RE: [squid-users] ipcCreate error:
Hi Henrik, Thank you this problem is resolved by placing the squid_kerb_auth in the libexec folder. Now i beleive that i also have to place any other helpers like squid_ldap_group in the same location to get it to work. regards, Bilal > From: hen...@henriknordstrom.net > To: gi...@msn.com > CC: squid-users@squid-cache.org > Date: Sat, 10 Apr 2010 19:44:31 +0200 > Subject: Re: [squid-users] ipcCreate error: > > lör 2010-04-10 klockan 09:23 + skrev GIGO .: >> >> I have created a user proxy in Centos from which i am running my squid >> successfully with all the rights properly configured until i change my >> configuration file for Negotiate/Kerboros. > > Do you have selinux enabled? > > Try moving the helper to /usr/libexec/squid/ instead of /usr/sbin/... > >> >> Now i have no idea how to use scripts from within squid.conf. And at which >> place should i place this script in the squid.conf in relation to the >> following? > > Instead of the normal program. >> >> auth_param negotiate program /usr/sbin/squid_kerb_auth > > > Regards > Henrik > _ Your E-mail and More On-the-Go. Get Windows Live Hotmail Free. https://signup.live.com/signup.aspx?id=60969
[squid-users] Re: Squid url_rewrite_program problem
Thanks again for helping me out, Amos. I have given up on Alex Vanherwijnens' script after trying for a solid week with no success. I'm not the only one who has had a problem. There was another post with the same errors I have been getting. So, now the test machine gets wiped clean and I try again to build a captive portal using the session helper. We'll see how that goes. Tony -- View this message in context: http://n4.nabble.com/Squid-url-rewrite-program-problem-tp1836241p1839259.html Sent from the Squid - Users mailing list archive at Nabble.com.
[squid-users] Very slow transfert rate on ADSL
Hi,I configured Squid, first with Ubuntu server and then on CentOS 5 the problem is the same, I get very slow speed on a network connected with a ADSL internet connection and when I bring the computer at home it goes well, I have a Cable Modem connection, what could be wrong? Francis.
Re: [squid-users] Is this REAL squid-CARP cluster?
On Wed, 14 Apr 2010 09:36:52 +0800, Drunkard Zhang wrote: > 2010/4/14 Amos Jeffries : >> On Tue, 13 Apr 2010 22:10:38 +0800, Drunkard Zhang >> wrote: >>> I'm using a squid cluster with CARP configured, they works great. >>> >>> I'm not sure if all the CARP frontend distributed URLs based on the >>> _same_ hash value, >>> here's result queried by squidclient: >>> >> >> Bug http://bugs.squid-cache.org/show_bug.cgi?id=2153 already fixed. >> > Thanks! > Despite this, am I configured CARP right? I'm not very sure about this. Yes. It looks right for the peers which are not encountering the bug. Amos
Re: [squid-users] Is this REAL squid-CARP cluster?
2010/4/14 Amos Jeffries : > On Tue, 13 Apr 2010 22:10:38 +0800, Drunkard Zhang > wrote: >> I'm using a squid cluster with CARP configured, they works great. >> >> I'm not sure if all the CARP frontend distributed URLs based on the >> _same_ hash value, >> here's result queried by squidclient: >> > > Bug http://bugs.squid-cache.org/show_bug.cgi?id=2153 already fixed. > Thanks! Despite this, am I configured CARP right? I'm not very sure about this. > -- gongfan...@gmail.com zhan...@gwbnsh.net.cn 18601633785
Re: [squid-users] Is this REAL squid-CARP cluster?
On Tue, 13 Apr 2010 22:10:38 +0800, Drunkard Zhang wrote: > I'm using a squid cluster with CARP configured, they works great. > > I'm not sure if all the CARP frontend distributed URLs based on the > _same_ hash value, > here's result queried by squidclient: > Bug http://bugs.squid-cache.org/show_bug.cgi?id=2153 already fixed. Amos
Re: [squid-users] Re: need help port 80
On Tue, 13 Apr 2010 21:54:40 +0200, Heinz Diehl wrote: > On 13.04.2010, da...@lafourmi.de wrote: > >> but i dont understand >> regexp pattern match on user agent > >> can you give me an example for dummies please ;) > > acl Nofox browser -i .*Firefox.* > http_access deny Nofox Ouch. very computing intensive. I don't know why you people insist on sticking .* before and aft of the pattern. When that is processed in by Squid it becomes: .*.*Firefox.*.* Just this will do to catch the browser tag: acl firefox browser Firefox/ Amos
[squid-users] Re: need help port 80
On 13.04.2010, da...@lafourmi.de wrote: > but i dont understand > regexp pattern match on user agent > can you give me an example for dummies please ;) acl Nofox browser -i .*Firefox.* http_access deny Nofox
Re: [squid-users] Squid 3.1 ICAP Issue with REQMOD 302
Niall O'Cuilinn wrote: Hi, I have recently moved from Squid 3.0 to Squid 3.1. I am trying to integrate it with an ICAP server. I am having a problem where Squid 3.1 is rejecting some responses from the ICAP server which Squid 3.0 accepted. The response in question is a REQMOD response where the ICAP server is returning a HTTP 302 response rather than modifying the original HTTP request. Hi Niall, I believe the Encapsulated header in the ICAP server response is wrong. The "null-body=160" should be the size of the encapsulated Http headers, if I am not wrong should be "null-body=102". Regards, Christos Here is the ICAP request and response: ICAP Request from Squid: REQMOD icap://10.1.1.25:1344/reqmod ICAP/1.0\r\n Host: 10.1.1.25:1344\r\n Date: Mon, 12 Apr 2010 14:25:39 GMT\r\n Encapsulated: req-hdr=0, null-body=398\r\n Allow: 204\r\n \r\n GET http://c.proxy.com/www.test.com/ HTTP/1.1\r\n Host: c.proxy.com\r\n User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3\r\n Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\n Accept-Language: en-gb,en;q=0.5\r\n Accept-Encoding: gzip,deflate\r\n Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7\r\n Pragma: no-cache\r\n Cache-Control: no-cache\r\n \r\n Response from ICAP Server: ICAP/1.0 200 OK\r\n Date: Mon, 12 Apr 2010 14:25:15 GMT\r\n Connection: keep-alive\r\n ISTag: "ReqModService"\r\n Encapsulated: res-hdr=0,null-body=160\r\n \r\n HTTP/1.x 302 Found\r\n content-type: text/html\r\n location: https://localhost:8443/mib/authentication\r\n \r\n \r\n Squid displays an ICAP error in the browser and states that an illegal response was received from the ICAP server. Any ideas what might be wrong? Although the ICAP server worked correctly with Squid 3.0 I am open to the possibility that the issue is with the ICAP response and that the old Squid was simply more tolerant than v3.1. Thanks in advance, Niall Niall Ó Cuilinn Product Development ChangingWorlds - A Unit of Amdocs Interactive t: +353 1 4401268 | niall.ocuil...@changingworlds.com AMDOCS > CUSTOMER EXPERIENCE SYSTEMS INNOVATION This message and the information contained herein is proprietary and confidential and subject to the Amdocs policy statement, you may review at http://www.amdocs.com/email_disclaimer.asp
