Re: [squid-users] Mailing-list admins: can we set up reply-to?

2009-11-19 Thread Robert Collins 
On Fri, 2009-11-20 at 18:26 +1100, Tim Bates wrote:
> 
> Here's a question: Would Reply-To being set prevent people who post 
> getting a flood of "user not found" bounces back?

It would cause them to come to the list.

-Rob


signature.asc
Description: This is a digitally signed message part

[squid-users] Problem downloading ZIP file with Squid-3.0

2009-11-19 Thread Divan Booyens 
Hi, 

I have upgraded my Linux CentOS 4.6 squid proxy servers from
Squid-2.6.STABLE6-4 to Squid-3.0.STABLE16-2. Since then I can not
download a certian ZIP file on the Oracle webserver ,my web browers just
hangs the whole time. I can however download large ZIP files from other
websites.  
I dont see any errors in the squid logs or on my firewall.
When I remove squid from the server and I install Squid-2.6.STABLE6-4 it
can download the file again.
 
Could it be that the webserver is not compatible with ver3 of squid or
is there a certain setting in the config that I need to change.

Any ideas on what might cause this ?

Thanks

Divan Booyens

Re: [squid-users] Mailing-list admins: can we set up reply-to?

2009-11-19 Thread Tim Bates 
Here's a question: Would Reply-To being set prevent people who post 
getting a flood of "user not found" bounces back?


When I posted my thoughts earlier, I got about 6 messages telling me 
users were not found or user rejected the message. Why should I care if 
someone is still subscribed to the list when they've moved email address?


TB

Re: [squid-users] Mailing-list admins: can we set up reply-to?

2009-11-19 Thread Babu Chaliyath 
> Ack. Just because I did not voice an opinion does not mean that I agree
> with the current practice.  It is more of not wanting to send "me too"
> emails to the list.
>
> I believe sending replies to the list is the norm and personal replies
> is the exception.  And email headers should reflect that, i.e. Reply-To:
> squid-users@squid-cache.org should be in the list email headers.
>
> --
> Eray
>

I am for it as it would be very convenient when we use we based mail
services like gmail etc


Regards
Babs

Re: [squid-users] Mailing-list admins: can we set up reply-to?

2009-11-19 Thread Eray Aslan 
On 20.11.2009 04:23, Brian Mearns wrote:
[...]
> It would be N-4, actually, but I get your point. My point was that
> there are 4 people (including myself) who have voiced their opinion in
> support of my suggestion, 2 who have opposed it, and 2 who have joined
> the conversation without expressing support or opposition (please
> confirm that, I think I counted correctly). No, this doesn't offer
> much of a cross section of the group, but without polling the list,
> there's not much of hope of getting one.

Ack. Just because I did not voice an opinion does not mean that I agree
with the current practice.  It is more of not wanting to send "me too"
emails to the list.

I believe sending replies to the list is the norm and personal replies
is the exception.  And email headers should reflect that, i.e. Reply-To:
squid-users@squid-cache.org should be in the list email headers.

-- 
Eray

Re: [squid-users] Mailing-list admins: can we set up reply-to?

2009-11-19 Thread ghe 

On Nov 19, 2009, at 8:25 PM, Henrik Nordstrom wrote:

> fre 2009-11-13 klockan 11:44 -0500 skrev Brian Mearns:
>> Would it be possible for the admins of this mailing list to setup the
>> Reply-to header so hitting reply goes back to the mailing list? I
>> don't know how many times I've sent responses directly back to the
>> sender because I just started typing the response.
> 
> No, because reply-to is even more harmful, causing responses which were
> intended private to go to the list, and makes it very very hard to
> respond privately with a standards conforming mail agent.
> 
> The list server do set internet standard list headers, so if you have a
> mail client which knows about mailing lists then you get a "Reply to
> list" alternative.

There's been a huge 'discussion' of this subject over on the Debian list. The 
loudest replies all seemed to say, "Use mutt!" 

So I had procmail look for an X-List or equivalent and add a Reply-To header 
(my clients don't do Reply-To-List). 

I almost always want a reply to go to the list, but I do need to think a bit to 
send off-list. That's rare enough that I can handle thinking that much. So 
far...

-- 
Glenn English
g...@slsware.com

Re: [squid-users] Mailing-list admins: can we set up reply-to?

2009-11-19 Thread Tim Bates 

On 20/11/2009, "Henrik Nordstrom"  wrote:

>The list server do set internet standard list headers, so if you have a
>mail client which knows about mailing lists then you get a "Reply to
>list" alternative.


Which still requires people to mash the right button. People used to just
clicking "Reply" or even using keyboard shortcuts will still send to
the wrong address.

I'm all for reply-to personally (I hate having to change the send list
back to the mailing list), but it's not my list which is why I've not
said anything yet (unless I did and forgot).

TB

Re: [squid-users] Mailing-list admins: can we set up reply-to?

2009-11-19 Thread Henrik Nordstrom 
fre 2009-11-13 klockan 11:44 -0500 skrev Brian Mearns:
> Would it be possible for the admins of this mailing list to setup the
> Reply-to header so hitting reply goes back to the mailing list? I
> don't know how many times I've sent responses directly back to the
> sender because I just started typing the response.

No, because reply-to is even more harmful, causing responses which were
intended private to go to the list, and makes it very very hard to
respond privately with a standards conforming mail agent.

The list server do set internet standard list headers, so if you have a
mail client which knows about mailing lists then you get a "Reply to
list" alternative.

Regards
Henrik

Re: [squid-users] Mailing-list admins: can we set up reply-to?

2009-11-19 Thread Brian Mearns 
On Thu, Nov 19, 2009 at 8:41 PM, Robert Collins  wrote:
> On Thu, 2009-11-19 at 09:43 -0500, Brian Mearns wrote:
>>
>> Even 7 years ago, I don't think this article was really as relevant as
>> the author seems to. If you're using Elm, then fantastic, but I
>> personally have never come across a mail agent that supports "reply to
>> group". The much more common "reply-all" feature is too often a
>> detriment to communications and to the network. Unless the mailing
>> list program is smart enough to detect that someone in the list is
>> also explicitly given as a recipient and removes that address from the
>> list of people to whom the message is sent (I would be fairly
>> surprised and moderately impressed if it did), then reply-all will
>> cause excess traffic on the network and will end up with the previous
>> author receiving two copies.
>
> I would be annoyed at mail software that did that; direct addressed mail
> should be delivered. Users can choose to dedupe mail if they want using
> the unique message-id. (And many mail servers do do this).
>
> As for your assertion that few mail clients support reply to list/reply
> to group; I note that you use gmail, and gmail is pretty feature poor.
> You might try using thunderbird or evolution, both of which support
> reply to list and have for quite some time.

I use gmail because it travels, and I was under the impression (from
earlier in this thread) that Thunderbird does not support this
natively, but requires and extension.

> ...
>> If I was the only one suffering from this problem, I would agree that
>> the issue is mine to resolve. Based on the three other follow -ups
>> that have said the same thing, it seems to me to be a pretty common
>> problem.
>
> The alternate configuration also causes problems. This list has some N
> subscribers, of which 3 agree that they current config confuses them
> from time to time. That doesn't provide any evidence that the other N do
> or don't get confuses, nor that if the configuration is changed what
> number will get confused in the opposite direction.
>
> -Rob
>

It would be N-4, actually, but I get your point. My point was that
there are 4 people (including myself) who have voiced their opinion in
support of my suggestion, 2 who have opposed it, and 2 who have joined
the conversation without expressing support or opposition (please
confirm that, I think I counted correctly). No, this doesn't offer
much of a cross section of the group, but without polling the list,
there's not much of hope of getting one.

Anyway, I think we've wasted more time on this then it takes for me to
just correct the error when I forget to address it correctly, so I'll
just leave my comments as they are and let the mailing list gods make
their decision.

-Brian

-- 
Feel free to contact me using PGP Encryption:
Key Id: 0x3AA70848
Available from: http://keys.gnupg.net

Re: [squid-users] Mailing-list admins: can we set up reply-to?

