Re: [squid-users] squid caching report
* bijayant kumar bijayan...@yahoo.com: Hello list, I want to have reports about the squid performance like how much caching is being done by Squid, how much bandwidth is being saved by the squid cache by returning objects from cache. I thought of cache manager output but my seniors want to see reports in a less complex format something like graph based reports. I have configured the MRTG graph also for the squid but most of the stuff I am not able to understand. Why not use calamaris? -- Ralf Hildebrandtralf.hildebra...@charite.de Charite - Universitätsmedizin BerlinTel. +49 (0)30-450 570-155 Geschäftsbereich IT | Abt. Netzwerk Fax. +49 (0)30-450 570-962 Hindenburgdamm 30 | 12200 Berlin
[squid-users] Problem in WCCP configuration
Hi All, Two wccp services 80, 90 is detected by the router. 80 - outgoing, 90-incoming. But return traffic does not comes to squid. No packets redirected by the service 90. Router IOS version is Cisco IOS Software, 2800 Software (C2800NM-ADVIPSERVICESK9-M), Version 12.4(13b), RELEASE SOFTWARE (fc3). Any bug in this IOS version. Global WCCP information: Router information: Router Identifier: xx.xx.xx.xx Protocol Version:2.0 Service Identifier: 80 Number of Service Group Clients: 1 Number of Service Group Routers: 1 Total Packets s/w Redirected:1146 Process: 0 Fast: 0 CEF: 1146 Redirect access-list:15 Total Packets Denied Redirect: 2814525 Total Packets Unassigned:15328 Group access-list: -none- Total Messages Denied to Group: 0 Total Authentication failures: 0 Total Bypassed Packets Received: 0 Service Identifier: 90 Number of Service Group Clients: 1 Number of Service Group Routers: 1 Total Packets s/w Redirected:0 Process: 0 Fast: 0 CEF: 0 Redirect access-list:15 Total Packets Denied Redirect: 3143419 Total Packets Unassigned:17297 Group access-list: -none- Total Messages Denied to Group: 0 Total Authentication failures: 0 Total Bypassed Packets Received: 0 Squid configuration : wccp2_service dynamic 80 wccp2_service_info 80 protocol=tcp flags=src_ip_hash priority=240 ports=80 wccp2_service dynamic 90 wccp2_service_info 90 protocol=tcp flags=dst_ip_hash,ports_source priority=240 ports=80 But it works good in transparent mode. Thanks in advance. Thanks Vk. You are invited to Get a Free AOL Email ID. - http://webmail.aol.in
Re: [squid-users] squid caching report
Hi. You can use cacti but it's MRTG-like. The best tools I know for squid reports are sarg (which is rather popular) and lightsquid (it makes reports a lot faster but I don't know if it's popular outside Russia). Regards, LPIC-1, EMCPA Nikita Andreev
[squid-users] Squid 2.6 STABLE 6 : SubDirectory trailing slash
Hi, all, I'm trying squid as a reverse proxy for a web application. I have a problem when my URL is not ending with a trailing slash. For example : http://ip-proxy/test/ = OK http://ip-proxy/test = KO, Problem if I send the request directly to the IIS server we have : http://ip-iis/test/ = OK http://ip-iis/test = OK What can I do in squid.conf to correct this problem. I didn't find a good solution on the Internet yesterday. Best regards. FX
[squid-users] Squid 2.7 Chained Proxies and NTLM Pass-thru
hello all, my clients should access an IIS website requesting ntlm authentication 'WWW-Authentication'. they all use ie6 and proxied through a chain of two proxies. the first one hosted in internal network making the whole job of logging, validating ntlm authentication coming from all the ie's with our internal active directories, allow/deny websites mime-types and all kind of stuffs. the other one hosted in dmz as making simply the job of gateway to the internet. Both of them are running 2.7.4 simple question .. Is that possible or not to make this surfing working .. if yes what do I have to configure ?? Do I have to activate things like squid ntlm_auth binary, connection-auth=on, login=PASS ?? many thks for your help. Vincent - ATTENTION: The information in this electronic mail message is private and confidential, and only intended for the addressee. Should you receive this message by mistake, you are hereby notified that any disclosure, reproduction, distribution or use of this message is strictly prohibited. Please inform the sender by reply transmission and delete the message without copying or opening it. Messages and attachments are scanned for all viruses known. If this message contains password-protected attachments, the files have NOT been scanned for viruses by the ING mail domain. Always scan attachments before opening them. -
Re: [squid-users] squid caching report
Hi ALL Here is HOW to - Step by Step. I use this on Redhat/CentOS SARG - Step by Step - Fisst install rpmforge-release RPM . Then, perform below steps [r...@worldnet ~]# yum install sarg [r...@worldnet ~]# cd /etc/httpd/conf.d/ [r...@worldnet conf.d]# cp sarg.conf sarg.conf.orig [r...@worldnet conf.d]# cat sarg.conf Alias /sarg /var/www/sarg Directory /var/www/sarg DirectoryIndex index.html Order deny,allow Deny from all Allow from all /Directory [r...@worldnet conf.d]# /etc/init.d/httpd restart Then, [r...@worldnet ~]# cd /var/www/sarg/ Now, Edit words ONE-SHOT and One shot reports of index.html to reports and reports (Every 30 minutes) as follows. tda href=web-reports/index.htmlweb-reports/a/td tdweb-reports/td Then, [r...@worldnet sarg]# cd /etc/sarg/ [r...@worldnet sarg]# cp sarg.conf sarg.conf.orig And edit, sarg.conf Pls coment out below line as follows, #output_dir /var/www/sarg/ONE-SHOT and, Add below line. output_dir /var/www/sarg/web-reports Then, issue below command, [r...@worldnet sarg]# /usr/bin/sarg SARG: Records in file: 1514, reading: 100.00% Then, touch [r...@worldnet ~]# touch /var/www/sarg/sarg.cron [r...@worldnet sarg]# cat /var/www/sarg/sarg.cron #!/bin/bash cd /var/www/sarg/web-reports rm -rf * /usr/bin/sarg [r...@wolrdnet sarg]# chmod 755 /var/www/sarg/sarg.cron Then, [r...@worldnet ~]# cd /etc/cron.d [r...@worldnet cron.d]# touch sarg [r...@worldnet ~]# cat /etc/cron.d/sarg 0 15 * * * root /var/www/sarg/sarg.cron /dev/null 21 Then, issue below commands. [r...@worldnet ~]# /etc/cron.daily/sarg [r...@worldnet ~]# /etc/cron.weekly/sarg [r...@worldnet ~]# /etc/cron.monthly/sarg Now, Browse as follows. http://192.168.101.25/sarg That's it. On Fri, Jan 16, 2009 at 2:58 PM, Andreev Nikita n...@kemsu.ru wrote: Hi. You can use cacti but it's MRTG-like. The best tools I know for squid reports are sarg (which is rather popular) and lightsquid (it makes reports a lot faster but I don't know if it's popular outside Russia). Regards, LPIC-1, EMCPA Nikita Andreev -- Thank you Indunil Jayasooriya
