[squid-users] maximum no. of cache objects in cache directory

[kabindra shrestha]

Hi,

Is there any limitations for maximum number of stored objects in cache per disk.

regards,
Kabindra

RE: [squid-users] next Squid 2.7 release?

[Amos Jeffries]

On Wed, 22 Jul 2009 12:08:45 +0200, Henrik Nordstrom
 wrote:
> tis 2009-07-21 klockan 11:30 -0700 skrev Balaji Ganesan:
> 
>> As per below email, 2.7 STABLE 7 was supposed to support Windows 7.
>> Windows 7 is releasing on October 2009 and we would like to have our
>> product support that as well. To do that, we need Squid to support
>> Windows 7. Can you please tell me when Squid 2.7 STABLE 7 will be
>> released?
> 
> Before the summer is over.
> 
> Regards
> Henrik

Summer? good lord thats a long way off ;)
(looks outside at rain and chilly Antarctic breeze)

Amos

Re: [squid-users] Collapsed Forwarding on Squid 3.0

[Amos Jeffries]

On Wed, 22 Jul 2009 15:32:07 -0400, Jason Spegal 
wrote:
> Is there a patch or way to compile in collapsed forwarding on Squid 3.0?

There is a very old and outdated patch for 3.0 floating around in bugzilla
and devel.squid-cache.org that need a fair bit of re-coding.
If you wish to take on the re-coding and testing necessary to get it
working please feel free to do so. Introduce yourself at squid-dev mailing
list and let everyone now your plans. We over there can help you get setup
and going down the right aproach.

Amos

Re: [squid-users] Bypassing certain IP/Subnet via IPTables

[Amos Jeffries]

On Wed, 22 Jul 2009 10:57:11 -0400, Jamie Orzechowski
 wrote:
> Here is my problem.  All port 80 traffic is being intercepted by the
> iptables configuration and redirecting to squid.
> 
> Some of my users have static IP addresses and host their own
> webservers.  When the Squid box is up and running none of their sites
> are accessible.  If I shut down the squid box everything begins to
> work again .. so it looks like it's my iptables causing the issues
> 
> I tried creating a rule to bypass interception for my local subnets
> but it does not seems to work.  Can someone please have a look and let
> me know what might be wrong?
> 
> Here are the rules.
> 
> /usr/local/sbin/iptables -t mangle -N DIVERT
> /usr/local/sbin/iptables -t mangle -A DIVERT -j MARK --set-mark 1
> /usr/local/sbin/iptables -t mangle -A DIVERT -j ACCEPT
> 
> # Local Subnets
> /usr/local/sbin/iptables -t mangle -A PREROUTING -p tcp -m tcp -i eth1
> --dport 80 -d 66.78.96.0/255.255.255.0 -j ACCEPT
> /usr/local/sbin/iptables -t mangle -A PREROUTING -p tcp -m tcp -i eth1
> --dport 80 -d 66.78.97.0/255.255.255.0 -j ACCEPT
> /usr/local/sbin/iptables -t mangle -A PREROUTING -p tcp -m tcp -i eth1
> --dport 80 -d 66.78.98.0/255.255.255.0 -j ACCEPT
> /usr/local/sbin/iptables -t mangle -A PREROUTING -p tcp -m tcp -i eth1
> --dport 80 -d 66.78.99.0/255.255.255.0 -j ACCEPT
> /usr/local/sbin/iptables -t mangle -A PREROUTING -p tcp -m tcp -i eth1
> --dport 80 -d 66.78.100.0/255.255.255.0 -j ACCEPT
> /usr/local/sbin/iptables -t mangle -A PREROUTING -p tcp -m tcp -i eth1
> --dport 80 -d 66.78.101.0/255.255.255.0 -j ACCEPT
> 
> /usr/local/sbin/iptables -t mangle -A PREROUTING -p tcp -m socket -j
DIVERT
> /usr/local/sbin/iptables -t mangle -A PREROUTING -p tcp --dport 80 -j
> TPROXY --tproxy-mark 0x1/0x1 --on-port 3129 --on-ip 66.78.102.2

Is eth1 actually the external interface where traffic from the Internet is
coming from?

Do you have normal packet forwarding enabled on the squid box? to route the
packets bypassed?

Perhapse you should also add -i eth0 to the TPROXY catch rule to only catch
the internal traffic going out.

Amos

[squid-users] Squid gzip compression

[wh]

Hello.

Has anyone tried the new squid option to compress served pages? I guess 
is called gzip compression with eCAP.

I would like to know how it behaves before giving it a try.

Thanks.

[squid-users] Squid gzip compression

[wh]

Hello.

Has anyone tried the new squid option to compress served pages? I guess
is called gzip compression with eCAP.

I would like to know how it behaves before giving it a try.

