[squid-users] Know if squid is running with a web browser
Hi everybody I am looking for information about check the squid service to know if is running. I found this command: #squid -k check but I need the check with a web browser. ¿is there any way to do that check with HTTP? ¿is it possible? Whatever information will be good for me. Thanks -- *Miguel Valencia Zurera **/*SS.TT. / Unidad de Portales **Departamento de Ingeniería y Control de Calidad */*/*Sociedad Andaluza para el Desarrollo de la *//*Sociedad*//* de la informacion S.A.U. */**Avda. de la Arboleda s/n 41940 - Tomares, (Sevilla) Tlf: 955062616/000 Fax: 955 061 019/041 e-mail: ***miguel.valen...@juntadeandalucia.es mailto:miguel.valen...@juntadeandalucia.es* /Este correo electrónico y, en su caso, cualquier fichero anexo al mismo, contiene información de carácter confidencial exclusivamente dirigida a su destinatario o destinatarios. Queda prohibida su divulgación, copia o distribución a terceros sin la previa autorización escrita de Sociedad Andaluza para el Desarrollo de la Sociedad de la Información, S.A.U.. Si no es Ud. el destinatario del mensaje le ruego lo destruya sin hacer copia digital o física, comunicando a Sociedad Andaluza para el Desarrollo de la Sociedad de .U. vía e-mail o fax la recepción del presente mensaje. Toda declaración de voluntad contenida deberá ser tenida por no producida. Gracias. / /The information in this e-mail and in any attachments is confidential and solely for the attention and use of the named address(es). You are hereby notified that any dissemination, distribution or copy of this communication is prohibited without the prior written consent of Sociedad Andaluza para el Desarrollo de la Sociedad de la Información, S.A.U.. If you are not the formal receiver of this message please destroy it without making any digital or physical copy and inform Sociedad Andaluza para el Desarrollo de la Sociedad de .U. , by e-mail or fax, of the reception of the present message. Any whatsoever involuntary declaration contained herewith must be taken as having no legal effect. //Thank you./
[squid-users] Weird statistics from snmp
Hi, I'm monitoring the oids: 1.3.6.1.4.1.3495.1.4.1.3 (cacheHits) and 1.3.6.1.4.1.3495.1.4.1.6 (cacheMisses) For some reason, the first one increases much more than the latter one. I'm watching the access_log, and most of the results are TCP_MISS. So, how must I interpret the fact that I'm seeing over snmp more HITS than MISSES? I must be missing something, but I don't know what. Thanks!
Re: [squid-users] Squid 3.1.12 - Parent Proxy and DNS queries
Amos Jeffries wrote: ... anything resolving to 127.0.0.1 on this host is not necessarily resolving to 127.0.0.1 on any other host (ie the parent proxy) NP: having a DNS server resolve 127.0.0.1 for anything public is very nasty. Hi Amos, Thank you for your help. Meanwhile i did some more testing and found something strange. The test system cannot resolve any internet domains itself so its nameserver uses a forwarder. If i silently drop the DNS request packets through the packet filter, everything works fine. There is no delay on any requests. But, if i just remove the forwarder in DNS, so that every request for external domains result in a NXDOMAIN DNS reply, a request takes about 90 seconds until it's finally processed. The point i don't understand is, why Squid forwards the request without any DNS reply but seems to do some timeout handling if NXDOMAIN is replied? I also checked if there is any communcation between local squid and the parent proxy but there isn't any in the latter test case. Greetings, Matthias
[squid-users] How about location_rewrite in Squid 3.1?
Hi, Is there any detail plan of location_rewrite in Squid 3.1? I need it for IPv6 reverse cache and rewrite location of www.example.com to ipv6.example.com Regards, Liu Ming
[squid-users] Bungled Conf..SSL
Hi I did compile 2.7 from source on debian with --enable-ssl support of course I did install the libssl-dev package for ssl headers first. The thing is that squid wont start it complains about the https_port line being BUNGLED. The error/line is : FATAL: Bungled squid.conf line 7: https_port 443 10.10.11.11:443 cert=/etc/squid/self_certs/exyz.crt key=/etc/squid/self_certs/xyz.key protocol=http accel defaultsite=xyz vhost The relevant configure output is: app02:/usr/src/squid-2.7.STABLE7# cat output | grep ssl checking for openssl/err.h... yes checking for openssl/md5.h... yes checking for openssl/ssl.h... yes checking for openssl/engine.h... yes app02:/usr/src/squid-2.7.STABLE7# cat output | grep SSL SSL gatewaying using OpenSSL enabled Using OpenSSL MD5 implementation I did specifically use --enable-ssl Please advice.
Re: [squid-users] squid NTLM setup question
Andre Albsmeier wrote: On Mon, 21-Sep-2009 at 00:30:46 +1200, Amos Jeffries wrote: Andre Albsmeier wrote: On Sun, 20-Sep-2009 at 00:29:12 +1200, Amos Jeffries wrote: Andre Albsmeier wrote: On Thu, 10-Sep-2009 at 14:55:23 -0400, Navjeet wrote: We have been using squid in our development environment. Squid has been forwarding all the internet bound traffic to a proxy server that did not need any authentication until now. But that has changed now and now we have use another proxy server that uses NTLM based authentication. Now our servers in this development environment only have local users (users logging in are not authenticated Windows AD). Does the Squid NTLM authentication setup still work in this setup? Can the NTLM setup be configured to use specified user (and password hopefully encrypted ) that can be specified in some configuration file. This is needed as many of our applications (Tomcat, ESB etc ) are headless (i mean not just a web browser) and they now need to go thru this new proxy server. If you want something like this: no authNTLM auth clients --- squid - NTLM based proxy --- world I think this is not possible with squid. I worked around this same problem with cntlm using: no authno authNTLM auth clients --- squid --- cntlm - NTLM based proxy --- world cntlm runs on the same machine as squid does. However, I were happy if the cntlm functionality could be brought into squid one day... Your wish is granted ;) Oh, that's good news, thanks! 3.2 will have Kerberos login to cache_peer servers. The code is already committed to the 3.HEAD alpha releases. Now I am confused: You talk about Kerberos, I thought of NTLM (NTLMv2 to be exact). In cntlm I simply enter my NTLMv2 hash and it authenticates happily to its upstream. With Kerberos, I always think about tickets, krb-servers and so on. To be honest, I have never been into Windoze's NTLM stuff a lot (I am just happy it works) neither used Kerberos until now. Sorry. Mea culpa. Been looking at the back-end for too long. Nevermind. Maybe one day I will hack my own NTLMv2 implementation into squid. Shouldn't be too hard... Kerberos is the one Squid is getting. The old NTLM is deprecated by MS, the NTLMv2 will go out with XP before Squid 3.2 is ready for use. So you think it will take 5 years until 3.2 will be ready? :-) Shifted again has it? :) I was thinking XP is scheduled EOL for 2011 nowdays. Maybe wrong. 18 months is our ideal release timeframe. Starting last July when 3.1 was frozen. Amos -- Please be using Current Stable Squid 2.7.STABLE7 or 3.0.STABLE19 Current Beta Squid 3.1.0.13
Re: [squid-users] Bungled Conf..SSL
Ali Jawad wrote: Hi I did compile 2.7 from source on debian with --enable-ssl support of course I did install the libssl-dev package for ssl headers first. The thing is that squid wont start it complains about the https_port line being BUNGLED. The error/line is : FATAL: Bungled squid.conf line 7: https_port 443 10.10.11.11:443 cert=/etc/squid/self_certs/exyz.crt key=/etc/squid/self_certs/xyz.key protocol=http accel defaultsite=xyz vhost The 443 10.10.11.11:443 portion of that error display looks like a wrong config. I think you meant to write http_port 10.10.11.11:443 in the squid.conf there. Amos -- Please be using Current Stable Squid 2.7.STABLE7 or 3.0.STABLE19 Current Beta Squid 3.1.0.13
Re: [squid-users] How about location_rewrite in Squid 3.1?
