Re: [squid-users] maxage/s-maxage on reverse proxy mode
On 2010年06月23日 18:56, Henrik Nordström wrote: ons 2010-06-23 klockan 18:09 +0900 skrev sheng zheng: But the expiry time of the dynamic page will be different in each of squid, so the content of the page will be also different. By removing Cache-Control header and replacing with Expires header , can make all squids have a same expiry time of the page. But Expires header can't set the expiry time of cache for browser(max-age) or squid(s-maxage) separately. Set s-maxage = intended_cache_expires - now. Do you mean set s-maxage = 0 ? But this will make Squid to cache nothing. Thanks -Sheng
Re: [squid-users] Squid-Cache-Error with NTLM: got NTLMSSP command 3, expected 1
On Wed, 23 Jun 2010 09:28:38 +0200, Tom Tux tomtu...@gmail.com wrote: Hi A few days ago, I already wrote a post concerning the following messages in the cache.log (squid 3.1.3): [2010/06/23 09:13:46, 1] libsmb/ntlmssp.c:335(ntlmssp_update) got NTLMSSP command 3, expected 1 [2010/06/23 09:13:46, 1] libsmb/ntlmssp.c:335(ntlmssp_update) got NTLMSSP command 3, expected 1 [2010/06/23 09:13:46, 1] libsmb/ntlmssp.c:335(ntlmssp_update) got NTLMSSP command 3, expected 1 Our authentication is ntlm-based. http://markmail.org/message/aumkxcehqmlnuhbu?q=NTLMSSP+command+3+expected+1 Amos
Re: [squid-users] Optimized Squids
On Wed, 23 Jun 2010 09:51:40 -0500, Seann Clark nombran...@tsukinokage.net wrote: Amos Jeffries wrote: On Tue, 22 Jun 2010 16:05:04 -0500, Seann Clark nombran...@tsukinokage.net wrote: All, I have been playing with/tweaking/breaking my squid for a few months now, and I am looking for suggestions from the list on improving performance. This is on a home system, which does not have a large user base. I am running a Dual Xeon 2.0 Ghz system with 2 gigs ram, 120 Gigs hard drive, in a Raid 5 configuration controlled by a 3ware RAID card. Optimization Tip #1: get rid of the RAID-5. http://wiki.squid-cache.org/SquidFaq/RAID I am planning on adding in a new disk to the unit, to move the cache off the RAID volume, and keep the RAID volume just for the Operating system. Would that have any impact on squid if its binary lives on the RAID-5 volume, but the caches are on separate physical drives? It would get faster. That is all. You can even do it live for no downtime: update squid.conf with new cache_dir paths run squid -z run squid -k reconfigure to shift the cache location in the running copy. remove old RAID directories. I was using the stock Fedora 8 RPM for this, which was single threaded, squid 2.6 Stable 22. I am also running this with diskd currently. Optimization tip #2: run the fastest Squid release. Today 2.7 is current fastest official for production use. If you are willing to run semi-production code 2.HEAD daily snapshots have more speed experiments and some few high-performance testers behind it. I have recently recompiled squid to the latest stable for version 2.7 (Stable 9) with the async io flag passed to the configure command. After a little updating of my configurations, just enough to get it to work (I haven't changed any of the settings that are new to 2.7, so they are defaults right now), I have noticed a drastic improvement in speed and even when the system is at a high load (3-5 on the system load, So that covers #2. :) Optimization tip #3: use fastest disk IO method available. Fedora being a linux that would be AUFS. Specifically in 2.7, AUFS tuned via cache_dir directive for large objects (~1MB or more) alongside COSS directories for objects smaller than the AUFS holds. NP: these two caches types are happy to share one disk between them. An exception to the on-disk-per-cache_dir rule of thumb. To get this a little clearer, as I am still learning what I can do with the cache, I would configure the directives as such (example sizes): cache_dir coss /var/spool/coss_cache 1024 1 cache_dir aufs /var/spool/bigcache 1024 100 There are three numbers needed (size in MB, number of top level directories, number of sub-directories) The options after those for AUFS you will need the min-size=N parameter and the COSS dir will need the max-size=N parameter (non-overlapping so one byte difference) http://www.squid-cache.org/Versions/v2/2.7/cfgman/cache_dir.html has full documentation on the directive and its settings. The specific relevant bits you want to read are under The