Thanks.

Re: [squid-users] squid-3.0.STABLE16

[Amos Jeffries]

On Wed, 22 Jul 2009 10:31:39 -0400, alexus  wrote:
> su-3.2# gmake
> Making all in lib
> gmake[1]: Entering directory `/usr/local/src/squid-3.0.STABLE16/lib'
> Making all in libTrie
> gmake[2]: Entering directory
> `/usr/local/src/squid-3.0.STABLE16/lib/libTrie'
> gmake  all-recursive
> gmake[3]: Entering directory
> `/usr/local/src/squid-3.0.STABLE16/lib/libTrie'
> Making all in src
> gmake[4]: Entering directory
> `/usr/local/src/squid-3.0.STABLE16/lib/libTrie/src'
> gmake[4]: Nothing to be done for `all'.
> gmake[4]: Leaving directory
> `/usr/local/src/squid-3.0.STABLE16/lib/libTrie/src'
> Making all in test
> gmake[4]: Entering directory
> `/usr/local/src/squid-3.0.STABLE16/lib/libTrie/test'
> gmake[4]: Nothing to be done for `all'.
> gmake[4]: Leaving directory
> `/usr/local/src/squid-3.0.STABLE16/lib/libTrie/test'
> gmake[4]: Entering directory
> `/usr/local/src/squid-3.0.STABLE16/lib/libTrie'
> gmake[4]: Nothing to be done for `all-am'.
> gmake[4]: Leaving directory
`/usr/local/src/squid-3.0.STABLE16/lib/libTrie'
> gmake[3]: Leaving directory
`/usr/local/src/squid-3.0.STABLE16/lib/libTrie'
> gmake[2]: Leaving directory
`/usr/local/src/squid-3.0.STABLE16/lib/libTrie'
> gmake[2]: Entering directory `/usr/local/src/squid-3.0.STABLE16/lib'
> gmake[2]: Nothing to be done for `all-am'.
> gmake[2]: Leaving directory `/usr/local/src/squid-3.0.STABLE16/lib'
> gmake[1]: Leaving directory `/usr/local/src/squid-3.0.STABLE16/lib'
> Making all in snmplib
> gmake[1]: Entering directory `/usr/local/src/squid-3.0.STABLE16/snmplib'
> gmake[1]: Nothing to be done for `all'.
> gmake[1]: Leaving directory `/usr/local/src/squid-3.0.STABLE16/snmplib'
> Making all in scripts
> gmake[1]: Entering directory `/usr/local/src/squid-3.0.STABLE16/scripts'
> gmake[1]: Nothing to be done for `all'.
> gmake[1]: Leaving directory `/usr/local/src/squid-3.0.STABLE16/scripts'
> Making all in src
> gmake[1]: Entering directory `/usr/local/src/squid-3.0.STABLE16/src'
> gmake  all-recursive
> gmake[2]: Entering directory `/usr/local/src/squid-3.0.STABLE16/src'
> Making all in fs
> gmake[3]: Entering directory `/usr/local/src/squid-3.0.STABLE16/src/fs'
> gmake[3]: Nothing to be done for `all'.
> gmake[3]: Leaving directory `/usr/local/src/squid-3.0.STABLE16/src/fs'
> Making all in repl
> gmake[3]: Entering directory `/usr/local/src/squid-3.0.STABLE16/src/repl'
> gmake[3]: Nothing to be done for `all'.
> gmake[3]: Leaving directory `/usr/local/src/squid-3.0.STABLE16/src/repl'
> Making all in auth
> gmake[3]: Entering directory `/usr/local/src/squid-3.0.STABLE16/src/auth'
> gmake[3]: Nothing to be done for `all'.
> gmake[3]: Leaving directory `/usr/local/src/squid-3.0.STABLE16/src/auth'
> gmake[3]: Entering directory `/usr/local/src/squid-3.0.STABLE16/src'
> depbase=`echo client_side.o | sed 's|[^/]*$|.deps/&|;s|\.o$||'`;\
>   g++ -DHAVE_CONFIG_H
> -DDEFAULT_CONFIG_FILE=\"/usr/local/squid/etc/squid.conf\" -I.
> -I../include -I. -I. -I../include -I../include
> -I../lib/libTrie/include-Werror -Wall -Wpointer-arith
> -Wwrite-strings -Wcomments  -g -O2 -MT client_side.o -MD -MP -MF
> $depbase.Tpo -c -o client_side.o client_side.cc &&\
>   mv -f $depbase.Tpo $depbase.Po
> cc1plus: warnings being treated as errors
> client_side.cc: In function 'int
> connKeepReadingIncompleteRequest(RefCount&)':
> client_side.cc:2144: warning: comparison between signed and unsigned
> integer expressions
> gmake[3]: *** [client_side.o] Error 1
> gmake[3]: Leaving directory `/usr/local/src/squid-3.0.STABLE16/src'
> gmake[2]: *** [all-recursive] Error 1
> gmake[2]: Leaving directory `/usr/local/src/squid-3.0.STABLE16/src'
> gmake[1]: *** [all] Error 2
> gmake[1]: Leaving directory `/usr/local/src/squid-3.0.STABLE16/src'
> gmake: *** [all-recursive] Error 1
> su-3.2#

http://www.squid-cache.org/Versions/v3/3.0/changesets/b9052.patch

Or the daily snapshot bundle.

