Re: [squid-users] Can't access this site using squid-2.6.19

2008-04-23 Thread Andy Low 

Hi Chris,

Thanks! This solve my problem, I have tested the Squid on FC8 and 
FC9-preview. But strange, I have another Linux Server running on RedHat 9 
and using Squid-2.6.18 has no problem. The TCP Window Scaling is turned on 
too, unless the TCP Window Scaling on Redhat 9 is broken?


At least now I know what's going on.

Thanks again!

Andy


- Original Message - 
From: "Chris Robertson" <[EMAIL PROTECTED]>

To: 
Sent: Wednesday, April 23, 2008 9:10 AM
Subject: Re: [squid-users] Can't access this site using squid-2.6.19



Andy Low wrote:

Hi,

Let me clarify for this site: www.ura.gov.sg.

For Internet Explorer, I can't see the page at all.
For Firefox, I can see the page but it is still loading and seems like 
not finish yet.


I have no problem if I bypass Squid, is there a bug with Squid?


Nope.  This is a TCP window scaling issue 
(http://en.wikipedia.org/wiki/TCP_window_scale_option).  Most likely a 
broken firewall on the far end.  See 
http://www.squid-cache.org/mail-archive/squid-users/200703/0190.html for a 
reasonably elegant solution on Linux.




Thanks,

Andy


Chris

[squid-users] Problem with host-header on a accelerated proxy

2008-04-23 Thread Marcus Johansson 
Hi

I'm using Squid as an accelerator for an apache web server which
resides on a internal private network. Squid resides on the firewall
and receives all requests for the web server.
I have configured it this way in squid.conf:

httpd_accel_host 192.168.0.51 # IP address of web server
httpd_accel_port 80 # Port of web server

httpd_accel_single_host on # Forward uncached requests to single host
httpd_accel_with_proxy on #
httpd_accel_uses_host_header off

(I'm also using Squid as a proxy, that's why "httpd_accel_with_proxy" is on.)

The problem is that the Host-header seen by apache always is
"192.168.0.51" regardless of which address was used to access the
squid server.
I would like the host-header used by the browser client to be sent
through the proxy to the web server (so that I can use virtual hosts
on my web server).

I have tried to set "redirect_rewrites_host_header" to off but that
didn't seem to change anything.
Changing "httpd_accel_uses_host_header" seemed only to redirect the
requests to the wrong machine, and it failed to get pass my access
list rules.

The version of squid is: Squid Cache: Version 2.5.STABLE12

I would be very grateful for any help on this!

Regards,
Marcus Johansson

[squid-users] help me, please, with squid 3.0 stable4 - not retry url with whitespaces

2008-04-23 Thread ags67 


Hello!

SQUID 3.0 Stable4 are compiled on Novell SLES 10 SP1

Not retry url with whitespaces, for example - http://wiki.mozilla-russia.org

In access.log:

1208927537.022505  TCP_MISS/302 14865 GET
http://wiki.mozilla-russia.org/ - DIRECT/195.18.35.94
application/xhtml+xml [Host: wiki.mozilla-russia.org\r\nUser-Agent:
Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.12) Gecko/20080201
Firefox/2.0.0.12\r\nAccept:
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5\r\nAccept-Language:
ru-ru,ru;q=0.8,en-us;q=0.5,en;q=0.3\r\nAccept-Encoding:
gzip,deflate\r\nAccept-Charset:
windows-1251,utf-8;q=0.7,*;q=0.7\r\nKeep-Alive: 300\r\nProxy-Connection:
keep-alive\r\n] [HTTP/1.1 302 Moved Temporarily\r\nServer:
nginx/0.6.29\r\nDate: Wed, 23 Apr 2008 06:15:12 GMT\r\nContent-Type:
application/xhtml+xml; charset=UTF-8\r\nConnection:
close\r\nX-Powered-By: PHP/4.4.7\r\nSet-Cookie:
PHPSESSID=3118ffe35f83d8e5b71612b1752c3a92; path=/\r\nExpires: Thu, 19
Nov 1981 08:52:00 GMT\r\nCache-Control: no-store, no-cache,
must-revalidate, post-check=0, pre-check=0\r\nPragma:
no-cache\r\nLocation: http:///index.php/ru/%25D0%2591%25D0%25B0%25D0%25B7%25D0%25B0%2520%25D0%25B7%25D0%25BD%25D0%25B0%25D0%25BD%25D0%25B8%25D0%25B9%2520%25D0%25BF%25D1%2580%25D0%25BE%25D0%25B5%25D0%25BA%25D1%2582%25D0%25B0%2520Mozilla%2520%25D0%25A0%25D0%25BE%25D1%2581%25D1%2581%25D0%25B8%25D1%258F\r\n\r]
1208927537.187144  TCP_MISS/503 1688 GET
http:///index.php/ru/%D0%91%D0%B0%D0%B7%D0%B0%20%D0%B7%D0%BD%D0%B0%D0%BD%D0%B8%D0%B9%20%D0%BF%D1%80%D0%BE%D0%B5%D0%BA%D1%82%D0%B0%20Mozilla%20%D0%A0%D0%BE%D1%81%D1%81%D0%B8%D1%8F
- DIRECT/ text/html [Host: \r\nUser-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; ru;
rv:1.8.1.12) Gecko/20080201 Firefox/2.0.0.12\r\nAccept:
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5\r\nAccept-Language:
ru-ru,ru;q=0.8,en-us;q=0.5,en;q=0.3\r\nAccept-Encoding:
gzip,deflate\r\nAccept-Charset:
windows-1251,utf-8;q=0.7,*;q=0.7\r\nKeep-Alive: 300\r\nProxy-Connection:
keep-alive\r\n] [HTTP/1.0 503 Service Unavailable\r\nServer:
squid/3.0.STABLE4\r\nMime-Version: 1.0\r\nDate: Wed, 23 Apr 2008
05:12:17 GMT\r\nContent-Type: text/html\r\nContent-Length:
1322\r\nExpires: Wed, 23 Apr 2008 05:12:17 GMT\r\nX-Squid-Error:
ERR_CONNECT_FAIL 111\r\n\r]

SQUID was compiled with options:
--enable-icap-client --enable-default-err-language=Russian-1251
--enable-err-languages=Russian-1251 --enable-linux-netfilter
--disable-ident-lookups

What I need changed?

Thanks.

Best Regards,
Andrew,
Russia,
Moscow

Re: [squid-users] Problem with host-header on a accelerated proxy

2008-04-23 Thread Amos Jeffries 

Marcus Johansson wrote:

Hi

I'm using Squid as an accelerator for an apache web server which
resides on a internal private network. Squid resides on the firewall
and receives all requests for the web server.
I have configured it this way in squid.conf:

httpd_accel_host 192.168.0.51 # IP address of web server
httpd_accel_port 80 # Port of web server

httpd_accel_single_host on # Forward uncached requests to single host
httpd_accel_with_proxy on #
httpd_accel_uses_host_header off

(I'm also using Squid as a proxy, that's why "httpd_accel_with_proxy" is on.)

The problem is that the Host-header seen by apache always is
"192.168.0.51" regardless of which address was used to access the
squid server.
I would like the host-header used by the browser client to be sent
through the proxy to the web server (so that I can use virtual hosts
on my web server).

I have tried to set "redirect_rewrites_host_header" to off but that
didn't seem to change anything.
Changing "httpd_accel_uses_host_header" seemed only to redirect the
requests to the wrong machine, and it failed to get pass my access
list rules.

The version of squid is: Squid Cache: Version 2.5.STABLE12



If you can I'd seriously advise upgrading. 2.5 is rather old and even 
2.6 is on it planned final release cycle now. If there is any code or 
feature reason you have not, please let us know.


Methinks the problem is:
  httpd_accel_uses_host_header off

That option makes accelerators use the Host: header. If it then fails 
your ACL, thats a secondary problem with the ACL configuration.


Amos
--
Please use Squid 2.6.STABLE19 or 3.0.STABLE4

[squid-users] Problem with viewing http://wiki.mozilla-russia.org

2008-04-23 Thread Alex Gau 

Hello,
we use squid3.0 stable4 on SLES10.
It was compiled with followed parameters:


./configure --prefix=/usr/local/squid3 --enable-icap-client 
--enable-default-err-language=Russian-1251 
--enable-err-languages="Russian-1251 Russian-koi8-r" 
--enable-linux-netfilter --disable-ident-lookups --with-default-user=drweb



When we try to view URL http://wiki.mozilla-russia.org through the 
proxy, we receive error message.