coss store type: and Common options: at the bottom. reported by top) it runs fairly well. I am looking at moving my cache directories off to a different disk, formatted with reiserFS, I am also planning on running it using diskd as the storage scheme. The drive I am see tip #3. AUFS makes use of multi-core threads, diskd process is single-threaded even if it runs additional to the Squid main thread. From my own experience, Squid has had no direct benefit from RieserFS over extN. The OS and other apps sometimes do gain, so it's up to you. You will need to tune the items which get journalled such as noatime etc to increase disk IO speeds either way. using will be about 100 gigs of formatted space, and I plan to use all that space for the cache. Make sure you have enough RAM for the indexes. 2GB is borderline for your planned cache size. 4KB per object stored is what the index uses, with up to 2^31 objects per cache_dir = up to 8GB index. Reality varies with your users habits. NP: 2.7 in-memory handling of large objects is not great, so sacrificing any large cache_mem RAM cache for COSS small-object cache is probably a good trade-off in that release. Expanded RAM in the system is planned, so it is a good point you mentioned as it gives me a baseline to get for the system I would like to know if this is a good plan, or should I change some things and how to change them, as well as any suggestions of configuration settings with the cache, and 2.7 options that may make a cache run even faster. On top of those basic parameters, your ACL configuration strongly influences speed. Read the wiki ACL pages on which are grouped as fast/slow (NP: 'fast' does not strictly mean speed there) to get the ordering
[squid-users] c-icap vs Havp
Hi In order to use Anti virus scanning with Squid proxy which one is suitable whether C-ICAP with ClamAV or HAVP with ClamAv.We are having request rate around 300-350 re/sec.Which one will handle more requests with ease?We have made some basic tests and it seems c-icap will handle more requests. Thanks senthilkumar
Re: [squid-users] c-icap vs Havp
On 24.06.10 10:05, senthilkumaar2021 wrote: In order to use Anti virus scanning with Squid proxy which one is suitable whether C-ICAP with ClamAV or HAVP with ClamAv.We are having request rate around 300-350 re/sec.Which one will handle more requests with ease?We have made some basic tests and it seems c-icap will handle more requests. then it's apparently true. and I found that more feasdible than using any kind of parent caches for squid -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Nothing is fool-proof to a talented fool.
[squid-users] url_rewrite_access-directive bypasses everything
Hi With the following acl acl ALLOWED_HOSTS src /etc/squid/Allowed_hosts I set a list of hosts, which should be able, to get webaccess without passing the url_rewrite_program. I read, that I can use the url_rewrite_access-directive to make a kind of bypassing the redirector. How do I have to understand the url_rewrite_access-directive? Does deny mean, that the host passes or bypasses the redirector? I set the directive like this: url_rewrite_access allow ALLOWED_HOSTS With that, the Hosts listed in the file /etc/squid/Allowed_hosts are allowed to get internet-access. But, other clients can now access websites, which should normally blocked. It seems, that the url_rewrite_access-directive bypasses now all requests. Is there an explanation for this behavior? Thanks a lot. Tom
Re: [squid-users] Skype block
Ricardo, ufdbGuard is a URL redirector for Squid. Its main purpose is URL filtering and it is also capable of filtering Skype the way that you want. Skype uses direct communication (blocked by your firewall), HTTP [proxy] (blocked by Squid since Skype does not obey HTTP protocol) and HTTPS [proxy] to communicate with other Skype nodes. To block the use of a HTTPS proxy you need to configure ufdbGuard to - configure a whitelist to allow traffic to your own web servers - block HTTPS traffic for non-FQDN Marcus Riccardo Castellani wrote: I'm reading about method to block users for using Skype, can you confirm unique way is to deny access directly to all IP address when method 'connect' (SSL) is used ? In this way people cannot access directly to specific site using IP instead FQDN ! Can I restrict Skype access in another way to avoid this behaviour ?