Amos

Re: [squid-users] VIGOS eCAP GZIP Adapter 1.1 released

[Constantin Rack]

Am 22.07.2009 um 08:24 schrieb Henrik Nordstrom:


lör 2009-07-18 klockan 03:16 -0700 skrev Elli Albek:

The web serer only gzip static files. We want squid to gzip dynamic  
(from DB) cacheable files.


Are you saying the gzip adapter removes ETag from content which was  
not

modified by the adapter?



The adapter removes ETag header only if the response is modified.
No problem with already compressed content here.

Best Regards,
Constantin

[squid-users] Collapsed Forwarding on Squid 3.0

[Jason Spegal]

Is there a patch or way to compile in collapsed forwarding on Squid 3.0?

Re: [squid-users] Bypass NTLM authentication on regex in URL

[Chris Robertson]

Nickcx wrote:
Hi, 


Great! That looks to have done the trick - I just need to get to grips with
setting up text files for various sites and having a play with various
configurations. Think I can manage that.

One question though: I want to ensure ALL HTTP traffic is directed via the
the parent proxy irrespective of authentication etc and not sent DIRECT -
can I force this (or should I set up a new post)
  


http://wiki.squid-cache.org/SquidFaq/ConfiguringSquid#head-f7c4c667d4154ec5a9619044ef7d8ab94dfda39b


Thanks for you help!

Nick
:handshake:
  


Chris

Re: [squid-users] Bypass NTLM authentication on regex in URL

[Nickcx]

Hi, 

Great! That looks to have done the trick - I just need to get to grips with
setting up text files for various sites and having a play with various
configurations. Think I can manage that.

One question though: I want to ensure ALL HTTP traffic is directed via the
the parent proxy irrespective of authentication etc and not sent DIRECT -
can I force this (or should I set up a new post)

Thanks for you help!

Nick
:handshake:
-- 
View this message in context: 
http://www.nabble.com/Bypass-NTLM-authentication-on-regex-in-URL-tp24604896p2460.html
Sent from the Squid - Users mailing list archive at Nabble.com.

[squid-users] Bypassing certain IP/Subnet via IPTables

[Jamie Orzechowski]

Here is my problem.  All port 80 traffic is being intercepted by the
iptables configuration and redirecting to squid.

Some of my users have static IP addresses and host their own
webservers.  When the Squid box is up and running none of their sites
are accessible.  If I shut down the squid box everything begins to
work again .. so it looks like it's my iptables causing the issues

I tried creating a rule to bypass interception for my local subnets
but it does not seems to work.  Can someone please have a look and let
me know what might be wrong?

Here are the rules.

/usr/local/sbin/iptables -t mangle -N DIVERT
/usr/local/sbin/iptables -t mangle -A DIVERT -j MARK --set-mark 1
/usr/local/sbin/iptables -t mangle -A DIVERT -j ACCEPT

# Local Subnets
/usr/local/sbin/iptables -t mangle -A PREROUTING -p tcp -m tcp -i eth1
--dport 80 -d 66.78.96.0/255.255.255.0 -j ACCEPT
/usr/local/sbin/iptables -t mangle -A PREROUTING -p tcp -m tcp -i eth1
--dport 80 -d 66.78.97.0/255.255.255.0 -j ACCEPT
/usr/local/sbin/iptables -t mangle -A PREROUTING -p tcp -m tcp -i eth1
--dport 80 -d 66.78.98.0/255.255.255.0 -j ACCEPT
/usr/local/sbin/iptables -t mangle -A PREROUTING -p tcp -m tcp -i eth1
--dport 80 -d 66.78.99.0/255.255.255.0 -j ACCEPT
/usr/local/sbin/iptables -t mangle -A PREROUTING -p tcp -m tcp -i eth1
--dport 80 -d 66.78.100.0/255.255.255.0 -j ACCEPT
/usr/local/sbin/iptables -t mangle -A PREROUTING -p tcp -m tcp -i eth1
--dport 80 -d 66.78.101.0/255.255.255.0 -j ACCEPT