We enter squid in debug mode and receive followed messages:


1208927537.022505 xxx.xxx.xxx.xxx TCP_MISS/302 14865 GET 
http://wiki.mozilla-russia.org/ - DIRECT/195.18.35.94 
application/xhtml+xml [Host: wiki.mozilla-russia.org\r\nUser-Agent: 
Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.12) Gecko/20080201 
Firefox/2.0.0.12\r\nAccept: 
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5\r\nAccept-Language: 
ru-ru,ru;q=0.8,en-us;q=0.5,en;q=0.3\r\nAccept-Encoding: 
gzip,deflate\r\nAccept-Charset: 
windows-1251,utf-8;q=0.7,*;q=0.7\r\nKeep-Alive: 300\r\nProxy-Connection: 
keep-alive\r\n] [HTTP/1.1 302 Moved Temporarily\r\nServer: 
nginx/0.6.29\r\nDate: Wed, 23 Apr 2008 06:15:12 GMT\r\nContent-Type: 
application/xhtml+xml; charset=UTF-8\r\nConnection: 
close\r\nX-Powered-By: PHP/4.4.7\r\nSet-Cookie: 
PHPSESSID=3118ffe35f83d8e5b71612b1752c3a92; path=/\r\nExpires: Thu, 19 
Nov 1981 08:52:00 GMT\r\nCache-Control: no-store, no-cache, 
must-revalidate, post-check=0, pre-check=0\r\nPragma: 
no-cache\r\nLocation: 
http://aaa.bbb.ccc.ddd/index.php/ru/%25D0%2591%25D0%25B0%25D0%25B7%25D0%25B0%2520%25D0%25B7%25D0%25BD%25D0%25B0%25D0%25BD%25D0%25B8%25D0%25B9%2520%25D0%25BF%25D1%2580%25D0%25BE%25D0%25B5%25D0%25BA%25D1%2582%25D0%25B0%2520Mozilla%2520%25D0%25A0%25D0%25BE%25D1%2581%25D1%2581%25D0%25B8%25D1%258F\r\n\r]
1208927537.187144 xxx.xxx.xxx.xxx TCP_MISS/503 1688 GET 
http://aaa.bbb.ccc.ddd/index.php/ru/%D0%91%D0%B0%D0%B7%D0%B0%20%D0%B7%D0%BD%D0%B0%D0%BD%D0%B8%D0%B9%20%D0%BF%D1%80%D0%BE%D0%B5%D0%BA%D1%82%D0%B0%20Mozilla%20%D0%A0%D0%BE%D1%81%D1%81%D0%B8%D1%8F 
- DIRECT/aaa.bbb.ccc.ddd text/html [Host: 77.108.86.4\r\nUser-Agent: 
Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.12) Gecko/20080201 
Firefox/2.0.0.12\r\nAccept: 
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5\r\nAccept-Language: 
ru-ru,ru;q=0.8,en-us;q=0.5,en;q=0.3\r\nAccept-Encoding: 
gzip,deflate\r\nAccept-Charset: 
windows-1251,utf-8;q=0.7,*;q=0.7\r\nKeep-Alive: 300\r\nProxy-Connection: 
keep-alive\r\n] [HTTP/1.0 503 Service Unavailable\r\nServer: 
squid/3.0.STABLE4\r\nMime-Version: 1.0\r\nDate: Wed, 23 Apr 2008 
05:12:17 GMT\r\nContent-Type: text/html\r\nContent-Length: 
1322\r\nExpires: Wed, 23 Apr 2008 05:12:17 GMT\r\nX-Squid-Error: 
ERR_CONNECT_FAIL 111\r\n\r]



As you can see squid put IP: aaa.bbb.ccc.ddd (a squid ip address) to the 
dynamic link instead of real domain name of the site 
(wiki.mozilla-russia.org)


We don't understand why?
Please, help us to solve this problem.

Best Regards,

Alex

Re: [squid-users] Problem with viewing http://wiki.mozilla-russia.org

2008-04-23 Thread Amos Jeffries 

Alex Gau wrote:

Hello,
we use squid3.0 stable4 on SLES10.
It was compiled with followed parameters:


./configure --prefix=/usr/local/squid3 --enable-icap-client 
--enable-default-err-language=Russian-1251 
--enable-err-languages="Russian-1251 Russian-koi8-r" 
--enable-linux-netfilter --disable-ident-lookups --with-default-user=drweb



When we try to view URL http://wiki.mozilla-russia.org through the 
proxy, we receive error message.


We enter squid in debug mode and receive followed messages:


1208927537.022505 xxx.xxx.xxx.xxx TCP_MISS/302 14865 GET 
http://wiki.mozilla-russia.org/ - DIRECT/195.18.35.94 
application/xhtml+xml [Host: wiki.mozilla-russia.org\r\nUser-Agent: 
Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.12) Gecko/20080201 
Firefox/2.0.0.12\r\nAccept: 
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5\r\nAccept-Language: 
ru-ru,ru;q=0.8,en-us;q=0.5,en;q=0.3\r\nAccept-Encoding: 
gzip,deflate\r\nAccept-Charset: 
windows-1251,utf-8;q=0.7,*;q=0.7\r\nKeep-Alive: 300\r\nProxy-Connection: 
keep-alive\r\n] [HTTP/1.1 302 Moved Temporarily\r\nServer: 
nginx/0.6.29\r\nDate: Wed, 23 Apr 2008 06:15:12 GMT\r\nContent-Type: 
application/xhtml+xml; charset=UTF-8\r\nConnection: 
close\r\nX-Powered-By: PHP/4.4.7\r\nSet-Cookie: 
PHPSESSID=3118ffe35f83d8e5b71612b1752c3a92; path=/\r\nExpires: Thu, 19 
Nov 1981 08:52:00 GMT\r\nCache-Control: no-store, no-cache, 
must-revalidate, post-check=0, pre-check=0\r\nPragma: 
no-cache\r\nLocation: 
http://aaa.bbb.ccc.ddd/index.php/ru/%25D0%2591%25D0%25B0%25D0%25B7%25D0%25B0%2520%25D0%25B7%25D0%25BD%25D0%25B0%25D0%25BD%25D0%25B8%25D0%25B9%2520%25D0%25BF%25D1%2580%25D0%25BE%25D0%25B5%25D0%25BA%25D1%2582%25D0%25B0%2520Mozilla%2520%25D0%25A0%25D0%25BE%25D1%2581%25D1%2581%25D0%25B8%25D1%258F\r\n\r] 

1208927537.187144 xxx.xxx.xxx.xxx TCP_MISS/503 1688 GET 
http://aaa.bbb.ccc.ddd/index.php/ru/%D0%91%D0%B0%D0%B7%D0%B0%20%D0%B7%D0%BD%D0%B0%D0%BD%D0%B8%D0%B9%20%D0%BF%D1%80%D0%BE%D0%B5%D0%BA%D1%82%D0%B0%20Mozilla%20%D0%A0%D0%BE%D1%81%D1%81%D0%B8%D1%8F 
- DIRECT/aaa.bbb.ccc.ddd text/html [Host: 77.108.86.4\r\nUser-Agent: 
Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.12) Gecko/20080201 
Firefox/2.0.0.12\r\nAccept: 
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5\r\nAccept-Language: 
ru-ru,ru;q=0.8,en-us;q=0.5,en;q=0.3\r\nAccept-Encoding: 
gzip,deflate\r\nAccept-Charset: 
windows-1251,utf-8;q=0.7,*;q=0.7\r\nKeep-Alive: 300\r\nProxy-Connection: 
keep-alive\r\n] [HTTP/1.0 503 Service Unavailable\r\nServer: 
squid/3.0.STABLE4\r\nMime-Version: 1.0\r\nDate: Wed, 23 Apr 2008 
05:12:17 GMT\r\nContent-Type: text/html\r\nContent-Length: 
1322\r\nExpires: Wed, 23 Apr 2008 05:12:17 GMT\r\nX-Squid-Error: 
ERR_CONNECT_FAIL 111\r\n\r]



As you can see squid put IP: aaa.bbb.ccc.ddd (a squid ip address) to the 
dynamic link instead of real domain name of the site 
(wiki.mozilla-russia.org)


We don't understand why?
Please, help us to solve this problem.