Re: [squid-users] Optimized Squids
On Tue, 22 Jun 2010 16:05:04 -0500, Seann Clark nombran...@tsukinokage.net wrote: now, and I am looking for suggestions from the list on improving performance. This is on a home system, which does not have a large user base. I am running a Dual Xeon 2.0 Ghz system with 2 gigs ram, 120 Gigs hard drive, in a Raid 5 configuration controlled by a 3ware RAID card. Amos Jeffries wrote: Optimization Tip #1: get rid of the RAID-5. http://wiki.squid-cache.org/SquidFaq/RAID On 23.06.10 09:51, Seann Clark wrote: I am planning on adding in a new disk to the unit, to move the cache off the RAID volume, and keep the RAID volume just for the Operating system. Would that have any impact on squid if its binary lives on the RAID-5 volume, but the caches are on separate physical drives? Why to have raid-5 for system? do you have so small disks and so many of data on it? If not, downsize it, convert it to raid-1 and use remaining disk for another cache_dir. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Atheism is a non-prophet organization.
[squid-users] Tproxy working
Hi Could any one explain how tproxy works and how requested is processed with an example. Thanks and regards senthilkumar
Re: [squid-users] Squid-Cache-Error with NTLM: got NTLMSSP command 3, expected 1
I didn't configured kerberos-helper like squid_kerb_auth. I'm just using ntlm_auth. So why do I have this message? 2010/6/24 Amos Jeffries squ...@treenet.co.nz: On Wed, 23 Jun 2010 09:28:38 +0200, Tom Tux tomtu...@gmail.com wrote: Hi A few days ago, I already wrote a post concerning the following messages in the cache.log (squid 3.1.3): [2010/06/23 09:13:46, 1] libsmb/ntlmssp.c:335(ntlmssp_update) got NTLMSSP command 3, expected 1 [2010/06/23 09:13:46, 1] libsmb/ntlmssp.c:335(ntlmssp_update) got NTLMSSP command 3, expected 1 [2010/06/23 09:13:46, 1] libsmb/ntlmssp.c:335(ntlmssp_update) got NTLMSSP command 3, expected 1 Our authentication is ntlm-based. http://markmail.org/message/aumkxcehqmlnuhbu?q=NTLMSSP+command+3+expected+1 Amos
[squid-users] tproxy
hi squid : Tproxy http_port : 8080 request client:1234 - squidserver:80 redirect squidserver:80-squidserver:8080 my question is ?? request squidserver: port1 --- webserver:80 /// what is the port squid server request webserer response webserver:80server:port2 ///what is the port webserver response to squidserver response squidserver:port3--client /// what is the port squidserver response to client what is the port1, port2 and port3? Thanks -Viswa
Re: [squid-users] c-icap vs Havp
On Thu, Jun 24, 2010 at 08:39:07AM +0200, Matus UHLAR - fantomas wrote: On 24.06.10 10:05, senthilkumaar2021 wrote: In order to use Anti virus scanning with Squid proxy which one is suitable whether C-ICAP with ClamAV or HAVP with ClamAv.We are having request rate around 300-350 re/sec.Which one will handle more requests with ease?We have made some basic tests and it seems c-icap will handle more requests. then it's apparently true. and I found that more feasdible than using any kind of parent caches for squid HAVP is not very optimized in it's architecture, sadly no one has time to improve it. ICAP certainly is the easier choice and more manageable for such rates. For lesser rates HAVP does have it's advantages. http://www.squid-cache.org/mail-archive/squid-users/201003/0400.html
Re: [squid-users] c-icap vs Havp
Thank you very much Matus UHLAR and Henrik Henrik K wrote: On Thu, Jun 24, 2010 at 08:39:07AM +0200, Matus UHLAR - fantomas wrote: On 24.06.10 10:05, senthilkumaar2021 wrote: In order to use Anti virus scanning with Squid proxy which one is suitable whether C-ICAP with ClamAV or HAVP with ClamAv.We are having request rate around 300-350 re/sec.Which one will handle more requests with ease?We have made some basic tests and it seems c-icap will handle more requests. then it's apparently true. and I found that more feasdible than using any kind of parent caches for squid HAVP is not very optimized in it's architecture, sadly no one has time to improve it. ICAP certainly is the easier choice and more manageable for such rates. For lesser rates HAVP does have it's advantages. http://www.squid-cache.org/mail-archive/squid-users/201003/0400.html
