Re: [squid-users] upgrading from squid 2.6 to 2.7
Besides whatever changes are in the release notes, I think you'll be fine. I tried reasonably hard to make 2.6 -> 2.7 a seamless update; the only surprises could be the storeUpdate stuff which Henrik included near the end of the development cycle. That can be turned off to fall back to the Squid-2.6 behaviour. Adrian On Tue, Jun 10, 2008, Manoj_Rajkarnikar wrote: > Hi all. > > Any special point to note when upgrading from 2.6S19 to 2.7S2. I searched > for any clues but found none. just tying to confirm. our cache is serving > ~40% of our internet bandwidth and everything would go haywire if it goes > down during upgrade. > > Thanks > Manoj > -- -- - Xenion - http://www.xenion.com.au/ - VPS Hosting - Commercial Squid Support - - $25/pm entry-level VPSes w/ capped bandwidth charges available in WA -
[squid-users] upgrading from squid 2.6 to 2.7
Hi all. Any special point to note when upgrading from 2.6S19 to 2.7S2. I searched for any clues but found none. just tying to confirm. our cache is serving ~40% of our internet bandwidth and everything would go haywire if it goes down during upgrade. Thanks Manoj --
Re: [squid-users] How to add a banner to all (unauthenticated) pages?
On mån, 2008-06-09 at 20:06 +0200, Philip Kloppers wrote: > Hi all, > > I need to add a banner to unauthenticated groups informing them that > they are using a restricted public network, while still allowing them > to access the web, albeit at a slower speed via delay pools. So far, I > have managed to add the banner to the pages using the redirector, a > perl script and a php page that creates a frameset with the banner in > the top frame, and the desired content in the main frame. Problem is > that the request for the content in the main frame either gives an > access denied error, or returns a blank document, or creates a whole > page of repeating banners. How is Squid knowing when to redirect and when not? I suspect you created yurself a redirection loop, where the frame contents again gets redirected to the frame set. To use frames in this manner you need something which actively rewrites HTML and inserts javascript detecting if the page is run within a frameset and reloads via the frameset if not. A simple url rewriting proxty can not do the job as it is not visible at the HTTP level if the request came from within a frameset or standalone. Regards Henrik signature.asc Description: This is a digitally signed message part
Re: [squid-users] How to buffer a POST request
Amos Jeffries wrote: Hi, How could I configure squid to buffer whole POST-request before sending it to peer cache or originserver? > Why? IFAIK there is no config option for that. It's a code problem. Take it up Ok, I'll ask on developer list as well. The reason I'd like to have this possibility is that we have many little portable devices using very slow modem / GSM / GPRS -connection to other little embedded web server. The client devices send gathered data (quite large file versus the connection speed) to the server by POST request. The server handles quick requests quite well but as there are many concurrent slow requests coming the same time it seems to stall easily. I thought I could use squid accelerator in front of the web server gathering these slow POSTs and then sending them quickly as a whole to the web server and also buffer the response in a same way. GET requests are small and not a problem as squid buffers the response and, if needed, also caches them nicely. -Mikko
Re: [squid-users] Problem with Squid
> Hi guys, i have Ipcop+AdvProxy(Squid 2.6 STABLE20)+URL Filter install, > when > i try to open www.adobe.com with proxy ON the page takes to long to load > and > then stops loading when i put the proxy off the page loads ok, can some > one > tell me what is hapening? This only happens in this page all others I can > open ok, with proxy on. > So what is your system configured to do specially for adobe that its not doing for other sites? Amos
Re: [squid-users] How to buffer a POST request
> Hi, > > How could I configure squid to buffer whole POST-request before sending > it to peer cache or originserver? > > If I need to make changes to the sources, I'd like to know which > functions handle the buffering. Why? IFAIK there is no config option for that. It's a code problem. Take it up over in squid-dev mailing list. Amos
Re: [squid-users] YouTube and other streaming media (caching)
Cool! Could you drop this stuff into a bugzilla ticket so it doesn't get lost?
Thanks!
Adrian
On Mon, Jun 09, 2008, Horacio Herrera Gonzalez wrote:
> Hi Adrian, Ray and everyone...
>
> Here is a little contribution for the store_url_rewrite script, this
> part deals with youtube and google video (At least, it works for
> now)...
>
> NOTES:
>
> 1) This code is different because is based on the examples for the
> url_rewrite_program
> (http://wiki.squid-cache.org/SquidFaq/SquidRedirectors) and that way
> was easier for me.
>
> 2) Warning! This code may match other sites not related to YT or GV.
