Re: [squid-users] set-cookie header and rfc2109
ons 2010-05-19 klockan 22:22 +0200 skrev Angelo Höngens: http://wiki.squid-cache.org/SquidFaq/InnerWorkings The proper way to deal with Set-Cookie reply headers, according to RFC 2109 is to cache the whole object, EXCEPT the Set-Cookie header lines. Wrong reference. This is from the original Netscape Cookie specification. At that time Cache-Control did not exists. Regards Henrik
Re: [squid-users] WARNING cache_mem is larger than total disk cache space!
Am 19.05.2010 16:40, schrieb Peng, Jeff: Can set cache_dir with a memory filesystem. So it's not possible to just tell squid to store the cache items in ram without using a ramdisk?
Re: [squid-users] set-cookie header and rfc2109
On 20-5-2010 8:22, Henrik Nordström wrote: ons 2010-05-19 klockan 22:22 +0200 skrev Angelo Höngens: http://wiki.squid-cache.org/SquidFaq/InnerWorkings The proper way to deal with Set-Cookie reply headers, according to RFC 2109 is to cache the whole object, EXCEPT the Set-Cookie header lines. Wrong reference. This is from the original Netscape Cookie specification. At that time Cache-Control did not exists. So if I understand you correctly, squid follows the behaviour dictated in the Netscape Cookie Specification (undated), which says set-cookie headers should never be cached. However, that was superseded by rfc2109 (1997), which says they should be cached unless told not to. So by that reasoning, I would say Squid does not follow rfc. Not that I care that much, but perhaps it would warrant an update in the documentation or the faq page? -- With kind regards, Angelo Höngens systems administrator MCSE on Windows 2003 MCSE on Windows 2000 MS Small Business Specialist -- NetMatch tourism internet software solutions Ringbaan Oost 2b 5013 CA Tilburg +31 (0)13 5811088 +31 (0)13 5821239 a.hong...@netmatch.nl www.netmatch.nl --
[squid-users] trigger rediredt_url_program if there is a change in ip address
Hello All, I want to use the redirect_url_program when there is a change ip address of my system. Is it possible to detect the change in ip using squid proxy? Let me put in other words, Can squid proxy communicate to any of the system applications, lets say a shell script? Thanks
[squid-users] squid_kerb_auth Squid_kerb_ldap (Squid 2.7)
Hi all, Does squid_kerb_auth squid_kerb_ldap work fine in squid 2.7 like squid 3.x. Are these the correct options? ./configure *...*--enable-basic-auth-helpers=LDAP --enable-auth=basic,negotiate,ntlm --enable-external-acl-helpers=wbinfo_group,ldap_group --enable-negotiate-auth-helpers=squid_kerb_auth One more question is that i not mentioned squid_kerb_ldap here is it being covered through --enable-external-acl-helpers=ldap_group ??? regards, Bilal _ Hotmail: Free, trusted and rich email service. https://signup.live.com/signup.aspx?id=60969
Re: [squid-users] WARNING cache_mem is larger than total disk cache space!
tor 2010-05-20 klockan 08:44 +0200 skrev Georg Höllrigl: Am 19.05.2010 16:40, schrieb Peng, Jeff: Can set cache_dir with a memory filesystem. So it's not possible to just tell squid to store the cache items in ram without using a ramdisk? It is safe to ignore the cache.log warning about cache_mem being larger than the disk. Regards Henrik
Re: [squid-users] set-cookie header and rfc2109
tor 2010-05-20 klockan 08:50 +0200 skrev Angelo Höngens: So if I understand you correctly, squid follows the behaviour dictated in the Netscape Cookie Specification (undated), which says set-cookie headers should never be cached. However, that was superseded by rfc2109 (1997), which says they should be cached unless told not to. Correct. So by that reasoning, I would say Squid does not follow rfc. Not that I care that much, but perhaps it would warrant an update in the documentation or the faq page? Correct. Regards Henrik
Re: [squid-users] trigger rediredt_url_program if there is a change in ip address
tor 2010-05-20 klockan 13:27 +0630 skrev jyothi: I want to use the redirect_url_program when there is a change ip address of my system. Is it possible to detect the change in ip using squid proxy? Let me put in other words, Can squid proxy communicate to any of the system applications, lets say a shell script? IP of the Squid proxy, or IP of the client station? And for how long do you want Squid to use the url_rewrite_program? And why? Regards Henrik
Re: [squid-users] squid_kerb_auth Squid_kerb_ldap (Squid 2.7)