[squid-users] setsockopt(IP_TOS) not supported on this platform
I set tcp_outgoing_tos 0x30 And I keep getting error on cache log: comm_open: setsockopt(IP_TOS) not supported on this platform Thus the TOS is not working. Anyone fix it yet? Thanks Sent from my BlackBerry® powered by Sinyal Kuat INDOSAT
[squid-users] FTP Access
i have installed squid through source code.i m not able to access ftp server on the Internet. how can i allow ftp traffic from Squid Server?? _ If It Exists, You'll Find it on SEEK. Australia's #1 job site http://clk.atdmt.com/NMN/go/157639755/direct/01/
[squid-users] squid3 configuration
Hello, I setup squid3 and everything works but in my access log i get: .. TCP_MISS/200 975 GET http://www.squid-cache.org/Images/img3.gif - DIRECT/198.186.193.234 image/gif .. TCP_MISS/200 961 GET http://www.squid-cache.org/Images/img8.gif - DIRECT/198.186.193.234 image/gif .. TCP_MISS/200 29255 GET http://www.squid-cache.org/Images/img4.jpg - DIRECT/209.169.10.131 image/jpeg .. TCP_MISS/200 619 GET http://www.squid-cache.org/Images/img5.gif - DIRECT/209.169.10.131 image/gif .. TCP_MISS/200 617 GET http://www.squid-cache.org/Images/img7.gif - DIRECT/209.169.10.131 image/gif .. TCP_MISS/200 1858 GET http://www.squid-cache.org/favicon.ico - DIRECT/209.169.10.131 image/x-icon .. TCP_MISS/200 7352 GET http://www.squid-cache.org/Download/ - DIRECT/209.169.10.131 text/html Is all traffic going directly ? If so, how can I change it ? My cache directory is configured. Regards, Ph.
Re: [squid-users] Optimized Squids
On 6/24/2010 1:45 AM, Matus UHLAR - fantomas wrote: On Tue, 22 Jun 2010 16:05:04 -0500, Seann Clark nombran...@tsukinokage.net wrote: now, and I am looking for suggestions from the list on improving performance. This is on a home system, which does not have a large user base. I am running a Dual Xeon 2.0 Ghz system with 2 gigs ram, 120 Gigs hard drive, in a Raid 5 configuration controlled by a 3ware RAID card. Amos Jeffries wrote: Optimization Tip #1: get rid of the RAID-5. http://wiki.squid-cache.org/SquidFaq/RAID On 23.06.10 09:51, Seann Clark wrote: I am planning on adding in a new disk to the unit, to move the cache off the RAID volume, and keep the RAID volume just for the Operating system. Would that have any impact on squid if its binary lives on the RAID-5 volume, but the caches are on separate physical drives? Why to have raid-5 for system? do you have so small disks and so many of data on it? If not, downsize it, convert it to raid-1 and use remaining disk for another cache_dir. My Squid runs on a firewall, and mail server, which I have had issues with losing disks, and having to start the entire build from scratch, causing me problems and downtime for the rebuild, and new parts was unacceptable. I have had the unit on RAID 5 and have a hot spare available with it and haven't had any downtime since. That is the only reason I have it set up like that. ~Seann smime.p7s Description: S/MIME Cryptographic Signature
Re: [squid-users] maxage/s-maxage on reverse proxy mode
tor 2010-06-24 klockan 11:38 +0900 skrev Sheng.Zheng: Set s-maxage = intended_cache_expires - now. Do you mean set s-maxage = 0 ? But this will make Squid to cache nothing. No, to the interval remaining until the reply should expire if you want it to expire at a fixed time. Regards Henrik
Re: [squid-users] FTP Access
On 24.06.10 11:32, Malik Madni wrote: i have installed squid through source code.i m not able to access ftp server on the Internet. how can i allow ftp traffic from Squid Server?? Squid is a HTTP proxy, do you only can access FTP sites using HTTP protocol with squid. Some FTP clients support using HTTP proxy, or you can use intercepting proxy by using frox. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. I drive way too fast to worry about cholesterol.