liu ming wrote: Hi, Is there any detail plan of location_rewrite in Squid 3.1? I need it for IPv6 reverse cache and rewrite location of www.example.com to ipv6.example.com Did you mean storeurl_rewrite? The basic features of 3.1 are frozen for release. location_rewrite (and storeurl_*) is in the list of things we hope to look at still for 3.2. The code has not differed by much yet in 3.1/3.2. If you would like to get someone to do the porting of this feature soonish the patch should be easily applicable to 3.1 as well as acceptable for 3.2 merge. Amos -- Please be using Current Stable Squid 2.7.STABLE7 or 3.0.STABLE19 Current Beta Squid 3.1.0.13
Re: [squid-users] squid NTLM setup question
On Mon, 21-Sep-2009 at 22:58:40 +1200, Amos Jeffries wrote: Andre Albsmeier wrote: On Mon, 21-Sep-2009 at 00:30:46 +1200, Amos Jeffries wrote: Andre Albsmeier wrote: On Sun, 20-Sep-2009 at 00:29:12 +1200, Amos Jeffries wrote: Andre Albsmeier wrote: On Thu, 10-Sep-2009 at 14:55:23 -0400, Navjeet wrote: We have been using squid in our development environment. Squid has been forwarding all the internet bound traffic to a proxy server that did not need any authentication until now. But that has changed now and now we have use another proxy server that uses NTLM based authentication. Now our servers in this development environment only have local users (users logging in are not authenticated Windows AD). Does the Squid NTLM authentication setup still work in this setup? Can the NTLM setup be configured to use specified user (and password hopefully encrypted ) that can be specified in some configuration file. This is needed as many of our applications (Tomcat, ESB etc ) are headless (i mean not just a web browser) and they now need to go thru this new proxy server. If you want something like this: no authNTLM auth clients --- squid - NTLM based proxy --- world I think this is not possible with squid. I worked around this same problem with cntlm using: no authno authNTLM auth clients --- squid --- cntlm - NTLM based proxy --- world cntlm runs on the same machine as squid does. However, I were happy if the cntlm functionality could be brought into squid one day... Your wish is granted ;) Oh, that's good news, thanks! 3.2 will have Kerberos login to cache_peer servers. The code is already committed to the 3.HEAD alpha releases. Now I am confused: You talk about Kerberos, I thought of NTLM (NTLMv2 to be exact). In cntlm I simply enter my NTLMv2 hash and it authenticates happily to its upstream. With Kerberos, I always think about tickets, krb-servers and so on. To be honest, I have never been into Windoze's NTLM stuff a lot (I am just happy it works) neither used Kerberos until now. Sorry. Mea culpa. Been looking at the back-end for too long. Nevermind. Maybe one day I will hack my own NTLMv2 implementation into squid. Shouldn't be too hard... Kerberos is the one Squid is getting. The old NTLM is deprecated by MS, the NTLMv2 will go out with XP before Squid 3.2 is ready for use. So you think it will take 5 years until 3.2 will be ready? :-) Shifted again has it? :) I was thinking XP is scheduled EOL for 2011 No idea, to be honest. I have heard something of an extended support until 2014... -Andre nowdays. Maybe wrong. 18 months is our ideal release timeframe. Starting last July when 3.1 was frozen. Amos -- Please be using Current Stable Squid 2.7.STABLE7 or 3.0.STABLE19 Current Beta Squid 3.1.0.13 -- I think there is a world market for maybe five computers. - Thomas Watson, chairman of IBM, 1943
Re: [squid-users] Weird statistics from snmp
Matias wrote: Hi, I'm monitoring the oids: 1.3.6.1.4.1.3495.1.4.1.3 (cacheHits) and 1.3.6.1.4.1.3495.1.4.1.6 (cacheMisses) For some reason, the first one increases much more than the latter one. I'm watching the access_log, and most of the results are TCP_MISS. So, how must I interpret the fact that I'm seeing over snmp more HITS than MISSES? I must be missing something, but I don't know what. Thanks! What version of Squid? Amos -- Please be using Current Stable Squid 2.7.STABLE7 or 3.0.STABLE19 Current Beta Squid 3.1.0.13
Re: [squid-users] Squid 3.1.12 - Parent Proxy and DNS queries
Silamael wrote: Amos Jeffries wrote: ... anything resolving to 127.0.0.1 on this host is not necessarily resolving to 127.0.0.1 on any other host (ie the parent proxy) NP: having a DNS server resolve 127.0.0.1 for anything public is very nasty. Hi Amos, Thank you for your help. Meanwhile i did some more testing and found something strange. The test system cannot resolve any internet domains itself so its nameserver uses a forwarder. If i silently drop the DNS request packets through the packet filter, everything works fine. There is no delay on any requests. But, if i just remove the forwarder in DNS, so that every request for external domains result in a NXDOMAIN DNS reply, a request takes about 90 seconds until it's finally processed. The point i don't understand is, why Squid forwards the request without any DNS reply but seems to do some timeout handling if NXDOMAIN is replied? I also checked if there is any communcation between local squid and the parent proxy but there isn't any in the latter test case. Greetings, Matthias That seems very strange. Very strange. Squid using internal DNS resolver sends out UDP packets and waits for a reply positive or negative. Using that. The NXDOMAIN results make sense if we assume they come back with some TTL so short Squid needs to run through the DNS timeouts on every request. The silent drop case is a head scratcher of a puzzle. That is the one that should be getting very long timeouts while Squid waits for a reply that will never arrive. Anyway, getting rid of the dst ACL and making sure the peer is configured with an IP address should prevent any DNS lookups. IIRC your config already has the log_fqdn setting turned off. Amos -- Please be using Current Stable Squid 2.7.STABLE7 or 3.0.STABLE19 Current Beta Squid 3.1.0.13