tor 2010-05-20 klockan 07:52 + skrev GIGO .: Does squid_kerb_auth squid_kerb_ldap work fine in squid 2.7 like squid 3.x. Yes. ./configure *...*--enable-basic-auth-helpers=LDAP --enable-auth=basic,negotiate,ntlm --enable-external-acl-helpers=wbinfo_group,ldap_group --enable-negotiate-auth-helpers=squid_kerb_auth Looks reasonable to me. One more question is that i not mentioned squid_kerb_ldap here is it being covered through --enable-external-acl-helpers=ldap_group ??? squid_kerb_ldap is not (yet) included in the Squid distribution and need to be compiled separately. Regards Henrik
RE: [squid-users] squid_kerb_auth Squid_kerb_ldap (Squid 2.7)
Thank you! regards, Bilal From: hen...@henriknordstrom.net To: gi...@msn.com CC: squid-users@squid-cache.org Date: Thu, 20 May 2010 11:24:15 +0200 Subject: Re: [squid-users] squid_kerb_auth Squid_kerb_ldap (Squid 2.7) tor 2010-05-20 klockan 07:52 + skrev GIGO .: Does squid_kerb_auth squid_kerb_ldap work fine in squid 2.7 like squid 3.x. Yes. ./configure *...*--enable-basic-auth-helpers=LDAP --enable-auth=basic,negotiate,ntlm --enable-external-acl-helpers=wbinfo_group,ldap_group --enable-negotiate-auth-helpers=squid_kerb_auth Looks reasonable to me. One more question is that i not mentioned squid_kerb_ldap here is it being covered through --enable-external-acl-helpers=ldap_group ??? squid_kerb_ldap is not (yet) included in the Squid distribution and need to be compiled separately. Regards Henrik _ Your E-mail and More On-the-Go. Get Windows Live Hotmail Free. https://signup.live.com/signup.aspx?id=60969
Re: [squid-users] trigger rediredt_url_program if there is a change in ip address
change in the system ip address. I am working on a project which detects the change in the connection (wired to wireless and so on) and based on the change, I need to take a appropriate action. Lets say I switch from WiFi to mobile broadband while browsing, I want to get a lighter version of web page. On Thu, 20 May 2010 11:13:47 +0200, Henrik Nordström wrote tor 2010-05-20 klockan 13:27 +0630 skrev jyothi: I want to use the redirect_url_program when there is a change ip address of my system. Is it possible to detect the change in ip using squid proxy? Let me put in other words, Can squid proxy communicate to any of the system applications, lets say a shell script? IP of the Squid proxy, or IP of the client station? And for how long do you want Squid to use the url_rewrite_program? And why? Regards Henrik
[squid-users] very slow browsing and page is not displaed properly
Hi, Version information and some statistics collected by me are as below. At times, my users complain the browsing becomes deadly slow and we page like yahoo, after much delay is displayed scattered and pictures are not visible rather X sign is displayed and after few times refresh screen becomes better. proxy-br# uname -a FreeBSD proxy-br 0-RELEASE FreeBSD 8.0-RELEASE #0: Sat Nov 21 15:48:17 UTC 2009 r...@almeida.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386 proxy-br# /usr/local/squid27/sbin/squid -v Squid Cache: Version 2.7.STABLE9 configure options: '--prefix=/usr/local/squid27' '--enable-async-io' '-enable-storeio=aufs,coss' '--enable-removal-policies=heap,lru' '--enable-snmp' '--with-openssl=/opt/ssl' '--enable-wccp' proxy-br# iostat -c 5 -w 3 tty da0pass0 cpu tin tout KB/t tps MB/s KB/t tps MB/s us ni sy in id 0 138 13.88 2 0.03 0.00 0 0.00 4 0 1 0 95 0 140 11.00 1 0.01 0.00 0 0.00 11 0 5 1 83 0 133 11.00 1 0.01 0.00 0 0.00 16 0 5 1 78 086 16.00 0 0.01 0.00 0 0.00 13 0 4 1 82 0 132 3.07 5 0.01 0.00 0 0.00 14 0 4 1 80 proxy-br# vmstat procs memory pagedisks faults cpu r b w avmfre flt re pi pofr sr da0 pa0 in sy cs us sy id 1 0 0924M 154M20 0 0 0 6 1 0 0 189 1178 1366 4 1 95 proxy-br# systat /0 /1 /2 /3 /4 /5 /6 /7 /8 /9 /10 Load Average || /0% /10 /20 /30 /40 /50 /60 /70 /80 /90 /100 root idle XX root idle X squid squid X root kernel X my squid.conf is as below http_port 3128 hierarchy_stoplist cgi-bin ? acl QUERY urlpath_regex cgi-bin \? no_cache deny QUERY cache_mem 256 MB visible_hostname pxy #negative_ttl 0 acl PURGE method PURGE acl localhost src 127.0.0.1 http_access allow PURGE localhost http_access deny PURGE cache_replacement_policy heap LFUDA memory_replacement_policy heap GDSF cache_dir aufs /cache 45000 16 256 cache_store_log /dev/null #/var/log/squid27/store.log cache_store_log none cache_swap_low 80 cache_swap_high 90 cache_log /var/log/squid27/cache.log cache_access_log /var/log/squid27/access.log half_closed_clients off ... ...acl... . #always_direct allow myiplist cache_mgr x...@ cache_effective_user squid cache_effective_group squid logfile_rotate 0 buffered_logs on nonhierarchical_direct off prefer_direct off ie_refresh on ftp_list_width 32 ftp_passive on ftp_sanitycheck on ftp_telnet_protocol on emulate_httpd_log on Your expert opinion is required, please. Warm Regards, .Goody.