[squid-users] Centos 5.5 + kernel 3.1 + Tproxy + Squid 3.1.4
Hello. list, anyone have any idea if it works with this configuration in squid 3.xx? http://wiki.mikrotik.com/wiki/External_Squid_Box_with_No_Limit_Cache_HIT_Object_ROS_2.9 thanks
[squid-users] Same cached copy for multiple TLDs
Hello, I am currently running squid3, Version 3.0.STABLE19, on an Ubuntu 10.4 server as a reverse proxy for an eZPublish backend application. The squid.conf contains the following uncommented lines: acl manager proto cache_object acl localhost src 127.0.0.1/32 acl to_localhost dst 127.0.0.0/8 acl PURGE method PURGE http_access allow PURGE localhost http_access deny PURGE acl SSL_ports port 80 acl CONNECT method CONNECT http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow localhost http_access allow all icp_access allow all htcp_access deny all http_port 81 vhost defaultsite=www.example.com cache_peer 192.168.1.6 parent 80 0 no-query originserver hierarchy_stoplist cgi-bin ? cache_mem 512 MB maximum_object_size_in_memory 50 KB cache_dir ufs /var/spool/squid3 51200 30 256 access_log /var/log/squid3/access.log squid cache_store_log none url_rewrite_host_header off acl QUERY urlpath_regex cgi-bin cache deny QUERY refresh_pattern -i \.(gif|png|jpg|jpeg|ico)$ 43200 90% 84600 refresh_pattern ^ftp: 144020% 10080 refresh_pattern ^gopher:14400% 1440 refresh_pattern (cgi-bin|\?)0 0% 0 refresh_pattern . 0 80% 1440 visible_hostname www.example.com icp_port 3130 coredump_dir /var/spool/squid3 The apache virtual host configuration for the backend application includes a number of server aliases for multiple TLDs, for example www.example.es and www.example.de. These aliases point to the same backend application and hence pages. During my testing of the squid configuration, I have noticed that squid creates a separate cache entry for the same requested page for the different TLDs. In other words, it does not seem to use the same cached copy for www.example.com/page1 and www.example.es/page1. Is there a way to configure squid to serve the same cached copy for a page regardless of the actual domain name? Thank you in advance for your help. Best regards, Rebecca -- -- Rebecca Denham - Just Landed General Tel: +34 91 590 2611 rebecca.den...@justlanded.com -- http://www.justlanded.com - Helping people abroad! Find out more about us - http://blog.justlanded.com --
[squid-users] cachemanager
Hi, I installed cachemanager and when i go to the url i have to fill in a manager name and a password. The password I know (it is defined in my squid.conf), but I don't know about the manager name. I tried several names but it's not working. How do I know what name to use ? Thnx, Ph.
RE: [squid-users] cachemanager
-Original Message- From: Philippe Dhont [mailto:philippe.dh...@gems-group.com] Sent: Thursday, June 24, 2010 9:28 AM To: squid-users@squid-cache.org Subject: [squid-users] cachemanager Hi, I installed cachemanager and when i go to the url i have to fill in a manager name and a password. The password I know (it is defined in my squid.conf), but I don't know about the manager name. I tried several names but it's not working. How do I know what name to use ? Thnx, Ph. Anything you want, it just uses it for logging.
RE: [squid-users] cachemanager
I tried that, but I get: Cache manager error Connect 127.0.0.1:3128: (111) connection refused. Thnx, Ph. Hi, I installed cachemanager and when i go to the url i have to fill in a manager name and a password. The password I know (it is defined in my squid.conf), but I don't know about the manager name. I tried several names but it's not working. How do I know what name to use ? Thnx, Ph. Anything you want, it just uses it for logging.