Re: [squid-users] Squid 3.1.12 - Parent Proxy and DNS queries
Amos Jeffries wrote: That seems very strange. Very strange. Squid using internal DNS resolver sends out UDP packets and waits for a reply positive or negative. Using that. The NXDOMAIN results make sense if we assume they come back with some TTL so short Squid needs to run through the DNS timeouts on every request. The silent drop case is a head scratcher of a puzzle. That is the one that should be getting very long timeouts while Squid waits for a reply that will never arrive. Anyway, getting rid of the dst ACL and making sure the peer is configured with an IP address should prevent any DNS lookups. IIRC your config already has the log_fqdn setting turned off. Amos Hello Amos, My last assumption was wrong. It seems that there is some optimization in the kernel so that a silent drop of packets is handled the same as a drop with ICMP packet. Therefore the named replied a lot faster than usual with SERVFAIL. Nevertheless, we're going to remove the dst-ACL which is not needed in this case. Thank you for your help! -- Matthias
[squid-users] SquidNT Authentication Question
Hi, I am currently using SquidNT (Version 2.6.STABLE13) as a local proxy in each of our smaller offices. I authenticate against MS Active Directory using a Global Group. I have noticed that the authentication has a limitation in that the helper seems not to check Group membership recursively, i.e. it will only look at the first result and if that result is a group, it will not check membership of the lower group. I have learned to live with this but changes in our AD policy will require me to make my internet access group a member of a higher group and I should then authenticate to the higher group, that will no work (I hope I'm making sense). I have treid this with 3.0.STABLE13-BZR and it persists. Any way to work around this? Thanks in advance. Jacques Kruger
[squid-users] Re: Weird statistics from snmp
Amos Jeffries wrote: Matias wrote: Hi, I'm monitoring the oids: 1.3.6.1.4.1.3495.1.4.1.3 (cacheHits) and 1.3.6.1.4.1.3495.1.4.1.6 (cacheMisses) For some reason, the first one increases much more than the latter one. I'm watching the access_log, and most of the results are TCP_MISS. So, how must I interpret the fact that I'm seeing over snmp more HITS than MISSES? I must be missing something, but I don't know what. Thanks! What version of Squid? Amos # squid3 -v Squid Cache: Version 3.0.STABLE8 configure options: '--build=x86_64-linux-gnu' '--prefix=/usr' '--includedir=${prefix}/include' '--mandir=${prefix}/share/man' '--infodir=${prefix}/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--libexecdir=${prefix}/lib/squid3' '--disable-maintainer-mode' '--disable-dependency-tracking' '--srcdir=.' '--datadir=/usr/share/squid3' '--sysconfdir=/etc/squid3' '--mandir=/usr/share/man' '--with-cppunit-basedir=/usr' '--enable-inline' '--enable-async-io=8' '--enable-storeio=ufs,aufs,coss,diskd,null' '--enable-removal-policies=lru,heap' '--enable-delay-pools' '--enable-cache-digests' '--enable-underscores' '--enable-icap-client' '--enable-follow-x-forwarded-for' '--enable-auth=basic,digest,ntlm' '--enable-basic-auth-helpers=LDAP,MSNT,NCSA,PAM,SASL,SMB,YP,getpwnam,multi-domain-NTLM' '--enable-ntlm-auth-helpers=SMB' '--enable-digest-auth-helpers=ldap,password' '--enable-external-acl-helpers=ip_user,ldap_group,session,unix_group,wbinfo_group' '--with-filedescriptors=65536' '--with-default-user=proxy' '--enable-epoll' '--enable-linux-netfilter' 'build_alias=x86_64-linux-gnu' 'CC=cc' 'CFLAGS=-g -O2 -g -Wall -O2' 'LDFLAGS=' 'CPPFLAGS=' 'CXX=g++' 'CXXFLAGS=-g -O2 -g -Wall -O2' 'FFLAGS=-g -O2'
[squid-users] squid pause for 10 minutes
Hi, all i installed squid 2.7 on ubuntu server 9.04, with aptitude command. after configuring the configuration file and trying to start it. squid could use to be cache for half an hour after that it pause about 10 minutes, so no one could browse the internet after 10 minutes squid can work again but after half an hour period it happened again i checked all logs (syslog, squid's log and dmesg) no error about that situation i also checked the process there are squid's processes please help about this situation thank you
[squid-users] squid 3.0
Hi, I am using squid2.6.STABLE6-3.el5 on RHEL5.0, want to update with squid-3.0.STABLE9. could you guide me how to do that. 1. Shoudl i remove squid2.6 first and then install squid3.0. ? 2. Or should install squid3.0 w/o remove squid2.6. ? 3. Can i have both? 4. Is there any other best alternate. squid2.6 is working fince but facing problem to connecting FTP sites on IE7 and authentication with Active Directory. Thanks, Vikas
[squid-users] Squid 3 upgrade_http0.9 option
Hi all, I've noticed that the option upgrade_http0.9 doesn't exist for squid 3 but does in squid 2.7. I had brief look at http://wiki.squid-cache.org/RoadMap/Squid3 and couldn't see it mentioned anywhere. Is there any plan to support this option in squid 3? Cheers, -- Michael Graham mgra...@bloxx.com
Re: [squid-users] squid 3.0
Em 21-09-2009 14:04, vikas rawat escreveu: Hi, I am using squid2.6.STABLE6-3.el5 on RHEL5.0, want to update with squid-3.0.STABLE9. could you guide me how to do that. 1. Shoudl i remove squid2.6 first and then install squid3.0. ? 2. Or should install squid3.0 w/o remove squid2.6. ? 3. Can i have both? 4. Is there any other best alternate. squid2.6 is working fince but facing problem to connecting FTP sites on IE7 and authentication with Active Directory. Thanks, Vikas 1. Not really. You can install squid3.0 in another directory (not in /usr/bin) and keep squid2.6... 2. You decide... 3. Yes, you can.