>
> 3) I used "squid://" at the begining of the rewrited string to avoid
> matching another rule, I know it's not standard and I'm still hoping
> It doesn't cause any problems... Dear developers, please forgive my
> insolence... :-)
>
>
> $|=1;
> while (<>) {
> @X = split;
> $url = $X[0];
> $url =~ [EMAIL PROTECTED]://(.*?)/get_video\?(.*)video_id=(.*?)&[EMAIL
> PROTECTED]://videos.youtube.INTERNAL/ID=$3@;
> $url =~ [EMAIL PROTECTED]://(.*?)/get_video\?(.*)video_id=(.*?)[EMAIL
> PROTECTED]://videos.youtube.INTERNAL/ID=$3@;
> $url =~ [EMAIL PROTECTED]://(.*?)/videodownload\?(.*)docid=(.*?)[EMAIL
> PROTECTED]://videos.google.INTERNAL/ID=$3@;
> $url =~ [EMAIL PROTECTED]://(.*?)/videodownload\?(.*)docid=(.*?)&[EMAIL
> PROTECTED]://videos.google.INTERNAL/ID=$3@;
> print "$url\n";
> }
>
>
> 4) This is the relevant part of my squid.conf:
>
> acl store_rewrite_list url_regex ^http://(.*?)/get_video\?
> acl store_rewrite_list url_regex ^http://(.*?)/videodownload\?
> cache allow store_rewrite_list
>
> # Had to uncomment this again, because I couln'd login to google mail
> using IE6 (firefox had no trouble):
> acl QUERY urlpath_regex cgi-bin \?
> cache deny QUERY
>
> refresh_pattern ^http://(.*?)/get_video\? 10080 90% 99
> override-expire ignore-no-cache ignore-private
> refresh_pattern ^http://(.*?)/videodownload\? 10080 90% 99
> override-expire ignore-no-cache ignore-private
>
> storeurl_access allow store_rewrite_list
> storeurl_access deny all
>
> storeurl_rewrite_program /usr/local/bin/store_url_rewrite
>
>
>
> Regards,
--
- Xenion - http://www.xenion.com.au/ - VPS Hosting - Commercial Squid Support -
- $25/pm entry-level VPSes w/ capped bandwidth charges available in WA -
Re: [squid-users] remotely disable squid filtering
> My company is in the early stages of running a SQUID proxy for internet Um, you mean a SQUID or a Squid? One is a proxy server the other an old packet protocol. Both do filtering in a manner of speaking. ;-) > filtering of public machines. Is there a method of remotely disabling the > filtering on specific machines? > > For example, if an adult customer (using our public machines) requests > that > we disable filtering, can we do that remotely or does it have to be done > locally at the machine he/she wants to use? You can configure the ACL in Squid to do almost anything you like. Usually it need to be done on the proxy. Though there are some remote administration tools out in the web somewhere (webmin squid re-config or Auth database controls). Amos
Re: [squid-users] How to add a banner to all (unauthenticated) pages?
> Hi all,
>
> I need to add a banner to unauthenticated groups informing them that they
> are using a restricted public network, while still allowing them to access
> the web, albeit at a slower speed via delay pools. So far, I have managed
> to add the banner to the pages using the redirector, a perl script and a
> php page that creates a frameset with the banner in the top frame, and the
> desired content in the main frame. Problem is that the request for the
> content in the main frame either gives an access denied error, or returns
> a blank document, or creates a whole page of repeating banners.
>
> Any thoughts?
1) your redirector is broken. It's testing for restricted.html instead of
restricted.php as its local-unique token.
2) your access permissions need to permit the host 'src' which runs your
PHP script access without redirection.
'url_rewrite_access'
Amos
> [squid.conf]
> ## redirector
> acl group_restricted src 192.168.0.109 # â redirecting only my
> workstation for testing purposes
> redirector_access allow group_restricted
> redirect_children 20
> redirect_rewrites_host_header off
> redirect_program /etc/squid/restricted-redirect.pl
redirect_* are obsolete. Use url_rewrite_* instead.
