[squid-users] squid 3.1 and error_directory
Hi. Recently I decided to look on 3.1 branch on my test proxy. Everything seems to work fine, but I'm stuck with the problem with the error messages. Whatever I do with the error_directory/error_default_language settings (leaving 'em commented out, or setting 'em to something) in my browser I see corrupted symbols. These are neither latin, nor cyrillic. They do look like it is UTF-8 treated like Cp1251, for example. Changing encoding of the page in browser doesn't help. And the charset in tag of such page is always "us-ascii" (why ?). How can I make pages be displayed at least in english ? I thought that this can be achieved by setting error_default_language to en, but I was wrong again. I thought I am familiar with squid error directory and creating my own templates for 2.x/3.0 branches, but definitely I'm not with the 3.1 Thanks.
Re: [squid-users] Reverse proxy scenario
Sébastien WENSKE wrote: Hi list, I have set up a reverse proxy on a 100MB/s server to preserve my home bandwidth (upload ~128KB/s). It works very fine, objects are stored in the cache and served to the clients. However, I had last week a “rush” on my blog, about 1500 visitor in two days that had result to overload my connection with a huge amount of 304 queries. Lucky escape there. How much bandwidth hit the public server? :) My question is: Is it possible to tell Squid to not check the parent (my local web server) if an object has been modified for a while? by directory or mime type? Squid-2.x has collapsed_forwarding feature, when turned on this reduces the actual number of requests going back by several hundred to a thousand percent. Squid-2.7 also accepts "Cache-Control: stale-while-revalidate" headers from the server which AFAIK should reduce these 304 messages to one at a time and Squid sending out the old copy to any clients while it waits for an update. Also the related stale-if-error header which keeps the proxy providing visible content if the parent server goes offline for a while. Amos -- Please be using Current Stable Squid 2.7.STABLE7 or 3.0.STABLE23 Current Beta Squid 3.1.0.16
Re: [squid-users] Question on removing cache based on url.
John Villa wrote: Hello, I am currently trying to purge objects that are older than 2 minutes. The particular site is amazon. It does not appear to be working with my configuration because I tried this on a site with a few words of text and the object that it created was not purged. Here is my config line: refresh_pattern -i .*\.amazon\.com 1 20% 2 refresh_pattern may be used to _extend_ the period URLs matching the pattern may be stored. The explicit expiry information provided by the website is still obeyed. Amos -- Please be using Current Stable Squid 2.7.STABLE7 or 3.0.STABLE23 Current Beta Squid 3.1.0.16
Re: [squid-users] BUG !? swap.state: (13) Permission denied ...
Riccardo Castellani wrote: Where can I find difference from kill and squid -k ? I'm looking for documenentation which describes differences at code level. There is no documentation on kill vs squid -k. Only reading the code and observing the behavior. The exact signals squid -k uses may differ between operating systems, depending on what process signals that OS supports. Amos -- Please be using Current Stable Squid 2.7.STABLE7 or 3.0.STABLE23 Current Beta Squid 3.1.0.16
Re: [squid-users] None Existing File; Repeating Request Timeout
Joe P.H. Chiang wrote: Hi All Im New to squid.. I've scanned through squid 2.6 & 3.0 Manual and Definitive guide, but i still can't find information about this question.. Is it possible to have a request_timeout when the request file doesn't exist on the squid cache and peer server? e.g if client requestionwww.example.com/dontexist.html and then receives 404 http then the client will have to wait until request_timeout 30 seconds to able to request www.example.com/dontexist.html again could this be done? is there such setting/configuration? This is a "wetware" problem. You need to teach all your users to press the refresh button at exactly 30 seconds after any failure. Seriously though, not the way you describe. You can't prevent people being "able" to make requests. You can only change the result if they do one you don't like. What exactly are you trying to accomplish? Amos -- Please be using Current Stable Squid 2.7.STABLE7 or 3.0.STABLE23 Current Beta Squid 3.1.0.16
Re: [squid-users] Authentication Browser Dialog
Christian Weiligmann wrote: Hello, i use the squidproxy over 10 years, an i am very happy to have this programm for internet access, the user may look different about this. But, I have a demand concerning the authentication dialogs I want to authenticate the internet access for my users by mysql backend, but not with a browser dialog, else with a webpage. Similar to the question "Re: [squid-users] Proxy subscription on-line" where is the error page, i can modify? Thanks a lot for viewing and please give me a answer... So ... what error page? in response to what action? in which squid version? under what circumstances? with what information? Amos -- Please be using Current Stable Squid 2.7.STABLE7 or 3.0.STABLE23 Current Beta Squid 3.1.0.16
Re: [squid-users] cache manager access from web
J. Webster wrote: I have followed the tutorial here: http://wiki.squid-cache.org/SquidFaq/CacheManager and set up acls to access the cache manager cgi on my server. I have to access this externally for the moment as that is the only access to the server that I have (SSH or web). The cache manager login appears when I access: http://myexternalipaddress/cgi-bin/cachemgr.cgi I have set the cache manager login and password in the squid.conf # TAG: cache_mgr # Email-address of local cache manager who will receive # mail if the cache dies. The default is "root". # #Default: # cache_mgr root cache_mgr a...@aaa.com cachemgr_passwd aaa all #Recommended minimum configuration: acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl cacheadmin src 88.xxx.xxx.xx9/255.255.255.255 #external IP address? You don't need the /255.255.255.255 bit. Just a single IP address will do. acl to_localhost dst 127.0.0.0/8 # Only allow cachemgr access from localhost http_access allow ncsa_users http_access allow manager localhost http_access allow manager cacheadmin http_access deny manager However, whenever I enter the password and select localhost port 8080 from the cgi script I get: The following error was encountered: Cache Access Denied. Sorry, you are not currently allowed to request: cache_object://localhost/ from this cache until you have authenticated yourself. Looks like the CGI script does its own internal access to Squid to fetch the page data. But does not have the right login details to pass your "http_access allow ncsa_auth" security config. Amos -- Please be using Current Stable Squid 2.7.STABLE7 or 3.0.STABLE23 Current Beta Squid 3.1.0.16
Re: [squid-users] DNUMTHREADS
J. Webster wrote: Is it recommended to recompile squid and increase the DNUMTHREADS value? I read that 30 could easily be used on a 500MHz machine and my machine is more than 2GHz so would it give an improvement to squid performance. I have been reading through this document here, which recommends various changes including using the reiserfs filesystem. My machine is CentOS. http://blog.last.fm/2007/08/30/squid-optimization-guide Not sure how he got that info Squid provides the ./configure --enable-async-io[=N_THREADS] option as far back as I can see. It only affects AUFS disk storage. Amos -- Please be using Current Stable Squid 2.7.STABLE7 or 3.0.STABLE23 Current Beta Squid 3.1.0.16
Re: [squid-users] Squid: reverse proxy security advantages
Jeff Peng wrote: 在 2010-02-08一的 22:14 -0300,Alejandro Facultad写道: Dear all, I have a webmail which must be accesed by users from another network. The content of the webmail is not static obviously, so the content caching is not an advantage here. Also the webmail is just one server, not load balancing is important here. So are there any security advantage of using a Squid as a reverse proxy in front of my webmail ??? Because I can't see any security benefit... DDoS reduction? Squid raises your server traffic threshold for DDoS attack before it falls over by several order of magnitude. Then there is the source security controls Jeff points out below. At some points you can consider Squid as an application firewall, and setup some rules like: acl badip src 192.168.0.100 http_access deny badip acl badsite referer_regex -i qq.com http_access deny badsite acl badconn maxconn 20 http_access deny badconn acl badbrow browser -i Sosospider http_access deny badbrow Those may help improve some security,but it depends... Squid is just a cache, if you don't need the cache feature, you may not want to use it. "just a cache" ha! It's a general-use HTTP proxy. Doing load balancing, full set of CDN features for HTTP-as-service, HTTP flow redirection/reflection, bandwidth shaping, caching, HTTP security, and protocol conversion. I'm sure I've left off a bunch of things too. But yes, I see the point, Squid might not be _that_ beneficial for a single load-critical non-cachable app. Amos -- Please be using Current Stable Squid 2.7.STABLE7 or 3.0.STABLE23 Current Beta Squid 3.1.0.16
[squid-users] Testing squid-3.1.0.16 .| idnsSendQuery: FD 8: sendto: (51) Network is unreachable
Hello, I have installed the latest beta (16) on a box that does not have a firewall. I have confirmed that with a prompt iam able to resolve domain names.. but for some reason squid complaints it cant. Is there any option i need to edit so that it uses either 127.0.0.1 to resolve or any other public IP? 2010/02/08 21:25:03| idnsSendQuery: FD 8: sendto: (51) Network is unreachable 2010/02/08 21:25:03| comm_udp_sendto: FD 8, (family=24) 140.3.13:53: (51) Network is unreachable I apologize if this is not the correct channel to request for help for a beta. Thanks Dimitri
Re: [squid-users] SSL Bump progress on beta 3.1.0.16?
