[squid-users] I: Re: [squid-users] R: Re: [squid-users] Squid cache cgi-bin
Messaggio originale Da: projpr...@libero.it Data: 25-feb-2009 8.46 A: squ...@treenet.co.nz Cc: squid-users@squid-cache.org Ogg: R: Re: [squid-users] R: Re: [squid-users] Squid cache cgi-bin ok i report here what my con file (the only mistake I found is about the coredump_dir that it´s still in windows format): acl all src all acl SSL_ports port 443 acl Safe_ports port 8080# http acl Safe_ports port 443 # https acl CONNECT method CONNECT acl server_sites dstdomain domain.server.org external_acl_type squid_ldap children=50 %LOGIN usr/sbin/squid_ldap_group -R - v 3 -s sub -b dc=dom, dc=org -f ((objectClass=person) (sAMAccountName=%v) (memberOf=cn=%a,ou=one,ou=twon,ou=three,dc=four,dc=five,dc=org)) -d -D cn=... -w x -h another.server.org -p 3268 acl static urlpath_regex .gif .jpg .html acl authorized_one external squid_ldap one acl authorized_two external squid_ldap two acl authorized_three external squid_ldap three acl authorized_four external squid_ldap four acl authorized_five external squid_ldap five acl authorized_six external squid_ldap six acl fly urlpath_regex some part to match in the eddress acl password proxy_auth REQUIRED cache allow static cache_peer_access server allow server_sites cache_peer_access server deny all cache_peer 1xx..x.x.xx parent 81xx 0 no-query originserver name=server http_access allow password server_sites authorized_one http_access allow password server_sites authorized_two fly http_access deny all cache_dir ufs /var/cache/squid 100 16 256 refresh_pattern ^ftp: 144020% 10080 refresh_pattern ^gopher:14400% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 20% 4320 acl apache rep_header Server ^Apache # TAG: cache_dns_program # cache_dns_program c:/squid/libexec/dnsserver.exe # For heavily loaded caches on large servers, you should # (see res_init(3)). This prevents caches in a hierarchy # message to cache.log. You can allow responses from unknown # TAG: ipcache_size(number of entries) # TAG: ipcache_low (percent) # TAG: ipcache_high(percent) # The size, low-, and high-water marks for the IP cache. # ipcache_size 1024 # ipcache_low 90 # ipcache_high 95 # TAG: fqdncache_size (number of entries) # Maximum number of FQDN cache entries. # fqdncache_size 1024 # TAG: cachemgr_passwd # Specify passwords for cachemgr operations. # Usage: cachemgr_passwd password action action ... # Some valid actions are (see cache manager menu for a full list): # fqdncache # ipcache # cachemgr_passwd secret shutdown # cachemgr_passwd lesssecret info stats/objects # cachemgr_passwd disable all # When you enable this option, client no-cache or ``reload'' # see also refresh_pattern for a more selective approach. # are in a complex cache hierarchy to work around access # Enable this option and Squid will never try to validate cached # Leave coredumps in the first cache dir coredump_dir c:/squid/var/cache Messaggio originale Da: squ...@treenet.co.nz Data: 25-feb-2009 3.51 A: projpr...@libero.itprojpr...@libero.it Cc: squid-users@squid-cache.org Ogg: Re: [squid-users] R: Re: [squid-users] Squid cache cgi-bin projpr...@libero.it wrote: Hi, first thanks already for your answer. I´m using squid 3 on SLES 11 server, is working as reverse proxy in front of a web server that takes the role of parent. The configuration works properly for my reverse purpose. just the caching doesn´t work. In order in squid.conf -auth parameter (line 294) -acl (line 627) -cache or no_cache(line 645) -cache_peer_access (line 692) -http_access (line 696) -http_port and cache_peer (ca. line 1138) -hierarchy_stop_list (line 1723) -Refresh_pattern (line 2764) I mainteined the original conf file and in this way I inserted in the right place my instructions. I f there´s any kind of mistake (or obsolete instructions) please tell me. I don´t understand if there´s any kind of instrauction that create a conflict for caching. Thanks in advance I meant the details of those lines. For example the output of: grep -E ^(acl|http_access|cache|no_cache|cache_peer|refresh_pattern) squid.conf Amos Messaggio originale Da: squ...@treenet.co.nz Data: 23-feb-2009 23.38 A: projpr...@libero.itprojpr...@libero.it Cc: squid-users@squid-cache.org Ogg: Re: [squid-users] Squid cache cgi-bin Hi, I have some questions about squid as reverse proxy. The web server I´m accelerating (cache_peer) has dynamic content (cgi- bin). At the beginning I left the default cache refresh values (so for cgi- bin \ / ? has a value 0) and the hierarchy list for cgi-bin and no_cache deny all. Now this pages contain some elements like .gif that I´d like to cash: these elements have not the path
Re: [squid-users] Squid Whitelist Regexp Question.