Re: [squid-users] Squid 2.6 STABLE 6 : SubDirectory trailing slash
On Fri, Jan 16, 2009 at 11:08 AM, François-Xavier VIOLET fxvio...@ciril.net wrote: Hi, all, I'm trying squid as a reverse proxy for a web application. I have a problem when my URL is not ending with a trailing slash. For example : http://ip-proxy/test/ = OK http://ip-proxy/test = KO, Problem Can you be a bit more specific about what is the problem? What error do you get? Without knowing it, it's hard to suggest a fix.. -- /kinkie
Re: [squid-users] Squid 2.7 Chained Proxies and NTLM Pass-thru
vincent.blon...@ing.be wrote: hello all, my clients should access an IIS website requesting ntlm authentication 'WWW-Authentication'. they all use ie6 and proxied through a chain of two proxies. the first one hosted in internal network making the whole job of logging, validating ntlm authentication coming from all the ie's with our internal active directories, allow/deny websites mime-types and all kind of stuffs. the other one hosted in dmz as making simply the job of gateway to the internet. Both of them are running 2.7.4 simple question .. Is that possible or not to make this surfing working .. if yes what do I have to configure ?? Do I have to activate things like squid ntlm_auth binary, connection-auth=on, login=PASS ?? Only connection-auth=on. Not login=PASS. auth_* should not be needed unless Proxy-Authentication is required. Amos -- Please be using Current Stable Squid 2.7.STABLE5 or 3.0.STABLE11 Current Beta Squid 3.1.0.3
[squid-users] unexpected http status code
Hello. I would like to know what does these errors mean: 2009/01/15 20:44:39| ctx: enter level 0: 'http://prev.explabs.net/sspost3.aspx' 2009/01/15 20:44:39| http.cc(561) HttpStateData::cacheableReply: unexpected http status code 100 2009/01/15 21:04:42| ctx: exit level 0 2009/01/15 21:04:42| ctx: enter level 0: 'http://prev.explabs.net/sspost3.aspx' 2009/01/15 21:04:42| http.cc(561) HttpStateData::cacheableReply: unexpected http status code 100 2009/01/15 21:24:39| ctx: exit level 0 2009/01/15 21:24:39| ctx: enter level 0: 'http://prev.explabs.net/sspost3.aspx' 2009/01/15 21:24:39| http.cc(561) HttpStateData::cacheableReply: unexpected http status code 100 2009/01/15 21:44:40| ctx: exit level 0 2009/01/15 21:44:40| ctx: enter level 0: 'http://prev.explabs.net/sspost3.aspx' 2009/01/15 21:44:40| http.cc(561) HttpStateData::cacheableReply: unexpected http status code 100 Thanks in advanced for your help.
[squid-users] Squid and Google Sorry Message
Greetings I am running two squid boxes as content filters for a number of schools. Google has recently changed and we are now getting a Sorry you look like a botnet We're sorry... ... but your query looks similar to automated requests from a computer virus or spyware application. To protect our users, we can't process your request right now. We'll restore your access as quickly as possible, so try again soon. In the meantime, if you suspect that your computer or network has been infected, you might want to run a virus checker or spyware remover to make sure that your systems are free of viruses and other spurious software. from what I can tell. too many searches from one IP address. I have been running this way for years. is there anything I can do to have squid give out more than one ip address? or is there some tweek that I can perform to make this error go away? thanks -jeff
[squid-users] Fwd: Problem in WCCP configuration
Amos, Henrik I need your help. I am a newbie in squid + tproxy + WCCP. So I sent lot messages to you. Now i describe my problem. I have a router with 2 Ethernet, 6 Serial interfaces. LAN users connected via Ethernet 0/0 and squid machine connected via Ethernet 0/1 interface. And internet connected all the 4 interfaces. I had created the tunneling interface using router identifier address. Router detects the two wccp services. But my problem is.. Squid works transparent perfectly. rule- ip wccp web-cache redirect in -- Ethernet 0/0 -LAN interface. But I tried Tproxy, it doesn't works. ip wccp 80 redirect in , ip wccp 90 redirect out -- Ethernet 0/0 - LAN interface. And i tried all the options based on --http://wiki.squid-cache.org/ConfigExamples/FullyTransparentWithTPROXY. But no luck. I checked in webserver. Client reaches it. Squid returns connection timeout error. Router IOS version is Cisco IOS Software, 2800 Software (C2800NM-ADVIPSERVICESK9-M), Version 12.4(13b), RELEASE SOFTWARE (fc3). Any bug in this IOS version. Global WCCP information: Router information: Router Identifier: xx.xx.xx.xx Protocol Version:2.0 Service Identifier: 80 Number of Service Group Clients: 1 Number of Service Group Routers: 1 Total Packets s/w Redirected:1146 Process: 0 Fast: 0 CEF: 1146 Redirect access-list:15 Total Packets Denied Redirect: 2814525 Total Packets Unassigned:15328 Group access-list: -none- Total Messages Denied to Group: 0 Total Authentication failures: 0 Total Bypassed Packets Received: 0 Service Identifier: 90 Number of Service Group Clients: 1 Number of Service Group Routers: 1 Total Packets s/w Redirected:0 Process: 0 Fast: 0 CEF: 0 Redirect access-list:15 Total Packets Denied Redirect: 3143419 Total Packets Unassigned:17297 Group access-list: -none- Total Messages Denied to Group: 0 Total Authentication failures: 0 Total Bypassed Packets Received: 0 Squid configuration : wccp2_service dynamic 80 wccp2_service_info 80 protocol=tcp flags=src_ip_hash priority=240 ports=80 wccp2_service dynamic 90 wccp2_service_info 90 protocol=tcp flags=dst_ip_hash,ports_source priority=240 ports=80 But it works good in transparent mode. Thanks in advance. Thanks Vk. You are invited to Get a Free AOL Email ID. - http://webmail.aol.in
Re: [squid-users] Vary: * handling in Squid
On Fri, Jan 16, 2009 at 11:27 AM, Amos Jeffries squ...@treenet.co.nz wrote: howard chen wrote: Hello, (1) Is that Vary: * exact header, or Vary: with some header names? Exactly Vary: * (2) do the pages have Cache-Control: must-revalidate ? or does squid.conf have a short refresh_pattern age with override-expires that matches you pages. The header was sent-out by Apache 1.3x mod_gzip, the page is supposed to be cached (standard JS and CSS files) no custom refresh_pattern being set. Thanks.
