[squid-users] error:unsupported-request-method
1225701560.304 1 192.169.1.56 TCP_DENIED/400 1614 NONE error:unsupported-request-method - NONE/- text/html what is that mean ? squid 2x ( from UBUNTU packages ) -- -=-=-=-= http://amyhost.com Dollar naik ? Krisis ? Kami tetap mempertahankan harga jual domain Rp. 75.000 rupiah Pengin punya Layanan SMS PREMIUM ? Contact me ASAP. dapatkan Share revenue MAXIMAL tanpa syarat traffic...
RE: [squid-users] SquidNT TCP_DENIED
This is very common with squid, same in my logs, its more along the lines squid tries to fetch the page without using authentication, which is denied, than fetches the page with authentication and its correctly presented. You always see two denied and the connect, this is dummy traffic as nothing is fetched from the site. It's perfectly setup. Alex -Original Message- From: Chris Lee [mailto:[EMAIL PROTECTED] Sent: 03 November 2008 06:24 To: 'squid-users@squid-cache.org' Subject: [squid-users] SquidNT TCP_DENIED Hi, Form the access.log of my new SquidNT (version 2.7.STABLE4) box, I got some TCP_DENIED entry, before the users can access the website. 1225693114.517 10 10.1.10.147 TCP_DENIED/407 1721 CONNECT urs.microsoft. com:443 - NONE/- text/html 1225693114.547 30 10.1.10.147 TCP_DENIED/407 1933 CONNECT urs.microsoft. com:443 - NONE/- text/html 1225693114.577240 10.1.10.147 TCP_MISS/200 6346 CONNECT urs.microsoft.com:443 domain_nt\osec DIRECT/207.46.50.124 - Why the first 2 entry does not go the domain\user info? Did I misconfigure something? Regards, Chris Lee This message and its attachment (if any) are strictly confidential and sent to the designated recipient(s) only. If you are not the intended recipient, please notify the sender by e-mail and delete this message and its attachment (if any) from your computer system immediately . Century City International Holdings Limited, Paliburg Holdings Limited, Regal Hotels International Holdings Limited, its respective related subsidiaries, associated companies and affiliates do not guarantee this message and its attachment (if any) are free of computer virus and would not accept any liability whatsoever arising from Internet transmission.
[squid-users] WCCP load balancing and TPROXY fully transparent interception
Hi, I'm going to deploy multiple squid servers in a ISP for HTTP traffic caching. I'm now considering using WCCP for load balancing and TPROXY for fully transparent interception. Here is the problem. As far as I know, Cisco WCCP module does not maintain connection status, it just redirect packets based on their IP addresses and ports. I'm just wondering if it's possible that one squid server(squid A, for example) sends a outbound request, but the router redirects the corresponding inbound response to another squid(squid B)? Then that's totally messed.
Re: [squid-users] Ignoring query string from url
Not sure if url rewrite helper is slowing down process because via
cache manager interface it didn't show any connection back log. What
information I should look for in cache manager to find out the cause
of the slow serving of requests ?
Redirector Statistics:
program: /home/zdn/bin/redirect_parallel.pl
number running: 2 of 2
requests sent: 155697
replies received: 155692
queue length: 0
avg service time: 0 msec
# FD PID # Requests Flags TimeOffset Request
1 8 21149 104125
BW 0.033 38 http://s2.xyz.com/1821/78/570/1789/563/i88.js?z=4258
81.52.249.106/- - GET myip=10.0.0.165 myport=80\n
2 9 21150 51572 BW 0.039 0
http://s2.xyz.com/1813/2/570/1781/563/i7.js?z=8853
81.52.249.106/- - GET myip=10.0.0.165 myport=80\n
Following are my squid settings.
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1
acl to_localhost dst 127.0.0.0/255.0.0.0
acl localnet src 10.0.0.0/255.0.0.0
acl SSL_ports port 443
acl Safe_ports port 80 21 443 70 210 1025-65535 280 488 591 777
acl CONNECT method CONNECT
http_access Allow manager localhost
http_access Deny manager
http_access Deny !Safe_ports
http_access Deny CONNECT !SSL_ports
http_access Allow all
http_access Allow localnet
http_access Deny all
icp_access Allow localnet
icp_access Deny all
htcp_access Allow localnet
htcp_access Deny all
htcp_clr_access Deny all
ident_lookup_access Deny all
http_port 0.0.0.0:80 defaultsite=s1.xyz.com vhost
cache_peer 10.0.0.175 Parent 80 0 no-query round-robin originserver
cache_peer 10.0.0.177 Parent 80 0 no-query round-robin originserver
cache_peer 10.0.0.179 Parent 80 0 no-query round-robin originserver
cache_peer 10.0.0.181 Parent 80 0 no-query round-robin originserver
dead_peer_timeout 10 seconds
hierarchy_stoplist cgi-bin
hierarchy_stoplist ?