Re: [squid-users] need help port 80
Ohhh thanks john doe its really cool that it gives one soltuion for that ;) with manipulate the ports for apache, is the worst case for me because squidvir dont worked with that :( but i dont understand regexp pattern match on user agent can you give me an example for dummies please ;) THANKS forward dave John Doe schrieb: From: "da...@lafourmi.de" i have to block port 80 for all applications only firefox should have access! how can i realized that with squid? >From the default config file: # acl aclname browser [-i] regexp ... # # pattern match on User-Agent header (see also req_header below) JD
Re: [squid-users] need help port 80
From: "da...@lafourmi.de" > i have to block port 80 for all applications > only firefox should have access! > how can i realized that with squid? >From the default config file: # acl aclname browser [-i] regexp ... # # pattern match on User-Agent header (see also req_header below) JD
Re: [squid-users] Squid3 / ICAP question
* Niall O'Cuilinn : > I think this is because Squid has received at least one bad response > from your ICAP server while it was down. As a result it has decided not > to talk to your ICAP server for a period of time OK, could be. > If you want Squid to ignore outages on your ICAP server and always > attempt a request you can set > > icap_service_failure_limit -1 Ah OK, very nice > Setting this to -1 tells Squid to always connect to ICAP, setting a > positive number indicates the number of failures allowed before Squid > stops communicating with Squid. The period of time that Squid stops > talking to ICAP is controlled by 'icap_service_revival_delay', it is a > minimum of 30 seconds I think. Way too long for my purposes. I tried you suggestion and it works like a charm! -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: [squid-users] Squid3 / ICAP question
I think this is because Squid has received at least one bad response from your ICAP server while it was down. As a result it has decided not to talk to your ICAP server for a period of time If you want Squid to ignore outages on your ICAP server and always attempt a request you can set icap_service_failure_limit -1 Setting this to -1 tells Squid to always connect to ICAP, setting a positive number indicates the number of failures allowed before Squid stops communicating with Squid. The period of time that Squid stops talking to ICAP is controlled by 'icap_service_revival_delay', it is a minimum of 30 seconds I think. >I'm using Squid 3.0.STABLE19-1 with c-icap - replacing an existing >"sandwich" setup of squid2-dansguardian-squid2. > >To my great amazement, things seem to work flawlessly. > >But... when I'm restarting c-icap, squid reports: > >--- snip --- >The following error was encountered while trying to retrieve the URL: >http://www.google.de/ig?hl=de >ICAP protocol error. >The system returned: [No Error] >This means that some aspect of the ICAP communication failed. >Some possible problems are: >The ICAP server is not reachable. >An Illegal response was received from the ICAP server. >--- snip --- > >And that's although c-icap is already running again. >Issuing an "squid3 -k reconfigure" solves the problem. > >But why? How can I prevent the need to do that? > >-- >Ralf Hildebrandt > Geschäftsbereich IT | Abteilung Netzwerk > Charité - Universitätsmedizin Berlin > Campus Benjamin Franklin > Hindenburgdamm 30 | D-12203 Berlin > Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 > ralf.hildebra...@charite.de | http://www.charite.de > This message and the information contained herein is proprietary and confidential and subject to the Amdocs policy statement, you may review at http://www.amdocs.com/email_disclaimer.asp
[squid-users] Is this REAL squid-CARP cluster?
I'm using a squid cluster with CARP configured, they works great. I'm not sure if all the CARP frontend distributed URLs based on the _same_ hash value, here's result queried by squidclient: 16:00:25 ~ $ for i in 66 67 68 71; do ask_squid $i carp | grep -A7 Hostname; done Hostname Hash Multiplier Factor Actual 150.164.100.65 d6945438 1.00 0.142857 0.459355 150.164.100.69 89857dc5 1.00 0.142857 0.212488 150.164.100.70 239c90ac 1.00 0.142857 0.161517 150.164.100.72 7d152572 1.00 0.142857 0.153253 150.164.100.72 7d152572 1.00 0.142857 0.004496 150.164.100.72 7d152572 1.00 0.142857 0.004460 150.164.100.72 7d152572 1.00 0.142857 0.004431 Hostname Hash Multiplier Factor Actual 150.164.100.65 d6945438 1.00 0.142857 0.348483 150.164.100.69 89857dc5 1.00 0.142857 0.272565 150.164.100.70 239c90ac 1.00 0.142857 0.184725 150.164.100.72 7d152572 1.00 0.142857 0.151390 150.164.100.72 7d152572 1.00 0.142857 0.014509 150.164.100.72 7d152572 1.00 0.142857 0.014176 150.164.100.72 7d152572 1.00 0.142857 0.014151 Hostname Hash Multiplier Factor Actual 150.164.100.65 d6945438 1.00 0.142857 0.309244 150.164.100.69 89857dc5 1.00 0.142857 0.257143 150.164.100.70 239c90ac 1.00 0.142857 0.206424 150.164.100.72 7d152572 1.00 0.142857 0.209645 150.164.100.72 7d152572 1.00 0.142857 0.005738 150.164.100.72 7d152572 1.00 0.142857 0.005962 150.164.100.72 7d152572 1.00 0.142857 0.005844 Hostname Hash Multiplier Factor Actual 150.164.100.65 d6945438 1.00 0.142857 0.300572 150.164.100.69 89857dc5 1.00 0.142857 0.266725 150.164.100.70 239c90ac 1.00 0.142857 0.203087 150.164.100.72 7d152572 1.00 0.142857 0.214236 150.164.100.72 7d152572 1.00 0.142857 0.005091 150.164.100.72 7d152572 1.00 0.142857 0.005338 150.164.100.72 7d152572 1.00 0.142857 0.004951 ps: the last one: 150.164.100.72 has 64GB memory, so I setup 4 squid processes which listening on 80 81 82 83 ports. If the column "Hash" identified hashed URLs chuck, is it good; if not, how can I make several CARP-frontend distribute the SAME hashed URL chunk to one squid box; I'm using squid-2.6 and squid-2.7. -- gongfan...@gmail.com zhan...@gwbnsh.net.cn 18601633785