2009-11-19 Thread Robert Collins 
On Thu, 2009-11-19 at 09:43 -0500, Brian Mearns wrote:
> 
> Even 7 years ago, I don't think this article was really as relevant as
> the author seems to. If you're using Elm, then fantastic, but I
> personally have never come across a mail agent that supports "reply to
> group". The much more common "reply-all" feature is too often a
> detriment to communications and to the network. Unless the mailing
> list program is smart enough to detect that someone in the list is
> also explicitly given as a recipient and removes that address from the
> list of people to whom the message is sent (I would be fairly
> surprised and moderately impressed if it did), then reply-all will
> cause excess traffic on the network and will end up with the previous
> author receiving two copies.

I would be annoyed at mail software that did that; direct addressed mail
should be delivered. Users can choose to dedupe mail if they want using
the unique message-id. (And many mail servers do do this).

As for your assertion that few mail clients support reply to list/reply
to group; I note that you use gmail, and gmail is pretty feature poor.
You might try using thunderbird or evolution, both of which support
reply to list and have for quite some time.
...
> If I was the only one suffering from this problem, I would agree that
> the issue is mine to resolve. Based on the three other follow -ups
> that have said the same thing, it seems to me to be a pretty common
> problem.

The alternate configuration also causes problems. This list has some N
subscribers, of which 3 agree that they current config confuses them
from time to time. That doesn't provide any evidence that the other N do
or don't get confuses, nor that if the configuration is changed what
number will get confused in the opposite direction.

-Rob


signature.asc
Description: This is a digitally signed message part

Re: [squid-users] Using Squid in a WiFi hotspot environment

2009-11-19 Thread Kaya Saman 




Squid can be made to work (with the session helper), but something 
specifically designed as a captive portal (like wifidog) might be a 
better choice.




Aaaah thuoght I was barking up the wrong tree (no pun intended!) :-)

Yeah, just checked it out - looks cool and don't need to use crummy 
consumer WAP's with it. I guess I could just use DHCP option codes to 
point each client to the wifidog server/gateway or alternatively just 
put in the IP of wifidog for the gateway config in the DHCP pool.


Ok am officially happy now :-D

Many thanks Chris!

Best regards to all.

--Kaya

Re: [squid-users] Using Squid in a WiFi hotspot environment

2009-11-19 Thread Amos Jeffries 

Kaya Saman wrote:

Many thanks Fahd and Matthew!

So I was correct initially by thinking that CoovaChilli ran on the 
Linksys WRT range of routers.


This I guess is great for a pocket installation but not what I'm looking 
for hardware wise at least. I believe that the software is probably what 
I'm looking for but I need it specifically to interface with Cisco kit 
and since Cisco IOS operating system is proprietary it definitely will 
*not* run on Cisco access points.


Fahd you mention something about a portal is there any software that 
will actually do URL redirects to a login page?? I am guessing it would 
be called a portal!


Yes. Squid.  deny_info directive and ACLs.

You still need some way for the packets to reach the Squid box though. 
Which generally means a routing box to redirect the traffic.


 A Cisco box with WCCP capacity is passable for IPv4-only networks. 
Policy routing port-80 traffic to the Squid box is on the whole better 
if available and required for non-IPv4 HTTP traffic.


FWIW, Cisco boxes can do policy-routing too, though I'm not aware of the 
exact configuration settings.




The reason why I am sticking to Cisco is that I know the H/W capability 
and also am fed up with GUI displays for config. another reason why 
I solely use UNIX systems for servers and desktop environments :-)


For the Treehouse Networks wifi hotspots I use a mix of Debian Linux 
Squid boxes setup as gateway routers and adapted WRT boxes acting as 
access points.
 The WRT do only enough routing to pass everything to the Squid box 
routers and some preliminary firewalls to protect inter-client hacking. 
Regular AP hardware available do not seem to have sufficient 
configure-ability to be usable in this topology. The WRT are very 
capable after OpenWRT flashing.




Since Squid seems like it's not the right software I guess I am getting 
a bit off topic here so next best place to post should probably be the 
Cisco net Pro forum which should give me better insight.


Many thanks for all comments and opinions, they're much appreciated :-)

--Kaya


Amos
--
Please be using
  Current Stable Squid 2.7.STABLE7 or 3.0.STABLE20
  Current Beta Squid 3.1.0.14

Re: [squid-users] Using Squid in a WiFi hotspot environment

2009-11-19 Thread Chris Robertson 

Kaya Saman wrote:

Many thanks Fahd and Matthew!

So I was correct initially by thinking that CoovaChilli ran on the 
Linksys WRT range of routers.


This I guess is great for a pocket installation but not what I'm 
looking for hardware wise at least. I believe that the software is 
probably what I'm looking for but I need it specifically to interface 
with Cisco kit and since Cisco IOS operating system is proprietary it 
definitely will *not* run on Cisco access points.


Fahd you mention something about a portal is there any software 
that will actually do URL redirects to a login page?? I am guessing it 
would be called a portal!


The reason why I am sticking to Cisco is that I know the H/W 
capability and also am fed up with GUI displays for config. 
another reason why I solely use UNIX systems for servers and desktop 
environments :-)


Since Squid seems like it's not the right software I guess I am 
getting a bit off topic here so next best place to post should 
probably be the Cisco net Pro forum which should give me better insight.


Squid can be made to work (with the session helper), but something 
specifically designed as a captive portal (like wifidog) might be a 
better choice.




Many thanks for all comments and opinions, they're much appreciated :-)

--Kaya


Chris

Re: [squid-users] Using Squid in a WiFi hotspot environment

2009-11-19 Thread Kaya Saman 

Many thanks Fahd and Matthew!

So I was correct initially by thinking that CoovaChilli ran on the 
Linksys WRT range of routers.


This I guess is great for a pocket installation but not what I'm looking 
for hardware wise at least. I believe that the software is probably what 
I'm looking for but I need it specifically to interface with Cisco kit 
and since Cisco IOS operating system is proprietary it definitely will 
*not* run on Cisco access points.


Fahd you mention something about a portal is there any software that 
will actually do URL redirects to a login page?? I am guessing it would 
be called a portal!


The reason why I am sticking to Cisco is that I know the H/W capability 
and also am fed up with GUI displays for config. another reason why 
I solely use UNIX systems for servers and desktop environments :-)


Since Squid seems like it's not the right software I guess I am getting 
a bit off topic here so next best place to post should probably be the 
Cisco net Pro forum which should give me better insight.


Many thanks for all comments and opinions, they're much appreciated :-)

--Kaya

Re: [squid-users] Using Squid in a WiFi hotspot environment

2009-11-19 Thread Fahd Kasri 
* OpenWRT is a firmware based on Linux that can run on several
routers, notably the Linksys WRT54GL.

* CoovaChilli is software that runs on Linux, and there are compiled
packages for OpenWRT.

* CoovaAP is a firmware based on OpenWRT with CoovaChilli
pre-installed. There is also a web interface for easy configuration of
your hotspot.

I'd recommend CoovaAP with a Linksys WRT54GL for a basic hotspot with
a captive portal.

2009/11/19 Matthew Morgan 
>
> Kaya Saman wrote:
>>
>> Fahd Kasri wrote:
>>>
>>> Hi Kaya,
>>>
>>> Take a look at CoovaChilli. It's software that runs on OpenWRT routers. It 
>>> uses a Radius (freeradius for example) server for authentication.
>>
>> Many thanks Fahd for the response :-)
>>
>> Am just on the page now but I don't understand what OpenWRT is.
>>
>> I know that there are consumer grade routers from Linksys called WRT; is 
>> that what this is implying?
>>
>> Really this research of mine is for enterprise grade WiFi hotspots, for 
>> places like coffee shops or campus LANs which obviously will need to be 
>> scaled in terms of infrastructure and applications.
>>
>> That's why I thought of Squid initially as I could have a complete server 
>> infrastructure surround while not compromising performance at all.
>>
>> --Kaya
>>
>>
> I think what Fahd means is CoovaChilli is a piece of software that runs on 
> CoovaAP, which is a 3rd party firmware for the WRT line of routers.  CoovaAP 
> is based on OpenWRT, which is itself a 3rd party firmware.  There are only 
> certain routers these firmware systems will run on, so check the hardware 
> compatibility list.  I found one list on this page: 
> http://coova.org/CoovaAP/Installation
>
> CoovaChilli looks like it does exactly what you want to do.  It's main page 
> is here: http://coova.org/CoovaChilli.  I don't know whether the WRT routers 
> will hold up to your resource requirements, though.