RE: [squid-users] How to tell if request is cached
Anyone could answer this question??? I need the same to complete a script job, thanks Jhon -Mensaje original- De: news [mailto:n...@ger.gmane.org] En nombre de Matias Enviado el: Jueves, 17 de Septiembre de 2009 03:18 a.m. Para: squid-users@squid-cache.org Asunto: [squid-users] How to tell if request is cached Hi! How can I tell by reading the log files if a certain request is returned to the browser from cache or from the internet? Thanks! Teleperformance values: Integrity - Respect - Professionalism - Innovation - Commitment The information contained in this communication is privileged and confidential. The content is intended only for the use of the individual or entity named above. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify me immediately by telephone or e-mail, and delete this message from your systems. Please consider the environmental impact of needlessly printing this e-mail.
[squid-users] not caching enough
I got this 1TB drive and mounted it as /cache. I want to cache everything and anything and keep it until it is outdated. Webmin | Servers | squid | Cache has cache directories set to /cache and Size (MB) set to 50 (the rest set to default) administra...@ahspx01:~$ df -h FilesystemSize Used Avail Use% Mounted on /dev/sda1 72G 1.2G 67G 2% / varrun2.5G 184K 2.5G 1% /var/run varlock 2.5G 0 2.5G 0% /var/lock udev 2.5G 40K 2.5G 1% /dev devshm2.5G 0 2.5G 0% /dev/shm /dev/sdb1 917G 1.1G 870G 1% /cache administra...@ahspx01:~$ ls -l /cache total 5220 drwxr-x--- 258 proxy proxy4096 2009-07-15 14:11 00 drwxr-x--- 258 proxy proxy4096 2009-07-15 14:11 01 drwxr-x--- 258 proxy proxy4096 2009-07-15 14:11 02 drwxr-x--- 258 proxy proxy4096 2009-07-15 14:11 03 drwxr-x--- 258 proxy proxy4096 2009-07-15 14:11 04 drwxr-x--- 258 proxy proxy4096 2009-07-15 14:11 05 drwxr-x--- 258 proxy proxy4096 2009-07-15 14:11 06 drwxr-x--- 258 proxy proxy4096 2009-07-15 14:11 07 drwxr-x--- 258 proxy proxy4096 2009-07-15 14:11 08 drwxr-x--- 258 proxy proxy4096 2009-07-15 14:11 09 drwxr-x--- 258 proxy proxy4096 2009-07-15 14:11 0A drwxr-x--- 258 proxy proxy4096 2009-07-15 14:11 0B drwxr-x--- 258 proxy proxy4096 2009-07-15 14:11 0C drwxr-x--- 258 proxy proxy4096 2009-07-15 14:11 0D drwxr-x--- 258 proxy proxy4096 2009-07-15 14:11 0E drwxr-x--- 258 proxy proxy4096 2009-07-15 14:11 0F drwxr-x--- 2 proxy proxy 16384 2009-07-15 11:01 lost+found -rw-r- 1 proxy proxy 5247120 2009-09-21 14:32 swap.state -rw-r- 1 proxy proxy 0 2009-09-21 06:30 swap.state.last-clean There is currently about 100 computers using this cache proxy. I intend to add another 200. I can use sarg and get reports showing that websites are being cached, so it is working. But it just doesn't seem to be caching enough. Are there file types that are not getting cached that I can turn on? Why wont this cache fill up? -- View this message in context: http://www.nabble.com/not-caching-enough-tp25530445p25530445.html Sent from the Squid - Users mailing list archive at Nabble.com.
[squid-users] How to restrict access to designated client IP address blocks in Squid configuration?
Using Squid as a reverse cache proxy, need to give access only to clients whose IP addresses are from particular netblocks: acl service dstdomain .foo.com acl clients src 123.45.67.89/255.255.255.128 http_access deny service all http_access allow service clients What may be the possible reason that clients with IP addresses not from that netblock can still access the service?
[squid-users] Re: How to restrict access to designated client IP address blocks in Squid configuration?
mån 2009-09-21 klockan 13:54 -0700 skrev Guy Bashkansky: Using Squid as a reverse cache proxy, need to give access only to clients whose IP addresses are from particular netblocks: acl service dstdomain .foo.com acl clients src 123.45.67.89/255.255.255.128 http_access deny service all http_access allow service clients What may be the possible reason that clients with IP addresses not from that netblock can still access the service? The above would deny everyone access. http_access is read top-down and the first matching rule is used. Any rules following that is ignored. Probably you have other http_access rules above allowing access.. Regards Henrik
[squid-users] queue overload?
