Re: [squid-users] Re: [dansguardian] Re: DG without Squid
RSCL Mumbai wrote: My recommendation is to get your routing issue (different source IPs to different ISPs) working first, and only then implement some kind of filtering. It's nice to plan ahead to try to ensure the solution to one problem doesn't interfere with the solution to the other problem. But don't fall into the trap of thinking there must be just one solution to the two separate problems (or even that the two solutions have anything to do with each other, which they may not). Hi, Without DG Squid, IPRoute2 rules work great in routing requests via specific gateways based on SRC IP (client pc ip). The moment, squid is implemented, the rules stop to work. When I say the rules stop to work, what I mean is -- all requests are routed via the default g/w. On analyzing, it was found that the SRC IP of the packes was always 127.0.0.1. In this given context, do you think there is any tweak in getting client PC (SRC IP) based routing via multiple ISPs Thanks for your inputs. Best regards, Vai tcp_outgoing_address or tcp_outgoing_tos set based on myip ACL or whatever. With matching routing rules to pass the packets as you please. Amos -- Please be using Current Stable Squid 2.7.STABLE6 or 3.0.STABLE15 Current Beta Squid 3.1.0.8 or 3.0.STABLE16-RC1
Re: [squid-users] Strange problem whit my Squid
rey.manic wrote: Hello all, I have configure a squid at ubuntu, for 3 or 4 days it works perfect, but after that it dont work any more, it give many errors at the log file ie: TCP_MISS/504 TCP_MISS/302 and others but I discover that if I make a request to the squit proxy using IP and not the domain name it works so if I need to navigate on google.com the squit don’t work, but the google IP are 74.125.45.100 (one of them) if I put http://74.125.45.100 it works, I like to know why this is happening, what can be wrong at my squid.conf file ?. thanks for any help in advance DNS appears broken. Squid is unable to resolve the name to find an IP. Without seeing your config we can't answer the second question. Check your system /etc/resolv.conf contains a usable DNS nameserver XX entry, Squid will use those by default. If resolv.conf is correct remove any dns_nameservers setting from squid.conf. If you have added that with wrong values it will break DNS. Amos -- Please be using Current Stable Squid 2.7.STABLE6 or 3.0.STABLE15 Current Beta Squid 3.1.0.8 or 3.0.STABLE16-RC1
Re: [squid-users] Help needed setting up ssl proxy
Magnus Moraberg wrote: Hi, I wish to set up a proxy server where the clients' browser will be configured to use this proxy for both http and https. Some of the clients are behind a firewall which prohibits ports other than 80 and 443. I have managed to create a http proxy server by setting http_port to 80 instead of 3128. The rest of my conf file is the same as the default except for some acl statements to permit certain network groups. Now I wish for my clients to be also able able to use ssl/https, but I'm not sure how squid should be configured to do this. Would it suffice to simply configure the ssl proxy for each client browser to also connect to the squid proxy server on port 80? I see that the conf file has a number of safe ports included, including 443. Therefore, I'm guessing it should work without me changing anything in my conf file. Yes, Squid is already configured for this via the default CONNECT method rules. Set the users browsers to same proxy settings for HTTP ans HTTPS. If this is correct, is the connection secure from between the client and the proxy also? Yes, sort of. The place and port the client is trying to connect to are known, and sometimes some other basic headers. But the rest is encrypted. Amos -- Please be using Current Stable Squid 2.7.STABLE6 or 3.0.STABLE15 Current Beta Squid 3.1.0.8 or 3.0.STABLE16-RC1
Re: [squid-users] Help needed setting up ssl proxy
