Re: [squid-users] How to limit user access

[░▒▓ ɹɐzǝupɐɥʞ ɐzɹıɯ ▓▒░]

can you re post ?
i have search on my inbox :( i dont find it :(

On Mon, Dec 15, 2008 at 2:49 PM, Nyamul Hassan mnhas...@usa.net wrote:
 You'll have to use delay pools.  I've sent a post a few days back on
 limiting special sites like RapidShare, where users can download upto a
 certain size after which the download is limited.

 Regards
 HASSAN


 - Original Message - From: ░▒▓ ɹɐzǝupɐɥʞ ɐzɹıɯ ▓▒░
 mirz...@gmail.com
 To: andre wang andre.e...@gmail.com
 Cc: squid-users@squid-cache.org
 Sent: Monday, December 15, 2008 13:29
 Subject: Re: [squid-users] How to limit user access


 hmmm
 that is blocking
 i have already use that
 i mean
 to limit access not killing access

 sorry my mistake if you got understanding :(

 On Mon, Dec 15, 2008 at 2:15 PM, andre wang andre.e...@gmail.com wrote:

 Maybe something like these:

 acl YOUTUBE referer_regex -i youtube.com
 acl CNN referer_regex -i cnn.com
 acl MYALLOW src 192.168.1.1/32 192.168.1.2/32

 http_access allow YOUTUBE MYALLOW
 http_access deny YOUTUBE
 http_access allow CNN MYALLOW
 http_access deny CNN


 On Mon, Dec 15, 2008 at 2:40 PM, ░▒▓ ɹɐzǝupɐɥʞ ɐzɹıɯ ▓▒░
 mirz...@gmail.com wrote:

 sorry im newbie :(
 can you give me the sample ?

 On Mon, Dec 15, 2008 at 1:35 PM, andre wang andre.e...@gmail.com
 wrote:

 Tow ACLs : referer_regex and src may help you get it.


 On Mon, Dec 15, 2008 at 2:08 PM, ░▒▓ ɹɐzǝupɐɥʞ ɐzɹıɯ ▓▒░
 mirz...@gmail.com wrote:

 hello
 how to limit some website based on url and/or ext ?
 i mean e.g.

 i only want to limit access from youtube.com and cnn.com only for user
 192.168.1.1 and 192.168.1.2 but not limit for other user
 but not other website

 have any idea ?
 if using delaypoll
 can you put complete syntax for delaypolls ?
 since i have a little bit difficulty to learn delaypoll

 maybe can be use other command except delaypoll ?

 --





 --
 -=-=-=-=
 http://amyhost.com ( webhosting dengan budget terbatas )
 Hot News !!! :
 Pengin punya Layanan SMS PREMIUM ?
 Contact me ASAP. dapatkan Share revenue MAXIMAL tanpa syarat traffic...





 --
 -=-=-=-=
 http://amyhost.com ( webhosting dengan budget terbatas )
 Hot News !!! :
 Pengin punya Layanan SMS PREMIUM ?
 Contact me ASAP. dapatkan Share revenue MAXIMAL tanpa syarat traffic...






-- 
-=-=-=-=
http://amyhost.com ( webhosting dengan budget terbatas )
Hot News !!! :
Pengin punya Layanan SMS PREMIUM ?
Contact me ASAP. dapatkan Share revenue MAXIMAL tanpa syarat traffic...

Re: [squid-users] How to limit user access

[Leonardo Rodrigues Magalhães]

░▒▓ ɹɐzǝupɐɥʞ ɐzɹıɯ ▓▒░ escreveu:

can you re post ?
i have search on my inbox :( i dont find it :(
  


   newbie tip: learn how to use mailing lists archives when looking for 
older messages !!!


http://www.squid-cache.org/mail-archive/squid-users/
http://marc.info/?l=squid-usersr=1w=2   (this one is easily searchable)

--


Atenciosamente / Sincerily,
Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br

Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it

RE: [squid-users] winbind directories permissions issue

[vincent.blondel]

...
Amos

I made some cut from our previous posts to avoid any confusion.



Sorry I haven't had much to do with winbind than we have already tried.
you are the first I've seen where these fixes have not worked.

Can you get a full ls -la trace of the directory content and
permissions
at a time where it's working, and one where its not? Also a list of the
squid user name and the groups names it belongs to.


$ egrep 'squid|winbin' /etc/passwd /etc/group
/etc/passwd:squid:x:1560:1560:SQUID user:/home/SQUID:/bin/ksh
/etc/group:squidg::1560:
/etc/group:winbind:::squid

Below what happended on one of my machine .. sbepskdd.

some minutes before the bug occured ..

$ ls -nai /var/lib/samba
total 121612
162445 drwxr-x---   5 0 512 Dec 15 04:14 .
330886 drwxr-xr-x   5 00512 Nov 17 19:39 ..
162448 -rw-r-   1 08192 Dec 15 04:14
gencache.tdb
162450 -rw-r-   1 0 696 Nov 17 19:39
idmap_cache.tdb
168469 drwxr-x---   4 0 512 Nov 17 19:39 locks
162451 -rw-r-   1 08192 Dec 14 22:06
messages.tdb
162454 -rw-r-   1 0 62144512 Dec 15 08:41
netsamlogon_cache.tdb
 54155 drwxr-x---   2 0 512 Dec 15 04:14
smb_krb5
162453 -rw---   1 00  57344 Nov 25 06:49
winbindd_cache.tdb
451222 drwxr-x---   2 0 512 Nov 25 06:47
winbindd_privileged

$ ls -nai /var/lib/samba/winbindd_privileged
total 4
451222 drwxr-x---   2 0 512 Nov 25 06:47 .
162445 drwxr-x---   5 0 512 Dec 15 04:14 ..
451223 srwxrwxrwx   1 00  0 Nov 25 06:47 pipe

when SQUID is still running but the bug is happening ..

$ ls -nai /var/lib/samba
total 122140
162445 drwxr-x---   5 0 512 Dec 15 04:14 .
330886 drwxr-xr-x   5 00512 Nov 17 19:39 ..
162448 -rw-r-   1 08192 Dec 15 04:14
gencache.tdb
162450 -rw-r-   1 0 696 Nov 17 19:39
idmap_cache.tdb
168469 drwxr-x---   4 0 512 Nov 17 19:39 locks
162451 -rw-r-   1 08192 Dec 14 22:06
messages.tdb
162454 -rw-r-   1 0 62414848 Dec 15 10:04
netsamlogon_cache.tdb
 54155 drwxr-x---   2 0 512 Dec 15 04:14
smb_krb5
162453 -rw---   1 00  57344 Nov 25 06:49
winbindd_cache.tdb
451222 drwxr-x---   2 0 512 Nov 25 06:47
winbindd_privileged

$ ls -nai /var/lib/samba/winbindd_privileged
total 4
451222 drwxr-x---   2 0 512 Nov 25 06:47 .
162445 drwxr-x---   5 0 512 Dec 15 04:14 ..
451223 srwxrwxrwx   1 00  0 Nov 25 06:47 pipe

just after restart of SQUID process ..

