Re: [squid-users] How to limit user access
can you re post ? i have search on my inbox :( i dont find it :( On Mon, Dec 15, 2008 at 2:49 PM, Nyamul Hassan mnhas...@usa.net wrote: You'll have to use delay pools. I've sent a post a few days back on limiting special sites like RapidShare, where users can download upto a certain size after which the download is limited. Regards HASSAN - Original Message - From: ░▒▓ ɹɐzǝupɐɥʞ ɐzɹıɯ ▓▒░ mirz...@gmail.com To: andre wang andre.e...@gmail.com Cc: squid-users@squid-cache.org Sent: Monday, December 15, 2008 13:29 Subject: Re: [squid-users] How to limit user access hmmm that is blocking i have already use that i mean to limit access not killing access sorry my mistake if you got understanding :( On Mon, Dec 15, 2008 at 2:15 PM, andre wang andre.e...@gmail.com wrote: Maybe something like these: acl YOUTUBE referer_regex -i youtube.com acl CNN referer_regex -i cnn.com acl MYALLOW src 192.168.1.1/32 192.168.1.2/32 http_access allow YOUTUBE MYALLOW http_access deny YOUTUBE http_access allow CNN MYALLOW http_access deny CNN On Mon, Dec 15, 2008 at 2:40 PM, ░▒▓ ɹɐzǝupɐɥʞ ɐzɹıɯ ▓▒░ mirz...@gmail.com wrote: sorry im newbie :( can you give me the sample ? On Mon, Dec 15, 2008 at 1:35 PM, andre wang andre.e...@gmail.com wrote: Tow ACLs : referer_regex and src may help you get it. On Mon, Dec 15, 2008 at 2:08 PM, ░▒▓ ɹɐzǝupɐɥʞ ɐzɹıɯ ▓▒░ mirz...@gmail.com wrote: hello how to limit some website based on url and/or ext ? i mean e.g. i only want to limit access from youtube.com and cnn.com only for user 192.168.1.1 and 192.168.1.2 but not limit for other user but not other website have any idea ? if using delaypoll can you put complete syntax for delaypolls ? since i have a little bit difficulty to learn delaypoll maybe can be use other command except delaypoll ? -- -- -=-=-=-= http://amyhost.com ( webhosting dengan budget terbatas ) Hot News !!! : Pengin punya Layanan SMS PREMIUM ? Contact me ASAP. dapatkan Share revenue MAXIMAL tanpa syarat traffic... -- -=-=-=-= http://amyhost.com ( webhosting dengan budget terbatas ) Hot News !!! : Pengin punya Layanan SMS PREMIUM ? Contact me ASAP. dapatkan Share revenue MAXIMAL tanpa syarat traffic... -- -=-=-=-= http://amyhost.com ( webhosting dengan budget terbatas ) Hot News !!! : Pengin punya Layanan SMS PREMIUM ? Contact me ASAP. dapatkan Share revenue MAXIMAL tanpa syarat traffic...
Re: [squid-users] How to limit user access
░▒▓ ɹɐzǝupɐɥʞ ɐzɹıɯ ▓▒░ escreveu: can you re post ? i have search on my inbox :( i dont find it :( newbie tip: learn how to use mailing lists archives when looking for older messages !!! http://www.squid-cache.org/mail-archive/squid-users/ http://marc.info/?l=squid-usersr=1w=2 (this one is easily searchable) -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertru...@solutti.com.br My SPAMTRAP, do not email it
RE: [squid-users] winbind directories permissions issue
... Amos I made some cut from our previous posts to avoid any confusion. Sorry I haven't had much to do with winbind than we have already tried. you are the first I've seen where these fixes have not worked. Can you get a full ls -la trace of the directory content and permissions at a time where it's working, and one where its not? Also a list of the squid user name and the groups names it belongs to. $ egrep 'squid|winbin' /etc/passwd /etc/group /etc/passwd:squid:x:1560:1560:SQUID user:/home/SQUID:/bin/ksh /etc/group:squidg::1560: /etc/group:winbind:::squid Below what happended on one of my machine .. sbepskdd. some minutes before the bug occured .. $ ls -nai /var/lib/samba total 121612 162445 drwxr-x--- 5 0 512 Dec 15 04:14 . 330886 drwxr-xr-x 5 00512 Nov 17 19:39 .. 162448 -rw-r- 1 08192 Dec 15 04:14 gencache.tdb 162450 -rw-r- 1 0 696 Nov 17 19:39 idmap_cache.tdb 168469 drwxr-x--- 4 0 512 Nov 17 19:39 locks 162451 -rw-r- 1 08192 Dec 14 22:06 messages.tdb 162454 -rw-r- 1 0 62144512 Dec 15 08:41 netsamlogon_cache.tdb 54155 drwxr-x--- 2 0 512 Dec 15 04:14 smb_krb5 162453 -rw--- 1 00 57344 Nov 25 06:49 winbindd_cache.tdb 451222 drwxr-x--- 2 0 512 Nov 25 06:47 winbindd_privileged $ ls -nai /var/lib/samba/winbindd_privileged total 4 451222 drwxr-x--- 2 0 512 Nov 25 06:47 . 162445 drwxr-x--- 5 0 512 Dec 15 04:14 .. 451223 srwxrwxrwx 1 00 0 Nov 25 06:47 pipe when SQUID is still running but the bug is happening .. $ ls -nai /var/lib/samba total 122140 162445 drwxr-x--- 5 0 512 Dec 15 04:14 . 330886 drwxr-xr-x 5 00512 Nov 17 19:39 .. 162448 -rw-r- 1 08192 Dec 15 04:14 gencache.tdb 162450 -rw-r- 1 0 696 Nov 17 19:39 idmap_cache.tdb 168469 drwxr-x--- 4 0 512 Nov 17 19:39 locks 162451 -rw-r- 1 08192 Dec 14 22:06 messages.tdb 162454 -rw-r- 1 0 62414848 Dec 15 10:04 netsamlogon_cache.tdb 54155 drwxr-x--- 2 0 512 Dec 15 04:14 smb_krb5 162453 -rw--- 1 00 57344 Nov 25 06:49 winbindd_cache.tdb 451222 drwxr-x--- 2 0 512 Nov 25 06:47 winbindd_privileged $ ls -nai /var/lib/samba/winbindd_privileged total 4 451222 drwxr-x--- 2 0 512 Nov 25 06:47 . 162445 drwxr-x--- 5 0 512 Dec 15 04:14 .. 451223 srwxrwxrwx 1 00 0 Nov 25 06:47 pipe just after restart of SQUID process .. $ ls -nai /var/lib/samba total 122140 162445 drwxr-x--- 5 0 512 Dec 15 04:14 . 330886 drwxr-xr-x 5 00512 Nov 17 19:39 .. 162448 -rw-r- 1 08192 Dec 15 04:14 gencache.tdb 162450 -rw-r- 1 0 696 Nov 17 19:39 idmap_cache.tdb 168469 drwxr-x--- 4 0 512 Nov 17 19:39 locks 162451 -rw-r- 1 08192 Dec 14 22:06 messages.tdb 162454 -rw-r- 1 0 62414848 Dec 15 10:04 netsamlogon_cache.tdb 54155 drwxr-x--- 2 0 512 Dec 15 04:14 smb_krb5 162453 -rw--- 1 00 57344 Nov 25 06:49 winbindd_cache.tdb 451222 drwxr-x--- 2 0 512 Nov 25 06:47 winbindd_privileged $ ls -nai /var/lib/samba/winbindd_privileged total 4 451222 drwxr-x--- 2 0 512 Nov 25 06:47 . 