Hi all, using squid 3.0stable18 I got this: 2009/09/21 13:37:32| externalAclLookup: 'plUser' queue overload (ch=0x18c3b78) FATAL: Received Segment Violation...dying. plUser is an external ACL witht his definition. external_acl_type plUser children=64 ttl=900 %SRC %LOGIN /etc/squid/ip-user- helper.pl -H 127.0.0.1 -M red -T 900 -D cn=Manager,o=XXX -B o=SAT -w acl plU external plUser I'm pretty sure this acl works, it has been working since october 2008, how ever load on server is higher. I wonder if I got a new bug. TIA LD
RE: [squid-users] Windows update through the proxy
Just to complete this information, the URL you sent me help me to get access to the windows update. Just to complete the information I add a parameter into the windows xp computers: This information just apply to Windows XP computers: C:\proxycfg /? Herramienta predeterminada de configuración del proxy WinHTTP de Microsoft (R) Copyright (c) Microsoft Corporation. Reservados todos los derechos. uso: proxycfg -? : para ver la documentación de ayuda proxycfg : para ver la configuración actual del proxy WinHTTP proxycfg [-d] [-p nombreservidor [lista de omisión]] -d : establecer acceso directo -p : establecer servidor(es) y lista de omisión opcional proxycfg -u : importar configuración del proxy de la configuración manual de Microsoft Internet Explorer del usuario actual (en HKCU) I used the proxycfg -u option to download the proxy configuration from the browser to the windows update configuration, this help me to download the windows update files. The command needs to be run through the CMD command line. Now I just looking for the same command for windows 2000 and windows vista to complete downloading the windows update to the computers. This command is in the windows system, you dont need to add any program into the computer, this is part of the windows xp system. Thanks to all for your help. Jhon -Mensaje original- De: Jeff Pang [mailto:pa...@arcor.de] Enviado el: Jueves, 17 de Septiembre de 2009 10:19 p.m. Para: Juan Cardoza CC: squid-users@squid-cache.org Asunto: Re: [squid-users] Windows update through the proxy 2009/9/18 Juan Cardoza jcard...@tpmex.com: Does anyone know how to get Access to the windows update through the proxy. Is there a way to configure the proxy into the windows update or into the proxy to download the update files. see: http://wiki.squid-cache.org/SquidFaq/WindowsUpdate Teleperformance values: Integrity - Respect - Professionalism - Innovation - Commitment The information contained in this communication is privileged and confidential. The content is intended only for the use of the individual or entity named above. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify me immediately by telephone or e-mail, and delete this message from your systems. Please consider the environmental impact of needlessly printing this e-mail.
[squid-users] squid_kerb_auth.... Key Version number?
Hi list, does anybody know what to do againg different key version numbers using squid_kerb_auth? I created HTTP.keytab from the msktutil and works great. In fact in this domain where squid lives this internet explorers has no problem using squid_kerb_auth. On other domains I get Unspecified GSS failure. Minor code may provide more information. Key version number for principal in key table is incorrect Via klist -ke and kvno HTTP/fqdn I am able to can compare these keys and they differ. kinit -R doesn't work...: KDC can't fulfill requested option while renewing credentials Can anybody shine me a light? Thanks you very much. Andrew
Re: [squid-users] How about location_rewrite in Squid 3.1?
mån 2009-09-21 klockan 17:07 +0800 skrev liu ming: Is there any detail plan of location_rewrite in Squid 3.1? I need it for IPv6 reverse cache and rewrite location of www.example.com to ipv6.example.com I am not aware of anyone working on porting that directive no. Regards Henrik
Re: [squid-users] Squid 3.1.12 - Parent Proxy and DNS queries
mån 2009-09-21 klockan 10:49 +0200 skrev Silamael: The point i don't understand is, why Squid forwards the request without any DNS reply but seems to do some timeout handling if NXDOMAIN is replied? Probably you get a retransmission to another DNS server that answers when you block traffic to the one who responds with NXDOMAIN. When Squid gets NXDOMAIN back it starts using the domain search path, which involves additional DNS queries trying to search for the requested host. Regards Henrik
Re: [squid-users] Squid 3 upgrade_http0.9 option
mån 2009-09-21 klockan 14:14 +0100 skrev Michael Graham: Hi all, I've noticed that the option upgrade_http0.9 doesn't exist for squid 3 but does in squid 2.7. I had brief look at http://wiki.squid-cache.org/RoadMap/Squid3 and couldn't see it mentioned anywhere. Is there any plan to support this option in squid 3? Hmm.. I thought that had already been done.. Should be pretty simple to do. The squid-2 patch is here if someone is interested in attempting to port this: http://www.squid-cache.org/Versions/v2/2.7/changesets/12378.patch with a trivial correction in http://www.squid-cache.org/Versions/v2/HEAD/changesets/12420.patch Regards Henrik
[squid-users] negative_ttl
Hi, I am seeing a behavior with the negative_ttl option and I would like to get confirmation on its behavior. I am using 2.7.Stable6 I am having an issue with a content provider that is setting the max_age=604800 on 503 error pages and so their 503 error pages are getting cached for the length expire time. I know that the content provider should correct this and I have communicated that to them several times but it gets fixed and then it gets set again..ugh!! So everyone saying SQUID has a bug or broke.. I have set the negative_ttl 0 in hopes that the negatively cached pages doesn't get cached at all not even for the default 5 min. This works for pages that don't have max_age values or very low ones.. I just want to confirm that this is the expected behavior for negative_ttl. If so I think my next course of action in the 2.7 build line is to use and acl with deny on http status values? If anyone has done this and would like to share what they did or can point me to some docs or something similar I would appreciate that. I know 3.1 have the ability to do what I need but I am not ready to roll that out to production yet. Thanks, Quinguin
Re: [squid-users] Weird statistics from snmp