[squid-users] Squid 3.1 ICAP Issue with REQMOD 302
Hi, I have recently moved from Squid 3.0 to Squid 3.1. I am trying to integrate it with an ICAP server. I am having a problem where Squid 3.1 is rejecting some responses from the ICAP server which Squid 3.0 accepted. The response in question is a REQMOD response where the ICAP server is returning a HTTP 302 response rather than modifying the original HTTP request. Here is the ICAP request and response: ICAP Request from Squid: REQMOD icap://10.1.1.25:1344/reqmod ICAP/1.0\r\n Host: 10.1.1.25:1344\r\n Date: Mon, 12 Apr 2010 14:25:39 GMT\r\n Encapsulated: req-hdr=0, null-body=398\r\n Allow: 204\r\n \r\n GET http://c.proxy.com/www.test.com/ HTTP/1.1\r\n Host: c.proxy.com\r\n User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3\r\n Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\n Accept-Language: en-gb,en;q=0.5\r\n Accept-Encoding: gzip,deflate\r\n Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7\r\n Pragma: no-cache\r\n Cache-Control: no-cache\r\n \r\n Response from ICAP Server: ICAP/1.0 200 OK\r\n Date: Mon, 12 Apr 2010 14:25:15 GMT\r\n Connection: keep-alive\r\n ISTag: "ReqModService"\r\n Encapsulated: res-hdr=0,null-body=160\r\n \r\n HTTP/1.x 302 Found\r\n content-type: text/html\r\n location: https://localhost:8443/mib/authentication\r\n \r\n \r\n Squid displays an ICAP error in the browser and states that an illegal response was received from the ICAP server. Any ideas what might be wrong? Although the ICAP server worked correctly with Squid 3.0 I am open to the possibility that the issue is with the ICAP response and that the old Squid was simply more tolerant than v3.1. Thanks in advance, Niall Niall Ó Cuilinn Product Development ChangingWorlds - A Unit of Amdocs Interactive t: +353 1 4401268 | niall.ocuil...@changingworlds.com AMDOCS > CUSTOMER EXPERIENCE SYSTEMS INNOVATION This message and the information contained herein is proprietary and confidential and subject to the Amdocs policy statement, you may review at http://www.amdocs.com/email_disclaimer.asp
[squid-users] Squid3 / ICAP question
I'm using Squid 3.0.STABLE19-1 with c-icap - replacing an existing "sandwich" setup of squid2-dansguardian-squid2. To my great amazement, things seem to work flawlessly. But... when I'm restarting c-icap, squid reports: --- snip --- The following error was encountered while trying to retrieve the URL: http://www.google.de/ig?hl=de ICAP protocol error. The system returned: [No Error] This means that some aspect of the ICAP communication failed. Some possible problems are: The ICAP server is not reachable. An Illegal response was received from the ICAP server. --- snip --- And that's although c-icap is already running again. Issuing an "squid3 -k reconfigure" solves the problem. But why? How can I prevent the need to do that? -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: [squid-users] Squid 3.1.1 ICAP Issue
Am 13.04.2010 um 12:05 schrieb guest01: Hi guys, I may have found a bug related to the ICAP capabilities of Squid 3.1.1 (on RHEL5.4). We are currently evaluating a squid deployment which is referenced by this url [1]. We want to use Squid as Caching/Authentication-Proxy and ICAP Client, which talks to the Webwasher-server (content filtering proxy) via ICAP. Our Squid has following ICAP configuration: #icap icap_enable on icap_send_client_ip on icap_send_client_username on icap_preview_enable on icap_preview_size 30 icap_client_username_encode on icap_client_username_header X-Authenticated-User icap_service service_req reqmod_precache bypass=0 icap://yyy.yyy.yyy.21:1344/wwreqmod adaptation_access service_req allow all icap_service service_resp respmod_precache bypass=0 icap://yyy.yyy.yyy.21:1344/wwrespmod adaptation_access service_resp allow all (Unfortunately, we can only specify one ICAP server per Squid, but that's another issue/limitation) This deployment is supported by McAfee (Webwasher) and there is even an example configuration[2] for squid and documents for configuring the webwasher by McAfee. ICAP reqmod looks good, everything as expected: Host: yyy.yyy.yyy.21:1344 Date: Mon, 12 Apr 2010 10:54:27 GMT Proxy-Authorization: NTLM Encapsulated: req-hdr=0, null-body=184 Preview: 0 Allow: 204 X-Client-IP: bbb.bbb.bbb.71 X-Authenticated-User: GET / HTTP/1.1 Host: www.playboy.com Accept: text/html, text/plain ICAP/1.0 200 OK Encapsulated: res-hdr=0, res-body=170 ISTAG: "001-000-03" X-Attribute: sx X-ICAP-Profile: PoC_Policy_TEST X-WWBlockResult: 10 X-WWRepScore: 11 HTTP/1.1 403 Forbidden Content-Length: 1480 Content-Type: text/html; charset=ISO-8859-1 Pragma: no-cache Proxy-Connection: close X-Error-Name: requestdynablocked In that case we were assigned to PoC_Policy_TEST and the request to www.playboy.com was blocked. (It seems that we are not supposed to see nice girls at work ;-)) If we want to serve to a page which is not blocked (e.g. google.com), we get following request: ICAP/1.0 200 OK Encapsulated: res-hdr=0, res-body=166 ISTAG: "001-000-03" X-ICAP-Profile: default X-WWBlockResult: 81 X-WWRepScore: 0 HTTP/1.1 403 Forbidden Content-Length: 1279 Content-Type: text/html; charset=ISO-8859-1 Pragma: no-cache Proxy-Connection: close X-Error-Name: authorizedonly And there is the problem. The ICAP respmod (3.1.1) request does NOT contain the X-Client-IP: bbb.bbb.bbb.71 and X-Authenticated-User: values and that's why the webwasher cannot assign the right policy! If we are using squid 3.0, it works. So in my opinion, this sound like a bug. Right? Has anyboy experiences with ICAP or ICAP issues with Squid 3.1.1? Anyway, besides that problem which I solved by using squid 3.0, there are