Thanks for the reply. Here's my situation - Web/SSL Mail server on ports 80 and 443 in Sweden--network cloudfirewallMy Squid Server in Finland / Gateway---firewallnetwork cloud--Client networks in Sweden and Finland. The gateway machine hosting squid is the only connection point between the Web server and my clients. The client, the squid server, and the http/https servers are all in different networks. There are no private network addresses involved. So I need SSL between the clients and squid and between the web/mail server and squid. Is this possible with squid or must I use port forwarding on port 443 on the squid gateway? Thanks again, Magnus On Sun, May 24, 2009 at 5:43 AM, Jeff Pang pa...@arcor.de wrote: Magnus Moraberg: Now I wish for my clients to be also able able to use ssl/https, but I'm not sure how squid should be configured to do this. Do you mean in a reverse-proxy environment? If so,try something like: https_port 443 accel vhost cert=/usr/local/squid/etc/ssl/server.crt key=/usr/local/squid/etc/ssl/server.key cache_peer 1.2.3.4 parent 80 0 no-query front-end-https=auto originserver name=PEER1 acl service1 dstdomain www.ab.com cache_peer_access PEER1 allow service1 acl Safe_ports port 80 443 http_access allow service1 http_reply_access allow all see also: http://wiki.squid-cache.org/SquidFaq/ReverseProxy If you're not in a reverse-proxy, squid most probably is in the network as the clients themselves. Then the SSL transmission from clients to Squid is unmeaning, just bypass them. -- Jeff Pang DingTong Technology www.dtonenetworks.com
[squid-users] The cache_dir size limit
Hi all, Is there any limit of cache_dir size? Or could you tell us the maximum cache_dir size of your squid instance? I'm using win32 version of squid 2.7 STABLE6 (see http://squid.acmeconsulting.it/) and I'd like to know its capacity of cache management. -- Hua
Re: [squid-users] squid_ldap_group group names cannot have spaces?
Hi, At 04.04 23/05/2009, Amos Jeffries wrote: Justin Yaple wrote: Hello, I have been working on getting my first squid proxy server up, and its been going slow, but good. I got LDAP authentication working, and then group authentication working also. The only problem I found is that a LDAP group with spaces in the name does not work. I have ready online that you should use single quotes to specify group names with spaces but it still does not work. My group name is like G SG GroupName, and if I use 'G SG GroupName' when I try to start squid it returns strtokFile: G not found. I have also tried to escapel the space using \. Doing that I could get squid to start without any error, but the login would not work. Anything I can do to get this working with the spaces? This was my guide to getting it setup. http://www.papercut.com/kb/Main/ConfiguringSquidProxyToAuthenticateWithActiveDirectory Not easily. \ indicates reading from a file as you noticed. Squid-2 has not natural support for character escaping. Squid-3 contains a token function for this which is not always used despite places like this where it should be. Patches to make 3.HEAD use it routinely are very welcome. There is a trick for Windows native helpers, it should apply also to LDAP. From the readme of mswin_check_ad_group: Groups with spaces in name, for example Domain Users, must be quoted and the acl data (Domain Users) must be placed into a separate file included by specifying /path/to/file. The previous example will be: acl ProxyUsers external NT_global_group /usr/local/squid/etc/DomainUsers and the DomainUsers files will contain only the following line: Domain Users Hoping that it works with LDAP quoting. Regards Guido Amos -- Please be using Current Stable Squid 2.7.STABLE6 or 3.0.STABLE15 Current Beta Squid 3.1.0.7 - Guido Serassio Acme Consulting S.r.l. - Microsoft Certified Partner Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY Tel. : +39.011.9530135 Fax. : +39.011.9781115 Email: guido.seras...@acmeconsulting.it WWW: http://www.acmeconsulting.it/
Re: [squid-users] Caching Video Content
Thank you for your answers, I have not understood your statement of Squid-2 has 4KB buffers to store objects, so the larger ones have some issues doing read seeks Could you please emphasize on this? Thank you, Dror On Thu, May 21, 2009 at 6:26 AM, Amos Jeffries squ...@treenet.co.nz wrote: Hi, I am considering implementing Squid as my web cache for Video streams (YouTube etc). I am going to configure Squid over SAN centralized storage. I am aware of the additional plug-in required to normalize YouTube URL's. I have few questions: 1) Are there any example installations of Squid as Video oriented cache server? I'm not aware of anything published. 