Re: [squid-users] Centos 5.5 + kernel 3.1 + Tproxy + Squid 3.1.4
Ariel wrote: Hello. list, anyone have any idea if it works with this configuration in squid 3.xx? http://wiki.mikrotik.com/wiki/External_Squid_Box_with_No_Limit_Cache_HIT_Object_ROS_2.9 The ZPH patches have been added to 3.1. The configuration options are somewhat different though: http://www.squid-cache.org/Doc/config/qos_flows/ Amos -- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.4
Re: [squid-users] Centos 5.5 + kernel 3.1 + Tproxy + Squid 3.1.4
Ariel wrote: Hello. list, anyone have any idea if it works with this configuration in squid 3.xx? http://wiki.mikrotik.com/wiki/External_Squid_Box_with_No_Limit_Cache_HIT_Object_ROS_2.9 thanks PS. This has nothing to do with TPROXY, CentOS or kernel Amos -- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.4
Re: [squid-users] tproxy
viswa wrote: hi squid : Tproxy http_port : 8080 request client:1234 - squidserver:80 redirect squidserver:80-squidserver:8080 This is nothing like how TPROXY works. Answer: port1 = random, port2=port1, port3 = N/A. Why are you asking this? Amos -- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.4
Re: [squid-users] Squid-Cache-Error with NTLM: got NTLMSSP command 3, expected 1
Tom Tux wrote: I didn't configured kerberos-helper like squid_kerb_auth. I'm just using ntlm_auth. So why do I have this message? Because Client software is sending Kerberos handshake instead of NTLM. 2010/6/24 Amos Jeffries squ...@treenet.co.nz: On Wed, 23 Jun 2010 09:28:38 +0200, Tom Tux tomtu...@gmail.com wrote: Hi A few days ago, I already wrote a post concerning the following messages in the cache.log (squid 3.1.3): [2010/06/23 09:13:46, 1] libsmb/ntlmssp.c:335(ntlmssp_update) got NTLMSSP command 3, expected 1 [2010/06/23 09:13:46, 1] libsmb/ntlmssp.c:335(ntlmssp_update) got NTLMSSP command 3, expected 1 [2010/06/23 09:13:46, 1] libsmb/ntlmssp.c:335(ntlmssp_update) got NTLMSSP command 3, expected 1 Our authentication is ntlm-based. http://markmail.org/message/aumkxcehqmlnuhbu?q=NTLMSSP+command+3+expected+1 Amos -- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.4
[squid-users] Good overall monitoring tools for squid?
Hey everyone, I'm looking for some software to look at reports on squid and manage squid. Amount of bandwidth saved through squid, etc. Anyone know any software that is really good for this? I've done my bit of researching on Google and the only feasible few I could come up with are squeezer2 and cachemgr. If you know any others that are really good for the job please let me know! Cheers, A.R
Re: [squid-users] Tproxy working
senthilkumaar2021 wrote: Hi Could any one explain how tproxy works and how requested is processed with an example. http://www.balabit.com/downloads/files/tproxy/README.txt As referenced under More at http://wiki.squid-cache.org/Features/Tproxy4 Amos -- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.4
Re: [squid-users] url_rewrite_access-directive bypasses everything
Tom Tux wrote: Hi With the following acl acl ALLOWED_HOSTS src /etc/squid/Allowed_hosts I set a list of hosts, which should be able, to get webaccess without passing the url_rewrite_program. I read, that I can use the url_rewrite_access-directive to make a kind of bypassing the redirector. How do I have to understand the url_rewrite_access-directive? Does deny mean, that the host passes or bypasses the redirector? I set the directive like this: url_rewrite_access allow ALLOWED_HOSTS With that, the Hosts listed in the file /etc/squid/Allowed_hosts are allowed to get internet-access. But, other clients can now access websites, which should normally blocked. It seems, that the url_rewrite_access-directive bypasses now all requests. Is there an explanation for this behavior? url_rewrite_access does neither permit nor deny access to websites. It determines which requested URL get sent to the url_rewrite_program for alteration before being passed on. Your first instinct was correct to set: url_rewrite_access deny ALLOWED_HOSTS url_rewrite_Access allow all Amos -- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.4
RE: [squid-users] FTP Access
i want to access ftp through command prompt. but it is blocked by squid. when i tried it on Squid machine then on squid ftp was opening on command prompt. Date: Thu, 24 Jun 2010 15:43:42 +0200 From: uh...@fantomas.sk To: squid-users@squid-cache.org Subject: Re: [squid-users] FTP Access On 24.06.10 11:32, Malik Madni wrote: i have installed squid through source code.i m not able to access ftp server on the Internet. how can i allow ftp traffic from Squid Server?? Squid is a HTTP proxy, do you only can access FTP sites using HTTP protocol with squid. Some FTP clients support using HTTP proxy, or you can use intercepting proxy by using frox. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. I drive way too fast to worry about cholesterol. _ View photos of singles in your area! Looking for a hot date? http://clk.atdmt.com/NMN/go/150855801/direct/01/
Re: [squid-users] squid3 configuration
Le jeudi 24 juin 2010 07:33:52, Philippe Dhont a écrit : Hello, I setup squid3 and everything works but in my access log i get: .. TCP_MISS/200 975 GET http://www.squid-cache.org/Images/img3.gif - DIRECT/198.186.193.234 image/gif .. TCP_MISS/200 961 GET http://www.squid-cache.org/Images/img8.gif - DIRECT/198.186.193.234 image/gif .. TCP_MISS/200 29255 GET http://www.squid-cache.org/Images/img4.jpg - DIRECT/209.169.10.131 image/jpeg .. TCP_MISS/200 619 GET http://www.squid-cache.org/Images/img5.gif - DIRECT/209.169.10.131 image/gif .. TCP_MISS/200 617 GET http://www.squid-cache.org/Images/img7.gif - DIRECT/209.169.10.131 image/gif .. TCP_MISS/200 1858 GET http://www.squid-cache.org/favicon.ico - DIRECT/209.169.10.131 image/x-icon .. TCP_MISS/200 7352 GET http://www.squid-cache.org/Download/ - DIRECT/209.169.10.131 text/html Is all traffic going directly ? If so, how can I change it ? My cache directory is configured. Regards, Ph. Phili DIRECT means that squid gets the traffic from the internet and not from a peer (parent-slibing)
Re: [squid-users] Good overall monitoring tools for squid?