>
> [restricted-redirect.pl]
> BEGIN { $|=1 }
> if (m|restricted.html|) {
> } else {
> s|http://|http://192.168.0.100/restricted.php?url=http://|;
> }
>
> [restricted.php]
>
>
>
> Restricted connection
>
Re: [squid-users] multi original servers
> 2008/6/10 Ben Hollingsworth <[EMAIL PROTECTED]>: > >> >> In my testing, I found that the names had to be slightly different. For >> instance: >> >> cache_peer INTERNALIP1 parent 80 0 no-query originserver login=PASS >> name=INTERNALNAME1-peer sourcehash >> cache_peer INTERNALIP2 parent 80 0 no-query originserver login=PASS >> name=INTERNALNAME2-peer sourcehash >> >> cache_peer_access INTERNALNAME1-peer allow sites_INTERNALNAME >> cache_peer_access INTERNALNAME2-peer allow sites_INTERNALNAME >> > > Thanks all. > Under this setting, when one original server was down, can Squid > exclude it automatically? > yes, there is a small delay (about 10 requests) for it to detect the down-state then its excluded. It's checked at intervals to see if its up again at which point it resumes service. The cache_peer options include a set of monitor* bits to control the testing. Amos
Re: [squid-users] multi original servers
2008/6/10 Ben Hollingsworth <[EMAIL PROTECTED]>: > > In my testing, I found that the names had to be slightly different. For > instance: > > cache_peer INTERNALIP1 parent 80 0 no-query originserver login=PASS > name=INTERNALNAME1-peer sourcehash > cache_peer INTERNALIP2 parent 80 0 no-query originserver login=PASS > name=INTERNALNAME2-peer sourcehash > > cache_peer_access INTERNALNAME1-peer allow sites_INTERNALNAME > cache_peer_access INTERNALNAME2-peer allow sites_INTERNALNAME > Thanks all. Under this setting, when one original server was down, can Squid exclude it automatically?
Re: [squid-users] multi original servers
> Hello, > > Under squid's reverse proxy mode, if there are more than one original > server, how to config it? > > cache_peer InsideIP1 parent 80 0 no-query originserver name=Myserver > round-robin > cache_peer InsideIP2 parent 80 0 no-query originserver name=Myserver > round-robin > > Is the config above right? The two lines have the same values of > 'name=' , is it right? No. name= MUST be unique. The peers get grouped according to the algorithm they use 'round-robin' in your case. You can also make multiple 'groups' on any request criteria and use cache_peer_access to route requests around or prevent a peer handling certain ones. Amos
Re: [squid-users] Squid3 - reason to migrate
> Hello, > > Is there any reason to migrate to Squid3 (or head snapshot 3.1)? > Did anybody do compare functions/performance between 2.6 and 3.x version? > > I have high load (~400req/s) server with COSS filesystems and tproxy on > squid 2.6.18 (now tproxy doesn't work correctly, only transparent proxy). > Under 600req/sec there is no noticible difference in 2.6+/3.x. Tproxy 4 support may be a reason for you. But the COSS support in 3 is buggy with nobody actively testing it. Unless you are able to change FS or wanting to assist testing and debugging before you migrate, that may be a blocker problem. Amos
Re: [squid-users] Squid3 - reason to migrate
> > Dnia Pn Czerwca 9 2008, 16:50, Steve Bertrand napisa³(a): >> [EMAIL PROTECTED] wrote: >>> Hello, >>> >>> Is there any reason to migrate to Squid3 (or head snapshot 3.1)? >> >> IPv6 ;) > > It isn't reason for me;) IPv6 is far future in Europe imho (specially in > Poland ;) ) IPv6 is only as far away as you want it to be. All the popular OS now have v6 integrated tunnels (teredo and 6to4) with dual-stack capabilities. Home users are actively (if unknowing) using those for all services which provide , including P2P networks and media streaming. Slow Corporates are currently being left in the dust as tunnels grow across their networks without touching their control systems. It's a pity really since all an ISP, or a business really need is recent kernel, firewall, and IP management DB to start their transition. I've written Squid-3 in such a way that all you need to do for IPv6 www browsing or website acceleration, is have a tunnel endpoint on the squid box (with a squid v6-enabled build of course). I've been running it myself here as a v6 gateway since well before v6 was widely used in this country, we still don't have native v6 transit in NZ. Amos
Re: [squid-users] Squid3 - reason to migrate
On Mon, Jun 09, 2008, [EMAIL PROTECTED] wrote: > > Hm, "doesn't work correctly" ? > > Clients requests pass through via proxy with ip of proxy (It isn't correct > operating of tproxy patches for squid 2.6) Lodge a bug then! :) Adrian -- - Xenion - http://www.xenion.com.au/ - VPS Hosting - Commercial Squid Support - - $25/pm entry-level VPSes w/ capped bandwidth charges available in WA -
Re: [squid-users] remotely disable squid filtering
Curt Coleman wrote: My company is in the early stages of running a SQUID proxy for internet filtering of public machines. Is there a method of remotely disabling the filtering on specific machines? If Squid acls are what you are filtering with, then you'd simply adjust the acls, and reload the config... I would suggest some kind of web interface to do that though. TB ** This message is intended for the addressee named and may contain privileged information or confidential information or both. If you are not the intended recipient please delete it and notify the sender. **
[squid-users] How to buffer a POST request
Hi, How could I configure squid to buffer whole POST-request before sending it to peer cache or originserver? If I need to make changes to the sources, I'd like to know which functions handle the buffering. Thank you, -Mikko
[squid-users] Problem with Squid
Hi guys, i have Ipcop+AdvProxy(Squid 2.6 STABLE20)+URL Filter install, when i try to open www.adobe.com with proxy ON the page takes to long to load and then stops loading when i put the proxy off the page loads ok, can some one tell me what is hapening? This only happens in this page all others I can open ok, with proxy on.
