winbind
support, it's sufficient for Squid and most other uses, and almost
OS-independent.

http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/compiling.html

and

http://www.samba.org/samba/docs/using_samba/ch02.html

Note: NSS/nsswitch/PAM is only needed if you want your OS to see domain
accounts as if they were local accounts on the server, not for other
services such as Squid using winbind for authentication.

Regards
Henrik

Re: [squid-users] HTTPS upstream cache problem

[Henrik Nordstrom]

mån 2008-03-31 klockan 22:12 +0200 skrev Daniel Becker:
> >> but in the log of the upstream proxy it looks like:
> >> TCP_MISS/404 0 CONNECT http:443 - DIRECT/-
> > 
> > This is most commonly seen when using a url rewriter helper which
> > incorrectly tries to modify CONNECT requests.
> > 
> > Regards
> > Henrik
> > 

> thanks for your answer. Just to be sure, that means, that it is not the 
> fault of my squid configuration, but a configuration error of the peer 
> webserver?

Can be either. If it is what I say above then the error is in an url
rewriter/redirector used by one of the two, trying to rewrite the
hostname of a CONNECT request into a http:// URL.

What does access.log say on both?

Is either of the two using an url rewriter / redirector helper?
(url_rewrite_program/redirector_program, same directive different names)

Regards
Henrik

Re: [squid-users] ACLs and localhost

[paul cooper]

this is my config
hepworth squid # grep ^acl /etc/squid/squid.conf
acl all src 0.0.0.0/0.0.0.0
acl SSL_ports port 443
acl Safe_ports port 80 # http

acl Safe_ports port 901 # SWAT
acl purge method PURGE
acl CONNECT method CONNECT
acl andrew proxy_auth
acl emma proxy_auth
acl QUERY urlpath_regex cgi-bin \?
acl apache rep_header Server ^Apache
acl testing  time MTWHF 07:30-08:00
hepworth squid # grep ^http_access /etc/squid/squid.conf
http_access deny  !Safe_ports
http_access allow emma testing
http_access allow andrew  localhost
http_access deny all
hepworth squid #