Re: [squid-users] trigger rediredt_url_program if there is a change in ip address
tor 2010-05-20 klockan 17:00 +0630 skrev jyothi: change in the system ip address. I am working on a project which detects the change in the connection (wired to wireless and so on) and based on the change, I need to take a appropriate action. Lets say I switch from WiFi to mobile broadband while browsing, I want to get a lighter version of web page. If you are using NetworkManager then an easy spot for integrating things like this is by placing a action in /etc/NetworkManager/dispatcher.d/ This is used by the Squid rpm on Fedora to automatically react on network interface changes which changes /etc/resolv.conf and some other important parameters. Regards Henrik
[squid-users] Advices for a squid cluster with kerberos auth
Hello, I'm currently satisfied with my round-robin DNS enabled cluster of two Squid with ntlm authentication. But, with th appearance of Windows 7 and Windows 2008, I see by searching for documentation on the web that I need to use Kerberos Authentication if I would like Internet Explorer 8 from 2008 or 7 to work. Do you have any advices for achieving this setup ? What clustering mechanism do you use. Does the kerberos part of the install need to be customized to support being put in cluster mode (which needs to be defined) ? Thanks for your helps and docs. PS : Testing it will be easy so I thinks I'll enable Debian Backports repository in order to have 2.7STABLE9. -- Emmanuel Lesouef
Re: [squid-users] Advices for a squid cluster with kerberos auth
Emmanuel Lesouef wrote: Hello, I'm currently satisfied with my round-robin DNS enabled cluster of two Squid with ntlm authentication. But, with th appearance of Windows 7 and Windows 2008, I see by searching for documentation on the web that I need to use Kerberos Authentication if I would like Internet Explorer 8 from 2008 or 7 to work. Do you have any advices for achieving this setup ? What clustering mechanism do you use. Does the kerberos part of the install need to be customized to support being put in cluster mode (which needs to be defined) ? Thanks for your helps and docs. PS : Testing it will be easy so I thinks I'll enable Debian Backports repository in order to have 2.7STABLE9. Without havign used either, I expect if your clustering setup works with NTLM it will work equally well or better for Kerberos. The two protocols are very much similar, with Kerberos doing away with one of the handshake HTTP reject messages. Amos -- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.3
Re: [squid-users] WARNING cache_mem is larger than total disk cache space!
Georg Höllrigl wrote: Am 19.05.2010 16:40, schrieb Peng, Jeff: Can set cache_dir with a memory filesystem. So it's not possible to just tell squid to store the cache items in ram without using a ramdisk? Yes. Squid has it's own built-in ramdisk equivalent for memory caching the most popular or recent objects. It's size is defined by the cache_mem setting which may be used with or without the disk caching. To run diskless: * 3.0 and numerically lower there is a null disk type to set on cache_dir line and override the default 100MB on-disk cache. * 3.1+ have no such default on-disk so removing all cache_dir lines is the same end result. Amos -- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.3
Re: [squid-users] trigger rediredt_url_program if there is a change in ip address
jyothi wrote: Hello All, I want to use the redirect_url_program when there is a change ip address of my system. Is it possible to detect the change in ip using squid proxy? Let me put in other words, Can squid proxy communicate to any of the system applications, lets say a shell script? Thanks There is a squid.conf option for Windows machines (only). On non-windows each network interface has hooks that triggers to run a set of scripts. One of which can be a script to reconfigure Squid. Amos -- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.3
Re: [squid-users] trigger rediredt_url_program if there is a change in ip address