[squid-users] remotely disable squid filtering
My company is in the early stages of running a SQUID proxy for internet filtering of public machines. Is there a method of remotely disabling the filtering on specific machines? For example, if an adult customer (using our public machines) requests that we disable filtering, can we do that remotely or does it have to be done locally at the machine he/she wants to use? Thanks in advance. CC
[squid-users] How to add a banner to all (unauthenticated) pages?
Hi all,
I need to add a banner to unauthenticated groups informing them that they are
using a restricted public network, while still allowing them to access the web,
albeit at a slower speed via delay pools. So far, I have managed to add the
banner to the pages using the redirector, a perl script and a php page that
creates a frameset with the banner in the top frame, and the desired content in
the main frame. Problem is that the request for the content in the main frame
either gives an access denied error, or returns a blank document, or creates a
whole page of repeating banners.
Any thoughts?
[squid.conf]
## redirector
acl group_restricted src 192.168.0.109 # ← redirecting only my workstation for
testing purposes
redirector_access allow group_restricted
redirect_children 20
redirect_rewrites_host_header off
redirect_program /etc/squid/restricted-redirect.pl
[restricted-redirect.pl]
BEGIN { $|=1 }
if (m|restricted.html|) {
} else {
s|http://|http://192.168.0.100/restricted.php?url=http://|;
}
[restricted.php]
Restricted connection
Re: [squid-users] Squid3 - reason to migrate
Dnia Pn Czerwca 9 2008, 16:59, Adrian Chadd napisał(a): > On Mon, Jun 09, 2008, [EMAIL PROTECTED] wrote: >> Hello, >> >> Is there any reason to migrate to Squid3 (or head snapshot 3.1)? >> Did anybody do compare functions/performance between 2.6 and 3.x >> version? >> >> I have high load (~400req/s) server with COSS filesystems and tproxy on >> squid 2.6.18 (now tproxy doesn't work correctly, only transparent >> proxy). > > Hm, "doesn't work correctly" ? Clients requests pass through via proxy with ip of proxy (It isn't correct operating of tproxy patches for squid 2.6) Regards, -- Tomasz
Re: [squid-users] Squid3 - reason to migrate
Dnia Pn Czerwca 9 2008, 16:50, Steve Bertrand napisał(a): > [EMAIL PROTECTED] wrote: >> Hello, >> >> Is there any reason to migrate to Squid3 (or head snapshot 3.1)? > > IPv6 ;) It isn't reason for me;) IPv6 is far future in Europe imho (specially in Poland ;) ) -- Tomasz
Re: [squid-users] YouTube and other streaming media (caching)
Hi Adrian, Ray and everyone...
Here is a little contribution for the store_url_rewrite script, this
part deals with youtube and google video (At least, it works for
now)...
NOTES:
1) This code is different because is based on the examples for the
url_rewrite_program
(http://wiki.squid-cache.org/SquidFaq/SquidRedirectors) and that way
was easier for me.
2) Warning! This code may match other sites not related to YT or GV.