cache_mem 0 bytes
maximum_object_size_in_memory 1048576 bytes
memory_replacement_policy lru
cache_replacement_policy lru
cache_dir ufs /home/zdn/squid/var/cache 6000 16 256 IOEngine=Blocking
store_dir_select_algorithm least-load
max_open_disk_fds 0
minimum_object_size 0 bytes
maximum_object_size 4194304 bytes
cache_swap_low 90
cache_swap_high 95
logformat combined %a %ui %un [%[tl] %rm %ru HTTP/%v %Hs %st
%{Referer}h %{User-Agent}h %Ss:%Sh
access_log /home/zdn/squid/var/logs/access.log squid
cache_log /home/zdn/squid/var/logs/cache.log
cache_store_log /home/zdn/squid/var/logs/store.log
logfile_rotate 10
emulate_httpd_log off
log_ip_on_direct on
mime_table /home/zdn/squid/etc/mime.conf
log_mime_hdrs off
pid_filename /home/zdn/squid/var/logs/squid.pid
debug_options ALL,1
log_fqdn off
client_netmask 255.255.255.255
strip_query_terms off
buffered_logs off
url_rewrite_program /home/zdn/bin/redirect_parallel.pl
url_rewrite_children 2
url_rewrite_concurrency 2000
url_rewrite_host_header off
url_rewrite_bypass off
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern (cgi-bin|\?) 0 0% 0
refresh_pattern . 0 20% 4320
quick_abort_min 16 KB
quick_abort_max 16 KB
quick_abort_pct 95
read_ahead_gap 16384 bytes
negative_ttl 0 seconds
positive_dns_ttl 21600 seconds
negative_dns_ttl 60 seconds
range_offset_limit 0 bytes
minimum_expiry_time 60 seconds
store_avg_object_size 13 KB
store_objects_per_bucket 20
request_header_max_size 20480 bytes
reply_header_max_size 20480 bytes
request_body_max_size 0 bytes
via off
ie_refresh off
vary_ignore_expire off
request_entities off
relaxed_header_parser on
forward_timeout 240 seconds
connect_timeout 10 seconds
peer_connect_timeout 5 seconds
read_timeout 120 seconds
request_timeout 10 seconds
persistent_request_timeout 120 seconds
client_lifetime 86400 seconds
half_closed_clients off
pconn_timeout 60 seconds
ident_timeout 10 seconds
shutdown_lifetime 30 seconds
cache_mgr webmaster
mail_program mail
cache_effective_user zdn
httpd_suppress_version_string off
umask 23
announce_period 31536000 seconds
announce_host tracker.ircache.net
announce_port 3131
client_persistent_connections off
server_persistent_connections off
persistent_connection_after_error off
detect_broken_pconn off
snmp_port 0
snmp_access Deny all
snmp_incoming_address 0.0.0.0
snmp_outgoing_address 255.255.255.255
icp_port 3130
htcp_port 0
log_icp_queries on
udp_incoming_address 0.0.0.0
udp_outgoing_address 255.255.255.255
icp_hit_stale off
minimum_direct_hops 4
minimum_direct_rtt 400
netdb_low 900
netdb_high 1000
netdb_ping_period 300 seconds
query_icmp off
test_reachability off
icp_query_timeout 4000
maximum_icp_query_timeout 2000
minimum_icp_query_timeout 5
background_ping_rate 10 seconds
mcast_icp_query_timeout 2000
icon_directory /home/zdn/squid/share/icons
global_internal_static on
short_icon_urls on
error_directory /home/zdn/squid/share/errors/templates
err_html_text
email_err_data on
nonhierarchical_direct on
prefer_direct off
incoming_icp_average 6
incoming_http_average 4
incoming_dns_average 4
min_icp_poll_cnt 8
min_dns_poll_cnt 8
Re: [squid-users] How to run squid after reboot?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Try this: # update-rc.d squid defaults Sebastian Jaurena escreveu: Hi, Im having problems trying to get back to the life squid after reboot. We have ubuntu 6.06. Thanks. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFJDuGX4/f2ihDUoIkRAiEjAKCh580Q2b0B5RmJPhA0RYT6p8o2LwCdFO5y PGlwqkxQh05cMspyUAsnylc= =3x4R -END PGP SIGNATURE-
Re: [squid-users] squid is dying
On mån, 2008-11-03 at 11:26 +0545, Anuj Shrestha wrote: i m using squid in freebsd 7.0 below are the compile options, proxy01# squid -v Squid Cache: Version 3.0.STABLE9 below are the cache.log errors FATAL: Received Segment Violation...dying. You may want to try upgrading to 3.0.STABLE10. Or at a minimum file a bug report including a stack backtrace. http://wiki.squid-cache.org/SquidFaq/TroubleShooting#head-7067fc0034ce967e67911becaabb8c95a34d576d proxy01# tail -f /var/log/squid/cache.log 2008/11/03 17:14:17| clientParseRequestMethod: Unsupported method in request 'REGISTER sip:68.142.233.183:80;transport=tcp SIP/2.0__From: sip:[EMAIL PROTECTED]:80;ta' Hmm.. SIP requests sent to Squid? Why is that? SIP is not HTTP even if it borrows much of the syntax from HTTP. Regards Henrik signature.asc Description: This is a digitally signed message part
[squid-users] How to run squid after reboot?