Best Regards,

Alex


Not squids fault. The "Server: nginx/0.6.29" is sending a 302 out with 
bad information.


What happening there is:

 -> First request has domain + URI.
 <- Squid contacts 195.18.35.94 for data

 -> 195.18.35.94 (nginx/0.6.29) redirects: 302 http://aaa.bbb.ccc.ddd...


 -> Second request has aaa.bbb.ccc.ddd + new URI
 <- Squid contacts aaa.bbb.ccc.ddd for data

 -> failure.

If the server 195.18.35.94 is yours it needs its redirector fixed.

Amos
--
Please use Squid 2.6.STABLE19 or 3.0.STABLE4

Re: [squid-users] help me, please, with squid 3.0 stable4 - not retry url with whitespaces

2008-04-23 Thread Amos Jeffries 

[EMAIL PROTECTED] wrote:


Hello!

SQUID 3.0 Stable4 are compiled on Novell SLES 10 SP1

Not retry url with whitespaces, for example - http://wiki.mozilla-russia.org

In access.log:

1208927537.022505  TCP_MISS/302 14865 GET
http://wiki.mozilla-russia.org/ - DIRECT/195.18.35.94
application/xhtml+xml [Host: wiki.mozilla-russia.org\r\nUser-Agent:
Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.12) Gecko/20080201
Firefox/2.0.0.12\r\nAccept:
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5\r\nAccept-Language:
ru-ru,ru;q=0.8,en-us;q=0.5,en;q=0.3\r\nAccept-Encoding:
gzip,deflate\r\nAccept-Charset:
windows-1251,utf-8;q=0.7,*;q=0.7\r\nKeep-Alive: 300\r\nProxy-Connection:
keep-alive\r\n] [HTTP/1.1 302 Moved Temporarily\r\nServer:
nginx/0.6.29\r\nDate: Wed, 23 Apr 2008 06:15:12 GMT\r\nContent-Type:
application/xhtml+xml; charset=UTF-8\r\nConnection:
close\r\nX-Powered-By: PHP/4.4.7\r\nSet-Cookie:
PHPSESSID=3118ffe35f83d8e5b71612b1752c3a92; path=/\r\nExpires: Thu, 19
Nov 1981 08:52:00 GMT\r\nCache-Control: no-store, no-cache,
must-revalidate, post-check=0, pre-check=0\r\nPragma:
no-cache\r\nLocation: http:///index.php/ru/%25D0%2591%25D0%25B0%25D0%25B7%25D0%25B0%2520%25D0%25B7%25D0%25BD%25D0%25B0%25D0%25BD%25D0%25B8%25D0%25B9%2520%25D0%25BF%25D1%2580%25D0%25BE%25D0%25B5%25D0%25BA%25D1%2582%25D0%25B0%2520Mozilla%2520%25D0%25A0%25D0%25BE%25D1%2581%25D1%2581%25D0%25B8%25D1%258F\r\n\r]
1208927537.187144  TCP_MISS/503 1688 GET
http:///index.php/ru/%D0%91%D0%B0%D0%B7%D0%B0%20%D0%B7%D0%BD%D0%B0%D0%BD%D0%B8%D0%B9%20%D0%BF%D1%80%D0%BE%D0%B5%D0%BA%D1%82%D0%B0%20Mozilla%20%D0%A0%D0%BE%D1%81%D1%81%D0%B8%D1%8F
- DIRECT/ text/html [Host: \r\nUser-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; ru;
rv:1.8.1.12) Gecko/20080201 Firefox/2.0.0.12\r\nAccept:
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5\r\nAccept-Language:
ru-ru,ru;q=0.8,en-us;q=0.5,en;q=0.3\r\nAccept-Encoding:
gzip,deflate\r\nAccept-Charset:
windows-1251,utf-8;q=0.7,*;q=0.7\r\nKeep-Alive: 300\r\nProxy-Connection:
keep-alive\r\n] [HTTP/1.0 503 Service Unavailable\r\nServer:
squid/3.0.STABLE4\r\nMime-Version: 1.0\r\nDate: Wed, 23 Apr 2008
05:12:17 GMT\r\nContent-Type: text/html\r\nContent-Length:
1322\r\nExpires: Wed, 23 Apr 2008 05:12:17 GMT\r\nX-Squid-Error:
ERR_CONNECT_FAIL 111\r\n\r]

SQUID was compiled with options:
--enable-icap-client --enable-default-err-language=Russian-1251
--enable-err-languages=Russian-1251 --enable-linux-netfilter
--disable-ident-lookups

What I need changed?

Thanks.

Best Regards,
Andrew,
Russia,
Moscow



The server at 195.18.35.94 "nginx/0.6.29" is doing weird redirections.

See my response to Alex Gau for details.

Amos
--
Please use Squid 2.6.STABLE19 or 3.0.STABLE4

Re: [squid-users] Problem with viewing http://wiki.mozilla-russia.org

2008-04-23 Thread Alex Gau 

Amos Jeffries пишет:

Alex Gau wrote:

Hello,
we use squid3.0 stable4 on SLES10.
It was compiled with followed parameters:


./configure --prefix=/usr/local/squid3 --enable-icap-client 
--enable-default-err-language=Russian-1251 
--enable-err-languages="Russian-1251 Russian-koi8-r" 
--enable-linux-netfilter --disable-ident-lookups 
--with-default-user=drweb



When we try to view URL http://wiki.mozilla-russia.org through the 
proxy, we receive error message.


We enter squid in debug mode and receive followed messages:


1208927537.022505 xxx.xxx.xxx.xxx TCP_MISS/302 14865 GET 
http://wiki.mozilla-russia.org/ - DIRECT/195.18.35.94 
application/xhtml+xml [Host: wiki.mozilla-russia.org\r\nUser-Agent: 
Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.12) 
Gecko/20080201 Firefox/2.0.0.12\r\nAccept: 
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5\r\nAccept-Language: 
ru-ru,ru;q=0.8,en-us;q=0.5,en;q=0.3\r\nAccept-Encoding: 
gzip,deflate\r\nAccept-Charset: 
windows-1251,utf-8;q=0.7,*;q=0.7\r\nKeep-Alive: 
300\r\nProxy-Connection: keep-alive\r\n] [HTTP/1.1 302 Moved 
Temporarily\r\nServer: nginx/0.6.29\r\nDate: Wed, 23 Apr 2008 
06:15:12 GMT\r\nContent-Type: application/xhtml+xml; 
charset=UTF-8\r\nConnection: close\r\nX-Powered-By: 
PHP/4.4.7\r\nSet-Cookie: PHPSESSID=3118ffe35f83d8e5b71612b1752c3a92; 
path=/\r\nExpires: Thu, 19 Nov 1981 08:52:00 GMT\r\nCache-Control: 
no-store, no-cache, must-revalidate, post-check=0, 
pre-check=0\r\nPragma: no-cache\r\nLocation: 
http://aaa.bbb.ccc.ddd/index.php/ru/%25D0%2591%25D0%25B0%25D0%25B7%25D0%25B0%2520%25D0%25B7%25D0%25BD%25D0%25B0%25D0%25BD%25D0%25B8%25D0%25B9%2520%25D0%25BF%25D1%2580%25D0%25BE%25D0%25B5%25D0%25BA%25D1%2582%25D0%25B0%2520Mozilla%2520%25D0%25A0%25D0%25BE%25D1%2581%25D1%2581%25D0%25B8%25D1%258F\r\n\r] 