/usr/local/sbin/iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT
/usr/local/sbin/iptables -t mangle -A PREROUTING -p tcp --dport 80 -j
TPROXY --tproxy-mark 0x1/0x1 --on-port 3129 --on-ip 66.78.102.2

ip rule add fwmark 1 lookup 100
ip route add local 0.0.0.0/0 dev lo table 100

[squid-users] squid-3.0.STABLE16

[alexus]

su-3.2# gmake
Making all in lib
gmake[1]: Entering directory `/usr/local/src/squid-3.0.STABLE16/lib'
Making all in libTrie
gmake[2]: Entering directory `/usr/local/src/squid-3.0.STABLE16/lib/libTrie'
gmake  all-recursive
gmake[3]: Entering directory `/usr/local/src/squid-3.0.STABLE16/lib/libTrie'
Making all in src
gmake[4]: Entering directory `/usr/local/src/squid-3.0.STABLE16/lib/libTrie/src'
gmake[4]: Nothing to be done for `all'.
gmake[4]: Leaving directory `/usr/local/src/squid-3.0.STABLE16/lib/libTrie/src'
Making all in test
gmake[4]: Entering directory
`/usr/local/src/squid-3.0.STABLE16/lib/libTrie/test'
gmake[4]: Nothing to be done for `all'.
gmake[4]: Leaving directory `/usr/local/src/squid-3.0.STABLE16/lib/libTrie/test'
gmake[4]: Entering directory `/usr/local/src/squid-3.0.STABLE16/lib/libTrie'
gmake[4]: Nothing to be done for `all-am'.
gmake[4]: Leaving directory `/usr/local/src/squid-3.0.STABLE16/lib/libTrie'
gmake[3]: Leaving directory `/usr/local/src/squid-3.0.STABLE16/lib/libTrie'
gmake[2]: Leaving directory `/usr/local/src/squid-3.0.STABLE16/lib/libTrie'
gmake[2]: Entering directory `/usr/local/src/squid-3.0.STABLE16/lib'
gmake[2]: Nothing to be done for `all-am'.
gmake[2]: Leaving directory `/usr/local/src/squid-3.0.STABLE16/lib'
gmake[1]: Leaving directory `/usr/local/src/squid-3.0.STABLE16/lib'
Making all in snmplib
gmake[1]: Entering directory `/usr/local/src/squid-3.0.STABLE16/snmplib'
gmake[1]: Nothing to be done for `all'.
gmake[1]: Leaving directory `/usr/local/src/squid-3.0.STABLE16/snmplib'
Making all in scripts
gmake[1]: Entering directory `/usr/local/src/squid-3.0.STABLE16/scripts'
gmake[1]: Nothing to be done for `all'.
gmake[1]: Leaving directory `/usr/local/src/squid-3.0.STABLE16/scripts'
Making all in src
gmake[1]: Entering directory `/usr/local/src/squid-3.0.STABLE16/src'
gmake  all-recursive
gmake[2]: Entering directory `/usr/local/src/squid-3.0.STABLE16/src'
Making all in fs
gmake[3]: Entering directory `/usr/local/src/squid-3.0.STABLE16/src/fs'
gmake[3]: Nothing to be done for `all'.
gmake[3]: Leaving directory `/usr/local/src/squid-3.0.STABLE16/src/fs'
Making all in repl
gmake[3]: Entering directory `/usr/local/src/squid-3.0.STABLE16/src/repl'
gmake[3]: Nothing to be done for `all'.
gmake[3]: Leaving directory `/usr/local/src/squid-3.0.STABLE16/src/repl'
Making all in auth
gmake[3]: Entering directory `/usr/local/src/squid-3.0.STABLE16/src/auth'
gmake[3]: Nothing to be done for `all'.
gmake[3]: Leaving directory `/usr/local/src/squid-3.0.STABLE16/src/auth'
gmake[3]: Entering directory `/usr/local/src/squid-3.0.STABLE16/src'
depbase=`echo client_side.o | sed 's|[^/]*$|.deps/&|;s|\.o$||'`;\
g++ -DHAVE_CONFIG_H
-DDEFAULT_CONFIG_FILE=\"/usr/local/squid/etc/squid.conf\" -I.
-I../include -I. -I. -I../include -I../include
-I../lib/libTrie/include-Werror -Wall -Wpointer-arith
-Wwrite-strings -Wcomments  -g -O2 -MT client_side.o -MD -MP -MF
$depbase.Tpo -c -o client_side.o client_side.cc &&\
mv -f $depbase.Tpo $depbase.Po
cc1plus: warnings being treated as errors
client_side.cc: In function 'int
connKeepReadingIncompleteRequest(RefCount&)':
client_side.cc:2144: warning: comparison between signed and unsigned
integer expressions
gmake[3]: *** [client_side.o] Error 1
gmake[3]: Leaving directory `/usr/local/src/squid-3.0.STABLE16/src'
gmake[2]: *** [all-recursive] Error 1
gmake[2]: Leaving directory `/usr/local/src/squid-3.0.STABLE16/src'
gmake[1]: *** [all] Error 2
gmake[1]: Leaving directory `/usr/local/src/squid-3.0.STABLE16/src'
gmake: *** [all-recursive] Error 1
su-3.2#


-- 
http://alexus.org/

Re: [squid-users] Opening a second ssh port

[Tech W.]