Hi, Im having problems trying to get back to the life squid after reboot. We have ubuntu 6.06. Thanks.
[squid-users] NTLM Authentication working against Samba 3 PDC, except for random login prompts
I have Squid 2.7 authenticating against a Samba 3 PDC. All seems to work well and Squid defiantly is able to tell what username is browsing what site. My only problem is, every now and then, while browsing, it will work, then suddenly Firefox appearntly because of Squid, will ask for the username and password, then it all works well again, until the prompt randomly shows up again. Also, if you are browsing as a limited user, or just a proxy_auth user that has sites blocked, can you somehow temporarily login to Squid as another user, but then immediately when done, have it go back to the regular user. Almost like Window's RunAs function.
Re: [squid-users] MSNT authentication - login window
Forgot to 'reply to all'. My bad Resend... Dear Henrik, my first acl: acl users proxy_auth REQUIRED so theres that defaults - acl our_networks, manager, localhost etc acl tecnology proxy_auth [users in this group] acl directors proxy_auth [users in this group] . . . . . until: acl forbidden_sites url_regex -i /path/forbidden_sites.txt acl forbidden_webmail blablabla and then: http_access deny our_networks users forbidden_sites !directors (keep denying webmail etc) http_access allow our_networks users http_access deny all Henrik Nordstrom escreveu: On fre, 2008-10-31 at 08:43 -0200, Luciano Cassemiro wrote: Everything is OK but what bothers me is: the login window shows up when an user tries to connect to a forbidden site then he fill with his credentials BUT after OK button the login window appears again and again until the user click cancel. This happens is the last acl on the http_access deny line denying access is realted to authentication. Now I am a little confused as the http_access rules you posted did not have this.. is there other http_access deny lines in your squid.conf? Regards Henrik
Re: [squid-users] YouTube and other streaming media (caching)
Hi everybody,
regarding this issue:
http://wiki.squid-cache.org/WikiSandBox/Discussion/YoutubeCaching
I came up with a workaroud, it's a rewriter script in PHP (sorry I'm
not good at Perl, but maybe someone would be kind enough to later
share a transcoded version... jeje)
NOTE 1: Use this script for testing purposes only, It may not work as
expected... I've tested it only with very few URLs... If you can
improve it, please share.
NOTE 2: To use this script you need the PHP command line interface. In
Ubuntu yo can install it with this command:
sudo apt-get install php5-cli
NOTE 3: Make sure the log file is writable by the script.
And now the script:
#!/usr/bin/php -q
?php
#
# 2008-11-03 : v1.3 : Horacio H.
#
## Open log file ##
$log = fopen('/var/squid/logs/rewriter.log','a+');
## Main loop ##
while ( $X = fgets(STDIN) ) {
$X = trim($X);
$lin = split(' ', $X);
$url = $lin[0];
## This section is for rewriting store-URL of YT GG videos ##
if (
preg_match('@^http://[^/]+/(get_video|videodownload|videoplayback)\?@',$url)
) {
## Get reply headers ##
$rep = get_headers($url);
## If reply is a redirect, make its store-URL unique to avoid
matching the store-URL of a video ##
$rnd = ;
if ( preg_match('/ 30[123] /',$rep[0]) ) {
$rnd = REDIR= . rand(1,9);
}
$url =
preg_replace('@.*id=([^]*)?.*$@',http://videos.SQUIDINTERNAL/ID=$1$rnd,$url);
}
## Return rewrited URL ##
print $url . \n;
## Record what we did on log ##
fwrite($log,$url $rep[0]\n);
## May do some good, but I'm not sure ##
flush();
}
fclose($log);
?