1208927537.187144 xxx.xxx.xxx.xxx TCP_MISS/503 1688 GET 
http://aaa.bbb.ccc.ddd/index.php/ru/%D0%91%D0%B0%D0%B7%D0%B0%20%D0%B7%D0%BD%D0%B0%D0%BD%D0%B8%D0%B9%20%D0%BF%D1%80%D0%BE%D0%B5%D0%BA%D1%82%D0%B0%20Mozilla%20%D0%A0%D0%BE%D1%81%D1%81%D0%B8%D1%8F 
- DIRECT/aaa.bbb.ccc.ddd text/html [Host: 77.108.86.4\r\nUser-Agent: 
Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.12) 
Gecko/20080201 Firefox/2.0.0.12\r\nAccept: 
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5\r\nAccept-Language: 
ru-ru,ru;q=0.8,en-us;q=0.5,en;q=0.3\r\nAccept-Encoding: 
gzip,deflate\r\nAccept-Charset: 
windows-1251,utf-8;q=0.7,*;q=0.7\r\nKeep-Alive: 
300\r\nProxy-Connection: keep-alive\r\n] [HTTP/1.0 503 Service 
Unavailable\r\nServer: squid/3.0.STABLE4\r\nMime-Version: 
1.0\r\nDate: Wed, 23 Apr 2008 05:12:17 GMT\r\nContent-Type: 
text/html\r\nContent-Length: 1322\r\nExpires: Wed, 23 Apr 2008 
05:12:17 GMT\r\nX-Squid-Error: ERR_CONNECT_FAIL 111\r\n\r]



As you can see squid put IP: aaa.bbb.ccc.ddd (a squid ip address) to 
the dynamic link instead of real domain name of the site 
(wiki.mozilla-russia.org)


We don't understand why?
Please, help us to solve this problem.

Best Regards,

Alex


Not squids fault. The "Server: nginx/0.6.29" is sending a 302 out with 
bad information.


What happening there is:

 -> First request has domain + URI.
 <- Squid contacts 195.18.35.94 for data

 -> 195.18.35.94 (nginx/0.6.29) redirects: 302 http://aaa.bbb.ccc.ddd...


 -> Second request has aaa.bbb.ccc.ddd + new URI
 <- Squid contacts aaa.bbb.ccc.ddd for data

 -> failure.

If the server 195.18.35.94 is yours it needs its redirector fixed.

Amos

Hello, Amos.

Thank you for your answer.

The server 195.18.35.94 is not ours. It is http://wiki.mozilla-russia.org.
We think that the problem in http://wiki.mozilla-russia.org, but we are 
not sure.


I allready understood that 195.18.35.94 redirect the request.

I don't understand why.

In direct request (without squid (aaa.bbb.ccc.ddd)) the server 
195.18.35.94 (http://wiki.mozilla-russia.org) redirect request to itself:
http://wiki.mozilla-russia.org/index.php/ru/%D0%91%D0%B0%D0%B7%D0%B0%20%D0%B7%D0%BD%D0%B0%D0%BD%D0%B8%D0%B9%20%D0%BF%D1%80%D0%BE%D0%B5%D0%BA%D1%82%D0%B0%20Mozilla%20%D0%A0%D0%BE%D1%81%D1%81%D0%B8%D1%8F 
When we use squid it redirect to squid ip:

http://aaa.bbb.ccc.ddd/index.php/ru/%D0%91%D0%B0%D0%B7%D0%B0%20%D0%B7%D0%BD%D0%B0%D0%BD%D0%B8%D0%B9%20%D0%BF%D1%80%D0%BE%D0%B5%D0%BA%D1%82%D0%B0%20Mozilla%20%D0%A0%D0%BE%D1%81%D1%81%D0%B8%D1%8F
Of couse, the URL http://aaa.bbb.ccc.ddd/index.php/ru/.. is not exist.

Alex.

Re: [squid-users] Problem with viewing http://wiki.mozilla-russia.org

2008-04-23 Thread Amos Jeffries 

Alex Gau wrote:

Amos Jeffries пишет:

Alex Gau wrote:

Hello,
we use squid3.0 stable4 on SLES10.
It was compiled with followed parameters:


./configure --prefix=/usr/local/squid3 --enable-icap-client 
--enable-default-err-language=Russian-1251 
--enable-err-languages="Russian-1251 Russian-koi8-r" 
--enable-linux-netfilter --disable-ident-lookups 
--with-default-user=drweb



When we try to view URL http://wiki.mozilla-russia.org through the 
proxy, we receive error message.


We enter squid in debug mode and receive followed messages:


1208927537.022505 xxx.xxx.xxx.xxx TCP_MISS/302 14865 GET 
http://wiki.mozilla-russia.org/ - DIRECT/195.18.35.94 
application/xhtml+xml [Host: wiki.mozilla-russia.org\r\nUser-Agent: 
Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.12) 
Gecko/20080201 Firefox/2.0.0.12\r\nAccept: 
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5\r\nAccept-Language: 
ru-ru,ru;q=0.8,en-us;q=0.5,en;q=0.3\r\nAccept-Encoding: 
gzip,deflate\r\nAccept-Charset: 
windows-1251,utf-8;q=0.7,*;q=0.7\r\nKeep-Alive: 
300\r\nProxy-Connection: keep-alive\r\n] [HTTP/1.1 302 Moved 
Temporarily\r\nServer: nginx/0.6.29\r\nDate: Wed, 23 Apr 2008 
06:15:12 GMT\r\nContent-Type: application/xhtml+xml; 
charset=UTF-8\r\nConnection: close\r\nX-Powered-By: 
PHP/4.4.7\r\nSet-Cookie: PHPSESSID=3118ffe35f83d8e5b71612b1752c3a92; 
path=/\r\nExpires: Thu, 19 Nov 1981 08:52:00 GMT\r\nCache-Control: 
no-store, no-cache, must-revalidate, post-check=0, 
pre-check=0\r\nPragma: no-cache\r\nLocation: 
http://aaa.bbb.ccc.ddd/index.php/ru/%25D0%2591%25D0%25B0%25D0%25B7%25D0%25B0%2520%25D0%25B7%25D0%25BD%25D0%25B0%25D0%25BD%25D0%25B8%25D0%25B9%2520%25D0%25BF%25D1%2580%25D0%25BE%25D0%25B5%25D0%25BA%25D1%2582%25D0%25B0%2520Mozilla%2520%25D0%25A0%25D0%25BE%25D1%2581%25D1%2581%25D0%25B8%25D1%258F\r\n\r] 

1208927537.187144 xxx.xxx.xxx.xxx TCP_MISS/503 1688 GET 
http://aaa.bbb.ccc.ddd/index.php/ru/%D0%91%D0%B0%D0%B7%D0%B0%20%D0%B7%D0%BD%D0%B0%D0%BD%D0%B8%D0%B9%20%D0%BF%D1%80%D0%BE%D0%B5%D0%BA%D1%82%D0%B0%20Mozilla%20%D0%A0%D0%BE%D1%81%D1%81%D0%B8%D1%8F 
- DIRECT/aaa.bbb.ccc.ddd text/html [Host: 77.108.86.4\r\nUser-Agent: 
Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.12) 
Gecko/20080201 Firefox/2.0.0.12\r\nAccept: 
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5\r\nAccept-Language: 
ru-ru,ru;q=0.8,en-us;q=0.5,en;q=0.3\r\nAccept-Encoding: 
gzip,deflate\r\nAccept-Charset: 
windows-1251,utf-8;q=0.7,*;q=0.7\r\nKeep-Alive: 
300\r\nProxy-Connection: keep-alive\r\n] [HTTP/1.0 503 Service 
Unavailable\r\nServer: squid/3.0.STABLE4\r\nMime-Version: 
1.0\r\nDate: Wed, 23 Apr 2008 05:12:17 GMT\r\nContent-Type: 
text/html\r\nContent-Length: 1322\r\nExpires: Wed, 23 Apr 2008 
05:12:17 GMT\r\nX-Squid-Error: ERR_CONNECT_FAIL 111\r\n\r]



As you can see squid put IP: aaa.bbb.ccc.ddd (a squid ip address) to 
the dynamic link instead of real domain name of the site 
(wiki.mozilla-russia.org)


We don't understand why?
Please, help us to solve this problem.

Best Regards,

Alex


Not squids fault. The "Server: nginx/0.6.29" is sending a 302 out with 
bad information.


What happening there is:

 -> First request has domain + URI.
 <- Squid contacts 195.18.35.94 for data

 -> 195.18.35.94 (nginx/0.6.29) redirects: 302 http://aaa.bbb.ccc.ddd...