a couple of other limitation which I don't really want to implement, but I don't see any other change, do you? ;-) At least it does not sound very complicated to implement in c++ ... - possibility to specify more than one ICAP server for a Squid configuration (for example with round robin load balancing or any other kind of loadbalancing) - the much bigger issue is, that Squid as ICAP client does NOT send any group information to the ICAP server, only X-Client-IP and X-Authenticated-User values and no X-Authenticated-Groups attribute. Unfortunately, a policy will be assigned by a group membership. That's why the ICAP server needs that information and it is not a good idea to let the ICAP server lookup this user again (huge performance issue). So, this is quite a long mail, I would appreciate any feedback. best regards Peter [1] http://img714.imageshack.us/img714/7457/topology.png [2] http://wiki.squid-cache.org/ConfigExamples/Webwasher (they are using a proxy chain instead of a icap solution) You? http://bugs.squid-cache.org/show_bug.cgi?id=2903 Michael Portz wrote: > Did you use the > > follow_x_forwarded_for > > option in your squid.conf? (Doc for example to be found here) > That is only needed if the client IP is being located inside the XFF header. The icap_send_client_ip setting already turned on should have been adding X-Client-IP with at least the directly connected requestor IP regardless of XFF. For some strange reason the client_addr seem to be empty in the HTTP request details used to construct the ICAP request. Amos -- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.1
Re: [squid-users] need help port 80
davs...@gmail.com schrieb: Hi u can use it only for squid and stop the httpd server which use bydefault 80 port and if u want apache then change apache port. --Original Message-- From: da...@lafourmi.de To: squid-users-h...@squid-cache.org To: squid-users@squid-cache.org To: Amos Jeffries Subject: [squid-users] need help port 80 Sent: Apr 13, 2010 5:07 PM hello squid freinds, i use squid 3.1.0.16 i have to block port 80 for all applications only firefox should have access! how can i realized that with squid? thanks for help Sent from BlackBerry® on Airtel f.e. i change apache port to port 60 and in squid.conf i change http port to 60 and then all applications blocked accept firefox? its correct? thanks -- ___ David C. Heitmann Systemadministration email: da...@lafourmi.de www.lafourmi.de lafourmi postproduction GmbH Schulterblatt 58 / Haus C D-20357 Hamburg Tel. 040 – 4321 677 – 00 Fax 040 – 4321 677 – 07 Geschäftsführer: Florian Bruchhäuser, Sascha Schmidt Prokuristin: Rebekka Schmidt Die Gesellschaft ist eingetragen im Handelsregister des Amtsgerichts Hamburg unter der Nummer HR B 99367 Steuernummer: 02/858/00781 ___ For legal and security reasons the information provided in this e-mail is not legally binding. Upon request we would be pleased to provide you with a legally binding confirmation in written form. Any form of unauthorized use, publication, reproduction, copying or disclosure of the content of this e-mail is not permitted. This message is exclusively for the person addressed or their representative. If you are not the intended recipient of this message and its contents, please notify the sender immediately. ___ Aus Rechts- und Sicherheitsgruenden ist die in dieser E-Mail gegebene Information nicht rechtsverbindlich. Eine rechtsverbindliche Bestaetigung reichen wir Ihnen gerne auf Anforderung in schriftlicher Form nach. Beachten Sie bitte, dass jede Form der unautorisierten Nutzung, Veroeffentlichung, Vervielfaeltigung oder Weitergabe des Inhalts dieser E-Mail nicht gestattet ist. Diese Nachricht ist ausschliesslich fuer den bezeichneten Adressaten oder dessen Vertreter bestimmt. Sollten Sie nicht der vorgesehene Adressat dieser E-Mail oder dessen Vertreter sein, so bitten wir Sie, sich mit dem Absender der E-Mail in Verbindung zu setzen.
Re: [squid-users] Squid How much traffic transferred
Then u can only monitor through the firewall if it is there...u can capture the logs on firewall. Otherwise I don't think so any option is there --Original Message-- From: nima chavooshi To: squid-users@squid-cache.org Subject: [squid-users] Squid How much traffic transferred Sent: Apr 13, 2010 5:16 PM Hi I want to know that squid in 5 min ago and 1 hour ago how much traffic transferred for monitoring purposes?? where can I get this info from running squid? of course I get I have to note that access.log is disabled for some reasons. -- N.Chavoshi Sent from BlackBerry® on Airtel
Re: [squid-users] Squid How much traffic transferred
b1 wrote: Hi I am not entirely sure on what source munin draws its information, but I am using Munin for this purpose (On a Debian Lenny System). Since our munin graphs aren`t accessible outside the Internet I found this webpage: http://stats.ping.de/munin/buero.ping.de/blackhole.buero.ping.de.html#Squid For ongoing measurement polling (munin, cacti, rrd, etc) use the SNMP interface to Squid: http://wiki.squid-cache.org/Features/Snmp For quick checks the human interface (CacheMgr) can be found via: squidclient mgr:menu The particular stats asked for are at: squidclient mgr:5min squidclient mgr:60min NP: you may have to set a password in squid.conf and use it with "squidclient mr:act...@password" for these requests to work. Amos -- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.1
Re: [squid-users] need help port 80
Hi u can use it only for squid and stop the httpd server which use bydefault 80 port and if u want apache then change apache port. --Original Message-- From: da...@lafourmi.de To: squid-users-h...@squid-cache.org To: squid-users@squid-cache.org To: Amos Jeffries Subject: [squid-users] need help port 80 Sent: Apr 13, 2010 5:07 PM hello squid freinds, i use squid 3.1.0.16 i have to block port 80 for all applications only firefox should have access! how can i realized that with squid? thanks for help Sent from BlackBerry® on Airtel
Re: [squid-users] need help port 80