--
Fahd Kasri
Directeur Technique
Weblib
http://www.weblib.eu

Re: [squid-users] Mailing-list admins: can we set up reply-to?

2009-11-19 Thread Amos Jeffries 

Marcello Romani wrote:

Robert Collins ha scritto:

On Thu, 2009-11-19 at 11:19 +0100, Marcello Romani wrote:

Matus UHLAR - fantomas ha scritto:

On 13.11.09 11:44, Brian Mearns wrote:

Subject: [squid-users] Mailing-list admins: can we set up reply-to?

Would it be possible for the admins of this mailing list to setup the
Reply-to header so hitting reply goes back to the mailing list? I

changing reply-to by mailing list is bad.
http://www.unicom.com/pw/reply-to-harmful.html


don't know how many times I've sent responses directly back to the
sender because I just started typing the response.

get a mail client that does support mailing lists.




I use Thunderbird 2.0.0.23 under Ubuntu 9.10.
It has two reply buttons: "Reply" and "Reply to all".


http://alumnit.ca/wiki/index.php?page=ReplyToListThunderbirdExtension

-Rob


Thanks.

I wonder why that feature is still missing in official thunderbird 
releases or as an officially supported extension (it doesn't even show 
up in Ubuntu package manager...)




TB3 which apparently as this embeded is still not released as stable.
Depending on your Ubuntu release TB3 was not present in the Debian 
repositories when Ubuntu took their package snapshots 6, 12, 18, 24 
months ago.


FWIW, I'm using the Jaunty TB2 with this extension, no problems.

Amos
--
Please be using
  Current Stable Squid 2.7.STABLE7 or 3.0.STABLE20
  Current Beta Squid 3.1.0.14

Re: [squid-users] squid_session

2009-11-19 Thread Amos Jeffries 

Jan Ove Rogne Longvastøl wrote:

Hi,


I'm running squid with authentication in LDAP. Everytime the users open 
the browser a login window is opening. Works good! But i'd also want the 
users to see a start page everytime they log in. I have set up 
squid_session ( located in /usr/lib/squid using Debian Lenny). This 
happens:


The user logs in and starts surfing. After 15 minutes (900 seconds in 
squid.conf) they are being redirected to the start page. And then they 
have to manually write in the URL to continue surfing.

I understand that the ttl=900 is the "countdown" for the session.

The question is:

I understand that the ttl=900 is the "countdown" for the session, but 
shouldn't the start page show up everytime the browser starts? The login 
window displays everytime the browser opens, why not the start page?


You seem to isunderstand eth causes of those two events.

Login credentials are requested every time the browser fails to send 
them. Login window appears every time the browser does not have a valid 
set authorized by the user to pass on.


Session page appears every timeout, OR when the client data changes. In 
your case data being the login data.


Neither is linked to the browser state. Though the browser usually will 
erase its login state during a close and cause the login box to appear 
at startup.
  Even this first-visit login is removed when the user has some form of 
advanced password management tool in the browser (one startup password 
to open the manager and it sends logins automatically to sites 
previously logged in).





This is my lines in squid.conf:

external_acl_type session ttl=900 negative_ttl=0 children=1 
concurrency=200 %LOGIN /usr/lib/squid/squid_session

acl session external session
http_access deny !session
deny_info http://www/index.php 
session


Jan Ove



Amos
--
Please be using
  Current Stable Squid 2.7.STABLE7 or 3.0.STABLE20
  Current Beta Squid 3.1.0.14

Re: [squid-users] Using Squid in a WiFi hotspot environment

2009-11-19 Thread Matthew Morgan 

Kaya Saman wrote:

Fahd Kasri wrote:

Hi Kaya,

Take a look at CoovaChilli. It's software that runs on OpenWRT 
routers. It uses a Radius (freeradius for example) server for 
authentication.

Many thanks Fahd for the response :-)

Am just on the page now but I don't understand what OpenWRT is.

I know that there are consumer grade routers from Linksys called WRT; 
is that what this is implying?


Really this research of mine is for enterprise grade WiFi hotspots, 
for places like coffee shops or campus LANs which obviously will need 
to be scaled in terms of infrastructure and applications.


That's why I thought of Squid initially as I could have a complete 
server infrastructure surround while not compromising performance at all.


--Kaya


I think what Fahd means is CoovaChilli is a piece of software that runs 
on CoovaAP, which is a 3rd party firmware for the WRT line of routers.  
CoovaAP is based on OpenWRT, which is itself a 3rd party firmware.  
There are only certain routers these firmware systems will run on, so 
check the hardware compatibility list.  I found one list on this page: 
http://coova.org/CoovaAP/Installation


CoovaChilli looks like it does exactly what you want to do.  It's main 
page is here: http://coova.org/CoovaChilli.  I don't know whether the 
WRT routers will hold up to your resource requirements, though.

Re: [squid-users] Using Squid in a WiFi hotspot environment

2009-11-19 Thread Kaya Saman 

Fahd Kasri wrote:

Hi Kaya,

Take a look at CoovaChilli. It's software that runs on OpenWRT 
routers. It uses a Radius (freeradius for example) server for 
authentication. 


Many thanks Fahd for the response :-)

Am just on the page now but I don't understand what OpenWRT is.

I know that there are consumer grade routers from Linksys called WRT; is 
that what this is implying?


Really this research of mine is for enterprise grade WiFi hotspots, for 
places like coffee shops or campus LANs which obviously will need to be 
scaled in terms of infrastructure and applications.


That's why I thought of Squid initially as I could have a complete 
server infrastructure surround while not compromising performance at all.


--Kaya

Re: [squid-users] Quick question about squid serving images

2009-11-19 Thread Chris Robertson 

Angelo Höngens wrote:

Run this on your squid machine (example, assuming your squid listens on
port 80):

squidclient -p 80 -h apacheserver http://domain/image.jpg | head -n 15

Increase or decrease the 'head -n X' value to show all the headers, but
not to return the binary content.


For future reference, making a HEAD request is probably a better bet...

squidclient -p 80 -h apacheserver -m HEAD http://domain/image.jpg

...as that JUST requests the headers, not the whole object.  No need to 
filter out unwanted binary data.


Chris

[squid-users] Using Squid in a WiFi hotspot environment

2009-11-19 Thread Kaya Saman 

Hi guys,

I'm just doing a bit of research as to how to create a wireless hotspot. 
Unfortunately during my Cisco CCNA 802.11 LANs weren't covered that 
greatly so am having to do a lot on my own.


Basically my aim is to use say 2 Cisco wireless access points coupled to 
a PoE switch  and then main router/gateway. I am not sure however if 
Cisco routers can do URL redirect as I certainly haven't found anything 
like that on my 857W, although it is bottom of the line in Cisco terms.


What I am aiming for is something like my old university where you 
connected to the network which was completely insecure no encryption at 
all but however you weren't allowed to access any websites unless you 
logged in using your uni ID/password.


For this to work I am wondering if one could use Squid as URL redirect 
for any URL unless logged in?? Or would I need some other software tied 
into Apache with a Perl or PHP page for the login? Using Squid as a 
forward proxy then would definitely take some pressure off the NAT from 
the router but with between 49k -> 65k port range being open I'm 
assuming NAT would only struggle in enterprise environments where a few 
hundred users logged on at once.


Any advice on this matter is highly appreciated!!