## END OF SCRIPT ##
The trick here is knowing if the URL is a redirect (301, 302 or 303)
with the get_headers function. It would be nice if the Squid process
passed the HTTP status to the script, maybe as a key=value pair, but
I'm not even a programmer so that is way beyond my knowledge...
Regards,
Horacio H.
[squid-users] R: [squid-users] Connection to webmail sites problem using more than one parent proxy
Hi Amos! Thank you for your replying. I have changed squid version ( now is running the 2.7 stable5) and I have modified the parents peers in that way: parentproxy1.mydomain.it parent 3128 3130 sourcehash parentproxy2.mydomain.it parent 3128 3130 sourcehash parentproxy3.mydomain.it parent 3128 3130 sourcehash But I still have the same problem. I tried also in this way, but it didn't work as well : parentproxy1.mydomain.it parent 3128 3130 roundrobin sourcehash parentproxy2.mydomain.it parent 3128 3130 roundrobin sourcehash parentproxy3.mydomain.it parent 3128 3130 roundrobin sourcehash I'm wondering whether the configuration is correct, or not. Do you have some better tips about how to configuring it? Hope to have nice news from you! Thanks a lot for help! Sergio -Messaggio originale- Da: Amos Jeffries [mailto:[EMAIL PROTECTED] Inviato: sabato 1 novembre 2008 4.40 A: Sergio Cc: squid-users@squid-cache.org Oggetto: Re: [squid-users] Connection to webmail sites problem using more than one parent proxy Sergio wrote: Hello Everybody, We have this scenario: We have proxy connected to internet trough 3 parent proxy [client] | | [proxy] | | +-+---+ | | | [parentproxy1],[parentproxy2],[parentproxy3] We have trouble with some webmail sites ( eg. mail.tiscali.it) that don't keep the connection on the session. We have this problem when the proxy establishes the connection using all the proxy serves. If we use only a proxy server as parent the session is not missed. This the localproxy configuration for the cache peers: cache_peer parentproxy1.mydomain.it parent 3128 3130 cache_peer parentproxy2.mydomain.it parent 3128 3130 cache_peer parentproxy3.mydomain.it parent 3128 3130 we use squid 2.5 stable7 version for Windows. The parent proxies use squid 2.5 stable7 for windows as well and go out directly to Internet. How can we override this problem? Thank you in advance guys! Sergio Ps. We also contacted the Tiscali customer care, but they didn't give us any useful information! Forgot to mention in my earlier reply. If you upgrade to current squid the srchash peering algorithm is available to ensure that all requests from a given client IP go through a certain parent. This is hash balanced across all the active parents and handles parents proxies going up/down without breaking client access. Amos -- Please be using Current Stable Squid 2.7.STABLE5 or 3.0.STABLE10 Current Beta Squid 3.1.0.1 No virus found in this incoming message. Checked by AVG - http://www.avg.com Version: 8.0.175 / Virus Database: 270.8.5/1758 - Release Date: 31/10/2008 8.22
Re: [squid-users] SquidNT TCP_DENIED
Chris Lee wrote: Hi, Form the access.log of my new SquidNT (version 2.7.STABLE4) box, I got some TCP_DENIED entry, before the users can access the website. SquidNT no longer exists. If you fetched it from a website claiming to be SquidNT, please be aware there are now fraudulent distributions about and you should obtain an official copy of 'Squid' for windows. They are available through http://squid.acmeconsulting.it/ 1225693114.517 10 10.1.10.147 TCP_DENIED/407 1721 CONNECT urs.microsoft. com:443 - NONE/- text/html 1225693114.547 30 10.1.10.147 TCP_DENIED/407 1933 CONNECT urs.microsoft. com:443 - NONE/- text/html 1225693114.577240 10.1.10.147 TCP_MISS/200 6346 CONNECT urs.microsoft.com:443 domain_nt\osec DIRECT/207.46.50.124 - Why the first 2 entry does not go the domain\user info? Did I misconfigure something? The first two are sent to proxy without that info. The proxy denies them with 407 Authentication needed This is normal for NTLM handshakes during the auth procedure. Regards, Chris Lee Amos -- Please be using Current Stable Squid 2.7.STABLE5 or 3.0.STABLE10 Current Beta Squid 3.1.0.1
Re: [squid-users] error:unsupported-request-method
??? ??z?up??? ?z??? ??? wrote: 1225701560.304 1 192.169.1.56 TCP_DENIED/400 1614 NONE error:unsupported-request-method - NONE/- text/html what is that mean ? squid 2x ( from UBUNTU packages ) A program tried to use the proxy with a request that is either not HTTP or is part of the HTTP extensions your squid can't handle yet. see cache.log for info on which request method was tried. Amos -- Please be using Current Stable Squid 2.7.STABLE5 or 3.0.STABLE10 Current Beta Squid 3.1.0.1
