RE: [squid-users] TCP response time | Proxy efficiency | Paging .. pending questions
no I do not. I simply manage some 30 squid servers and I included in this mail some statistics from one of these proxies because I think I should increase the cache_mem value for some of them but I am not really sure about my suggestions ... so if some of you have deep experience in it I would be happy they help me. do not hesitate to read the 5 questions in my mail. many thks Vincent ___ From: Gerard Leonardo [mailto:gerard.leona...@gmail.com] Sent: Tuesday, August 25, 2009 3:06 PM To: Blondel, V. (Vincent) Cc: squid-users@squid-cache.org Subject: Re: [squid-users] TCP response time | Proxy efficiency | Paging .. pending questions Hi, Do you mind sending how to tune or tweak squid+dansguardian with 300 concurrent users. Thanks in advancE! Gerard On Tue, Aug 25, 2009 at 6:45 PM, vincent.blon...@ing.be wrote: Hello all, when looking on the good working of one of my squid proxies, I see some values I think somewhat relevant for increasing the cache_mem. next to my investigations I can see this machine receives some 130req/s, sends some 80 req/s, caches some 1.2 million objects on disk. this is the very basic part of it. $ squidclient mgr:info Internal Data Structures: 1182755 StoreEntries 70431 StoreEntries with MemObjects 70365 Hot Object Cache Items 1174685 on-disk objects $ squidclient mgr:5min |egrep 'http|fault' client_http.requests = 127.388482/sec client_http.hits = 45.899453/sec client_http.errors = 0.00/sec client_http.kbytes_in = 95.962190/sec client_http.kbytes_out = 1820.344974/sec client_http.all_median_svc_time = 0.021898 seconds client_http.miss_median_svc_time = 0.042766 seconds client_http.nm_median_svc_time = 0.001789 seconds client_http.nh_median_svc_time = 0.020695 seconds client_http.hit_median_svc_time = 0.004626 seconds server.http.requests = 78.912393/sec server.http.errors = 0.00/sec server.http.kbytes_in = 1285.901343/sec server.http.kbytes_out = 66.245877/sec page_faults = 0.04/sec we can also see a correct hit (36%) and byte (20%) rate on this server but ... * what does it mean Proxy efficiency 46.01 ?? * and what does it mean Average speed increase 24.27% ?? * what does it mean TCP response time of 100%% requests .. ? the maximum time taken to make the SYN SYN/ACK ACK when asking for a socket on the parent cahe ? the maximum time taken for getting an object from the parent cache ??? Summary Calamaris statistics lines parsed: lines 15855657 invalid lines: lines 0 parse time: sec 4145 parse speed: lines/sec 3825 Proxy statistics Total amount: requests 15855657 Total Bandwidth: Byte 165G Proxy efficiency (HIT [kB/sec] / DIRECT [kB/sec]): factor 46.01 Average speed increase: % 24.27 TCP response time of 100%% requests: msec 1900 Cache statistics Total amount cached: requests 5627335 Request hit rate: % 35.49 Bandwidth savings: Byte 33781M Bandwidth savings in Percent (Byte hit rate): % 19.96 Average cached object size: Byte 6294 Average direct object size: Byte 13885 Average object size: Byte 11191 the machine squid is running on is a Sun Solaris 8 V210 with 2Gb memory. $ prtconf System Configuration: Sun Microsystems sun4u Memory size: 2048 Megabytes System Peripherals (Software Nodes): SUNW,Sun-Fire-V210 concerning the memory usage this becomes much more unclear for me ... if I good understand I see the process size is some 700mb and get some 600mb allocated. when going deeper in the vmstat stats pi and po column
Re: Fwd: [squid-users] Need help in integrating squid and samba
Thank you so much, I will test this option and get back if necessary. Cheers Avinash On Mon, Aug 24, 2009 at 1:00 AM, Henrik Nordstromhen...@henriknordstrom.net wrote: sön 2009-08-23 klockan 15:08 +0530 skrev Avinash Rao: I couldn't find any document that shows me how to enable wb_info for squid. Can anybody help me? external_acl_type NT_Group %LOGIN /usr/local/squid/libexec/wbinfo_group.pl acl group1 external NT_Group group1 then use group1 whenever you want to match users belonging to that Windows group. Regards Henrik
[squid-users] optimizing squid
I am trying to configure squid for the optimum performance(fast). uname -a Linux gateway 2.6.27.19-5-default #1 SMP 2009-02-28 04:40:21 +0100 x86_64 x86_64 x86_64 GNU/Linux # /usr/local/squid/sbin/squid -v Squid Cache: Version 3.0.STABLE18-20090824 configure options: '--prefix=/usr/local/squid' '--with-dl' '--with-maxfd=32000' '--enable-snmp' '--enable-carp' '--enable-arp-acl' '--enable-htcp' '--enable-underscores' '--enable-stacktraces' '--enable-delay-pools' '--enable-useragent-log' '--enable-referer-log' '--enable-forward-log' '--enable-multicast-miss' '--enable-cache-digests' '--enable-auth-on-acceleration' '--enable-storeio=aufs,diskd,null,ufs' '--enable-linux-netfilter' '--enable-removal-policies=heap,lru' '--enable-icmp' '--enable-large-cache-files' '--enable-x-accelerator-vary' '--enable-follow-x-forwarded-for' '--with-aufs-threads=44' '--with-pthreads' I am looking for the comments and suggestions for the 'configure options' I used, but esp for the following options --with-maxfd=32000 --with-aufs-threads=44 --with-pthreads are they optimized and recommended ?
Re: [squid-users] Squid on Dual Core CPU
2009/8/26 Wong wongb...@telkom.net: 2009/8/26 Wong wongb...@telkom.net: Hi All, Need advise about multicore CPU. If using dual (or quad) core processor and configure Linux kernel with SMP capability, will Squid use the machine as Multiprocessor box? Squid main process won't. But if you're using aufs for cache_dir, or are using external redirecotrs, they will be benifited from multi-core processor. Jeff. Hi Jeff, Yes, I am using aufs and squidguard. So I will enjoy the multicore feature, am I right?. Yes. Thanks a lot. Jeff.
