[squid-users] squid-3.0.STABLE8 PURGE problem
Hi all, I get squid-3.0.STABLE8 working well on centos 5.2 except trying to PURGE cached objects. The squid.conf is: [EMAIL PROTECTED] ~]# cat /usr/local/squid-3.0.STABLE8/etc/squid.conf | grep -v # | grep -v ^$ acl manager proto cache_object acl localhost src 127.0.0.1/32 acl PURGE method PURGE acl CONNECT method CONNECT http_access allow manager localhost http_access deny manager http_access deny CONNECT http_access allow localhost PURGE http_access deny PURGE http_access allow all http_port 10.20.15.115:80 vhost vport http_port 10.20.15.113:80 vhost vport cache_peer 127.0.0.1 parent 80 0 no-query originserver hierarchy_stoplist cgi-bin ? access_log /usr/local/squid-3.0.STABLE8/var/logs/access.log squid refresh_pattern -i \.txt$ 60 90% 1440 reload-into-ims refresh_pattern -i \.html$ 60 90% 1440 reload-into-ims refresh_pattern -i \.jpg$ 60 90% 1440 reload-into-ims refresh_pattern -i \.bmp$ 60 90% 1440 reload-into-ims negative_ttl 0 visible_hostname squid1.example.com coredump_dir /usr/local/squid-3.0.STABLE8/var/cache when I issue [EMAIL PROTECTED] ~]# /usr/local/squid-3.0.STABLE8/bin/squidclient -p80 -m PURGE http://www.example.com/01.jpg HTTP/1.1 501 Method Not Implemented Date: Fri, 05 Sep 2008 15:15:09 GMT Server: Apache/2.2.9 (Unix) Allow: GET,HEAD,POST,OPTIONS,TRACE Content-Length: 213 Connection: close Content-Type: text/html; charset=iso-8859-1 !DOCTYPE HTML PUBLIC -//IETF//DTD HTML 2.0//EN htmlhead title501 Method Not Implemented/title /headbody h1Method Not Implemented/h1 pPURGE to /01.jpg not supported.br / /p /body/html I compile the squid with [EMAIL PROTECTED] ~]# ./configure --prefix=/usr/local/squid-3.0.STABLE8 --with-large-files --with-filedescriptors=4096 --enable-snmp make all make install Can anyone help with the HTTP/1.1 501 Method Not Implemented ERROR? I remember that the configuration on squid-2.6.STABLE19 works fine. Thank you in advance. Yours, Xu Feng
[squid-users] RE: squid-3.0.STABLE8 PURGE problem
Hi all, I realized where my problem is and found a way out. Originally I put apache to listen on 127.0.0.1:80. So when I issue [EMAIL PROTECTED] ~]# /usr/local/squid-3.0.STABLE8/bin/squidclient -p80 -m PURGE http://www.example.com/01.jpg It is actually [EMAIL PROTECTED] ~]# /usr/local/squid-3.0.STABLE8/bin/squidclient -h127.0.0.1 -p80 -m PURGE http://www.example.com/01.jpg So it comes to apache and receives the error message from apache httpd. The modification to squid.conf is: acl localhost src 127.0.0.1/32 acl myself src 10.20.15.113/32 10.20.15.115/32 acl PURGE method PURGE http_access allow localhost PURGE http_access allow myself PURGE http_access deny PURGE http_access allow all and I issue [EMAIL PROTECTED] ~]# /usr/local/squid-3.0.STABLE8/bin/squidclient -h10.20.15.113 -p80 -m PURGE http://www.example.com/01.jpg HTTP/1.0 200 OK Server: squid/3.0.STABLE8 Mime-Version: 1.0 Date: Fri, 05 Sep 2008 15:55:01 GMT Content-Length: 0 X-Cache: MISS from squid1.example.com Via: 1.0 squid1.example.com (squid/3.0.STABLE8) Connection: close -Original Message- From: xufeng [mailto:[EMAIL PROTECTED] Sent: 2008年9月5日 15:45 To: 'squid-users@squid-cache.org' Subject: squid-3.0.STABLE8 PURGE problem Hi all, I get squid-3.0.STABLE8 working well on centos 5.2 except trying to PURGE cached objects. The squid.conf is: [EMAIL PROTECTED] ~]# cat /usr/local/squid-3.0.STABLE8/etc/squid.conf | grep -v # | grep -v ^$ acl manager proto cache_object acl localhost src 127.0.0.1/32 acl PURGE method PURGE acl CONNECT method CONNECT http_access allow manager localhost http_access deny manager http_access deny CONNECT http_access allow localhost PURGE http_access deny PURGE http_access allow all http_port 10.20.15.115:80 vhost vport http_port 10.20.15.113:80 vhost vport cache_peer 127.0.0.1 parent 80 0 no-query originserver hierarchy_stoplist cgi-bin ? access_log /usr/local/squid-3.0.STABLE8/var/logs/access.log squid refresh_pattern -i \.txt$ 60 90% 1440 reload-into-ims refresh_pattern -i \.html$ 60 90% 1440 reload-into-ims refresh_pattern -i \.jpg$ 60 90% 1440 reload-into-ims refresh_pattern -i \.bmp$ 60 90% 1440 reload-into-ims negative_ttl 0 visible_hostname squid1.example.com coredump_dir /usr/local/squid-3.0.STABLE8/var/cache when I issue [EMAIL PROTECTED] ~]# /usr/local/squid-3.0.STABLE8/bin/squidclient -p80 -m PURGE http://www.example.com/01.jpg HTTP/1.1 501 Method Not Implemented Date: Fri, 05 Sep 2008 