Anushan Rajakulasingam wrote: Hey everyone, I'm looking for some software to look at reports on squid and manage squid. Amount of bandwidth saved through squid, etc. Anyone know any software that is really good for this? I've done my bit of researching on Google and the only feasible few I could come up with are squeezer2 and cachemgr. If you know any others that are really good for the job please let me know! Cheers, A.R What about calamaris, it is good for that purposes, for access reports I prefer sarg. -- Jorge Armando Medina Computación Gráfica de México Web: http://www.e-compugraf.com Tel: 55 51 40 72, Ext: 124 Email: jmed...@e-compugraf.com GPG Key: 1024D/28E40632 2007-07-26 GPG Fingerprint: 59E2 0C7C F128 B550 B3A6 D3AF C574 8422 28E4 0632
Re: [squid-users] cachemanager
Philippe Dhont wrote: I tried that, but I get: Cache manager error Connect 127.0.0.1:3128: (111) connection refused. Are you sure squid is listening on that socket? check with something like: netstat -pltn | grep 3128, if not change your http_port and acl rules. Thnx, Ph. Hi, I installed cachemanager and when i go to the url i have to fill in a manager name and a password. The password I know (it is defined in my squid.conf), but I don't know about the manager name. I tried several names but it's not working. How do I know what name to use ? Thnx, Ph. Anything you want, it just uses it for logging. -- Jorge Armando Medina Computación Gráfica de México Web: http://www.e-compugraf.com Tel: 55 51 40 72, Ext: 124 Email: jmed...@e-compugraf.com GPG Key: 1024D/28E40632 2007-07-26 GPG Fingerprint: 59E2 0C7C F128 B550 B3A6 D3AF C574 8422 28E4 0632 signature.asc Description: OpenPGP digital signature
[squid-users] measure using the proxy cache
Hi all. Its possible measure or to benchmark the use of cache, with a comparison of the navigation cache and without cache. Regards. __ Fale com seus amigos de graça com o novo Yahoo! Messenger http://br.messenger.yahoo.com/
Re: [squid-users] Same cached copy for multiple TLDs
Le jeudi 24 juin 2010 09:25:12, Rebecca Denham a écrit : During my testing of the squid configuration, I have noticed that squid creates a separate cache entry for the same requested page for the d Hi rebeca this is not possible with 3.x, well there is a big workarround - use icap to modify url to a standard one, lets say example.com always or you may go to 2.7, squid2 can do that you want LD
Re: [squid-users] Good overall monitoring tools for squid?