Re: [squid-users] How to debug external_acl_type
Hello, Am 25.08.09 19:32, Henrik Nordstrom hen...@henriknordstrom.net schrieb: tis 2009-08-25 klockan 17:14 +0200 skrev Maik Kündig: I need some help to debug a external_acly_type problem. Which debug options to set? Where can I find more output? What are you looking for? I have enabled full debuging options, but I can't find why I never get access to any site: -8- 2009/08/25 17:09:17| aclCheck: checking 'http_access allow MyAcl' 2009/08/25 17:09:17| aclMatchAclList: checking MyAcl 2009/08/25 17:09:17| aclMatchAcl: checking 'acl MyAcl external myAclType' 2009/08/25 17:09:17| aclMatchExternal: acl=myAclType 2009/08/25 17:09:17| aclAuthenticated: returning 0 sending credentials to helper. 2009/08/25 17:09:17| aclMatchExternal: myAclType user not authenticated (-1) 2009/08/25 17:09:17| aclMatchAclList: no match, returning 0 2009/08/25 17:09:17| aclCheck: checking password via authenticator -8- My Perl Sript should allways return OK: -8- #!/usr/bin/perl $|=1; while () { print OK; } -8- Best regards Maik Kündig
Re: [squid-users] Re: kerberos (AD) authentication - squid_kerb_auth
hi, if you have made the wiki[...]/Kerberos guide through then you are close to the goal. it seems that your problem is only configuration error on client side. since squid_kerb_auth is a MUST to configure the fqdn name of squid in the IE settings. at my place IE 7, IE 8 and FF 3.5 works great with squid_kerb_auth. regards Andrew Am Mittwoch, 26. August 2009 00:35:01 schrieb Jeremy Monnet: On Tue, Aug 25, 2009 at 11:23 PM, Markus Moellerhua...@moeller.plus.com wrote: I a m trying to authenticate users through kerberos on a windows 2003 server AD. Basically, I followed the klaubert tutorial [1], part on Negotiate/kerberos authentication. See also http://wiki.squid-cache.org/ConfigExamples/Authenticate/Kerberos Of course I forgot this one, but I used it also. reason attempted to use NTLM. , does this mean the web browser/gssapi or stuff on the client side is the problem ? Is there anything to do on the windows client machine to send just a standard kerberos ticket ? Possibly. It is important that the proxy you have configured is the fqdn and that your web Browser supports negotiate proxy authentication (e.g IE 7 or Firefox) Trying on windows 7 with IE 8 and FF 3.5. And, last but not least, it seems we can start squid_kerb_auth from the command line in standalone (well, that's the way it works with squid), is there a way to use it to debug the situation ? Yes Just start it onthe command line and input YR token where token is a base64 encoded token. There is a small test program squid_kerb_auth_test.c at http://squidkerbauth.cvs.sourceforge.net/viewvc/squidkerbauth/squid_kerb_ auth/ which you can run as follows: kinit u...@domain ./squid_kerb_auth_test proxy fqdn 200 | ./squid_kerb_auth -d -s HTTP/proxy fqdn This will create 200 authentication requests for testing. That will help me a lot ! Thank you very much for your answers ! I'll post comments as soon as it works (or I get new questions). Regards, Jeremy
Re: [squid-users] How to debug external_acl_type
From: Maik Kündig maik.kuen...@reist-tele.com I need some help to debug a external_acly_type problem. #!/usr/bin/perl $|=1; while () { print OK; } Maybe try with: print OK\n; JD
[squid-users] can i use refresh_patten with url_regex file
Hello i have over 2000 domains list in file can this posible to add single line tag in squid.conf via url_path_regex refresh_pattern urlpath_regex -i /extra/tuning/sitesupdate 10080 90% 43200 reload-into-ims -- View this message in context: http://www.nabble.com/can-i-use-refresh_patten-with-url_regex-file-tp25149397p25149397.html Sent from the Squid - Users mailing list archive at Nabble.com.
Re: [squid-users] How to debug external_acl_type
Hallo, Am 26.08.09 11:21, John Doe jd...@yahoo.com schrieb: From: Maik Kündig maik.kuen...@reist-tele.com I need some help to debug a external_acly_type problem. print OK; Maybe try with: print OK\n; Have tried both versions with \n and without ... I have send it to the List without \n, because it is like that in that example: http://wiki.squid-cache.org/ConfigExamples/Authenticate/MultipleSources I have no idea, why I don't get it work ... Best regards Maik Kündig
Re: [squid-users] Re: kerberos (AD) authentication - squid_kerb_auth
On Wed, Aug 26, 2009 at 11:06 AM, Mrvka Andreasm...@tuv.at wrote: hi, if you have made the wiki[...]/Kerberos guide through then you are close to the goal. I hope so anyway :-) it seems that your problem is only configuration error on client side. I am not so sure anymore. I tried to use the squid_kerb_auth_test utility, but it still gives me errors on the tokens (see below for listings). I may add that I compiled both squid3.0 and squid_kerb_auth 1.0.5. I used squid_kerb_auth_test with both squid_kerb_auth from the squid_kerb_auth1.0.5 package and the squid3.0 package. I get errors in both cases (though not the same, but that may simply be that one is older). I am using a windows server 2003 R2 corporate with SP2, in case there may be an issue with a SP or something. Last thing I can think of is the way I created the keytab (but kerberos seems to like it this way) : ktpass -out squidproxy.krb5.keytab -pass Password1 -princ HTTP/squidproxy.ad.simia...