$ ls -nai /var/lib/samba
total 122140
162445 drwxr-x---   5 0 512 Dec 15 04:14 .
330886 drwxr-xr-x   5 00512 Nov 17 19:39 ..
162448 -rw-r-   1 08192 Dec 15 04:14
gencache.tdb
162450 -rw-r-   1 0 696 Nov 17 19:39
idmap_cache.tdb
168469 drwxr-x---   4 0 512 Nov 17 19:39 locks
162451 -rw-r-   1 08192 Dec 14 22:06
messages.tdb
162454 -rw-r-   1 0 62414848 Dec 15 10:04
netsamlogon_cache.tdb
 54155 drwxr-x---   2 0 512 Dec 15 04:14
smb_krb5
162453 -rw---   1 00  57344 Nov 25 06:49
winbindd_cache.tdb
451222 drwxr-x---   2 0 512 Nov 25 06:47
winbindd_privileged

$ ls -nai /var/lib/samba/winbindd_privileged
total 4
451222 drwxr-x---   2 0 512 Nov 25 06:47 .
162445 drwxr-x---   5 0 512 Dec 15 04:14 ..
451223 srwxrwxrwx   1 00  0 Nov 25 06:47 pipe

Now another notice, I made a change last tuesday on another SQUID server
and this seems working almost one week ..

$ ls -nai /var/lib/samba
total 78156
342924 drwxr-xr-x   5 0 512 Dec 15 04:22 .
 66177 drwxr-xr-x   5 00512 Nov 18 01:34 ..
342930 -rw-r--r--   1 08192 Dec 15 04:22
gencache.tdb
342932 -rw-r--r--   1 0 696 Nov 18 01:34
idmap_cache.tdb
354946 drwxr-xr-x   4 0 512 Nov 18 01:34 locks
342933 -rw-r--r--   1 08192 Dec 13 22:06
messages.tdb
342936 -rw-r--r--   1 0 39903232 Dec 15 10:20
netsamlogon_cache.tdb
222599 drwxr-xr-x   2 0 512 Dec 15 04:22
smb_krb5
342934 -rw---   1 00  57344 Dec  9 10:44
winbindd_cache.tdb
138380 drwxr-x---   2 0 512 Dec  9 10:39
winbindd_privileged

$ ls -nai /var/lib/samba/winbindd_privileged
total 4
138380 drwxr-x---   2 0

[squid-users] TR: [Bulk] Re: TR: certificate verification with sha256 and squid

[Raphael]

Hello,

I am looking for a solution to a certificate checking failure from Squid to
filter access to a web server. 

Here is what I got from the Openssl mailing list.

Possibly it is calling SSL_library_init() which doesn't add a complete set
of
digests. OpenSSL_add_all_algorithms() should be called as well.

I looked into the Squid 3 RC11 and didn't find any occurrences of
SSL_library_init. Would someone know how Openssl is called and loaded ?

Thanks

Raphael

-Message d'origine-
De : owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] De la part de Dr. Stephen Henson
Envoyé : vendredi 12 décembre 2008 16:39
À : openssl-us...@openssl.org
Objet : [Bulk] Re: TR: certificate verification with sha256 and squid

On Fri, Dec 12, 2008, Raphael wrote:

 Hi all,
 
  
 
 I am setting up a CA and a reverse proxy https with Squid filtering access
 to the backend web site.
 
 I compiled from source Openssl 0.9.8i on the CA and Squid 2.7 (or 3)
 servers. I manage to verify the sha256 protected certificate on both
 computers using :
 
  
 
 openssl verify -CAFile /root/CA/cacert.pem -verbose
/root/72571934AA.pem
 
 /root/72571934AA.pem: OK
 
  
 
 However when Squid checks client certificate it gives an error in log
files
 :
 
  
 
 SSL unknown certificate error 7 in /C=FR/O=/OU=Users/CN=72571934AA
 
 clientNegotiateSSL: Error negotiating SSL connection on FD 11:error :
 
 0D0C50A1:asn1 encoding routines:ASN1_item_verify:unknown mesage digest
 
 algorithm (1/-1)
 
  
 
 So I think Squid doesn't understand the sha256 message digest so it cannot
 verify the certificate ?
 
 

Possibly it is calling SSL_library_init() which doesn't add a complete set
of
digests. OpenSSL_add_all_algorithms() should be called as well.

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Homepage: http://www.drh-consultancy.demon.co.uk
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-us...@openssl.org
Automated List Manager   majord...@openssl.org

Re: [squid-users] Invalid Requests in access.log

[Amos Jeffries]

w...@msdrd.com wrote:

Amos,

How can I fix it? How do I add the use extension_methods option?



May not need fixing.
http://www.squid-cache.org/Doc/config/extension_methods/




 Original Message 
Subject: Re: [squid-users] Invalid Requests in access.log
From: Amos Jeffries squ...@treenet.co.nz
Date: Sun, December 14, 2008 11:50 pm
To: w...@msdrd.com
Cc: squid-users@squid-cache.org

w...@msdrd.com wrote:

Hello.

I was looking in my access.log file, again, and found other wierd stuff,
again, the log is full of stuff like these:

2008/12/14 22:40:25| clientProcessRequest: Invalid Request
2008/12/14 22:40:32| clientParseRequestMethod: Unsupported method in
request 'NICK [M|CRI|XP|10117]
'
2008/12/14 22:40:32| clientProcessRequest: Invalid Request
2008/12/14 22:40:39| clientParseRequestMethod: Unsupported method in
request 'NICK [M|CRI|XP|02519]
'
2008/12/14 22:40:39| clientProcessRequest: Invalid Request
2008/12/14 22:40:46| clientParseRequestMethod: Unsupported method in
request 'NICK [M|CRI|XP|86755]
'
2008/12/14 22:40:46| clientProcessRequest: Invalid Request
2008/12/14 22:40:54| clientParseRequestMethod: Unsupported method in
request 'NICK [M|CRI|XP|43887]
'
2008/12/14 22:40:54| clientProcessRequest: Invalid Request
2008/12/14 22:41:01| clientParseRequestMethod: Unsupported method in
request 'NICK [M|CRI|XP|34635]
'
2008/12/14 22:41:01| clientProcessRequest: Invalid Request
2008/12/14 22:41:08| clientParseRequestMethod: Unsupported method in
request 'NICK [M|CRI|XP|84846]
'
2008/12/14 22:41:08| clientProcessRequest: Invalid Request
2008/12/14 22:41:15| clientParseRequestMethod: Unsupported method in
request 'NICK [M|CRI|XP|13599]
'
2008/12/14 22:41:15| clientProcessRequest: Invalid Request
2008/12/14 22:41:22| clientParseRequestMethod: Unsupported method in
request 'NICK [M|CRI|XP|60428]
'
2008/12/14 22:41:22| clientProcessRequest: Invalid Request
2008/12/14 22:41:29| clientParseRequestMethod: Unsupported method in
request 'NICK [M|CRI|XP|99030]
'
2008/12/14 22:41:29| clientProcessRequest: Invalid Request
2008/12/14 22:41:36| clientParseRequestMethod: Unsupported method in
request 'NICK [M|CRI|XP|02937]
'
2008/12/14 22:41:36| clientProcessRequest: Invalid Request
2008/12/14 22:41:43| clientParseRequestMethod: Unsupported method in
request 'NICK [M|CRI|XP|50998]
'
2008/12/14 22:41:43| clientProcessRequest: Invalid Request


What is all that? Is someone trying to hack the system or what?


Someone is trying to use SIP or similar software through your proxy.