Many thanks.

--Kaya

Re: [squid-users] Mailing-list admins: can we set up reply-to?

2009-11-19 Thread Brian Mearns 
On Thu, Nov 19, 2009 at 3:26 AM, Matus UHLAR - fantomas
 wrote:
> On 13.11.09 11:44, Brian Mearns wrote:
>> Subject: [squid-users] Mailing-list admins: can we set up reply-to?
>>
>> Would it be possible for the admins of this mailing list to setup the
>> Reply-to header so hitting reply goes back to the mailing list? I
>
> changing reply-to by mailing list is bad.
> http://www.unicom.com/pw/reply-to-harmful.html

Even 7 years ago, I don't think this article was really as relevant as
the author seems to. If you're using Elm, then fantastic, but I
personally have never come across a mail agent that supports "reply to
group". The much more common "reply-all" feature is too often a
detriment to communications and to the network. Unless the mailing
list program is smart enough to detect that someone in the list is
also explicitly given as a recipient and removes that address from the
list of people to whom the message is sent (I would be fairly
surprised and moderately impressed if it did), then reply-all will
cause excess traffic on the network and will end up with the previous
author receiving two copies.

Similarly, just hitting reply will end up with messages not making it
to the list, and therefore completely defeat the purpose of this list,
assuming that, for the most part people probably don't even realize
what they did. If they do realize, then we're basically just back to
the "reply-all" situation: they'll re-send the email to the list,
which means the first send was just a waste of network resources, and
causing the previous author, who already got a copy the from the first
erroneous send, to get a second copy of the same message.

I completely disagree with his model for how people think about these
situations: he seems to think that the default is to send a private
response and if you wanted to reply to the whole list you would know
that this is unusual and take a different action to
do so. That may be true for some lists, but I would argue that the
vast majority of replies sent in response to messages on this list,
and any community-based support list, are not private and are intended
to be read by the whole list. The mental model I use, and that I
contend most people use, is that threads belong to the list, responses
generally go to the list, and if I have a personal message for a
specific author then that action goes against the norm and I will take
special actions to make it happen, which just means copy and paste the
"from" address. Yes, I know there are rare occurrences where somebody
has a different reply-to address than where they sent it from. Again,
I think that's the exception and when that is the case and when that
person expects to get private messages in response, he can simply
include his desired respond-to address in the body of the message,
which shouldn't be a big deal since I really don't think it's very
common.

My biggest issue is simply that setting people up to respond privately
is a real detriment to this list. Answers that are sent to the list,
a) provide an answer for other people who may also have the same
question, including people searching archives in the future, so that
we don't have to keep answering the same question over and over (this
happens enough as it is, but if we support a model where answers don't
even go to the list, it's just going to happen that much more), and b)
allow others to provide feedback and corrections to those answers. Not
everyone here is an expert on squid so even with the best of
intentions it's very possible that someone will give some
exceptionally poor advice: if this gets sent as a private message to
the original poster, there's no opportunity for feedback. At least if
it gets sent to the list there's a good chance that someone will
correct it.

>
>> don't know how many times I've sent responses directly back to the
>> sender because I just started typing the response.
>
> get a mail client that does support mailing lists.

If I was the only one suffering from this problem, I would agree that
the issue is mine to resolve. Based on the three other follow -ups
that have said the same thing, it seems to me to be a pretty common
problem. If there are extensions for popular mail clients out there
that do this, then that's great, but the fact that it comes as an
extension indicates that it is not unusual for mail clients to not
have this feature. It's a great feature to have, I fully agree, but
the fact is most people apparently don't have it, and if that's
causing the quality of the list to degrade, I think it behooves us all
to resolve the issue in the most global way.

>
> --
> Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
> Warning: I wish NOT to receive e-mail advertising to this address.
> Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
> Silvester Stallone: Father of the RISC concept.
>


By the way, what happened with this email? Did you explicitly set the
reply-to header, because it came thro

Re: [squid-users] Squid3 and lots of FIN_WAIT1

2009-11-19 Thread David B. 
Amos Jeffries a écrit :
> Wonderful.
>
> Was the timeout a default LVS setting? if so what exact LVS
> device/software was it so we can document the fix here.
>
> Cheers
> Amos
Nop, default LVS timeout is ok, ours were very low.
Défault :
Timeout (tcp tcpfin udp): 900 120 300

Faultly values :
Timeout (tcp tcpfin udp): 30 15 300

We're back to default values. Now i should discover who have lower this
in the first case ! :)

Re: [squid-users] Mailing-list admins: can we set up reply-to?

2009-11-19 Thread Marcello Romani 

Robert Collins ha scritto:

On Thu, 2009-11-19 at 11:19 +0100, Marcello Romani wrote:

Matus UHLAR - fantomas ha scritto:

On 13.11.09 11:44, Brian Mearns wrote:

Subject: [squid-users] Mailing-list admins: can we set up reply-to?

Would it be possible for the admins of this mailing list to setup the
Reply-to header so hitting reply goes back to the mailing list? I

changing reply-to by mailing list is bad.
http://www.unicom.com/pw/reply-to-harmful.html


don't know how many times I've sent responses directly back to the
sender because I just started typing the response.

get a mail client that does support mailing lists.




I use Thunderbird 2.0.0.23 under Ubuntu 9.10.
It has two reply buttons: "Reply" and "Reply to all".


http://alumnit.ca/wiki/index.php?page=ReplyToListThunderbirdExtension

-Rob


Thanks.

I wonder why that feature is still missing in official thunderbird 
releases or as an officially supported extension (it doesn't even show 
up in Ubuntu package manager...)


--
Marcello Romani

[squid-users] squid_session

2009-11-19 Thread Jan Ove Rogne Longvastøl 

Hi,


I'm running squid with authentication in LDAP. Everytime the users open 
the browser a login window is opening. Works good! But i'd also want the 
users to see a start page everytime they log in. I have set up 
squid_session ( located in /usr/lib/squid using Debian Lenny). This happens:


The user logs in and starts surfing. After 15 minutes (900 seconds in 
squid.conf) they are being redirected to the start page. And then they 
have to manually write in the URL to continue surfing.

I understand that the ttl=900 is the "countdown" for the session.

The question is:

I understand that the ttl=900 is the "countdown" for the session, but 
shouldn't the start page show up everytime the browser starts? The login 
window displays everytime the browser opens, why not the start page?


This is my lines in squid.conf:

external_acl_type session ttl=900 negative_ttl=0 children=1 
concurrency=200 %LOGIN /usr/lib/squid/squid_session

acl session external session
http_access deny !session
deny_info http://www/index.php 
session


Jan Ove

Re: [squid-users] Squid3 and lots of FIN_WAIT1

2009-11-19 Thread Amos Jeffries 

David B. wrote:

Hi Squid users,


  [Snip]

I have not seen FIN_WAIT1 before, but often see FIN_WAIT like this when
Squid is receiving a lot of connections.

I think its due to squid using sockets for short times (non-persistent
connections) and moving on. The system TCP timeouts are much longer.

I think i've got something.
My LVS seems to have very very low timeout.
So, LVS timeout TCP session too soon and client FIN & ACK can't reach
the correct squid box, which can't close TCP session properly.
This morning i've raised LVS timeout, and for now, FIN_WAIT1 have gone away.
I hope this will be durable. Now, i need to monitor other time to
confirm this.

Thank you.
David.



Wonderful.

Was the timeout a default LVS setting? if so what exact LVS 
device/software was it so we can document the fix here.