On 21.02.09 16:18, Brian Carpenter wrote: I am blocking access to .google-analytics. on my home network, but a few sites like songza.com require a google-analytics.com cookie to be set in order to function properly. So my question is this, how do I allow google-analytics.com, but only from a certain domain, such as songza.com or whatever? I have no clue when it comes to regexp. On Tue, Feb 24, 2009 at 8:44 AM, Matus UHLAR - fantomas uh...@fantomas.sk wrote: you must check for referer in allowed domains. On 24.02.09 11:16, Brian Carpenter wrote: That's great, but it doesn't explain how I go about doing it. :) through referer_regex acl matching domains that need working google-analytics acl google_analytics dstdomain .google-analytics.com acl need_google_analytics referer_regex \.example\.com http_access allow google_analytics need_google_analytics http_access deny google-analytics hmmm, maybe it could be simpler with http_access deny google-analytics !need_google_analytics if you allow access elsewhere, and would allow to produce error message for sites that refer to google-analytics and you didn't allow them... -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Silvester Stallone: Father of the RISC concept.
[squid-users] Squid 3.1.0.4 beta is available
* This message has been scanned by IMSS NIT-Silchar Dear All Squid USers/Experts, Let me tell you the fact that I am just monitoring the activites of squid proxy server, though I have not myself made it. I would like to know a few things, if any one of you can kindly let me know what basic things one must look into to make one squid proxy server ? What are the lines that I have to check/modify in squid.conf file ? As of now the current df shows up the following status of the disk space in my proxy server. [r...@facu-pxy /]# df Filesystem 1K-blocks Used Available Use% Mounted on /dev/mapper/PrimaryVol-root 19838052 9958860 8855192 53% / /dev/mapper/PrimaryVol-home 34756272 28916872 4045352 88% /home /dev/mapper/PrimaryVol-var 14855176 13219512868896 94% /var /dev/mapper/PrimaryVol-tmp 4062912139684 3713516 4% /tmp /dev/sda1 101086 34837 61030 37% /boot tmpfs 25342412253412 1% /dev/shm [r...@facu-pxy /]# As you can see the /var shows up 94% utilisation. From my inspection, of the /var partition, I could see that, everything is fine, and the logs are routinely deleted from the system in a particular order as cron jobs. Please let me know. Thanking in advance, jm
[squid-users] How To Make A New Squid proxy server form the existing one...
* This message has been scanned by IMSS NIT-Silchar Dear All Squid Users/Experts, Let me tell you the fact that I am just monitoring the activites of squid proxy server, though I have not myself made it. I would like to know a few things, if any one of you can kindly let me know what basic things one must look into to make one squid proxy server ? What are the lines that I have to check/modify in squid.conf file ? As of now the current df shows up the following status of the disk space in my proxy server. [r...@facu-pxy /]# df Filesystem 1K-blocks Used Available Use% Mounted on /dev/mapper/PrimaryVol-root 19838052 9958860 8855192 53% / /dev/mapper/PrimaryVol-home 34756272 28916872 4045352 88% /home /dev/mapper/PrimaryVol-var 14855176 13219512868896 94% /var /dev/mapper/PrimaryVol-tmp 4062912139684 3713516 4% /tmp /dev/sda1 101086 34837 61030 37% /boot tmpfs 25342412253412 1% /dev/shm [r...@facu-pxy /]# As you can see the /var shows up 94% utilisation. From my inspection, of the /var partition, I could see that, everything is fine, and the logs are routinely deleted from the system in a particular order as cron jobs. Please let me know. Thanking in advance, jm
RE: [squid-users] Squid 3.0 and Active Directory
Hi, Thank for replying I tried to do the change but infortunally it's still not working... any other ideas? Regards, Joseph L. Casale wrote: I have 3 users for my test: Admin (who is member of InternetAccess) User1 (who is a domain account but not member of InternetAccess) User2 (who is a local account of my pc-client) /snip The problem appear with user1 who is supposed to don’t have an access to internet, but after logon on windows he can go through. /snip acl xptest src 10.100.30.0/255.255.255.0 /snip http_access allow xptest Who's xptest? You allowed that whole subnet through? I am not an expert, but I do it like this: auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp --require-membership-of=DOMAIN\\GROUP auth_param ntlm children 5 acl ntlm proxy_auth REQUIRED acl our_networks src 192.168.0.0/24 192.168.2.0/24 http_access allow ntlm our_networks http_access deny all HTH, jlc -- View this message in context: http://www.nabble.com/Squid-3.0-and-Active-Directory-tp22180799p22199795.html Sent from the Squid - Users mailing list archive at Nabble.com.