A transparently intercepting proxy may expect to see that nowdays as 
more non-HTTP software are using the only unblocked port available.


If you don't use interception, then the client may be broken or your 
squid may need to use extension_methods for them.


Amos



--
Please be using
  Current Stable Squid 2.7.STABLE5 or 3.0.STABLE10
  Current Beta Squid 3.1.0.3 or 3.0.STABLE11-RC1

RE: [squid-users] Invalid Requests in access.log

[wh]

Amos,

How can I fix it? How do I add the use extension_methods option?



 Original Message 
Subject: Re: [squid-users] Invalid Requests in access.log
From: Amos Jeffries squ...@treenet.co.nz
Date: Sun, December 14, 2008 11:50 pm
To: w...@msdrd.com
Cc: squid-users@squid-cache.org

w...@msdrd.com wrote:
 Hello.
 
 I was looking in my access.log file, again, and found other wierd stuff,
 again, the log is full of stuff like these:
 
 2008/12/14 22:40:25| clientProcessRequest: Invalid Request
 2008/12/14 22:40:32| clientParseRequestMethod: Unsupported method in
 request 'NICK [M|CRI|XP|10117]
 '
 2008/12/14 22:40:32| clientProcessRequest: Invalid Request
 2008/12/14 22:40:39| clientParseRequestMethod: Unsupported method in
 request 'NICK [M|CRI|XP|02519]
 '
 2008/12/14 22:40:39| clientProcessRequest: Invalid Request
 2008/12/14 22:40:46| clientParseRequestMethod: Unsupported method in
 request 'NICK [M|CRI|XP|86755]
 '
 2008/12/14 22:40:46| clientProcessRequest: Invalid Request
 2008/12/14 22:40:54| clientParseRequestMethod: Unsupported method in
 request 'NICK [M|CRI|XP|43887]
 '
 2008/12/14 22:40:54| clientProcessRequest: Invalid Request
 2008/12/14 22:41:01| clientParseRequestMethod: Unsupported method in
 request 'NICK [M|CRI|XP|34635]
 '
 2008/12/14 22:41:01| clientProcessRequest: Invalid Request
 2008/12/14 22:41:08| clientParseRequestMethod: Unsupported method in
 request 'NICK [M|CRI|XP|84846]
 '
 2008/12/14 22:41:08| clientProcessRequest: Invalid Request
 2008/12/14 22:41:15| clientParseRequestMethod: Unsupported method in
 request 'NICK [M|CRI|XP|13599]
 '
 2008/12/14 22:41:15| clientProcessRequest: Invalid Request
 2008/12/14 22:41:22| clientParseRequestMethod: Unsupported method in
 request 'NICK [M|CRI|XP|60428]
 '
 2008/12/14 22:41:22| clientProcessRequest: Invalid Request
 2008/12/14 22:41:29| clientParseRequestMethod: Unsupported method in
 request 'NICK [M|CRI|XP|99030]
 '
 2008/12/14 22:41:29| clientProcessRequest: Invalid Request
 2008/12/14 22:41:36| clientParseRequestMethod: Unsupported method in
 request 'NICK [M|CRI|XP|02937]
 '
 2008/12/14 22:41:36| clientProcessRequest: Invalid Request
 2008/12/14 22:41:43| clientParseRequestMethod: Unsupported method in
 request 'NICK [M|CRI|XP|50998]
 '
 2008/12/14 22:41:43| clientProcessRequest: Invalid Request
 
 
 What is all that? Is someone trying to hack the system or what?

Someone is trying to use SIP or similar software through your proxy.

A transparently intercepting proxy may expect to see that nowdays as 
more non-HTTP software are using the only unblocked port available.

If you don't use interception, then the client may be broken or your 
squid may need to use extension_methods for them.

Amos
-- 
Please be using
 Current Stable Squid 2.7.STABLE5 or 3.0.STABLE10
 Current Beta Squid 3.1.0.3 or 3.0.STABLE11-RC1

Re: [squid-users] squid

[Amos Jeffries]

vivian tannous wrote:

hello

thank you for reply
i have tried to apply this patch but i have more problems so
can you give me a suitable version of linux and tproxy and iptables



What tproxy version and Squid version are you trying to use?




On Mon, Dec 15, 2008 at 11:48 AM, Matus UHLAR - fantomas
uh...@fantomas.sk wrote:

On 15.12.08 11:31, vivian tannous wrote:

the origin server accept request from ip address of squid , i want the
origin server accept request from real ip address of client
please help me to solve this problem or if you have any idea about this case

you need tproxy support and linux, however it requires that the routers know
about that and redirect returned data to go to squid even if they have
clients' IPs in headers.

Wouldn't X-Forwarded-For header be enough?



Amos
--
Please be using
  Current Stable Squid 2.7.STABLE5 or 3.0.STABLE10
  Current Beta Squid 3.1.0.3 or 3.0.STABLE11-RC1

Re: [squid-users] sarg segment fault must clean squid access.log to solved it

[Henrik Nordstrom]

The information requested is needed for anyone looking into the problem.

Regards
Henrik

On Mon, 2008-12-15 at 08:17 +0700, ░▒▓ ɹɐzǝupɐɥʞ ɐzɹıɯ ▓▒░ wrote:
 @hendrik :
 to bad i dont know about C Programming :(
 
 @all  any solution : ?
 
 On Sun, Dec 14, 2008 at 5:54 AM, Henrik Nordstrom
 hen...@henriknordstrom.net wrote:
  On Fri, 2008-12-12 at 17:55 +0700, ░▒▓ ɹɐzǝupɐɥʞ ɐzɹıɯ ▓▒░ wrote:
  SARG: Reading access log file: /var/log/squid/access.log
  Segmentation fault
 
  Should be easy to fix if you know a little C programming. Or even if you
  don't collect information on the crash and post them hoping that someone
  else picks up the task..
 
   gdb /path/to/sarg
   run -x
   [wait for crash]
   backtrace
 
  - some ppl maybe use sarg and have this problem too
 
  Quite likely.
 
  - ( maybe ) this problem can be prevent from squid.conf ?
 
  Possible, but better to fix sarg I think.
 
  Regards
  Henrik
 
 
 
 
 

Re: [squid-users] squid

[vivian tannous]

hello

thank you for reply
i have tried to apply this patch but i have more problems so
can you give me a suitable version of linux and tproxy and iptables



On Mon, Dec 15, 2008 at 11:48 AM, Matus UHLAR - fantomas
uh...@fantomas.sk wrote:
 On 15.12.08 11:31, vivian tannous wrote:
 the origin server accept request from ip address of squid , i want the
 origin server accept request from real ip address of client
 please help me to solve this problem or if you have any idea about this case

 you need tproxy support and linux, however it requires that the routers know
 about that and redirect returned data to go to squid even if they have
 clients' IPs in headers.

 Wouldn't X-Forwarded-For header be enough?
 --
 Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
 Warning: I wish NOT to receive e-mail advertising to this address.
 Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
 Windows 2000: 640 MB ought to be enough for anybody

Re: [squid-users] squid

[Matus UHLAR - fantomas]

On 15.12.08 11:31, vivian tannous wrote:
 the origin server accept request from ip address of squid , i want the
 origin server accept request from real ip address of client
 please help me to solve this problem or if you have any idea about this case

you need tproxy support and linux, however it requires that the routers know
about that and redirect returned data to go to squid even if they have
clients' IPs in headers.