On Mon, Feb 8, 2010 at 8:25 PM, Alex Rousskov wrote: > I believe the basic SSL Bump feature in Squid v3.1 is relatively well > tested. It has been around for a while. I am not aware of any open bugs > (but have not checked recently). Its usability is rather limited because > of the frequent certificate warnings though. > In an environment where the users are a few, and the SSL sites are about 5. One could do some config so that these are ignored by the browser right? or trust a wildcard certificate? *.com Meanwhile the real thing is here :) Thanks
Re: [squid-users] Reverse proxy scenario
在 2010-02-08一的 23:30 +0100,Sébastien WENSKE写道: > s. > > My question is: Is it possible to tell Squid to not check the parent (my > local web server) if an object has been modified for a while? by directory > or mime type? > You can increase the cache lifetime based on the file extension. See the refresh_pattern tags in squid.conf. -- Jeff Peng Email: jeffp...@netzero.net Skype: compuperson
Re: [squid-users] Squid: reverse proxy security advantages
在 2010-02-08一的 22:14 -0300,Alejandro Facultad写道: > Dear all, I have a webmail which must be accesed by users from another > network. > > > The content of the webmail is not static obviously, so the content caching > is not an advantage here. Also the webmail is just one server, not load > balancing is important here. > > > So are there any security advantage of using a Squid as a reverse proxy in > front of my webmail ??? Because I can't see any security benefit... At some points you can consider Squid as an application firewall, and setup some rules like: acl badip src 192.168.0.100 http_access deny badip acl badsite referer_regex -i qq.com http_access deny badsite acl badconn maxconn 20 http_access deny badconn acl badbrow browser -i Sosospider http_access deny badbrow Those may help improve some security,but it depends... Squid is just a cache, if you don't need the cache feature, you may not want to use it. -- Jeff Peng Email: jeffp...@netzero.net Skype: compuperson
Re: [squid-users] OpenSSL license
kiran kumar wrote: Greetings to all. Will there be any license compatibility issues in using openssl with Squid? I plan to build Squid with "enable-ssl" support but happened to bump into an old discussion on this. "http://www.squid-cache.org/mail-archive/squid-dev/200406/0011.html";. As i'm not an expert on this, I wish to hear from the group if there will be any potential license violation if we want to use Squid to provide https-proxy support. Best Regards, Kiran There is no violation is building the two together for personal/business internal use. The problem begins with re-distributing the copy you built. It boils down to GPL software cannot be distributed in binary form when containing OpenSSL code. Neither Squid or OpenSSL licensing has changed in this regard AFAIK. Squid being GPL2+ has the option that if GPL 3 or 4 etc is altered to correct that gap we may finally be able to do so. Amos -- Please be using Current Stable Squid 2.7.STABLE7 or 3.0.STABLE23 Current Beta Squid 3.1.0.16
Re: [squid-users] Is OpenDNS efficient for squid?
J. Webster wrote: Is there any problem with using opendns server as the dns_nameserver in squid? Yes. OpenDNS is known under some setups to send a positive domain name result where it should be returning NXDOMAIN. This royally screws over any networks where there are more than one local domain scope. For one basic example; if your resolv.conf contains the command "search .local .example.com" and Squid gets told that 123.local is one of the OpenDNS "smart" search pages. It will fail 100% of the time to redirect you to the real 123.example.com website. The examples and failure cases get really complicated when the mixture of modern DNS RR types are added in, but the end result is identical to that of the simple case above. There have been a number of people who think their IPv6 access is completely broken (even when realy completely working) simply because IPv6-only websites always redirect to an OpenDNS search pages when the browser chooses to test IPv4 first. Is it slower than using the local hosts namersevrers? Yes. But no more so than any external DNS server. I have an issue with dns timeouts for 1 or 2 websites and am having to restart the dns cache (nscd) every 6 hours to flush it. I thought adding the nameservers to the squid.conf would bypass this issue. Feel free to give it a try. But watch closely to see if you hit any of the known problems. There are some using it happily. Amos -- Please be using Current Stable Squid 2.7.STABLE7 or 3.0.STABLE23 Current Beta Squid 3.1.0.16
[squid-users] PHP Auth Proxy
I need some function in PHP to user put username and password and the page in PHP auth in Squid
Re: [squid-users] why squid does not support sendfile() ?