@ad.simia.fr -mapuser host_squid -ptype KRB5_NT_SRV_HST -crypto DES-CBC-MD5 (could have used RC4-HMAC, but I had problems before when I put in place unix authentication on AD/kerberos). since squid_kerb_auth is a MUST to configure the fqdn name of squid in the IE settings. I did it this way ... :-/ at my place IE 7, IE 8 and FF 3.5 works great with squid_kerb_auth. Hope I can make it work also. Thanks, Jeremy Squid_kerb_auth_test : squidproxy:~/squid/squid_kerb_auth-1.0.5# kdestroy squidproxy:~/squid/squid_kerb_auth-1.0.5# kinit j...@ad.simia.fr j...@ad.simia.fr's Password: squidproxy:~/squid/squid_kerb_auth-1.0.5# /root/squid/squid_kerb_auth-1.0.5/squid_kerb_auth_test squidproxy.ad.simia.fr | /usr/local/libexec/squid_kerb_auth -d -s HTTP/squidproxy.ad.simia.fr 2009/08/26 12:17:10| squid_kerb_auth: Got 'Token: YIIE8QYGKwYBBQUCoIIE5TCCBOGgDTALBgkqhkiG9xIBAgKiggTOBIIEymCCBMYGCSqGSIb3EgECAgEAboIEtTCCBLGgAwIBBaEDAgEOogcDBQAAo4IDqWGCA6UwggOhoAMCAQWhDRsLQUQuU0lNSUEuRlKiKTAnoAMCAQGhIDAeGwRIVFRQGxZzcXVpZHByb3h5LmFkLnNpbWlhLmZyo4IDXjCCA1qgAwIBA6EDAgEKooIDTASCA0jVFrJW9Hmfkrhd3LmVf3ZLpeqR/87YM7hkqbk75EMhcX+Mb/ciG5h6kuFl7fBKzW/prfmOPmYzAPVc4HdnLchdkXCQNsxe/IrCT/DwkB1pSopcr7N9zqnJ6xN8UR/Zd8vfUnhmoNI4/lQ2pg04GJTv8UFXi3UKVmH7aHENQGB6pLaeoFe6inhK+/c7/9O1m5GHsmNbuawNH3N48gEiFYkfOHVqyAQukuGWLpJHyvVUBS3XTuAj2LhqxqZJzuiyOkUIReb7NU4ZuWVO7oZvp7+AIbCcaikdxU2nsnVrM9EypGpcUzdy3SBd+eqdGIuctW/+pZ0gAtu7/JCmgNpoaJGZH90dnp339/LUIg3nGI8+MoPPhTaE4iWLp6smi/rB/tzpiKYDz8Rr0MIdB5rs0jRr3Kjeg0gcaLsMIaKA2t8ZmFAWUXPq8GQaX57e8DGBTKNut9lzhCsDEV8zhzAIdKmrs6XJm5Vq1GjCbchTUSoRaZhd663S47kjTpxKA9eyTWYkWdExGrvz9fUYRq6QPIv6wmbU9HwkZZTsJ2YH5JrJPAPK2icuQkSCTXiMKBHc4KLMgZ3MFciWAKPBXETwVhDtEy2jeIYfkR4+Imzg9l8qC8qIUOYVQx0PYywS2gcn53FT5JgA6N7CI5jk6jOu7/lf5QrGR33cwk01Qh9AnGQ4pZw3beWZKN1ezZsJlHr6Ucrn63XiDhv8UAsBDdNeuT8pN0RjXpmt7S0xRmi7Ql4SMyljSiCplhQkOPRnM+VOqPvMcfLP/et7f6xCVMY+9mxLcR9dvl19m4+24EM0Hk59ndlUJD0+xsEYygp3sB6obAhg1IHv6Dn7AwKI56zju3i/H6WyAfGx6lqiDX1sv+oqdDjf0slTAlYpm9DNtTx2KSWmGbRlbKx4/DfxtXCjte5ltbttYOiGBcFtePQK2Z0PpTvdgXqPPfq05juN6dDsabDGuz9KyKWyga2RXssxCaIWcU2CDRY75nru6IivHR6HrEUrhj4VLXuMIfzAdw/FPcV4qd+XDqhWON9yc+HiqjfXPTUq8JcHYq9+rSk/4IlkmW/WqgJuvFaQHLicev5KWYw7J+Z/sGfCObXG/e6OlQMcHNIR0JRvMjukge4wgeugAwIBA6KB4wSB4IcbergiZ7uvt8Z9Y1TM62ZQM0pFTFhi8ll0riYdLXVnJI0KHNU1PGg+It5iDIlCJcBJWbAtgDfLfO6N00xEnIpxwZdDo3ZdNF/+eImBHsDpGWx7ZuEygw9R0kKUQozz+bi6JvjN6MUsvquriLecvTcfvLyViZEXdIcBmgRq1fphwambQaRsGi6Ubahd6Q1P6YYNg3Hk2+RzsgaFw/1gOKCoka3VGyLZndVsFv0MS2EXyyb04iXXu37uCkt2py4ou1lGaMS2hTpHfqz2TyMUfPM0cHF8O9iHtc9UuAEVsiXk' from squid (length: 1699). 2009/08/26 12:17:10| squid_kerb_auth: gss_accept_sec_context() failed: A token was invalid. unknown mech-code 0 for mech unknown NA gss_accept_sec_context() failed: A token was invalid. unknown mech-code 0 for mech unknown ## squid log trying from windows box : ## 2009/08/26 12:23:30.633| authenticateValidateUser: Auth_user_request was NULL! 2009/08/26 12:23:30.633| authenticateAuthenticate: broken auth or no proxy_auth header. Requesting auth header. 2009/08/26 12:23:30.941| authenticateAuthenticate: no connection authentication type 2009/08/26 12:23:30.942| AuthUser::AuthUser: Initialised auth_user '0x9b0e640' with refcount '0'. 2009/08/26 12:23:30.942| AuthUserRequest::AuthUserRequest: initialised request 0x9b12418 2009/08/26 12:23:30.954| authenticateValidateUser: Validated Auth_user request '0x9b12418'. 2009/08/26 12:23:30.955| authenticateValidateUser: Validated Auth_user request '0x9b12418'. 2009/08/26 12:23:30.955| authenticateValidateUser: Validated Auth_user request '0x9b12418'. 2009/08/26 12:23:30.956| authenticateValidateUser: Validated Auth_user request '0x9b12418'. 2009/08/26 12:23:30.957| authenticateNegotiateHandleReply: Error validating user via Negotiate. Error returned 'BH received type 1 NTLM token' 2009/08/26 12:23:30.957| authenticateValidateUser: Validated Auth_user request '0x9b12418'. 2009/08/26 12:23:30.958| authenticateValidateUser: Validated Auth_user request '0x9b12418'.
Re: [squid-users] can i use refresh_patten with url_regex file
On Wed, Aug 26, 2009 at 11:26 AM, pokemanasifbak...@gmail.com wrote: Hello i have over 2000 domains list in file can this posible to add single line tag in squid.conf via url_path_regex refresh_pattern urlpath_regex -i /extra/tuning/sitesupdate 10080 90% 43200 reload-into-ims No. It's also pretty bad performance-wise. 2000 regexps to be matchd for each request can be pretty compute-intensive. -- /kinkie
Re: [squid-users] optimizing squid
2009/8/26 Muhammad Sharfuddin m.sharfud...@nds.com.pk: I am trying to configure squid for the optimum performance(fast). I don't think you could get much performance improvement from the compling options. Those options are mostly for enable or disable a feature in squid. Few of them are maybe good for performance under special conditons,like --enable-async-io, --with-aio, --with-filedescriptors, --enable-removal-policies etc. But others, I don't think so.. Deploy squid's serverbox with good hardware, like fast disk, huge memory, strong CPU can improve the performance fundamentally. Also this is the suggested usage for kind of high-performance squid from Amos: http://squidcn.spaces.live.com/blog/cns!B49104BB65206A10!233.entry HTH.