15:15:09 GMT Server: Apache/2.2.9 (Unix) Allow: GET,HEAD,POST,OPTIONS,TRACE Content-Length: 213 Connection: close Content-Type: text/html; charset=iso-8859-1 !DOCTYPE HTML PUBLIC -//IETF//DTD HTML 2.0//EN htmlhead title501 Method Not Implemented/title /headbody h1Method Not Implemented/h1 pPURGE to /01.jpg not supported.br / /p /body/html I compile the squid with [EMAIL PROTECTED] ~]# ./configure --prefix=/usr/local/squid-3.0.STABLE8 --with-large-files --with-filedescriptors=4096 --enable-snmp make all make install Can anyone help with the HTTP/1.1 501 Method Not Implemented ERROR? I remember that the configuration on squid-2.6.STABLE19 works fine. Thank you in advance. Yours, Xu Feng
[squid-users] binary install of squid
Hello, my team would like to download a binary version for solaris of squid 3.0 . Does anybody know of such a download site/ url ?? Thank you in advance, Greetings, Jan Van Camp Belgium.
Re: [squid-users] binary install of squid
my team would like to download a binary version for solaris of squid 3.0 . Does anybody know of such a download site/ url ?? Maybe try this... http://cooltools.sunsource.net/coolstack/ JD
Re: [squid-users] compiling squid error on windows
Hi Amos, At 04.08 04/09/2008, Amos Jeffries wrote: Amos: there are some Windows informations missing from 3.0 release notes, you can find it in the 2.6 one. I'll fix that right now. You mean the whole section 4 (in 2.7) / section 6 (in 2.6)? Sorry for the delayed answer. You must take the whole 2.6 Windows release notes, 2.7 release notes are also incomplete. The 2.6 content is still true. Oh darn, already pulled the 2.7 ones in. Needs to do it twice now :-) At least I can make sure it in before stable9. Amos
Re: [squid-users] AUTH_ON_ACCELERATION in Squid 3
Hello Squid users; I've been using AUTH_ON_ACCELERATION to help control access to squid servers that cache data from a primary Apache server. This works great in 2.5, but I've been playing around with Squid 3, and was wondering how to do the same thing with it. I've basically used this setup to get it to function (without requiring authentication): http_port 1234 defaultsite=10.0.0.25 cache_peer 10.0.0.25 parent 80 0 no-query originserver Then I setup basic NCSA auth for testing: auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/testing auth_param basic children 5 auth_param basic realm Testing Squid Auth auth_param basic credentialsttl 2 hours But Squid just happily serves and caches data from 10.0.0.25 without requiring authentication. Is this possible anymore? Certainly. You just need acess controls that check the authentication. Squid later than 2.5 are capable of handling more than a single type of request stream (foward, reverse, transparent, intercepted). So squid can no longer assume authentication on all requests even if auth_* are setup. You want something like: acl something proxy_auth REQUIRED Also, is the official public domain name 10.0.0.25 ? the defaultsite= , should be the FQDN expected when clients are broken and don't send one. To reverse-proxy a website also the http_port needs 'accel' option. See the FAQ for details http://wiki.squid-cache.org/SquidFaq/ReverseProxy Amos
RE: [squid-users] binary install of squid
my team would like to download a binary version for solaris of squid 3.0 . Does anybody know of such a download site/ url ?? Maybe try this... http://cooltools.sunsource.net/coolstack/ JD Or http://www.sunfreeware.com/ or http://www.blastwave.org/ (where you also get pkg-get, a solaris clone of apt-get)
RE: [squid-users] binary install of squid
Txs , Adam, But these sites only have binaries for 2.6 versions of squid , Does anybody know of a site which contains a 3.0 squid binary for solaris ??? Greetings, Jan -Original Message- From: Adam Carter [mailto:[EMAIL PROTECTED] Sent: Friday, September 05, 2008 1:44 PM To: squid-users@squid-cache.org Subject: RE: [squid-users] binary install of squid my team would like to download a binary version for solaris of squid 3.0 . Does anybody know of such a download site/ url ?? Maybe try this... http://cooltools.sunsource.net/coolstack/ JD Or http://www.sunfreeware.com/ or http://www.blastwave.org/ (where you also get pkg-get, a solaris clone of apt-get)
[squid-users] Re: bad file caching
Chris Robertson wrote: Volodymyr Kostyrko Nothing odd there. Just to verify, is this the conf file from utwig.xim.biz? Yep. -- Sphinx of black quartz judge my vow.