Matus UHLAR - fantomas wrote: Weibin Yao wrote: I'am using squid-2.7. I has checked the configure reference and found nothing about sendfile(). Why squid does not support sendfile()? especially the HIT request. On 26.01.10 21:26, Amos Jeffries wrote: 1) Blocking call. Squid needs to support more than one client request simutaneously. is it blocking anywhere? According to the docs sendfile() does not return until the entire file has been sent. Setting the non-blocking IO flagon the outgoing sockets wil result in an error code. Squid with its single thread cannot use this type of call without terrible performance losses. 2) speed. sendfile is limited linearly by disk IO speeds, blocking the entire time. does it matter for content fetched from disk? I think that sendfile is for this cases the most effective option (e.g. from disk direct to network card memory). I understand it can be an issue in 3.x where squid wants to implement own caching, but wonder if sendfile couldn't help here as you indicate. We could start a new thread for each file send, it might be usable. That covers the one-client one-file-from-disk sending case... 3) HTTP protocol. The current design of Squid stores the headers and data together. They cannot be altered correctly according to protocol requirements during a sendfile() call. you can read, process and write headers and THEN call sendfile for the rest of content. The problem is with chunking which it not supported on client connections yet, iirc. As I said "the current design". Someone with time to do a good re-design would allow a lot of things to be done better. Such a re-design has been on the books for a long time to solve the HTTP/1.1 range-request issues, but none of the current developers has had both the expertise and time to do it. 4) collapsed forwarding. multiple clients may be receiving the same identical object from Squid simultaneously, or even different parts of the same object. should not be a problem with sendfile, should it? It increases the disk load for N clients from 1 disk read pass across the file to N disk read passes. Despite doing it in the kernel, this is a net gain in lag. The main loss is that it prevents Squid loading the object back into memory for Hot-Object re-use and alterations. 4) object location. not all HIT objects are from files. some may be in memory, or a range of something partially received by another client. 5) I think ;-) Yes sendfile is only applicable on content fetched from the disk. Apparently nobody implemented sendfile in squid yet and apparently nobody will do it, but I wonder if all those reasons are really that problematic... Well I wouldn't go so far as to say nobody will. I'm just pointing out the known hurdles as to why nobody has yet. If somebody wants to try it and see, feel free to do so. Amos -- Please be using Current Stable Squid 2.7.STABLE7 or 3.0.STABLE23 Current Beta Squid 3.1.0.16
Re: [squid-users] SSL Bump progress on beta 3.1.0.16?
On 02/08/2010 03:21 PM, Dimitri Syuoul wrote: > I want to give a show to the SSL Bump feature that we have long > awaited on 3.1 . Id like to know how advanced/tested this feature is > in currently to know if there is a chance I can begin using it on > production environment. I believe the basic SSL Bump feature in Squid v3.1 is relatively well tested. It has been around for a while. I am not aware of any open bugs (but have not checked recently). Its usability is rather limited because of the frequent certificate warnings though. The Dynamic Certificate Generation feature (to be submitted to squid-dev for review in a few days) that eliminates site certificate warnings is new. It is unlikely to be added to the official Squid 3.1 releases because v3.1 is in feature-freeze state. This feature has passed all our functionality tests but may have failed one performance overload test. I would not recommend deploying it without testing, including performance testing, so that you can size and configure everything correctly for your specific environment. HTH, Alex.
Re: [squid-users] Sq with DigestAuth reauth
Le Jeudi 6 Novembre 2008 21:01:24, vous avez écrit : > On tor, 2008-11-06 at 13:15 -0600, Luis Daniel Lucio Quiroz wrote: > > Hi Squids, > > > > I wonder to know you one of you knows about this. We've put a squid with > > digest_ldap_auth helper. It works, but only one user and just one has > > this issues: > > - Reauth happens to him every 3 mins aprox, auth is successfull > > Which Squid version? > > Regards > Henrik Squid 3.0, from stable 9 to stable 20
Re: [squid-users] proxy_auth digest and multiple reverse proxies (siblings)
Le Jeudi 28 Janvier 2010 22:30:41, Deepak Rao a écrit : > On Thu, Jan 28, 2010 at 12:39 AM, Luis Daniel Lucio Quiroz > > wrote: > > Le Mercredi 27 Janvier 2010 12:05:32, Deepak Rao a écrit : > >> Hi, > >> > >> I have a squid setup requirement in my project for which I could not > >> find an answer. Any pointers will be helpful... > >> > >> The setup is as follows: I have multiple reverse proxies serving web > >> pages to clients. A load balancer front-ends the reverse proxies. The > >> reverse proxies can be configured as siblings. > >> > >> The client requests contain HTTP Digest headers and needs to be > >> authenticated at my server side (using proxy_auth?) The requests from > >> a client can be served by any of the reverse proxies & no state is > >> maintained on the server. Stickiness is also not possible. > >> > >> The issue is: > >> When the first request (REQ1) comes from client 1, server responds > >> back with 401 Unauthorized (WWW-Authenticate) and sets a nonce value > >> (N1) [all this is handled by the reverse proxy itself] > >> > >> Now when the client 1 sends the request (REQ1) again with all the > >> digest headers (using nonce N1), this request is received by another > >> reverse proxy. For this reverse proxy, the nonce N1 is unknown and > >> hence it returns again 401 Unauthorized as response with stale=true > >> for the nonce N1! Thus the request is never getting served rightly > >> > >> How do I handle this scenario? Is there a way to make all reverse > >> proxies share the same nonce pool? > >> > >> Any other alternatives for my requirement is also welcome. > >> > >> Thanks, > >> Deepak > > > > Easygoing, if you are using digest auth, use some persistency in your > > balances et voila! you are done. dont use RoundRobin, > > yes that would be the best way. Unfortunately, the servers are hosted > on third party infrastructure and their load balancer does not provide > any stickiness. The laod balancer just uses round-robin to pass > requests to various reverse-proxies. You wont using Roundrobing, you MUST use a persistency,
[squid-users] Squid: reverse proxy security advantages
Dear all, I have a webmail which must be accesed by users from another network. The content of the webmail is not static obviously, so the content caching is not an advantage here. Also the webmail is just one server, not load balancing is important here. So are there any security advantage of using a Squid as a reverse proxy in front of my webmail ??? Because I can't see any security benefit... Thanks a lot Alejandro
[squid-users] Re: Re: Re:Problem with SQUID_KERB_LDAP