Re: [squid-users] Re: kerberos (AD) authentication - squid_kerb_auth
hm... i can tell you what I did. first I tried ktpass too as you describe. But nevertheless to use exactly the same as in the wiki I finally used msktutil to proceed. I run an SLES 11 Server and had to download SLES 11 SDK iso to compile msktutil successfully. My way was: - configure /etc/krb5.conf correctly (realm, ad-server, etc.) - join AD domain with an user with permissions - kinit thisadu...@mydomain.com - ./msktutil -c -s HTTP/squidproxy.mydomain.com -h squidproxy.mydomain.com -k /usr/local/squid-3.1/etc/HTTP.keytab --computer-name squidproxy --upn HTTP/squidproxy.mydomain.com --server DC.mydomain.com --verbose --delegation --description Proxy Server - configure squid.conf to use auth_param negotiate path_to_squidkerbauth no parameters!! And it worked. I never used squid_kerb_auth_test as I didn't know how to use it :-) Bye Andrew Am Mittwoch, 26. August 2009 12:28:15 schrieben Sie: On Wed, Aug 26, 2009 at 11:06 AM, Mrvka Andreasm...@tuv.at wrote: hi, if you have made the wiki[...]/Kerberos guide through then you are close to the goal. I hope so anyway :-) it seems that your problem is only configuration error on client side. I am not so sure anymore. I tried to use the squid_kerb_auth_test utility, but it still gives me errors on the tokens (see below for listings). I may add that I compiled both squid3.0 and squid_kerb_auth 1.0.5. I used squid_kerb_auth_test with both squid_kerb_auth from the squid_kerb_auth1.0.5 package and the squid3.0 package. I get errors in both cases (though not the same, but that may simply be that one is older). I am using a windows server 2003 R2 corporate with SP2, in case there may be an issue with a SP or something. Last thing I can think of is the way I created the keytab (but kerberos seems to like it this way) : ktpass -out squidproxy.krb5.keytab -pass Password1 -princ HTTP/squidproxy.ad.simia...@ad.simia.fr -mapuser host_squid -ptype KRB5_NT_SRV_HST -crypto DES-CBC-MD5 (could have used RC4-HMAC, but I had problems before when I put in place unix authentication on AD/kerberos). since squid_kerb_auth is a MUST to configure the fqdn name of squid in the IE settings. I did it this way ... :-/ at my place IE 7, IE 8 and FF 3.5 works great with squid_kerb_auth. Hope I can make it work also. Thanks, Jeremy Squid_kerb_auth_test : squidproxy:~/squid/squid_kerb_auth-1.0.5# kdestroy squidproxy:~/squid/squid_kerb_auth-1.0.5# kinit j...@ad.simia.fr j...@ad.simia.fr's Password: squidproxy:~/squid/squid_kerb_auth-1.0.5# /root/squid/squid_kerb_auth-1.0.5/squid_kerb_auth_test squidproxy.ad.simia.fr | /usr/local/libexec/squid_kerb_auth -d -s HTTP/squidproxy.ad.simia.fr 2009/08/26 12:17:10| squid_kerb_auth: Got 'Token: YIIE8QYGKwYBBQUCoIIE5TCCBOGgDTALBgkqhkiG9xIBAgKiggTOBIIEymCCBMYGCSqGSIb3EgE CAgEAboIEtTCCBLGgAwIBBaEDAgEOogcDBQAAo4IDqWGCA6UwggOhoAMCAQWhDRsLQUQuU0 lNSUEuRlKiKTAnoAMCAQGhIDAeGwRIVFRQGxZzcXVpZHByb3h5LmFkLnNpbWlhLmZyo4IDXjCCA 1qgAwIBA6EDAgEKooIDTASCA0jVFrJW9Hmfkrhd3LmVf3ZLpeqR/87YM7hkqbk75EMhcX+Mb/ci G5h6kuFl7fBKzW/prfmOPmYzAPVc4HdnLchdkXCQNsxe/IrCT/DwkB1pSopcr7N9zqnJ6xN8UR/ Zd8vfUnhmoNI4/lQ2pg04GJTv8UFXi3UKVmH7aHENQGB6pLaeoFe6inhK+/c7/9O1m5GHsmNbua wNH3N48gEiFYkfOHVqyAQukuGWLpJHyvVUBS3XTuAj2LhqxqZJzuiyOkUIReb7NU4ZuWVO7oZvp 7+AIbCcaikdxU2nsnVrM9EypGpcUzdy3SBd+eqdGIuctW/+pZ0gAtu7/JCmgNpoaJGZH90dnp33 9/LUIg3nGI8+MoPPhTaE4iWLp6smi/rB/tzpiKYDz8Rr0MIdB5rs0jRr3Kjeg0gcaLsMIaKA2t8 ZmFAWUXPq8GQaX57e8DGBTKNut9lzhCsDEV8zhzAIdKmrs6XJm5Vq1GjCbchTUSoRaZhd663S47 kjTpxKA9eyTWYkWdExGrvz9fUYRq6QPIv6wmbU9HwkZZTsJ2YH5JrJPAPK2icuQkSCTXiMKBHc4 KLMgZ3MFciWAKPBXETwVhDtEy2jeIYfkR4+Imzg9l8qC8qIUOYVQx0PYywS2gcn53FT5JgA6N7C I5jk6jOu7/lf5QrGR33cwk01Qh9AnGQ4pZw3beWZKN1ezZsJlHr6Ucrn63XiDhv8UAsBDdNeuT8 pN0RjXpmt7S0xRmi7Ql4SMyljSiCplhQkOPRnM+VOqPvMcfLP/et7f6xCVMY+9mxLcR9dvl19m4 +24EM0Hk59ndlUJD0+xsEYygp3sB6obAhg1IHv6Dn7AwKI56zju3i/H6WyAfGx6lqiDX1sv+oqd Djf0slTAlYpm9DNtTx2KSWmGbRlbKx4/DfxtXCjte5ltbttYOiGBcFtePQK2Z0PpTvdgXqPPfq0 5juN6dDsabDGuz9KyKWyga2RXssxCaIWcU2CDRY75nru6IivHR6HrEUrhj4VLXuMIfzAdw/FPcV 4qd+XDqhWON9yc+HiqjfXPTUq8JcHYq9+rSk/4IlkmW/WqgJuvFaQHLicev5KWYw7J+Z/sGfCOb XG/e6OlQMcHNIR0JRvMjukge4wgeugAwIBA6KB4wSB4IcbergiZ7uvt8Z9Y1TM62ZQM0pFTFhi8 ll0riYdLXVnJI0KHNU1PGg+It5iDIlCJcBJWbAtgDfLfO6N00xEnIpxwZdDo3ZdNF/+eImBHsDp GWx7ZuEygw9R0kKUQozz+bi6JvjN6MUsvquriLecvTcfvLyViZEXdIcBmgRq1fphwambQaRsGi6 Ubahd6Q1P6YYNg3Hk2+RzsgaFw/1gOKCoka3VGyLZndVsFv0MS2EXyyb04iXXu37uCkt2py4ou1 lGaMS2hTpHfqz2TyMUfPM0cHF8O9iHtc9UuAEVsiXk' from squid (length: 1699). 2009/08/26 12:17:10| squid_kerb_auth: gss_accept_sec_context() failed: A token was invalid. unknown mech-code 0 for mech unknown NA gss_accept_sec_context() failed: A token was invalid. unknown mech-code 0 for mech unknown ## squid log trying from windows box : ## 2009/08/26 12:23:30.633| authenticateValidateUser: Auth_user_request was NULL! 2009/08/26 12:23:30.633| authenticateAuthenticate:
Re: [squid-users] refresh_pattern
Hi, no, Squid does not send an IMS GET request in this case, it directly serves the stale content (although new content is available on origin server). It is strange to me that it seems to depend from lm-factor/percent, since no last-mod header is available. So percent should not be used, should it? Regards, Micky Original-Nachricht Datum: Wed, 26 Aug 2009 13:28:46 +1200 Von: Amos Jeffries squ...@treenet.co.nz An: micky...@gmx.de CC: squid-users@squid-cache.org Betreff: Re: [squid-users] refresh_pattern On Tue, 25 Aug 2009 21:11:53 +0200, micky...@gmx.de wrote: Hi, I am trying to fully understand the refresh algorithm Squid is using: FRESH if expires now, else STALE STALE if age max FRESH if lm-factor percent, else STALE FRESH if age min else STALE I disabled the last-modified header on my apache server for an objekt test.html for testing purposes. My refresh_pattern looks like this: refresh_pattern test3 10 10% 300 If I request something like echo -e GET http://example.com/test.html HTTP/1.0\n\n | netcat example.com 80 the answer from squid is HTTP/1.0 200 OK Date: Tue, 25 Aug 2009 19:01:46 GMT Server: Apache/2.2.6 (Unix) PHP/5.2.5 ETag: 4d04f6-2-f4490a00 Accept-Ranges: bytes Content-Length: 2 Content-Type: text/html Age: 346 X-Cache: HIT from example.com Via: 1.0 example.com (squid/3.0.STABLE18) Connection: close It is strange to me that Squid always produces a hit. Since the object does not have a last-modified or expires header, the Squid algorithm should look simply like this: STALE if age max FRESH if age min else STALE But both: agemax and age min do not work (no refresh of the object is done via Squid), Squid is still caching the object. It only changes if I set percent to 0%, then I receive a MISS, but percent should not be used (since no last-modified-header), should it? I would appreciate any explanations. Sounds a bit like bug #7 being hit. Also check your access.log to see what type of HIT it is. You may be getting TCP_REFRESH_HIT (server IMS queried and it replied 'object not changed') instead of TCP_HIT (object from cache, no backend contact). Bug #7 means the old headers can get sent on the first case. Amos -- GRATIS für alle GMX-Mitglieder: Die maxdome Movie-FLAT! Jetzt freischalten unter http://portal.gmx.net/de/go/maxdome01
Re: [squid-users] How to debug external_acl_type
Maik Kündig wrote: Hallo, Am 26.08.09 11:21, John Doe jd...@yahoo.com schrieb: From: Maik Kündig maik.kuen...@reist-tele.com I need some help to debug a external_acly_type problem. print OK; Maybe try with: print OK\n; Have tried both versions with \n and without ... I have send it to the List without \n, because it is like that in that example: http://wiki.squid-cache.org/ConfigExamples/Authenticate/MultipleSources I have no idea, why I don't get it work ... Have you perhapse got the concurrency= parameter of external_acl_type set? In which case Squid would be expecting a channel ID to come back from the helper saying which of the concurrent requests is being answered. Amos -- Please be using Current Stable Squid 2.7.STABLE6 or 3.0.STABLE18 Current Beta Squid 3.1.0.13
Re: [squid-users] How to debug external_acl_type
Hello, Am 26.08.09 16:40, Amos Jeffries squ...@treenet.co.nz schrieb: I have no idea, why I don't get it work ... Have you perhapse got the concurrency= parameter of external_acl_type set? No I have not set this parameter, or is there a default value to change? squid.conf: -8- acl all src all auth_param basic program /usr/local/bin/my-auth.pl external_acl_type myAclType children=1 ttl=1 %SRC %LOGIN %{Proxy-Authorization} /usr/local/bin/foobar acl MyAcl external myAclType http_access allow MyAcl #http_access allow all # DIV http_port 3128 debug_options ALL,1 82,9 4,9 28,9 hosts_file /etc/hosts access_log /var/log/squid/access.log squid coredump_dir /var/spool/squid -8- Thanks and best regards Maik Kündig
Re: [squid-users] Re: kerberos (AD) authentication - squid_kerb_auth
On Wed, Aug 26, 2009 at 12:35 AM, Jeremy Monnetjmon...@gmail.com wrote: This will create 200 authentication requests for testing. That will help me a lot ! Thank you very much for your answers ! I'll post comments as soon as it works (or I get new questions). Ok, I am making progress (I guess). Though I am not really sure, I think I chose a different option when re-installing my AD controller. I think the AD should be made compatible with every version of windows, not only with windows 2000 and 2003. I should make more tests to be sure that was on of the problems. Now, I see the negotiate, and the ticket received seems far better (logs below). I believe the remaining error is authenticateNegotiateHandleReply: helper: '0x9c8cd20' sent us 'NA gss_accept_sec_context() failed: An unsupported mechanism was requested. unknown mech-code 0 for mech unknown' If I play with squid_kerb_auth, I get squid_kerb_auth: gss_accept_sec_context() failed: A token was invalid. unknown mech-code 0 for mech unknown NA gss_accept_sec_context() failed: A token was invalid. unknown mech-code 0 for mech unknown If anyone has any idea about what that means ? I've read stuff about a file /etc/gss/mech, which doesn't exists on my linux box, and is trying to be read by squid_kerb_auth (I saw it using strace) ? Thanks, Regards, Jeremy ## 2009/08/26 17:42:44.144| authenticateValidateUser: Validating Auth_user request '0'. 