Re: [squid-users] Squid and Google Sorry Message
MALWARE ALERT! I had this, my PC was infected by a drive by download from an innocent site. 2009/1/16 jeff donovan dono...@beth.k12.pa.us: Greetings I am running two squid boxes as content filters for a number of schools. Google has recently changed and we are now getting a Sorry you look like a botnet We're sorry... ... but your query looks similar to automated requests from a computer virus or spyware application. To protect our users, we can't process your request right now. We'll restore your access as quickly as possible, so try again soon. In the meantime, if you suspect that your computer or network has been infected, you might want to run a virus checker or spyware remover to make sure that your systems are free of viruses and other spurious software. from what I can tell. too many searches from one IP address. I have been running this way for years. is there anything I can do to have squid give out more than one ip address? or is there some tweek that I can perform to make this error go away? thanks -jeff
Re: [squid-users] Squid and Google Sorry Message
Some additional thoughts. From memory, when my PC was infected it was bypassing squid and going direct. (My PC was allowed through the firewall for testing) The malware was looking for other sites to infect using Google. As google are already blocking your access I would start looking at your firewall. Log all requests to port 80 and look for the PC/s that are trying to access google constantly. This showed up pretty quick when I was infected. I chose to rebuild my PC. Hope this helps. 2009/1/16 Mark Barlow squid.users.mailing.l...@googlemail.com: MALWARE ALERT! I had this, my PC was infected by a drive by download from an innocent site. 2009/1/16 jeff donovan dono...@beth.k12.pa.us: Greetings I am running two squid boxes as content filters for a number of schools. Google has recently changed and we are now getting a Sorry you look like a botnet We're sorry... ... but your query looks similar to automated requests from a computer virus or spyware application. To protect our users, we can't process your request right now. We'll restore your access as quickly as possible, so try again soon. In the meantime, if you suspect that your computer or network has been infected, you might want to run a virus checker or spyware remover to make sure that your systems are free of viruses and other spurious software. from what I can tell. too many searches from one IP address. I have been running this way for years. is there anything I can do to have squid give out more than one ip address? or is there some tweek that I can perform to make this error go away? thanks -jeff
Re: [squid-users] Cisco with WCCP!! newbie here..
hello :) I've took a break of working live on squid and started reading more about it to see what I'm getting myself into.. I managed to get the router and squid to see each other and troubleshoot the GRE tunnel.. sh ip wccp shows hits.. but when I check the access.log and cache.log of squid I see nothing.. any idea what might be causing this? heres the output of router debug: 6 17:10:14.012: WCCP-PKT:D90: Received valid Here_I_Am packet from 192.168.0.2 w/rcv_id 0020 6 17:10:14.012: WCCP-PKT:D90: Sending I_See_You packet to 192.168.0.2 w/ rcv_id 0021 6 17:10:14.016: WCCP-PKT:D80: Received valid Here_I_Am packet from 192.168.0.2 w/rcv_id 0020 6 17:10:14.016: WCCP-PKT:D80: Sending I_See_You packet to 192.168.0.2 w/ rcv_id 0021 6 17:10:31.504: WCCP-PKT:D90: Received valid Here_I_Am packet from 192.168.0.2 w/rcv_id 0021 6 17:10:31.504: WCCP-PKT:D90: Sending I_See_You packet to 192.168.0.2 w/ rcv_id 0022 6 17:10:31.508: WCCP-PKT:D80: Received valid Here_I_Am packet from 192.168.0.2 w/rcv_id 0021 6 17:10:31.508: WCCP-PKT:D80: Sending I_See_You packet to 192.168.0.2 w/ rcv_id 0022 6 17:10:48.640: WCCP-PKT:D90: Received valid Here_I_Am packet from 192.168.0.2 w/rcv_id 0022 6 17:10:48.640: WCCP-PKT:D90: Sending I_See_You packet to 192.168.0.2 w/ rcv_id 0023 6 17:10:48.644: WCCP-PKT:D80: Received valid Here_I_Am packet from 192.168.0.2 w/rcv_id 0022 6 17:10:48.644: WCCP-PKT:D80: Sending I_See_You packet to 192.168.0.2 w/ rcv_id 0023 6 17:11:03.656: WCCP-PKT:D90: Received valid Here_I_Am packet from 192.168.0.2 w/rcv_id 0023 6 17:11:03.656: WCCP-PKT:D90: Sending I_See_You packet to 192.168.0.2 w/ rcv_id 0024 6 17:11:03.656: WCCP-PKT:D80: Received valid Here_I_Am packet from 192.168.0.2 w/rcv_id 0023 6 17:11:03.656: WCCP-PKT:D80: Sending I_See_You packet to 192.168.0.2 w/ rcv_id 0024 6 17:11:17.056: WCCP-PKT:D90: Received valid Here_I_Am packet from 192.168.0.2 w/rcv_id 0024 6 17:11:17.056: WCCP-PKT:D90: Sending I_See_You packet to 192.168.0.2 w/ rcv_id 0025 6 17:11:17.060: WCCP-PKT:D80: Received valid Here_I_Am packet from 192.168.0.2 w/rcv_id 0024 6 17:11:17.060: WCCP-PKT:D80: Sending I_See_You packet to 192.168.0.2 w/ rcv_id 0025 6 17:11:28.060: WCCP-PKT:D90: Received valid Here_I_Am packet from 192.168.0.2 w/rcv_id 0025 6 17:11:28.060: WCCP-PKT:D90: Sending I_See_You packet to 192.168.0.2 w/ rcv_id 