mån 2009-09-21 klockan 10:27 +0200 skrev Matias: Hi, I'm monitoring the oids: 1.3.6.1.4.1.3495.1.4.1.3 (cacheHits) and 1.3.6.1.4.1.3495.1.4.1.6 (cacheMisses) Those two are squid.cacheNetwork.cacheIpCache.cacheIpHits and squid.cacheNetwork.cacheIpCache.cacheIpMisses What you are looking for are squid.cachePerf.cacheProtoStats.cacheProtoAggregateStats.cacheHttpHits .1.3.6.1.4.1.3495.1.3.2.1.2 and squid.cachePerf.cacheProtoStats.cacheProtoAggregateStats.cacheProtoClientHttpRequests .1.3.6.1.4.1.3495.1.3.2.1.1 there is no SNMP variable for the number of misses, but you can calculate it by substracting the hits from reqeusts. For some reason, the first one increases much more than the latter one. I'm watching the access_log, and most of the results are TCP_MISS. It should. You are looking into the IP cache where Squid internally caches DNS lookups. Regards Henrik
Re: [squid-users] not caching enough
ant2ne wrote: I got this 1TB drive and mounted it as /cache. I want to cache everything and anything and keep it until it is outdated. Webmin | Servers | squid | Cache has cache directories set to /cache and Size (MB) set to 50 (the rest set to default) First read http://wiki.squid-cache.org/SquidFaq/SquidMemory. If you insist on trying to fill a 500GB cache, have a look at http://www.squid-cache.org/Doc/config/maximum_object_size/ administra...@ahspx01:~$ df -h FilesystemSize Used Avail Use% Mounted on /dev/sda1 72G 1.2G 67G 2% / varrun2.5G 184K 2.5G 1% /var/run varlock 2.5G 0 2.5G 0% /var/lock udev 2.5G 40K 2.5G 1% /dev devshm2.5G 0 2.5G 0% /dev/shm /dev/sdb1 917G 1.1G 870G 1% /cache administra...@ahspx01:~$ ls -l /cache total 5220 drwxr-x--- 258 proxy proxy4096 2009-07-15 14:11 00 drwxr-x--- 258 proxy proxy4096 2009-07-15 14:11 01 drwxr-x--- 258 proxy proxy4096 2009-07-15 14:11 02 drwxr-x--- 258 proxy proxy4096 2009-07-15 14:11 03 drwxr-x--- 258 proxy proxy4096 2009-07-15 14:11 04 drwxr-x--- 258 proxy proxy4096 2009-07-15 14:11 05 drwxr-x--- 258 proxy proxy4096 2009-07-15 14:11 06 drwxr-x--- 258 proxy proxy4096 2009-07-15 14:11 07 drwxr-x--- 258 proxy proxy4096 2009-07-15 14:11 08 drwxr-x--- 258 proxy proxy4096 2009-07-15 14:11 09 drwxr-x--- 258 proxy proxy4096 2009-07-15 14:11 0A drwxr-x--- 258 proxy proxy4096 2009-07-15 14:11 0B drwxr-x--- 258 proxy proxy4096 2009-07-15 14:11 0C drwxr-x--- 258 proxy proxy4096 2009-07-15 14:11 0D drwxr-x--- 258 proxy proxy4096 2009-07-15 14:11 0E drwxr-x--- 258 proxy proxy4096 2009-07-15 14:11 0F drwxr-x--- 2 proxy proxy 16384 2009-07-15 11:01 lost+found -rw-r- 1 proxy proxy 5247120 2009-09-21 14:32 swap.state -rw-r- 1 proxy proxy 0 2009-09-21 06:30 swap.state.last-clean There is currently about 100 computers using this cache proxy. I intend to add another 200. I can use sarg and get reports showing that websites are being cached, so it is working. But it just doesn't seem to be caching enough. Are there file types that are not getting cached that I can turn on? Why wont this cache fill up? Chris
Re: [squid-users] negative_ttl
Quin Guin wrote: Hi, I am seeing a behavior with the negative_ttl option and I would like to get confirmation on its behavior. I am using 2.7.Stable6 I am having an issue with a content provider that is setting the max_age=604800 on 503 error pages and so their 503 error pages are getting cached for the length expire time. If it's just 503's you are having trouble with... acl HTTPStatus503 http_status 503 cache deny HTTPStatus503 ...will deny caching of any response with a 503 code. Fine tune it with an additional dstdomain acl as needed. I know that the content provider should correct this and I have communicated that to them several times but it gets fixed and then it gets set again..ugh!! So everyone saying SQUID has a bug or broke.. I have set the negative_ttl 0 in hopes that the negatively cached pages doesn't get cached at all not even for the default 5 min. This works for pages that don't have max_age values or very low ones.. I just want to confirm that this is the expected behavior for negative_ttl. If so I think my next course of action in the 2.7 build line is to use and acl with deny on http status values? If anyone has done this and would like to share what they did or can point me to some docs or something similar I would appreciate that. I know 3.1 have the ability to do what I need but I am not ready to roll that out to production yet. Thanks, Quinguin Chris
Re: [squid-users] Squid 3 upgrade_http0.9 option
On Mon, 21 Sep 2009 14:14:08 +0100, Michael Graham mgra...@bloxx.com wrote: Hi all, I've noticed that the option upgrade_http0.9 doesn't exist for squid 3 but does in squid 2.7. I had brief look at http://wiki.squid-cache.org/RoadMap/Squid3 and couldn't see it mentioned anywhere. Is there any plan to support this option in squid 3? The feature itself is on the regression since 2.7 list, planned for porting to 3.2 if anyone is able to find the right way to do it. The 3.x code is significantly different in those areas. I don't have time to work on it immediately but have some plans for 3.x so hopefully we can drop the config option and make Squid cope with the broken ShoutCast reply traffic. If anyone wants to give it a go please contact me about the changes required. Amos
Re: [squid-users] negative_ttl
On Mon, 21 Sep 2009 17:12:44 -0800, Chris Robertson crobert...@gci.net wrote: Quin Guin wrote: Hi, I am seeing a behavior with the negative_ttl option and I would like to get confirmation on its behavior. I am using 2.7.Stable6 I am having an issue with a content provider that is setting the max_age=604800 on 503 error pages and so their 503 error pages are getting cached for the length expire time. If it's just 503's you are having trouble with... acl HTTPStatus503 http_status 503 cache deny HTTPStatus503 ...will deny caching of any response with a 503 code. Fine tune it with an additional dstdomain acl as needed. I know that the content provider should correct this and I have communicated that to them several times but it gets fixed and then it gets set again..ugh!! So everyone saying SQUID has a bug or broke.. Set again? (a) you mean the provider is undoing their max-age fix? or (b) that the pages coming out of squid have it set that way despite the provider being correctly set at the time? (b) is a Squid problem, probably resolved by purging the relevant URLs from cache after the provider fix happens. 