How often the squid.conf file is read by the browser? is it on every load of page? On Fri, 21 May 2010 00:43:18 +1200, Amos Jeffries wrote jyothi wrote: Hello All, I want to use the redirect_url_program when there is a change ip address of my system. Is it possible to detect the change in ip using squid proxy? Let me put in other words, Can squid proxy communicate to any of the system applications, lets say a shell script? Thanks There is a squid.conf option for Windows machines (only). On non-windows each network interface has hooks that triggers to run a set of scripts. One of which can be a script to reconfigure Squid. Amos -- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.3
Re: [squid-users] Squid 3.1.3 crashes
Le mercredi 19 mai 2010 14:44:21, Henrik Nordström a écrit : ons 2010-05-19 klockan 09:16 -0500 skrev Luis Daniel Lucio Quiroz: Helo, I'm having this, under 3.1.3 (unfortunallty server is in producction) 2010/05/18 23:39:57| NETDB state saved; 0 entries, 0 msec 2010/05/19 00:42:12| NETDB state saved; 0 entries, 0 msec 2010/05/19 01:22:57| NETDB state saved; 0 entries, 0 msec 2010/05/19 02:13:03| NETDB state saved; 0 entries, 0 msec 2010/05/19 03:24:26| NETDB state saved; 0 entries, 0 msec 2010/05/19 04:05:13| NETDB state saved; 0 entries, 0 msec 2010/05/19 05:09:55| NETDB state saved; 0 entries, 0 msec FATAL: Received Segment Violation...dying. 2010/05/19 06:15:04| storeDirWriteCleanLogs: Starting... 2010/05/19 06:15:04| WARNING: Closing open FD 25 2010/05/19 06:15:04| Finished. Wrote 34985 entries. 2010/05/19 06:15:04| Took 0.01 seconds (5138807.29 entries/sec). CPU Usage: 43.150 seconds = 28.280 user + 14.870 sys Maximum Resident Size: 0 KB Page faults with physical i/o: 0 Memory usage for squid via mallinfo(): Did you get a core dump? If so then extract a stack backtrace from it an file a bug report. See also the FAQ on how to file bug reports. Regards Henrik I was trying to do backtrace but after 6 hours waiting to crach again , icouldnt ii may try again in a while
Re: [squid-users] WARNING cache_mem is larger than total disk cache space!
Am 20.05.2010 14:40, schrieb Amos Jeffries: To run diskless: * 3.0 and numerically lower there is a null disk type to set on cache_dir line and override the default 100MB on-disk cache. Thank you - I found the missing part. Disk type null also requires a directory - even with the config file stating: # The null store type: # # no options are allowed or required Georg
RE: [squid-users] Testing website I have set not to cache.
2010/5/20 Henrik Nordström hen...@henriknordstrom.net: ons 2010-05-19 klockan 14:03 -0500 skrev Ryan McCain: I have this set in my Squid 2.7 conf file.. #5/19/10 - Added to bypass Webex caching acl webex dstdomain .webex.com #5/19/20 - Added to not cache webex cache deny webex ...How can I verify Squid isn't caching anything going to Webex.com? Monitor cache.log and look for requests with TCP_HIT in their status code. Should that be access.log? :) So, if I see this then these requests ARE being cached? 1274366775.203 54 10.120.100.235 TCP_MISS/200 39 CONNECT dssla.webex.com:443 - DIRECT/64.68.104.194 - 1274366775.708554 10.120.100.235 TCP_MISS/200 6147 CONNECT dssla.webex.com:443 - DIRECT/64.68.104.194 - 1274366775.898164 10.120.100.235 TCP_MISS/200 3419 CONNECT dssla.webex.com:443 - DIRECT/64.68.104.194 - 1274366779.316 3394 10.120.100.235 TCP_MISS/200 7296 CONNECT dssla.webex.com:443 - DIRECT/64.68.104.194 - 1274366779.936170 10.120.100.235 TCP_MISS/200 2607 CONNECT dssla.webex.com:443 - DIRECT/64.68.104.194 - 1274366780.042703 10.120.100.235 TCP_MISS/200 30638 CONNECT dssla.webex.com:443 - DIRECT/64.68.104.194 - 1274366780.195425 10.120.100.235 TCP_MISS/200 11939 CONNECT dssla.webex.com:443 - DIRECT/64.68.104.194 - 1274366780.322214 10.120.100.235 TCP_MISS/200 3399 CONNECT dssla.webex.com:443 - DIRECT/64.68.104.194 - 1274366782.305 62237 10.120.100.235 TCP_MISS/200 3275 CONNECT dssla.webex.com:443 - DIRECT/64.68.104.194 - ..If so, what is wrong w/ the config that I posted? -- Tech support agency in China http://duxieweb.com/
Re: [squid-users] Testing website I have set not to cache.