[squid-users] Squid cache cgi-bin
projpr...@libero.it wrote: Messaggio originale Da: projpr...@libero.it Data: 25-feb-2009 8.46 A: squ...@treenet.co.nz Cc: squid-users@squid-cache.org Ogg: R: Re: [squid-users] R: Re: [squid-users] Squid cache cgi-bin ok i report here what my con file (the only mistake I found is about the coredump_dir that it´s still in windows format): acl all src all acl SSL_ports port 443 acl Safe_ports port 8080# http acl Safe_ports port 443 # https acl CONNECT method CONNECT acl server_sites dstdomain domain.server.org external_acl_type squid_ldap children=50 %LOGIN usr/sbin/squid_ldap_group -R - v 3 -s sub -b dc=dom, dc=org -f ((objectClass=person) (sAMAccountName=%v) (memberOf=cn=%a,ou=one,ou=twon,ou=three,dc=four,dc=five,dc=org)) -d -D cn=... -w x -h another.server.org -p 3268 acl static urlpath_regex .gif .jpg .html acl authorized_one external squid_ldap one acl authorized_two external squid_ldap two acl authorized_three external squid_ldap three acl authorized_four external squid_ldap four acl authorized_five external squid_ldap five acl authorized_six external squid_ldap six acl fly urlpath_regex some part to match in the eddress Not sure what you mean by 'eddress' but a really hope your patterns here actually only try to match the **urlpath_** part of URLs. Not the address or domain, or you will find those patterns don't match. acl password proxy_auth REQUIRED cache allow static default action of 'cache' is to cache everything possible. default action when a test sequence ends in 'allow' is to implicitly follow that with 'deny all' So... the above means ONLY cache files matching the regex pattern .+gif.*|.+jpg.*|.+html.* in its URL-path: either, add cache allow all explicitly, or remove all cache lines. cache_peer_access server allow server_sites cache_peer_access server deny all cache_peer 1xx..x.x.xx parent 81xx 0 no-query originserver name=server This line is supposed to be above the cache_peer_access ones. http_access allow password server_sites authorized_one http_access allow password server_sites authorized_two fly http_access deny all cache_dir ufs /var/cache/squid 100 16 256 100 MB of cache. Is it big enough? refresh_pattern ^ftp: 144020% 10080 refresh_pattern ^gopher:14400% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 20% 4320 acl apache rep_header Server ^Apache snip extra coment area Messaggio originale Da: squ...@treenet.co.nz Data: 25-feb-2009 3.51 A: projpr...@libero.itprojpr...@libero.it Cc: squid-users@squid-cache.org Ogg: Re: [squid-users] R: Re: [squid-users] Squid cache cgi-bin projpr...@libero.it wrote: Hi, first thanks already for your answer. I´m using squid 3 on SLES 11 server, is working as reverse proxy in front of a web server that takes the role of parent. The configuration works properly for my reverse purpose. just the caching doesn´t work. In order in squid.conf -auth parameter (line 294) -acl (line 627) -cache or no_cache(line 645) -cache_peer_access (line 692) -http_access (line 696) -http_port and cache_peer (ca. line 1138) -hierarchy_stop_list (line 1723) -Refresh_pattern (line 2764) I mainteined the original conf file and in this way I inserted in the right place my instructions. I f there´s any kind of mistake (or obsolete instructions) please tell me. I don´t understand if there´s any kind of instrauction that create a conflict for caching. Thanks in advance I meant the details of those lines. For example the output of: grep -E ^(acl|http_access|cache|no_cache|cache_peer|refresh_pattern) squid.conf Amos Messaggio originale Da: squ...@treenet.co.nz Data: 23-feb-2009 23.38 A: projpr...@libero.itprojpr...@libero.it Cc: squid-users@squid-cache.org Ogg: Re: [squid-users] Squid cache cgi-bin Hi, I have some questions about squid as reverse proxy. The web server I´m accelerating (cache_peer) has dynamic content (cgi- bin). At the beginning I left the default cache refresh values (so for cgi- bin \ / ? has a value 0) and the hierarchy list for cgi-bin and no_cache deny all. Now this pages contain some elements like .gif that I´d like to cash: these elements have not the path http://nameserver/cgi-bi/... but a path like http: //nameserver/icons... I tried with a normal ACL elements url_regex .gif .html .jpeg and then cache allow static But it seems squid is not caching nothing!!! Could you give me any kind of advice? Thanks in advance It's a little unclear what config you are having trouble using. The various options you mention above are a mix of current, obsolete, deprecated, and irrelevant. But the use of correct options in the correct order is important for a working Squid. What version are you using? And in the order listed in yoru squid.conf, what lines do you have that start with: cache, no_cache,
Re: [squid-users] How To Make A New Squid proxy server form the existing one...