Ralf, The lines: 2010/02/08 20:59:08| squid_kerb_auth: received type 1 NTLM token mean that your browser is not using Kerberos authentication, why you get the popup. Markus "Ralf Fruehauf" wrote in message news:4b706e39.9050...@googlemail.com... Am 05.02.2010 19:03, schrieb Markus Moeller: If you have only a directory not an executable then you don't really have squid_kerb_ldap installed. The script is a standalone script somewhere on your filesystem accesible by the squid process. Markus "Ralf Fruehauf" wrote in message news:ff35590e1002050714q1bd0432bje929e96818924...@mail.gmail.com... For my understanding: i take this script and put it into my /etc/init.d/squid start script? With strace, i thought, i need a executably file/program, but i have no squid_kerb_ldap file, only a directory!? Sorry, for this simple question. Rainer Ok, that was my mistake, i had a problem during the make command with squid_kerb_ldap, now, i have a squid_kerb_ldap file and squid successfully starts, that is some progress at least. Now, i have a problem with the authenticating. The registration box appears on the screen, but he don't accept my user/passwort entry. The user is located in the SQUID_USERS group in my Active Directory. After 4 until 5 attempts, i get a error - Cache Access Denied - "Sorry, you are not currently allowed to request http://www.google.de/ from this cache until you have authenticated yourself." __ access.log: 1265659148.810 2 192.168.100.130 TCP_DENIED/407 2462 GET http://www.google.de/ - NONE/- text/html 1265659148.856 1 192.168.100.130 TCP_DENIED/407 2565 GET http://www.google.de/ - NONE/- text/html 1265659158.206 1 192.168.100.130 TCP_DENIED/407 2565 GET http://www.google.de/ - NONE/- text/html __ cache.log: 2010/02/08 20:38:35| Starting Squid Cache version 3.0.STABLE18 for i686-pc-linux-gnu... 2010/02/08 20:38:35| Process ID 2292 2010/02/08 20:38:35| With 1024 file descriptors available 2010/02/08 20:38:35| DNS Socket created at 0.0.0.0, port 46847, FD 7 2010/02/08 20:38:35| Adding domain homebase.local from /etc/resolv.conf 2010/02/08 20:38:35| Adding domain homebase.local from /etc/resolv.conf 2010/02/08 20:38:35| Adding nameserver 192.168.100.1 from /etc/resolv.conf 2010/02/08 20:38:35| Adding nameserver 192.168.100.254 from /etc/resolv.conf 2010/02/08 20:38:35| helperOpenServers: Starting 10/10 'squid_kerb_auth' processes 2010/02/08 20:38:36| helperOpenServers: Starting 5/5 'squid_kerb_ldap' processes 2010/02/08 20:38:36| squid_kerb_ldap: Starting version 1.1.2 2010/02/08 20:38:36| squid_kerb_ldap: Group list SQUID_USERS 2010/02/08 20:38:36| squid_kerb_ldap: Group SQUID_USERS Domain NULL 2010/02/08 20:38:36| squid_kerb_ldap: Netbios list NULL 2010/02/08 20:38:36| squid_kerb_ldap: No netbios names defined. 2010/02/08 20:38:36| squid_kerb_ldap: Starting version 1.1.2 2010/02/08 20:38:36| squid_kerb_ldap: Group list SQUID_USERS 2010/02/08 20:38:36| squid_kerb_ldap: Group SQUID_USERS Domain NULL 2010/02/08 20:38:36| squid_kerb_ldap: Netbios list NULL 2010/02/08 20:38:36| squid_kerb_ldap: No netbios names defined. 2010/02/08 20:38:36| squid_kerb_ldap: Starting version 1.1.2 2010/02/08 20:38:36| squid_kerb_ldap: Group list SQUID_USERS 2010/02/08 20:38:36| squid_kerb_ldap: Group SQUID_USERS Domain NULL 2010/02/08 20:38:36| squid_kerb_ldap: Netbios list NULL 2010/02/08 20:38:36| squid_kerb_ldap: No netbios names defined. 2010/02/08 20:38:36| squid_kerb_ldap: Starting version 1.1.2 2010/02/08 20:38:36| squid_kerb_ldap: Group list SQUID_USERS 2010/02/08 20:38:36| squid_kerb_ldap: Group SQUID_USERS Domain NULL 2010/02/08 20:38:36| squid_kerb_ldap: Netbios list NULL 2010/02/08 20:38:36| squid_kerb_ldap: No netbios names defined. 2010/02/08 20:38:36| squid_kerb_ldap: Starting version 1.1.2 2010/02/08 20:38:36| squid_kerb_ldap: Group list SQUID_USERS 2010/02/08 20:38:36| squid_kerb_ldap: Group SQUID_USERS Domain NULL 2010/02/08 20:38:36| squid_kerb_ldap: Netbios list NULL 2010/02/08 20:38:36| squid_kerb_ldap: No netbios names defined. 2010/02/08 20:38:36| Unlinkd pipe opened on FD 27 2010/02/08 20:38:36| Swap maxSize 102400 + 8192 KB, estimated 8507 objects 2010/02/08 20:38:36| Target number of buckets: 425 2010/02/08 20:38:36| Using 8192 Store buckets 2010/02/08 20:38:36| Max Mem size: 8192 KB 2010/02/08 20:38:36| Max Swap size: 102400 KB 2010/02/08 20:38:36| Version 1 of swap file with LFS support detected... 2010/02/08 20:38:36| Rebuilding storage in /var/cache/squid-3.0 (CLEAN) 2010/02/08 20:38:36| Using Least Load store dir selection 2010/02/08 20:38:36| chdir: /opt/squid-3.0/var/cache: (2) No such file or directory 2010/02/08 20:38:36| Current Directory is / 2010/02/08 20:38:36| Loaded Icons. 2010/02/08 20:38:36| Accepting HTTP connections at 0.0.0
[squid-users] Missing Cache on Requests.
Hello, I have finished setting up squid but I do not believe it is working properly. It appears as though when request are made they are missing the cache; X-Cache-Lookup: MISS from localhost:3128 I am running squid3 with a pretty much out of the box config and a few refresh_pattern variables. Any help would be great. Thanks, -John
[squid-users] Reverse proxy scenario
Hi list, I have set up a reverse proxy on a 100MB/s server to preserve my home bandwidth (upload ~128KB/s). It works very fine, objects are stored in the cache and served to the clients. However, I had last week a rush on my blog, about 1500 visitor in two days that had result to overload my connection with a huge amount of 304 queries. My question is: Is it possible to tell Squid to not check the parent (my local web server) if an object has been modified for a while? by directory or mime type? Cheers, Sébastien WENSKE. smime.p7s Description: S/MIME cryptographic signature
[squid-users] SSL Bump progress on beta 3.1.0.16?
Greetings, I want to give a show to the SSL Bump feature that we have long awaited on 3.1 . Id like to know how advanced/tested this feature is in currently to know if there is a chance I can begin using it on production environment. Thanks. Dimitri
[squid-users] Question on removing cache based on url.
Hello, I am currently trying to purge objects that are older than 2 minutes. The particular site is amazon. It does not appear to be working with my configuration because I tried this on a site with a few words of text and the object that it created was not purged. Here is my config line: refresh_pattern -i .*\.amazon\.com 1 20% 2 Thank You, -John
[squid-users] cache manager access from web
I have followed the tutorial here: http://wiki.squid-cache.org/SquidFaq/CacheManager and set up acls to access the cache manager cgi on my server. I have to access this externally for the moment as that is the only access to the server that I have (SSH or web). The cache manager login appears when I access: http://myexternalipaddress/cgi-bin/cachemgr.cgi I have set the cache manager login and password in the squid.conf # TAG: cache_mgr # Email-address of local cache manager who will receive # mail if the cache dies. The default is "root". # #Default: # cache_mgr root cache_mgr a...@aaa.com cachemgr_passwd aaa all #Recommended minimum configuration: acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl cacheadmin src 88.xxx.xxx.xx9/255.255.255.255 #external IP address? acl to_localhost dst 127.0.0.0/8 # Only allow cachemgr access from localhost http_access allow ncsa_users http_access allow manager localhost http_access allow manager cacheadmin http_access deny manager However, whenever I enter the password and select localhost port 8080 from the cgi script I get: The following error was encountered: Cache Access Denied. Sorry, you are not currently allowed to request: cache_object://localhost/ from this cache until you have authenticated yourself. _ Do you have a story that started on Hotmail? Tell us now http://clk.atdmt.com/UKM/go/195013117/direct/01/
[squid-users] Authentication Browser Dialog
Hello, i use the squidproxy over 10 years, an i am very happy to have this programm for internet access, the user may look different about this. But, I have a demand concerning the authentication dialogs I want to authenticate the internet access for my users by mysql backend, but not with a browser dialog, else with a webpage. Similar to the question "Re: [squid-users] Proxy subscription on-line" where is the error page, i can modify? Thanks a lot for viewing and please give me a answer...