Re: [squid-users] binary install of squid
But these sites only have binaries for 2.6 versions of squid , Does anybody know of a site which contains a 3.0 squid binary for solaris ??? It is in Cool Stack 1.3RC1 if you are feeling adventurous... JD
[squid-users] Interception caching problems
Thanks so much for the replies. I haven't had a chance to test whether the: iptables -t nat -A PREROUTING -i $LAN -p tcp --dport 80 -j ACCEPT will solve my interception problem yet. I worked on the server for a few days while it was down and have new and bigger problems now. Where's the nearest pile of sand :( I built BIND, since our DNS queries are one of the biggest problems. It's set up as a caching nameserver only. I started getting 111 connection refused errors from squid on most links. Watching the logs, I discovered that squid was following the timing of BIND's error of: timeout, disabling EDNS. I remember from some point in the past someone mentioning that BIND (latest) will do this if ipv6 is not configured, and someone else mentioning that building it with --disable-ipv6 was the answer. I have no ipv6 support in the kernel or any apps I've built. Are the EDNS errors from bind killing squid requests (about 2 seconds)? Is disabling ipv6 in the BIND build the solution? How do I enable about a 30 second timeout for all DNS requests? I have been all over the bind manual, but this stuff isn't in there (nudge, BIND writers). I know this is the squid list, but in this case they're joined at the hip. I am now isolated from the server for a few days, but will be expected to return with answers. Any help is MUCH appreciated. I will post my squid.conf, named.conf, and rc.iptables next time around if needed. If I don't return with things ready to go I'll be tarred, feathered, and thrown out into the desert to swelter and rot (only slightly exaggerating). Thanks, Jason
RE: [squid-users] binary install of squid
Hello, Txs for the info, I had a look but this 1.3RC1 package indeed has squid included but a version 2.6 , not a 3.0 version Greetz, Jan -Original Message- From: John Doe [mailto:[EMAIL PROTECTED] Sent: Friday, September 05, 2008 2:20 PM To: squid-users@squid-cache.org Subject: Re: [squid-users] binary install of squid But these sites only have binaries for 2.6 versions of squid , Does anybody know of a site which contains a 3.0 squid binary for solaris ??? It is in Cool Stack 1.3RC1 if you are feeling adventurous... JD
Re: [squid-users] binary install of squid
It is in Cool Stack 1.3RC1 if you are feeling adventurous... I had a look but this 1.3RC1 package indeed has squid included but a version 2.6 , not a 3.0 version Indeed. It is strange since in the 1.3RC1 release notes they say upgraded to 3.0: http://cooltools.sunsource.net/coolstack/ReleaseNotes1.3RC1.txt I guess they changed their minds; maybe due to the few 2.x features not yet in 3.x... JD
Re: [squid-users] Problems with Vista and Internet Explorer - NTLM Auth
Hi! Vista does not negotiate NLTMv2. Start - gpedit.msc (run as administrator) Computer configuration - Policies Windows Settings - Security Settings- Local Policies - Security Options Find Network Security: LAN MANAGER Authentication Level Set it to Send LM * NTLM - use NTLMv2 session security if negotiated The reason behind this is that squid uses NTLMv2 after a certain version (2.6 stable 12 if I'm not mistaken) but it is negotiated NTLMv2, rather than just straight NTLMv2 for some reason. Vista refuses to negotiate by default, accepting only NTLMv2 Hope this helps. Carlos Martínez-Troncoso Cera wrote: Hello Squid gurus. Our proxy service was working very good until the last week when we received