jm...@nits.ac.in wrote: * This message has been scanned by IMSS NIT-Silchar Dear All Squid Users/Experts, Let me tell you the fact that I am just monitoring the activites of squid proxy server, though I have not myself made it. I would like to know a few things, if any one of you can kindly let me know what basic things one must look into to make one squid proxy server ? http://wiki.squid-cache.org/SquidFaq What are the lines that I have to check/modify in squid.conf file ? see QUICKSTART info file in your install documentation. As of now the current df shows up the following status of the disk space in my proxy server. [r...@facu-pxy /]# df Filesystem 1K-blocks Used Available Use% Mounted on /dev/mapper/PrimaryVol-root 19838052 9958860 8855192 53% / /dev/mapper/PrimaryVol-home 34756272 28916872 4045352 88% /home /dev/mapper/PrimaryVol-var 14855176 13219512868896 94% /var /dev/mapper/PrimaryVol-tmp 4062912139684 3713516 4% /tmp /dev/sda1 101086 34837 61030 37% /boot tmpfs 25342412253412 1% /dev/shm [r...@facu-pxy /]# As you can see the /var shows up 94% utilisation. From my inspection, of the /var partition, I could see that, everything is fine, and the logs are routinely deleted from the system in a particular order as cron jobs. Please let me know. Thanking in advance, jm So whats the problem? Amos -- Please be using Current Stable Squid 2.7.STABLE6 or 3.0.STABLE13 Current Beta Squid 3.1.0.5
Re: [squid-users] How To Make A New Squid proxy server form the existing one...
Can you put your question in short . What exactly you are looking for Sent from my iPhone On 26-Feb-09, at 1:33 AM, jm...@nits.ac.in wrote: * This message has been scanned by IMSS NIT-Silchar Dear All Squid Users/Experts, Let me tell you the fact that I am just monitoring the activites of squid proxy server, though I have not myself made it. I would like to know a few things, if any one of you can kindly let me know what basic things one must look into to make one squid proxy server ? What are the lines that I have to check/modify in squid.conf file ? As of now the current df shows up the following status of the disk space in my proxy server. [r...@facu-pxy /]# df Filesystem 1K-blocks Used Available Use% Mounted on /dev/mapper/PrimaryVol-root 19838052 9958860 8855192 53% / /dev/mapper/PrimaryVol-home 34756272 28916872 4045352 88% /home /dev/mapper/PrimaryVol-var 14855176 13219512868896 94% /var /dev/mapper/PrimaryVol-tmp 4062912139684 3713516 4% /tmp /dev/sda1 101086 34837 61030 37% /boot tmpfs 25342412253412 1% /dev/shm [r...@facu-pxy /]# As you can see the /var shows up 94% utilisation. From my inspection, of the /var partition, I could see that, everything is fine, and the logs are routinely deleted from the system in a particular order as cron jobs. Please let me know. Thanking in advance, jm
RE: [squid-users] Squid 3.0 and Active Directory
any other ideas? Well your problem should be the simplest to diagnose. Does User1's pc have direct access to the internet? Is his proxy setting configured correctly? Is his ip in the 10.100.30.0/255.255.255.0 network? I still think your acl's aren't right, you deny localhost then allow *after*? Check the wiki, or pull an rpm/src down and start with a default config and start modifying from there. jlc
[squid-users] R: [squid-users] Squid cache cgi-bin
Amos, thanks for your revise... Eventually some lines could be placed in above. Just, exactely as you analyzed all that I wanna is that squid caches ONLY . gif .jpeg and html, cause all the rest is dynamic written in perl.The query and the Acl work perfectly, same perfect job is making squid in retriving the page from my server. Unfortunately it looks like squid ignore that in the configuration I told to cache only picture and html, so is caching NOTHING and continue for each little elements to make a tcp-miss---first up parent. I cannot see so clearly why it should not cache the objects I meant. Thanks in advance Messaggio originale Da: squ...@treenet.co.nz Data: 25-feb-2009 11.34 A: projpr...@libero.itprojpr...