2009/08/26 17:42:44.145| authenticateValidateUser: Auth_user_request was NULL! 2009/08/26 17:42:44.146| authenticateAuthenticate: broken auth or no proxy_auth header. Requesting auth header. 2009/08/26 17:42:44.147| authenticateFixHeader: headertype:36 authuser:0 2009/08/26 17:42:44.147| AuthNegotiateConfig::fixHeader: Sending type:36 header: 'Negotiate' 2009/08/26 17:42:44.175| authenticateAuthenticate: header Negotiate YIIEyQYGKwYBBQUCoIIEvTCCBLmgJDAiBgkqhkiC9xIBAgIGCSqGSIb3EgECAgYKKwYBBAGCNwICCqKCBI8EggSLYIIEhwYJKoZIhvcSAQICAQBuggR2MIIEcqADAgEFoQMCAQ6iBwMFACCjggOhYYIDnTCCA5mgAwIBBaENGwtBRC5TSU1JQS5GUqIpMCegAwIBAqEgMB4bBEhUVFAbFnNxdWlkcHJveHkuYWQuc2ltaWEuZnKjggNWMIIDUqADAgEXoQMCAQOiggNEBIIDQOIvxmTUEcVcJJncqXCQjLF1gpeTeV4Kte2NWFKreEjHFClFSaAe1s/68/g7wMHv+omNNahYsw8AK/+ctwjYMPINjyWO5tErHds5fj+cx5T5Xnm0go39xoJsJu+3ne2eGrZSWJkt7wiHeg0iZ2+2EOzxqJsXpP8qkNYnU/uaQtT9HlQaMA07pf4TrveFWNh/+2dXYdQV9ad99+//0YRBjg3MaINqLNiGK6iepBrzEFcdLeUqtQbpvsibAXh79N1aXtmQP+PFeOO5B4VeVVpXjoQpkQ5VcyQQyhPvB0ZKRToSiLISy2yHuu/iOMnMAHmJDRYPN63Dd6QgRkv0Ol7sfI9c6h29hU7nWteIZRv/gZ6ySlAJraGcgRfAxamh+EhYpLmms4Df1bG/YZ9r94mlfGKi/vp/hhVNA+SYyfKhpGGQv7JMKTwQHrrXrnKcIQ66DuOrLozZzX8VLofczFIJToX0QZBJwaxlR13bYZJvjQ948qwnYriekV7WusBXGUOJCBh3llWa3nMf8Od26Tyn033OTk9azobufAECDJIk+Jkle/hS+3bk7ojaTs05hkeQiY/1fegJ1foOA1xdGZm4c+pvMUpr3bKIX70eucdmeKS8qj9XE9x7KdgcRYDylfqBr7poHvmwNLhxmyhQIH9omFoCHvNuJLwBBX+lZncEQXHjRpyMIzA1QA8idRQWDoFXJwuISRkA/DkLmRfTMOrtIpw1B3VeLtzasRiHeo8aU4P54F4W3SrZMXZiTmeTmkmsf0tPm4QgAEJXTem7lcCICzBrjCCoQGI9bdGhwhRd2iBTe/yGbt6mQrffDx8tsmneJfdu0nw4553b2DmeCD/q3DDJ4lcL9XmthyY8pIjIX/p2uVbLNA5X+Ogdn/4G/vpFAT44icIz9Djx95O3bwwYId4Y6SmVkV5BqyPapw5q3IOogsv00LeK0FhLNdh30NIbxOSLAI4auNlFTwQs+ORQJ/sHvle0EmS5szuwL4jxMno7855Ujbma5Y0E64ef00YnThzGBuj1nDDoN9NmO4FFtPUoDFIdpaCIrVg5qqw6CjM/paOWY4oYPdGd9Gdz6b3zqu/IFvbITLzMU61Co2UcrGmkgbcwgbSgAwIBF6KBrASBqaYQ+2qnoLP4/3pVQNFps8vV9l5qzj/vfs5+7kEOPZa4TV/KkFj1srNkmyZtlsHxcTgUhH/ZI0iw/ISQmkghSxnmPSEoPce874Ijd7XmnHIwsrOysAI6rtfD31itlxasHrqCx7oCnhlrQ4mEfB2thEJy+Apyuhlo2i/uttu2IZqoUN5U58S0m0KpBk3h9+sWGetYgoI6o22o2haaur5Z/SoSd/rpq6BCYII=. 2009/08/26 17:42:44.179| authenticateAuthenticate: This is a new checklist test on FD:23 2009/08/26 17:42:44.180| authenticateAuthenticate: no connection authentication type 2009/08/26 17:42:44.181| AuthConfig::CreateAuthUser: header = 'Negotiate
[squid-users] Re: Linux using kerberos works but squid won't
How about file permissions? Can squid read .keytab file? Wojtek Hi Markus, yes I set it up as you described. Andrew Am Montag, 24. August 2009 21:53:49 schrieb Markus Moeller: Did you set the environment variable KRB5_KTNAME to your HTTP.keytab location otherwise the default /etc/krb5.keytab will be used ? Markus
RE: [squid-users] Laptops/Mobile Phones using Squid on the road
Authentication was created for exactly this purpose. With explicitly set proxy settings in the browsers, there is no reason why you can't allow them to login to the proxy when they are on the road. Or even at HQ. Note that by entering the proxy settings in the browsers you are no longer using transparent mode. Assuming by transparent you actually mean NAT intercepting you should of course have Squid listening on one port for the intercepted requests (authentication not possible) and another for the configured browsers (authentication possible). Amos -- Please be using Current Stable Squid 2.7.STABLE6 or 3.0.STABLE18 Current Beta Squid 3.1.0.13 I'm back on this after a few days...Thanks for your reply, Amos. What you said about authentication makes a lot of sense. So I disabled transparent mode, and required authentication and I get the exact same problem. (using Clarkconnect 5.0) Squid throughs an error, but does NOT give me a login dialog box as it would inside the LAN!!! A few more details about what I'm trying to do... 1. Using Dansguardian content filter on Clarkconnect 5.0 2. When I'm OUTSIDE the CC lan using proxy settings in the browser, I get the Dansguardian error page if I try to go to a banned site. 3. When I try to visit a site that is acceptable, I get the Squid error. 4. Then if I put in the ACL rule to allow my WAN IP, everything works. Any ideas? I'd really like to just use proxy settings without VPN involved. Thank you in advance.