da...@lafourmi.de wrote: hello squid freinds, i use squid 3.1.0.16 i have to block port 80 for all applications only firefox should have access! how can i realized that with squid? thanks for help Firstly, the 3.1 betas are now obsolete, please move up to 3.1.1. Beta 16 particularly had some IP handling issues you want to get away from. ACL control type "browser" matches the User-Agent string. Be aware that it is trivial for any other software or even manual traffic to forge the UA header. Amos -- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.1
Re: [squid-users] R: [squid-users] Squid 2.7 port on Windows scenario
Guido Serassio wrote: Hi, From the provided release notes about Windows limitations: * DISKD: still needs to be ported * WCCP: cannot work because user space GRE support on Windows is missing * Transparent Proxy: missing Windows non commercial interception driver * Some code sections can make blocking calls. * Some external helpers may not work. * File Descriptors number hard-limited to 2048. So, you cannot do transparent proxy on Windows. Regards Guido Serassio Acme Consulting S.r.l. Microsoft Gold Certified Partner VMware Professional Partner Via Lucia Savarino, 110098 - Rivoli (TO) - ITALY Tel. : +39.011.9530135 Fax. : +39.011.9781115 Email: guido.seras...@acmeconsulting.it WWW: http://www.acmeconsulting.it -Messaggio originale- Da: 4N0 [mailto:sinko...@gmail.com] Inviato: martedì 13 aprile 2010 9.17 A: squid-users@squid-cache.org Oggetto: [squid-users] Squid 2.7 port on Windows scenario Hello, I have a following scenario: Squid on one frontend Windows server that is needed to serve as image cache from two backend windows servers running asp.net applications. Sqiud also is needed for intelligent switch in case any of backened servers is dead (if server 2 is dead switch to server 3 and vice versa). Worth noting that you do not need Squid to be running on windows. For best performance one of the Linux or Unix OS is recommended over Windows. My question is, how I can achieve this scenario with squid on configuration and hardware level? I've read squid documentation, example scenarios but can't get it to run. AFAIK my proxy needs to fulfill transparent proxy to remote box scenario. But maybe also reverse proxy? (I only want to cache static content, and "balance" switching). You only need the reverse-proxy feature for the above requirements. With a properly setup reverse-proxy everything goes through the Squid gateway and what can be cached is (usually the static bits, but also some dynamic as well sometimes). So transparent never gets in the way to complicate things. This also ads the benefit of being able to scale out easily by plugging more Squid in at the front end. The basic config example in the wiki is what you want to start with. http://wiki.squid-cache.org/ConfigExamples/Reverse/BasicAccelerator For the failover requirement simply configure two cache_peer parent entries. One for each of the back-end servers. With identical cache_peer_access or cache_peer_domain settings. For balancing there are a few methods, such as round-robin, sourcehash, weighted or CARP to choose from. Pick the one that meets your balancing needs and tune to suite your likings. http://www.squid-cache.org/Doc/config/cache_peer Amos -- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.1
Re: [squid-users] Squid How much traffic transferred
Hi I am not entirely sure on what source munin draws its information, but I am using Munin for this purpose (On a Debian Lenny System). Since our munin graphs aren`t accessible outside the Internet I found this webpage: http://stats.ping.de/munin/buero.ping.de/blackhole.buero.ping.de.html#Squid Our stats look quite similar. However you need to have Munin running, in order to get the graphs. It won`t analyze request made, before you started munin. So this tool might be something you could use in the future. Greetings Benedikt On Tue, 2010-04-13 at 04:46 -0700, nima chavooshi wrote: > 5 min ago and 1 hour ago how much traffic > transferred for monitoring purposes?? where can I get this info from > running squid? of course I get
Re: [squid-users] Upgradtion to Squid 3.1.1
GIGO . wrote: When you upgrade is it possible to use the existing cache directories created through previous version(squid 3) or you have to rebuild your cache. Ufs, aufs, and diskd types do not generally need replacing on Squid upgrades. Only do so if there is some obvious failure seen after the restart. null type is now built-in and default. So removing all cache_dir lines is the same as having one entry of type null. The only regular issue with cache_dir on Squid upgrades is when changing between 32-bit and 64-bit builds. Even if the Squid version is the same in that one case the cache will likely need erasing and rebuild. Amos -- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.1
Re: [squid-users] Squid 3.1.1 ICAP Issue
Sorry, the link was eaten bei the to-text conversion :-) The doc ist to be found (as you all for sure know) e.g. here: http://www.squid-cache.org/Versions/v3/3.1/cfgman/follow_x_forwarded_for.html Dr. Michael Portz IT-Service; IT-Entwicklung NetAachen GmbH Grüner Weg 100 | 52070 Aachen Tel: +49 241 91852 28 | Fax: +49 241 91852 99 www.netaachen.de Geschäftsführer: Dipl.-Ing. Andreas Schneider Amtsgericht Aachen: HRB 15383 Diese Nachricht (inklusive aller Anhänge) ist vertraulich. Sie ist ausschließlich für den im Adressfeld ausgewiesenen Adressaten bestimmt. Sollten Sie nicht der vorgesehene Empfänger sein, so bitten wir um eine kurze Nachricht. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist unzulässig. Da wir nicht die Echtheit oder Vollständigkeit der in dieser Nachricht enthaltenen Informationen garantieren können, schließen wir die rechtliche Verbindlichkeit der vorstehenden Erklärungen und Äußerungen aus. Am 13.04.2010 um 13:11 schrieb Michael Portz: > Did you use the > > follow_x_forwarded_for > > option in your squid.conf? (Doc for example to be found here) > > Regards > Michael > > Dr. Michael Portz > IT-Service; IT-Entwicklung > > NetAachen GmbH > Grüner Weg 100 | 52070 Aachen > Tel: +49 241 91852 28 | Fax: +49 241 91852 99 > www.netaachen.de > > Geschäftsführer: Dipl.