@libero.it Cc: squid-users@squid-cache.org Ogg: [squid-users] Squid cache cgi-bin projpr...@libero.it wrote: Messaggio originale Da: projpr...@libero.it Data: 25-feb-2009 8.46 A: squ...@treenet.co.nz Cc: squid-users@squid-cache.org Ogg: R: Re: [squid-users] R: Re: [squid-users] Squid cache cgi-bin ok i report here what my con file (the only mistake I found is about the coredump_dir that it´s still in windows format): acl all src all acl SSL_ports port 443 acl Safe_ports port 8080# http acl Safe_ports port 443 # https acl CONNECT method CONNECT acl server_sites dstdomain domain.server.org external_acl_type squid_ldap children=50 %LOGIN usr/sbin/squid_ldap_group -R - v 3 -s sub -b dc=dom, dc=org -f ((objectClass=person) (sAMAccountName=%v) (memberOf=cn=%a,ou=one,ou=twon,ou=three,dc=four,dc=five,dc=org)) -d -D cn=... -w x -h another.server.org -p 3268 acl static urlpath_regex .gif .jpg .html acl authorized_one external squid_ldap one acl authorized_two external squid_ldap two acl authorized_three external squid_ldap three acl authorized_four external squid_ldap four acl authorized_five external squid_ldap five acl authorized_six external squid_ldap six acl fly urlpath_regex some part to match in the eddress Not sure what you mean by 'eddress' but a really hope your patterns here actually only try to match the **urlpath_** part of URLs. Not the address or domain, or you will find those patterns don't match. acl password proxy_auth REQUIRED cache allow static default action of 'cache' is to cache everything possible. default action when a test sequence ends in 'allow' is to implicitly follow that with 'deny all' So... the above means ONLY cache files matching the regex pattern .+gif.*|.+jpg.*|.+html.* in its URL-path: either, add cache allow all explicitly, or remove all cache lines. cache_peer_access server allow server_sites cache_peer_access server deny all cache_peer 1xx..x.x.xx parent 81xx 0 no-query originserver name=server This line is supposed to be above the cache_peer_access ones. http_access allow password server_sites authorized_one http_access allow password server_sites authorized_two fly http_access deny all cache_dir ufs /var/cache/squid 100 16 256 100 MB of cache. Is it big enough? refresh_pattern ^ftp: 144020% 10080 refresh_pattern ^gopher:14400% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 20% 4320 acl apache rep_header Server ^Apache snip extra coment area Messaggio originale Da: squ...@treenet.co.nz Data: 25-feb-2009 3.51 A: projpr...@libero.itprojpr...@libero.it Cc: squid-users@squid-cache.org Ogg: Re: [squid-users] R: Re: [squid-users] Squid cache cgi-bin projpr...@libero.it wrote: Hi, first thanks already for your answer. I´m using squid 3 on SLES 11 server, is working as reverse proxy in front of a web server that takes the role of parent. The configuration works properly for my reverse purpose. just the caching doesn´t work. In order in squid.conf -auth parameter (line 294) -acl (line 627) -cache or no_cache(line 645) -cache_peer_access (line 692) -http_access (line 696) -http_port and cache_peer (ca. line 1138) -hierarchy_stop_list (line 1723) -Refresh_pattern (line 2764) I mainteined the original conf file and in this way I inserted in the right place my instructions. I f there´s any kind of mistake (or obsolete instructions) please tell me. I don´t understand if there´s any kind of instrauction that create a conflict for caching. Thanks in advance I meant the details of those lines. For example the output of: grep -E ^(acl|http_access|cache|no_cache|cache_peer|refresh_pattern) squid. conf Amos Messaggio originale Da: squ...@treenet.co.nz Data: 23-feb-2009 23.38 A: projpr...@libero.itprojpr...@libero.it Cc: squid-users@squid-cache.org Ogg: Re: [squid-users] Squid cache cgi-bin Hi, I have some questions about squid as reverse proxy. The web server I´m accelerating (cache_peer) has dynamic content (cgi- bin). At the beginning I left the default cache
Re: [squid-users] vary_ignore_expire on