Wouldn't X-Forwarded-For header be enough?
-- 
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Windows 2000: 640 MB ought to be enough for anybody

Re: [squid-users] TR: [Bulk] Re: TR: certificate verification with sha256 and squid

[Amos Jeffries]

NP: This is a developer question. diverting the converation to squid-dev 
mailing list.


Raphael wrote:

Hello,

I am looking for a solution to a certificate checking failure from Squid to
filter access to a web server. 


Here is what I got from the Openssl mailing list.

Possibly it is calling SSL_library_init() which doesn't add a complete set
of
digests. OpenSSL_add_all_algorithms() should be called as well.

I looked into the Squid 3 RC11 and didn't find any occurrences of
SSL_library_init. Would someone know how Openssl is called and loaded ?


The code should be in  src/ssl_support.*
function:  ssl_initialize(void)

The init code is pretty much:
  SSL_load_error_strings();
  SSLeay_add_ssl_algorithms();

and also in functions sslCreateServerContext and sslCreateClientContext



Thanks

Raphael

-Message d'origine-
De : owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] De la part de Dr. Stephen Henson
Envoyé : vendredi 12 décembre 2008 16:39
À : openssl-us...@openssl.org
Objet : [Bulk] Re: TR: certificate verification with sha256 and squid

On Fri, Dec 12, 2008, Raphael wrote:


Hi all,

 


I am setting up a CA and a reverse proxy https with Squid filtering access
to the backend web site.

I compiled from source Openssl 0.9.8i on the CA and Squid 2.7 (or 3)
servers. I manage to verify the sha256 protected certificate on both
computers using :

 


openssl verify -CAFile /root/CA/cacert.pem -verbose

/root/72571934AA.pem

/root/72571934AA.pem: OK

 


However when Squid checks client certificate it gives an error in log

files

:

 


SSL unknown certificate error 7 in /C=FR/O=/OU=Users/CN=72571934AA

clientNegotiateSSL: Error negotiating SSL connection on FD 11:error :

0D0C50A1:asn1 encoding routines:ASN1_item_verify:unknown mesage digest

algorithm (1/-1)

 


So I think Squid doesn't understand the sha256 message digest so it cannot
verify the certificate ?




Possibly it is calling SSL_library_init() which doesn't add a complete set
of
digests. OpenSSL_add_all_algorithms() should be called as well.

Steve.


Amos
--
Please be using
  Current Stable Squid 2.7.STABLE5 or 3.0.STABLE10
  Current Beta Squid 3.1.0.3 or 3.0.STABLE11-RC1

RE: [squid-users] winbind directories permissions issue

[vincent.blondel]

 ...
 Amos

 I made some cut from our previous posts to avoid any confusion.


 Sorry I haven't had much to do with winbind than we have already
tried.
 you are the first I've seen where these fixes have not worked.

 Can you get a full ls -la trace of the directory content and
 permissions
 at a time where it's working, and one where its not? Also a list of
the
 squid user name and the groups names it belongs to.


 $ egrep 'squid|winbin' /etc/passwd /etc/group
 /etc/passwd:squid:x:1560:1560:SQUID user:/home/SQUID:/bin/ksh
 /etc/group:squidg::1560:
 /etc/group:winbind:::squid

 Below what happended on one of my machine .. sbepskdd.

 some minutes before the bug occured ..

 $ ls -nai /var/lib/samba
 total 121612
 162445 drwxr-x---   5 0 512 Dec 15 04:14 .
 330886 drwxr-xr-x   5 00512 Nov 17 19:39 ..
 162448 -rw-r-   1 08192 Dec 15 04:14
 gencache.tdb
 162450 -rw-r-   1 0 696 Nov 17 19:39
 idmap_cache.tdb
 168469 drwxr-x---   4 0 512 Nov 17 19:39
locks
 162451 -rw-r-   1 08192 Dec 14 22:06
 messages.tdb
 162454 -rw-r-   1 0 62144512 Dec 15 08:41
 netsamlogon_cache.tdb
  54155 drwxr-x---   2 0 512 Dec 15 04:14
 smb_krb5
 162453 -rw---   1 00  57344 Nov 25 06:49
 winbindd_cache.tdb
 451222 drwxr-x---   2 0 512 Nov 25 06:47
 winbindd_privileged

 $ ls -nai /var/lib/samba/winbindd_privileged
 total 4
 451222 drwxr-x---   2 0 512 Nov 25 06:47 .
 162445 drwxr-x---   5 0 512 Dec 15 04:14 ..
 451223 srwxrwxrwx   1 00  0 Nov 25 06:47 pipe

 when SQUID is still running but the bug is happening ..

 $ ls -nai /var/lib/samba
 total 122140
 162445 drwxr-x---   5 0 512 Dec 15 04:14 .
 330886 drwxr-xr-x   5 00512 Nov 17 19:39 ..
 162448 -rw-r-   1 08192 Dec 15 04:14
 gencache.tdb
 162450 -rw-r-   1 0 696 Nov 17 19:39
 idmap_cache.tdb
 168469 drwxr-x---   4 0 512 Nov 17 19:39
locks
 162451 -rw-r-   1 08192 Dec 14 22:06
 messages.tdb
 162454 -rw-r-   1 0 62414848 Dec 15 10:04
 netsamlogon_cache.tdb
  54155 drwxr-x---   2 0 512 Dec 15 04:14
 smb_krb5
 162453 -rw---   1 00  57344 Nov 25 06:49
 winbindd_cache.tdb
 451222 drwxr-x---   2 0 512 Nov 25 06:47
 winbindd_privileged

 $ ls -nai /var/lib/samba/winbindd_privileged
 total 4
 451222 drwxr-x---   2 0 512 Nov 25 06:47 .
 162445 drwxr-x---   5 0 512 Dec 15 04:14 ..
 451223 srwxrwxrwx   1 00  0 Nov 25 06:47 pipe

 just after restart of SQUID process ..

 $ ls -nai /var/lib/samba
 total 122140
 162445 drwxr-x---   5 0 512 Dec 15 04:14 .
 330886 drwxr-xr-x   5 00512 Nov 17 19:39 ..
 162448 -rw-r-   1 08192 Dec 15 04:14
 gencache.tdb
 162450 -rw-r-   1 0 696 Nov 17 19:39
 idmap_cache.tdb
 168469 drwxr-x---   4 0 512 Nov 17 19:39
locks
 162451 -rw-r-   1 08192 Dec 14 22:06
 messages.tdb
 162454 -rw-r-   1 0 62414848 Dec 15 10:04
 netsamlogon_cache.tdb
  54155 drwxr-x---   2 0 512 Dec 15 04:14
 smb_krb5
 162453 -rw---   1 00  57344 Nov 25 06:49
 winbindd_cache.tdb
 451222 drwxr-x---   2 0 512 Nov 25 06:47
 winbindd_privileged

 $ ls -nai /var/lib/samba/winbindd_privileged
 total 4
 451222 drwxr-x---   2 0 512 Nov 25 06:47 .
 162445 drwxr-x---   5 0 512 Dec 15 04:14 ..
 451223 srwxrwxrwx   1 00  0 Nov 25 06:47 pipe

 Now another notice, I made a change last tuesday on another SQUID
server
 and this seems working almost one week ..