 -> Second request has aaa.bbb.ccc.ddd + new URI
 <- Squid contacts aaa.bbb.ccc.ddd for data

 -> failure.

If the server 195.18.35.94 is yours it needs its redirector fixed.

Amos

Hello, Amos.

Thank you for your answer.

The server 195.18.35.94 is not ours. It is http://wiki.mozilla-russia.org.
We think that the problem in http://wiki.mozilla-russia.org, but we are 
not sure.


I allready understood that 195.18.35.94 redirect the request.

I don't understand why.

In direct request (without squid (aaa.bbb.ccc.ddd)) the server 
195.18.35.94 (http://wiki.mozilla-russia.org) redirect request to itself:
http://wiki.mozilla-russia.org/index.php/ru/%D0%91%D0%B0%D0%B7%D0%B0%20%D0%B7%D0%BD%D0%B0%D0%BD%D0%B8%D0%B9%20%D0%BF%D1%80%D0%BE%D0%B5%D0%BA%D1%82%D0%B0%20Mozilla%20%D0%A0%D0%BE%D1%81%D1%81%D0%B8%D1%8F 
When we use squid it redirect to squid ip:
http://aaa.bbb.ccc.ddd/index.php/ru/%D0%91%D0%B0%D0%B7%D0%B0%20%D0%B7%D0%BD%D0%B0%D0%BD%D0%B8%D0%B9%20%D0%BF%D1%80%D0%BE%D0%B5%D0%BA%D1%82%D0%B0%20Mozilla%20%D0%A0%D0%BE%D1%81%D1%81%D0%B8%D1%8F 


Of couse, the URL http://aaa.bbb.ccc.ddd/index.php/ru/.. is not exist.

Alex.



I managed to replicate the behaviour without using squid at all.

The ngix server appear to be dying whenever it receives X-Forwarded-For: 
header.


You can temporarily plug this break with:

  acl brokenXFF dstdomain .mozilla-russia.org
  request_header_access X-Forwarded-For deny brokenXFF


Amos
--
Please use Squid 2.6.STABLE19 or 3.0.STABLE4

[squid-users] Too many refresh hits on old object

2008-04-23 Thread Benno Blumenthal 

Hello All,

I have an oldish popular object which is getting requested through a 
chain of squid servers:  a proxy server is talking to a reverse proxy 
which asks a reverse proxy which asks the server.   My problem is that 
the squids rarely respond with HIT/NONE -- every request seems to go 
through the whole chain to see if the file is updated.   I think the 
problem is some confusion about how the Age: and max-age headers 
interact (I know I am confused; I worry about squid)


Here is the request for the file with headers:

wget -S http://iridl.ldeo.columbia.edu/SOURCES/thredds.xml
--11:04:12--  http://iridl.ldeo.columbia.edu/SOURCES/thredds.xml
  => `thredds.xml.1'
Resolving iridl.ldeo.columbia.edu... 129.236.110.69
Connecting to iridl.ldeo.columbia.edu|129.236.110.69|:80... connected.
HTTP request sent, awaiting response...
 HTTP/1.0 200 OK
 Date: Thu, 10 Apr 2008 22:57:15 GMT
 Server: Ingrid 0.9
 Mime-Version: 1.0
 Cache-Control: public
 Content-Type: text/xml
 Last-Modified: Fri, 14 Mar 2008 21:44:28 GMT
 X-Cache: MISS from iridlc6.ldeo.columbia.edu
 X-Cache-Lookup: MISS from iridlc6.ldeo.columbia.edu:80
 Age: 1094817
 Content-Length: 23219
 X-Cache: HIT from iridl2p.ldeo.columbia.edu
 X-Cache-Lookup: HIT from iridl2p.ldeo.columbia.edu:80
 Via: 1.0 iridl2p.ldeo.columbia.edu:80 (squid/2.6.STABLE12)
 Connection: keep-alive
Length: 23,219 (23K) [text/xml]



And here is a portion of the front cache's log:

1208962913.226  5 129.236.21.133 TCP_REFRESH_HIT/304 315 GET 
http://iridl.ldeo.columbia.edu/SOURCES/thredds.xml - 
ROUNDROBIN_PARENT/ingridc6 - [If-Modified-Since: Fri, 14 Mar 2008 
21:44:28 GMT\r\nUser-Agent: Ingrid 0.9\r\nVia: 1.0 
kage.ldgo.columbia.edu:3128 (squid/2.6.STABLE17)\r\nX-Forwarded-For: 
127.0.0.1\r\nHost: iridl.ldeo.columbia.edu\r\nCache-Control: 
max-age=259200\r\nConnection: keep-alive\r\n] [HTTP/1.0 304 Not 
Modified\r\nX-Cache: MISS from 
iridlc6.ldeo.columbia.edu\r\nX-Cache-Lookup: HIT from 
iridlc6.ldeo.columbia.edu:80\r\nConnection: keep-alive\r\n\r]
1208962913.286  3 129.236.21.133 TCP_REFRESH_HIT/304 315 GET 
http://iridl.ldeo.columbia.edu/SOURCES/thredds.xml - 
ROUNDROBIN_PARENT/ingridc5 - [If-Modified-Since: Fri, 14 Mar 2008 
21:44:28 GMT\r\nUser-Agent: Ingrid 0.9\r\nVia: 1.0 
kage.ldgo.columbia.edu:3128 (squid/2.6.STABLE17)\r\nX-Forwarded-For: 
127.0.0.1\r\nHost: iridl.ldeo.columbia.edu\r\nCache-Control: 
max-age=259200\r\nConnection: keep-alive\r\n] [HTTP/1.0 304 Not 
Modified\r\nX-Cache: MISS from 
iridlc5.ldeo.columbia.edu\r\nX-Cache-Lookup: HIT from 
iridlc5.ldeo.columbia.edu:80\r\nConnection: keep-alive\r\n\r]
1208962913.674  3 129.236.21.133 TCP_REFRESH_HIT/304 315 GET 
http://iridl.ldeo.columbia.edu/SOURCES/thredds.xml - 
ROUNDROBIN_PARENT/ingridc6 - [If-Modified-Since: Fri, 14 Mar 2008 
21:44:28 GMT\r\nUser-Agent: Ingrid 0.9\r\nVia: 1.0 
kage.ldgo.columbia.edu:3128 (squid/2.6.STABLE17)\r\nX-Forwarded-For: 
127.0.0.1\r\nHost: iridl.ldeo.columbia.edu\r\nCache-Control: 
max-age=259200\r\nConnection: keep-alive\r\n] [HTTP/1.0 304 Not 
Modified\r\nX-Cache: MISS from 
iridlc6.ldeo.columbia.edu\r\nX-Cache-Lookup: HIT from 
iridlc6.ldeo.columbia.edu:80\r\nConnection: keep-alive\r\n\r]
1208962913.725  5 129.236.21.133 TCP_REFRESH_HIT/304 315 GET 
http://iridl.ldeo.columbia.edu/SOURCES/thredds.xml - 
ROUNDROBIN_PARENT/ingridc6 - [If-Modified-Since: Fri, 14 Mar 2008 
21:44:28 GMT\r\nUser-Agent: Ingrid 0.9\r\nVia: 1.0 
kage.ldgo.columbia.edu:3128 (squid/2.6.STABLE17)\r\nX-Forwarded-For: 
127.0.0.1\r\nHost: iridl.ldeo.columbia.edu\r\nCache-Control: 
max-age=259200\r\nConnection: keep-alive\r\n] [HTTP/1.0 304 Not 
Modified\r\nX-Cache: MISS from 
iridlc6.ldeo.columbia.edu\r\nX-Cache-Lookup: HIT from 
iridlc6.ldeo.columbia.edu:80\r\nConnection: keep-alive\r\n\r]
1208962914.167  4 129.236.21.133 TCP_REFRESH_HIT/304 315 GET 
http://iridl.ldeo.columbia.edu/SOURCES/thredds.xml - 
ROUNDROBIN_PARENT/ingridc6 - [If-Modified-Since: Fri, 14 Mar 2008 
21:44:28 GMT\r\nUser-Agent: Ingrid 0.9\r\nVia: 1.0 
kage.ldgo.columbia.edu:3128 (squid/2.6.STABLE17)\r\nX-Forwarded-For: 
127.0.0.1\r\nHost: iridl.ldeo.columbia.edu\r\nCache-Control: 
max-age=259200\r\nConnection: keep-alive\r\n] [HTTP/1.0 304 Not 
Modified\r\nX-Cache: MISS from 
iridlc6.ldeo.columbia.edu\r\nX-Cache-Lookup: HIT from 
iridlc6.ldeo.columbia.edu:80\r\nConnection: keep-alive\r\n\r]
1208962914.176  3 129.236.21.133 TCP_REFRESH_HIT/304 315 GET 
http://iridl.ldeo.columbia.edu/SOURCES/thredds.xml - 
ROUNDROBIN_PARENT/ingridc6 - [If-Modified-Since: Fri, 14 Mar 2008 
21:44:28 GMT\r\nUser-Agent: Ingrid 0.9\r\nVia: 1.0 
kage.ldgo.columbia.edu:3128 (squid/2.6.STABLE17)\r\nX-Forwarded-For: 
127.0.0.1\r\nHost: iridl.ldeo.columbia.edu\r\nCache-Control: 
max-age=259200\r\nConnection: keep-alive\r\n] [HTTP/1.0 304 Not 
Modified\r\nX-Cache: MISS from 
iridlc6.ldeo.columbia.edu\r\nX-Cache-Lookup: HIT from 
iridlc6.ldeo.columbia.edu:80\r\nConnection: keep-alive\r\n\r]
1208962914.642  3 129.236.21.133 TCP_REFR