thx, but this warning: WARNING: This may eventually cause some varying objects not intended for caching to get cached. is if is to off or on? Piotr On Wed, Feb 25, 2009 at 3:55 AM, Amos Jeffries squ...@treenet.co.nz wrote: squid proxy wrote: hi could someone explain pls what vary_ignore_expire on exactly means? how is your squid configured? Piotr http://www.squid-cache.org/Doc/config/vary_ignore_expire/ WARNING: This is an HTTP violation. Use at your own peril. Amos -- Please be using Current Stable Squid 2.7.STABLE6 or 3.0.STABLE13 Current Beta Squid 3.1.0.5
[squid-users] different headers for HTTP/407 answers in 2.7.STABLE6 and 3.0.STABLE9 confuses a commercial software
Hi, we have a commercial software, which provides the credentials to the squid proxy, when we run the 3.0.STABLE9, but doesn't, when we run 2.7.STABLE6. When we run 2.7.STABLE6, the client does the requests without credentials, even when squid answers with 407 HTTP code. the only difference I see are different header entries in the answer from squid like Mime-Version, Proxy-Connection and Via: 3.0.STABLE9: HTTP/1.0 407 Proxy Authentication Required Server: squid Mime-Version: 1.0 Date: Wed, 25 Feb 2009 15:15:20 GMT Content-Type: text/html Content-Length: 2021 Expires: Wed, 25 Feb 2009 15:15:20 GMT X-Squid-Error: ERR_CACHE_ACCESS_DENIED 0 Proxy-Authenticate: Basic realm=Proxy-Server X-Cache: MISS from FQDN Via: 1.0 FQDN (squid) Proxy-Connection: close 2.7.STABLE6: HTTP/1.0 407 Proxy Authentication Required Server: squid Date: Wed, 25 Feb 2009 15:16:04 GMT Content-Type: text/html Content-Length: 2048 X-Squid-Error: ERR_CACHE_ACCESS_DENIED 0 Proxy-Authenticate: Basic realm=Proxy-Server X-Cache: MISS from FQDN Via: 1.0 FQDN:8080 (squid) Connection: close so it is possible to configure 2.7.STABLE6 that it returns the same heades like 3.0.STABLE9 does ? Thank you very much. -- Gruß Dieter -- I do not get viruses because I do not use MS software. If you use Outlook then please do not put my email address in your address-book so that WHEN you get a virus it won't use my address in the From field. pgprI3O4723BJ.pgp Description: PGP signature
Re: [squid-users] How To Make A New Squid proxy server form the existing one...
try out webmin and install squid rpm instead of binary code that way it will be very easy for you . On Wed, Feb 25, 2009 at 4:05 PM, Amos Jeffries squ...@treenet.co.nz wrote: jm...@nits.ac.in wrote: * This message has been scanned by IMSS NIT-Silchar Dear All Squid Users/Experts, Let me tell you the fact that I am just monitoring the activites of squid proxy server, though I have not myself made it. I would like to know a few things, if any one of you can kindly let me know what basic things one must look into to make one squid proxy server ? http://wiki.squid-cache.org/SquidFaq What are the lines that I have to check/modify in squid.conf file ? see QUICKSTART info file in your install documentation. As of now the current df shows up the following status of the disk space in my proxy server. [r...@facu-pxy /]# df Filesystem 1K-blocks Used Available Use% Mounted on /dev/mapper/PrimaryVol-root 19838052 9958860 8855192 53% / /dev/mapper/PrimaryVol-home 34756272 28916872 4045352 88% /home /dev/mapper/PrimaryVol-var 14855176 13219512 868896 94% /var /dev/mapper/PrimaryVol-tmp 4062912 139684 3713516 4% /tmp /dev/sda1 101086 34837 61030 37% /boot tmpfs 253424 12 253412 1% /dev/shm [r...@facu-pxy /]# As you can see the /var shows up 94% utilisation. From my inspection, of the /var partition, I could see that, everything is fine, and the logs are routinely deleted from the system in a particular order as cron jobs. Please let me know. Thanking in advance, jm So whats the problem? Amos -- Please be using Current Stable Squid 2.7.STABLE6 or 3.0.STABLE13 Current Beta Squid 3.1.0.5
[squid-users] SSL Support
Hello, I'm trying to figure out how to install a NetSol's SSL Certificate over Squid 2.5. The SSL access works fine, but at every first access it shows the error message sec_error_unknown_issuer. Any ideas? Thank you, Roberto.