0026 6 17:11:28.064: WCCP-PKT:D80: Received valid Here_I_Am packet from 192.168.0.2 w/rcv_id 0025 6 17:11:28.064: WCCP-PKT:D80: Sending I_See_You packet to 192.168.0.2 w/ rcv_id 0026 6 17:11:42.904: WCCP-PKT:D90: Received valid Here_I_Am packet from 192.168.0.2 w/rcv_id 0026 6 17:11:42.904: WCCP-PKT:D90: Sending I_See_You packet to 192.168.0.2 w/ rcv_id 0027 6 17:11:42.904: WCCP-PKT:D80: Received valid Here_I_Am packet from 192.168.0.2 w/rcv_id 0026 6 17:11:42.904: WCCP-PKT:D80: Sending I_See_You packet to 192.168.0.2 w/ rcv_id 0027 6 17:11:56.640: WCCP-PKT:D90: Received valid Here_I_Am packet from 192.168.0.2 w/rcv_id 0027 6 17:11:56.640: WCCP-PKT:D90: Sending I_See_You packet to 192.168.0.2 w/ rcv_id 0028 6 17:11:56.644: WCCP-PKT:D80: Received valid Here_I_Am packet from 192.168.0.2 w/rcv_id 0027 6 17:11:56.644: WCCP-PKT:D80: Sending I_See_You packet to 192.168.0.2 w/ rcv_id 0028 6 17:12:11.392: WCCP-PKT:D90: Received valid Here_I_Am packet from 192.168.0.2 w/rcv_id 0028 6 17:12:11.392: WCCP-PKT:D90: Sending I_See_You packet to 192.168.0.2 w/ rcv_id 0029 6 17:12:11.392: WCCP-PKT:D80: Received valid Here_I_Am packet from 192.168.0.2 w/rcv_id 0028 6 17:12:11.392: WCCP-PKT:D80: Sending I_See_You packet to 192.168.0.2 w/ rcv_id 0029 6 17:12:22.960: WCCP-PKT:D90: Received valid Here_I_Am packet from 192.168.0.2 w/rcv_id 0029 6 17:12:22.960: WCCP-PKT:D90: Sending I_See_You packet to 192.168.0.2 w/ rcv_id 002A 6 17:12:22.968: WCCP-PKT:D80: Received valid Here_I_Am packet from 192.168.0.2 w/rcv_id 0029 6 17:12:22.968: WCCP-PKT:D80: Sending I_See_You packet to 192.168.0.2 w/ rcv_id 002A CME-Router#sh ip wccp Global WCCP information: Router information: Router Identifier: 172.16.50.54 Protocol Version:2.0 Service Identifier: web-cache Number of Service Group Clients: 0 Number of Service Group Routers: 0 Total Packets s/w Redirected:0 Process: 0 Fast: 0 CEF: 0 Redirect access-list:198 Total Packets Denied Redirect: 0 Total Packets Unassigned:0 Group access-list: -none- Total Messages Denied to Group: 0 Total Authentication failures: 0 Total Bypassed Packets Received: 0 Service Identifier: 80
RE: [squid-users] Cisco with WCCP!! newbie here..
The firewall on the squid box might be blocking the traffic, either the GRE traffic itself, or some other facet. Start by allowing all traffic in to the box on the eth interface and the gre interface from both the IP from the router identifier field, and the IP of the ethernet interface of the router that egresses to the squid box. For example, if 172.16.50.54 is the loopback interface on the router, and 192.168.10.1 is the FastEthernet0/0 interface of the router, and the squid box hangs off of FastEthernet0/0, then put those two IPs in as allows. If you use subinterfaces with IPs, use the subinterface. Testing I have done has shown that depending on the configuration and IOS of the router, the router will use different IPs to talk to the squid box. If doing this fixes your problem, you can then narrow down the firewall rules to be more specific, and therefore more secure. Nick From: Roland Roland [mailto:r_o_l_a_...@hotmail.com] Sent: Fri 1/16/2009 8:27 PM To: Ritter, Nicholas; squid-users@squid-cache.org Subject: Re: [squid-users] Cisco with WCCP!! newbie here.. hello :) I've took a break of working live on squid and started reading more about it to see what I'm getting myself into.. I managed to get the router and squid to see each other and troubleshoot the GRE tunnel.. sh ip wccp shows hits.. but when I check the access.log and cache.log of squid I see nothing.. any idea what might be causing this? heres the output of router debug: 6 17:10:14.012: WCCP-PKT:D90: Received valid Here_I_Am packet from 192.168.0.2 w/rcv_id 0020 6 17:10:14.012: WCCP-PKT:D90: Sending I_See_You packet to 192.168.0.2 w/ rcv_id 0021 6 17:10:14.016: WCCP-PKT:D80: Received valid Here_I_Am packet from 192.168.0.2 w/rcv_id 0020 6 17:10:14.016: WCCP-PKT:D80: Sending I_See_You packet to 192.168.0.2 w/ rcv_id 0021 6 17:10:31.504: WCCP-PKT:D90: Received valid Here_I_Am packet from 192.168.0.2 w/rcv_id 0021 6 17:10:31.504: WCCP-PKT:D90: Sending I_See_You packet to 192.168.0.2 w/ rcv_id 0022 6 17:10:31.508: WCCP-PKT:D80: Received valid Here_I_Am packet from 192.168.0.2 w/rcv_id 0021 6 17:10:31.508: WCCP-PKT:D80: Sending I_See_You packet to 192.168.0.2 w/ rcv_id 0022 6 17:10:48.640: WCCP-PKT:D90: Received valid Here_I_Am packet from 192.168.0.2 w/rcv_id 0022 6 17:10:48.640: WCCP-PKT:D90: Sending I_See_You packet to 192.168.0.2 w/ rcv_id 0023 6 17:10:48.644: WCCP-PKT:D80: Received valid Here_I_Am packet from 192.168.0.2 w/rcv_id 0022 6 17:10:48.644: WCCP-PKT:D80: Sending I_See_You packet to 192.168.0.2 w/ rcv_id 0023 6 17:11:03.656: WCCP-PKT:D90: Received valid Here_I_Am packet from 192.168.0.2 w/rcv_id 0023 6 17:11:03.656: WCCP-PKT:D90: Sending I_See_You packet to 192.168.0.2 w/ rcv_id 0024 6 17:11:03.656: WCCP-PKT:D80: Received valid Here_I_Am packet from 192.168.0.2 w/rcv_id 0023 6 17:11:03.656: WCCP-PKT:D80: Sending I_See_You packet to 192.168.0.2 w/ rcv_id 0024 6 17:11:17.056: WCCP-PKT:D90: Received