 $ ls -nai /var/lib/samba
 total 78156
 342924 drwxr-xr-x   5 0 512 Dec 15 04:22 .
  66177 drwxr-xr-x   5 00512 Nov 18 01:34 ..
 342930 -rw-r--r--   1 08192 Dec 15 04:22
 gencache.tdb
 342932 -rw-r--r--   1 0 696 Nov 18 01:34
 idmap_cache.tdb
 354946 drwxr-xr-x   4 0 512 Nov 18 01:34
locks
 342933 -rw-r--r--   1 08192 Dec 13 22:06
 messages.tdb
 342936 -rw-r--r--   1 0 39903232 Dec 15 10:20
 netsamlogon_cache.tdb
 222599 drwxr-xr-x   2 0 512 Dec 15 04:22
 smb_krb5
 342934 -rw---   1 00  57344 Dec  9 10:44
 winbindd_cache.tdb
 138380 drwxr-x---   2 0 512 Dec  9 

[squid-users] squid

[vivian tannous]

hello
the origin server accept request from ip address of squid , i want the
origin server accept request from real ip address of client
please help me to solve this problem or if you have any idea about this case

thank you

Re: [squid-users] winbind directories permissions issue

[Amos Jeffries]

vincent.blon...@ing.be wrote:

...
Amos

I made some cut from our previous posts to avoid any confusion.



Sorry I haven't had much to do with winbind than we have already tried.
you are the first I've seen where these fixes have not worked.

Can you get a full ls -la trace of the directory content and

permissions

at a time where it's working, and one where its not? Also a list of the
squid user name and the groups names it belongs to.



$ egrep 'squid|winbin' /etc/passwd /etc/group
/etc/passwd:squid:x:1560:1560:SQUID user:/home/SQUID:/bin/ksh
/etc/group:squidg::1560:
/etc/group:winbind:::squid

Below what happended on one of my machine .. sbepskdd.

some minutes before the bug occured ..

$ ls -nai /var/lib/samba
total 121612
162445 drwxr-x---   5 0 512 Dec 15 04:14 .
330886 drwxr-xr-x   5 00512 Nov 17 19:39 ..
162448 -rw-r-   1 08192 Dec 15 04:14
gencache.tdb
162450 -rw-r-   1 0 696 Nov 17 19:39
idmap_cache.tdb
168469 drwxr-x---   4 0 512 Nov 17 19:39 locks
162451 -rw-r-   1 08192 Dec 14 22:06
messages.tdb
162454 -rw-r-   1 0 62144512 Dec 15 08:41
netsamlogon_cache.tdb
 54155 drwxr-x---   2 0 512 Dec 15 04:14
smb_krb5
162453 -rw---   1 00  57344 Nov 25 06:49
winbindd_cache.tdb
451222 drwxr-x---   2 0 512 Nov 25 06:47
winbindd_privileged

$ ls -nai /var/lib/samba/winbindd_privileged
total 4
451222 drwxr-x---   2 0 512 Nov 25 06:47 .
162445 drwxr-x---   5 0 512 Dec 15 04:14 ..
451223 srwxrwxrwx   1 00  0 Nov 25 06:47 pipe

when SQUID is still running but the bug is happening ..

$ ls -nai /var/lib/samba
total 122140
162445 drwxr-x---   5 0 512 Dec 15 04:14 .
330886 drwxr-xr-x   5 00512 Nov 17 19:39 ..
162448 -rw-r-   1 08192 Dec 15 04:14
gencache.tdb
162450 -rw-r-   1 0 696 Nov 17 19:39
idmap_cache.tdb
168469 drwxr-x---   4 0 512 Nov 17 19:39 locks
162451 -rw-r-   1 08192 Dec 14 22:06
messages.tdb
162454 -rw-r-   1 0 62414848 Dec 15 10:04
netsamlogon_cache.tdb
 54155 drwxr-x---   2 0 512 Dec 15 04:14
smb_krb5
162453 -rw---   1 00  57344 Nov 25 06:49
winbindd_cache.tdb
451222 drwxr-x---   2 0 512 Nov 25 06:47
winbindd_privileged

$ ls -nai /var/lib/samba/winbindd_privileged
total 4
451222 drwxr-x---   2 0 512 Nov 25 06:47 .
162445 drwxr-x---   5 0 512 Dec 15 04:14 ..
451223 srwxrwxrwx   1 00  0 Nov 25 06:47 pipe

just after restart of SQUID process ..

$ ls -nai /var/lib/samba
total 122140
162445 drwxr-x---   5 0 512 Dec 15 04:14 .
330886 drwxr-xr-x   5 00512 Nov 17 19:39 ..
162448 -rw-r-   1 08192 Dec 15 04:14
gencache.tdb
162450 -rw-r-   1 0 696 Nov 17 19:39
idmap_cache.tdb
168469 drwxr-x---   4 0 512 Nov 17 19:39 locks
162451 -rw-r-   1 08192 Dec 14 22:06
messages.tdb
162454 -rw-r-   1 0 62414848 Dec 15 10:04
netsamlogon_cache.tdb
 54155 drwxr-x---   2 0 512 Dec 15 04:14
smb_krb5
162453 -rw---   1 00  57344 Nov 25 06:49
winbindd_cache.tdb
451222 drwxr-x---   2 0 512 Nov 25 06:47
winbindd_privileged

$ ls -nai /var/lib/samba/winbindd_privileged
total 4
451222 drwxr-x---   2 0 512 Nov 25 06:47 .
162445 drwxr-x---   5 0 512 Dec 15 04:14 ..
451223 srwxrwxrwx   1 00  0 Nov 25 06:47 pipe

Now another notice, I made a change last tuesday on another SQUID server
and this seems working almost one week ..

$ ls -nai /var/lib/samba
total 78156
342924 drwxr-xr-x   5 0 512 Dec 15 04:22 .
 66177 drwxr-xr-x   5 00512 Nov 18 01:34 ..
342930 -rw-r--r--   1 08192 Dec 15 04:22
gencache.tdb
342932 -rw-r--r--   1 0 696 Nov 18 01:34
idmap_cache.tdb
354946 drwxr-xr-x   4 0 512 Nov 18 01:34 locks
342933 -rw-r--r--   1 08192 Dec 13 22:06
messages.tdb
342936 -rw-r--r--   1 0 39903232 Dec 15 10:20
netsamlogon_cache.tdb
222599 drwxr-xr-x   2 0 512 Dec 15 04:22
smb_krb5
342934 -rw---   1 00  57344 Dec  9 10:44
winbindd_cache.tdb
138380 drwxr-x---   2 0 512 Dec  9 10:39
winbindd_privileged

$ ls -nai /var/lib/samba/winbindd_privileged

RE: [squid-users] winbind directories permissions issue

[vincent.blondel]

 ...
 Amos

 I made some cut from our previous posts to avoid any confusion.


 Sorry I haven't had much to do with winbind than we have already
tried.
 you are the first I've seen where these fixes have not worked.

 Can you get a full ls -la trace of the directory content and
 permissions
 at a time where it's working, and one where its not? Also a list of
the
 squid user name and the groups names it belongs to.