No, that's unmeaning.
Squid can't proxy for SSH connection.
What you needed is something like iptables to do a NAT for you.


Regards,
Wah..


--- On Wed, 22/7/09, Dayo Adewunmi  wrote:

> From: Dayo Adewunmi 
> Subject: [squid-users] Opening a second ssh port
> To: squid-users@squid-cache.org
> Received: Wednesday, 22 July, 2009, 9:03 PM
> Hi
> 
> I'm trying to give a user on the internet ssh access
> to a machine on my LAN. I want them to be able to
> ssh to my public IP on a port other than the default 22
> and get automatically logged into the lan machine.
> 
> What do I need to do in squid.conf?
> 
> I tried
> 
> acl SSL_ports port 10122
> 
> as well as
> 
> acl Safe_ports port 10122
> 
> but they're both not working.
> 
> Best regards
> 
> Dayo Adewunmi
> 


  

Access Yahoo!7 Mail on your mobile. Anytime. Anywhere.
Show me how: http://au.mobile.yahoo.com/mail

[squid-users] Opening a second ssh port

[Dayo Adewunmi]

Hi

I'm trying to give a user on the internet ssh access
to a machine on my LAN. I want them to be able to
ssh to my public IP on a port other than the default 22
and get automatically logged into the lan machine.

What do I need to do in squid.conf?

I tried

acl SSL_ports port 10122

as well as

acl Safe_ports port 10122

but they're both not working.

Best regards

Dayo Adewunmi

Re: [squid-users] Bypass NTLM authentication on regex in URL

[Henrik Nordstrom]

ons 2009-07-22 klockan 04:54 -0700 skrev Nickcx:
> can give more details on what I see in the logs but basically on the BC and
> ISA I add a rule to bypass authentication if the URL contains '/open/1' or
> http://*:1935/. 

And you can easily do the same in Squid. Just keep your order of
http_access rules right.

acl open1 urlpath_regex ^/open/1
acl port1935 port 1935

http_access allow open1
http_access allow port1935

before where you allow access.


But please DO NOT change the "all" acl from the default src 0.0.0.0/0.
There is several built-in default rules which assumes the suggested
default settting of all and those will behave strangely unless you
override those as well.

insetad use

acl all src 0.0.0.0/0
acl users proxy_auth REQUIRED

or something like that.

> 1248263503.555 13 172.16.0.57 TCP_DENIED/403 1471 POST
> http://92.122.125.63/open/1 - NONE/- text/html

Hmm.. TCP_DENIED/403.. that's "Forbidden", not "Authentication
required"...  MAY be related to your modification of "all".

Regards
Henrik

[squid-users] Bypass NTLM authentication on regex in URL

[Nickcx]

Hi, 

I am new to everything Linux as of 2 days ago and I'd like a bit of guidance
on something.. bear with me, I'm ultra new, but loving it...

My setup so far: 

I'm configuring a 2.6 Squid box forwarding to a parent proxy - OK
I'm using NTLM authentication, with fall back of Basic - OK
I am testing with PCs and Macs visiting bbc.co.uk video (or any other Akamai
serving site)- NOT OK

PC browsers are fine, but my Safari Mac is having problems sending the POST
back to the Akamai server(s) in question. This is not unusual and I've dealt
with this before successfully on other proxies (BlueCoat and MS ISA 2006). I
can give more details on what I see in the logs but basically on the BC and
ISA I add a rule to bypass authentication if the URL contains '/open/1' or
http://*:1935/. 

I just can't get my head around what ACLs and http_access I need to put in!
He's the ACL part of my squid.conf. For simplicity, I'm just trying to allow
un-authenticated access if the URL contains the work 'open' but ideally I'd
like http://*/open/1 and http://*:1935/open/1

==
acl all proxy_auth REQUIRED
acl localhost src 127.0.0.1/255.255.255.255 
acl to_localhost dst 127.0.0.0/8 acl QUERY urlpath_regex cgi-bin \?
acl apache rep_header Server ^Apache
acl SSL_ports port 443
acl Safe_ports port 80  # http
acl Safe_ports port 21  # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70  # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
acl bypass url_regex pattern -i open
http_access allow bypass
http_access allow localhost
http_access allow all
http_reply_access allow all
===

However, my access log still shows:
===
1248263503.555 13 172.16.0.57 TCP_DENIED/403 1471 POST
http://92.122.125.63/open/1 - NONE/- text/html
1248263504.223 19 172.16.0.57 TCP_DENIED/403 1481 POST
http://92.122.125.63:1935/open/1 - NONE/- text/html
1248263513.577 19 172.16.0.57 TCP_DENIED/403 1479 POST
http://92.122.125.63:443/open/1 - NONE/- text/html
==

I know it's the POST part that breaks the whole thing (and have tried POST
in squid to no avail..)