3) I used "squid://" at the begining of the rewrited string to avoid
matching another rule, I know it's not standard and I'm still hoping
It doesn't cause any problems... Dear developers, please forgive my
insolence... :-)
$|=1;
while (<>) {
@X = split;
$url = $X[0];
$url =~ [EMAIL PROTECTED]://(.*?)/get_video\?(.*)video_id=(.*?)&[EMAIL
PROTECTED]://videos.youtube.INTERNAL/ID=$3@;
$url =~ [EMAIL PROTECTED]://(.*?)/get_video\?(.*)video_id=(.*?)[EMAIL
PROTECTED]://videos.youtube.INTERNAL/ID=$3@;
$url =~ [EMAIL PROTECTED]://(.*?)/videodownload\?(.*)docid=(.*?)[EMAIL
PROTECTED]://videos.google.INTERNAL/ID=$3@;
$url =~ [EMAIL PROTECTED]://(.*?)/videodownload\?(.*)docid=(.*?)&[EMAIL
PROTECTED]://videos.google.INTERNAL/ID=$3@;
print "$url\n";
}
4) This is the relevant part of my squid.conf:
acl store_rewrite_list url_regex ^http://(.*?)/get_video\?
acl store_rewrite_list url_regex ^http://(.*?)/videodownload\?
cache allow store_rewrite_list
# Had to uncomment this again, because I couln'd login to google mail
using IE6 (firefox had no trouble):
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY
refresh_pattern ^http://(.*?)/get_video\? 10080 90% 99
override-expire ignore-no-cache ignore-private
refresh_pattern ^http://(.*?)/videodownload\? 10080 90% 99
override-expire ignore-no-cache ignore-private
storeurl_access allow store_rewrite_list
storeurl_access deny all
storeurl_rewrite_program /usr/local/bin/store_url_rewrite
Regards,
Re: [squid-users] Re: squid_kerb_auth on mac os x
Markus, On Jun 7, 2008, at 2:55 PM, Markus Moeller wrote: Find below a small test program to create a token. Run a kinit as a user and then ./squid_kerb_auth_test proxy_fqdn. It creates a token like: Thank you for the little program, I will test my set up today to see if it is taking tokens correctly. I will also recompile squid_kerb_auth without -DHAVE_SPNEGO. Thank you very much for this, it will be very handy!! I now believe the issue has to do with squid configuration. I have not been able to get any indication that it is even trying kerberos - it is just using the basic auth method. I am going to strip down my squid config to the basics and see what I can get going on. Thank you for the help and effort you have put into this! -Alex
Re: [squid-users] multi original servers
Ken W. wrote: Under squid's reverse proxy mode, if there are more than one original server, how to config it? cache_peer InsideIP1 parent 80 0 no-query originserver name=Myserver round-robin cache_peer InsideIP2 parent 80 0 no-query originserver name=Myserver round-robin Is the config above right? The two lines have the same values of 'name=' , is it right? In my testing, I found that the names had to be slightly different. For instance: cache_peer INTERNALIP1 parent 80 0 no-query originserver login=PASS name=INTERNALNAME1-peer sourcehash cache_peer INTERNALIP2 parent 80 0 no-query originserver login=PASS name=INTERNALNAME2-peer sourcehash cache_peer_access INTERNALNAME1-peer allow sites_INTERNALNAME cache_peer_access INTERNALNAME2-peer allow sites_INTERNALNAME begin:vcard fn:Ben Hollingsworth n:Hollingsworth;Ben org:BryanLGH Health System;Information Technology adr:;;1600 S. 48th St.;Lincoln;NE;68506;USA email;internet:[EMAIL PROTECTED] title:Systems Programmer tel;work:402-481-8582 tel;fax:402-481-8354 tel;cell:402-432-5334 url:http://www.bryanlgh.org version:2.1 end:vcard
RE: [squid-users] How to not cache a site?