162445 drwxr-x--- 5 0 512 Dec 15 04:14 .. 451223 srwxrwxrwx 1 00 0 Nov 25 06:47 pipe Now another notice, I made a change last tuesday on another SQUID server and this seems working almost one week .. $ ls -nai /var/lib/samba total 78156 342924 drwxr-xr-x 5 0 512 Dec 15 04:22 . 66177 drwxr-xr-x 5 00512 Nov 18 01:34 .. 342930 -rw-r--r-- 1 08192 Dec 15 04:22 gencache.tdb 342932 -rw-r--r-- 1 0 696 Nov 18 01:34 idmap_cache.tdb 354946 drwxr-xr-x 4 0 512 Nov 18 01:34 locks 342933 -rw-r--r-- 1 08192 Dec 13 22:06 messages.tdb 342936 -rw-r--r-- 1 0 39903232 Dec 15 10:20 netsamlogon_cache.tdb 222599 drwxr-xr-x 2 0 512 Dec 15 04:22 smb_krb5 342934 -rw--- 1 00 57344 Dec 9 10:44 winbindd_cache.tdb 138380 drwxr-x--- 2 0 512 Dec 9 10:39 winbindd_privileged $ ls -nai /var/lib/samba/winbindd_privileged total 4 138380 drwxr-x--- 2 0
[squid-users] TR: [Bulk] Re: TR: certificate verification with sha256 and squid
Hello, I am looking for a solution to a certificate checking failure from Squid to filter access to a web server. Here is what I got from the Openssl mailing list. Possibly it is calling SSL_library_init() which doesn't add a complete set of digests. OpenSSL_add_all_algorithms() should be called as well. I looked into the Squid 3 RC11 and didn't find any occurrences of SSL_library_init. Would someone know how Openssl is called and loaded ? Thanks Raphael -Message d'origine- De : owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] De la part de Dr. Stephen Henson Envoyé : vendredi 12 décembre 2008 16:39 À : openssl-us...@openssl.org Objet : [Bulk] Re: TR: certificate verification with sha256 and squid On Fri, Dec 12, 2008, Raphael wrote: Hi all, I am setting up a CA and a reverse proxy https with Squid filtering access to the backend web site. I compiled from source Openssl 0.9.8i on the CA and Squid 2.7 (or 3) servers. I manage to verify the sha256 protected certificate on both computers using : openssl verify -CAFile /root/CA/cacert.pem -verbose /root/72571934AA.pem /root/72571934AA.pem: OK However when Squid checks client certificate it gives an error in log files : SSL unknown certificate error 7 in /C=FR/O=/OU=Users/CN=72571934AA clientNegotiateSSL: Error negotiating SSL connection on FD 11:error : 0D0C50A1:asn1 encoding routines:ASN1_item_verify:unknown mesage digest algorithm (1/-1) So I think Squid doesn't understand the sha256 message digest so it cannot verify the certificate ? Possibly it is calling SSL_library_init() which doesn't add a complete set of digests. OpenSSL_add_all_algorithms() should be called as well. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-us...@openssl.org Automated List Manager majord...@openssl.org
Re: [squid-users] Invalid Requests in access.log
w...@msdrd.com wrote: Amos, How can I fix it? How do I add the use extension_methods option? May not need fixing. http://www.squid-cache.org/Doc/config/extension_methods/ Original Message Subject: Re: [squid-users] Invalid Requests in access.log From: Amos Jeffries squ...@treenet.co.nz Date: Sun, December 14, 2008 11:50 pm To: w...@msdrd.com Cc: squid-users@squid-cache.org w...@msdrd.com wrote: Hello. I was looking in my access.log file, again, and found other wierd stuff, again, the log is full of stuff like these: 2008/12/14 22:40:25| clientProcessRequest: Invalid Request 2008/12/14 22:40:32| clientParseRequestMethod: Unsupported method in request 'NICK [M|CRI|XP|10117] ' 2008/12/14 22:40:32| clientProcessRequest: Invalid Request 2008/12/14 22:40:39| clientParseRequestMethod: Unsupported method in request 'NICK [M|CRI|XP|02519] ' 2008/12/14 22:40:39| clientProcessRequest: Invalid Request 2008/12/14 22:40:46| clientParseRequestMethod: Unsupported method in request 'NICK [M|CRI|XP|86755] ' 2008/12/14 22:40:46| clientProcessRequest: Invalid Request 2008/12/14 22:40:54| clientParseRequestMethod: Unsupported method in request 'NICK [M|CRI|XP|43887] ' 2008/12/14 22:40:54| clientProcessRequest: Invalid Request 2008/12/14 22:41:01| clientParseRequestMethod: Unsupported method in request 'NICK [M|CRI|XP|34635] ' 2008/12/14 22:41:01| clientProcessRequest: Invalid Request 2008/12/14 22:41:08| clientParseRequestMethod: Unsupported method in request 'NICK [M|CRI|XP|84846] ' 2008/12/14 22:41:08| clientProcessRequest: Invalid Request 2008/12/14 22:41:15| clientParseRequestMethod: Unsupported method in request 'NICK [M|CRI|XP|13599] ' 2008/12/14 22:41:15| clientProcessRequest: Invalid Request 2008/12/14 22:41:22| clientParseRequestMethod: Unsupported method in request 'NICK [M|CRI|XP|60428] ' 2008/12/14 22:41:22| clientProcessRequest: Invalid Request 2008/12/14 22:41:29| clientParseRequestMethod: Unsupported method in request 'NICK [M|CRI|XP|99030] ' 2008/12/14 22:41:29| clientProcessRequest: Invalid Request 2008/12/14 22:41:36| clientParseRequestMethod: Unsupported method in request 'NICK [M|CRI|XP|02937] ' 2008/12/14 22:41:36| clientProcessRequest: Invalid Request 2008/12/14 22:41:43| clientParseRequestMethod: Unsupported method in request 'NICK [M|CRI|XP|50998] ' 2008/12/14 22:41:43| clientProcessRequest: Invalid Request What is all that? Is someone trying to hack the system or what? Someone is trying to use SIP or similar software through your proxy. A transparently intercepting proxy may expect to see that nowdays as more non-HTTP software are using the only unblocked port available. If you don't use interception, then the client may be broken or your squid may need to use extension_methods for them. Amos -- Please be using Current Stable Squid 2.7.STABLE5 or 3.0.STABLE10 Current Beta Squid 3.1.0.3 or 3.0.STABLE11-RC1