Cheers
Amos
--
Please be using
  Current Stable Squid 2.7.STABLE7 or 3.0.STABLE20
  Current Beta Squid 3.1.0.14

Re: [squid-users] Quick question about squid serving images

2009-11-19 Thread Angelo Höngens 
On 19-11-2009 12:14, NublaII Lists wrote:
> Hi Angelo, and thanks for your answer
> 
> I believe I have it set up correctly on the apache side: this is what I get
> 
> apache response
> 
> HTTP/1.1 200 OK
> Date: Thu, 19 Nov 2009 09:50:25 GMT
> Server: Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.7 with Suhosin-Patch
> Last-Modified: Wed, 16 Sep 2009 07:34:31 GMT
> ETag: "83e24a-347a-473acedfa0fc0"
> Accept-Ranges: bytes
> Content-Length: 13434
> Cache-Control: max-age=604800, public
> Expires: Thu, 26 Nov 2009 09:50:25 GMT
> Connection: close
> Content-Type: image/png
> 
> And I think squid gets a hit, so I obviously have it configured
> incorrectly, because I still get a hit on the apache logs... Would you
> take a look at it if I post it?
> 
> This is the squid response on first hit
> 
> HTTP/1.0 200 OK
> Date: Thu, 19 Nov 2009 10:10:25 GMT
> Server: Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.7 with Suhosin-Patch
> Last-Modified: Thu, 19 Nov 2009 09:55:07 GMT
> ETag: "9a25a1-497c-478b65aa534c0"
> Accept-Ranges: bytes
> Content-Length: 18812
> Cache-Control: max-age=604800, public
> Expires: Thu, 26 Nov 2009 10:10:25 GMT
> Content-Type: image/jpeg
> X-Cache-Lookup: MISS from squid.example.com:80
> Via: 1.1 squid.example.com:80 (squid/2.7.STABLE6)
> Connection: close
> 
> This is the squid response on first hit
> 
> HTTP/1.0 200 OK
> Date: Thu, 19 Nov 2009 10:10:25 GMT
> Server: Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.7 with Suhosin-Patch
> Last-Modified: Thu, 19 Nov 2009 09:55:07 GMT
> ETag: "9a25a1-497c-478b65aa534c0"
> Accept-Ranges: bytes
> Content-Length: 18812
> Cache-Control: max-age=604800, public
> Expires: Thu, 26 Nov 2009 10:10:25 GMT
> Content-Type: image/jpeg
> X-Cache-Lookup: HIT from squid.example.com:80
> Via: 1.1 squid.example.com:80 (squid/2.7.STABLE6)
> Connection: close
> 
> Thanks again

Looks good, the second response via squid looks like a hit. What does
the iis log look like? It could be that squid thinks the object is not
fresh, and tries to find out if the object has changed since.


-- 


With kind regards,


Angelo Höngens
systems administrator

MCSE on Windows 2003
MCSE on Windows 2000
MS Small Business Specialist
--
NetMatch
tourism internet software solutions

Ringbaan Oost 2b
5013 CA Tilburg
+31 (0)13 5811088
+31 (0)13 5821239

a.hong...@netmatch.nl
www.netmatch.nl
--

Re: [squid-users] Quick question about squid serving images

2009-11-19 Thread NublaII Lists 
Hi Angelo, and thanks for your answer

I believe I have it set up correctly on the apache side: this is what I get

apache response

HTTP/1.1 200 OK
Date: Thu, 19 Nov 2009 09:50:25 GMT
Server: Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.7 with Suhosin-Patch
Last-Modified: Wed, 16 Sep 2009 07:34:31 GMT
ETag: "83e24a-347a-473acedfa0fc0"
Accept-Ranges: bytes
Content-Length: 13434
Cache-Control: max-age=604800, public
Expires: Thu, 26 Nov 2009 09:50:25 GMT
Connection: close
Content-Type: image/png

And I think squid gets a hit, so I obviously have it configured
incorrectly, because I still get a hit on the apache logs... Would you
take a look at it if I post it?

This is the squid response on first hit

HTTP/1.0 200 OK
Date: Thu, 19 Nov 2009 10:10:25 GMT
Server: Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.7 with Suhosin-Patch
Last-Modified: Thu, 19 Nov 2009 09:55:07 GMT
ETag: "9a25a1-497c-478b65aa534c0"
Accept-Ranges: bytes
Content-Length: 18812
Cache-Control: max-age=604800, public
Expires: Thu, 26 Nov 2009 10:10:25 GMT
Content-Type: image/jpeg
X-Cache-Lookup: MISS from squid.example.com:80
Via: 1.1 squid.example.com:80 (squid/2.7.STABLE6)
Connection: close

This is the squid response on first hit

HTTP/1.0 200 OK
Date: Thu, 19 Nov 2009 10:10:25 GMT
Server: Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.7 with Suhosin-Patch
Last-Modified: Thu, 19 Nov 2009 09:55:07 GMT
ETag: "9a25a1-497c-478b65aa534c0"
Accept-Ranges: bytes
Content-Length: 18812
Cache-Control: max-age=604800, public
Expires: Thu, 26 Nov 2009 10:10:25 GMT
Content-Type: image/jpeg
X-Cache-Lookup: HIT from squid.example.com:80
Via: 1.1 squid.example.com:80 (squid/2.7.STABLE6)
Connection: close

Thanks again

Re: [squid-users] Squid3 and lots of FIN_WAIT1

2009-11-19 Thread David B. 
Hi Squid users,

>>>   [Snip]
>>>
>>> I have not seen FIN_WAIT1 before, but often see FIN_WAIT like this when
>>> Squid is receiving a lot of connections.
>>>
>>> I think its due to squid using sockets for short times (non-persistent
>>> connections) and moving on. The system TCP timeouts are much longer.
I think i've got something.
My LVS seems to have very very low timeout.
So, LVS timeout TCP session too soon and client FIN & ACK can't reach
the correct squid box, which can't close TCP session properly.
This morning i've raised LVS timeout, and for now, FIN_WAIT1 have gone away.
I hope this will be durable. Now, i need to monitor other time to
confirm this.

Thank you.
David.

Re: [squid-users] Quick question about squid serving images

2009-11-19 Thread Amos Jeffries 

Angelo Höngens wrote:

On 19-11-2009 9:46, NublaII Lists wrote:

I have squid configured (working on it ;)) as a reverse proxy.

My understanding (and I can be wrong) is that once I request an image,
next requests for that image will not reach the web server in any way
until it expires, either manually or reaches end of life... is that
correct?


If you would have configured everything correctly, yes..



I am asking because I can see on my apache logs a ton of hits on
images that squid should be caching, and still arrive to the www
server, so either I don't have it configured properly or I don't
really understand how squid works on reverse proxy mode ;)


It should work like you say, but either squid is not configured
correctly, or the application tells squid not to cache. Squid decides
what it can cache, based on the response headers from the apache
application. Post those headers. The squidclient tool is really useful.

Run this on your squid machine (example, assuming your squid listens on
port 80):

squidclient -p 80 -h apacheserver http://domain/image.jpg | head -n 15

Increase or decrease the 'head -n X' value to show all the headers, but
not to return the binary content. It should return something like this:

HTTP/1.1 200 OK
Cache-Control: public
Content-Type: image/jpeg
Expires: Thu, 19 Nov 2009 09:08:51 GMT
Last-Modified: Thu, 19 Nov 2009 04:51:23 GMT
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Thu, 19 Nov 2009 08:54:51 GMT
Connection: close
Content-Length: 2845

Based on these response headers, Squid decides to cache or not.
Particularly interesting is the 'Cache-Control' header. From there on,
google further ;)




The tool provided by Yahoo! at http://www.redbot.org or the IRCache 
cacheability engine prodvide useful reports for identifying what a proxy 
can and cannot do with any given public URL.


Amos
--
Please be using
  Current Stable Squid 2.7.STABLE7 or 3.0.STABLE20
  Current Beta Squid 3.1.0.14

Re: [squid-users] Re: ubuntu apt-get update 404

2009-11-19 Thread Amos Jeffries 

Matthew Morgan wrote:

Amos Jeffries wrote:

Matthew Morgan wrote:

Amos Jeffries wrote:

Matthew Morgan wrote:


Ok, it seems to happen in stages.  The first time I run apt-get 
update after switching to 3.x, it's hit or miss.  Sometimes it's 
perfect, sometimes I get errors.  After that, I get errors in two 
stages.  Here's what happens:



Either:

apt-get update #1  -  no errors
apt-get update #2  -  invalid header, and sometimes 404 errors
apt-get update #3 and above  - 404 errors only

or:

apt-get update #1  -  invalid header, and sometimes 404 errors
apt-get update #2 and above  - 404 errors only

The dump files I have uploaded match the second set of 
circumstances.  server1.dump and client1.dump are from the first 
apt-get update after switching, and I got an invalid header error + 
404 errors.  server2.dump and client2.dump came from the second 
apt-get update attempt, and only 404 errors were returned.