Hendrik, Yes. They are objects that I found were cached by Squid. However, it was not suppose to be cached. Regards, Jerome -Original Message- From: Henrik Nordstrom [mailto:[EMAIL PROTECTED] Sent: Friday, June 06, 2008 10:49 PM To: Jerome Yanga Cc: squid-users@squid-cache.org Subject: RE: [squid-users] How to not cache a site? On fre, 2008-06-06 at 15:48 -0700, Jerome Yanga wrote: > I believe some do but others don't. I just responded to Chris with the > http headers. The captured log is a mere mouse over of an icon in the > site. Yes, but is those headers from an object which you found was cached by Squid? Regards Henrik
Re: [squid-users] Re: RE : [squid-users] performances ... again
On mån, 2008-06-09 at 23:56 +1200, Amos Jeffries wrote: > Question for all users: >Is anyone actually _needing_ this to stay? Or can we indeed drop it? I always run with the dns_testnames test disabled (-D command line option). Regards Henrik
[squid-users] multi original servers
Hello, Under squid's reverse proxy mode, if there are more than one original server, how to config it? cache_peer InsideIP1 parent 80 0 no-query originserver name=Myserver round-robin cache_peer InsideIP2 parent 80 0 no-query originserver name=Myserver round-robin Is the config above right? The two lines have the same values of 'name=' , is it right? Thank you. --Ken
Re: [squid-users] Squid3 - reason to migrate
On Mon, Jun 09, 2008, [EMAIL PROTECTED] wrote: > Hello, > > Is there any reason to migrate to Squid3 (or head snapshot 3.1)? > Did anybody do compare functions/performance between 2.6 and 3.x version? > > I have high load (~400req/s) server with COSS filesystems and tproxy on > squid 2.6.18 (now tproxy doesn't work correctly, only transparent proxy). Hm, "doesn't work correctly" ? (I'm going to get TPROXY4 and FreeBSD's version of TPROXY sorted out in Cacheboy in early July.) Adrian -- - Xenion - http://www.xenion.com.au/ - VPS Hosting - Commercial Squid Support - - $25/pm entry-level VPSes w/ capped bandwidth charges available in WA -
Re: [squid-users] https pages
On mån, 2008-06-09 at 05:21 -0700, Michael Johnston wrote: > When I disabled the "friendly error messages" option in IE, the message was > the same: "Internet Explorer cannot display the webpage" > And in Netscape, I get an alert saying: "The document contains no data" > > > Anything in Squid access.log? > > > This is what shows up in the access log: > 1213013343.566 CLIENT.EXTERNAL.IP TCP_MISS/200 39 CONNECT > www.google.com:443 - DIRECT/72.14.205.104 - > 1213013984.055CLIENT.EXTERNAL.IP TCP_MISS/200 39 CONNECT > www.yahoo.com:443 - DIRECT/209.191.93.52 - Do your firewall allow the Squid server to go out on port 443? Regards Henrik
Re: [squid-users] Squid3 - reason to migrate
[EMAIL PROTECTED] wrote: Hello, Is there any reason to migrate to Squid3 (or head snapshot 3.1)? IPv6 ;) Steve
Re: [squid-users] Squid 3 Setup Question - IP range with different outcredential accounts
tessel wrote: Ok, need some help and hopefully someone can help :) I have squid 3 setup with two outcredential accounts. Each account tcp out is set to a different IP, lets say 1.1.1.1 for outcredential1 and 1.1.1.2 for outcredential 2. Now the problem is, they both use the same IP src from my computer, lets say my computer IP is 123.123.123.123 So both out accounts use the same IP for src but tcp out to a different IP. This appears to cause some conflict. When I connect, no matter what login/password I use (out1 or out2) squid will always default me to one out account and its respective IP. It appears that I have to have each out account src set to a different IP. Is there anyway around it? Basically I need squid to look at my login/password and then decide what tcp out IP to give me, not my incoming/connecting IP from my computer. Um, not quite sure I get what out mean by outcredential accounts and how that relates to IP addressing or network interfaces. But, to specify certain outbound IP use the tcp_outgoing_address options in squid.conf. They are selected based on ACL, so most any detail can be routed on. http://www.squid-cache.org/Versions/v3/3.0/cfgman/tcp_outgoing_address.html Amos -- Please use Squid 2.7.STABLE1 or 3.0.STABLE6
[squid-users] Squid3 - reason to migrate
Hello, Is there any reason to migrate to Squid3 (or head snapshot 3.1)? Did anybody do compare functions/performance between 2.6 and 3.x version? I have high load (~400req/s) server with COSS filesystems and tproxy on squid 2.6.18 (now tproxy doesn't work correctly, only transparent proxy). Regards, -- Tomasz
Re: [squid-users] Re: RE : [squid-users] performances ... again
Amos Jeffries disse na ultima mensagem: > Michel (M) wrote: >> Ionel GARDAIS disse na ultima mensagem: >>> Hi Dean, >>> >>> I had these directives : >>> > dns_testnames apple.com redhat.com internic.net nlanr.net > append_domain .beicip.fr >>> I commented out "append_domain" as this is not relevant to our >>> configuration now. >> >> >> both are kind of not important at all >> if you think they cause trouble set this >> >> dns_testnames localhost >> >> IMO this nasty var really should disappear from squid.conf, seems from >> the >> 90's when dns server still where dark stuff for most > > Question for all users: >Is anyone actually _needing_ this to stay? Or can we indeed drop it? > thank's for your vote here :) michel ... Tecnologia Internet Matik http://info.matik.com.br Sistemas Wireless para o Provedor Banda Larga Hospedagem e Email personalizado - e claro, no Brasil.