valid Here_I_Am packet from 192.168.0.2 w/rcv_id 0024 6 17:11:17.056: WCCP-PKT:D90: Sending I_See_You packet to 192.168.0.2 w/ rcv_id 0025 6 17:11:17.060: WCCP-PKT:D80: Received valid Here_I_Am packet from 192.168.0.2 w/rcv_id 0024 6 17:11:17.060: WCCP-PKT:D80: Sending I_See_You packet to 192.168.0.2 w/ rcv_id 0025 6 17:11:28.060: WCCP-PKT:D90: Received valid Here_I_Am packet from 192.168.0.2 w/rcv_id 0025 6 17:11:28.060: WCCP-PKT:D90: Sending I_See_You packet to 192.168.0.2 w/ rcv_id 0026 6 17:11:28.064: WCCP-PKT:D80: Received valid Here_I_Am packet from 192.168.0.2 w/rcv_id 0025 6 17:11:28.064: WCCP-PKT:D80: Sending I_See_You packet to 192.168.0.2 w/ rcv_id 0026 6 17:11:42.904: WCCP-PKT:D90: Received valid Here_I_Am packet from 192.168.0.2 w/rcv_id 0026 6 17:11:42.904: WCCP-PKT:D90: Sending I_See_You packet to 192.168.0.2 w/ rcv_id 0027 6 17:11:42.904: WCCP-PKT:D80: Received valid Here_I_Am packet from 192.168.0.2 w/rcv_id 0026 6 17:11:42.904: WCCP-PKT:D80: Sending I_See_You packet to 192.168.0.2 w/ rcv_id 0027 6 17:11:56.640: WCCP-PKT:D90: Received valid Here_I_Am packet from 192.168.0.2 w/rcv_id 0027 6 17:11:56.640: WCCP-PKT:D90: Sending I_See_You packet to 192.168.0.2 w/ rcv_id 0028 6 17:11:56.644: WCCP-PKT:D80: Received valid Here_I_Am packet from 192.168.0.2 w/rcv_id 0027 6 17:11:56.644: WCCP-PKT:D80: Sending I_See_You packet to 192.168.0.2 w/ rcv_id 0028 6 17:12:11.392: WCCP-PKT:D90: Received valid Here_I_Am packet from 192.168.0.2 w/rcv_id 0028 6 17:12:11.392: WCCP-PKT:D90: Sending I_See_You packet to 192.168.0.2 w/ rcv_id 0029 6 17:12:11.392: WCCP-PKT:D80: Received valid Here_I_Am packet from 192.168.0.2 w/rcv_id 0028 6 17:12:11.392: WCCP-PKT:D80: Sending I_See_You packet to 192.168.0.2 w/ rcv_id 0029 6 17:12:22.960: WCCP-PKT:D90: Received valid Here_I_Am packet from 192.168.0.2 w/rcv_id 0029 6 17:12:22.960: WCCP-PKT:D90:
[squid-users] SNMP OIDs
Hi, We are trying to get rid fo a commercial reverse proxy, how ever, we must get this data from SNMP. I know that squid has snmp support, I've used, but I dont know all oids. Does any one has a link where oids are specified? Regards,
RE: [squid-users] squid caching report
If you have snmp enabled, I would highly recommend setting up an instance of cacti (http://www.cacti.net/) If you have trouble understanding the Cacti installation, I would recommend getting started with CactiEZ...it's an ISO that gets you up and going fast. CactiEZ Download: http://mirror.cactiusers.org/downloads/CactiEZ-v0.4.tar.gz CactiEZ Documentation: http://cactiusers.org/wiki/CactiEZ Cacti templates for Squid: http://forums.cacti.net/about4142.html I have Cacti doing all my reporting on Squid, and it's beautiful (and the execs love it, which doesn’t hurt...I can send you graph examples if you like) - Gregori -Original Message- From: bijayant kumar [mailto:bijayan...@yahoo.com] Sent: Thursday, January 15, 2009 10:48 PM To: squid users Subject: [squid-users] squid caching report Hello list, I want to have reports about the squid performance like how much caching is being done by Squid, how much bandwidth is being saved by the squid cache by returning objects from cache. I thought of cache manager output but my seniors want to see reports in a less complex format something like graph based reports. I have configured the MRTG graph also for the squid but most of the stuff I am not able to understand. Is anything available on the Internet so that I can create some graphs/reports about the Squid performance? Any pointer will be highly useful for me. Bijayant Kumar Get your preferred Email name! Now you can @ymail.com and @rocketmail.com. http://mail.promotions.yahoo.com/newdomains/aa/
RE: [squid-users] OWA accelerator authentication weirdness
Yes. Multiple authentication methods, triggered from multiple sources, going via multiple paths can be confusing. Squid auth_param elided, which leaves: A user name and password are being requested by ... == basic challenge by ISA. Enter user name and password for ... == integrated/NTLM challenge by ISA. I'm now thinking we have two distinct configurations for Squid: Basic Auth (only) passed back cache_peer ... login=PASS connection-auth=off NTLM Auth (only) passed back: cache_peer ... connection-auth=on Which appear to be non-compatible auth methods at present. What happens if you re-enable the connection-auth on https_port and remove the login=PASS from cache_peer? Amos OWA is back to the previous double login with Firefox. Activesync PDA won't accept login.
[squid-users] request for help
I installed squid-3.0 STABLE11 and at first it is working smooth, but after 1
day the proxy is working very very slow and dying, I am getting an error
similar below. Can anybody help me on my problem please.
2009/01/16 22:42:47| WARNING: HTTP header contains NULL characters {Accept: */*
Content-Type: application/x-www-form-urlencoded}
2009/01/16 22:42:50| tunnelReadServer: FD 3918: read failure: (0) Success
2009/01/16 22:42:51| tunnelReadServer: FD 3767: read failure: (0) Success
Thanks in advance,
Wennie
RE: [squid-users] Cisco with WCCP!! newbie here..