2.7 does not contain bug #7 so should self-correct when that week is over. (a) does seem to be a issue somewhere between the provider web Server and Squid. It may be the provider themselves, or a cache between you two. /personal opinion:: Specifying that temporary (possibly from only a single request) network failures should be reported to all visitors for a week after they occur is very excessive. IMHO the caching timeouts of 5xx should be in the order of minutes, 4xx possibly hours. Not days or weeks for either. I have set the negative_ttl 0 in hopes that the negatively cached pages doesn't get cached at all not even for the default 5 min. This works for pages that don't have max_age values or very low ones.. I just want to confirm that this is the expected behavior for negative_ttl. This will not impact on your problem, but ... you should have that anyway. Setting it to zero disables Squids forced minimum caching time, leaving squid to follow the correct RFC-compliant behavior. Which is defined by the 4xx/5xx reply Expires: and Cache-Control: headers received, or to discard immediately if they send none. I thought 2.7 had the correct max-age handling. I suspect there may be another header or CC: value sent which impacts on the caching. 2.7.STABLE7 has a fix for re-prioritizing the stale-* CC: value, and Expires: header being present has priority over max-age. Chris Robertsons solution will get you around the problem providers headers. If so I think my next course of action in the 2.7 build line is to use and acl with deny on http status values? If anyone has done this and would like to share what they did or can point me to some docs or something similar I would appreciate that. I know 3.1 have the ability to do what I need but I am not ready to roll that out to production yet. Thanks, Quinguin Chris Amos
Re: [squid-users] not caching enough
On Mon, 21 Sep 2009 17:07:27 -0800, Chris Robertson crobert...@gci.net wrote: ant2ne wrote: I got this 1TB drive and mounted it as /cache. I want to cache everything and anything and keep it until it is outdated. Webmin | Servers | squid | Cache has cache directories set to /cache and Size (MB) set to 50 (the rest set to default) I suggest you also check the options on your cache_dir line. Ensuring that a fast filesystem mechanism (AUFS, COSS or diskd) is being used. And that the L1/L2 values (default 16 256) are set large enough to cope with 500GB, ie 256 256. First read http://wiki.squid-cache.org/SquidFaq/SquidMemory. If you insist on trying to fill a 500GB cache, have a look at http://www.squid-cache.org/Doc/config/maximum_object_size/ I would also point you in the direction of: http://wiki.squid-cache.org/ConfigExamples/DynamicContent ... which should make a fair few more requests cacheable. You can also use refresh_pattern to extend the time objects without expiry information are stored in cache (but please stay away from the override-* options unless you need them to solve particular file problem, they make your cache disobey HTTP protocol requirements). Amos snip There is currently about 100 computers using this cache proxy. I intend to add another 200. I can use sarg and get reports showing that websites are being cached, so it is working. But it just doesn't seem to be caching enough. Are there file types that are not getting cached that I can turn on? Why wont this cache fill up? Chris Amos
Re: [squid-users] Squid 3 upgrade_http0.9 option
On Tue, 22 Sep 2009 01:49:11 +0200, Henrik Nordstrom hen...@henriknordstrom.net wrote: mån 2009-09-21 klockan 14:14 +0100 skrev Michael Graham: Hi all, I've noticed that the option upgrade_http0.9 doesn't exist for squid 3 but does in squid 2.7. I had brief look at http://wiki.squid-cache.org/RoadMap/Squid3 and couldn't see it mentioned anywhere. Is there any plan to support this option in squid 3? Hmm.. I thought that had already been done.. Should be pretty simple to do. The squid-2 patch is here if someone is interested in attempting to port this: http://www.squid-cache.org/Versions/v2/2.7/changesets/12378.patch with a trivial correction in http://www.squid-cache.org/Versions/v2/HEAD/changesets/12420.patch I gave it a try but got stuck at finding point in 3.x where the headers were upgrade-changed. Seems to be a bit dispersed in 3.x. Amos
Re: [squid-users] squid 3.0
Hi, thanks, if i have both squid2.6 and squid3.0 than which would run. I mean when i will give (service squid start) which version of squid run. if i want to run squid3.0 what specific command to be fire. vikas On Mon, Sep 21, 2009 at 11:01 PM, Jefferson Diego jeffersondie...@hotmail.com wrote: Em 21-09-2009 14:04, vikas rawat escreveu: Hi, I am using squid2.6.STABLE6-3.el5 on RHEL5.0, want to update with squid-3.0.STABLE9. could you guide me how to do that. 1. Shoudl i remove squid2.6 first and then install squid3.0. ? 2. Or should install squid3.0 w/o remove squid2.6. ? 3. Can i have both? 4. Is there any other best alternate. squid2.6 is working fince but facing problem to connecting FTP sites on IE7 and authentication with Active Directory. Thanks, Vikas 1. Not really. You can install squid3.0 in another directory (not in /usr/bin) and keep squid2.6... 2. You decide... 3. Yes, you can.
Re: [squid-users] squid 3.0
On Tue, 22 Sep 2009 09:31:52 +0530, vikas rawat rawat.vi...@gmail.com wrote: Hi, thanks, if i have both squid2.6 and squid3.0 than which would run. I mean when i will give (service squid start) which version of squid run. if i want to run squid3.0 what specific command to be fire. Whatever directory path and binary name you installed Squid-3.0 as. Also please if you are upgrading, go to the highest version (currently stable 19) available of the release being upgraded to. 3.0 has major security bugs all the way up to STABLE 18. And some big NTLM helper issues you may hit in anything older than 3.0.STABLE19. Amos vikas On Mon, Sep 21, 2009 at 11:01 PM, Jefferson Diego jeffersondie...@hotmail.com wrote: Em 21-09-2009 14:04, vikas rawat escreveu: Hi, I am using squid2.6.STABLE6-3.el5 on RHEL5.0, want to update with squid-3.0.STABLE9. could you guide me how to do that. 1. Shoudl i remove squid2.6 first and then install squid3.0. ? 2. Or should install squid3.0 w/o remove squid2.6. ? 3. Can i have both? 4. Is there any other best alternate. squid2.6 is working fince but facing problem to connecting FTP sites on IE7 and authentication with Active Directory. Thanks, Vikas 1. Not really. You can install squid3.0 in another directory (not in /usr/bin) and keep squid2.6... 2. You decide... 3. Yes, you can.