RE: [squid-users] Invalid Requests in access.log
Amos, How can I fix it? How do I add the use extension_methods option? Original Message Subject: Re: [squid-users] Invalid Requests in access.log From: Amos Jeffries squ...@treenet.co.nz Date: Sun, December 14, 2008 11:50 pm To: w...@msdrd.com Cc: squid-users@squid-cache.org w...@msdrd.com wrote: Hello. I was looking in my access.log file, again, and found other wierd stuff, again, the log is full of stuff like these: 2008/12/14 22:40:25| clientProcessRequest: Invalid Request 2008/12/14 22:40:32| clientParseRequestMethod: Unsupported method in request 'NICK [M|CRI|XP|10117] ' 2008/12/14 22:40:32| clientProcessRequest: Invalid Request 2008/12/14 22:40:39| clientParseRequestMethod: Unsupported method in request 'NICK [M|CRI|XP|02519] ' 2008/12/14 22:40:39| clientProcessRequest: Invalid Request 2008/12/14 22:40:46| clientParseRequestMethod: Unsupported method in request 'NICK [M|CRI|XP|86755] ' 2008/12/14 22:40:46| clientProcessRequest: Invalid Request 2008/12/14 22:40:54| clientParseRequestMethod: Unsupported method in request 'NICK [M|CRI|XP|43887] ' 2008/12/14 22:40:54| clientProcessRequest: Invalid Request 2008/12/14 22:41:01| clientParseRequestMethod: Unsupported method in request 'NICK [M|CRI|XP|34635] ' 2008/12/14 22:41:01| clientProcessRequest: Invalid Request 2008/12/14 22:41:08| clientParseRequestMethod: Unsupported method in request 'NICK [M|CRI|XP|84846] ' 2008/12/14 22:41:08| clientProcessRequest: Invalid Request 2008/12/14 22:41:15| clientParseRequestMethod: Unsupported method in request 'NICK [M|CRI|XP|13599] ' 2008/12/14 22:41:15| clientProcessRequest: Invalid Request 2008/12/14 22:41:22| clientParseRequestMethod: Unsupported method in request 'NICK [M|CRI|XP|60428] ' 2008/12/14 22:41:22| clientProcessRequest: Invalid Request 2008/12/14 22:41:29| clientParseRequestMethod: Unsupported method in request 'NICK [M|CRI|XP|99030] ' 2008/12/14 22:41:29| clientProcessRequest: Invalid Request 2008/12/14 22:41:36| clientParseRequestMethod: Unsupported method in request 'NICK [M|CRI|XP|02937] ' 2008/12/14 22:41:36| clientProcessRequest: Invalid Request 2008/12/14 22:41:43| clientParseRequestMethod: Unsupported method in request 'NICK [M|CRI|XP|50998] ' 2008/12/14 22:41:43| clientProcessRequest: Invalid Request What is all that? Is someone trying to hack the system or what? Someone is trying to use SIP or similar software through your proxy. A transparently intercepting proxy may expect to see that nowdays as more non-HTTP software are using the only unblocked port available. If you don't use interception, then the client may be broken or your squid may need to use extension_methods for them. Amos -- Please be using Current Stable Squid 2.7.STABLE5 or 3.0.STABLE10 Current Beta Squid 3.1.0.3 or 3.0.STABLE11-RC1
Re: [squid-users] squid
vivian tannous wrote: hello thank you for reply i have tried to apply this patch but i have more problems so can you give me a suitable version of linux and tproxy and iptables What tproxy version and Squid version are you trying to use? On Mon, Dec 15, 2008 at 11:48 AM, Matus UHLAR - fantomas uh...@fantomas.sk wrote: On 15.12.08 11:31, vivian tannous wrote: the origin server accept request from ip address of squid , i want the origin server accept request from real ip address of client please help me to solve this problem or if you have any idea about this case you need tproxy support and linux, however it requires that the routers know about that and redirect returned data to go to squid even if they have clients' IPs in headers. Wouldn't X-Forwarded-For header be enough? Amos -- Please be using Current Stable Squid 2.7.STABLE5 or 3.0.STABLE10 Current Beta Squid 3.1.0.3 or 3.0.STABLE11-RC1
Re: [squid-users] sarg segment fault must clean squid access.log to solved it
The information requested is needed for anyone looking into the problem. Regards Henrik On Mon, 2008-12-15 at 08:17 +0700, ░▒▓ ɹɐzǝupɐɥʞ ɐzɹıɯ ▓▒░ wrote: @hendrik : to bad i dont know about C Programming :( @all any solution : ? On Sun, Dec 14, 2008 at 5:54 AM, Henrik Nordstrom hen...@henriknordstrom.net wrote: On Fri, 2008-12-12 at 17:55 +0700, ░▒▓ ɹɐzǝupɐɥʞ ɐzɹıɯ ▓▒░ wrote: SARG: Reading access log file: /var/log/squid/access.log Segmentation fault Should be easy to fix if you know a little C programming. Or even if you don't collect information on the crash and post them hoping that someone else picks up the task.. gdb /path/to/sarg run -x [wait for crash] backtrace - some ppl maybe use sarg and have this problem too Quite likely. - ( maybe ) this problem can be prevent from squid.conf ? Possible, but better to fix sarg I think. Regards Henrik
Re: [squid-users] squid
hello thank you for reply i have tried to apply this patch but i have more problems so can you give me a suitable version of linux and tproxy and iptables On Mon, Dec 15, 2008 at 11:48 AM, Matus UHLAR - fantomas uh...@fantomas.sk wrote: On 15.12.08 11:31, vivian tannous wrote: the origin server accept request from ip address of squid , i want the origin server accept request from real ip address of client please help me to solve this problem or if you have any idea about this case you need tproxy support and linux, however it requires that the routers know about that and redirect returned data to go to squid even if they have clients' IPs in headers. Wouldn't X-Forwarded-For header be enough? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Windows 2000: 640 MB ought to be enough for anybody
Re: [squid-users] squid