2010/5/20 Ryan McCain ryan.mcc...@la.gov: 2010/5/20 Henrik Nordström hen...@henriknordstrom.net: ons 2010-05-19 klockan 14:03 -0500 skrev Ryan McCain: I have this set in my Squid 2.7 conf file.. #5/19/10 - Added to bypass Webex caching acl webex dstdomain .webex.com #5/19/20 - Added to not cache webex cache deny webex ...How can I verify Squid isn't caching anything going to Webex.com? Monitor cache.log and look for requests with TCP_HIT in their status code. Should that be access.log? :) So, if I see this then these requests ARE being cached? 1274366775.203 54 10.120.100.235 TCP_MISS/200 39 CONNECT dssla.webex.com:443 - DIRECT/64.68.104.194 - TCP_MISS means no caching. -- Tech support agency in China http://duxieweb.com/
[squid-users] Installed Squid and now what?
Hi, I am new to squid and i am here for just one reason. I have been looking for caching mp3s stored on my server to save bandwith and also block downloading them. I found out that squid does both of these best. I have installed 3.1.0.15 version but now i really dont know what to do. There are many examples on web but some gave errors so i decided to listen to squid community. Can you please give me some documentation or examples about 1. How will i let squid to work without changing browsers proxy settings? I mean it will be availabla for all visitors. 2. How will i cache mp3s to save bandwith? 3. This is not important but it would be great if users just can listen them but cant download? Please tell me that these can be done. Thank you all. Onur
Re: [squid-users] set-cookie header and rfc2109
On 20-5-2010 12:05, Mark Nottingham wrote: Note that there really isn't any specification that describes how cookies actually work in the wild. Hopefully that will change soon, thanks to https://datatracker.ietf.org/wg/httpstate/charter/. Thanks, good to know! -- With kind regards, Angelo Höngens systems administrator MCSE on Windows 2003 MCSE on Windows 2000 MS Small Business Specialist -- NetMatch tourism internet software solutions Ringbaan Oost 2b 5013 CA Tilburg +31 (0)13 5811088 +31 (0)13 5821239 a.hong...@netmatch.nl www.netmatch.nl --
Re: [squid-users] Installed Squid and now what?
Did you read the following: http://wiki.squid-cache.org/SquidFaq/ReverseProxy http://wiki.squid-cache.org/ConfigExamples#Reverse_Proxy_.28Acceleration.29 These will give a very good idea on what this involves, and will answer your #1. For #2, if your Squid is hosted nearer to your users, then it might save you bandwidth. But, if Squid is hosted just beside your HTTP server (as is usually the case), then it will not save bandwidth for you. What it will do is, it will help save resources on your HTTP server (mostly if HTTP server is on a separate machine), so that you can server more users. Squid is more efficient at file delivery than an HTTP server. For #3, this is not the premise of Squid (AFAIK). Regards HASSAN 2010/5/20 Mustafa Aydemir tecmu...@gmail.com Hi, I am new to squid and i am here for just one reason. I have been looking for caching mp3s stored on my server to save bandwith and also block downloading them. I found out that squid does both of these best. I have installed 3.1.0.15 version but now i really dont know what to do. There are many examples on web but some gave errors so i decided to listen to squid community. Can you please give me some documentation or examples about 1. How will i let squid to work without changing browsers proxy settings? I mean it will be availabla for all visitors. 2. How will i cache mp3s to save bandwith? 3. This is not important but it would be great if users just can listen them but cant download? Please tell me that these can be done. Thank you all. Onur
[squid-users] IPv6 slow on internal sites
Hello, We have installed Squid 3.1.3 (compiled from sources using a spec file I found for version 3.0.3 at the time) on a CentOS 5.5 server (i386). We are seeing slow loading of images on all IPv6 internal sites (but not to external IPv6 sites). Loading test is instant, just images is causing problems. I was wondering if that is something that anyone here might have encountered? I was thinking of some possible pmtu issue but after some experiments, it does not seem to be the case. I have also tried to specify direct access for the sites, but that didn't fix it: acl INSIDE dst 2001::xx::/48 always_direct allow INSIDE Any suggestion welcome. Cheers, Steph
[Fwd: Re: [squid-users] Installed Squid and now what?]
Thanks for reply Toro, I think the fisrt thing i might do is understanding normal and reverse proxy:) ---BeginMessage--- 1. You need to set up Squid in transparent mode 2. The bandwith saving, I think is only for normal proxy no for reverse proxy 3. If you can read it, you can copy it. 2010/5/20 Mustafa Aydemir tecmu...@gmail.com Hi, I am new to squid and i am here for just one reason. I have been looking for caching mp3s stored on my server to save bandwith and also block downloading them. I found out that squid does both of these best. I have installed 3.1.0.15 version but now i really dont know what to do. There are many examples on web but some gave errors so i decided to listen to squid community. Can you please give me some documentation or examples about 1. How will i let squid to work without changing browsers proxy settings? I mean it will be availabla for all visitors. 2. How will i cache mp3s to save bandwith? 3. This is not important but it would be great if users just can listen them but cant download? Please tell me that these can be done. Thank you all. Onur ---End Message---
[Fwd: Re: [squid-users] Installed Squid and now what?]