 $ egrep 'squid|winbin' /etc/passwd /etc/group
 /etc/passwd:squid:x:1560:1560:SQUID user:/home/SQUID:/bin/ksh
 /etc/group:squidg::1560:
 /etc/group:winbind:::squid

 Below what happended on one of my machine .. sbepskdd.

 some minutes before the bug occured ..

 $ ls -nai /var/lib/samba
 total 121612
 162445 drwxr-x---   5 0 512 Dec 15 04:14 .
 330886 drwxr-xr-x   5 00512 Nov 17 19:39 ..
 162448 -rw-r-   1 08192 Dec 15 04:14
 gencache.tdb
 162450 -rw-r-   1 0 696 Nov 17 19:39
 idmap_cache.tdb
 168469 drwxr-x---   4 0 512 Nov 17 19:39
locks
 162451 -rw-r-   1 08192 Dec 14 22:06
 messages.tdb
 162454 -rw-r-   1 0 62144512 Dec 15 08:41
 netsamlogon_cache.tdb
  54155 drwxr-x---   2 0 512 Dec 15 04:14
 smb_krb5
 162453 -rw---   1 00  57344 Nov 25 06:49
 winbindd_cache.tdb
 451222 drwxr-x---   2 0 512 Nov 25 06:47
 winbindd_privileged

 $ ls -nai /var/lib/samba/winbindd_privileged
 total 4
 451222 drwxr-x---   2 0 512 Nov 25 06:47 .
 162445 drwxr-x---   5 0 512 Dec 15 04:14 ..
 451223 srwxrwxrwx   1 00  0 Nov 25 06:47 pipe

 when SQUID is still running but the bug is happening ..

 $ ls -nai /var/lib/samba
 total 122140
 162445 drwxr-x---   5 0 512 Dec 15 04:14 .
 330886 drwxr-xr-x   5 00512 Nov 17 19:39 ..
 162448 -rw-r-   1 08192 Dec 15 04:14
 gencache.tdb
 162450 -rw-r-   1 0 696 Nov 17 19:39
 idmap_cache.tdb
 168469 drwxr-x---   4 0 512 Nov 17 19:39
locks
 162451 -rw-r-   1 08192 Dec 14 22:06
 messages.tdb
 162454 -rw-r-   1 0 62414848 Dec 15 10:04
 netsamlogon_cache.tdb
  54155 drwxr-x---   2 0 512 Dec 15 04:14
 smb_krb5
 162453 -rw---   1 00  57344 Nov 25 06:49
 winbindd_cache.tdb
 451222 drwxr-x---   2 0 512 Nov 25 06:47
 winbindd_privileged

 $ ls -nai /var/lib/samba/winbindd_privileged
 total 4
 451222 drwxr-x---   2 0 512 Nov 25 06:47 .
 162445 drwxr-x---   5 0 512 Dec 15 04:14 ..
 451223 srwxrwxrwx   1 00  0 Nov 25 06:47 pipe

 just after restart of SQUID process ..

 $ ls -nai /var/lib/samba
 total 122140
 162445 drwxr-x---   5 0 512 Dec 15 04:14 .
 330886 drwxr-xr-x   5 00512 Nov 17 19:39 ..
 162448 -rw-r-   1 08192 Dec 15 04:14
 gencache.tdb
 162450 -rw-r-   1 0 696 Nov 17 19:39
 idmap_cache.tdb
 168469 drwxr-x---   4 0 512 Nov 17 19:39
locks
 162451 -rw-r-   1 08192 Dec 14 22:06
 messages.tdb
 162454 -rw-r-   1 0 62414848 Dec 15 10:04
 netsamlogon_cache.tdb
  54155 drwxr-x---   2 0 512 Dec 15 04:14
 smb_krb5
 162453 -rw---   1 00  57344 Nov 25 06:49
 winbindd_cache.tdb
 451222 drwxr-x---   2 0 512 Nov 25 06:47
 winbindd_privileged

 $ ls -nai /var/lib/samba/winbindd_privileged
 total 4
 451222 drwxr-x---   2 0 512 Nov 25 06:47 .
 162445 drwxr-x---   5 0 512 Dec 15 04:14 ..
 451223 srwxrwxrwx   1 00  0 Nov 25 06:47 pipe

 Now another notice, I made a change last tuesday on another SQUID
server
 and this seems working almost one week ..

 $ ls -nai /var/lib/samba
 total 78156
 342924 drwxr-xr-x   5 0 512 Dec 15 04:22 .
  66177 drwxr-xr-x   5 00512 Nov 18 01:34 ..
 342930 -rw-r--r--   1 08192 Dec 15 04:22
 gencache.tdb
 342932 -rw-r--r--   1 0 696 Nov 18 01:34
 idmap_cache.tdb
 354946 drwxr-xr-x   4 0 512 Nov 18 01:34
locks
 342933 -rw-r--r--   1 08192 Dec 13 22:06
 messages.tdb
 342936 -rw-r--r--   1 0 39903232 Dec 15 10:20
 netsamlogon_cache.tdb
 222599 drwxr-xr-x   2 0 512 Dec 15 04:22
 smb_krb5
 342934 -rw---   1 00  57344 Dec  9 10:44
 winbindd_cache.tdb
 138380 drwxr-x---   2 0 512 Dec  9 

Re: [squid-users] How to limit user access

[Nyamul Hassan]

In my setup, I limit heavy download sites between 6:00pm and 2:00am (2 hrs 
past midnight) on weekdays, and between 12:00pm and 2:00am on weekends (for 
us, it is Fri and Sat).  By limiting, I allow the first 50MB of data 
transfer to go through uninterrupted, after which it is restricted to 
256kbps (bits vs bytes in the config below).


acl peak time F A 12:00-18:00
acl peak time S M T W H F A 18:00-23:59
acl peak time S M T W H F A 00:00-02:00
acl heavysites dstdomain .rapidshare.com
acl heavysites dstdomain .rapidshare.de
delay_pools 1
delay_class 1 1
delay_access 1 allow peak heavysites
delay_access 1 deny all
delay_parameters 1 32000/5000

This is a whole proxy wide setting, and would limit anybody using the proxy, 
not on single user basis.  For that you would need to define a class 3 delay 
pool.


Hope it helps.

Regards
HASSAN




- Original Message - 
From: Leonardo Rodrigues Magalhães leolis...@solutti.com.br

To: ░▒▓ ɹɐzǝupɐɥʞ ɐzɹıɯ ▓▒░ mirz...@gmail.com
Cc: Squid Users squid-users@squid-cache.org
Sent: Monday, December 15, 2008 14:21
Subject: Re: [squid-users] How to limit user access




░▒▓ ɹɐzǝupɐɥʞ ɐzɹıɯ ▓▒░ escreveu:

can you re post ?
i have search on my inbox :( i dont find it :(



   newbie tip: learn how to use mailing lists archives when looking for
older messages !!!

http://www.squid-cache.org/mail-archive/squid-users/
http://marc.info/?l=squid-usersr=1w=2   (this one is easily searchable)

--


Atenciosamente / Sincerily,
Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br

Minha armadilha de SPAM, NÃO mandem email
gertru...@solutti.com.br
My SPAMTRAP, do not email it

[squid-users] preferred DNS config

[Rick Chisholm]

What would you say is preferable - having squid hit a local instance of
BIND (or djbdns) or pointing it at the closest upstream name server(s)?