[squid-users] Invalid URL on login.yahoo.com redirect
I've been going at this problem for a couple days now, and really haven't made any progress. We're using Squid as a non-authenticated, non-transparent proxy, which is working well for the most part. I've found a fix I think, which is being tested now, but I can't explain why the fix works (if it really does). For whatever reason, the squid.conf had http_port 80 and 443 configured, which SSL being directed to the latter (for no good reason, really). If I use any port other than 443, everything seems to work fine. Does anyone have a clue as to why 443 during Yahoo login gives an invalid URL error? This particular issue comes up under the following conditions: 1. User is using IE7 or IE8. 2. User comes from a ca.yahoo.com (Canadian) page. 3. User goes to sign in, and gets sent to the standard login.yahoo.compage with a redirect variable. 4. User hits submit and completes login. 5. During the redirect back to ca.yahoo.com, user receives The requested URL /, is invalid. Of course, this all happens over SSL, so nothing other than CONNECT appears in the logs. And if I through an man-in-the-middle proxy (Fiddler2, Webscarab, etc.), it works fine. Packet sniffing doesn't show anything of interest either. The access log shows: CONNECT login.yahoo.com:443 CONNECT a248.e.akamai.net:443 error message in browser long pause CONNECT a248.e.akamai.net:443 What happens immediately afterwards in a working connection is: GET http://ca.yahoo.com/ Thanks, Andre
[squid-users] Two Squid with common cache
I was looking whether it would be possible or not . On a single server if i install squid at two diff location however i would like the cache_dir to be common between the 2 squid is this possible to it will have problem .
Re: [squid-users] Two Squid with common cache
Shekhar Gupta wrote: I was looking whether it would be possible or not . On a single server if i install squid at two diff location however i would like the cache_dir to be common between the 2 squid is this possible to it will have problem . Not possible with any current squid. The cache_dir is only a part of the cached data. Much is volatile and held in memory of the running process. Amos -- Please be using Current Stable Squid 2.7.STABLE6 or 3.0.STABLE13 Current Beta Squid 3.1.0.5
Re: [squid-users] vary_ignore_expire on
squid proxy wrote: thx, but this warning: WARNING: This may eventually cause some varying objects not intended for caching to get cached. is if is to off or on? If its turned ON the warning applies. Recommended (Default) usage is OFF. Amos On Wed, Feb 25, 2009 at 3:55 AM, Amos Jeffries squ...@treenet.co.nz wrote: squid proxy wrote: hi could someone explain pls what vary_ignore_expire on exactly means? how is your squid configured? Piotr http://www.squid-cache.org/Doc/config/vary_ignore_expire/ WARNING: This is an HTTP violation. Use at your own peril. Amos -- Please be using Current Stable Squid 2.7.STABLE6 or 3.0.STABLE13 Current Beta Squid 3.1.0.5 -- Please be using Current Stable Squid 2.7.STABLE6 or 3.0.STABLE13 Current Beta Squid 3.1.0.5
Re: [squid-users] vary_ignore_expire on
thx a lot Piotr On Thu, Feb 26, 2009 at 1:21 AM, Amos Jeffries squ...@treenet.co.nz wrote: squid proxy wrote: thx, but this warning: WARNING: This may eventually cause some varying objects not intended for caching to get cached. is if is to off or on? If its turned ON the warning applies. Recommended (Default) usage is OFF. Amos On Wed, Feb 25, 2009 at 3:55 AM, Amos Jeffries squ...@treenet.co.nz wrote: squid proxy wrote: hi could someone explain pls what vary_ignore_expire on exactly means? how is your squid configured? Piotr http://www.squid-cache.org/Doc/config/vary_ignore_expire/ WARNING: This is an HTTP violation. Use at your own peril. Amos -- Please be using Current Stable Squid 2.7.STABLE6 or 3.0.STABLE13 Current Beta Squid 3.1.0.5 -- Please be using Current Stable Squid 2.7.STABLE6 or 3.0.STABLE13 Current Beta Squid 3.1.0.5
Re: [squid-users] Squid Crashes when cache dir fills
Amos Jeffries wrote: Wilson Hernandez - MSD, S. A. wrote: I have cache_dir ufs /var/log/squid 6 255 255 with a 80GB harddrive. So its probably not the cache dir filling up then. It will be something else causing the system to use more than 20 GB for other stuff. Logs or journaling maybe? Are they all rotating regularly? I don't think so. But, I'll keep that in mind. One other thing. As of late, the cache has stopped working without giving me any clue of why it did. I reviewed the cache.log file but can't figure out why is crashing. Where else can I look for clues of why is crashing?