Wouldn't having a web-cache and another identifier 80 cause issues? Web-cache is port 80. What does your wccp2_service directive say, 80 or 0? W What does your wccp ACL look like on your router/asa? What does your wccp2_forwarding and wccp2_return method state? (this is your communication over gre) Can your router/asa ping the GRE IP on your squid box? Your squid box is setting up the wccp via its normal IP, but is probably configured to communicate on the GRE tunnel. My guess is something is not configured properly there. - Nick -Original Message- From: Roland Roland [mailto:r_o_l_a_...@hotmail.com] Sent: Friday, January 16, 2009 9:27 PM To: Ritter, Nicholas; squid-users@squid-cache.org Subject: Re: [squid-users] Cisco with WCCP!! newbie here.. hello :) I've took a break of working live on squid and started reading more about it to see what I'm getting myself into.. I managed to get the router and squid to see each other and troubleshoot the GRE tunnel.. sh ip wccp shows hits.. but when I check the access.log and cache.log of squid I see nothing.. any idea what might be causing this? heres the output of router debug: 6 17:10:14.012: WCCP-PKT:D90: Received valid Here_I_Am packet from 192.168.0.2 w/rcv_id 0020 6 17:10:14.012: WCCP-PKT:D90: Sending I_See_You packet to 192.168.0.2 w/ rcv_id 0021 6 17:10:14.016: WCCP-PKT:D80: Received valid Here_I_Am packet from 192.168.0.2 w/rcv_id 0020 6 17:10:14.016: WCCP-PKT:D80: Sending I_See_You packet to 192.168.0.2 w/ rcv_id 0021 6 17:10:31.504: WCCP-PKT:D90: Received valid Here_I_Am packet from 192.168.0.2 w/rcv_id 0021 6 17:10:31.504: WCCP-PKT:D90: Sending I_See_You packet to 192.168.0.2 w/ rcv_id 0022 6 17:10:31.508: WCCP-PKT:D80: Received valid Here_I_Am packet from 192.168.0.2 w/rcv_id 0021 6 17:10:31.508: WCCP-PKT:D80: Sending I_See_You packet to 192.168.0.2 w/ rcv_id 0022 6 17:10:48.640: WCCP-PKT:D90: Received valid Here_I_Am packet from 192.168.0.2 w/rcv_id 0022 6 17:10:48.640: WCCP-PKT:D90: Sending I_See_You packet to 192.168.0.2 w/ rcv_id 0023 6 17:10:48.644: WCCP-PKT:D80: Received valid Here_I_Am packet from 192.168.0.2 w/rcv_id 0022 6 17:10:48.644: WCCP-PKT:D80: Sending I_See_You packet to 192.168.0.2 w/ rcv_id 0023 6 17:11:03.656: WCCP-PKT:D90: Received valid Here_I_Am packet from 192.168.0.2 w/rcv_id 0023 6 17:11:03.656: WCCP-PKT:D90: Sending I_See_You packet to 192.168.0.2 w/ rcv_id 0024 6 17:11:03.656: WCCP-PKT:D80: Received valid Here_I_Am packet from 192.168.0.2 w/rcv_id 0023 6 17:11:03.656: WCCP-PKT:D80: Sending I_See_You packet to 192.168.0.2 w/ rcv_id 0024 6 17:11:17.056: WCCP-PKT:D90: Received valid Here_I_Am packet from 192.168.0.2 w/rcv_id 0024 6 17:11:17.056: WCCP-PKT:D90: Sending I_See_You packet to 192.168.0.2 w/ rcv_id 0025 6 17:11:17.060: WCCP-PKT:D80: Received valid Here_I_Am packet from 192.168.0.2 w/rcv_id 0024 6 17:11:17.060: WCCP-PKT:D80: Sending I_See_You packet to 192.168.0.2 w/ rcv_id 0025 6 17:11:28.060: WCCP-PKT:D90: Received valid Here_I_Am packet from 192.168.0.2 w/rcv_id 0025 6 17:11:28.060: WCCP-PKT:D90: Sending I_See_You packet to 192.168.0.2 w/ rcv_id 0026 6 17:11:28.064: WCCP-PKT:D80: Received valid Here_I_Am packet from 192.168.0.2 w/rcv_id 0025 6 17:11:28.064: WCCP-PKT:D80: Sending I_See_You packet to 192.168.0.2 w/ rcv_id 0026 6 17:11:42.904: WCCP-PKT:D90: Received valid Here_I_Am packet from 192.168.0.2 w/rcv_id 0026 6 17:11:42.904: WCCP-PKT:D90: Sending I_See_You packet to 192.168.0.2 w/ rcv_id 0027 6 17:11:42.904: WCCP-PKT:D80: Received valid Here_I_Am packet from 192.168.0.2 w/rcv_id 0026 6 17:11:42.904: WCCP-PKT:D80: Sending I_See_You packet to 192.168.0.2 w/ rcv_id 0027 6 17:11:56.640: WCCP-PKT:D90: Received valid Here_I_Am packet from 192.168.0.2 w/rcv_id 0027 6 17:11:56.640: WCCP-PKT:D90: Sending I_See_You packet to 192.168.0.2 w/ rcv_id 0028 6 17:11:56.644: WCCP-PKT:D80: Received valid Here_I_Am packet from 192.168.0.2 w/rcv_id 0027 6 17:11:56.644: WCCP-PKT:D80: Sending I_See_You packet to 192.168.0.2 w/ rcv_id 0028 6 17:12:11.392: WCCP-PKT:D90: Received valid Here_I_Am packet from 192.168.0.2 w/rcv_id 0028 6 17:12:11.392: WCCP-PKT:D90: Sending I_See_You packet to 192.168.0.2 w/ rcv_id 0029 6 17:12:11.392: WCCP-PKT:D80: Received valid Here_I_Am packet from 192.168.0.2 w/rcv_id 0028 6 17:12:11.392: WCCP-PKT:D80: Sending I_See_You packet to 192.168.0.2 w/ rcv_id 0029 6 17:12:22.960: WCCP-PKT:D90: Received valid Here_I_Am packet from 192.168.0.2 w/rcv_id 0029 6 17:12:22.960: WCCP-PKT:D90: Sending I_See_You packet to 192.168.0.2 w/ rcv_id 002A 6 17:12:22.968: WCCP-PKT:D80: Received valid Here_I_Am packet from 192.168.0.2 w/rcv_id 0029 6 17:12:22.968: WCCP-PKT:D80: Sending I_See_You packet to 192.168.0.2 w/ rcv_id 002A CME-Router#sh ip wccp Global WCCP information: Router information: Router Identifier:
Re: [squid-users] oot: about sarg
░▒▓ ɹɐzǝupɐɥʞ ɐzɹıɯ ▓▒░ wrote: i use crontab */30 * * * * /usr/bin/sarg -f /etc/squid/sarg.conf but the sarg always display 2 lines 16Jan2009-16Jan2009 Fri Jan 16 07:30:01 EST 20097 82.28M 11.75M 15Jan2009-16Jan2009 Fri Jan 16 06:30:12 EST 200998 3.44G 35.13M 15Jan2009-15Jan2009 Fri Jan 16 00:00:12 EST 200998 3.44G 35.12M This looks like you have three SARG processes running. One started at midnight, one at 06:30 and one at 07:30. 1) How large is your access.log? 2) How often do you rotate it? You are not specifying that SARG only process data for the current day, so it's working on the whole data set every time it runs. how to fix it ? the point 15Jan2009-16Jan2009 is similar with 15Jan2009-15Jan2009 i want to set my report everyday with update every 30 min... I run SARG on an hourly basis at a lot of my client's sites, so I tell it to only process the current day's reports, with a script in /etc/cron.hourly that looks like... #!/bin/bash #Get current date TODAY=$(date +%d/%m/%Y) /usr/bin/sarg -d $TODAY-$TODAY exit $? # End Script Chris