Re: [squid-users] Re: Re:Problem with SQUID_KERB_LDAP
Am 05.02.2010 19:03, schrieb Markus Moeller: If you have only a directory not an executable then you don't really have squid_kerb_ldap installed. The script is a standalone script somewhere on your filesystem accesible by the squid process. Markus "Ralf Fruehauf" wrote in message news:ff35590e1002050714q1bd0432bje929e96818924...@mail.gmail.com... For my understanding: i take this script and put it into my /etc/init.d/squid start script? With strace, i thought, i need a executably file/program, but i have no squid_kerb_ldap file, only a directory!? Sorry, for this simple question. Rainer Ok, that was my mistake, i had a problem during the make command with squid_kerb_ldap, now, i have a squid_kerb_ldap file and squid successfully starts, that is some progress at least. Now, i have a problem with the authenticating. The registration box appears on the screen, but he don't accept my user/passwort entry. The user is located in the SQUID_USERS group in my Active Directory. After 4 until 5 attempts, i get a error - Cache Access Denied - "Sorry, you are not currently allowed to request http://www.google.de/ from this cache until you have authenticated yourself." __ access.log: 1265659148.810 2 192.168.100.130 TCP_DENIED/407 2462 GET http://www.google.de/ - NONE/- text/html 1265659148.856 1 192.168.100.130 TCP_DENIED/407 2565 GET http://www.google.de/ - NONE/- text/html 1265659158.206 1 192.168.100.130 TCP_DENIED/407 2565 GET http://www.google.de/ - NONE/- text/html __ cache.log: 2010/02/08 20:38:35| Starting Squid Cache version 3.0.STABLE18 for i686-pc-linux-gnu... 2010/02/08 20:38:35| Process ID 2292 2010/02/08 20:38:35| With 1024 file descriptors available 2010/02/08 20:38:35| DNS Socket created at 0.0.0.0, port 46847, FD 7 2010/02/08 20:38:35| Adding domain homebase.local from /etc/resolv.conf 2010/02/08 20:38:35| Adding domain homebase.local from /etc/resolv.conf 2010/02/08 20:38:35| Adding nameserver 192.168.100.1 from /etc/resolv.conf 2010/02/08 20:38:35| Adding nameserver 192.168.100.254 from /etc/resolv.conf 2010/02/08 20:38:35| helperOpenServers: Starting 10/10 'squid_kerb_auth' processes 2010/02/08 20:38:36| helperOpenServers: Starting 5/5 'squid_kerb_ldap' processes 2010/02/08 20:38:36| squid_kerb_ldap: Starting version 1.1.2 2010/02/08 20:38:36| squid_kerb_ldap: Group list SQUID_USERS 2010/02/08 20:38:36| squid_kerb_ldap: Group SQUID_USERS Domain NULL 2010/02/08 20:38:36| squid_kerb_ldap: Netbios list NULL 2010/02/08 20:38:36| squid_kerb_ldap: No netbios names defined. 2010/02/08 20:38:36| squid_kerb_ldap: Starting version 1.1.2 2010/02/08 20:38:36| squid_kerb_ldap: Group list SQUID_USERS 2010/02/08 20:38:36| squid_kerb_ldap: Group SQUID_USERS Domain NULL 2010/02/08 20:38:36| squid_kerb_ldap: Netbios list NULL 2010/02/08 20:38:36| squid_kerb_ldap: No netbios names defined. 2010/02/08 20:38:36| squid_kerb_ldap: Starting version 1.1.2 2010/02/08 20:38:36| squid_kerb_ldap: Group list SQUID_USERS 2010/02/08 20:38:36| squid_kerb_ldap: Group SQUID_USERS Domain NULL 2010/02/08 20:38:36| squid_kerb_ldap: Netbios list NULL 2010/02/08 20:38:36| squid_kerb_ldap: No netbios names defined. 2010/02/08 20:38:36| squid_kerb_ldap: Starting version 1.1.2 2010/02/08 20:38:36| squid_kerb_ldap: Group list SQUID_USERS 2010/02/08 20:38:36| squid_kerb_ldap: Group SQUID_USERS Domain NULL 2010/02/08 20:38:36| squid_kerb_ldap: Netbios list NULL 2010/02/08 20:38:36| squid_kerb_ldap: No netbios names defined. 2010/02/08 20:38:36| squid_kerb_ldap: Starting version 1.1.2 2010/02/08 20:38:36| squid_kerb_ldap: Group list SQUID_USERS 2010/02/08 20:38:36| squid_kerb_ldap: Group SQUID_USERS Domain NULL 2010/02/08 20:38:36| squid_kerb_ldap: Netbios list NULL 2010/02/08 20:38:36| squid_kerb_ldap: No netbios names defined. 2010/02/08 20:38:36| Unlinkd pipe opened on FD 27 2010/02/08 20:38:36| Swap maxSize 102400 + 8192 KB, estimated 8507 objects 2010/02/08 20:38:36| Target number of buckets: 425 2010/02/08 20:38:36| Using 8192 Store buckets 2010/02/08 20:38:36| Max Mem size: 8192 KB 2010/02/08 20:38:36| Max Swap size: 102400 KB 2010/02/08 20:38:36| Version 1 of swap file with LFS support detected... 2010/02/08 20:38:36| Rebuilding storage in /var/cache/squid-3.0 (CLEAN) 2010/02/08 20:38:36| Using Least Load store dir selection 2010/02/08 20:38:36| chdir: /opt/squid-3.0/var/cache: (2) No such file or directory 2010/02/08 20:38:36| Current Directory is / 2010/02/08 20:38:36| Loaded Icons. 2010/02/08 20:38:36| Accepting HTTP connections at 0.0.0.0, port 3128, FD 29. 2010/02/08 20:38:36| Accepting ICP messages at 0.0.0.0, port 3130, FD 30. 2010/02/08 20:38:36| HTCP Disabled. 2010/02/08 20:38:36| Ready to serve requests. 2010/02/08 20:38:36| Done reading /var/cache/squid-3.0 swaplog (0 entries) 20
RE: [squid-users] WARNING: got unused STORE_META type 10
-Original Message- From: Amos Jeffries [mailto:squ...@treenet.co.nz] Sent: Friday, February 05, 2010 4:33 PM To: Ryan McCain Subject: Re: [squid-users] WARNING: got unused STORE_META type 10 Ryan McCain wrote: >> Squid-2.7 uses more advanced storage formats for objects. >> Squid-2.5 is unable to cope with those and is probably discarding things. > >> Please, why did you down grade all the way to 2.5? > > Amos, > > We use a Websense plugin that only supports 2.5 and 2.6. Why is it trying to > use this storage format since I removed 2.7 before installing 2.5? Is there > something I can do to get rid of these errors? > > Thanks.. > >You need to erase the cache directory content and rebuild it with squid -z >again. > >Amos -- Please be using Current Stable Squid 2.7.STABLE7 or 3.0.STABLE23 Current Beta Squid 3.1.0.16 === Thank you. That did the trick.