[squid-users] Squid 3 Setup Question - IP range with different outcredential accounts
Ok, need some help and hopefully someone can help :) I have squid 3 setup with two outcredential accounts. Each account tcp out is set to a different IP, lets say 1.1.1.1 for outcredential1 and 1.1.1.2 for outcredential 2. Now the problem is, they both use the same IP src from my computer, lets say my computer IP is 123.123.123.123 So both out accounts use the same IP for src but tcp out to a different IP. This appears to cause some conflict. When I connect, no matter what login/password I use (out1 or out2) squid will always default me to one out account and its respective IP. It appears that I have to have each out account src set to a different IP. Is there anyway around it? Basically I need squid to look at my login/password and then decide what tcp out IP to give me, not my incoming/connecting IP from my computer. -- View this message in context: http://www.nabble.com/Squid-3-Setup-Question---IP-range-with-different-outcredential-accounts-tp17733276p17733276.html Sent from the Squid - Users mailing list archive at Nabble.com.
Re: [squid-users] debug_options reference
Anton Melser wrote: 2008/6/6 Henrik Nordstrom <[EMAIL PROTECTED]>: On fre, 2008-06-06 at 18:56 +0200, Anton Melser wrote: Hi all, I feel like a complete fool but I just can't seem to use the squid docs... could someone point me to the list of sections? ALL,1 33,2 seems to be a common setting - but wtf is the doc that says what 33 is?!? doc/debug-sections.txt in the source distribution. Also printed at the top of each source file. The recommended default is ALL,1 unless you get told to increase some debugging by a developer looking into some problem for you. I can't seem to get a page to cache. If I just leave the default (all) it will cache, if I explicitly do an acl and do a cache deny !mylist Then some of the pages in my list will cache but not this one. It seems to get matched (I set ALL,3) but there is so much info I was getting lost. I was trying to help myself instead of continuing to bother you guys! "debug_options ALL,0 28,9" will run you through which ACL are being tested and which ones are matching/failing. Search the log output for an exact quote of the squid.conf line you want to check. "cache deny !mylist" etc. The ACL is definately not matching the file then. Do you mind saying what the ACL config line is exactly? and some details about this file? Amos -- Please use Squid 2.7.STABLE1 or 3.0.STABLE6
Re: [squid-users] how to cache certain files types... e.g. zip files
Mr Crack wrote: I have setup to cache up to 100 Mb size download with maximum_object_size I am using with transparent proxy somestimes it cache download but sometimes it does not cache... Very first line of the documentation for that directive says: "Objects larger than this size will NOT be saved on disk." Also, objects which CANNOT be cached will not be saved on disk. Is there any way to cache certain files types e.g. zip, iso, doc, pdf pls explain with example if u can All allowed to be cached are done so by default. If the owner specifically requested they not be cachable, Squid by default obeys that directive. Amos -- Please use Squid 2.7.STABLE1 or 3.0.STABLE6
Re: [squid-users] Re: RE : [squid-users] performances ... again
Michel (M) wrote: Ionel GARDAIS disse na ultima mensagem: Hi Dean, I had these directives : dns_testnames apple.com redhat.com internic.net nlanr.net append_domain .beicip.fr I commented out "append_domain" as this is not relevant to our configuration now. both are kind of not important at all if you think they cause trouble set this dns_testnames localhost IMO this nasty var really should disappear from squid.conf, seems from the 90's when dns server still where dark stuff for most Question for all users: Is anyone actually _needing_ this to stay? Or can we indeed drop it? append_domain does not matter because when you have internet access this should be solved by your dns so let it at default ( none ) Almost right. Standard DNS resolvers don't do non-FQDN resolving, but either of Squid's resolvers can handle that properly as long as the local network domin is registered either as 'domain' or 'search' directives in your /etc/resolv.conf (registry on windows). Amos -- Please use Squid 2.7.STABLE1 or 3.0.STABLE6
Re: [squid-users] cache help