-- 
Rick Chisholm
sysadmin
Parallel42

Re: [squid-users] Class 4 Delay pools

[Chris Robertson]

Johnny Edge wrote:

Hello folks,

I have a NT Group based acl Squid setup. Everything is fine with it, except for I'd like to provide certain NT Security Groups with more bandwidth than others, i.e. allocate bw by username/groupname. 
Atm the traffic control is done on a iproute2/tc basis which is not sufficient for my needs.


Is this possible and how?


Yes.  Probably using delay_access.


 I can't find decent info on Class 4 dalay pools usage.


A Class 4 pool works on a per-authentication (username) basis.  Any 
given username is given a bucket/pool (possibly further restricted by 
the individual, network and/or aggregate buckets), no matter how many 
IPs their traffic is going to.  A class 5 pool, coupled with an external 
ACL that returns tags according to group membership would allow you to 
have per-group pools (again possibly further limited by the other 
buckets), not really what you seem to be looking for.  Your best bet is 
to read a bit more about delay_access and use that to push specific 
group members in to specific Class 1, 2 or 3 pools (depending on if/how 
you want to further allocate bandwidth within the pool).


For documentation, recently I've been pointing people at 
http://www.squid-cache.org/Doc/config/, but the section in there on 
delay_class is not very comprehensive and the section dealing with 
delay_parameters makes no mention of the fact that Class 4 and Class 5 
pools are only available in Squid 3.  Upon further inspection, there are 
links to the version specific information, so it's still a good place to 
start.   See http://www.squid-cache.org/Doc/config/delay_access/, 
http://www.squid-cache.org/Doc/config/delay_class/ and 
http://www.squid-cache.org/Doc/config/delay_parameters/ with a dash of 
http://www.squid-cache.org/Doc/config/external_acl_type/.



 Please advise.
  


Hope that's advice and not chaos...  Here's a bonus section with pseudo 
ACLs to help illustrate what I'm referring to:


acl FastUsers NTLMGroup matches ServerAdmins
acl RegularUsers NTLMGroup matches LoggedInUsers # Yes, the FastUsers 
would also be part of this group
acl SlowUsers NTLMGroup matches Guests # Should match all other 
computers that are allowed access


# Now I'll give two examples using the above ACLs
# First, the ServerAdmins are given limited bandwidth (but less limited 
than everyone else)

# and guests are even more limited...

# Allocate three pools
delay_pools 3
# All of type 1
delay_class 1 1
delay_class 2 1
delay_class 3 1
# Set up the ServerAdmin's pool
delay_parameters 1 32000/32000
# Next the users' pool
delay_parameters 2 16000/16000
# Finally the guest pool
delay_parameters 3 8000/8000
# Now we assign users to their respective pools
delay_access 1 allow FastUsers
delay_access 1 deny all
delay_access 2 allow RegularUsers # ServerAdmins have already matched pool 1
delay_access 2 deny all
delay_access 3 allow all

# Example 2, ServerAdmins are not limited. Everyone else is put into a 
class 3 pool.

delay_pools 1
delay_class 1 3
# 256kbit/s pool limit, no network limit, 16kbit/s individual bucket
# Fun fact: Class 2 pools allow an individual bucket to match only the 
last octet while
# class 3 has a separate bucket for every combination of third and 
fourth octet

# (according to the documentation from Squid 2.6*).
delay_parameters 1 32000/32000 -1/-1 2000/2000
delay_access 1 deny FastUsers
delay_access allow all


Thanks,

-JE
  


Chris

* In other words, given a class 2 delay pool, 10.0.0.10 and 10.0.1.10 
would share an individual bucket, but would each have their own 
individual bucket in a class 3 pool.  I haven't read the source code (or 
tested my theory on a real install), so the documentation 
(http://www.squid-cache.org/Versions/v2/2.6/cfgman/delay_class.html) 
might be wrong.  I also might be mis-interpreting what the documentation 
conveys.  Then again, maybe this code has been significantly changed 
since 2.6.

Re: [squid-users] preferred DNS config

[Amos Jeffries]

 What would you say is preferable - having squid hit a local instance of
 BIND (or djbdns) or pointing it at the closest upstream name server(s)?


It doesn't really matter per-se. Squid performs full TTL caching of DNS
results same a DNS server would.  The real issue is lag time between Squid
and its' supplier of DNS info.  If you have a local recursive server, its
usually giving less lag than an upstream one would.

Amos

Re: [squid-users] preferred DNS config

[Rick Chisholm]

Amos Jeffries wrote:
 What would you say is preferable - having squid hit a local instance of
 BIND (or djbdns) or pointing it at the closest upstream name server(s)?

 
 It doesn't really matter per-se. Squid performs full TTL caching of DNS
 results same a DNS server would.  The real issue is lag time between Squid
 and its' supplier of DNS info.  If you have a local recursive server, its
 usually giving less lag than an upstream one would.
 

thanks, that pretty much confirms what I thought.

-- 
Rick Chisholm
sysadmin
Parallel42

Re: [squid-users] preferred DNS config

[Chris Robertson]

Rick Chisholm wrote:

What would you say is preferable - having squid hit a local instance of
BIND (or djbdns) or pointing it at the closest upstream name server(s)?
  


It really depends on your situation, but I personally feel the more 
caching, the better.  Have a local instance of BIND (or djbdns or 
dnsmasq) which uses the upstream name server as a forwarder.  For what 
it's worth, Squid does its own internal DNS caching as well (see 
http://www.squid-cache.org/Doc/config/ipcache_size/, 
http://www.squid-cache.org/Doc/config/positive_dns_ttl/ and 
http://www.squid-cache.org/Doc/config/negative_dns_ttl/)


Chris

Re: [squid-users] sarg segment fault must clean squid access.log to solved it

[░▒▓ ɹɐzǝupɐɥʞ ɐzɹıɯ ▓▒░]

happen again

SARG: Making report: 192.168.1.21
SARG: Making report: 192.168.1.2
SARG: Making index.html
SARG: Compressing log file: /var/log/squid/access.log
sh: Compressing: not found
SARG: End


can anyone tell me...
it's totally squid's problem or sarg ?

since the way out from this error is delete access.log


On Mon, Dec 15, 2008 at 9:20 PM, Henrik Nordstrom
hen...@henriknordstrom.net wrote:
 The information requested is needed for anyone looking into the problem.

 Regards
 Henrik

 On Mon, 2008-12-15 at 08:17 +0700, ░▒▓ ɹɐzǝupɐɥʞ ɐzɹıɯ ▓▒░ wrote:
 @hendrik :
 to bad i dont know about C Programming :(

 @all  any solution : ?

 On Sun, Dec 14, 2008 at 5:54 AM, Henrik Nordstrom
 hen...@henriknordstrom.net wrote:
  On Fri, 2008-12-12 at 17:55 +0700, ░▒▓ ɹɐzǝupɐɥʞ ɐzɹıɯ ▓▒░ wrote:
  SARG: Reading access log file: /var/log/squid/access.log
  Segmentation fault
 
  Should be easy to fix if you know a little C programming. Or even if you
  don't collect information on the crash and post them hoping that someone
  else picks up the task..
 
   gdb /path/to/sarg
   run -x
   [wait for crash]
   backtrace
 
  - some ppl maybe use sarg and have this problem too
 
  Quite likely.
 