2) If I implement Squid peering (either digest or ICAP), how does I think you mean: CARP. ICAP is a filtering or adaptation method. Squid solves popular object problem, when one cache within the cluster serves the most popular movie. As far as I understand, in this case all requests for that movie would be served from one particular server; this will cause overloading of that server. The versions of Squid-2 which have the storeurl features for normalizing you-tube requests also contain collapsed_forwarding which damps this type of overload down a lot. Squid efficiency rises enormously under this type of hot-object scenario up to close around 100% on the single object. Note this occurs at BOTH levels of the squid mesh, receiving and source Squids doing effective multicast for HTTP. This is one reason CDN people love Squid so much. 3) Are there any limitations / recommendations for maximal storage size that has many separate physical disks? No more than one cache_dir per disk. Squid can easily handle up to 63 cache_dir entries and thus disks. Beyond that certain types of RAID do actually start to be useful. 4) Are there any limitations regarding maximal cached object size? Squid-2 has 4KB buffers to store objects, so the larger ones have some issues doing read seeks. I forget what the limits were. Amos -- Dror Galron
Re: [squid-users] Caching Video Content
Hi! On 5/21/09, Dror Galron dror.gal...@gmail.com wrote: Hi, I am considering implementing Squid as my web cache for Video streams (YouTube etc). I am going to configure Squid over SAN centralized storage. I am aware of the additional plug-in required to normalize YouTube URL's. I think you mean this one: http://cachevideos.com/ , right? I have few questions: 1) Are there any example installations of Squid as Video oriented cache server? 2) If I implement Squid peering (either digest or ICAP), how does Squid solves popular object problem, when one cache within the cluster serves the most popular movie. As far as I understand, in this case all requests for that movie would be served from one particular server; this will cause overloading of that server. 3) Are there any limitations / recommendations for maximal storage size that has many separate physical disks? 4) Are there any limitations regarding maximal cached object size? Thank you, Dror
RE: [squid-users] Load average problem
Squid 3 Low connection load. Only my laptop Dualcore, 4gb, 1tb __ Max Sent from iPhone -Original Message- From: Amos Jeffries [mailto:squ...@treenet.co.nz] Sent: May-22-09 10:20 PM To: Maxime Gaudreault Cc: squid-users@squid-cache.org Subject: Re: [squid-users] Load average problem Maxime Gaudreault wrote: Hi list, I have a squid+squidguard server. When I make some changes on my custom blacklist I run these commands: /usr/bin/squidGuard -c /etc/squid3/squidGuard.conf.local -C all /bin/chown -R proxy:proxy /var/lib/squidguard/db /usr/sbin/squid3 -k reconfigure To apply the changes. My problem is that load average gets very high during a long time. The faulty command is the last one: /usr/sbin/squid3 -k reconfigure Here is the timeline: I run /usr/sbin/squid3 -k reconfigure After 50secs load average is 5 After 1m23 load average is 9.5 After 2m00 load average is 12 After 2m55 load average is 14 After 3m40 14.90 (peak) It starts to get down 4m30sec later After 4m55 load average is 12.2 After 5m35 load average is 10.45 After 5m45 load average is 8.85 After 6m00 load average is 6.89 After 6m30 load average is 4.17 After 7m00 load average is 2.53 After 7m30 load average is 1.53 After 8m00 load average is 0.93 It takes 8 minutes before the load average gets back to 0. During this time, CPU is not always 100%. Most of the time it's 0-10% with some peak. I can't browse during these 8 minutes. Can someone help me ? What squid version? Under what normal connection load? with what configuration? Amos -- Please be using Current Stable Squid 2.7.STABLE6 or 3.0.STABLE15 Current Beta Squid 3.1.0.7
RE: [squid-users] Strange problem whit my Squid
What's in your /etc/resolv.conf file ? What's the result if you ping google.com from the squid server ? -Original Message- From: rey.manic [mailto:rey.ma...@gmail.com] Sent: May-23-09 11:40 PM To: squid-users@squid-cache.org Subject: [squid-users] Strange problem whit my Squid Hello all, I have configure a squid at ubuntu, for 3 or 4 days it works perfect, but after that it dont work any more, it give many errors at the log file ie: TCP_MISS/504 TCP_MISS/302 and others but I discover that if I make a request to the squit proxy using IP and not the domain name it works so if I need to navigate on google.com the squit don’t work, but the google IP are 74.125.45.100 (one of them) if I put http://74.125.45.100 it works, I like to know why this is happening, what can be wrong at my squid.conf file ?. thanks for any help in advance -- View this message in context: http://www.nabble.com/Strange-problem-whit-my-Squid-tp23690376p23690376.html Sent from the Squid - Users mailing list archive at Nabble.com.