Re: [squid-users] Two Squid with common cache
Amos Jeffries escreveu: Shekhar Gupta wrote: I was looking whether it would be possible or not . On a single server if i install squid at two diff location however i would like the cache_dir to be common between the 2 squid is this possible to it will have problem . Not possible with any current squid. The cache_dir is only a part of the cached data. Much is volatile and held in memory of the running process. anyway, with probably some minor config tweaking, you could have your second squid instance running with null cache_dir and parent it to the first squid instance. it wouldnt be exactly '2 squid running on the same cache_dir', but would give you the hit gains and disk space saving you're looking for. -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertru...@solutti.com.br My SPAMTRAP, do not email it
[squid-users] Delay pool aggregate is very large negative number on upload
Hello List! We have a simple scenario with a transparent squid proxy and two delay pools, one unlimited and one limited. When a user in the limited delay pool uploads a large file (say via Gmail) his Individual-Current pool becomes a large negative number, and so does the Aggregate-Current pool. This behaviour is highly offensive, since browsing freezes for all users, until the delay pool Aggregate becomes positive again. Squid Conf - delay_pools 2 delay_class 1 2 delay_parameters 1 -1/-1 -1/-1 acl bpool-1 src /etc/squid/bpools/bpool-1 delay_access 1 allow bpool-1 delay_access 1 deny all delay_class 2 2 delay_parameters 2 64000/256000 32000/64000 delay_access 2 allow all Please let me know what information I can provide to figure this out. It's pretty easy to reproduce for us. We are also ready to test any patch (we use Ubuntu Hardy, Squid Cache: Version 3.0.STABLE7-1 - the latest available in Hardy). Thanks, Prasanna. -- Want to manage multiple office networks? Want to securely connect all your locations? Want to do it in a budget? www.elinanetworks.com
RE: [squid-users] Squid Crashes when cache dir fills
I have cache_dir ufs /var/log/squid 6 255 255 with a 80GB harddrive. - ufs is an old store system, aufs will probably give you better performance. - How is the inode usage on the disk? - The disksize is irrelevant, the partition size of the partition where /var/log/squid resides is relevant. If that partition is only 10G, then this cache won't work. Joost
[squid-users] connecting to gmail via imap over squid
I'm using squid3.0 as our proxy server to serve the internet users, which is working fine. Now I want users to access IMAP(say gmail on imap) over my proxy. Can anyone let me know, How do I do this? Is there any way I can do it with squid? Is there any other way? So far what I've read on google is, as squid is an http proxy, it only supports http/ftp protocol. not fully for even https. Is there any other way to proxy remaining protocols like imap/imap4/pop3/smtp ~~ Sameer Shinde. M:- +91 98204 61580 Millions saw the apple fall, but Newton was the one who asked why.
[squid-users] How To Make The Squid Proxy Server..............
* This message has been scanned by IMSS NIT-Silchar Dear All Squid Users/Experts, Given an installed systems with fedora-linux os, how to proceed to make squid proxy server ? Let me tell you the fact that I am just monitoring the activites of squid proxy server, though I have not myself made it. I would like to know a few things, if any one of you can kindly let me know what basic things one must look into to make one squid proxy server ? What are the lines that I have to check/modify in squid.conf file ? As of now the current df shows up the following status of the disk space in my proxy server. [r...@facu-pxy /]# df Filesystem 1K-blocks Used Available Use% Mounted on /dev/mapper/PrimaryVol-root 19838052 9958860 8855192 53% / /dev/mapper/PrimaryVol-home 34756272 28916872 4045352 88% /home /dev/mapper/PrimaryVol-var 14855176 13219512868896 94% /var /dev/mapper/PrimaryVol-tmp 4062912139684 3713516 4% /tmp /dev/sda1 101086 34837 61030 37% /boot tmpfs 25342412253412 1% /dev/shm [r...@facu-pxy /]# As you can see the /var shows up 94% utilisation. From my inspection, of the /var partition, I could see that, everything is fine, and the logs are routinely deleted from the system in a particular order as cron jobs. Please let me know. Thanking in advance, jm