I hope this helps!  Let me know if you need anything else.  Just a 
reminder, on my setup I only have 1 squid server with 1 cache 
directory.  For comparison, my server is Ubuntu 9.04 running kernel 
2.6.28-16-server.  I am not using TPROXY.


Here are the files (I tried to attach them, but mailer-daemon 
kicked the email)


http://lithagen.dyndns.org/server1.dump
http://lithagen.dyndns.org/client1.dump
http://lithagen.dyndns.org/server2.dump
http://lithagen.dyndns.org/client2.dump


Well, good news and sad news.

Both traces show the same problems.

The 404 is actually being generated by the us.archive.ubuntu.com 
server itself. There is something broken at the mirror or in apts 
local sources.list URLs.
So does squid 3.x have a different user agent string or something?  


No.

Everything works fine with the exact same sources.list when using 
squid 2.7, so there shouldn't be anything wrong with the file.  
us.archive.ubuntu.com must be treating squid 3.x different somehow, 
right?


It does seem to be. Why is the big question.


Amos
Should I send you a capture of my working 2.7 installation so you can 
compare what headers and such are being sent from an otherwise identical 
setup?




I've just ported that header fix down to 3.1. Try tomorrows snapshot and 
see if the header change fixes the issue at all.
If the problem remains, then yes a copy of the 2.7 transactions would be 
useful to compare.


Amos
--
Please be using
  Current Stable Squid 2.7.STABLE7 or 3.0.STABLE20
  Current Beta Squid 3.1.0.14

[squid-users] misc. failures in cache.log

2009-11-19 Thread Werner Müller 
Hello,

we have Squid 2.7 STABLE 6 running under windows.

I get every few minutes follow entries in the cache.log:

2009/11/19 09:15:44| sslReadClient: FD 160: read failure: (10053)
WSAECONNABORTED, Software caused connection abort.
2009/11/19 09:15:45| sslReadClient: FD 175: read failure: (10053)
WSAECONNABORTED, Software caused connection abort.
2009/11/19 09:35:27| sslReadClient: FD 160: read failure: (10053)
WSAECONNABORTED, Software caused connection abort.
2009/11/19 09:37:35| sslReadClient: FD 202: read failure: (10053)
WSAECONNABORTED, Software caused connection abort.
2009/11/19 09:38:59| sslReadClient: FD 174: read failure: (10053)
WSAECONNABORTED, Software caused connection abort.
2009/11/19 09:51:09| sslReadClient: FD 264: read failure: (10053)
WSAECONNABORTED, Software caused connection abort.
2009/11/19 09:51:48| sslReadClient: FD 260: read failure: (10053)
WSAECONNABORTED, Software caused connection abort.
2009/11/19 09:55:51| sslReadClient: FD 233: read failure: (10053)
WSAECONNABORTED, Software caused connection abort.
2009/11/19 10:00:48| sslWriteClient: FD 186: write failure: (10054)
WSAECONNRESET, Connection reset by peer..
2009/11/19 10:12:19| sslReadClient: FD 194: read failure: (10053)
WSAECONNABORTED, Software caused connection abort.
2009/11/19 10:22:54| sslReadClient: FD 166: read failure: (10053)
WSAECONNABORTED, Software caused connection abort.
2009/11/19 10:35:14| sslReadClient: FD 227: read failure: (10053)
WSAECONNABORTED, Software caused connection abort.
2009/11/19 10:35:14| sslReadClient: FD 195: read failure: (10053)
WSAECONNABORTED, Software caused connection abort.
2009/11/19 10:35:39| sslWriteClient: FD 246: write failure: (10054)
WSAECONNRESET, Connection reset by peer..
2009/11/19 10:41:42| sslReadClient: FD 233: read failure: (10053)
WSAECONNABORTED, Software caused connection abort.
2009/11/19 10:43:04| sslReadClient: FD 181: read failure: (10053)
WSAECONNABORTED, Software caused connection abort.
2009/11/19 10:43:07| sslReadClient: FD 160: read failure: (10053)
WSAECONNABORTED, Software caused connection abort.
2009/11/19 10:45:29| sslReadClient: FD 174: read failure: (10053)
WSAECONNABORTED, Software caused connection abort.
2009/11/19 10:49:32| sslReadClient: FD 195: read failure: (10053)
WSAECONNABORTED, Software caused connection abort.
2009/11/19 10:56:38| sslReadClient: FD 223: read failure: (10053)
WSAECONNABORTED, Software caused connection abort.
2009/11/19 11:00:05| sslReadClient: FD 161: read failure: (10053)
WSAECONNABORTED, Software caused connection abort.
2009/11/19 11:11:21| sslReadClient: FD 226: read failure: (10053)
WSAECONNABORTED, Software caused connection abort.
2009/11/19 11:12:16| sslWriteClient: FD 182: write failure: (10054)
WSAECONNRESET, Connection reset by peer..
2009/11/19 11:13:13| sslReadClient: FD 232: read failure: (10053)
WSAECONNABORTED, Software caused connection abort.
2009/11/19 11:19:39| sslReadClient: FD 182: read failure: (10053)
WSAECONNABORTED, Software caused connection abort.
2009/11/19 11:21:33| sslWriteClient: FD 185: write failure: (10054)
WSAECONNRESET, Connection reset by peer..
2009/11/19 11:24:34| sslWriteClient: FD 173: write failure: (10054)
WSAECONNRESET, Connection reset by peer..
2009/11/19 11:25:19| sslReadClient: FD 176: read failure: (10053)
WSAECONNABORTED, Software caused connection abort.
2009/11/19 11:26:01| sslReadClient: FD 256: read failure: (10053)
WSAECONNABORTED, Software caused connection abort.
2009/11/19 11:27:47| sslReadClient: FD 218: read failure: (10053)
WSAECONNABORTED, Software caused connection abort.
2009/11/19 11:36:06| sslReadClient: FD 183: read failure: (10053)
WSAECONNABORTED, Software caused connection abort.
2009/11/19 11:37:35| sslReadClient: FD 201: read failure: (10053)
WSAECONNABORTED, Software caused connection abort.
2009/11/19 11:38:03| sslReadClient: FD 242: read failure: (10053)
WSAECONNABORTED, Software caused connection abort.
2009/11/19 11:44:26| sslWriteClient: FD 187: write failure: (10054)
WSAECONNRESET, Connection reset by peer..


Thanks for your help!

Re: [squid-users] cache-peer and hosts file

2009-11-19 Thread Amos Jeffries 

NublaII Lists wrote:

Hi there

I have a couple of quick questions to which I have seen many examples,
but I have never been able to figure out the whole picture.

In a simple setup like this:

1 squid machine
2 www servers

website: www.example.com
external ip: 1.2.3.4

squid machine:
name: squid.example.com
ip: 10.0.0.1

www1 machine:
name: www1.example.com
ip: 10.0.0.2

www2 machine:
name: www2.example.com
ip: 10.0.0.3

Here is the part of the squid.conf that applies here

# Basic parameters
visible_hostname www.example.com
# This line indicates the server we will be proxying for
http_port 80 accel defaultsite=www.example.com
# And the IP Address for it
cache_peer 10.0.0.2 parent 80 0 no-query originserver round-robin
cache_peer 10.0.0.3 parent 80 0 no-query originserver round-robin

So, questions...

- is the squid.conf syntax correct?


Yes. The syntax is correct.