Mario Almeida wrote: Hi all, Complied with follow options squid -v Squid Cache: Version 2.6.STABLE20 configure options: '--host=i686-redhat-linux-gnu' '--build=i686-redhat-linux-gnu' '--target=i386-redhat-linux' '--program-prefix=' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--includedir=/usr/include' '--libdir=/usr/lib' '--libexecdir=/usr/libexec' '--sharedstatedir=/usr/com' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--exec_prefix=/usr' '--bindir=/usr/sbin' '--libexecdir=/usr/lib/squid' '--localstatedir=/var' '--datadir=/usr/share' '--sysconfdir=/etc/squid' '--enable-epoll' '--enable-snmp' '--enable-removal-policies=heap,lru' '--enable-storeio=aufs,coss,diskd,null,ufs' '--enable-ssl' '--with-openssl=/usr/kerberos' '--enable-delay-pools' '--enable-linux-netfilter' '--with-pthreads' '--enable-ntlm-auth-helpers=SMB,fakeauth' '--enable-external-acl-helpers=ip_user,ldap_group,unix_group,wbinfo_group' '--enable-auth=basic,digest,ntlm,negotiate' '--enable-digest-auth-helpers=password' '--with-winbind-auth-challenge' '--enable-useragent-log' '--enable-referer-log' '--disable-dependency-tracking' '--enable-cachemgr-hostname=localhost' '--enable-underscores' '--enable-basic-auth-helpers=LDAP,MSNT,NCSA,PAM,SMB,YP,getpwnam,multi-domain -NTLM,SASL' '--enable-negotiate-auth-helpers=squid_kerb_auth' '--enable-cache-digests' '--enable-ident-lookups' '--with-large-files' '--enable-follow-x-forwarded-for' '--enable-wccpv2' '--enable-fd-config' '--with-maxfd=16384' '--enable-xmalloc-statistics' '--enable-carp' '--enable-kill-parent-hack' '--enable-arp-acl' 'build_alias=i686-redhat-linux-gnu' 'host_alias=i686-redhat-linux-gnu' 'target_alias=i386-redhat-linux' 'CFLAGS=-fPIE -Os -g -pipe -fsigned-char -O2 -g -march=i386 -mcpu=i686' 'LDFLAGS=-pie' My proxy is talking to a parent proxy. It is also acting as a caching server I need to confirm if caching is working properly because in the log file it says. TCP_MISS/200 TCP_MISS/503 TCP_MISS/000 My understanding is if caching is enabled I should get HITS instead of the above message HITS can take some time to develop as most systems show only 30% of traffic is cachable. Give it a few days, you should see the HITS starting to grow slowly. Amos -- Please use Squid 2.7.STABLE1 or 3.0.STABLE6
Re: [squid-users] Tproxy4
Armin ranjbar wrote: Hey all , what is status of Tproxy4 support in Squid3 ? Tproxy 4+ Support is fully integrated in 3-HEAD (3.1 alpha). Kernel patch may be required to take advantage of it though. 3 of 4 testers have had no problems (one being the Balabit developers). The 4th had issues which turned out to be with the kernel patches, hopefully resolved now. Amos -- Please use Squid 2.7.STABLE1 or 3.0.STABLE6
[squid-users] Tproxy4
Hey all , what is status of Tproxy4 support in Squid3 ? -- Armin ranjbar , System Administrator
Re: [squid-users] Re: RE : [squid-users] performances ... again
Ionel GARDAIS disse na ultima mensagem: > Hi Dean, > > I had these directives : > >> > dns_testnames apple.com redhat.com internic.net nlanr.net >> > append_domain .beicip.fr >> > > I commented out "append_domain" as this is not relevant to our > configuration now. both are kind of not important at all if you think they cause trouble set this dns_testnames localhost IMO this nasty var really should disappear from squid.conf, seems from the 90's when dns server still where dark stuff for most append_domain does not matter because when you have internet access this should be solved by your dns so let it at default ( none ) michel ... Tecnologia Internet Matik http://info.matik.com.br Sistemas Wireless para o Provedor Banda Larga Hospedagem e Email personalizado - e claro, no Brasil.
Re: [squid-users] debug_options reference
2008/6/6 Henrik Nordstrom <[EMAIL PROTECTED]>: > On fre, 2008-06-06 at 18:56 +0200, Anton Melser wrote: >> Hi all, >> I feel like a complete fool but I just can't seem to use the squid >> docs... could someone point me to the list of sections? ALL,1 33,2 >> seems to be a common setting - but wtf is the doc that says what 33 >> is?!? > > doc/debug-sections.txt in the source distribution. Also printed at the > top of each source file. > > The recommended default is ALL,1 unless you get told to increase some > debugging by a developer looking into some problem for you. I can't seem to get a page to cache. If I just leave the default (all) it will cache, if I explicitly do an acl and do a cache deny !mylist Then some of the pages in my list will cache but not this one. It seems to get matched (I set ALL,3) but there is so much info I was getting lost. I was trying to help myself instead of continuing to bother you guys! Cheers Anton -- echo '16i[q]sa[ln0=aln100%Pln100/snlbx]sbA0D4D465452snlbxq' | dc This will help you for 99.9% of your problems ...