On 15.12.08 11:31, vivian tannous wrote: the origin server accept request from ip address of squid , i want the origin server accept request from real ip address of client please help me to solve this problem or if you have any idea about this case you need tproxy support and linux, however it requires that the routers know about that and redirect returned data to go to squid even if they have clients' IPs in headers. Wouldn't X-Forwarded-For header be enough? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Windows 2000: 640 MB ought to be enough for anybody
Re: [squid-users] TR: [Bulk] Re: TR: certificate verification with sha256 and squid
NP: This is a developer question. diverting the converation to squid-dev mailing list. Raphael wrote: Hello, I am looking for a solution to a certificate checking failure from Squid to filter access to a web server. Here is what I got from the Openssl mailing list. Possibly it is calling SSL_library_init() which doesn't add a complete set of digests. OpenSSL_add_all_algorithms() should be called as well. I looked into the Squid 3 RC11 and didn't find any occurrences of SSL_library_init. Would someone know how Openssl is called and loaded ? The code should be in src/ssl_support.* function: ssl_initialize(void) The init code is pretty much: SSL_load_error_strings(); SSLeay_add_ssl_algorithms(); and also in functions sslCreateServerContext and sslCreateClientContext Thanks Raphael -Message d'origine- De : owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] De la part de Dr. Stephen Henson Envoyé : vendredi 12 décembre 2008 16:39 À : openssl-us...@openssl.org Objet : [Bulk] Re: TR: certificate verification with sha256 and squid On Fri, Dec 12, 2008, Raphael wrote: Hi all, I am setting up a CA and a reverse proxy https with Squid filtering access to the backend web site. I compiled from source Openssl 0.9.8i on the CA and Squid 2.7 (or 3) servers. I manage to verify the sha256 protected certificate on both computers using : openssl verify -CAFile /root/CA/cacert.pem -verbose /root/72571934AA.pem /root/72571934AA.pem: OK However when Squid checks client certificate it gives an error in log files : SSL unknown certificate error 7 in /C=FR/O=/OU=Users/CN=72571934AA clientNegotiateSSL: Error negotiating SSL connection on FD 11:error : 0D0C50A1:asn1 encoding routines:ASN1_item_verify:unknown mesage digest algorithm (1/-1) So I think Squid doesn't understand the sha256 message digest so it cannot verify the certificate ? Possibly it is calling SSL_library_init() which doesn't add a complete set of digests. OpenSSL_add_all_algorithms() should be called as well. Steve. Amos -- Please be using Current Stable Squid 2.7.STABLE5 or 3.0.STABLE10 Current Beta Squid 3.1.0.3 or 3.0.STABLE11-RC1
RE: [squid-users] winbind directories permissions issue
... Amos I made some cut from our previous posts to avoid any confusion. Sorry I haven't had much to do with winbind than we have already tried. you are the first I've seen where these fixes have not worked. Can you get a full ls -la trace of the directory content and permissions at a time where it's working, and one where its not? Also a list of the squid user name and the groups names it belongs to. $ egrep 'squid|winbin' /etc/passwd /etc/group /etc/passwd:squid:x:1560:1560:SQUID user:/home/SQUID:/bin/ksh /etc/group:squidg::1560: /etc/group:winbind:::squid Below what happended on one of my machine .. sbepskdd. some minutes before the bug occured .. $ ls -nai /var/lib/samba total 121612 162445 drwxr-x--- 5 0 512 Dec 15 04:14 . 330886 drwxr-xr-x 5 00512 Nov 17 19:39 .. 162448 -rw-r- 1 08192 Dec 15 04:14 gencache.tdb 162450 -rw-r- 1 0 696 Nov 17 19:39 idmap_cache.tdb 168469 drwxr-x--- 4 0 512 Nov 17 19:39 locks 162451 -rw-r- 1 08192 Dec 14 22:06 messages.tdb 162454 -rw-r- 1 0 62144512 Dec 15 08:41 netsamlogon_cache.tdb 54155 drwxr-x--- 2 0 512 Dec 15 04:14 smb_krb5 162453 -rw--- 1 00 57344 Nov 25 06:49 winbindd_cache.tdb 451222 drwxr-x--- 2 0 512 Nov 25 06:47 winbindd_privileged $ ls -nai /var/lib/samba/winbindd_privileged total 4 451222 drwxr-x--- 2 0 512 Nov 25 06:47 . 162445 drwxr-x--- 5 0 512 Dec 15 04:14 .. 451223 srwxrwxrwx 1 00 0 Nov 25 06:47 pipe when SQUID is still running but the bug is happening .. $ ls -nai /var/lib/samba total 122140 162445 drwxr-x--- 5 0 512 Dec 15 04:14 . 330886 drwxr-xr-x 5 00512 Nov 17 19:39 .. 162448 -rw-r- 1 08192 Dec 15 04:14 gencache.tdb 162450 -rw-r- 1 0 696 Nov 17 19:39 idmap_cache.tdb 168469 drwxr-x--- 4 0 512 Nov 17 19:39 locks 162451 -rw-r- 1 08192 Dec 14 22:06 messages.tdb 162454 -rw-r- 1 0 62414848 Dec 15 10:04 netsamlogon_cache.tdb 54155 drwxr-x--- 2 0 512 Dec 15 04:14 smb_krb5 162453 -rw--- 1 00 57344 Nov 25 06:49 winbindd_cache.tdb 451222 drwxr-x--- 2 0 512 Nov 25 06:47 winbindd_privileged $ ls -nai /var/lib/samba/winbindd_privileged total 4 451222 drwxr-x--- 2 0 512 Nov 25 06:47 . 162445 drwxr-x--- 5 0 512 Dec 15 04:14 .. 451223 srwxrwxrwx 1 00 0 Nov 25 06:47 pipe just after restart of SQUID process .. $ ls -nai /var/lib/samba total 122140 162445 drwxr-x--- 5 0 512 Dec 15 04:14 . 330886 drwxr-xr-x 5 00512 Nov 17 19:39 .. 162448 -rw-r- 1 08192 Dec 15 04:14 gencache.tdb 162450 -rw-r- 1 0 696 Nov 17 19:39 idmap_cache.tdb 168469 drwxr-x--- 4 0 512 Nov 17 19:39 locks 162451 -rw-r- 1 08192 Dec 14 22:06 messages.tdb 162454 -rw-r- 1 0 62414848 Dec 15 10:04 netsamlogon_cache.tdb 54155 drwxr-x--- 2 0 512 Dec 15 04:14 smb_krb5 162453 -rw--- 1 00 57344 Nov 25 06:49 winbindd_cache.tdb 451222 drwxr-x--- 2 0 512 Nov 25 06:47 winbindd_privileged $ ls -nai /var/lib/samba/winbindd_privileged total 4 451222 drwxr-x--- 2 0 512 Nov 25 06:47 . 162445 drwxr-x--- 5 0 512 Dec 15 04:14 .. 451223 srwxrwxrwx 1 00 0 Nov 25 06:47 pipe Now another notice, I made a change last tuesday on another SQUID server and this seems working almost one week .. $ ls -nai /var/lib/samba total 78156 342924 drwxr-xr-x 5 0 512 Dec 15 04:22 . 66177 drwxr-xr-x 5 00512 Nov 18 01:34 .. 342930 -rw-r--r-- 1 08192 Dec 15 04:22 gencache.tdb 342932 -rw-r--r-- 1 0 696 Nov 18 01:34 idmap_cache.tdb 354946 drwxr-xr-x 4 0 512 Nov 18 01:34 locks 342933 -rw-r--r-- 1 08192 Dec 13 22:06 messages.tdb 342936 -rw-r--r-- 1 0 39903232 Dec 15 10:20 netsamlogon_cache.tdb 222599 drwxr-xr-x 2 0 512 Dec 15 04:22 smb_krb5 342934 -rw--- 1 00 57344 Dec 9 10:44 winbindd_cache.tdb 138380 drwxr-x--- 2 0 512 Dec 9