and logging in as andrew denies a poage with this
2008/03/31 20:56:37| Starting Squid Cache version 2.6.STABLE17 for
i686-pc-linux-gnu...
2008/03/31 20:56:37| Process ID 8806
2008/03/31 20:56:37| With 1024 file descriptors available
2008/03/31 20:56:37| Using epoll for the IO loop
2008/03/31 20:56:37| DNS Socket created at 0.0.0.0, port 32780, FD 6
2008/03/31 20:56:37| Adding domain home.nw from /etc/resolv.conf
2008/03/31 20:56:37| Adding nameserver 192.168.0.254 from /etc/resolv.conf
2008/03/31 20:56:37| helperOpenServers: Starting 5 'ncsa_auth' processes
2008/03/31 20:56:38| User-Agent logging is disabled.
2008/03/31 20:56:38| Referer logging is disabled.
2008/03/31 20:56:38| Unlinkd pipe opened on FD 17
2008/03/31 20:56:38| Swap maxSize 102400 KB, estimated 7876 objects
2008/03/31 20:56:38| Target number of buckets: 393
2008/03/31 20:56:38| Using 8192 Store buckets
2008/03/31 20:56:38| Max Mem  size: 8192 KB
2008/03/31 20:56:38| Max Swap size: 102400 KB
2008/03/31 20:56:38| Local cache digest enabled; rebuild/rewrite every
3600/3600 sec
2008/03/31 20:56:38| Rebuilding storage in /var/cache/squid (CLEAN)
2008/03/31 20:56:38| Using Least Load store dir selection
2008/03/31 20:56:38| Set Current Directory to /var/cache/squid
2008/03/31 20:56:38| Loaded Icons.
2008/03/31 20:56:38| Accepting proxy HTTP connections at 0.0.0.0, port
3128, FD 19.
2008/03/31 20:56:38| Accepting ICP messages at 0.0.0.0, port 3130, FD 20.
2008/03/31 20:56:38| HTCP Disabled.
2008/03/31 20:56:38| WCCP Disabled.
2008/03/31 20:56:38| Ready to serve requests.
2008/03/31 20:56:38| Done reading /var/cache/squid swaplog (2219 entries)
2008/03/31 20:56:38| Finished rebuilding storage from disk.
2008/03/31 20:56:38|  2219 Entries scanned
2008/03/31 20:56:38| 0 Invalid entries.
2008/03/31 20:56:38| 0 With invalid flags.
2008/03/31 20:56:38|  2219 Objects loaded.
2008/03/31 20:56:38| 0 Objects expired.
2008/03/31 20:56:38| 0 Objects cancelled.
2008/03/31 20:56:38| 0 Duplicate URLs purged.
2008/03/31 20:56:38| 0 Swapfile clashes avoided.
2008/03/31 20:56:38|   Took 0.3 seconds (6503.0 objects/sec).
2008/03/31 20:56:38| Beginning Validation Procedure
2008/03/31 20:56:38|   Completed Validation Procedure
2008/03/31 20:56:38|   Validated 2219 Entries
2008/03/31 20:56:38|   store_swap_size = 18264k
2008/03/31 20:56:39| storeLateRelease: released 0 objects
2008/03/31 20:56:44| aclCheckFast: list: 0x82ab588
2008/03/31 20:56:44| aclMatchAclList: checking all
2008/03/31 20:56:44| aclMatchAcl: checking 'acl all src 0.0.0.0/0.0.0.0'
2008/03/31 20:56:44| aclMatchIp: '127.0.0.1' found
2008/03/31 20:56:44| aclMatchAclList: returning 1
2008/03/31 20:56:44| aclCheck: checking 'http_access deny  !Safe_ports'
2008/03/31 20:56:44| aclMatchAclList: checking !Safe_ports
2008/03/31 20:56:44| aclMatchAcl: checking 'acl Safe_ports port 80 # http'
2008/03/31 20:56:44| aclMatchAclList: no match, returning 0
2008/03/31 20:56:44| aclCheck: checking 'http_access allow emma testing'
2008/03/31 20:56:44| aclMatchAclList: checking emma
2008/03/31 20:56:44| aclMatchAcl: checking 'acl emma proxy_auth '
2008/03/31 20:56:44| aclMatchAcl: returning 0 sending credentials to helper.
2008/03/31 20:56:44| aclMatchAclList: no match, returning 0
2008/03/31 20:56:44| aclCheck: checking password via authenticator
2008/03/31 20:56:45| aclCheck: checking 'http_access allow emma testing'
2008/03/31 20:56:45| aclMatchAclList: checking emma
2008/03/31 20:56:45| aclMatchAcl: checking 'acl emma proxy_auth '
2008/03/31 20:56:45| aclMatchUser: user is andrew, case_insensitive is 0
2008/03/31 20:56:45| Top is (nil), Top->data is Unavailable
2008/03/31 20:56:45| aclMatchUser: returning 0,Top is (nil), Top->data is
Unavailable
2008/03/31 20:56:45| aclMatchAclList: no match, returning 0
2008/03/31 20:56:45| aclCheck: checking 'http_access allow andrew '
2008/03/31 20:56:45| aclMatchAclList: checking andrew
2008/03/31 20:56:45| aclMatchAcl: checking 'acl andrew proxy_auth '
2008/03/31 20:56:45| aclMatchUser: user is andrew, case_insensitive is 0
2008/03/31 20:56:45| Top is (nil), Top->data is Unavailable
2008/03/31 20:56:45| aclMatchUser: returning 0,Top is (nil), Top->data is
Unavailable
2008/03/31 20:56:45| aclMatchAclList: no match, returning 0
2008/03/31 20:56:45| aclCheck: checking 'http_access deny all'
2008/03/31 20:56:45| aclMatchAclList: checking all
2008/03/31 20:5

Re: [squid-users] no access.log

[Henrik Nordstrom]

mån 2008-03-31 klockan 13:11 -0700 skrev nairb rotsak:
> I have recreated the access.log file with the same permissions and
> ownership as the rest of the files in the /var/log/squid directory.
> Since the 'dpkg -L squid' doesn't show access.log as one of the files
> packaged with the package itself, I am assuming that squid creates
> this file itself.