Re: [squid-users] Wrong error page showing in browser
Jenny Lee wrote: acl academic01 time MTWHF 08:00-18:00 acl labs src 192.168.3.19-192.168.3.200 http_access deny academic01 labs deny_info ERR_LAB_SCHEDULE labs should work. I believe last match triggers error message. You should not negate academic01. http_access deny academic01 labs Means: If the time is: MTWHF 08:00-18:00 AND The IP is: 192.168.3.19-192.168.3.200 DENY IT. squid -k reconfigure is sufficient. J Date: Mon, 8 Feb 2010 18:46:46 +0100 From: contactd...@gmail.com To: squid-users@squid-cache.org Subject: [squid-users] Wrong error page showing in browser Hi all I'm trying to deny proxy access for a block of IPs during a certain time interval. During that time interval when someone from that block tries to access the internet they should get a customized error msg in their browser: ERR_LAB_SCHEDULE. acl academic01 time MTWHF 08:00-18:00 acl labs src 192.168.3.19-192.168.3.200 http_access deny labs !academic01 deny_info ERR_LAB_SCHEDULE labs However, they keep getting the default error msg, and not the customized one. What am I missing here? Thanks Dayo _ Hotmail: Free, trusted and rich email service. http://clk.atdmt.com/GBL/go/201469228/direct/01/ I'm negating academic01, because access should be denied outside that timeframe.
RE: [squid-users] Wrong error page showing in browser
> From: webster_j...@hotmail.com > To: bodycar...@live.com; contactd...@gmail.com > CC: squid-users@squid-cache.org > Date: Mon, 8 Feb 2010 19:35:21 + > Subject: RE: [squid-users] Wrong error page showing in browser > > > out of interest, when you issue a > squid -k reconfigure > does this disconnect any connected users? > I assume service squid restart will definitely disconnect users I would expect it should... But it doesn't for me. Downloads continue for example. I am using 3.1.0.15 restart disconnects everything. Amos has a detailed explanation here: http://wiki.squid-cache.org/Features/HotConf _ Hotmail: Trusted email with powerful SPAM protection. http://clk.atdmt.com/GBL/go/201469227/direct/01/
RE: [squid-users] Wrong error page showing in browser
out of interest, when you issue a squid -k reconfigure does this disconnect any connected users? I assume service squid restart will definitely disconnect users > From: bodycar...@live.com > To: contactd...@gmail.com > CC: squid-users@squid-cache.org > Date: Mon, 8 Feb 2010 19:25:36 + > Subject: RE: [squid-users] Wrong error page showing in browser > > > acl academic01 time MTWHF 08:00-18:00 > acl labs src 192.168.3.19-192.168.3.200 > http_access deny academic01 labs > deny_info ERR_LAB_SCHEDULE labs > > > should work. I believe last match triggers error message. You should not > negate academic01. > > http_access deny academic01 labs > > Means: > > If the time is: MTWHF 08:00-18:00 > > AND > > The IP is: 192.168.3.19-192.168.3.200 > > DENY IT. > > > squid -k reconfigure is sufficient. > > J > > >> Date: Mon, 8 Feb 2010 18:46:46 +0100 >> From: contactd...@gmail.com >> To: squid-users@squid-cache.org >> Subject: [squid-users] Wrong error page showing in browser >> >> Hi all >> >> I'm trying to deny proxy access for a block of IPs during a certain time >> interval. >> During that time interval when someone from that block tries to access >> the internet >> they should get a customized error msg in their browser: ERR_LAB_SCHEDULE. >> >> acl academic01 time MTWHF 08:00-18:00 >> acl labs src 192.168.3.19-192.168.3.200 >> http_access deny labs !academic01 >> deny_info ERR_LAB_SCHEDULE labs >> >> However, they keep getting the default error msg, and not the customized >> one. >> What am I missing here? >> >> Thanks >> >> Dayo > _ > Hotmail: Free, trusted and rich email service. > http://clk.atdmt.com/GBL/go/201469228/direct/01/ _ We want to hear all your funny, exciting and crazy Hotmail stories. Tell us now http://clk.atdmt.com/UKM/go/195013117/direct/01/
RE: [squid-users] Wrong error page showing in browser
acl academic01 time MTWHF 08:00-18:00 acl labs src 192.168.3.19-192.168.3.200 http_access deny academic01 labs deny_info ERR_LAB_SCHEDULE labs should work. I believe last match triggers error message. You should not negate academic01. http_access deny academic01 labs Means: If the time is: MTWHF 08:00-18:00 AND The IP is: 192.168.3.19-192.168.3.200 DENY IT. squid -k reconfigure is sufficient. J > Date: Mon, 8 Feb 2010 18:46:46 +0100 > From: contactd...@gmail.com > To: squid-users@squid-cache.org > Subject: [squid-users] Wrong error page showing in browser > > Hi all > > I'm trying to deny proxy access for a block of IPs during a certain time > interval. > During that time interval when someone from that block tries to access > the internet > they should get a customized error msg in their browser: ERR_LAB_SCHEDULE. > > acl academic01 time MTWHF 08:00-18:00 > acl labs src 192.168.3.19-192.168.3.200 > http_access deny labs !academic01 > deny_info ERR_LAB_SCHEDULE labs > > However, they keep getting the default error msg, and not the customized > one. > What am I missing here? > > Thanks > > Dayo _ Hotmail: Free, trusted and rich email service. http://clk.atdmt.com/GBL/go/201469228/direct/01/
Re: [squid-users] BUG !? swap.state: (13) Permission denied ...