Whether it does what you want is a matter only you can tell. I'd suggest 
some dstdomain ACL (as per the Squid wiki BasicAccelerator configuration 
example) to protect your backend servers from garbage attack requests.



- what should I have on the /etc/hosts file on the squid machine?
RIght now this is what I have

127.0.0.1localhost
10.0.0.1squid.example.com
10.0.0.2www.example.com
10.0.0.3www.example.com


hosts file is not relevant in simple revere-proxy setups. Squid is 
passing the requests directly to the peer IP from the configuration 
file. DNS is not needed to find the peer IP when its configured.


Amos
--
Please be using
  Current Stable Squid 2.7.STABLE7 or 3.0.STABLE20
  Current Beta Squid 3.1.0.14

Re: [squid-users] Mailing-list admins: can we set up reply-to?

2009-11-19 Thread Robert Collins 
On Thu, 2009-11-19 at 11:19 +0100, Marcello Romani wrote:
> Matus UHLAR - fantomas ha scritto:
> > On 13.11.09 11:44, Brian Mearns wrote:
> >> Subject: [squid-users] Mailing-list admins: can we set up reply-to?
> >>
> >> Would it be possible for the admins of this mailing list to setup the
> >> Reply-to header so hitting reply goes back to the mailing list? I
> > 
> > changing reply-to by mailing list is bad.
> > http://www.unicom.com/pw/reply-to-harmful.html
> > 
> >> don't know how many times I've sent responses directly back to the
> >> sender because I just started typing the response.
> > 
> > get a mail client that does support mailing lists.
> > 

> I use Thunderbird 2.0.0.23 under Ubuntu 9.10.
> It has two reply buttons: "Reply" and "Reply to all".

http://alumnit.ca/wiki/index.php?page=ReplyToListThunderbirdExtension

-Rob


signature.asc
Description: This is a digitally signed message part

Re: [squid-users] Mailing-list admins: can we set up reply-to?

2009-11-19 Thread Marcello Romani 

Matus UHLAR - fantomas ha scritto:

On 13.11.09 11:44, Brian Mearns wrote:

Subject: [squid-users] Mailing-list admins: can we set up reply-to?

Would it be possible for the admins of this mailing list to setup the
Reply-to header so hitting reply goes back to the mailing list? I


changing reply-to by mailing list is bad.
http://www.unicom.com/pw/reply-to-harmful.html


don't know how many times I've sent responses directly back to the
sender because I just started typing the response.


get a mail client that does support mailing lists.



I use Thunderbird 2.0.0.23 under Ubuntu 9.10.
It has two reply buttons: "Reply" and "Reply to all".
When replying to your message, the first button sends the reply to your 
private address, the second button sends the reply to the mailing list.
This is OK, and I think it's what you mean when you say "get a mail 
client that supports mailing lists".


But with most messages on the list what happens is different: when I hit 
"Replay to all", the message gets the poster's e-mail address in the 
"To:" field and the mailing list's address in the "Cc:" field.
Therefore I have to manually delete the "To:" field and change the "Cc:" 
one to become "To:", otherwise the poster would see my reply two times: 
once in the list, and once in his/her private mail. This is annoying 
IMHO, and has the risk of breaking the thread on the list because the 
poster might reply to the private copy of the message.


Reading the full e-mail headers, it appears to me that the only 
significant difference is your (good) message has


Mail-Followup-To: squid-users@squid-cache.org

while all the other ("bad") messages miss this header.
Could it be this header that causes the different behaviour I have seen 
? How could this be solved ?


--
Marcello Romani

Re: [squid-users] Gzip Supporting

2009-11-19 Thread Angelo Höngens 
On 19-11-2009 10:03, yaoxing zhang wrote:
> Sorry I'm not very clear about this. Do you mean Squid drops the request 
> from client, then generate another different request, which contains no 
> "Accept-Encoding" header, and send this request to IIS. As a result 
> response from IIS is not compressed? If so, is it possible to just hand 
> over all the headers from client, and let the client decide whether to 
> accept compressing or not?

It has nothing to do with accept-encoding headers. Just sniff as I
suggested, and all will be clear.

-- 


With kind regards,


Angelo Höngens
systems administrator

MCSE on Windows 2003
MCSE on Windows 2000
MS Small Business Specialist
--
NetMatch
tourism internet software solutions

Ringbaan Oost 2b
5013 CA Tilburg
+31 (0)13 5811088
+31 (0)13 5821239

a.hong...@netmatch.nl
www.netmatch.nl
--

Re: [squid-users] Gzip Supporting

2009-11-19 Thread yaoxing zhang 
Sorry I'm not very clear about this. Do you mean Squid drops the request 
from client, then generate another different request, which contains no 
"Accept-Encoding" header, and send this request to IIS. As a result 
response from IIS is not compressed? If so, is it possible to just hand 
over all the headers from client, and let the client decide whether to 
accept compressing or not?


Regards,
YX

On 2009年11月19日 16:43, Angelo Höngens wrote:

IIS is returning gzip compressed content to your browser, but how do you
know it sends gzip compressed content to squid? By default is does not.
Use WireShark on the IIS machine to confirm.

By default, IIS will not return compressed content to squid, therefore,
you need to execute the commands from my previous posts (and don't
forget the iisreset).

Re: [squid-users] Quick question about squid serving images

2009-11-19 Thread Angelo Höngens 
On 19-11-2009 9:46, NublaII Lists wrote:
> I have squid configured (working on it ;)) as a reverse proxy.
> 
> My understanding (and I can be wrong) is that once I request an image,
> next requests for that image will not reach the web server in any way
> until it expires, either manually or reaches end of life... is that
> correct?

If you would have configured everything correctly, yes..


> I am asking because I can see on my apache logs a ton of hits on
> images that squid should be caching, and still arrive to the www
> server, so either I don't have it configured properly or I don't
> really understand how squid works on reverse proxy mode ;)

It should work like you say, but either squid is not configured
correctly, or the application tells squid not to cache. Squid decides
what it can cache, based on the response headers from the apache
application. Post those headers. The squidclient tool is really useful.

Run this on your squid machine (example, assuming your squid listens on
port 80):

squidclient -p 80 -h apacheserver http://domain/image.jpg | head -n 15

Increase or decrease the 'head -n X' value to show all the headers, but
not to return the binary content. It should return something like this:

HTTP/1.1 200 OK
Cache-Control: public
Content-Type: image/jpeg
Expires: Thu, 19 Nov 2009 09:08:51 GMT
Last-Modified: Thu, 19 Nov 2009 04:51:23 GMT
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Thu, 19 Nov 2009 08:54:51 GMT
Connection: close
Content-Length: 2845

Based on these response headers, Squid decides to cache or not.
Particularly interesting is the 'Cache-Control' header. From there on,
google further ;)


-- 


With kind regards,


Angelo Höngens
systems administrator

MCSE on Windows 2003
MCSE on Windows 2000
MS Small Business Specialist
--
NetMatch
tourism internet software solutions

Ringbaan Oost 2b
5013 CA Tilburg
+31 (0)13 5811088
+31 (0)13 5821239

a.hong...@netmatch.nl
www.netmatch.nl
--

Re: [squid-users] questions on squid cache

2009-11-19 Thread Matus UHLAR - fantomas 
On 18.11.09 16:29, Melanie Pfefer wrote:
> #Suggested default:
> refresh_pattern ^ftp:   144020% 10080
> refresh_pattern ^gopher:14400%  1440
> refresh_pattern .   0   20% 4320
> 
> the last lime means all types of objects will be cached for 1.2 day?

not exactly. refresh_pattern only hints squid how long to condired data
fresh. The objects still can be revalidated and considered as still active.

-- 
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
(R)etry, (A)bort, (C)ancer

Re: [squid-users] questions on squid cache

2009-11-19 Thread Matus UHLAR - fantomas 
On 18.11.09 14:16, Melanie Pfefer wrote:
> I have in squid.conf
> 
> cache_dir ufs /var/squid/var/cache 100 16 256
> 
> 
> I would like to know:
> 1. if the squid cache is stored on disk or RAM

the above configures on-disk cache, the cache_mem directive sets up
in-memory cache.