  - ( maybe ) this problem can be prevent from squid.conf ?
 
  Possible, but better to fix sarg I think.
 
  Regards
  Henrik
 
 








-- 
-=-=-=-=
http://amyhost.com ( webhosting dengan budget terbatas )
Hot News !!! :
Pengin punya Layanan SMS PREMIUM ?
Contact me ASAP. dapatkan Share revenue MAXIMAL tanpa syarat traffic...

Re: [squid-users] sarg segment fault must clean squid access.log to solved it

[Amos Jeffries]

 happen again

 SARG: Making report: 192.168.1.21
 SARG: Making report: 192.168.1.2
 SARG: Making index.html
 SARG: Compressing log file: /var/log/squid/access.log
 sh: Compressing: not found
 SARG: End


 can anyone tell me...
 it's totally squid's problem or sarg ?

Looks to be sargs fault. Dying while compressing a file it maybe should
not be altering.

Amos


 since the way out from this error is delete access.log


 On Mon, Dec 15, 2008 at 9:20 PM, Henrik Nordstrom
 hen...@henriknordstrom.net wrote:
 The information requested is needed for anyone looking into the problem.

 Regards
 Henrik

 On Mon, 2008-12-15 at 08:17 +0700, ░▒▓ ɹɐzǝupɐɥʞ ɐzɹıɯ
 ▓▒░ wrote:
 @hendrik :
 to bad i dont know about C Programming :(

 @all  any solution : ?

 On Sun, Dec 14, 2008 at 5:54 AM, Henrik Nordstrom
 hen...@henriknordstrom.net wrote:
  On Fri, 2008-12-12 at 17:55 +0700, ░▒▓ ɹɐzǝupɐɥʞ
 ɐzɹıɯ ▓▒░ wrote:
  SARG: Reading access log file: /var/log/squid/access.log
  Segmentation fault
 
  Should be easy to fix if you know a little C programming. Or even if
 you
  don't collect information on the crash and post them hoping that
 someone
  else picks up the task..
 
   gdb /path/to/sarg
   run -x
   [wait for crash]
   backtrace
 
  - some ppl maybe use sarg and have this problem too
 
  Quite likely.
 
  - ( maybe ) this problem can be prevent from squid.conf ?
 
  Possible, but better to fix sarg I think.
 
  Regards
  Henrik
 
 








 --
 -=-=-=-=
 http://amyhost.com ( webhosting dengan budget terbatas )
 Hot News !!! :
 Pengin punya Layanan SMS PREMIUM ?
 Contact me ASAP. dapatkan Share revenue MAXIMAL tanpa syarat traffic...

[squid-users] always_direct for src

[Mario Remy Almeida]

Hi All,

I am using squid 3.1.0.2

I want squid to connect 213.42.24.11 ip directly without connect to the
parent squid
below is the settings

acl intranet_src src 213.42.24.11
always_direct allow intranet_src

but its going to the parent proxy

in the log file i get this

1229406697.569   4897 10.200.2.172 TCP_MISS/503 1005 GET
http://213.42.24.11/ - DEFAULT_PARENT/proxy1.emirates.net.ae text/html

but if i use dstdomain instead or src it is working fine

how can i use src to have direct connection

//Remy

RE: [squid-users] Class 4 Delay pools

[Johnny Edge]

Thanks Chris. 

-Original Message-
From: crobert...@gci.net [mailto:crobert...@gci.net] 
Sent: 16 December 2008 02:53
To: squid-users@squid-cache.org
Subject: Re: [squid-users] Class 4 Delay pools

Johnny Edge wrote:
 Hello folks,

 I have a NT Group based acl Squid setup. Everything is fine with it, except 
 for I'd like to provide certain NT Security Groups with more bandwidth than 
 others, i.e. allocate bw by username/groupname. 
 Atm the traffic control is done on a iproute2/tc basis which is not 
 sufficient for my needs.

 Is this possible and how?

Yes.  Probably using delay_access.

  I can't find decent info on Class 4 dalay pools usage.

A Class 4 pool works on a per-authentication (username) basis.  Any given 
username is given a bucket/pool (possibly further restricted by the individual, 
network and/or aggregate buckets), no matter how many IPs their traffic is 
going to.  A class 5 pool, coupled with an external ACL that returns tags 
according to group membership would allow you to have per-group pools (again 
possibly further limited by the other buckets), not really what you seem to be 
looking for.  Your best bet is to read a bit more about delay_access and use 
that to push specific group members in to specific Class 1, 2 or 3 pools 
(depending on if/how you want to further allocate bandwidth within the pool).

For documentation, recently I've been pointing people at 
http://www.squid-cache.org/Doc/config/, but the section in there on delay_class 
is not very comprehensive and the section dealing with delay_parameters makes 
no mention of the fact that Class 4 and Class 5 pools are only available in 
Squid 3.  Upon further inspection, there are links to the version specific 
information, so it's still a good place to 
start.   See http://www.squid-cache.org/Doc/config/delay_access/, 
http://www.squid-cache.org/Doc/config/delay_class/ and 
http://www.squid-cache.org/Doc/config/delay_parameters/ with a dash of 
http://www.squid-cache.org/Doc/config/external_acl_type/.

  Please advise.
   

Hope that's advice and not chaos...  Here's a bonus section with pseudo ACLs to 
help illustrate what I'm referring to:

acl FastUsers NTLMGroup matches ServerAdmins acl RegularUsers NTLMGroup matches 
LoggedInUsers # Yes, the FastUsers would also be part of this group acl 
SlowUsers NTLMGroup matches Guests # Should match all other computers that are 
allowed access

# Now I'll give two examples using the above ACLs # First, the ServerAdmins are 
given limited bandwidth (but less limited than everyone else) # and guests are 
even more limited...

# Allocate three pools
delay_pools 3
# All of type 1
delay_class 1 1
delay_class 2 1
delay_class 3 1
# Set up the ServerAdmin's pool
delay_parameters 1 32000/32000
# Next the users' pool
delay_parameters 2 16000/16000
# Finally the guest pool
delay_parameters 3 8000/8000
# Now we assign users to their respective pools delay_access 1 allow FastUsers 
delay_access 1 deny all delay_access 2 allow RegularUsers # ServerAdmins have 
already matched pool 1 delay_access 2 deny all delay_access 3 allow all

# Example 2, ServerAdmins are not limited. Everyone else is put into a class 3 
pool.
delay_pools 1
delay_class 1 3
# 256kbit/s pool limit, no network limit, 16kbit/s individual bucket # Fun 
fact: Class 2 pools allow an individual bucket to match only the last octet 
while # class 3 has a separate bucket for every combination of third and fourth 
octet # (according to the documentation from Squid 2.6*).
delay_parameters 1 32000/32000 -1/-1 2000/2000 delay_access 1 deny FastUsers 
delay_access allow all

 Thanks,

 -JE
   

Chris

* In other words, given a class 2 delay pool, 10.0.0.10 and 10.0.1.10 would 
share an individual bucket, but would each have their own individual bucket in 
a class 3 pool.  I haven't read the source code (or tested my theory on a real 
install), so the documentation
(http://www.squid-cache.org/Versions/v2/2.6/cfgman/delay_class.html)
might be wrong.  I also might be mis-interpreting what the documentation 
conveys.  Then again, maybe this code has been significantly changed since 2.6.