Any and all help and direction would be gratefully received by this n00b

Nickcx


-- 
View this message in context: 
http://www.nabble.com/Bypass-NTLM-authentication-on-regex-in-URL-tp24604896p24604896.html
Sent from the Squid - Users mailing list archive at Nabble.com.

Re: [squid-users] howto block audio/video streaming

[Erwann PENCREACH]

Not a good Idea,

for instance if you block avi You will block all avi file but also all 
site with url containing navigon, aviation .


Gopinath Achari a écrit :

simply block based on extentions of files

using url_pathregex

On Tuesday 21 July 2009 16:13, Muhammad Sharfuddin wrote:

Squid 2.7 STABLE 5

how can I block audio/video streaming via squid ?

I have blocked a lot many streaming wesbites(like youtube) but I want to
block all of them.. and I think the best method is to block all types of
audio/video streaming rather then blocking websites(that are increasing
day-by-day)

Regards
-ms


--
Ce courrier �lectronique a �t� v�rifi� et est exempt de virus connus � ce jour.
Contactez votre administrateur pour plus de renseignement.
postmas...@ch-chaumont.fr



--
Ce courrier �lectronique a �t� v�rifi� et est exempt de virus connus � ce jour.
Contactez votre administrateur pour plus de renseignement.
postmas...@ch-chaumont.fr

begin:vcard
fn:Erwann Pencreach
n:Pencreach;Erwann
org:Centre Hospitalier de Chaumont;Service Informatique
adr;dom:;;2 rue Jeanne D'arc;Chaumont;;52000
email;internet:erwann.pencre...@ch-chaumont.fr
title:Technicien Informatique
tel;work:0325357321
tel;fax:0325030674
x-mozilla-html:FALSE
version:2.1
end:vcard

Re: [squid-users] squid error message

[Henrik Nordstrom]

ons 2009-07-22 klockan 01:26 -0700 skrev Jigar Raval:
> 
> Hello,
> 
> We have configure squid and we are getting following type of erro in log file
> 
> TCP_DENIED/400 0 HEAD error:invalid-request - NONE/- text/html

cache.log may contain more information about the malformed request.

Regards
Henrik

RE: [squid-users] next Squid 2.7 release?

[Henrik Nordstrom]

tis 2009-07-21 klockan 11:30 -0700 skrev Balaji Ganesan:

> As per below email, 2.7 STABLE 7 was supposed to support Windows 7.
> Windows 7 is releasing on October 2009 and we would like to have our
> product support that as well. To do that, we need Squid to support
> Windows 7. Can you please tell me when Squid 2.7 STABLE 7 will be
> released?

Before the summer is over.

Regards
Henrik

Re: [squid-users] Squid3 / NTLM / token id cache

[Henrik Nordstrom]

tis 2009-07-21 klockan 14:18 +0200 skrev Frederic THOMAS:

> On previous version we could use following settings (ntlm parameters on 
> 2.5 squid and i noticed they didnt exists after 2.6) :
> 
> "max_challenge_reuses" number
> "max_challenge_lifetime" timespan

These settings were removed as the technique is both fragile and
completely incompatible with NTLMv2.

> What similar option on squid 3 can be used to reduce authentication 
> traffic ? Is there any solution to avoid an authentification request to 
> each connection and have a possibility to reuse a token id ?

You can try enable Negotiate authentication. Uses much less 407
handshakes.

Or see into having the IP based authentication cache forward-ported to
Squid-3.

Or better yet, see too having Squid updated to support HTTP/1.1,
enabling the use of chunked encoding squid->client, which drastically
reduces the amount of new connections seen.