Thanks for links Hassan, I hope these will help me, thank you again. ---BeginMessage--- Did you read the following: http://wiki.squid-cache.org/SquidFaq/ReverseProxy http://wiki.squid-cache.org/ConfigExamples#Reverse_Proxy_.28Acceleration.29 These will give a very good idea on what this involves, and will answer your #1. For #2, if your Squid is hosted nearer to your users, then it might save you bandwidth. But, if Squid is hosted just beside your HTTP server (as is usually the case), then it will not save bandwidth for you. What it will do is, it will help save resources on your HTTP server (mostly if HTTP server is on a separate machine), so that you can server more users. Squid is more efficient at file delivery than an HTTP server. For #3, this is not the premise of Squid (AFAIK). Regards HASSAN 2010/5/20 Mustafa Aydemir tecmu...@gmail.com Hi, I am new to squid and i am here for just one reason. I have been looking for caching mp3s stored on my server to save bandwith and also block downloading them. I found out that squid does both of these best. I have installed 3.1.0.15 version but now i really dont know what to do. There are many examples on web but some gave errors so i decided to listen to squid community. Can you please give me some documentation or examples about 1. How will i let squid to work without changing browsers proxy settings? I mean it will be availabla for all visitors. 2. How will i cache mp3s to save bandwith? 3. This is not important but it would be great if users just can listen them but cant download? Please tell me that these can be done. Thank you all. Onur ---End Message---
RE: [squid-users] refresh patterns for Caching Media
From: kafr...@hotmail.com To: squid-users@squid-cache.org Date: Wed, 19 May 2010 18:35:44 +0200 Subject: [squid-users] refresh patterns for Caching Media Hello eveyone, We are using Squid 2.7 for caching educational media files. We are only using the cache for users who need to access these files. For other internet traffic the cache will be bypassed. The media files will not be changed for at least a year at which point I will run a script to pre-load the cache with the new media files. 1. How can I set the refresh pattern to never refresh these media files? The files are swf (flash) flv, and mp3, etc. This is what I currently have for media: refresh_pattern -i \.(iso|avi|wav|mp3|mp4|mpeg|swf|flv|x-flv)$ 43200 90% 432000 override-expire override-lastmod reload-into-ims ignore-reload ignore-no-cache ignore-no-store ignore-private 2. If I have already pre-loaded media files into the cache, will changes to the refresh patterns work retroactively on these files, or will I have to load them into the cache again? Thanks. Kafriki does anyone have any suggestions or recommendations that they can share with me on this? _ New Windows 7: Simplify what you do everyday. Find the right PC for you. http://windows.microsoft.com/shop
[squid-users] Slowness in downloading files, but not web browsing
Hi everyone, We're running Squid 3.1.1 on a virtual Ubuntu x64 server sitting on a fiber LUN. It's been up for a couple of months without issue any issues until recently. Over the past week or so I've had users calling in to report that downloading files from the internet has been very slow. They'll start out with a fast download speed, but it will quickly go down to about 5kb/sec. If I circumvent the proxy server and connect to these sites directly, the download goes right through no problem. I've tried restarting the Squid service with no luck. Any suggestions? Thanks Jack This message and any attachments are the property of WS Development, may be privileged or confidential and are intended only for the addressee. If you have received this email in error, please delete it immediately. Any views expressed herein are the author's and do not necessarily represent those of the company.
Re: [squid-users] trigger rediredt_url_program if there is a change in ip address
tor 2010-05-20 klockan 19:20 +0630 skrev jyothi: How often the squid.conf file is read by the browser? is it on every load of page? It's read by skuid when you run squid -k reconfigure
Re: [squid-users] IPv6 slow on internal sites
tor 2010-05-20 klockan 17:03 +0100 skrev FRLinux: We have installed Squid 3.1.3 (compiled from sources using a spec file I found for version 3.0.3 at the time) on a CentOS 5.5 server (i386). We are seeing slow loading of images on all IPv6 internal sites (but not to external IPv6 sites). Loading test is instant, just images is causing problems. Odd. does it work well to browse the internal sites from the proxy server itself but without usign Squid? I have also tried to specify direct access for the sites, but that didn't fix it: acl INSIDE dst 2001::xx::/48 always_direct allow INSIDE Do you have any cache peers traffic is normally forwarded to? If not then always_direct have no effect.