reports about some students couldn’t use the wireless LAN. In our network, if you are using wired LAN you can use the proxy without password, if you use the wireless, Squid prompts for a user/password (NTLM). The problem occurs with Windows Vista and Explorer 7. If you tried to surf there is no prompt for user password and you received the page error Cache Use Denied, in the access.log shows TCP DENIED, if you try in the same computer with Firefox, works without problems. If you use Firefox with Vista or another operative system, or Explorer with XP, 2000, etc, everything is alright. The only problem is the mix, Windows Vista with Explorer 7. We were using Squid 2.6.17-1 with NTLM Auth (winbind, Samba 3.025b-1-14) in CentOS 5.2. Now we upgraded to Squid 3.0.7-1 (from Fedora´s src rpm) but the problem is the same. Before the problem we didn´t change anything. I just erased these lines from my squid.conf after the problem but the situation is the same: auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic -d=5 auth_param basic children 30 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hours Do you have any report about problems with Vista and Explorer (maybe a new patch)? I didn´t find anything in the forum or Google. What kind of test can I do? Now I am installing Windows Vista in a notebook for test (we don´t like that operative system but our students like it) when the endless setup finished I will look the packets with a sniffer, another idea? This is my SQUID.CONF (I erased some acls because the file is very long): http_port 172.17.3.10:8080 hierarchy_stoplist cgi-bin ? acl QUERY urlpath_regex cgi-bin \? no_cache deny QUERY cache_mem 64 MB cache_dir ufs /cache 6000 16 256 cache_access_log /var/log/squid/access.log cache_log /var/log/squid/cache.log cache_store_log none half_closed_clients off quick_abort_min 0 quick_abort_max 0 pipeline_prefetch off ftp_user [EMAIL PROTECTED] #WLAN Auth auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp auth_param ntlm children 30 refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern . 0 20% 4320 # ACCESS CONTROLS acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 563 2083 2443 8443 445 3144 4050 acl Safe_ports port 80 81 21 443 563 70 210 1025-65535 acl puerto_bloqueado port 1863 #Messenger bloqueado 16Feb2005 acl CONNECT method CONNECT #No guarde en cache sitios dinamicos acl QUERY urlpath_regex cgi-bin \? no_cache deny QUERY # Deny requests to unknown ports http_access deny puerto_bloqueado http_access deny !Safe_ports # Deny CONNECT to other than SSL ports http_access deny CONNECT !SSL_ports http_access allow PURGE localhost http_access deny PURGE #Sitios prohibidos acl prohibido dstdomain /etc/squid/sitios-prohibidos http_access allow carlos prohibido http_access deny prohibido #Autenticacion para WLAN acl wlan src /etc/squid/ips-wlan acl password proxy_auth REQUIRED http_access allow wlan password #Bloquear acceso de vlans estudiantes acl permitidos src /etc/squid/permitidos http_access allow permitidos http_access allow localhost http_access deny all http_reply_access allow all icp_access deny all cache_mgr [EMAIL PROTECTED] cache_effective_user squid cache_effective_group squid visible_hostname cipres logfile_rotate 365 Thanks in advance. Sorry for my bad English. -- Ing. Carlos Martínez-Troncoso Cera Administrador de Servicios Internet y Correo Institucional Universidad del Norte - www.uninorte.edu.co Tel: 57 5 3509367 Barranquilla, Colombia -- View this message in context: http://www.nabble.com/Problems-with-Vista-and-Internet-Explorer---NTLM-Auth-tp18716930p19333454.html Sent from the Squid - Users mailing list archive at Nabble.com.