[squid-users] DNSSERVER process doesnt exist

2008-04-23 Thread Trevor Akers 
I am using squid-2.6.STABLE19 and it doesn't have the
dnsserver process.

Is this configurable? can I add it after the fact?




  

Be a better friend, newshound, and 
know-it-all with Yahoo! Mobile.  Try it now.  
http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ

Re: [squid-users] Access Controls using MAC address

2008-04-23 Thread Odhiambo Washington 
On Mon, Apr 21, 2008 at 1:41 AM, Henrik Nordstrom
<[EMAIL PROTECTED]> wrote:
> sön 2008-04-20 klockan 17:29 +0300 skrev Odhiambo Washington:
>
>
>  > acl underdogs "/path/to/file/with/several-mac-addresses"
>  > http_access allow underdogs TIME-RESTRICTION
>  > http_access deny underdogs?
>  >
>  > Something like that possible?
>
>  Should work exacly as you typed...

Not quite, sirs I had missed one important component, so I must
add it as it should be for the archives:

acl underdogs arp "/path/to/file/with/several-mac-addresses"
http_access allow underdogs TIME-RESTRICTION
http_access deny underdogs

This works great!  I use FreeBSD where the ARP ACL is supported.

Thanks everyone.

-- 
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254733744121/+254722743223
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

"Oh My God! They killed init! You Bastards!"
 --from a /. post

Re: [squid-users] Can't access this site using squid-2.6.19

2008-04-23 Thread Henrik Nordstrom 
ons 2008-04-23 klockan 18:37 +0800 skrev Andy Low:

> Thanks! This solve my problem, I have tested the Squid on FC8 and 
> FC9-preview. But strange, I have another Linux Server running on RedHat 9 
> and using Squid-2.6.18 has no problem. The TCP Window Scaling is turned on 
> too, unless the TCP Window Scaling on Redhat 9 is broken?

How visible the problems due to broken firewalls messing up TCP Windows
Scaling is depends on

* Linux kernel version (window scaling selection algorithm has changed a
number of times...)
* Amount of installed memory (more memory -> more likely to see the
problem)
* Sysctl settings applied (defaults derived from amount of memory)

Regards
Henrik

Re: [squid-users] DNSSERVER process doesnt exist

2008-04-23 Thread Henrik Nordstrom 

ons 2008-04-23 klockan 10:32 -0700 skrev Trevor Akers:
> I am using squid-2.6.STABLE19 and it doesn't have the
> dnsserver process.
> 
> Is this configurable? can I add it after the fact?

Why would you want it?

THe internal DNS resolver is better, leaner, smarter and does a better
job.

Regards
Henrik

Re: [squid-users] Too many refresh hits on old object

2008-04-23 Thread Henrik Nordstrom 
ons 2008-04-23 klockan 11:32 -0400 skrev Benno Blumenthal:
> through the whole chain to see if the file is updated.   I think the 
> problem is some confusion about how the Age: and max-age headers 
> interact (I know I am confused; I worry about squid)

More likely Bug #7...

Regards
Henrik

Re: [squid-users] Too many refresh hits on old object

2008-04-23 Thread Benno Blumenthal 

On Wed, Apr 23, 2008 at 4:08 PM, Henrik Nordstrom
<[EMAIL PROTECTED]> wrote:

ons 2008-04-23 klockan 11:32 -0400 skrev Benno Blumenthal:
 > through the whole chain to see if the file is updated.   I think the
 > problem is some confusion about how the Age: and max-age headers
 > interact (I know I am confused; I worry about squid)

 More likely Bug #7...

 Regards
 Henrik


Yes, it does look like Bug #7, though in this case Squid is adding the
lines that do not get updated (i.e. Age:), so I am only presuming that
the download time is stored with the "Headers on the disk".

Also in this case Squid is creating the problem by adding the max-age
tag to the Cache-Control line in the request, so an alternative
solution would be to configure all the squids  in the chain to not do
that. If I knew how to do that short of stripping out cache-control
from all the requests  ...



Benno

Re: [squid-users] Upgrade from Squid 2.5 Stable6 to Squid 2.6 Stable19 - Part II

2008-04-23 Thread Chris Robertson 

Thompson, Scott (WA) wrote:

Sorry in my previous post I assumed I was running 2.6 Stable 6 and I
wanted to u/g to Stable 19 but it appears I am running 2.5 Stable6 and I
want to u/g to Squid 2.6 Stable 19
  


Some configuration changes might be needed to migrate from 2.5 to 2.6.  
See 
http://www.squid-cache.org/Versions/v2/2.6/squid-2.6.STABLE1-RELEASENOTES.html#s1 
for details.



I have found that when I run squid -v I get the following output

Squid Cache: Version 2.5.STABLE6
configure options:  --build=i686-redhat-linux-gnu
--host=i686-redhat-linux-gnu --target=i386-redhat-linux-gnu
--program-prefix= --prefix=/usr --exec-prefix=/usr --bindir=/usr/bin
--sbindir=/usr/sbin --sysconfdir=/etc --datadir=/usr/share
--includedir=/usr/include --libdir=/usr/lib --libexecdir=/usr/libexec
--localstatedir=/var --sharedstatedir=/usr/com --mandir=/usr/share/man
--infodir=/usr/share/info --exec_prefix=/usr --bindir=/usr/sbin
--libexecdir=/usr/lib/squid --localstatedir=/var --sysconfdir=/etc/squid
--enable-poll --enable-snmp --enable-removal-policies=heap,lru
--enable-storeio=aufs,coss,diskd,null,ufs --enable-ssl
--with-openssl=/usr/kerberos --enable-delay-pools
--enable-linux-netfilter --with-pthreads
--enable-ntlm-auth-helpers=SMB,winbind
--enable-external-acl-helpers=ip_user,ldap_group,unix_group,wbinfo_group
,winbind_group --enable-auth=basic,ntlm --with-winbind-auth-challenge
--enable-useragent-log --enable-referer-log
--disable-dependency-tracking --enable-cachemgr-hostname=localhost
--disable-ident-lookups --enable-truncate --enable-underscores
--datadir=/usr/share
--enable-basic-auth-helpers=LDAP,MSNT,NCSA,PAM,SMB,YP,getpwnam,multi-dom
ain-NTLM,SASL,winbind

Does that mean I can just run ./configure from the folder in which I
extracted the Squid 2.6 Stable19 files with the above command line
switches and I will have Stable 19 installed? I assume I would have to
restart the squid service!
  


You can, but you might want to pare down the list a little.  I start 
with "configure --prefix=/usr --includedir=/usr/include 
--datadir=/usr/share --bindir=/usr/sbin --libexecdir=/usr/lib/squid 
--localstatedir=/var --sysconfdir=/etc/squid" to use the RedHat 
directories and add options from there.