Re: [squid-users] Problems with squidclient
Andreev Nikita wrote: Hi. I'm trying to get basic squid info by issuing 'squidclient -p 8080 mgr:info'. Port 8080 is where our squid is listening to connections. All clients works fine through the squid. But squidclient return http response (lets say mydomain.com is my domain): ERROR The requested URL could not be retrieved While trying to retrieve the URL: cache_object://localhost.mydomain.com/info The following error was encountered: Access Denied. Access control configuration prevents your request from being allowed at this time. Please contact your service provider if you feel this is incorrect. Your cache administrator is r...@mydomain.com. Here are the squid access directives: http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access deny pubrooms pubrooms_ext http_access allow localhost http_access allow our_networks http_access deny all Here is the debug info: 2009/01/16 11:00:35| The request GET cache_object://localhost/info is ALLOWED, because it matched 'localhost' Here the http_request allow manager localhost matched, so the request was allowed. 2009/01/16 11:00:35| CACHEMGR: unknown@127.0.0.1 requesting 'info' 2009/01/16 11:00:35| The reply for GET cache_object://localhost.mydomain.com/info is DENIED, because it matched 'all' What do your reply_access lines look like? The reply to this allowed request is denied. 2009/01/16 11:00:35| The reply for GET cache_object://localhost.mydomain.com/info is ALLOWED, because it matched 'all' This debug output is absolutely unclear for me. Why does the same link hit the same acl with different results (deny and allow). Because that ACL is used in more than one rule. Why are there two different links? Squid test both the request and the reply against access rules. And finally. Why it doesn't work? It did work. Just as you configured it to. ;o) If computers did what we want instead of what we ask them to, I'd likely be out of a job... Regards, LPIC-1, EMCPA Nikita Andreev Chris
Re: [squid-users] squid caching report
bijayant kumar wrote: Hello list, I want to have reports about the squid performance like how much caching is being done by Squid, how much bandwidth is being saved by the squid cache by returning objects from cache. I thought of cache manager output but my seniors want to see reports in a less complex format something like graph based reports. I have configured the MRTG graph also for the squid but most of the stuff I am not able to understand. Is anything available on the Internet so that I can create some graphs/reports about the Squid performance? Any pointer will be highly useful for me. http://www.squid-cache.org/Scripts/ Bijayant Kumar Chris
RE: [squid-users] SNMP OIDs
Google is your friend, search for Squid+OID...the following were in the top 10 results: http://www.linofee.org/~jel/proxy/Squid/oid.shtml http://www.oidview.com/mibs/3495/SQUID-MIB.html Keep in mind that a lot of these OIDs will end in .1, .5 and .60 (for 1 min, 5 min and hourly averages) e.g. requestHitRatioOneMin .1.3.6.1.4.1.3495.1.3.2.2.1.9.1 requestHitRatioFiveMin .1.3.6.1.4.1.3495.1.3.2.2.1.9.5 requestHitRatioHourly .1.3.6.1.4.1.3495.1.3.2.2.1.9.60 You can also just snmpwalk the 1.3.6.1.4.1.3495.1 tree -Original Message- From: Luis Daniel Lucio Quiroz [mailto:luis.daniel.lu...@gmail.com] Sent: Friday, January 16, 2009 9:54 AM To: squid-users@squid-cache.org Subject: [squid-users] SNMP OIDs Hi, We are trying to get rid fo a commercial reverse proxy, how ever, we must get this data from SNMP. I know that squid has snmp support, I've used, but I dont know all oids. Does any one has a link where oids are specified? Regards,
Re: [squid-users] Frequent cache rebuilding
Andreev Nikita wrote: Hi. What are the reasons of squid rebuilding it's cache? Sometimes after startup sometimes during work it starts to rebuild cache. I see it in cahce.log: Squid rebuilds the swap.state file when a logrotate (and I think reconfigure) is called for. Usually it's not a big deal. My main cache has about 13 million objects and rebuilding the cache takes just over 10 seconds: 2009/01/15 04:02:27| storeDirWriteCleanLogs: Starting... ... 2009/01/15 04:02:39| Finished. Wrote 12918887 entries. 2009/01/15 04:02:39| Took 12.4 seconds (1044380.1 entries/sec). and 2009/01/16 04:02:29| storeDirWriteCleanLogs: Starting... ... 2009/01/16 04:02:40| Finished. Wrote 12906114 entries. 2009/01/16 04:02:40| Took 11.3 seconds (1138371.9 entries/sec). 2009/01/16 09:30:24| Starting Squid Cache version 2.6.STABLE6 for x86_64-redhat-linux-gnu... 2009/01/16 09:30:24| Process ID 2625 2009/01/16 09:30:24| With 1024 file descriptors available 2009/01/16 09:30:24| Using epoll for the IO loop 2009/01/16 09:30:24| DNS Socket created at 0.0.0.0, port 60302, FD 5 2009/01/16 09:30:24| Adding domain mydomain.com from /etc/resolv.conf 2009/01/16 09:30:24| Adding nameserver 22.179.1.11 from /etc/resolv.conf 2009/01/16 09:30:24| Adding nameserver 22.179.1.15 from /etc/resolv.conf 2009/01/16 09:30:24| User-Agent logging is disabled. 