[squid-users] Resolving non-FQDN names
I am running squid2.5.STABLE10. When a client specifies a non-FQDN name (foo, instead of foo.goo.com), squid fails to resolve the name. The machine squid is running on is configured to use DNS servers that can resolve that name. I can do nslookups on foo on the squid host machine w/o failures. Is there some config that controls this? Thanks! -- jrj
Re: [squid-users] Resolving non-FQDN names
I think I found it: httpd_accel_with_proxy on -- jrj On Sep 5, 2008, at 9:33 AM, Jeff Jenkins wrote: I am running squid2.5.STABLE10. When a client specifies a non-FQDN name (foo, instead of foo.goo.com), squid fails to resolve the name. The machine squid is running on is configured to use DNS servers that can resolve that name. I can do nslookups on foo on the squid host machine w/o failures. Is there some config that controls this? Thanks! -- jrj
[squid-users] FTP over HTTP problem
Hi all, I´m doing some ftp connections using IE7 or Firefox that cannot view folders when the user use Squid proxy. whet I try ftp://user:[EMAIL PROTECTED] I got CWD user user: Access is denied. The log messages only show me a 401 http auth error: [05/Sep/2008:16:25:00 -0300] GET ftp://192.55.140.6/ HTTP/1.1 401 1804 TCP_MISS:DIRECT Without proxy using ftp by command line and connecting direct to the internet, everything is OK anyone can help me to fix that ? browser configuration, squid options and etc ... thank you in advance Alexandre Novos endereços, o Yahoo! que você conhece. Crie um email novo com a sua cara @ymail.com ou @rocketmail.com. http://br.new.mail.yahoo.com/addresses
[squid-users] Webmail/round robin dns problem
We're having a problem with an external webmail site that uses round robin dns: webmail.domain.com Server: 10.51.#.# Address:10.51.#.##53 Non-authoritative answer: Name: webmail.domain.com Address: 12.145.#.5 Name: webmail.domain.com Address: 166.73.#.139 Name: webmail.domain.com Address: 12.145.#.56 Bringing up the original webmail site works fine, but a user's session gets bounced between The different webmail servers during authentication. Thu Sep 4 13:50:53 2008 280 10.52.15.128 TCP_MISS/302 228 GET http://webmail.domain.com/ username DIRECT/12.145.#.56- Thu Sep 4 13:51:39 2008 45424 10.52.15.128 TCP_MISS/200 281989 CONNECT webmail.domain.com:443 username DIRECT/12.145.#.56 - Thu Sep 4 13:51:39 2008 44735 10.52.15.128 TCP_MISS/200 302531 CONNECT webmail.domain.com:443 username DIRECT/12.145.#.56 - Thu Sep 4 13:51:39 2008 44739 10.52.15.128 TCP_MISS/200 180145 CONNECT webmail.domain.com:443 username DIRECT/166.73.#.139 - Thu Sep 4 13:51:39 2008 44739 10.52.15.128 TCP_MISS/200 175494 CONNECT webmail.domain.com:443 username DIRECT/12.145.#.5 - Is this a Squid DNS caching problem? Is it a problem with the webmail site not maintaining a session between the proxy server and the mail server? Is there a way to have the Squid proxy use a consistent IP address for a URL instad of a new DNS lookup? We're running squid-3.0.STABLE6. Thanks, Mark Krawec[EMAIL PROTECTED]
[squid-users] coss stripe overflows
OPS SUCCESSFAIL open60806396080639 0 create16484211648421 0 close77290607729060 0 unlink20107982010798 0 read 120302526076688 0 write33901673390167 0 s_write 9362 9362 0 stripes: 2 dead_stripes: 0 alloc.alloc: 1648421 alloc.realloc:824045 alloc.memalloc: 5252643 alloc.collisions: 0 disk_overflows: 0 stripe_overflows: 9362 open_mem_hits:3951 open_mem_misses: 6076688 Everything appears to seem good. Here are my coss parameters max-size=16384 block-size=2048 max-stripe-waste=16384 membufs=500 Based on this data, do my values appear to be good. Anyone have any recommendations on adjusting anything. Are the stripe overflows a bad thing? They stripe overflow increments 3-5 every 5 seconds. Thank you in advance.
[squid-users] about cache Vary
Hello, If realserver sends a gziped response with a Vary header, does squid cache two objects for the same url? one for gziped, another for non-gziped. Thanks.
[squid-users] increasing threads for coss
Typically with using aufs we can increase the threads using --enable-async-io=thread count If I am using coss as my storage scheme, does increasing the thread count above also apply to COSS, or only AUFS. Also, if this is not the correct way to increase the thread count for coss, what is the correct way to do this for squid-2.7? Thank you.
Re: [squid-users] about cache Vary
As long as the non-gzip'ed response also has a vary header, and different etags are returned, yes. Adrian 2008/9/6 Jeff Peng [EMAIL PROTECTED]: Hello, If realserver sends a gziped response with a Vary header, does squid cache two objects for the same url? one for gziped, another for non-gziped. Thanks.
Re: [squid-users] increasing threads for coss
the thread count should apply for all async-ops thread users. Adrian 2008/9/6 Ramon Moreno [EMAIL PROTECTED]: Typically with using aufs we can increase the threads using --enable-async-io=thread count If I am using coss as my storage scheme, does increasing the thread count above also apply to COSS, or only AUFS. Also, if this is not the correct way to increase the thread count for coss, what is the correct way to do this for squid-2.7? Thank you.