Re: [squid-users] IPv6 slow on internal sites
2010/5/20 Henrik Nordström hen...@henriknordstrom.net: does it work well to browse the internal sites from the proxy server itself but without usign Squid? Hello, i actually did some test from home to our sites and over v6 they are slow too, so i believe this is no longer a squid issue. Sorry for the noise (although i'll carry on using squid 3.x at work since we are dual stacked there too, nice work guys :) Cheers, Steph
Re: [squid-users] IPv6 slow on internal sites
2010/5/20 FRLinux frli...@gmail.com: Hello, i actually did some test from home to our sites and over v6 they are slow too, so i believe this is no longer a squid issue. Found what the problem was, thought I should report even though it has nothing to do with Squid. Problem is Broadcom chipset related, TSO makes it behave at 16K/s when sending IPv6 packets (TX, does not affect RX). Bug: https://bugzilla.redhat.com/show_bug.cgi?id=531270 Just to be clear, the problem is not on the squid server but on the IPv6 server (which incidentally, is a kvm server). So that fixes it: ethtool -K eth0 tso off Cheers, Steph
Re: [squid-users] very slow browsing and page is not displaed properly
Dear Members, In addition to below information, I have added some more info regarding machine hardware and platform. RAM = 4 GB Processors = 4 HDDs SATA having implemented RAID-5 Running on VMWARE ESXi 3.5. Should you need any info, pls let me know. Waiting for your expert opinion, please. Warm Regards, .goody. - Original Message From: goody goody think...@yahoo.com To: squid-users@squid-cache.org Sent: Thu, May 20, 2010 4:31:21 PM Subject: [squid-users] very slow browsing and page is not displaed properly Hi, Version information and some statistics collected by me are as below. At times, my users complain the browsing becomes deadly slow and we page like yahoo, after much delay is displayed scattered and pictures are not visible rather X sign is displayed and after few times refresh screen becomes better. proxy-br# uname -a FreeBSD proxy-br 0-RELEASE FreeBSD 8.0-RELEASE #0: Sat Nov 21 15:48:17 UTC 2009 r...@almeida.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386 proxy-br# /usr/local/squid27/sbin/squid -v Squid Cache: Version 2.7.STABLE9 configure options: '--prefix=/usr/local/squid27' '--enable-async-io' '-enable-storeio=aufs,coss' '--enable-removal-policies=heap,lru' '--enable-snmp' '--with-openssl=/opt/ssl' '--enable-wccp' proxy-br# iostat -c 5 -w 3 tty da0pass0 cpu tin tout KB/t tps MB/s KB/t tps MB/s us ni sy in id 0 138 13.88 2 0.03 0.00 0 0.00 4 0 1 0 95 0 140 11.00 1 0.01 0.00 0 0.00 11 0 5 1 83 0 133 11.00 1 0.01 0.00 0 0.00 16 0 5 1 78 086 16.00 0 0.01 0.00 0 0.00 13 0 4 1 82 0 132 3.07 5 0.01 0.00 0 0.00 14 0 4 1 80 proxy-br# vmstat procs memory pagedisks faults cpu r b w avmfre flt re pi pofr sr da0 pa0 in sy cs us sy id 1 0 0924M 154M20 0 0 0 6 1 0 0 189 1178 1366 4 1 95 proxy-br# systat /0 /1 /2 /3 /4 /5 /6 /7 /8 /9 /10 Load Average || /0% /10 /20 /30 /40 /50 /60 /70 /80 /90 /100 root idle XX root idle X squid squid X root kernel X my squid.conf is as below http_port 3128 hierarchy_stoplist cgi-bin ? acl QUERY urlpath_regex cgi-bin \? no_cache deny QUERY cache_mem 256 MB visible_hostname pxy #negative_ttl 0 acl PURGE method PURGE acl localhost src 127.0.0.1 http_access allow PURGE localhost http_access deny PURGE cache_replacement_policy heap LFUDA memory_replacement_policy heap GDSF cache_dir aufs /cache 45000 16 256 cache_store_log /dev/null #/var/log/squid27/store.log cache_store_log none cache_swap_low 80 cache_swap_high 90 cache_log /var/log/squid27/cache.log cache_access_log /var/log/squid27/access.log half_closed_clients off ... ...acl... . #always_direct allow myiplist cache_mgr x...@ cache_effective_user squid cache_effective_group squid logfile_rotate 0 buffered_logs on nonhierarchical_direct off prefer_direct off ie_refresh on ftp_list_width 32 ftp_passive on ftp_sanitycheck on ftp_telnet_protocol on emulate_httpd_log on Your expert opinion is required, please. Warm Regards, .Goody.