> 2. if I can reach a point where "cache is full"

squids periodically cleans its cache only to keep it as full as configured.

You can configure squid not to clean the cache and in such case it can
become "full", but there's usually no need for that.

see cache_replacement_policy and memory_replacement policy directives.

> 3. How can I "remove cache" older than 1 week (same logic as log rotation)

very hardly. squid has different lgorithms to remove data from cache, based
on how often were they accessed.
-- 
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Christian Science Programming: "Let God Debug It!".

[squid-users] Quick question about squid serving images

2009-11-19 Thread NublaII Lists 
I have squid configured (working on it ;)) as a reverse proxy.

My understanding (and I can be wrong) is that once I request an image,
next requests for that image will not reach the web server in any way
until it expires, either manually or reaches end of life... is that
correct?

I am asking because I can see on my apache logs a ton of hits on
images that squid should be caching, and still arrive to the www
server, so either I don't have it configured properly or I don't
really understand how squid works on reverse proxy mode ;)

thank you all

Benja

Re: [squid-users] Gzip Supporting

2009-11-19 Thread Angelo Höngens 
On 19-11-2009 9:27, yaoxing zhang wrote:
> My IIS7 is sending back the compressed file as you can see in my first 
> post. But Squid seems to have decompressed it and sent back the 
> uncompressed version. Or maybe I should set some options to control this?
> Regards,
> YX

IIS is returning gzip compressed content to your browser, but how do you
know it sends gzip compressed content to squid? By default is does not.
Use WireShark on the IIS machine to confirm.

By default, IIS will not return compressed content to squid, therefore,
you need to execute the commands from my previous posts (and don't
forget the iisreset).

-- 


With kind regards,


Angelo Höngens
systems administrator

MCSE on Windows 2003
MCSE on Windows 2000
MS Small Business Specialist
--
NetMatch
tourism internet software solutions

Ringbaan Oost 2b
5013 CA Tilburg
+31 (0)13 5811088
+31 (0)13 5821239

a.hong...@netmatch.nl
www.netmatch.nl
--

Re: [squid-users] Gzip Supporting

2009-11-19 Thread yaoxing zhang 
My IIS7 is sending back the compressed file as you can see in my first 
post. But Squid seems to have decompressed it and sent back the 
uncompressed version. Or maybe I should set some options to control this?

Regards,
YX

On 2009年11月19日 16:11, Angelo Höngens wrote:

You can have your IIS7 do static and dynamic compression though, and Squid will 
pass it.

Extra hoop to jump through (From my internal wiki):
--
If you enable compression in IIS7, it won't compress for HTTP/1.0 clients, 
since encoding support in HTTP/1.0 is flaky. If we use Squid (and squid can 
handle it), you can force IIS7 to do compression anyway:

c:\Windows\System32\inetsrv\appcmd.exe set config -section:httpCompression -
noCompressionForHttp10:false
c:\Windows\System32\inetsrv\appcmd.exe set config -section:httpCompression -
noCompressionForProxies:false
iisreset
--

Re: [squid-users] Mailing-list admins: can we set up reply-to?

2009-11-19 Thread Matus UHLAR - fantomas 
On 13.11.09 11:44, Brian Mearns wrote:
> Subject: [squid-users] Mailing-list admins: can we set up reply-to?
> 
> Would it be possible for the admins of this mailing list to setup the
> Reply-to header so hitting reply goes back to the mailing list? I

changing reply-to by mailing list is bad.
http://www.unicom.com/pw/reply-to-harmful.html

> don't know how many times I've sent responses directly back to the
> sender because I just started typing the response.

get a mail client that does support mailing lists.

-- 
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Silvester Stallone: Father of the RISC concept.

RE: [squid-users] Gzip Supporting

2009-11-19 Thread Angelo Höngens 
You can have your IIS7 do static and dynamic compression though, and Squid will 
pass it.

Extra hoop to jump through (From my internal wiki):
--
If you enable compression in IIS7, it won't compress for HTTP/1.0 clients, 
since encoding support in HTTP/1.0 is flaky. If we use Squid (and squid can 
handle it), you can force IIS7 to do compression anyway: 

c:\Windows\System32\inetsrv\appcmd.exe set config -section:httpCompression -
noCompressionForHttp10:false
c:\Windows\System32\inetsrv\appcmd.exe set config -section:httpCompression -
noCompressionForProxies:false
iisreset
--

-- 

 
With kind regards,
 
 
Angelo Höngens
 
Systems Administrator
 
--
NetMatch
tourism internet software solutions
 
Ringbaan Oost 2b
5013 CA Tilburg
T: +31 (0)13 5811088
F: +31 (0)13 5821239
 
mailto:a.hong...@netmatch.nl
http://www.netmatch.nl
--

> -Original Message-
> From: yaoxing zhang [mailto:yaoxing.zh...@gmail.com]
> Sent: donderdag 19 november 2009 9:08
> To: sqlcamel
> Cc: squid-users@squid-cache.org
> Subject: Re: [squid-users] Gzip Supporting
> 
> got it, thanks.
> 
> Regards,
> YX
> 
> On 2009年11月19日 14:51, sqlcamel wrote:
> > yaoxing zhang:
> >> Hello everyone,
> >> I'm using squid 3.0 stable 16 as a accelerator for my IIS 7.0
> server.
> >> And I find that squid does not enable gzip for compressing, which
> >> increases a lot of internet traffic. I can't find any option with
> >> which I can enable gzip. Can anyone help me?
> >
> > AFAIK, only Squid-3.1 with ecap support can enable the external gzip
> > module.
> >
> >

Re: [squid-users] Prevent squid from caching a page

2009-11-19 Thread Matus UHLAR - fantomas 
On 13.11.09 07:59, Landy Landy wrote:
> Is there a way to tell squid not to cache a page or have it ignore it?
> Theres a page I cannot view from our lan: www.dgii.gob.do. I don't know
> why but, I'm suspecting there must be something with squid since, I
> noticed I receive the page's title and it disappears.

this has apparently nothing to do with _caching_ itself, maybe with
_accessing_ using squid.
First try to access the server directly, not through squid.
-- 
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Windows found: (R)emove, (E)rase, (D)elete

RE: [squid-users] Question on HAPROXY

2009-11-19 Thread Angelo Höngens 
I use squid and haproxy together. 

HAProxy is just a layer 7 load balancer application, and we use it to balance 
web sites across multiple servers (and then Squid in front of it to cache 
objects). I don't know about balancing dsl lines though, depends on your setup.

-- 

 
With kind regards,
 
 
Angelo Höngens
 
Systems Administrator
 
--
NetMatch
tourism internet software solutions
 
Ringbaan Oost 2b
5013 CA Tilburg
T: +31 (0)13 5811088
F: +31 (0)13 5821239
 
mailto:a.hong...@netmatch.nl
http://www.netmatch.nl
--


> -Original Message-
> From: Landy Landy [mailto:landysacco...@yahoo.com]
> Sent: woensdag 18 november 2009 23:32
> To: squid-users@squid-cache.org
> Subject: [squid-users] Question on HAPROXY
> 
> Hello.
> 
> I was reading something about haproxy and couldn't quite understand if
> it can be used along side with squid. Can it be used to save bandwidth
> and balance two or more dsl lines installed with squid?
> 
> 
> 
> 
>

Re: [squid-users] Gzip Supporting

2009-11-19 Thread yaoxing zhang 

got it, thanks.

Regards,
YX

On 2009年11月19日 14:51, sqlcamel wrote:

yaoxing zhang:

Hello everyone,
I'm using squid 3.0 stable 16 as a accelerator for my IIS 7.0 server. 
And I find that squid does not enable gzip for compressing, which 
increases a lot of internet traffic. I can't find any option with 
which I can enable gzip. Can anyone help me?


AFAIK, only Squid-3.1 with ecap support can enable the external gzip 
module.