Where can I find difference from kill and squid -k ? I'm looking for documenentation which describes differences at code level. - Original Message - From: "Amos Jeffries" To: Sent: Sunday, February 07, 2010 3:15 AM Subject: Re: [squid-users] BUG !? swap.state: (13) Permission denied ... Riccardo Castellani wrote: So "killall -HUP squid" command to parent process, permit Squid to reload squid.conf becuase restart it, ok ? "killall" does this: * killall signal -HUP shutdown to child 'squid' process -> child process begins shutdown cleanup procedure. * killall signal -HUP to master 'squid' process -> master process signal -HUP to child process -> child process receives double-HUP "abort shutdown NOW" -> child process abandons all system resources and aborts shutdown cleanup actions. Use "kill" not "killall". Or best to use "squid -k ..." Amos - Original Message - From: "Amos Jeffries" To: Sent: Sunday, February 07, 2010 12:24 AM Subject: Re: [squid-users] BUG !? swap.state: (13) Permission denied ... Riccardo Castellani wrote: But can I always use "killall -HUP squid" command ? I'm newby on this Squid version. I killed squid with killall ?! I don't think so. killall does nasty things to the child processes inside Squid. Best to avoid it. You can kill -HUP the parent process by itself. Which is the same as "squid -k shutdown", and passes the skill signal to the squid child process after some initial cleanup. Amos - Original Message - From: "Amos Jeffries" To: Sent: Saturday, February 06, 2010 11:56 PM Subject: Re: [squid-users] BUG !? swap.state: (13) Permission denied ... Riccardo Castellani wrote: I'm using Squid 2.7 Stable in Debian Sarge environment, when I tried to restart Squid service but process died. I got this message in cache.log : "swap.state: (13) Permission denied ..." First to restart I send killall -HUP squid. What happened ?! You killed Squid before it completed writing and setting ownership details for the new swap.state file. Erase the swap.state file and start Squid again as you normally would. Have some patience this time because the startup may take a long time to regenerate the content of swap.state from on-disk information. Amos -- Please be using Current Stable Squid 2.7.STABLE7 or 3.0.STABLE23 Current Beta Squid 3.1.0.16 -- Please be using Current Stable Squid 2.7.STABLE7 or 3.0.STABLE23 Current Beta Squid 3.1.0.16 -- Please be using Current Stable Squid 2.7.STABLE7 or 3.0.STABLE23 Current Beta Squid 3.1.0.16
Re: [squid-users] Wrong error page showing in browser
J. Webster wrote: Did you restart the squid server? I know when I tried this once before, I had to restart for it to pick up the custom error pages - maybe they are loaded into a cache at startup? Date: Mon, 8 Feb 2010 18:46:46 +0100 From: contactd...@gmail.com To: squid-users@squid-cache.org Subject: [squid-users] Wrong error page showing in browser Hi all I'm trying to deny proxy access for a block of IPs during a certain time interval. During that time interval when someone from that block tries to access the internet they should get a customized error msg in their browser: ERR_LAB_SCHEDULE. acl academic01 time MTWHF 08:00-18:00 acl labs src 192.168.3.19-192.168.3.200 http_access deny labs !academic01 deny_info ERR_LAB_SCHEDULE labs However, they keep getting the default error msg, and not the customized one. What am I missing here? Thanks Dayo _ Tell us your greatest, weirdest and funniest Hotmail stories http://clk.atdmt.com/UKM/go/195013117/direct/01/ Restarting didn't help. I usually just reload. However, I've noticed if I take off the !academic01 it works correctly. Dayo
RE: [squid-users] Wrong error page showing in browser
Did you restart the squid server? I know when I tried this once before, I had to restart for it to pick up the custom error pages - maybe they are loaded into a cache at startup? > Date: Mon, 8 Feb 2010 18:46:46 +0100 > From: contactd...@gmail.com > To: squid-users@squid-cache.org > Subject: [squid-users] Wrong error page showing in browser > > Hi all > > I'm trying to deny proxy access for a block of IPs during a certain time > interval. > During that time interval when someone from that block tries to access > the internet > they should get a customized error msg in their browser: ERR_LAB_SCHEDULE. > > acl academic01 time MTWHF 08:00-18:00 > acl labs src 192.168.3.19-192.168.3.200 > http_access deny labs !academic01 > deny_info ERR_LAB_SCHEDULE labs > > However, they keep getting the default error msg, and not the customized > one. > What am I missing here? > > Thanks > > Dayo _ Tell us your greatest, weirdest and funniest Hotmail stories http://clk.atdmt.com/UKM/go/195013117/direct/01/
[squid-users] Wrong error page showing in browser
Hi all I'm trying to deny proxy access for a block of IPs during a certain time interval. During that time interval when someone from that block tries to access the internet they should get a customized error msg in their browser: ERR_LAB_SCHEDULE. acl academic01 time MTWHF 08:00-18:00 acl labs src 192.168.3.19-192.168.3.200 http_access deny labs !academic01 deny_info ERR_LAB_SCHEDULE labs However, they keep getting the default error msg, and not the customized one. What am I missing here? Thanks Dayo
RE: [squid-users] Is OpenDNS efficient for squid?
Dear All, I was reading the article, but I guess it's too old. Can anybody update me Still Squid can't handle SSL(https) Pages? http://www.squid-cache.org/mail-archive/squid-users/200907/0073.html HTTP port 80 can be intercepted. Or other known plain HTTP port if you are very certain of them. HTTPS is encrypted. Thats what the 'S' means (Secure over SSL). You _cannot_ intercept an encrypted transaction and expect a plain-text HTTP processor to handle it. -Original Message- From: J. Webster [mailto:webster_j...@hotmail.com] Sent: Monday, February 08, 2010 7:05 PM To: swri...@shawnigan.ca; squid-users@squid-cache.org Subject: RE: [squid-users] Is OpenDNS efficient for squid? I have put the nameservers into squid.conf. However, today I received the same error. Squid times out on the following site https://www.skyplayer.com This is the dig result: [r...@# dig skyplayer.sky.com ; <<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2 <<>> skyplayer.sky.com ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35479 ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;skyplayer.sky.com. IN A ;; ANSWER SECTION: skyplayer.sky.com. 300 IN CNAME wildcard.sky.com.edgekey.net. wildcard.sky.com.edgekey.net. 21600 IN CNAME e3228.b.akamaiedge.net. e3228.b.akamaiedge.net. 20 IN A 92.123.93.52 ;; Query time: 162 msec ;; SERVER: 213.171.192.249#53(213.171.192.249) ;; WHEN: Mon Feb 8 13:57:05 2010 ;; MSG SIZE rcvd: 126 If dig works and nslookup gives: [r...@]# nslookup skyplayer.com Server: 213.171.192.249 Address: 213.171.192.249#53 Non-authoritative answer: Name: skyplayer.com Address: 80.238.9.232 Any reasons why squid won't resolve it? > Date: Sun, 7 Feb 2010 19:03:09 -0800 > From: swri...@shawnigan.ca > To: squid-users@squid-cache.org > Subject: Re: [squid-users] Is OpenDNS efficient for squid? > > - "Dieter Bloms" wrote: >> Hi, >> >> On Sun, Feb 07, J. Webster wrote: >> >>> Is there any problem with using opendns server as the dns_nameserver in >>> squid? >>> Is it slower than using the local hosts namersevrers? >>> I have an issue with dns timeouts for 1 or 2 websites and am having to >>> restart the dns cache (nscd) every 6 hours to flush it. >>> I thought adding the nameservers to the squid.conf would bypass this issue. >> >> you can savely disable nscd. >> I had some trouble with nscd till I disabled it. >> I think you don't get any performance issues. >> >> >> -- >> Gruß >> >> Dieter > > We switched to OpenDNS in December, after years of using our own djbdns > servers, and have not seen any issues. The server provides access to 650 > campus users over a 1Gb link, with typically 100Req/s throughout the day. Our > hope is that OpenDNS will reduce the time spent on ACL maintenance in squid, > and allow us to drop some ACLs completely. > > -- > Shawn Wright > I.T. Manager, Shawnigan Lake School > http://www.shawnigan.ca _ Tell us your greatest, weirdest and funniest Hotmail stories http://clk.atdmt.com/UKM/go/195013117/direct/01/
RE: [squid-users] Is OpenDNS efficient for squid?