Any info would be greatly appreciated
  


Be aware that the RHEL 5 Squid package 
(squid-2.6.STABLE6-5.el5_1.3.i386.rpm) adds a configuration directive 
(max_filedesc) which is not present in the non-RedHat-customized version.



Scott
  


Chris

Re: [squid-users] Chat Apps getting blocked

2008-04-23 Thread Chris Robertson 

Odhiambo Washington wrote:

Hi Amos,

Thank you so much. This now works after I created an ACL for them.

PS: Does everyone on this list get some e-mail from ANTIGEN blah on
some exchange server whenever they send mail to the list or is it just
me?

For every post to the list, I get a response with the following data
in the body:


Microsoft Antigen for Exchange found a message matching a filter. The
message is currently Identified.
Message: "SUSPECT MAIL_ _squid_users_ Access Controls using MAC address"
Filter name: "KEYWORD= profanity: bastards;sexual discrimination: bastards"
  


Check your signature...


Sent from: "Odhiambo Washington"
Folder: "SMTP Messages\Inbound"
Location: "tesco/First Administrative Group/SW2KE"


It's very annoying and I always wonder if squid-users is hosted on a
M$ Exchange platform:-)
Anyone has a clue as to why I always get this?

  
--

Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254733744121/+254722743223
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

"Oh My God! They killed init! You Bastards!"
 --from a /. post


Chris

Re: [squid-users] Does anyone know how to make https work?

2008-04-23 Thread Brian Lu 

Dear Amos
I have another question...
If it can't work in 3.0 or any 2.x,why can I setup https in transparent 
mode?

Is it just reserve for ver 3.1?

- Original Message - 
From: "Amos Jeffries" <[EMAIL PROTECTED]>

To: "Brian Lu" <[EMAIL PROTECTED]>
Cc: 
Sent: Tuesday, April 22, 2008 2:50 PM
Subject: Re: [squid-users] Does anyone know how to make https work?



Brian Lu wrote:

Hi All
I meet a problem:when I use https to access the web pages,my IE always
show me:
1.If setuped cache_peer:
錯誤
欲連結之網址(URL)無法正確的傳回

當嘗試傳回下面的網址(URL)時:
https://www.chb.com.tw/wcm/web/home/index.html
發生了下列的錯誤:
Unsupported Request Method and Protocol
尚未支援的要求方式或通訊協定
Squid does not support all request methods for all access protocols. For
example, you can not POST a Gopher request.
因為 Squid (網路快取程式)並未支援所有的連結要求方式在各式通訊協定上。
比如說,你不能要求一個 GOPHER 的 POST 連結要求。

Generated Mon, 21 Apr 2008 05:22:30 GMT by proxy.seed.net.tw
(squid/2.5.STABLE11)

2.If no cache_peer:
ERROR
The requested URL could not be retrieved

While trying to retrieve the URL:
https://www.chb.com.tw/wcm/web/home/index.html
The following error was encountered:
Connection to 210.65.204.245 Failed
The system returned:
   (71) Protocol error
The remote host or network may be down. Please try the request again.
Your cache administrator is .

Generated Mon, 21 Apr 2008 05:18:30 GMT by 192.168.1.254
(squid/3.0.STABLE2)

My squid version:
[EMAIL PROTECTED] ]# squid -v
Squid Cache: Version 3.0.STABLE2
configure options:  '--enable-ssl' '--enable-linux-netfilter'
'--enable-referer-log'

My squid.conf:



http_port 3128 transparent
https_port 3129 cert=/usr/local/squid/etc/cert.pem
key=/usr/local/squid/etc/key.pem transparent



HTTPS cannot be intercepted transparently in 3.0 or any 2.x

You need to have 3.1 with sslBump enabled for thatt.




Does anyone know how to make https work? thank you very much~

Best regards,
Brian Lu


(sorry if my txt is garbled, thunderbird seems not to like unicode 
editing)


Amos
--
Please use Squid 2.6.STABLE19 or 3.0.STABLE4

__ NOD32 3044 (20080421) Information __

This message was checked by NOD32 antivirus system.
http://www.nod32.com.hk

Re: [squid-users] Does anyone know how to make https work?

2008-04-23 Thread Amos Jeffries 
> Dear Amos
> I have another question...
> If it can't work in 3.0 or any 2.x,why can I setup https in transparent
> mode?
> Is it just reserve for ver 3.1?

It's a side-effect of the way squid code is written. On https_port lines
it will still enable the actions shared with the 'accel' option. But the
transparency-specific code will still fail on encrypted traffic as you
noticed.

Amos

>
> - Original Message -
> From: "Amos Jeffries" <[EMAIL PROTECTED]>
> To: "Brian Lu" <[EMAIL PROTECTED]>
> Cc: 
> Sent: Tuesday, April 22, 2008 2:50 PM
> Subject: Re: [squid-users] Does anyone know how to make https work?
>
>
>> Brian Lu wrote:
>>> Hi All
>>> I meet a problem:when I use https to access the web pages,my IE always
>>> show me:
>>> 1.If setuped cache_peer:
>>> ¿ù»~
>>> ±ý³sµ²¤§ºô§}¡]URL¡^µLªk¥¿½Tªº¶Ç¦^
>>>
>>> ·í¹Á¸Õ¶Ç¦^¤U­±ªººô§}¡]URL¡^®É¡G
>>> https://www.chb.com.tw/wcm/web/home/index.html
>>> µo¥Í¤F¤U¦Cªº¿ù»~¡G
>>> Unsupported Request Method and Protocol
>>> ©|¥¼¤ä´©ªº­n¨D¤è¦¡©Î³q°T¨ó©w
>>> Squid does not support all request methods for all access protocols.
>>> For
>>> example, you can not POST a Gopher request.
>>> ¦]¬° Squid ¡]ºô¸ô§Ö¨úµ{¦¡¡^¨Ã¥¼¤ä´©©Ò¦³ªº³sµ²­n¨D¤è¦¡¦b¦U¦¡³q°T¨ó©w¤W¡C
>>> [EMAIL PROTECTED] GOPHER ªº POST ³sµ²­n¨D¡C
>>>
>>> Generated Mon, 21 Apr 2008 05:22:30 GMT by proxy.seed.net.tw
>>> (squid/2.5.STABLE11)
>>>
>>> 2.If no cache_peer:
>>> ERROR
>>> The requested URL could not be retrieved
>>>
>>> While trying to retrieve the URL:
>>> https://www.chb.com.tw/wcm/web/home/index.html
>>> The following error was encountered:
>>> Connection to 210.65.204.245 Failed
>>> The system returned:
>>>(71) Protocol error
>>> The remote host or network may be down. Please try the request again.
>>> Your cache administrator is .
>>>
>>> Generated Mon, 21 Apr 2008 05:18:30 GMT by 192.168.1.254
>>> (squid/3.0.STABLE2)
>>>
>>> My squid version:
>>> [EMAIL PROTECTED] ]# squid -v
>>> Squid Cache: Version 3.0.STABLE2
>>> configure options:  '--enable-ssl' '--enable-linux-netfilter'
>>> '--enable-referer-log'
>>>
>>> My squid.conf:
>> 
>>> http_port 3128 transparent
>>> https_port 3129 cert=/usr/local/squid/etc/cert.pem
>>> key=/usr/local/squid/etc/key.pem transparent
>> 
>>
>> HTTPS cannot be intercepted transparently in 3.0 or any 2.x
>>
>> You need to have 3.1 with sslBump enabled for thatt.
>>
>>
>>>
>>> Does anyone know how to make https work? thank you very much~
>>>
>>> Best regards,
>>> Brian Lu
>>
>> (sorry if my txt is garbled, thunderbird seems not to like unicode
>> editing)
>>
>> Amos
>> --
>> Please use Squid 2.6.STABLE19 or 3.0.STABLE4
>>
>> __ NOD32 3044 (20080421) Information __
>>
>> This message was checked by NOD32 antivirus system.
>> http://www.nod32.com.hk
>>
>>
>
>