Re: [squid-users] R: [squid-users] Connection to webmail sites problem using more than one parent proxy
Sergio wrote: Hi Amos! Thank you for your replying. I have changed squid version ( now is running the 2.7 stable5) and I have modified the parents peers in that way: parentproxy1.mydomain.it parent 3128 3130 sourcehash parentproxy2.mydomain.it parent 3128 3130 sourcehash parentproxy3.mydomain.it parent 3128 3130 sourcehash But I still have the same problem. I tried also in this way, but it didn't work as well : parentproxy1.mydomain.it parent 3128 3130 roundrobin sourcehash parentproxy2.mydomain.it parent 3128 3130 roundrobin sourcehash parentproxy3.mydomain.it parent 3128 3130 roundrobin sourcehash I'm wondering whether the configuration is correct, or not. Just the top config should have worked. It selects the parent based on client source IP. Something else must be going on. Do you have some better tips about how to configuring it? Hope to have nice news from you! Thanks a lot for help! Sergio -Messaggio originale- Da: Amos Jeffries [mailto:[EMAIL PROTECTED] Inviato: sabato 1 novembre 2008 4.40 A: Sergio Cc: squid-users@squid-cache.org Oggetto: Re: [squid-users] Connection to webmail sites problem using more than one parent proxy Sergio wrote: Hello Everybody, We have this scenario: We have proxy connected to internet trough 3 parent proxy [client] | | [proxy] | | +-+---+ | | | [parentproxy1],[parentproxy2],[parentproxy3] We have trouble with some webmail sites ( eg. mail.tiscali.it) that don't keep the connection on the session. We have this problem when the proxy establishes the connection using all the proxy serves. If we use only a proxy server as parent the session is not missed. This the localproxy configuration for the cache peers: cache_peer parentproxy1.mydomain.it parent 3128 3130 cache_peer parentproxy2.mydomain.it parent 3128 3130 cache_peer parentproxy3.mydomain.it parent 3128 3130 we use squid 2.5 stable7 version for Windows. The parent proxies use squid 2.5 stable7 for windows as well and go out directly to Internet. How can we override this problem? Thank you in advance guys! Sergio Ps. We also contacted the Tiscali customer care, but they didn't give us any useful information! Forgot to mention in my earlier reply. If you upgrade to current squid the srchash peering algorithm is available to ensure that all requests from a given client IP go through a certain parent. This is hash balanced across all the active parents and handles parents proxies going up/down without breaking client access. Amos -- Please be using Current Stable Squid 2.7.STABLE5 or 3.0.STABLE10 Current Beta Squid 3.1.0.1
Re: [squid-users] error:unsupported-request-method
On Tue, Nov 4, 2008 at 5:48 AM, Amos Jeffries [EMAIL PROTECTED] wrote: A program tried to use the proxy with a request that is either not HTTP or is part of the HTTP extensions your squid can't handle yet. see cache.log for info on which request method was tried. Amos -- Please be using Current Stable Squid 2.7.STABLE5 or 3.0.STABLE10 Current Beta Squid 3.1.0.1 2008/11/03 18:01:59| clientReadRequest: FD 22 (192.169.1.56:2008) Invalid Request 2008/11/03 18:02:29| parseHttpRequest: Unsupported method 'NICK' how to repair that error ? -- -=-=-=-= http://amyhost.com Dollar naik ? Krisis ? Kami tetap mempertahankan harga jual domain Rp. 75.000 rupiah Pengin punya Layanan SMS PREMIUM ? Contact me ASAP. dapatkan Share revenue MAXIMAL tanpa syarat traffic...
Re: [squid-users] error:unsupported-request-method
On Tue, Nov 4, 2008 at 5:48 AM, Amos Jeffries [EMAIL PROTECTED] wrote: A program tried to use the proxy with a request that is either not HTTP or is part of the HTTP extensions your squid can't handle yet. see cache.log for info on which request method was tried. Amos -- Please be using Current Stable Squid 2.7.STABLE5 or 3.0.STABLE10 Current Beta Squid 3.1.0.1 2008/11/03 18:01:59| clientReadRequest: FD 22 (192.169.1.56:2008) Invalid Request 2008/11/03 18:02:29| parseHttpRequest: Unsupported method 'NICK' how to repair that error ? Prevent SIP application sending SIP protocol through HTTP protocol channel. Amos
Re: [squid-users] Ignoring query string from url
Does these Redirector statistics mean url rewrite helper program is
slowing down squid response ? avg service time is 1550 msec.