I have put the nameservers into squid.conf. However, today I received the same error. Squid times out on the following site https://www.skyplayer.com This is the dig result: [r...@# dig skyplayer.sky.com ; <<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2 <<>> skyplayer.sky.com ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35479 ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;skyplayer.sky.com. IN A ;; ANSWER SECTION: skyplayer.sky.com. 300 IN CNAME wildcard.sky.com.edgekey.net. wildcard.sky.com.edgekey.net. 21600 IN CNAME e3228.b.akamaiedge.net. e3228.b.akamaiedge.net. 20 IN A 92.123.93.52 ;; Query time: 162 msec ;; SERVER: 213.171.192.249#53(213.171.192.249) ;; WHEN: Mon Feb 8 13:57:05 2010 ;; MSG SIZE rcvd: 126 If dig works and nslookup gives: [r...@]# nslookup skyplayer.com Server: 213.171.192.249 Address: 213.171.192.249#53 Non-authoritative answer: Name: skyplayer.com Address: 80.238.9.232 Any reasons why squid won't resolve it? > Date: Sun, 7 Feb 2010 19:03:09 -0800 > From: swri...@shawnigan.ca > To: squid-users@squid-cache.org > Subject: Re: [squid-users] Is OpenDNS efficient for squid? > > - "Dieter Bloms" wrote: >> Hi, >> >> On Sun, Feb 07, J. Webster wrote: >> >>> Is there any problem with using opendns server as the dns_nameserver in >>> squid? >>> Is it slower than using the local hosts namersevrers? >>> I have an issue with dns timeouts for 1 or 2 websites and am having to >>> restart the dns cache (nscd) every 6 hours to flush it. >>> I thought adding the nameservers to the squid.conf would bypass this issue. >> >> you can savely disable nscd. >> I had some trouble with nscd till I disabled it. >> I think you don't get any performance issues. >> >> >> -- >> Gruß >> >> Dieter > > We switched to OpenDNS in December, after years of using our own djbdns > servers, and have not seen any issues. The server provides access to 650 > campus users over a 1Gb link, with typically 100Req/s throughout the day. Our > hope is that OpenDNS will reduce the time spent on ACL maintenance in squid, > and allow us to drop some ACLs completely. > > -- > Shawn Wright > I.T. Manager, Shawnigan Lake School > http://www.shawnigan.ca _ Tell us your greatest, weirdest and funniest Hotmail stories http://clk.atdmt.com/UKM/go/195013117/direct/01/
[squid-users] problem
hello, i have configured the reply- and request_header_access Rulez request_header_access Allow allow all request_header_access Authorization allow all request_header_access WWW-Authenticate allow all request_header_access Proxy-Authorization allow all request_header_access Proxy-Authenticate allow all request_header_access Cache-Control allow all request_header_access Content-Encoding allow all request_header_access Content-Length allow all request_header_access Content-Type allow all request_header_access Date allow all request_header_access Expires allow all request_header_access Host allow all request_header_access If-Modified-Since allow all request_header_access Last-Modified allow all request_header_access Location allow all request_header_access Pragma allow all request_header_access Accept allow all request_header_access Accept-Charset allow all request_header_access Accept-Encoding allow all request_header_access Accept-Language allow all request_header_access Content-Language allow all request_header_access Mime-Version allow all request_header_access Retry-After allow all request_header_access Title allow all request_header_access Connection allow all request_header_access Proxy-Connection allow all request_header_access All deny all reply_header_access Allow allow all reply_header_access Authorization allow all reply_header_access WWW-Authenticate allow all reply_header_access Proxy-Authorization allow all reply_header_access Proxy-Authenticate allow all reply_header_access Cache-Control allow all reply_header_access Content-Encoding allow all reply_header_access Content-Length allow all reply_header_access Content-Type allow all reply_header_access Date allow all reply_header_access Expires allow all reply_header_access Host allow all reply_header_access If-Modified-Since allow all reply_header_access Last-Modified allow all reply_header_access Location allow all reply_header_access Pragma allow all reply_header_access Accept allow all reply_header_access Accept-Charset allow all reply_header_access Accept-Encoding allow all reply_header_access Accept-Language allow all reply_header_access Content-Language allow all reply_header_access Mime-Version allow all reply_header_access Retry-After allow all reply_header_access Title allow all reply_header_access Connection allow all reply_header_access Proxy-Connection allow all reply_header_access All deny all so i can all i need, but one thing left when i would download something, where i have tu put a keyword inside..f.e. rapidshare or sharingmatrix the keyword is always wrong^^ when i delete the ALL deny all rule.i can access ??? what have i to put under allow to fix it? THANKS forward greets dave
[squid-users] unsuccessful ad-authentication (squid_ldap_auth) with underscores in username?
Hi I have trouble with authentication some ad-users, which containing a "_" (underscore) in their username. The helper will always deny such requests. Users containing no underscore in their username are authenticated successfully. Any hints? Thanks a lot. Tom
Re: [squid-users] Proxy subscription on-line
X-Copyrighted-Material What you want is a autentication page. What you need is to work with freeradius and chillispot. Both combined will get that! - Mensagem original - De: "Luis Daniel Lucio Quiroz" Para: squid-users@squid-cache.org Enviadas: Domingo, 7 de Fevereiro de 2010 5:23:20 GMT +00:00 Hora de Greenwich, Irlanda, Portugal Assunto: Re: [squid-users] Proxy subscription on-line Le Samedi 6 Février 2010 22:19:09, Bruno de Oliveira Bastos a écrit : > I want a inteface PHP to register the client for proxy auth access, > someone knows any project for this in Linux ? Something like airport > where any user try access internet, recive a page for subscription, > register and auth with user and password to navigate on internet. you may change the error page --- Esta mensagem e ficheiros em anexo são confidenciais e destinados somente ao conhecimento e utilização da(s) pessoa(s) ou entidade(s) a quem foram endereçados. Cabe ao destinatário verificar a existência de vírus ou erros, uma vez que a informação contida pode ser interceptada e/ou modificada. Se recebeu este e-mail por engano, ou a eles teve acesso não sendo o destinatário, por favor informe de imediato o seu administrador de sistemas e elimine-o sem o utilizar, divulgar ou reproduzir. Proteja o ambiente. Antes de imprimir este e-mail, verifique se realmente necessita.
[squid-users] None Existing File; Repeating Request Timeout
Hi All Im New to squid.. I've scanned through squid 2.6 & 3.0 Manual and Definitive guide, but i still can't find information about this question.. Is it possible to have a request_timeout when the request file doesn't exist on the squid cache and peer server? e.g if client requestionwww.example.com/dontexist.html and then receives 404 http then the client will have to wait until request_timeout 30 seconds to able to request www.example.com/dontexist.html again could this be done? is there such setting/configuration? Thank you very much in advance -- Thanks, Joe
