Re: [squid-users] WCCP mask bits
Hi, I recently ran into a similar problem when using WCCPv2 in L2 mode and mask assignment. I configured Squid with two dynamic services like described in http://wiki.squid-cache.org/SquidFaq/InterceptionProxy#TProxy_Interception. The problem now is that if Squid is reconfigured during setting changes, some of the negotiation messages between Squid and router get lost. So after reconfiguration service 80 for traffic from clients to squid still works whereas in many cases service 90 for traffic from squid to the Internet got lost. This is especially bad since the router then still thinks that the proxy is alive and thus it continues sending traffic to it. But the responses are unfortunately not routed back to Squid causing are total service disruption. In order to get it working again, WCCP has to be switched off and after some seconds switched on again. This problem does not occur in Hash mode, but unfortunately in Hash mode many processing has to be done in software whereas in mask mode nearly anything can be done in hardware which is crucial when trying to create a high-performance setup. I'm currently using the latest Squid 2.7 version (because of missing COSS/Rockstore support in the 3.x series) but I already had a look on the WCCPv2 source in 3.1 and 3.2. It seems that there haven't been major changes, thus I assume that this problem will also exist there. The only patch related was some cleanup and rework of structures (http://www.squid-cache.org/Versions/v3/3.1/changesets/b9492.patch), but I don't think that this changed anything in this context. Can anybody help or did encounter the same problem? Am 08.06.2011 06:30, schrieb Amos Jeffries: On Tue, 7 Jun 2011 10:05:18 -0400, Shoebottom, Bryan wrote: Guys, I have a pair of proxies in L2 mode and have been advised by Cisco to reduce the bit mask for WCCP due to some TCAM issues I have been running into. I have searched around, and can't seem to find a way to do this. Here's some info from Cisco's WAAS product to help explain this a little better: http://docwiki.cisco.com/wiki/Cisco_WAAS_Troubleshooting_Guide_for_Release_4.1.3_and_Later_--_Troubleshooting_WCCP Use the smallest number of mask bits possible when using WCCP redirect ACL. A smaller number of mask bits when used in conjunction with Redirect ACL results in lower TCAM utilization. If there are 1-2 WCCP clients in a cluster, use one bit. If there are 3-4 WCCP clients, use 2 bits. If there are 5-8 WCCP clients, then use 3 bits and so on. The TCAM resources consumed by a WCCP redirect access-list is a product of the content of that ACL multiplied against the configured WCCP bit mask. Therefore, there is contention between the number of WCCP buckets (which are created based on the mask) and the number of entries in the redirect ACL. For example, a mask of 0xF (4 bits) and a 200 line redirect permit ACL may result in 3200 (2^4 x 200) TCAM entries. Reducing the mask to 0x7 (3 bits) reduces the TCAM usage by 50% (2^3 x 200 = 1600). I do have a redirect list and try to keep it as small as possible. Here is what my bucket distribution looks like with 1 server attached (64 buckets): Switch#sho ip wcc we d WCCP Client information: WCCP Client ID: 192.168.1.1 Protocol Version:2.0 State: Usable Redirection: L2 Packet Return: L2 Packets Redirected:27 Connect Time: 00:28:54 Assignment:MASK Mask SrcAddrDstAddrSrcPort DstPort --------- --- : 0x 0x1741 0x 0x Value SrcAddrDstAddrSrcPort DstPort CE-IP - --------- --- - : 0x 0x 0x 0x 0xC0A80101 (192.168.1.1) 0001: 0x 0x0001 0x 0x 0xC0A80101 (192.168.1.1) snip, interesting pattern of masking 0056: 0x 0x1600 0x 0x 0xC0A80101 (192.168.1.1) 0057: 0x 0x1601 0x 0x 0xC0A80101 (192.168.1.1) 0058: 0x 0x1640 0x 0x 0xC0A80101 (192.168.1.1) 0059: 0x 0x1641 0x 0x 0xC0A80101 (192.168.1.1) 0060: 0x 0x1700 0x 0x 0xC0A80101 (192.168.1.1) 0061: 0x 0x1701 0x 0x 0xC0A80101 (192.168.1.1) 0062: 0x 0x1740 0x 0x 0xC0A80101 (192.168.1.1) 0063: 0x 0x1741 0x 0x 0xC0A80101 (192.168.1.1) Switch# The goal is to reduce this to a bit mask of 1 allowing for 2 servers. How can I do this within squid? You should be able to configure the Squid wccp2_service_info flags to create a custom
[squid-users] yahoo messenger cant connect
hello, i installed squid (default config, didnt change anything) and web browsing is ok, but when i connect to yahoo messenger, it doesnt work.. pls help
[squid-users] Garbled log files
Hi All, We have a fairly sized transparent proxy (squid 3.1.12) running around 1k requests per minute. Every now and again, for some seemingly random host to some seemingly random site, squid would log a few requests completely garbled. After a second or two, the requests are logged in plain text as normal... A sample of a garbled log entry is given below. This naturally causes havoc web log file analyzers such as calamaris... 1308301729.706 20 host.name TCP_MISS/400 69453 ^SB5 http://196.43.208.18:3128/+%D4%B0%7C%84%D6 - DIRECT/196.43.208.18 text/html Any advice? -- Regards, Chris Knipe
[squid-users] Garbled log files
Hi All, We have a fairly sized transparent proxy (squid 3.1.12) running around 1k requests per minute. Every now and again, for some seemingly random host to some seemingly random site, squid would log a few requests completely garbled. After a second or two, the requests are logged in plain text as normal... A sample of a garbled log entry is given below. This naturally causes havoc web log file analyzers such as calamaris... 1308301729.706 20 host.name TCP_MISS/400 69453 ^SB5 http://196.43.208.18:3128/+%D4%B0%7C%84%D6 - DIRECT/196.43.208.18 text/html Any advice? -- Regards, Chris Knipe
[squid-users] squid SSL
how can i configure squid SSL? coz when i go to gmail.com, facebook.com, their require ssl support. i got ssl error. pls help what should i do?