Redirector Statistics:
program: /home/zdn/bin/redirect_parallel.pl
number running: 2 of 2
requests sent: 1069753
replies received: 1069752
queue length: 0
avg service time: 1550 msec
# FD PID # Requests Flags TimeOffset Request
1 10 18237 12645 B 0.002 38 (none)
2 15 18238 12335 2.144 0 (none)
Regards
Nitesh
On Mon, Nov 3, 2008 at 2:46 PM, nitesh naik [EMAIL PROTECTED] wrote:
Not sure if url rewrite helper is slowing down process because via
cache manager interface it didn't show any connection back log. What
information I should look for in cache manager to find out the cause
of the slow serving of requests ?
Redirector Statistics:
program: /home/zdn/bin/redirect_parallel.pl
number running: 2 of 2
requests sent: 155697
replies received: 155692
queue length: 0
avg service time: 0 msec
# FD PID # Requests Flags TimeOffset Request
1 8 21149 104125
BW 0.033 38 http://s2.xyz.com/1821/78/570/1789/563/i88.js?z=4258
81.52.249.106/- - GET myip=10.0.0.165 myport=80\n
2 9 21150 51572 BW 0.039 0
http://s2.xyz.com/1813/2/570/1781/563/i7.js?z=8853
81.52.249.106/- - GET myip=10.0.0.165 myport=80\n
Following are my squid settings.
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1
acl to_localhost dst 127.0.0.0/255.0.0.0
acl localnet src 10.0.0.0/255.0.0.0
acl SSL_ports port 443
acl Safe_ports port 80 21 443 70 210 1025-65535 280 488 591 777
acl CONNECT method CONNECT
http_access Allow manager localhost
http_access Deny manager
http_access Deny !Safe_ports
http_access Deny CONNECT !SSL_ports
http_access Allow all
http_access Allow localnet
http_access Deny all
icp_access Allow localnet
icp_access Deny all
htcp_access Allow localnet
htcp_access Deny all
htcp_clr_access Deny all
ident_lookup_access Deny all
http_port 0.0.0.0:80 defaultsite=s1.xyz.com vhost
cache_peer 10.0.0.175 Parent 80 0 no-query round-robin originserver
cache_peer 10.0.0.177 Parent 80 0 no-query round-robin originserver
cache_peer 10.0.0.179 Parent 80 0 no-query round-robin originserver
cache_peer 10.0.0.181 Parent 80 0 no-query round-robin originserver
dead_peer_timeout 10 seconds
hierarchy_stoplist cgi-bin
hierarchy_stoplist ?
cache_mem 0 bytes
maximum_object_size_in_memory 1048576 bytes
memory_replacement_policy lru
cache_replacement_policy lru
cache_dir ufs /home/zdn/squid/var/cache 6000 16 256 IOEngine=Blocking
store_dir_select_algorithm least-load
max_open_disk_fds 0
minimum_object_size 0 bytes
maximum_object_size 4194304 bytes
cache_swap_low 90
cache_swap_high 95
logformat combined %a %ui %un [%[tl] %rm %ru HTTP/%v %Hs %st
%{Referer}h %{User-Agent}h %Ss:%Sh
access_log /home/zdn/squid/var/logs/access.log squid
cache_log /home/zdn/squid/var/logs/cache.log
cache_store_log /home/zdn/squid/var/logs/store.log
logfile_rotate 10
emulate_httpd_log off
log_ip_on_direct on
mime_table /home/zdn/squid/etc/mime.conf
log_mime_hdrs off
pid_filename /home/zdn/squid/var/logs/squid.pid
debug_options ALL,1
log_fqdn off
client_netmask 255.255.255.255
strip_query_terms off
buffered_logs off
url_rewrite_program /home/zdn/bin/redirect_parallel.pl
url_rewrite_children 2
url_rewrite_concurrency 2000
url_rewrite_host_header off
url_rewrite_bypass off
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern (cgi-bin|\?) 0 0% 0
refresh_pattern . 0 20% 4320
quick_abort_min 16 KB
quick_abort_max 16 KB
quick_abort_pct 95
read_ahead_gap 16384 bytes
negative_ttl 0 seconds
positive_dns_ttl 21600 seconds
negative_dns_ttl 60 seconds
range_offset_limit 0 bytes
minimum_expiry_time 60 seconds
store_avg_object_size 13 KB
store_objects_per_bucket 20
request_header_max_size 20480 bytes
reply_header_max_size 20480 bytes
request_body_max_size 0 bytes
via off
ie_refresh off
vary_ignore_expire off
request_entities off