[squid-users] Re: Re: kerberos (AD) authentication - squid_kerb_auth
What Kerberos library do you use ? Heimdal 1.0.1 ? Markus Jeremy Monnet jmon...@gmail.com wrote in message news:2b1bd02c0908260903w19691f69v83c2af6b1b140...@mail.gmail.com... On Wed, Aug 26, 2009 at 12:35 AM, Jeremy Monnetjmon...@gmail.com wrote: This will create 200 authentication requests for testing. That will help me a lot ! Thank you very much for your answers ! I'll post comments as soon as it works (or I get new questions). Ok, I am making progress (I guess). Though I am not really sure, I think I chose a different option when re-installing my AD controller. I think the AD should be made compatible with every version of windows, not only with windows 2000 and 2003. I should make more tests to be sure that was on of the problems. Now, I see the negotiate, and the ticket received seems far better (logs below). I believe the remaining error is authenticateNegotiateHandleReply: helper: '0x9c8cd20' sent us 'NA gss_accept_sec_context() failed: An unsupported mechanism was requested. unknown mech-code 0 for mech unknown' If I play with squid_kerb_auth, I get squid_kerb_auth: gss_accept_sec_context() failed: A token was invalid. unknown mech-code 0 for mech unknown NA gss_accept_sec_context() failed: A token was invalid. unknown mech-code 0 for mech unknown If anyone has any idea about what that means ? I've read stuff about a file /etc/gss/mech, which doesn't exists on my linux box, and is trying to be read by squid_kerb_auth (I saw it using strace) ? Thanks, Regards, Jeremy ## 2009/08/26 17:42:44.144| authenticateValidateUser: Validating Auth_user request '0'. 2009/08/26 17:42:44.145| authenticateValidateUser: Auth_user_request was NULL! 2009/08/26 17:42:44.146| authenticateAuthenticate: broken auth or no proxy_auth header. Requesting auth header. 2009/08/26 17:42:44.147| authenticateFixHeader: headertype:36 authuser:0 2009/08/26 17:42:44.147| AuthNegotiateConfig::fixHeader: Sending type:36 header: 'Negotiate' 2009/08/26 17:42:44.175| authenticateAuthenticate: header Negotiate YIIEyQYGKwYBBQUCoIIEvTCCBLmgJDAiBgkqhkiC9xIBAgIGCSqGSIb3EgECAgYKKwYBBAGCNwICCqKCBI8EggSLYIIEhwYJKoZIhvcSAQICAQBuggR2MIIEcqADAgEFoQMCAQ6iBwMFACCjggOhYYIDnTCCA5mgAwIBBaENGwtBRC5TSU1JQS5GUqIpMCegAwIBAqEgMB4bBEhUVFAbFnNxdWlkcHJveHkuYWQuc2ltaWEuZnKjggNWMIIDUqADAgEXoQMCAQOiggNEBIIDQOIvxmTUEcVcJJncqXCQjLF1gpeTeV4Kte2NWFKreEjHFClFSaAe1s/68/g7wMHv+omNNahYsw8AK/+ctwjYMPINjyWO5tErHds5fj+cx5T5Xnm0go39xoJsJu+3ne2eGrZSWJkt7wiHeg0iZ2+2EOzxqJsXpP8qkNYnU/uaQtT9HlQaMA07pf4TrveFWNh/+2dXYdQV9ad99+//0YRBjg3MaINqLNiGK6iepBrzEFcdLeUqtQbpvsibAXh79N1aXtmQP+PFeOO5B4VeVVpXjoQpkQ5VcyQQyhPvB0ZKRToSiLISy2yHuu/iOMnMAHmJDRYPN63Dd6QgRkv0Ol7sfI9c6h29hU7nWteIZRv/gZ6ySlAJraGcgRfAxamh+EhYpLmms4Df1bG/YZ9r94mlfGKi/vp/hhVNA+SYyfKhpGGQv7JMKTwQHrrXrnKcIQ66DuOrLozZzX8VLofczFIJToX0QZBJwaxlR13bYZJvjQ948qwnYriekV7WusBXGUOJCBh3llWa3nMf8Od26Tyn033OTk9azobufAECDJIk+Jkle/hS+3bk7ojaTs05hkeQiY/1fegJ1foOA1xdGZm4c+pvMUpr3bKIX70eucdmeKS8qj9XE9x7KdgcRYDylfqBr7poHvmwNLhxmyhQIH9omFoCHvNuJLwBBX+lZncEQXHjRpyMIzA1QA8idRQWDoFXJwuISRkA/DkLmRfTMOrtIpw1B3VeLtzasRiHeo8aU4P54F4W3SrZMXZiTmeTmkmsf0tPm4QgAEJXTem7lcCICzBrjCCoQGI9bdGhwhRd2iBTe/yGbt6mQrffDx8tsmneJfdu0nw4553b2DmeCD/q3DDJ4lcL9XmthyY8pIjIX/p2uVbLNA5X+Ogdn/4G/vpFAT44icIz9Djx95O3bwwYId4Y6SmVkV5BqyPapw5q3IOogsv00LeK0FhLNdh30NIbxOSLAI4auNlFTwQs+ORQJ/sHvle0EmS5szuwL4jxMno7855Ujbma5Y0E64ef00YnThzGBuj1nDDoN9NmO4FFtPUoDFIdpaCIrVg5qqw6CjM/paOWY4oYPdGd9Gdz6b3zqu/IFvbITLzMU61Co2UcrGmkgbcwgbSgAwIBF6KBrASBqaYQ+2qnoLP4/3pVQNFps8vV9l5qzj/vfs5+7kEOPZa4TV/KkFj1srNkmyZtlsHxcTgUhH/ZI0iw/ISQmkghSxnmPSEoPce874Ijd7XmnHIwsrOysAI6rtfD31itlxasHrqCx7oCnhlrQ4mEfB2thEJy+Apyuhlo2i/uttu2IZqoUN5U58S0m0KpBk3h9+sWGetYgoI6o22o2haaur5Z/SoSd/rpq6BCYII=. 2009/08/26 17:42:44.179| authenticateAuthenticate: This is a new checklist test on FD:23 2009/08/26 17:42:44.180| authenticateAuthenticate: no connection authentication type 2009/08/26 17:42:44.181| AuthConfig::CreateAuthUser: header = 'Negotiate
[squid-users] refresh_pattern only extends expiration?
Please help: Trying to set an exact time-to-live (override origin cache control) in Squid (2.4 STABLE6) configuration: ___ refresh_pattern 30_minutes_cache_control_url 15 0% 15 override-expire ignore-max-age Observed: URL is matched (in log), but objects still cached for 30 minutes, rather than 15, as hoped. ___ refresh_pattern 30_minutes_cache_control_url 60 0% 60 override-expire ignore-max-age Observed: URL is matched (in log), and objects are cached for 50-70 minutes (not exactly 60). ___ Q1: Does refresh_pattern only extend expiration? Is there a way to enforce an exact time-to-live (per URL) in Squid? Q2: Does refresh_pattern operate in +-10 minutes granularity? Why 60 minutes become 50 - 70? Thanks.