Do you have an access_log directive in squid.conf?

In 2.6 there is no built-in location for access.log...

Regards
Henrik

Re: [squid-users] ACLs and localhost

[Henrik Nordstrom]

mån 2008-03-31 klockan 22:13 +0100 skrev paul cooper:
> this is my config
> hepworth squid # grep ^acl /etc/squid/squid.conf
> acl all src 0.0.0.0/0.0.0.0
> acl SSL_ports port 443
> acl Safe_ports port 80 # http
> 
> acl Safe_ports port 901 # SWAT
> acl purge method PURGE
> acl CONNECT method CONNECT
> acl andrew proxy_auth
> acl emma proxy_auth

the above should be

acl andrew proxy_auth andrew
acl emma proxy_auth emma


the first is the internal name of the acl, the second the username(s) to
match..

Regards
Henrik

RE: [squid-users] Unable to access a website through Suse/Squid.

[Henrik Nordstrom]

mån 2008-03-31 klockan 15:31 -0400 skrev Terry Dobbs:

> Can other people here access this site using Suse Linux?

What was the site again?

Regards
Henrik

RE: [squid-users] Can squid re-load any caches into memory from thedisk cache.

[Adam Carter]

> > Does anyone know how to re-load the object into the memory
> > from the disk cache?
>
> At the moment? You have to expire the object and refetch it.

So if an object gets written to disk, then subsequently becomes frequently 
requested, will this compromise performance as the object must now be pulled 
from disk every time?

Following on from that - would a smaller cache_mem, which will allow the OS to 
perform more disk caching, potentially perform better than a larger (but still 
sensibly sized) cache_mem?

Re: [squid-users] Can squid re-load any caches into memory from thedisk cache.

[Adrian Chadd]

On Tue, Apr 01, 2008, Adam Carter wrote:
> > > Does anyone know how to re-load the object into the memory
> > > from the disk cache?
> >
> > At the moment? You have to expire the object and refetch it.
> 
> So if an object gets written to disk, then subsequently becomes frequently 
> requested, will this compromise performance as the object must now be pulled 
> from disk every time?

Sort of. It'll then hopefully be cached in the OS buffer cache.

> Following on from that - would a smaller cache_mem, which will allow the OS 
> to perform more disk caching, potentially perform better than a larger (but 
> still sensibly sized) cache_mem?

Again, sort of. Thats fine for almost all use cases. A large cache_mem
is suggested if you have a _very_ hot set of objects - eg most accelerators.
I'd let the OS/FS do the caching everywhere else for now, at least until
I or someone else writes something better.



Adrian

-- 
- Xenion - http://www.xenion.com.au/ - VPS Hosting - Commercial Squid Support -
- $25/pm entry-level VPSes w/ capped bandwidth charges available in WA -

Re: [squid-users] TPROXY but without bridging?

[Amos Jeffries]

> Dnia Pn Marca 31 2008, 20:48, Henrik Nordstrom napisa³(a):
>>  2008-03-31 klockan 20:00 +0200 skrev [EMAIL PROTECTED]:
>>
>>> Now tproxy works but http://devel.squid-cache.org/cgi-bin/test shows
>>> source address of connection as ip of my squid not my test client
>>> computer
>>> behind router A.
>>
>> Any errors/warnings about tproxy in cache.log?
>>
> No, log attached.
>
> This patch was aplied to squid:
> tproxy-squid-2.6-STABLE18.20080304-110716-1204625236.patch
> --
> Tomasz

Laszlo (from Balabit) and us are still working on these TPROXY 4 patches.
We just found a similar problem in 3.x, so it may be an bug in the patch.

Please contact Laszlo with details of the problem you are currently having
and see if he has a fix for that yet.