relaxed_header_parser on
forward_timeout 240 seconds
connect_timeout 10 seconds
peer_connect_timeout 5 seconds
read_timeout 120 seconds
request_timeout 10 seconds
persistent_request_timeout 120 seconds
client_lifetime 86400 seconds
half_closed_clients off
pconn_timeout 60 seconds
ident_timeout 10 seconds
shutdown_lifetime 30 seconds
cache_mgr webmaster
mail_program mail
cache_effective_user zdn
httpd_suppress_version_string off
umask 23
announce_period 31536000 seconds
announce_host tracker.ircache.net
announce_port 3131
client_persistent_connections off
server_persistent_connections off
persistent_connection_after_error off
detect_broken_pconn off
snmp_port 0
snmp_access Deny all
snmp_incoming_address 0.0.0.0
snmp_outgoing_address 255.255.255.255
icp_port 3130
htcp_port 0
[squid-users] getting Software caused connection abort in cache.log
hii, i m getting a lot of these error in cache.log. Is this normal or i have to make some change. thanks in advance. 2008/11/04 16:56:09| comm_old_accept: FD 14: (53) Software caused connection abort 2008/11/04 16:56:09| httpAccept: FD 14: accept failure: (53) Software caused connection abort regards, anuj shrestha
Re: [squid-users] Ignoring query string from url
Hi All,
Issues was with Disk I/O. I have used null cache dir and squid
response is much faster now.
cache_dir null /empty
Thanks everyone for your help.
Regards
Nitesh
On Tue, Nov 4, 2008 at 9:40 AM, nitesh naik [EMAIL PROTECTED] wrote:
Does these Redirector statistics mean url rewrite helper program is
slowing down squid response ? avg service time is 1550 msec.
Redirector Statistics:
program: /home/zdn/bin/redirect_parallel.pl
number running: 2 of 2
requests sent: 1069753
replies received: 1069752
queue length: 0
avg service time: 1550 msec
# FD PID # Requests Flags TimeOffset Request
1 10 18237 12645 B 0.002 38 (none)
2 15 18238 12335 2.144 0 (none)
Regards
Nitesh
On Mon, Nov 3, 2008 at 2:46 PM, nitesh naik [EMAIL PROTECTED] wrote:
Not sure if url rewrite helper is slowing down process because via
cache manager interface it didn't show any connection back log. What
information I should look for in cache manager to find out the cause
of the slow serving of requests ?
Redirector Statistics:
program: /home/zdn/bin/redirect_parallel.pl
number running: 2 of 2
requests sent: 155697
replies received: 155692
queue length: 0
avg service time: 0 msec
# FD PID # Requests Flags TimeOffset Request
1 8 21149 104125
BW 0.033 38 http://s2.xyz.com/1821/78/570/1789/563/i88.js?z=4258
81.52.249.106/- - GET myip=10.0.0.165 myport=80\n
2 9 21150 51572 BW 0.039 0
http://s2.xyz.com/1813/2/570/1781/563/i7.js?z=8853
81.52.249.106/- - GET myip=10.0.0.165 myport=80\n
Following are my squid settings.
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1
acl to_localhost dst 127.0.0.0/255.0.0.0
acl localnet src 10.0.0.0/255.0.0.0
acl SSL_ports port 443
acl Safe_ports port 80 21 443 70 210 1025-65535 280 488 591 777
acl CONNECT method CONNECT
http_access Allow manager localhost
http_access Deny manager
http_access Deny !Safe_ports
http_access Deny CONNECT !SSL_ports
http_access Allow all
http_access Allow localnet
http_access Deny all
icp_access Allow localnet
icp_access Deny all
htcp_access Allow localnet
htcp_access Deny all
htcp_clr_access Deny all
ident_lookup_access Deny all
http_port 0.0.0.0:80 defaultsite=s1.xyz.com vhost
cache_peer 10.0.0.175 Parent 80 0 no-query round-robin originserver
cache_peer 10.0.0.177 Parent 80 0 no-query round-robin originserver
cache_peer 10.0.0.179 Parent 80 0 no-query round-robin originserver
cache_peer 10.0.0.181 Parent 80 0 no-query round-robin originserver
dead_peer_timeout 10 seconds
hierarchy_stoplist cgi-bin
hierarchy_stoplist ?