Re: [squid-users] Caching Video Content
As explained to me, the issue is that retrieving successive 4K blocks of an object in memory takes non-linear amounts of CPU time - it takes X cycles to retrieve the first 4K, but 2*X to retrieve the second 4K, 3*X to retrieve the third 4K, etc. etc. -C On May 24, 2009, at 12:19 PM, Dror Galron wrote: Thank you for your answers, I have not understood your statement of Squid-2 has 4KB buffers to store objects, so the larger ones have some issues doing read seeks Could you please emphasize on this? Thank you, Dror On Thu, May 21, 2009 at 6:26 AM, Amos Jeffries squ...@treenet.co.nz wrote: Hi, I am considering implementing Squid as my web cache for Video streams (YouTube etc). I am going to configure Squid over SAN centralized storage. I am aware of the additional plug-in required to normalize YouTube URL's. I have few questions: 1) Are there any example installations of Squid as Video oriented cache server? I'm not aware of anything published. 2) If I implement Squid peering (either digest or ICAP), how does I think you mean: CARP. ICAP is a filtering or adaptation method. Squid solves popular object problem, when one cache within the cluster serves the most popular movie. As far as I understand, in this case all requests for that movie would be served from one particular server; this will cause overloading of that server. The versions of Squid-2 which have the storeurl features for normalizing you-tube requests also contain collapsed_forwarding which damps this type of overload down a lot. Squid efficiency rises enormously under this type of hot-object scenario up to close around 100% on the single object. Note this occurs at BOTH levels of the squid mesh, receiving and source Squids doing effective multicast for HTTP. This is one reason CDN people love Squid so much. 3) Are there any limitations / recommendations for maximal storage size that has many separate physical disks? No more than one cache_dir per disk. Squid can easily handle up to 63 cache_dir entries and thus disks. Beyond that certain types of RAID do actually start to be useful. 4) Are there any limitations regarding maximal cached object size? Squid-2 has 4KB buffers to store objects, so the larger ones have some issues doing read seeks. I forget what the limits were. Amos -- Dror Galron
Re: [squid-users] Strange problem whit my Squid SOLVED !!!
I have't set up any DNS IP server at squid.conf file so that's the problem now is working perfect I just add correct IP of my DNS servers and works. -- View this message in context: http://www.nabble.com/Strange-problem-whit-my-Squid-tp23690376p23700062.html Sent from the Squid - Users mailing list archive at Nabble.com.
Re: [squid-users] Strange problem whit my Squid SOLVED !!!
I have't set up any DNS IP server at squid.conf file so that's the problem now is working perfect I just add correct IP of my DNS servers and works. This is not a full solution. Just a hack to get around the problem. You should find out why its not getting the right values out of the system configs. If its a bad system conf the problem may be affecting other programs than just Squid. Amos