Regards
Henrik

Re: [squid-users] howto block audio/video streaming

[Indunil Jayasooriya]

Pls try this

acl magic_words url_regex -i .mp3 .mp4 .wmv .wave .mpeg .dat .ac3 .midi .rm
http_access deny magic_words

and type below command

squid -k reconfigure



On Wed, Jul 22, 2009 at 3:17 PM, Gopinath
Achari wrote:
> simply block based on extentions of files
>
> using url_pathregex
>
> On Tuesday 21 July 2009 16:13, Muhammad Sharfuddin wrote:
>> Squid 2.7 STABLE 5
>>
>> how can I block audio/video streaming via squid ?
>>
>> I have blocked a lot many streaming wesbites(like youtube) but I want to
>> block all of them.. and I think the best method is to block all types of
>> audio/video streaming rather then blocking websites(that are increasing
>> day-by-day)
>>
>> Regards
>> -ms
>
>



-- 
Thank you
Indunil Jayasooriya

Re: [squid-users] squid error message

[Amos Jeffries]

Jigar Raval wrote:

Hello,

The cache log show following 



clientReadRequest: FD 277 (192.168.1.142:49241) Invalid Request

Should i upgrade with new squid version ?


I expect there will be no change. This is showing most of the signs of a 
broken client.

But feel free if you wish to try something newer.

Amos



--- On Wed, 7/22/09, Amos Jeffries  wrote:


From: Amos Jeffries 
Subject: Re: [squid-users] squid error message
To: "Jigar Raval" 
Cc: squid-users@squid-cache.org
Date: Wednesday, July 22, 2009, 1:43 AM
Jigar Raval wrote:

Hello,

We have configure squid and we are getting following

type of erro in log file

TCP_DENIED/400 0 HEAD error:invalid-request - NONE/-

text/html

This is especially appears to be related with windows
vista update. We are getting lots of such error messages. 

What could be the reason ? How to solve this?

Some client opened a TCP link to Squid. Started sending a
HEAD request but before it finished sending the request
headers it closed the link or died.

This is no problem with Squid, but something bad at the
client end or network between client and Squid. 
cache.log may have more info on what happened if anything

more is known to Squid than a simple disconnection.

Amos
-- Please be using
  Current Stable Squid 2.7.STABLE6 or 3.0.STABLE16
  Current Beta Squid 3.1.0.10 or 3.1.0.11




  



--
Please be using
  Current Stable Squid 2.7.STABLE6 or 3.0.STABLE16
  Current Beta Squid 3.1.0.10 or 3.1.0.11

Re: [squid-users] Ident and 3.1

[Henrik Nordstrom]

tis 2009-07-21 klockan 11:53 +0100 skrev twintu...@f2s.com:

> acl validuser ident REQUIRED
> http_access allow valideuser

Where is this in relation to your other http_access rules?

Regards
Henrik

Re: [squid-users] Changing HTTP BASIC 'Realm' to force user logout / reauthentication

[Henrik Nordstrom]

tis 2009-07-21 klockan 10:15 +0200 skrev David (Dave) Donnan:


> Background:
> 
>http://httpd.apache.org/docs/1.3/howto/auth.html
> 
>so that if other resources are requested *from the same realm*, the
>same username and password can be returned to authenticate

Yes..

> However, I surf seamlessly without the HTTP BASIC prompt.

Because the browser doesn't notice. It continues sending the cached
login in each request, and as it's never denied it never sees the change
in realm..

> Should this not work ?

It works in some if you first deny access to notify the browser about
the realm change. But I have no good advice on how to implement that in
Squid without also causing immediate logout request on the first login.

Regards
Henrik

Re: [squid-users] RE: Squid on Windows, slow file transfers

[Henrik Nordstrom]

tis 2009-07-21 klockan 22:07 +0200 skrev Serassio Guido:

> The problem could be Windows itself: the network I/O capability of 
> Squid when running on Windows is limited "by design" because select() 
> is the only multiplatform compatible comm loop available, but it's 
> the worse 

Just a comment based on earlier experiences of similar 200KB/s symptoms
on other platforms.

When this is seen Squid usually somehow missed the event notification,
causing it to sleep in select() even when there is processing to do.
This has been seen in the following cases

  - Event timing errors, sleeping in select() even if there is timed
events pending to be run NOW.
  - Delay pools logic errors
  - Missing disk I/O notifications slowing down cache hits while misses
still fast.
  - SSL server code in certain conditions (decrypted data already
available) when using Squid as an https:// server 

Most times when this family of issues is seen having other requests
running at high speed "cures" the problem by kicking Squid constantly
alive processing.

The performance issues of select() is mainly seen when the number of
connections is large and is not an issue when the number of concurrent
users is reasonably small (hundreds), while the 200K capping due to
reasons as listed above is mainly seen when practically alone using the
proxy.

Regards
Henrik

Re: [squid-users] howto block audio/video streaming

[Gopinath Achari]

simply block based on extentions of files

using url_pathregex

On Tuesday 21 July 2009 16:13, Muhammad Sharfuddin wrote:
> Squid 2.7 STABLE 5
>
> how can I block audio/video streaming via squid ?
>
> I have blocked a lot many streaming wesbites(like youtube) but I want to
> block all of them.. and I think the best method is to block all types of
> audio/video streaming rather then blocking websites(that are increasing
> day-by-day)
>
> Regards
> -ms

Re: [squid-users] squid error message

[Jigar Raval]

Hello,

The cache log show following 


clientReadRequest: FD 277 (192.168.1.142:49241) Invalid Request

Should i upgrade with new squid version ?