Re: [squid-users] Re: Weird statistics from snmp
On Mon, 21 Sep 2009 16:06:22 +0200, Matias matiassu...@gmail.com wrote: Amos Jeffries wrote: Matias wrote: Hi, I'm monitoring the oids: 1.3.6.1.4.1.3495.1.4.1.3 (cacheHits) and 1.3.6.1.4.1.3495.1.4.1.6 (cacheMisses) For some reason, the first one increases much more than the latter one. I'm watching the access_log, and most of the results are TCP_MISS. So, how must I interpret the fact that I'm seeing over snmp more HITS than MISSES? I must be missing something, but I don't know what. Thanks! What version of Squid? Amos # squid3 -v Squid Cache: Version 3.0.STABLE8 Um, okay... ... from the MIB.txt for 3.0 the OID *.3495.1.4.1 appears to be IP cache. Which makes *.6 misses mean a remote DNS lookup performed and *.3 hit a DNS record stored from previous lookup. From the 3.0 mib.txt the HTTP stats are at OID *.3495.1.3.2.1.2 (TCP_HIT / TCP_*_HIT). Misses are not reported, but total HTTP requests (*.3495.1.3.2.1.1) and errors (*.3495.1.3.2.1.3) are. Amos
Re: [squid-users] SquidNT Authentication Question
On Mon, 21 Sep 2009 15:56:42 +0200, Jacques Kruger \(DHL NA\) jacques.kru...@dhl.com wrote: Hi, I am currently using SquidNT (Version 2.6.STABLE13) as a local proxy in Side note; The old project 'SquidNT' is no longer existing. The current official Squid windows port is termed 'Squid for Windows' available only from Acme Consulting Ltd (http://squid.acmeconsulting.it/) and possibly soon the main squid-cache.org website. There are some copyright violators known using the old experimental project name to advertise an altered and dubious version of the Squid binary for profit. Please check you have the official Squid for windows software and kindly please assist us undermining the copyright violators by updating your terminology about Squid to the new name. Thank you. each of our smaller offices. I authenticate against MS Active Directory using a Global Group. I have noticed that the authentication has a limitation in that the helper seems not to check Group membership recursively, i.e. it will only look at the first result and if that result is a group, it will not check membership of the lower group. I have learned to live with this but changes in our AD policy will require me to make my internet access group a member of a higher group and I should then authenticate to the higher group, that will no work (I hope I'm making sense). I have treid this with 3.0.STABLE13-BZR and it persists. Any way to work around this? The new version of mswin_check_ad_group helper provided with 2.7.STABLE7 and later appears to have nested group support you are wanting. It should be available from Acme soon if not already. Amos
RE: [squid-users] Windows update through the proxy
On Mon, 21 Sep 2009 17:27:34 -0500, Juan Cardoza jcard...@tpmex.com wrote: Just to complete this information, the URL you sent me help me to get access to the windows update. Just to complete the information I add a parameter into the windows xp computers: This information just apply to Windows XP computers: C:\proxycfg /? Herramienta predeterminada de configuración del proxy WinHTTP de Microsoft (R) Copyright (c) Microsoft Corporation. Reservados todos los derechos. uso: proxycfg -? : para ver la documentación de ayuda proxycfg : para ver la configuración actual del proxy WinHTTP proxycfg [-d] [-p nombreservidor [lista de omisión]] -d : establecer acceso directo -p : establecer servidor(es) y lista de omisión opcional proxycfg -u : importar configuración del proxy de la configuración manual de Microsoft Internet Explorer del usuario actual (en HKCU) I used the proxycfg -u option to download the proxy configuration from the browser to the windows update configuration, this help me to download the windows update files. The command needs to be run through the CMD command line. Now I just looking for the same command for windows 2000 and windows vista to complete downloading the windows update to the computers. This command is in the windows system, you dont need to add any program into the computer, this is part of the windows xp system. Thanks to all for your help. Jhon Aha, thank you for pointing this out. The FAQ did have an entry for that info already, but it was not in the expected place. Fixed now. Amos -Mensaje original- De: Jeff Pang [mailto:pa...@arcor.de] Enviado el: Jueves, 17 de Septiembre de 2009 10:19 p.m. Para: Juan Cardoza CC: squid-users@squid-cache.org Asunto: Re: [squid-users] Windows update through the proxy 2009/9/18 Juan Cardoza jcard...@tpmex.com: Does anyone know how to get Access to the windows update through the proxy. Is there a way to configure the proxy into the windows update or into the proxy to download the update files. see: http://wiki.squid-cache.org/SquidFaq/WindowsUpdate Teleperformance values: Integrity - Respect - Professionalism - Innovation - Commitment The information contained in this communication is privileged and confidential. The content is intended only for the use of the individual or entity named above. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify me immediately by telephone or e-mail, and delete this message from your systems. Please consider the environmental impact of needlessly printing this e-mail.
[squid-users] Windows auto-login helper application?
I need some help with setting up a fairly secure, easy to use method of authenticating users of Windows XP with squid, that: * doesn't require the users to remember a name and password to use the proxy, and does an auto-login so I can identify the user in the proxy access logs * uses password encryption to prevent sniffing of passwords on the network It does not look like NTLM authentication will work because apparently that requires Windows to be joined to a domain before Windows will use that method. None of the computers are in a domain, and they can't be since this is a Novell network. For the life o' me, I cannot figure out how to get the LDAP-auth to connect to do a Novell eDir/NDS LDAP user lookup. Most searched discussions regarding this are incomplete, usually ending with someone saying Oh I figured it out myself and they never post what they did. I know our LDAP server works since I can login to it using a generic LDAP browser. , At this point I would be happy with sticking a small program in each user's Windows roaming profile account that loads when they login and does the authentication for them, whenever they try to use the proxy. There is apparently no formal name for doing this sort of user-login though so I can't search for examples of anyone doing it since I don't know what to call it. Maybe: Windows helper application squid authentication? , Actually this is how Novell's aging BorderManager proxy does it, using a program called the Client Trust that sits in the taskbar and talks to the proxy to authorize the user. It interfaces with the Novell client to get the user's credentials. I am not expecting or looking for anything this extravagant that also can talk to the Novell Client. I would be fine with a taskbar/background helper that just uses a simple hashed config file in the user's account to authenticate them with squid. (BorderManager is being retired by Novell next year and so I can't expect or rely on the Client Trust authenticator to continue to be available. And besides it is made only for BorderManager, and doesn't work with other proxies like squid..) , Dale Mahalko
[squid-users] Disable file upload
Hi All Need to disable file upload with gmail how can I do this? acl fileupload req_mime_type -i ^multipart/form-data$ # Only allow cachemgr access from localhost http_access allow manager localhost http_access allow localhost PURGE http_access deny manager http_access deny fileupload the above acl is not working. Could someone help me? //Remy -- Disclaimer and Confidentiality This material has been checked for computer viruses and although none has been found, we cannot guarantee that it is completely free from such problems and do not accept any liability for loss or damage which may be caused. Please therefore check any attachments for viruses before using them on your own equipment. If you do find a computer virus please inform us immediately so that we may take appropriate action. This communication is intended solely for the addressee and is confidential. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. The views expressed in this message are those of the individual sender, and may not necessarily be that of ISA.
Re: [squid-users] Squid 3 upgrade_http0.9 option
tis 2009-09-22 klockan 15:39 +1200 skrev Amos Jeffries: I gave it a try but got stuck at finding point in 3.x where the headers were upgrade-changed. Seems to be a bit dispersed in 3.x. That's why I gave the patch as reference... What it is doing is skipping to produce the headers if the reply was 1.0 and the acl matches. The headers are still generated internally as it should, we just skip sending them under selected conditions. Regards Henrik