-Ing. Andreas Schneider > Amtsgericht Aachen: HRB 15383 > > Diese Nachricht (inklusive aller Anhänge) ist vertraulich. Sie ist > ausschließlich für den im Adressfeld ausgewiesenen Adressaten bestimmt. > Sollten Sie nicht der vorgesehene Empfänger sein, so bitten wir um eine kurze > Nachricht. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist > unzulässig. Da wir nicht die Echtheit oder Vollständigkeit der in dieser > Nachricht enthaltenen Informationen garantieren können, schließen wir die > rechtliche Verbindlichkeit der vorstehenden Erklärungen und Äußerungen aus. > > > > > Am 13.04.2010 um 12:05 schrieb guest01: > >> Hi guys, >> >> I may have found a bug related to the ICAP capabilities of Squid 3.1.1 >> (on RHEL5.4). We are currently evaluating a squid deployment which is >> referenced by this url [1]. >> >> We want to use Squid as Caching/Authentication-Proxy and ICAP Client, >> which talks to the Webwasher-server (content filtering proxy) via >> ICAP. Our Squid has following ICAP configuration: >> >> #icap >> icap_enable on >> icap_send_client_ip on >> icap_send_client_username on >> icap_preview_enable on >> icap_preview_size 30 >> icap_client_username_encode on >> icap_client_username_header X-Authenticated-User >> icap_service service_req reqmod_precache bypass=0 >> icap://yyy.yyy.yyy.21:1344/wwreqmod >> adaptation_access service_req allow all >> icap_service service_resp respmod_precache bypass=0 >> icap://yyy.yyy.yyy.21:1344/wwrespmod >> adaptation_access service_resp allow all >> >> (Unfortunately, we can only specify one ICAP server per Squid, but >> that's another issue/limitation) >> This deployment is supported by McAfee (Webwasher) and there is even >> an example configuration[2] for squid and documents for configuring >> the webwasher by McAfee. >> >> ICAP reqmod looks good, everything as expected: >> Host: yyy.yyy.yyy.21:1344 >> Date: Mon, 12 Apr 2010 10:54:27 GMT >> Proxy-Authorization: NTLM >> Encapsulated: req-hdr=0, null-body=184 >> Preview: 0 >> Allow: 204 >> X-Client-IP: bbb.bbb.bbb.71 >> X-Authenticated-User: >> >> GET / HTTP/1.1 >> Host: www.playboy.com >> Accept: text/html, text/plain >> >> ICAP/1.0 200 OK >> Encapsulated: res-hdr=0, res-body=170 >> ISTAG: "001-000-03" >> X-Attribute: sx >> X-ICAP-Profile: PoC_Policy_TEST >> X-WWBlockResult: 10 >> X-WWRepScore: 11 >> >> HTTP/1.1 403 Forbidden >> Content-Length: 1480 >> Content-Type: text/html; charset=ISO-8859-1 >> Pragma: no-cache >> Proxy-Connection: close >> X-Error-Name: requestdynablocked >> >> In that case we were assigned to PoC_Policy_TEST and the request to >> www.playboy.com was blocked. (It seems that we are not supposed to see >> nice girls at work ;-)) >> >> If we want to serve to a page which is not blocked (e.g. google.com), >> we get following request: >> ICAP/1.0 200 OK >> Encapsulated: res-hdr=0, res-body=166 >> ISTAG: "001-000-03" >> X-ICAP-Profile: default >> X-WWBlockResult: 81 >> X-WWRepScore: 0 >> >> HTTP/1.1 403 Forbidden >> Content-Length: 1279 >> Content-Type: text/html; charset=ISO-8859-1 >> Pragma: no-cache >> Proxy-Connection: close >> X-Error-Name: authorizedonly >> >> And there is the problem. The ICAP respmod (3.1.1) request does NOT >> contain the X-Client-IP: bbb.bbb.bbb.71 and X-Authenticated-User: >> values and that's why the webwasher cannot >> assign the right policy! >> >> If we are using squid 3.0, it works. So in my opinion, this sound like >> a bug. Right? Has anyboy experiences with ICAP or ICAP issues with >> Squid 3.1.1? >> >> Anyway, besides that problem which I solved by using squid 3.0, there >> are a couple of other limitation
[squid-users] Squid How much traffic transferred
Hi I want to know that squid in 5 min ago and 1 hour ago how much traffic transferred for monitoring purposes?? where can I get this info from running squid? of course I get I have to note that access.log is disabled for some reasons. -- N.Chavoshi
[squid-users] need help port 80
hello squid freinds, i use squid 3.1.0.16 i have to block port 80 for all applications only firefox should have access! how can i realized that with squid? thanks for help
Re: [squid-users] Squid 3.1.1 ICAP Issue
Did you use the follow_x_forwarded_for option in your squid.conf? (Doc for example to be found here) Regards Michael Dr. Michael Portz IT-Service; IT-Entwicklung NetAachen GmbH Grüner Weg 100 | 52070 Aachen Tel: +49 241 91852 28 | Fax: +49 241 91852 99 www.netaachen.de Geschäftsführer: Dipl.-Ing. Andreas Schneider Amtsgericht Aachen: HRB 15383 Diese Nachricht (inklusive aller Anhänge) ist vertraulich. Sie ist ausschließlich für den im Adressfeld ausgewiesenen Adressaten bestimmt. Sollten Sie nicht der vorgesehene Empfänger sein, so bitten wir um eine kurze Nachricht. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist unzulässig. Da wir nicht die Echtheit oder Vollständigkeit der in dieser Nachricht enthaltenen Informationen garantieren können, schließen wir die rechtliche Verbindlichkeit der vorstehenden Erklärungen und Äußerungen aus. Am 13.04.2010 um 12:05 schrieb guest01: > Hi guys, > > I may have found a bug related to the ICAP capabilities of Squid 3.1.1 > (on RHEL5.4). We are currently evaluating a squid deployment which is > referenced by this url [1]. > > We want to use Squid as Caching/Authentication-Proxy and ICAP Client, > which talks to the Webwasher-server (content filtering proxy) via > ICAP. Our Squid has following ICAP configuration: > > #icap > icap_enable on > icap_send_client_ip on > icap_send_client_username on > icap_preview_enable on > icap_preview_size 30 > icap_client_username_encode on > icap_client_username_header X-Authenticated-User > icap_service service_req reqmod_precache bypass=0 > icap://yyy.yyy.yyy.21:1344/wwreqmod > adaptation_access service_req allow all > icap_service service_resp respmod_precache bypass=0 > icap://yyy.yyy.yyy.21:1344/wwrespmod > adaptation_access service_resp allow all > > (Unfortunately, we can only specify one ICAP server per Squid, but > that's another issue/limitation) > This deployment is supported by McAfee (Webwasher) and there is even > an example configuration[2] for squid and documents for