Regards

Jigar


--- On Wed, 7/22/09, Amos Jeffries  wrote:

> From: Amos Jeffries 
> Subject: Re: [squid-users] squid error message
> To: "Jigar Raval" 
> Cc: squid-users@squid-cache.org
> Date: Wednesday, July 22, 2009, 1:43 AM
> Jigar Raval wrote:
> > 
> > Hello,
> > 
> > We have configure squid and we are getting following
> type of erro in log file
> > 
> > TCP_DENIED/400 0 HEAD error:invalid-request - NONE/-
> text/html
> > 
> > This is especially appears to be related with windows
> vista update. We are getting lots of such error messages. 
> > What could be the reason ? How to solve this?
> 
> Some client opened a TCP link to Squid. Started sending a
> HEAD request but before it finished sending the request
> headers it closed the link or died.
> 
> This is no problem with Squid, but something bad at the
> client end or network between client and Squid. 
> cache.log may have more info on what happened if anything
> more is known to Squid than a simple disconnection.
> 
> Amos
> -- Please be using
>   Current Stable Squid 2.7.STABLE6 or 3.0.STABLE16
>   Current Beta Squid 3.1.0.10 or 3.1.0.11
> 


  

Re: [squid-users] Cache-Control problems with Korean sites

[Henrik Nordstrom]

mån 2009-07-20 klockan 09:49 -0400 skrev Mike Mitchell:
> We're having problems accessing Korean Government sites like
> parcel.epost.go.kr and www.g2b.go.kr from a
> squid cache that is physically in Seoul, Korea.  I performed network
> captures and found that if the request included a 'Cache-Control'
> header the remote server did not send TCP ACK messages back for the
> request.  The remote server did complete the three-way TCP connection
> handshake, but would not acknowledge the request.  When I stripped the
> 'Cache-Control' header using

Heh, just tried with Firefox without using a proxy and I can reproduce
the problem by simply hitting the reload button.

Regards
Henrik

Re: [squid-users] Cache-Control problems with Korean sites

[Henrik Nordstrom]

mån 2009-07-20 klockan 09:49 -0400 skrev Mike Mitchell:

> My guess is there is a firewall protecting the remote web servers.  Has 
> anyone seen this behavior before?

Have not seen it on this level.

Generally the type of issues you describe is either Window Scaling or
ECN related (both are standardized TCP features frequently broken by old
firewalls), but I have not heard of Cache-Control having any impact on
it before...

Regards
Henrik

Re: Fw: [squid-users] NTLM Auth and Java applets (Any update)

[Henrik Nordstrom]

mån 2009-07-20 klockan 12:30 +0200 skrev Gontzal:

> In the access.log of the parent proxy I get:
> 
> 1248084163.393 131533 172.28.129.250 TCP_MISS/000 2696 CONNECT
> tp.seg-social.es:443 - DEFAULT_PARENT/172.16.100.230 -

Which says the request as successfully forwarded to the parent
172.16.100.230, but apparently no response at all was seen.

> Another question, the realm value must be the same as defined on
> "auth_param basic realm ProxySquid " or may be the domain name as
> defined on smb.conf? In my case it's not the same value.

It's preferably the same as auth_param, but doesn't really matter.
Mostly for presentation to the user so they have a chance of
understanding what kind of resource they need to login for..

Regards
Henrik

Re: [squid-users] squid error message

[Amos Jeffries]

Jigar Raval wrote:


Hello,

We have configure squid and we are getting following type of erro in log file

TCP_DENIED/400 0 HEAD error:invalid-request - NONE/- text/html

This is especially appears to be related with windows vista update. We are getting lots of such error messages. 


What could be the reason ? How to solve this?


Some client opened a TCP link to Squid. Started sending a HEAD request 
but before it finished sending the request headers it closed the link or 
died.


This is no problem with Squid, but something bad at the client end or 
network between client and Squid.  cache.log may have more info on what 
happened if anything more is known to Squid than a simple disconnection.


Amos
--
Please be using
  Current Stable Squid 2.7.STABLE6 or 3.0.STABLE16
  Current Beta Squid 3.1.0.10 or 3.1.0.11

[squid-users] squid error message

[Jigar Raval]

Hello,

We have configure squid and we are getting following type of erro in log file

TCP_DENIED/400 0 HEAD error:invalid-request - NONE/- text/html

This is especially appears to be related with windows vista update. We are 
getting lots of such error messages. 

What could be the reason ? How to solve this?

Regards

Jigar