[squid-users] Re: Advices for a squid cluster with kerberos auth
It will work with the right setup (e.g. you have to copy the Kerberos keytab to all machines and use the -s HTTP/RR-DNS-name or -s GSS_C_NO_NAME option with squid_kerb_auth). Regards Markus Amos Jeffries squ...@treenet.co.nz wrote in message news:4bf52c87.9080...@treenet.co.nz... Emmanuel Lesouef wrote: Hello, I'm currently satisfied with my round-robin DNS enabled cluster of two Squid with ntlm authentication. But, with th appearance of Windows 7 and Windows 2008, I see by searching for documentation on the web that I need to use Kerberos Authentication if I would like Internet Explorer 8 from 2008 or 7 to work. Do you have any advices for achieving this setup ? What clustering mechanism do you use. Does the kerberos part of the install need to be customized to support being put in cluster mode (which needs to be defined) ? Thanks for your helps and docs. PS : Testing it will be easy so I thinks I'll enable Debian Backports repository in order to have 2.7STABLE9. Without havign used either, I expect if your clustering setup works with NTLM it will work equally well or better for Kerberos. The two protocols are very much similar, with Kerberos doing away with one of the handshake HTTP reject messages. Amos -- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.3
[squid-users] Content-Type log erro
Hi, The content-type field in the access.log is always - character. The only time I saw text/html is when your request is deny. Linux CentOs 5.4 Squid Cache: Version 2.7.STABLE5 some squid.conf parameters: emulate_httpd_log off acl video rep_mime_type -i ^video/*$ http_reply_access deny video logformat squid %ts.%03tu %6tr %a %Ss/%03Hs %st %rm %ru %un %Sh/%A %mt access_log /var/log/squid/access.log I tried several configuration and I always get the same result. I have found the Bug http://bugs.squid-cache.org/show_bug.cgi?id=2298 , but i dont have find more information about resolution of this Bug. And I dont have found any information about solution in the version squid-2.7.STABLE5+ . Thanks Atenciosamente, __ Rômulo Giordani Boschetti IT Consulting - InterOp ( telefone 55 (51) 3216-7030 – Porto Alegre ( telefone 55 (11) 4063-7881 – São Paulo ( telefone 55 (41) 4063-7881 – Curitiba 4 fax 55 (51) 3216-7001 : site www.interop.com.br : email rom...@interop.com.br ___ ___
Re: [squid-users] Installed Squid and now what?
Mustafa Aydemir wrote: There are many examples on web but some gave errors so i decided to listen to squid community. We are all grateful for your generosity. 3. This is not important but it would be great if users just can listen them but cant download? There are times where I wonder if the open source idea has come to an end. I contribute to mailing lists of open source projects since 1995 and this is one of the ideas that keep floating around since then. In other words: you can easily achieve this! Write an operating system preventing browser selection. Then write a browser preventing download on right-click. Then persuade all the users of your website to use this piece of software and voila. Squid does not enter into this picture HTH, Jakob Curdes
Re: [squid-users] Installed Squid and now what?
fre 2010-05-21 klockan 00:40 +0200 skrev Jakob Curdes: In other words: you can easily achieve this! Write an operating system preventing browser selection. Then write a browser preventing download on right-click. Then persuade all the users of your website to use this piece of software and voila. Squid does not enter into this picture Usually implemented using DRM, which requires a specific certified client in order to be able to decode the information. You may still download DRM protected content, but without the certified client is just a pile of junk. Regards Henrik
[squid-users] agent.log and https clients
Hi all, I have a quick question about agent.log. Does the user agent get logged for https clients? I have some acls to allow only known user-agents and need to add whatever the user-agent is for Cisco ICM Script Editor which only connects via the proxy on https. I have disabled the agent acl to allow this client software to work but cannot find the user agent in agent.log. Nothing gets logged. Any clues would be helpful. Thanks Steve
[squid-users] 2.7 upstream parent (cache_peer) connection reset. Child how to handle?
Hi, I have a PoC of 2 Squids. One act as Parent and the other as Child. I tested a website that Parent will cause browser (directly configured to use Parent as proxy) to received connection reset. Other web pages are passed and viewed normally. When I tried to chain Child to Parent, and the browser (configured to use Child), the browser hung on the 'reset' page until The requested URL could not be retrieved. Other normal pages are retrieved and viewed fine. Browser -- Child -- Parent -- 'reset' Site (http://www.eicar.org/download/eicar_com.zip) = hung-then-failed. Browser -- Parent -- 'reset' Site (http://www.eicar.org/download/eicar_com.zip) = immediate received conn reset view. How can I configure the Child to see what the Parent see? By the way, I am using a malware/AV scan engine on the Parent OS, thus the conn reset when chanced bad sites/pages e.g. EICAR test. thanks, James Tan