[squid-users] squid
hello the origin server accept request from ip address of squid , i want the origin server accept request from real ip address of client please help me to solve this problem or if you have any idea about this case thank you
Re: [squid-users] winbind directories permissions issue
vincent.blon...@ing.be wrote: ... Amos I made some cut from our previous posts to avoid any confusion. Sorry I haven't had much to do with winbind than we have already tried. you are the first I've seen where these fixes have not worked. Can you get a full ls -la trace of the directory content and permissions at a time where it's working, and one where its not? Also a list of the squid user name and the groups names it belongs to. $ egrep 'squid|winbin' /etc/passwd /etc/group /etc/passwd:squid:x:1560:1560:SQUID user:/home/SQUID:/bin/ksh /etc/group:squidg::1560: /etc/group:winbind:::squid Below what happended on one of my machine .. sbepskdd. some minutes before the bug occured .. $ ls -nai /var/lib/samba total 121612 162445 drwxr-x--- 5 0 512 Dec 15 04:14 . 330886 drwxr-xr-x 5 00512 Nov 17 19:39 .. 162448 -rw-r- 1 08192 Dec 15 04:14 gencache.tdb 162450 -rw-r- 1 0 696 Nov 17 19:39 idmap_cache.tdb 168469 drwxr-x--- 4 0 512 Nov 17 19:39 locks 162451 -rw-r- 1 08192 Dec 14 22:06 messages.tdb 162454 -rw-r- 1 0 62144512 Dec 15 08:41 netsamlogon_cache.tdb 54155 drwxr-x--- 2 0 512 Dec 15 04:14 smb_krb5 162453 -rw--- 1 00 57344 Nov 25 06:49 winbindd_cache.tdb 451222 drwxr-x--- 2 0 512 Nov 25 06:47 winbindd_privileged $ ls -nai /var/lib/samba/winbindd_privileged total 4 451222 drwxr-x--- 2 0 512 Nov 25 06:47 . 162445 drwxr-x--- 5 0 512 Dec 15 04:14 .. 451223 srwxrwxrwx 1 00 0 Nov 25 06:47 pipe when SQUID is still running but the bug is happening .. $ ls -nai /var/lib/samba total 122140 162445 drwxr-x--- 5 0 512 Dec 15 04:14 . 330886 drwxr-xr-x 5 00512 Nov 17 19:39 .. 162448 -rw-r- 1 08192 Dec 15 04:14 gencache.tdb 162450 -rw-r- 1 0 696 Nov 17 19:39 idmap_cache.tdb 168469 drwxr-x--- 4 0 512 Nov 17 19:39 locks 162451 -rw-r- 1 08192 Dec 14 22:06 messages.tdb 162454 -rw-r- 1 0 62414848 Dec 15 10:04 netsamlogon_cache.tdb 54155 drwxr-x--- 2 0 512 Dec 15 04:14 smb_krb5 162453 -rw--- 1 00 57344 Nov 25 06:49 winbindd_cache.tdb 451222 drwxr-x--- 2 0 512 Nov 25 06:47 winbindd_privileged $ ls -nai /var/lib/samba/winbindd_privileged total 4 451222 drwxr-x--- 2 0 512 Nov 25 06:47 . 162445 drwxr-x--- 5 0 512 Dec 15 04:14 .. 451223 srwxrwxrwx 1 00 0 Nov 25 06:47 pipe just after restart of SQUID process .. $ ls -nai /var/lib/samba total 122140 162445 drwxr-x--- 5 0 512 Dec 15 04:14 . 330886 drwxr-xr-x 5 00512 Nov 17 19:39 .. 162448 -rw-r- 1 08192 Dec 15 04:14 gencache.tdb 162450 -rw-r- 1 0 696 Nov 17 19:39 idmap_cache.tdb 168469 drwxr-x--- 4 0 512 Nov 17 19:39 locks 162451 -rw-r- 1 08192 Dec 14 22:06 messages.tdb 162454 -rw-r- 1 0 62414848 Dec 15 10:04 netsamlogon_cache.tdb 54155 drwxr-x--- 2 0 512 Dec 15 04:14 smb_krb5 162453 -rw--- 1 00 57344 Nov 25 06:49 winbindd_cache.tdb 451222 drwxr-x--- 2 0 512 Nov 25 06:47 winbindd_privileged $ ls -nai /var/lib/samba/winbindd_privileged total 4 451222 drwxr-x--- 2 0 512 Nov 25 06:47 . 162445 drwxr-x--- 5 0 512 Dec 15 04:14 .. 451223 srwxrwxrwx 1 00 0 Nov 25 06:47 pipe Now another notice, I made a change last tuesday on another SQUID server and this seems working almost one week .. $ ls -nai /var/lib/samba total 78156 342924 drwxr-xr-x 5 0 512 Dec 15 04:22 . 66177 drwxr-xr-x 5 00512 Nov 18 01:34 .. 342930 -rw-r--r-- 1 08192 Dec 15 04:22 gencache.tdb 342932 -rw-r--r-- 1 0 696 Nov 18 01:34 idmap_cache.tdb 354946 drwxr-xr-x 4 0 512 Nov 18 01:34 locks 342933 -rw-r--r-- 1 08192 Dec 13 22:06 messages.tdb 342936 -rw-r--r-- 1 0 39903232 Dec 15 10:20 netsamlogon_cache.tdb 222599 drwxr-xr-x 2 0 512 Dec 15 04:22 smb_krb5 342934 -rw--- 1 00 57344 Dec 9 10:44 winbindd_cache.tdb 138380 drwxr-x--- 2 0 512 Dec 9 10:39 winbindd_privileged $ ls -nai /var/lib/samba/winbindd_privileged
RE: [squid-users] winbind directories permissions issue
... Amos I made some cut from our previous posts to avoid any confusion. Sorry I haven't had much to do with winbind than we have already tried. you are the first I've seen where these fixes have not worked. Can you get a full ls -la trace of the directory content and permissions at a time where it's working, and one where its not? Also a list of the squid user name and the groups names it belongs to. $ egrep 'squid|winbin' /etc/passwd /etc/group /etc/passwd:squid:x:1560:1560:SQUID user:/home/SQUID:/bin/ksh /etc/group:squidg::1560: /etc/group:winbind:::squid Below what happended on one of my machine .. sbepskdd. some minutes before the bug occured .. $ ls -nai /var/lib/samba total 121612 162445 drwxr-x--- 5 0 512 Dec 15 04:14 . 330886 drwxr-xr-x 5 00512 Nov 17 19:39 .. 162448 -rw-r- 1 08192 Dec 15 04:14 gencache.tdb 162450 -rw-r- 1 0 696 Nov 17 19:39 idmap_cache.tdb 168469 drwxr-x--- 4 0 512 Nov 17 19:39 locks 162451 -rw-r- 1 08192 Dec 14 22:06 messages.tdb 162454 -rw-r- 1 0 62144512 Dec 15 08:41 netsamlogon_cache.tdb 54155 drwxr-x--- 2 0 512 Dec 15 04:14 smb_krb5 162453 -rw--- 1 00 57344 Nov 25 06:49 winbindd_cache.tdb 451222 drwxr-x--- 2 0 512 Nov 25 06:47 winbindd_privileged $ ls -nai /var/lib/samba/winbindd_privileged total 4 451222 drwxr-x--- 2 0 512 Nov 25 06:47 . 