[squid-users] Re: refresh_pattern only extends expiration?
Forgot to mention -- Squid is used as a _reverse_ cache proxy (server side). On Wed, Aug 26, 2009 at 2:23 PM, Guy Bashkanskyguy...@gmail.com wrote: Please help: Trying to set an exact time-to-live (override origin cache control) in Squid (2.4 STABLE6) configuration: ___ refresh_pattern 30_minutes_cache_control_url 15 0% 15 override-expire ignore-max-age Observed: URL is matched (in log), but objects still cached for 30 minutes, rather than 15, as hoped. ___ refresh_pattern 30_minutes_cache_control_url 60 0% 60 override-expire ignore-max-age Observed: URL is matched (in log), and objects are cached for 50-70 minutes (not exactly 60). ___ Q1: Does refresh_pattern only extend expiration? Is there a way to enforce an exact time-to-live (per URL) in Squid? Q2: Does refresh_pattern operate in +-10 minutes granularity? Why 60 minutes become 50 - 70? Thanks.
Re: [squid-users] squid_kerb_auth and access.log is sue
On Wed, 26 Aug 2009 17:01:34 +0200, Wojciech Dudys wdu...@gmail.com wrote: Hi, I have squid 3.0.18 configured to use squid_kerb_auth helper. When I make a proper HTTP request I see in the access.log: 1251290049.789209 X.X.X.X TCP_MISS/200 486 POST http://mail.google.com/mail/channel/bind? u...@realm DIRECT/74.125.39.17 text/plain Ident field is filled with u...@realm. And this is great. but when I make HTTPS request I see: 1251289923.734 0 X.X.X.X TCP_DENIED/407 2233 CONNECT www.google.com:443 - NONE/- text/html and there is NONE in the Ident field. The same situation is when I get TCP_DENIED 1251289928.638 0 X.X.X.X TCP_DENIED/407 3353 GET http://mail.google.com/mail/? - NONE/- text/html Is this a bug? No this means the users browser did not send any authentication credentials to Squid. http://wiki.squid-cache.org/Features/Authentication Amos
Re: [squid-users] How to debug external_acl_type
On Wed, 26 Aug 2009 17:13:10 +0200, Maik Kündig maik.kuen...@reist-tele.com wrote: Hallo, Am 26.08.09 11:37, Maik Kündig maik.kuen...@reist-tele.com schrieb: Am 26.08.09 11:21, John Doe jd...@yahoo.com schrieb: From: Maik Kündig maik.kuen...@reist-tele.com I need some help to debug a external_acly_type problem. print OK; Maybe try with: print OK\n; Have tried both versions with \n and without ... It looks like external_acl_type is startet, but never enters to loop. Squid.conf -8- acl all src all auth_param basic program /usr/local/bin/my-auth.pl external_acl_type myAclType children=1 ttl=1 %SRC %LOGIN /usr/local/bin/foobar acl MyAcl external myAclType http_access allow MyAcl http_port 3128 debug_options ALL,1 82,9 4,9 28,9 hosts_file /etc/hosts access_log /var/log/squid/access.log squid coredump_dir /var/spool/squid -8- foobar: -8- #!/usr/bin/perl $|=1; #my $processid = $$; #my $FILENAME = /tmp/acl_log_${processid}; my $FILENAME = /tmp/acl.log; open (MYFILE, $FILENAME); print MYFILE Start\n; close (MYFILE); while () { open (MYFILE, $FILENAME); print MYFILE Loop\n; print OK; close (MYFILE); } -8- ps aux | grep foobar: -8- proxy10056 0.0 0.5 4820 1384 ?Ss 01:41 0:00 /usr/bin/perl /usr/local/bin/foobar.pl -8- Cat /tmp/acl.log: -8- # cat /tmp/acl.log Start -8- Whey it never enters the loop? It works if I start it from command line I think Squid is noticing the %LOGIN requirements are missing and aborting with a 'needs auth credentials' before calling into the helpers. see my other email for how to fix. Amos
Re: [squid-users] Systematic caching
tis 2009-08-25 klockan 13:39 -0700 skrev Evguen: I would like to know if there is a way to force Squid to cache uncachable pages. See refresh_pattern. Allows override of most things. Regards Henrik
Re: [squid-users] problems setting up accelerator mode in squid 2.7
ons 2009-08-26 klockan 13:44 +0930 skrev Brett Lymn: On Wed, Aug 26, 2009 at 01:17:16PM +1200, Amos Jeffries wrote: Yes, that is the intended reason but all the clients are internal too - the original idea was to accelerate serving some internal web content. In all honesty, I don't think that doing this is quite as important as it used to be... With internal DNS pointing to the proxy instead of the actual server? (requirement for accelerator mode to make sense) Regards Henrik
[squid-users] Recommendations for ICAP malware av scanning?
Hi guys I was hoping someone might have some input or recomendations for me here is what i am trying to do I think i would like to setup squid and use an ICAP server to do av and malware scanning doesnt matter the software opensource or comerical was wondering if any one had any ideas so far i am thinking clam and or kaspersky thanks -Chris
Re: [squid-users] problems setting up accelerator mode in squid 2.7
On Thu, Aug 27, 2009 at 01:42:06AM +0200, Henrik Nordstrom wrote: With internal DNS pointing to the proxy instead of the actual server? (requirement for accelerator mode to make sense) Yes. Actually the proxy and the destination server are on the same machine, but, regardless, our DNS is consistent. -- Brett Lymn Warning: The information contained in this email and any attached files is confidential to BAE Systems Australia. If you are not the intended recipient, any use, disclosure or copying of this email or any attachments is expressly prohibited. If you have received this email in error, please notify us immediately. VIRUS: Every care has been taken to ensure this email and its attachments are virus free, however, any loss or damage incurred in using this email is not the sender's responsibility. It is your responsibility to ensure virus checks are completed before installing any data sent in this email to your computer.
[squid-users] Setup Squid to allow Gmail/Email/Skype traffic
Hi all - Firstly, I know that Squid is a http proxy - Could I set up Squid so that POP3 Email [Port 110] Gmail [Port 995 SSL] and Skype can go via Squid? Do I have to use iptables? I running Debian. Thank you Mark
[squid-users] list of squidclient mgr: options
Hello can anyone post list of available squidclient mgr: options available Thanks -- View this message in context: http://www.nabble.com/list-of-squidclient-mgr%3A-options-tp25166454p25166454.html Sent from the Squid - Users mailing list archive at Nabble.com.