Le jeudi 24 juin 2010 10:03:22, Anushan Rajakulasingam a écrit : Hey everyone, I'm looking for some software to look at reports on squid and manage squid. Amount of bandwidth saved through squid, etc. Anyone know any software that is really good for this? I've done my bit of researching on Google and the only feasible few I could come up with are squeezer2 and cachemgr. If you know any others that are really good for the job please let me know! Cheers, A.R I may recomend you sawmill, it supports in good stand squid log format and it can answer you that kind of questions if you do the correct querry, contact me offline if you are interested LD
Re: [squid-users] Squid-Cache-Error with NTLM: got NTLMSSP command 3, expected 1
Tom Tux wrote: I didn't configured kerberos-helper like squid_kerb_auth. I'm just using ntlm_auth. So why do I have this message? If you want to use ntlm_auth ( NTLMv1?) you need to change some compatibility settings in windows, specially windows vista and 7 are configure by default to only use NTLMv2 honoring kerberos, you need to edit windows registry and change/create *HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\LmCompatibilityLevel* *DWORD value 1 You can automate this with a logon script o with a group policy Security:LAN Manager Authentication Level Anyway, I think is time to migrate to kerb_auth. Best regards. * 2010/6/24 Amos Jeffries squ...@treenet.co.nz: On Wed, 23 Jun 2010 09:28:38 +0200, Tom Tux tomtu...@gmail.com wrote: Hi A few days ago, I already wrote a post concerning the following messages in the cache.log (squid 3.1.3): [2010/06/23 09:13:46, 1] libsmb/ntlmssp.c:335(ntlmssp_update) got NTLMSSP command 3, expected 1 [2010/06/23 09:13:46, 1] libsmb/ntlmssp.c:335(ntlmssp_update) got NTLMSSP command 3, expected 1 [2010/06/23 09:13:46, 1] libsmb/ntlmssp.c:335(ntlmssp_update) got NTLMSSP command 3, expected 1 Our authentication is ntlm-based. http://markmail.org/message/aumkxcehqmlnuhbu?q=NTLMSSP+command+3+expected+1 Amos -- Jorge Armando Medina Computación Gráfica de México Web: http://www.e-compugraf.com Tel: 55 51 40 72, Ext: 124 Email: jmed...@e-compugraf.com GPG Key: 1024D/28E40632 2007-07-26 GPG Fingerprint: 59E2 0C7C F128 B550 B3A6 D3AF C574 8422 28E4 0632
Re: [squid-users] Good overall monitoring tools for squid?
I use calamaris (http://cord.de/tools/squid/calamaris/calamaris-2.99.4.0.tar.gz) to check amount of bandwidth saved by squid. For a detailed report about users, pages accessed and how much time were spent I use sarg (http://sarg.sourceforge.net/sarg.php). 2010/6/24 Anushan Rajakulasingam araja...@gmail.com: Hey everyone, I'm looking for some software to look at reports on squid and manage squid. Amount of bandwidth saved through squid, etc. Anyone know any software that is really good for this? I've done my bit of researching on Google and the only feasible few I could come up with are squeezer2 and cachemgr. If you know any others that are really good for the job please let me know! Cheers, A.R
Re: [squid-users] url_rewrite_access-directive bypasses everything
This seems not to work. I have the following directive: acl ALLOWED_HOSTS src /etc/squid/Allowed_hosts url_rewrite_access deny ALLOWED_HOSTS url_rewrite_access allow all In the file /etc/squid/Allowed_hosts I have the following entry: 10.xx.xx.xx/32 But on the Redirector-Logfile, I can see, that websites, called from the host listed in the file Allowed_hosts, are blocked. So this host isn't bypassing the redirector. Thanks. Tom 2010/6/24 Amos Jeffries squ...@treenet.co.nz: Tom Tux wrote: Hi With the following acl acl ALLOWED_HOSTS src /etc/squid/Allowed_hosts I set a list of hosts, which should be able, to get webaccess without passing the url_rewrite_program. I read, that I can use the url_rewrite_access-directive to make a kind of bypassing the redirector. How do I have to understand the url_rewrite_access-directive? Does deny mean, that the host passes or bypasses the redirector? I set the directive like this: url_rewrite_access allow ALLOWED_HOSTS With that, the Hosts listed in the file /etc/squid/Allowed_hosts are allowed to get internet-access. But, other clients can now access websites, which should normally blocked. It seems, that the url_rewrite_access-directive bypasses now all requests. Is there an explanation for this behavior? url_rewrite_access does neither permit nor deny access to websites. It determines which requested URL get sent to the url_rewrite_program for alteration before being passed on. Your first instinct was correct to set: url_rewrite_access deny ALLOWED_HOSTS url_rewrite_Access allow all Amos -- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.4