162445 drwxr-x--- 5 0 512 Dec 15 04:14 .. 451223 srwxrwxrwx 1 00 0 Nov 25 06:47 pipe when SQUID is still running but the bug is happening .. $ ls -nai /var/lib/samba total 122140 162445 drwxr-x--- 5 0 512 Dec 15 04:14 . 330886 drwxr-xr-x 5 00512 Nov 17 19:39 .. 162448 -rw-r- 1 08192 Dec 15 04:14 gencache.tdb 162450 -rw-r- 1 0 696 Nov 17 19:39 idmap_cache.tdb 168469 drwxr-x--- 4 0 512 Nov 17 19:39 locks 162451 -rw-r- 1 08192 Dec 14 22:06 messages.tdb 162454 -rw-r- 1 0 62414848 Dec 15 10:04 netsamlogon_cache.tdb 54155 drwxr-x--- 2 0 512 Dec 15 04:14 smb_krb5 162453 -rw--- 1 00 57344 Nov 25 06:49 winbindd_cache.tdb 451222 drwxr-x--- 2 0 512 Nov 25 06:47 winbindd_privileged $ ls -nai /var/lib/samba/winbindd_privileged total 4 451222 drwxr-x--- 2 0 512 Nov 25 06:47 . 162445 drwxr-x--- 5 0 512 Dec 15 04:14 .. 451223 srwxrwxrwx 1 00 0 Nov 25 06:47 pipe just after restart of SQUID process .. $ ls -nai /var/lib/samba total 122140 162445 drwxr-x--- 5 0 512 Dec 15 04:14 . 330886 drwxr-xr-x 5 00512 Nov 17 19:39 .. 162448 -rw-r- 1 08192 Dec 15 04:14 gencache.tdb 162450 -rw-r- 1 0 696 Nov 17 19:39 idmap_cache.tdb 168469 drwxr-x--- 4 0 512 Nov 17 19:39 locks 162451 -rw-r- 1 08192 Dec 14 22:06 messages.tdb 162454 -rw-r- 1 0 62414848 Dec 15 10:04 netsamlogon_cache.tdb 54155 drwxr-x--- 2 0 512 Dec 15 04:14 smb_krb5 162453 -rw--- 1 00 57344 Nov 25 06:49 winbindd_cache.tdb 451222 drwxr-x--- 2 0 512 Nov 25 06:47 winbindd_privileged $ ls -nai /var/lib/samba/winbindd_privileged total 4 451222 drwxr-x--- 2 0 512 Nov 25 06:47 . 162445 drwxr-x--- 5 0 512 Dec 15 04:14 .. 451223 srwxrwxrwx 1 00 0 Nov 25 06:47 pipe Now another notice, I made a change last tuesday on another SQUID server and this seems working almost one week .. $ ls -nai /var/lib/samba total 78156 342924 drwxr-xr-x 5 0 512 Dec 15 04:22 . 66177 drwxr-xr-x 5 00512 Nov 18 01:34 .. 342930 -rw-r--r-- 1 08192 Dec 15 04:22 gencache.tdb 342932 -rw-r--r-- 1 0 696 Nov 18 01:34 idmap_cache.tdb 354946 drwxr-xr-x 4 0 512 Nov 18 01:34 locks 342933 -rw-r--r-- 1 08192 Dec 13 22:06 messages.tdb 342936 -rw-r--r-- 1 0 39903232 Dec 15 10:20 netsamlogon_cache.tdb 222599 drwxr-xr-x 2 0 512 Dec 15 04:22 smb_krb5 342934 -rw--- 1 00 57344 Dec 9 10:44 winbindd_cache.tdb 138380 drwxr-x--- 2 0 512 Dec 9
Re: [squid-users] How to limit user access
In my setup, I limit heavy download sites between 6:00pm and 2:00am (2 hrs past midnight) on weekdays, and between 12:00pm and 2:00am on weekends (for us, it is Fri and Sat). By limiting, I allow the first 50MB of data transfer to go through uninterrupted, after which it is restricted to 256kbps (bits vs bytes in the config below). acl peak time F A 12:00-18:00 acl peak time S M T W H F A 18:00-23:59 acl peak time S M T W H F A 00:00-02:00 acl heavysites dstdomain .rapidshare.com acl heavysites dstdomain .rapidshare.de delay_pools 1 delay_class 1 1 delay_access 1 allow peak heavysites delay_access 1 deny all delay_parameters 1 32000/5000 This is a whole proxy wide setting, and would limit anybody using the proxy, not on single user basis. For that you would need to define a class 3 delay pool. Hope it helps. Regards HASSAN - Original Message - From: Leonardo Rodrigues Magalhães leolis...@solutti.com.br To: ░▒▓ ɹɐzǝupɐɥʞ ɐzɹıɯ ▓▒░ mirz...@gmail.com Cc: Squid Users squid-users@squid-cache.org Sent: Monday, December 15, 2008 14:21 Subject: Re: [squid-users] How to limit user access ░▒▓ ɹɐzǝupɐɥʞ ɐzɹıɯ ▓▒░ escreveu: can you re post ? i have search on my inbox :( i dont find it :( newbie tip: learn how to use mailing lists archives when looking for older messages !!! http://www.squid-cache.org/mail-archive/squid-users/ http://marc.info/?l=squid-usersr=1w=2 (this one is easily searchable) -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertru...@solutti.com.br My SPAMTRAP, do not email it
[squid-users] preferred DNS config
What would you say is preferable - having squid hit a local instance of BIND (or djbdns) or pointing it at the closest upstream name server(s)? -- Rick Chisholm sysadmin Parallel42
Re: [squid-users] Class 4 Delay pools
Johnny Edge wrote: Hello folks, I have a NT Group based acl Squid setup. Everything is fine with it, except for I'd like to provide certain NT Security Groups with more bandwidth than others, i.e. allocate bw by username/groupname. Atm the traffic control is done on a iproute2/tc basis which is not sufficient for my needs. Is this possible and how? Yes. Probably using delay_access. I can't find decent info on Class 4 dalay pools usage. A Class 4 pool works on a per-authentication (username) basis. Any given username is given a bucket/pool (possibly further restricted by the individual, network and/or aggregate buckets), no matter how many IPs their traffic is going to. A class 5 pool, coupled with an external ACL that returns tags according to group membership would allow you to have per-group pools (again possibly further limited by the other buckets), not really what you seem to be looking for. Your best bet is to read a bit more about delay_access and use that to push specific group members in to specific Class 1, 2 or 3 pools (depending on if/how you want to further allocate bandwidth within the pool). For documentation, recently I've been pointing people at http://www.squid-cache.org/Doc/config/, but the section in there on delay_class is not very comprehensive and the section dealing with delay_parameters makes no mention of the fact that Class 4 and