Re: [squid-users] Upgrade from Squid 2.5 Stable6 to Squid 2.6 Stable19 - Part II

2008-04-23 Thread Amos Jeffries 
> Thompson, Scott (WA) wrote:
>> Sorry in my previous post I assumed I was running 2.6 Stable 6 and I
>> wanted to u/g to Stable 19 but it appears I am running 2.5 Stable6 and I
>> want to u/g to Squid 2.6 Stable 19
>>
>
> Some configuration changes might be needed to migrate from 2.5 to 2.6.
> See
> http://www.squid-cache.org/Versions/v2/2.6/squid-2.6.STABLE1-RELEASENOTES.html#s1
> for details.
>
>> I have found that when I run squid -v I get the following output
>>
>> Squid Cache: Version 2.5.STABLE6
>> configure options:  --build=i686-redhat-linux-gnu
>> --host=i686-redhat-linux-gnu --target=i386-redhat-linux-gnu
>> --program-prefix= --prefix=/usr --exec-prefix=/usr --bindir=/usr/bin
>> --sbindir=/usr/sbin --sysconfdir=/etc --datadir=/usr/share
>> --includedir=/usr/include --libdir=/usr/lib --libexecdir=/usr/libexec
>> --localstatedir=/var --sharedstatedir=/usr/com --mandir=/usr/share/man
>> --infodir=/usr/share/info --exec_prefix=/usr --bindir=/usr/sbin
>> --libexecdir=/usr/lib/squid --localstatedir=/var --sysconfdir=/etc/squid
>> --enable-poll --enable-snmp --enable-removal-policies=heap,lru
>> --enable-storeio=aufs,coss,diskd,null,ufs --enable-ssl
>> --with-openssl=/usr/kerberos --enable-delay-pools
>> --enable-linux-netfilter --with-pthreads
>> --enable-ntlm-auth-helpers=SMB,winbind
>> --enable-external-acl-helpers=ip_user,ldap_group,unix_group,wbinfo_group
>> ,winbind_group --enable-auth=basic,ntlm --with-winbind-auth-challenge
>> --enable-useragent-log --enable-referer-log
>> --disable-dependency-tracking --enable-cachemgr-hostname=localhost
>> --disable-ident-lookups --enable-truncate --enable-underscores
>> --datadir=/usr/share
>> --enable-basic-auth-helpers=LDAP,MSNT,NCSA,PAM,SMB,YP,getpwnam,multi-dom
>> ain-NTLM,SASL,winbind
>>
>> Does that mean I can just run ./configure from the folder in which I
>> extracted the Squid 2.6 Stable19 files with the above command line
>> switches and I will have Stable 19 installed? I assume I would have to
>> restart the squid service!
>>
>
> You can, but you might want to pare down the list a little.  I start
> with "configure --prefix=/usr --includedir=/usr/include
> --datadir=/usr/share --bindir=/usr/sbin --libexecdir=/usr/lib/squid
> --localstatedir=/var --sysconfdir=/etc/squid" to use the RedHat
> directories and add options from there.

Thank you. There is a wiki page I'm trying to make useful:
http://wiki.squid-cache.org/SquidFaq/CompilingSquid

Are there any other must-knows for RedHat?

>
>> Any info would be greatly appreciated
>>
>
> Be aware that the RHEL 5 Squid package
> (squid-2.6.STABLE6-5.el5_1.3.i386.rpm) adds a configuration directive
> (max_filedesc) which is not present in the non-RedHat-customized version.
>

The most recent releases of Squid have configure options --with-maxfd=N
(2.x) or --with-filedescriptors=N (3.x) which replace that old RH
squid.conf directive.

>> Scott
>>
>
> Chris
>
>

[squid-users] Sqstat + Squidguard

2008-04-23 Thread William A. Knob 

   Hi all,

   Anyone uses Sqstat with squidguard?  I'm consiguring my cachemgr 
feature on squid.conf but with recirector_program poiting to Squidguard 
I dont have any active connections...


   Anyone knows how I can do that thing work ?

   Regards,

--

*William A. Knob - Divisão Desenvolvimento*
Raidbr Soluções em Informática Ltda.
Rua José Albino Reuse, 1125. Cinquentenário. Caxias do Sul - RS
Fone/ Fax: (54) 3223.7074

Visite nosso site:
www.raidbr.com.br

Re: [squid-users] squid transparent proxy

2008-04-23 Thread Wennie V. Lagmay 
Hi all,

I am reading the procedure for transparent proxy but I am hesitant to implement 
it because I am not sure what will be the impact to my system. Ok I am looking 
at 2 options,

option 1:
   iptables -t nat -A PREROUTING -i eth0 -s ! squid-box -p tcp --dport 80 -j 
DNAT --to quid-box:3128
   iptables -t nat -A POSTROUTING -o eth0 -s local-network -d squid-box -j SNAT 
--to iptables-box
   iptables -A FORWARD -s local-network -d squid-box -i eth0 -o eth0 -p tcp 
--dport 3128 -j ACCEPT

option 2:

* iptables -t mangle -A PREROUTING -j ACCEPT -p tcp --dport 80 -s squid-box
* iptables -t mangle -A PREROUTING -j MARK --set-mark 3 -p tcp --dport 80
* ip rule add fwmark 3 table 2
* ip route add default via squid-box dev eth1 table 2

  For squid box
* iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 80 -j REDIRECT 
--to-port 3128


As I mentioned I have a separate boxes for firewall and squid. My firewall is a 
Fedora core 4 and my squid-2.6-Stable19 is running on Fedora Core 8. My 
Firewall has 2 interfaces eth0=xxx.xxx.184.33/27 which connects to my local 
network and eth1=xxx.xxx.184.18/28 which connects to the internet. the firewall 
also act as the NAT server which actually the gateway of all traffics except 
80/8080. The firewall and squid communicates via internet connection which is 
the eth0 for firewall 


In option2 I am worried that If I implement the rule all traffic will be 
forwarded to squid, Also I  am not sure what is line #2 and #3. Another thing 
how can I make sure if the following requirements are already ready to my 
system:

* P: advanced router
* IP: policy routing
* IP: use netfilter MARK value as routing key
* IP: Netfilter Configuration -> Packet mangling
* IP: Netfilter Configuration -> MARK target support
and iproute2 tools.


Can you please help me, which options is best for me and how can I do it 
smoothly. If you need more information about my setup or if you want see any of 
my configuration please let me know 

Thank you very,

Wennie

- Original Message -
From: "Wennie V. Lagmay" <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Sent: Thursday, April 3, 2008 2:36:42 PM (GMT+0300) Asia/Kuwait
Subject: Fwd: [squid-users] squid transparent proxy


- Forwarded Message -
From: "Indunil Jayasooriya" <[EMAIL PROTECTED]>
To: "Wennie V. Lagmay" <[EMAIL PROTECTED]>
Cc: "squid-users" 
Sent: Thursday, April 3, 2008 12:58:27 PM (GMT+0300) Asia/Kuwait
Subject: Re: [squid-users] squid transparent proxy

>  You are right I am using port 8080. As I mentioned I have 2 machine the 1st 
> machine is my Firewall/NAT server wherein the iptables configuration already 
> stated that it should redirect port 80 to 8080

Oh , Squid is Not running on this box. then, REDIRECT will not work.
What Your firewall can do is MARK   port 80 traffic and route it via
squid box. that is Known As Transparent Proxy to a Remote Box

you need  both iptables and ip route2 pkgs.

Okay, below are the rules, you need to add.


On your firewall, pls add below rules

iptables -t mangle -A PREROUTING -j ACCEPT -p tcp --dport 80 -s
ipaddressofsquid-box
iptables -t mangle -A PREROUTING -j MARK --set-mark 3 -p tcp --dport 80
ip rule add fwmark 3 table 2
ip route add default via ipaddressofsquid-box dev eth1 table 2

dev eth1 is connected to squidbox. pls change it accodingly.

On your squid Box, Pls add beow rules.

iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 80 -j REDIRECT
--to-port 8080

this is where REDIRECT takes place.

In addition to that, you will have to make sure, port 8080 is open on
this squid box , since squid is running on port 8080.

I thinkeverything is open on squid box.


Now, clients gateway is the ip of the firewall/NAT box. and also check
Dns in clients.

here's another useful urls

http://www.mail-archive.com/squid-users@squid-cache.org/msg53662.html

http://tldp.org/HOWTO/TransparentProxy-6.html

Good luck


-- 
Thank you
Indunil Jayasooriya