configuring > the webwasher by McAfee. > > ICAP reqmod looks good, everything as expected: > Host: yyy.yyy.yyy.21:1344 > Date: Mon, 12 Apr 2010 10:54:27 GMT > Proxy-Authorization: NTLM > Encapsulated: req-hdr=0, null-body=184 > Preview: 0 > Allow: 204 > X-Client-IP: bbb.bbb.bbb.71 > X-Authenticated-User: > > GET / HTTP/1.1 > Host: www.playboy.com > Accept: text/html, text/plain > > ICAP/1.0 200 OK > Encapsulated: res-hdr=0, res-body=170 > ISTAG: "001-000-03" > X-Attribute: sx > X-ICAP-Profile: PoC_Policy_TEST > X-WWBlockResult: 10 > X-WWRepScore: 11 > > HTTP/1.1 403 Forbidden > Content-Length: 1480 > Content-Type: text/html; charset=ISO-8859-1 > Pragma: no-cache > Proxy-Connection: close > X-Error-Name: requestdynablocked > > In that case we were assigned to PoC_Policy_TEST and the request to > www.playboy.com was blocked. (It seems that we are not supposed to see > nice girls at work ;-)) > > If we want to serve to a page which is not blocked (e.g. google.com), > we get following request: > ICAP/1.0 200 OK > Encapsulated: res-hdr=0, res-body=166 > ISTAG: "001-000-03" > X-ICAP-Profile: default > X-WWBlockResult: 81 > X-WWRepScore: 0 > > HTTP/1.1 403 Forbidden > Content-Length: 1279 > Content-Type: text/html; charset=ISO-8859-1 > Pragma: no-cache > Proxy-Connection: close > X-Error-Name: authorizedonly > > And there is the problem. The ICAP respmod (3.1.1) request does NOT > contain the X-Client-IP: bbb.bbb.bbb.71 and X-Authenticated-User: > values and that's why the webwasher cannot > assign the right policy! > > If we are using squid 3.0, it works. So in my opinion, this sound like > a bug. Right? Has anyboy experiences with ICAP or ICAP issues with > Squid 3.1.1? > > Anyway, besides that problem which I solved by using squid 3.0, there > are a couple of other limitation which I don't really want to > implement, but I don't see any other change, do you? ;-) At least it > does not sound very complicated to implement in c++ ... > - possibility to specify more than one ICAP server for a Squid > configuration (for example with round robin load balancing or any > other kind of loadbalancing) > - the much bigger issue is, that Squid as ICAP client does NOT send > any group information to the ICAP server, only X-Client-IP and > X-Authenticated-User values and no X-Authenticated-Groups attribute. > Unfortunately, a policy will be assigned by a group membership. That's > why the ICAP server needs that information and it is not a good idea > to let the ICAP server lookup this user again (huge performance > issue). > > So, this is quite a long mail, I would appreciate any feedback. > > best regards > Peter > > [1] http://img714.imageshack.us/img714/7457/topology.png > [2] http://wiki.squid-cache.org/ConfigExamples/Webwasher (they are > using a proxy chain instead of a icap solution)
[squid-users] R: [squid-users] Re: Does Squid support Winsock proxy
Hi, No: Winsock proxy is a Microsoft proprietary Windows only functionality. Is supported only from Microsoft ISA server using the Microsoft Firewall Client. Regards Guido Serassio Acme Consulting S.r.l. Microsoft Gold Certified Partner VMware Professional Partner Via Lucia Savarino, 110098 - Rivoli (TO) - ITALY Tel. : +39.011.9530135 Fax. : +39.011.9781115 Email: guido.seras...@acmeconsulting.it WWW: http://www.acmeconsulting.it > -Messaggio originale- > Da: TONY FEI [mailto:tony@oocl.com] > Inviato: venerdì 9 aprile 2010 10.29 > A: squid-users@squid-cache.org > Oggetto: [squid-users] Re: Does Squid support Winsock proxy > > > Dear All, anyone can help answer my question kindly. Thanks! > -- > View this message in context: http://n4.nabble.com/Does-Squid-support- > Winsock-proxy-tp1788864p1819045.html > Sent from the Squid - Users mailing list archive at Nabble.com.
[squid-users] Squid 3.1.1 ICAP Issue
Hi guys, I may have found a bug related to the ICAP capabilities of Squid 3.1.1 (on RHEL5.4). We are currently evaluating a squid deployment which is referenced by this url [1]. We want to use Squid as Caching/Authentication-Proxy and ICAP Client, which talks to the Webwasher-server (content filtering proxy) via ICAP. Our Squid has following ICAP configuration: #icap icap_enable on icap_send_client_ip on icap_send_client_username on icap_preview_enable on icap_preview_size 30 icap_client_username_encode on icap_client_username_header X-Authenticated-User icap_service service_req reqmod_precache bypass=0 icap://yyy.yyy.yyy.21:1344/wwreqmod adaptation_access service_req allow all icap_service service_resp respmod_precache bypass=0 icap://yyy.yyy.yyy.21:1344/wwrespmod adaptation_access service_resp allow all (Unfortunately, we can only specify one ICAP server per Squid, but that's another issue/limitation) This deployment is supported by McAfee (Webwasher) and there is even an example configuration[2] for squid and documents for configuring the webwasher by McAfee. ICAP reqmod looks good, everything as expected: Host: yyy.yyy.yyy.21:1344 Date: Mon, 12 Apr 2010 10:54:27 GMT Proxy-Authorization: NTLM Encapsulated: req-hdr=0, null-body=184 Preview: 0 Allow: 204 X-Client-IP: bbb.bbb.bbb.71 X-Authenticated-User: GET / HTTP/1.1 Host: www.playboy.com Accept: text/html, text/plain ICAP/1.0 200 OK Encapsulated: res-hdr=0, res-body=170 ISTAG: "001-000-03" X-Attribute: sx X-ICAP-Profile: PoC_Policy_TEST X-WWBlockResult: 10 X-WWRepScore: 11 HTTP/1.1 403 Forbidden Content-Length: 1480 Content-Type: text/html; charset=ISO-8859-1 Pragma: no-cache Proxy-Connection: close X-Error-Name: requestdynablocked In that case we were assigned to PoC_Policy_TEST and the request to www.playboy.com was blocked. (It seems that we are not supposed to see nice girls at work ;-)) If we want to serve to a page which is not blocked (e.g. google.com), we get following request: ICAP/1.0 200 OK Encapsulated: res-hdr=0, res-body=166 ISTAG: "001-000-03" X-ICAP-Profile: default X-WWBlockResult: 81 X-WWRepScore: 0 HTTP/1.1 403 Forbidden Content-Length: 1279 Content-Type: text/html; charset=ISO-8859-1 Pragma: no-cache Proxy-Connection: close X-Error-Name: authorizedonly And there is the problem. The ICAP respmod (3.1.1) request does