Class 5 pools are only available in Squid 3. Upon further inspection, there are links to the version specific information, so it's still a good place to start. See http://www.squid-cache.org/Doc/config/delay_access/, http://www.squid-cache.org/Doc/config/delay_class/ and http://www.squid-cache.org/Doc/config/delay_parameters/ with a dash of http://www.squid-cache.org/Doc/config/external_acl_type/. Please advise. Hope that's advice and not chaos... Here's a bonus section with pseudo ACLs to help illustrate what I'm referring to: acl FastUsers NTLMGroup matches ServerAdmins acl RegularUsers NTLMGroup matches LoggedInUsers # Yes, the FastUsers would also be part of this group acl SlowUsers NTLMGroup matches Guests # Should match all other computers that are allowed access # Now I'll give two examples using the above ACLs # First, the ServerAdmins are given limited bandwidth (but less limited than everyone else) # and guests are even more limited... # Allocate three pools delay_pools 3 # All of type 1 delay_class 1 1 delay_class 2 1 delay_class 3 1 # Set up the ServerAdmin's pool delay_parameters 1 32000/32000 # Next the users' pool delay_parameters 2 16000/16000 # Finally the guest pool delay_parameters 3 8000/8000 # Now we assign users to their respective pools delay_access 1 allow FastUsers delay_access 1 deny all delay_access 2 allow RegularUsers # ServerAdmins have already matched pool 1 delay_access 2 deny all delay_access 3 allow all # Example 2, ServerAdmins are not limited. Everyone else is put into a class 3 pool. delay_pools 1 delay_class 1 3 # 256kbit/s pool limit, no network limit, 16kbit/s individual bucket # Fun fact: Class 2 pools allow an individual bucket to match only the last octet while # class 3 has a separate bucket for every combination of third and fourth octet # (according to the documentation from Squid 2.6*). delay_parameters 1 32000/32000 -1/-1 2000/2000 delay_access 1 deny FastUsers delay_access allow all Thanks, -JE Chris * In other words, given a class 2 delay pool, 10.0.0.10 and 10.0.1.10 would share an individual bucket, but would each have their own individual bucket in a class 3 pool. I haven't read the source code (or tested my theory on a real install), so the documentation (http://www.squid-cache.org/Versions/v2/2.6/cfgman/delay_class.html) might be wrong. I also might be mis-interpreting what the documentation conveys. Then again, maybe this code has been significantly changed since 2.6.
Re: [squid-users] preferred DNS config
What would you say is preferable - having squid hit a local instance of BIND (or djbdns) or pointing it at the closest upstream name server(s)? It doesn't really matter per-se. Squid performs full TTL caching of DNS results same a DNS server would. The real issue is lag time between Squid and its' supplier of DNS info. If you have a local recursive server, its usually giving less lag than an upstream one would. Amos
Re: [squid-users] preferred DNS config
Amos Jeffries wrote: What would you say is preferable - having squid hit a local instance of BIND (or djbdns) or pointing it at the closest upstream name server(s)? It doesn't really matter per-se. Squid performs full TTL caching of DNS results same a DNS server would. The real issue is lag time between Squid and its' supplier of DNS info. If you have a local recursive server, its usually giving less lag than an upstream one would. thanks, that pretty much confirms what I thought. -- Rick Chisholm sysadmin Parallel42
Re: [squid-users] preferred DNS config
Rick Chisholm wrote: What would you say is preferable - having squid hit a local instance of BIND (or djbdns) or pointing it at the closest upstream name server(s)? It really depends on your situation, but I personally feel the more caching, the better. Have a local instance of BIND (or djbdns or dnsmasq) which uses the upstream name server as a forwarder. For what it's worth, Squid does its own internal DNS caching as well (see http://www.squid-cache.org/Doc/config/ipcache_size/, http://www.squid-cache.org/Doc/config/positive_dns_ttl/ and http://www.squid-cache.org/Doc/config/negative_dns_ttl/) Chris
Re: [squid-users] sarg segment fault must clean squid access.log to solved it
happen again SARG: Making report: 192.168.1.21 SARG: Making report: 192.168.1.2 SARG: Making index.html SARG: Compressing log file: /var/log/squid/access.log sh: Compressing: not found SARG: End can anyone tell me... it's totally squid's problem or sarg ? since the way out from this error is delete access.log On Mon, Dec 15, 2008 at 9:20 PM, Henrik Nordstrom hen...@henriknordstrom.net wrote: The information requested is needed for anyone looking into the problem. Regards Henrik On Mon, 2008-12-15 at 08:17 +0700, ░▒▓ ɹɐzǝupɐɥʞ ɐzɹıɯ ▓▒░ wrote: @hendrik : to bad i dont know about C Programming :( @all any solution : ? On Sun, Dec 14, 2008 at 5:54 AM, Henrik Nordstrom hen...@henriknordstrom.net wrote: On Fri, 2008-12-12 at 17:55 +0700, ░▒▓ ɹɐzǝupɐɥʞ ɐzɹıɯ ▓▒░ wrote: SARG: Reading access log file: /var/log/squid/access.log Segmentation fault Should be easy to fix if you know a little C programming. Or even if you don't collect information on the crash and post them hoping that someone else picks up the task.. gdb /path/to/sarg run -x [wait for crash] backtrace - some ppl maybe use sarg and have this problem too Quite likely. - ( maybe ) this problem can be prevent from squid.conf ? Possible, but better to fix sarg I think. Regards Henrik -- -=-=-=-= http://amyhost.com ( webhosting dengan budget terbatas ) Hot News !!! : Pengin punya Layanan SMS PREMIUM ? Contact me ASAP. dapatkan Share revenue MAXIMAL tanpa syarat traffic...