2009/01/16 09:30:24| Referer logging is disabled. 2009/01/16 09:30:24| Unlinkd pipe opened on FD 10 2009/01/16 09:30:24| Swap maxSize 16777216 KB, estimated 1290555 objects 2009/01/16 09:30:24| Target number of buckets: 64527 2009/01/16 09:30:24| Using 65536 Store buckets 2009/01/16 09:30:24| Max Mem size: 393216 KB 2009/01/16 09:30:24| Max Swap size: 16777216 KB 2009/01/16 09:30:24| Local cache digest enabled; rebuild/rewrite every 3600/3600 sec 2009/01/16 09:30:24| Store logging disabled 2009/01/16 09:30:24| Rebuilding storage in /var/spool/squid (CLEAN) 2009/01/16 09:30:24| Using Least Load store dir selection 2009/01/16 09:30:24| Set Current Directory to /var/spool/squid 2009/01/16 09:30:24| Loaded Icons. 2009/01/16 09:30:26| Accepting proxy HTTP connections at 0.0.0.0, port 8080, FD 11. 2009/01/16 09:30:26| Accepting ICP messages at 0.0.0.0, port 3130, FD 12. 2009/01/16 09:30:26| WCCP Disabled. 2009/01/16 09:30:26| Ready to serve requests. 2009/01/16 09:30:35| Store rebuilding is 0.4% complete 2009/01/16 09:30:53| Store rebuilding is 1.1% complete 2009/01/16 09:31:08| Store rebuilding is 1.5% complete 2009/01/16 09:31:24| Store rebuilding is 2.3% complete 2009/01/16 09:31:44| Store rebuilding is 3.1% complete 2009/01/16 09:32:01| Store rebuilding is 3.4% complete ... 2009/01/16 10:32:41| Store rebuilding is 98.1% complete 2009/01/16 10:33:06| Store rebuilding is 98.5% complete 2009/01/16 10:33:26| Store rebuilding is 98.9% complete 2009/01/16 10:33:53| Store rebuilding is 99.6% complete 2009/01/16 10:34:13| Done reading /var/spool/squid swaplog (1072895 entries) 2009/01/16 10:34:13| Finished rebuilding storage from disk. 2009/01/16 10:34:13| 1072895 Entries scanned 2009/01/16 10:34:13| 0 Invalid entries. 2009/01/16 10:34:13| 0 With invalid flags. 2009/01/16 10:34:13| 1044791 Objects loaded. 2009/01/16 10:34:13| 0 Objects expired. 2009/01/16 10:34:13| 0 Objects cancelled. 2009/01/16 10:34:13| 7253 Duplicate URLs purged. 2009/01/16 10:34:13| 20851 Swapfile clashes avoided. 2009/01/16 10:34:13| Took 3829.6 seconds ( 272.8 objects/sec). Yikes. That's slow... 2009/01/16 10:34:13| Beginning Validation Procedure 2009/01/16 10:35:04|262144 Entries Validated so far. 2009/01/16 10:35:17|524288 Entries Validated so far. 2009/01/16 10:35:25|786432 Entries Validated so far. 2009/01/16 10:35:43| Completed Validation Procedure 2009/01/16 10:35:43| Validated 1044747 Entries 2009/01/16 10:35:43| store_swap_size = 15131260k 2009/01/16 10:37:58| storeLateRelease: released 4184 objects I never stop squid abnormally and I never restart server abnormally. So I don't understand why does squid do it. It takes a lot of CPU resources and about an hour of time. What kind of CPU resources? Userspace, system, or wait? It never happened before. But now it happens several times a day. Could somebody help whith that? P.S. I have 18G partition with 16G granted for squid cache and 2G free for temporary squid files. So I hope it's enough space for squid to perform it's everyday tasks. Ah. A lot of file systems start to perform poorly as they approach capacity. I'd suggest setting your cache_dir to 13G and let squid clear out the excess or grow the partition to 30G (if you have the space). Regards, LPIC-1, EMCPA Nikita Andreev Chris
Re: [squid-users] SNMP OIDs
Luis Daniel Lucio Quiroz wrote: Hi, We are trying to get rid fo a commercial reverse proxy, how ever, we must get this data from SNMP. I know that squid has snmp support, I've used, but I dont know all oids. Does any one has a link where oids are specified? Regards, There is a MIB included in the source. Also, http://wiki.squid-cache.org/SquidFaq/SquidSnmp Chris
Re: [squid-users] Squid and Google Sorry Message
Mark Barlow wrote: Log all requests to port 80 and look for the PC/s that are trying to access google constantly. Especially at times when it's normally a lower load. At the school I work for, lunchtime is pretty slow as pretty much everyone is off the computers... And nights are obvious too (if you leave the computers on that is). Alternatively, it could be something like X-Forwarded-For is off (not sure if Google check that, but enabling it if it's off might help). TB
[squid-users] ADSL -- Linux -- Hub -- Windows .................. Slow response
I have installed RHEL 5.1 and have the following result with the following configurations. Conf-A. ADSL Modem---Windows // It offers fast response when connecting any website Conf-B. ADSL Modem -- Linux-- Hub---Windows Client ... // Slow response compared to Conf-A when connecting any website Conf-C. ADSL Modem -- Router -- Linux --- Hub -- Windows Client .. // Fast response and same as Conf-A. Note: 1. All above configuration are test without squid (i.e with NAT only mode ) 2. Selinux -- Permissive mode Conf-A Conf-C response time are fast and i think same... Here is my questions... !! Why it becomes slow response time with Conf-B style configurations... ? If any one of you suspect, pls test by yourself. I think ... we need to makes some tweaks... in Linux box... But I dont know ... May be MTU...Selinux.or sth else... I believe any one can point out me how to fix Conf-B to get fast response. Mr.Crack007