NOT contain the X-Client-IP: bbb.bbb.bbb.71 and X-Authenticated-User: values and that's why the webwasher cannot assign the right policy! If we are using squid 3.0, it works. So in my opinion, this sound like a bug. Right? Has anyboy experiences with ICAP or ICAP issues with Squid 3.1.1? Anyway, besides that problem which I solved by using squid 3.0, there are a couple of other limitation which I don't really want to implement, but I don't see any other change, do you? ;-) At least it does not sound very complicated to implement in c++ ... - possibility to specify more than one ICAP server for a Squid configuration (for example with round robin load balancing or any other kind of loadbalancing) - the much bigger issue is, that Squid as ICAP client does NOT send any group information to the ICAP server, only X-Client-IP and X-Authenticated-User values and no X-Authenticated-Groups attribute. Unfortunately, a policy will be assigned by a group membership. That's why the ICAP server needs that information and it is not a good idea to let the ICAP server lookup this user again (huge performance issue). So, this is quite a long mail, I would appreciate any feedback. best regards Peter [1] http://img714.imageshack.us/img714/7457/topology.png [2] http://wiki.squid-cache.org/ConfigExamples/Webwasher (they are using a proxy chain instead of a icap solution)
Re: [squid-users] [Urgent] Please help : NAT + squid2.7 on ubuntu server 9.10 + cisco firewall (ASA5510)
Thank you very much. I will try your suggestion very soon. I want to make sure if my configuration is right. modprobe ip_gre iptunnel add gre0 mode gre remote 192.168.9.253 local 192.168.9.251 dev eth0 ifconfig gre0 inet 192.168.9.251 netmask 255.255.255.0 up ip link set eth0 mtu 1400 ip link set gre0 mtu 1400 echo 1 > /proc/sys/net/ipv4/ip_forward echo 0 > /proc/sys/net/ipv4/tcp_window_scaling echo 0 > /proc/sys/net/ipv4/conf/default/rp_filter echo 0 > /proc/sys/net/ipv4/conf/all/rp_filter echo 0 > /proc/sys/net/ipv4/conf/eth0/rp_filter echo 0 > /proc/sys/net/ipv4/conf/lo/rp_filter echo 0 > /proc/sys/net/ipv4/conf/gre0/rp_filter iptables -t nat -A PREROUTING -i gre0 -p tcp -m tcp --dport 80 -j REDIRECT --to-port 8080 Thank you again for your help. Vichao Saenghiranwathana On Tue, Apr 13, 2010 at 1:42 AM, Horacio H. wrote: > 2010/4/8 Vichao Saenghiranwathana : > >> I still stunned. Can you explain more in deeper detail so I can >> understand what the problem is. >> > > Hi Vichao, > > If you already have a static NAT translation at the ASA between these > two addresses: 192.168.9.251 and 203.130.133.9, it doesn't make sense > to me why you also configured the same public IP address at the second > subinterface. Unless you need it for an unrelated setup, you may want > to remove the second subinterface because (if you also configured a > default-gateway there) when external packets are destinede to the > address 203.130.133.9 it might cause the ASA to NAT packets that > shouldn't be, or viceversa. > > Aside from that, if the issue persist your next clue resides in > collecting all the info your ASA shows about the WCCP > association/registration, and monitor the counters of the GRE tunnel > and iptables active rules and default policies. > > I hope this comment was helpful. I have a similar setup and it works fine. > > Regards, > Horacio. >
[squid-users] R: [squid-users] Squid 2.7 port on Windows scenario
Hi, >From the provided release notes about Windows limitations: * DISKD: still needs to be ported * WCCP: cannot work because user space GRE support on Windows is missing * Transparent Proxy: missing Windows non commercial interception driver * Some code sections can make blocking calls. * Some external helpers may not work. * File Descriptors number hard-limited to 2048. So, you cannot do transparent proxy on Windows. Regards Guido Serassio Acme Consulting S.r.l. Microsoft Gold Certified Partner VMware Professional Partner Via Lucia Savarino, 110098 - Rivoli (TO) - ITALY Tel. : +39.011.9530135 Fax. : +39.011.9781115 Email: guido.seras...@acmeconsulting.it WWW: http://www.acmeconsulting.it > -Messaggio originale- > Da: 4N0 [mailto:sinko...@gmail.com] > Inviato: martedì 13 aprile 2010 9.17 > A: squid-users@squid-cache.org > Oggetto: [squid-users] Squid 2.7 port on Windows scenario > > > Hello, > > I have a following scenario: > > Squid on one frontend Windows server that is needed to serve as image > cache > from two backend windows servers running asp.net applications. Sqiud also > is > needed for intelligent switch in case any of backened servers is dead (if > server 2 is dead switch to server 3 and vice versa). > > My question is, how I can achieve this scenario with squid on > configuration > and hardware level? I've read squid documentation, example scenarios but > can't get it to run. AFAIK my proxy needs to fulfill transparent proxy to > remote box scenario. But maybe also reverse proxy? (I only want to cache > static content, and "balance" switching). > > Configuration examples are welcomed. > -- > View this message in context: http://n4.nabble.com/Squid-2-7-port-on- > Windows-scenario-tp1838068p1838068.html > Sent from the Squid - Users mailing list archive at Nabble.com.
[squid-users] Squid 2.7 port on Windows scenario
Hello, I have a following scenario: Squid on one frontend Windows server that is needed to serve as image cache from two backend windows servers running asp.net applications. Sqiud also is needed for intelligent switch in case any of backened servers is dead (if server 2 is dead switch to server 3 and vice versa). My question is, how I can achieve this scenario with squid on configuration and hardware level? I've read squid documentation, example scenarios but can't get it to run. AFAIK my proxy needs to fulfill transparent proxy to remote box scenario. But maybe also reverse proxy? (I only want to cache static content, and "balance" switching). Configuration examples are welcomed. -- View this message in context: http://n4.nabble.com/Squid-2-7-port-on-Windows-scenario-tp1838068p1838068.html Sent from the Squid - Users mailing list archive at Nabble.com.