cache_mem 0 bytes
maximum_object_size_in_memory 1048576 bytes
memory_replacement_policy lru
cache_replacement_policy lru
cache_dir ufs /home/zdn/squid/var/cache 6000 16 256 IOEngine=Blocking
store_dir_select_algorithm least-load
max_open_disk_fds 0
minimum_object_size 0 bytes
maximum_object_size 4194304 bytes
cache_swap_low 90
cache_swap_high 95
logformat combined %a %ui %un [%[tl] %rm %ru HTTP/%v %Hs %st
%{Referer}h %{User-Agent}h %Ss:%Sh
access_log /home/zdn/squid/var/logs/access.log squid
cache_log /home/zdn/squid/var/logs/cache.log
cache_store_log /home/zdn/squid/var/logs/store.log
logfile_rotate 10
emulate_httpd_log off
log_ip_on_direct on
mime_table /home/zdn/squid/etc/mime.conf
log_mime_hdrs off
pid_filename /home/zdn/squid/var/logs/squid.pid
debug_options ALL,1
log_fqdn off
client_netmask 255.255.255.255
strip_query_terms off
buffered_logs off
url_rewrite_program /home/zdn/bin/redirect_parallel.pl
url_rewrite_children 2
url_rewrite_concurrency 2000
url_rewrite_host_header off
url_rewrite_bypass off
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern (cgi-bin|\?) 0 0% 0
refresh_pattern . 0 20% 4320
quick_abort_min 16 KB
quick_abort_max 16 KB
quick_abort_pct 95
read_ahead_gap 16384 bytes
negative_ttl 0 seconds
positive_dns_ttl 21600 seconds
negative_dns_ttl 60 seconds
range_offset_limit 0 bytes
minimum_expiry_time 60 seconds
store_avg_object_size 13 KB
store_objects_per_bucket 20
request_header_max_size 20480 bytes
reply_header_max_size 20480 bytes
request_body_max_size 0 bytes
via off
ie_refresh off
vary_ignore_expire off
request_entities off
relaxed_header_parser on
forward_timeout 240 seconds
connect_timeout 10 seconds
peer_connect_timeout 5 seconds
read_timeout 120 seconds
request_timeout 10 seconds
persistent_request_timeout 120 seconds
client_lifetime 86400 seconds
half_closed_clients off
pconn_timeout 60 seconds
ident_timeout 10 seconds
shutdown_lifetime 30 seconds
cache_mgr webmaster
mail_program mail
cache_effective_user zdn
httpd_suppress_version_string off
umask 23
announce_period 31536000 seconds
announce_host tracker.ircache.net
announce_port 3131
[squid-users] origin server health detect
Hi, Is there way to stop forwarding requests to origin if monitoring url returns 404 in squid 3 ? Sometimes few nodes in our origin server cluster are unavailable and we would like to disable origin which is up but responding with 404 http status code. Also I would like to know if there is option to check origin server health in squid 3. Regards Nitesh
[squid-users] NTLM Auth and transparently access
Sorry,my English is so poor. I 'd like to configure Squid working with NTLM AUTH. Can the clinet which has already logged in Windows' domain access to the Internet transparently? Or Is the client be asked Usename and Password again?
Re: [squid-users] Timezone issue
If you want to display the local time in squid error pages, you should change or edit the squid error pages as you want. Please read : http://www.squid-cache.org/mail-archive/squid-users/199904/0133.html Or if you want to change the time zone in logformat refer : http://www.squid-cache.org/Versions/v2/2.7/cfgman/logformat.html. ( Check the link based on your squid version) Regards Visolve Rod Taylor wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 G'Day, My squid is running on a machine that is set to local time in both software and hardware. Squid shows GMT in all error messages and uses GMT in the ACLs. How do I set Squid to use local time not GMT. Squid is the only program to do this... Any thoughts would be appreciated... Regards, Rod. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFJD/OHm74Rpyrp+UYRAulcAKDIPRc4kuh8+HH9xxLB8y6piVX50wCg3DgY M2N2chElzX6omX9nS5U6CAY= =TiB4 -END PGP SIGNATURE-
[squid-users] Timezone issue
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 G'Day, My squid is running on a machine that is set to local time in both software and hardware. Squid shows GMT in all error messages and uses GMT in the ACLs. How do I set Squid to use local time not GMT. Squid is the only program to do this... Any thoughts would be appreciated... Regards, Rod. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFJD/OHm74Rpyrp+UYRAulcAKDIPRc4kuh8+HH9xxLB8y6piVX50wCg3DgY M2N2chElzX6omX9nS5U6CAY= =TiB4 -END PGP SIGNATURE-