Amos

Re: [squid-users] empty cache

[Amos Jeffries]

> Hi, I've already post with a similar subject but I think it's different. I
> run squid 24h/24h and my cache directory remains empty. I don't know why
> no object is cached on disk.
> Here is a brief of my configuration
> Squid -v
> Squid Cache: Version 2.6.STABLE12
> configure options: '--enable-storeio=aufs,null,ufs' '--with-large-files'
> Here some of my squid.conf
>
> http_port 3128 transparent
> cache_mem 100 MB
> maximum_object_size 25600 KB
> maximum_object_size_in_memory 24 KB
> cache_dir aufs /usr/local/squid/var/cache2 2500 16 256
> url_rewrite_program /usr/local/bin/squidGuard -c
> /usr/local/squidGuard/squidGuard.conf
> url_rewrite_children 80
> acl our_networks src 172.16.0.0/12
> http_access allow our_networks

> no_cache deny our_networks

That directive no longer exists. Its the same as 'cache deny our_networks'.

It means NEVER cache anything requested by 172.16.0.0/12


> ## purger site
> acl PURGE method PURGE
> http_access allow PURGE localhost
> http_access deny PURGE
> ###
> http_access allow localhost
> # And finally deny all other access to this proxy
> http_access deny all
> cache_effective_user squid
> #Default:
> # wccp_router 0.0.0.0
> wccp2_router 172.20.20.11
> wccp2_router 172.20.20.12
> wccp_version 4
> wccp2_forwarding_method 2
> wccp2_return_method 2
> wccp2_assignment_method 1
> wccp2_service standard 0 password=x
>
> all the other option is default option
>
> 
> Guillaume Chartrand
> Technicien informatique
> Cégep régional de Lanaudière
> Centre administratif, Repentigny
> (450) 470-0911 poste 7218
>
>

[squid-users] squid-3.0.STABLE3 make error in dns_internal.cc

[Tvrtko Majstorović]

Hi,

I'm trying to compile squid on my Debian-etch Linux with:

./configure --prefix=/usr --localstatedir=/var 
--libexecdir=${prefix}/lib/squid --srcdir=. 
--datadir=${prefix}/share/squid --sysconfdir=/etc/squid 
--enable-delay-pools --with-default-user=proxy


I have applied patch to 'src/Makefile.am' described on your pages, but 
when I run 'make' get this error:


dns_internal.cc: In function ‘void idnsSendQuery(idns_query*)’:
dns_internal.cc:778: error: cannot convert ‘sockaddr_in’ to ‘const 
sockaddr_in*’ for argument ‘2’ to ‘int comm_udp_sendto(int, const 
sockaddr_in*, int, const void*, int)’

make[3]: *** [dns_internal.o] Error 1
make[3]: Leaving directory `/home/tvrtko/downloads/squid-3.0.STABLE3/src'
make[2]: *** [all-recursive] Error 1
make[2]: Leaving directory `/home/tvrtko/downloads/squid-3.0.STABLE3/src'
make[1]: *** [all] Error 2
make[1]: Leaving directory `/home

I'm truly sorry if this problem was discussed before, just couldn't find 
the fix to the problem.


Cheers,
Tvrtko

[squid-users] Block Squid error page

[sekar it]

Hello all,

Iam using squid as Transparent proxy. I dont want send any error
message from squid. Is there any possible to send the origin server
error message instead of squid error message ?

Thanks in advance,
 Sekar

[squid-users] squid-2.6.STABLE19 https proxying

[ssoo]

Squid-2.6.STABLE19 have sslproxy* directives.
Can it support forward proxying https?


Below is part of squid FAQ:
"Unsupported Request Method and Protocol" for ''https'' URLs.

The information here is current for version 2.3

This is correct. Squid does not know what to do with an https URL.
To handle such a URL, Squid would need to speak the SSL protocol.
Unfortunately, it does not (yet).

Normally, when you type an https URL into your browser, one of two  
things happens.

* The browser opens an SSL connection directly to the origin server.
* The browser tunnels the request through Squid with the CONNECT  
request method.

Re: [squid-users] squid-2.6.STABLE19 https proxying

[Adrian Chadd]

On Tue, Apr 01, 2008, [EMAIL PROTECTED] wrote:
> Squid-2.6.STABLE19 have sslproxy* directives.
> Can it support forward proxying https?

It doesn't, no. Porting the sslbump stuff from Squid-3 or a cut-down version
shouldn't be hard.



Adrian

-- 
- Xenion - http://www.xenion.com.au/ - VPS Hosting - Commercial Squid Support -
- $25/pm entry-level VPSes w/ capped bandwidth charges available in WA -