Re: [squid-users] sarg segment fault must clean squid access.log to solved it
happen again SARG: Making report: 192.168.1.21 SARG: Making report: 192.168.1.2 SARG: Making index.html SARG: Compressing log file: /var/log/squid/access.log sh: Compressing: not found SARG: End can anyone tell me... it's totally squid's problem or sarg ? Looks to be sargs fault. Dying while compressing a file it maybe should not be altering. Amos since the way out from this error is delete access.log On Mon, Dec 15, 2008 at 9:20 PM, Henrik Nordstrom hen...@henriknordstrom.net wrote: The information requested is needed for anyone looking into the problem. Regards Henrik On Mon, 2008-12-15 at 08:17 +0700, âââ ɹÉzÇupÉÉ¥Ê Ézɹıɯ âââ wrote: @hendrik : to bad i dont know about C Programming :( @all any solution : ? On Sun, Dec 14, 2008 at 5:54 AM, Henrik Nordstrom hen...@henriknordstrom.net wrote: On Fri, 2008-12-12 at 17:55 +0700, âââ ɹÉzÇupÉÉ¥Ê Ézɹıɯ âââ wrote: SARG: Reading access log file: /var/log/squid/access.log Segmentation fault Should be easy to fix if you know a little C programming. Or even if you don't collect information on the crash and post them hoping that someone else picks up the task.. gdb /path/to/sarg run -x [wait for crash] backtrace - some ppl maybe use sarg and have this problem too Quite likely. - ( maybe ) this problem can be prevent from squid.conf ? Possible, but better to fix sarg I think. Regards Henrik -- -=-=-=-= http://amyhost.com ( webhosting dengan budget terbatas ) Hot News !!! : Pengin punya Layanan SMS PREMIUM ? Contact me ASAP. dapatkan Share revenue MAXIMAL tanpa syarat traffic...
[squid-users] always_direct for src
Hi All, I am using squid 3.1.0.2 I want squid to connect 213.42.24.11 ip directly without connect to the parent squid below is the settings acl intranet_src src 213.42.24.11 always_direct allow intranet_src but its going to the parent proxy in the log file i get this 1229406697.569 4897 10.200.2.172 TCP_MISS/503 1005 GET http://213.42.24.11/ - DEFAULT_PARENT/proxy1.emirates.net.ae text/html but if i use dstdomain instead or src it is working fine how can i use src to have direct connection //Remy
RE: [squid-users] Class 4 Delay pools
Thanks Chris. -Original Message- From: crobert...@gci.net [mailto:crobert...@gci.net] Sent: 16 December 2008 02:53 To: squid-users@squid-cache.org Subject: Re: [squid-users] Class 4 Delay pools Johnny Edge wrote: Hello folks, I have a NT Group based acl Squid setup. Everything is fine with it, except for I'd like to provide certain NT Security Groups with more bandwidth than others, i.e. allocate bw by username/groupname. Atm the traffic control is done on a iproute2/tc basis which is not sufficient for my needs. Is this possible and how? Yes. Probably using delay_access. I can't find decent info on Class 4 dalay pools usage. A Class 4 pool works on a per-authentication (username) basis. Any given username is given a bucket/pool (possibly further restricted by the individual, network and/or aggregate buckets), no matter how many IPs their traffic is going to. A class 5 pool, coupled with an external ACL that returns tags according to group membership would allow you to have per-group pools (again possibly further limited by the other buckets), not really what you seem to be looking for. Your best bet is to read a bit more about delay_access and use that to push specific group members in to specific Class 1, 2 or 3 pools (depending on if/how you want to further allocate bandwidth within the pool). For documentation, recently I've been pointing people at http://www.squid-cache.org/Doc/config/, but the section in there on delay_class is not very comprehensive and the section dealing with delay_parameters makes no mention of the fact that Class 4 and Class 5 pools are only available in Squid 3. Upon further inspection, there are links to the version specific information, so it's still a good place to start. See http://www.squid-cache.org/Doc/config/delay_access/, http://www.squid-cache.org/Doc/config/delay_class/ and http://www.squid-cache.org/Doc/config/delay_parameters/ with a dash of http://www.squid-cache.org/Doc/config/external_acl_type/. Please advise. Hope that's advice and not chaos... Here's a bonus section with pseudo ACLs to help illustrate what I'm referring to: acl FastUsers NTLMGroup matches ServerAdmins acl RegularUsers NTLMGroup matches LoggedInUsers # Yes, the FastUsers would also be part of this group acl SlowUsers NTLMGroup matches Guests # Should match all other computers that are allowed access # Now I'll give two examples using the above ACLs # First, the ServerAdmins are given limited bandwidth (but less limited than everyone else) # and guests are even more limited... # Allocate three pools delay_pools 3 # All of type 1 delay_class 1 1 delay_class 2 1 delay_class 3 1 # Set up the ServerAdmin's pool delay_parameters 1 32000/32000 # Next the users' pool delay_parameters 2 16000/16000 # Finally the guest pool delay_parameters 3 8000/8000 # Now we assign users to their respective pools delay_access 1 allow FastUsers delay_access 1 deny all delay_access 2 allow RegularUsers # ServerAdmins have already matched pool 1 delay_access 2 deny all delay_access 3 allow all # Example 2, ServerAdmins are not limited. Everyone else is put into a class 3 pool. delay_pools 1 delay_class 1 3 # 256kbit/s pool limit, no network limit, 16kbit/s individual bucket # Fun fact: Class 2 pools allow an individual bucket to match only the last octet while # class 3 has a separate bucket for every combination of third and fourth octet # (according to the documentation from Squid 2.6*). delay_parameters 1 32000/32000 -1/-1 2000/2000 delay_access 1 deny FastUsers delay_access allow all Thanks, -JE Chris * In other words, given a class 2 delay pool, 10.0.0.10 and 10.0.1.10 would share an individual bucket, but would each have their own individual bucket in a class 3 pool. I haven't read the source code (or tested my theory on a real install), so the documentation (http://www.squid-cache.org/Versions/v2/2.6/cfgman/delay_class.html) might be wrong. I also might be mis-interpreting what the documentation conveys. Then again, maybe this code has been significantly changed since 2.6.