Re: [squid-users] Squid Ldap Authen + AD:how to make authentication persistent?
On 17/06/11 16:29, เชต wrote: Hi all, I've just config the squid proxy server to authenticate users to Microsoft Active Directory. Everything seem fine except squid keep asking username/password every time users open new web browser or switch to other web browser like it check for some session variable in each browser instances. Exactly so. HTTP is stateless. The browser is required to authenticate with every request. The fact it is not asking for login several dozen times per web page is that the browser stores it. You can expect different tabs, windows, browsers, machines, and in fact machines of people on the other branches of your company, not to be aware of the particular login credentials needed when they are first started. The popup itself has nothing to do with Squid. It is just something the browser does when it cannot find any credentials to send. Its last chance method if getting credentials is to ask the user. You can avoid users seeing it by allowing the browser to access credentials in other ways. For example; * the Windows operating system allows IE to access NTLM or Negotiate credentials. * other OS store Negotiate credentials in a keytab you can allow the browser to access. * some OS allow the proxy Basic auth login details to be set in the environment http_proxy variables. * some from stored values in a password manager. Suppose I've already authenticated my self while using google chrome and open any new tabs on that chrome instance, there will be no problem but if I open the new Chrome from desktop shortcut (new instance), squid will ask for the password for this chrome again. This also occurred when I switch to IE. And if I close all browser tabs/windows previously authenticated then reopen the new browser, squid will ask password again. Is there a way to make squid only ask password for each users computer/ip etc, once per day or at least a period of time (such as 8 hours). I've tried auth_param basic credentialttl 8 hours but nothing difference. For Basic auth in Squid-2.7 there is http://www.squid-cache.org/Doc/config/authenticate_ip_shortcircuit_ttl/ It has been dropped from Squid-3 releases. You can instead use an external_acl_type helper to maintain a session and permit access based on IP address, passing username back to Squid for the log. NOTE: * users can login to other users accounts by simply sitting at their machine some hours later (even a full reboot does not protect). * when DHCP assigns an IP to someone, that person inherits all login privileges of any previous user * users can tweak their machine IP and instantly get that persons login access. Amos -- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.12 Beta testers wanted for 3.2.0.8 and 3.1.12.2
Re: [squid-users] squid SSL
Configure your browser for SSL to use Squid, unless you are using transparent/intercept mode. Then in that case, you need to fix your PREROUTING for port 443 as well as port 80. Ivan Matala ivanmat...@gmail.com 6/17/2011 10:33 AM how can i configure squid SSL? coz when i go to gmail.com, facebook.com, their require ssl support. i got ssl error. pls help what should i do? Travel Impressions made the following annotations - This message and any attachments are solely for the intended recipient and may contain confidential or privileged information. If you are not the intended recipient, any disclosure, copying, use, or distribution of the information included in this message and any attachments is prohibited. If you have received this communication in error, please notify us by reply e-mail and immediately and permanently delete this message and any attachments. Thank you.
Re: [squid-users] Garbled log files
On 18/06/11 01:26, Chris Knipe wrote: Hi All, We have a fairly sized transparent proxy (squid 3.1.12) running around 1k requests per minute. Every now and again, for some seemingly random host to some seemingly random site, squid would log a few requests completely garbled. After a second or two, the requests are logged in plain text as normal... A sample of a garbled log entry is given below. This naturally causes havoc web log file analyzers such as calamaris... 1308301729.706 20 host.name TCP_MISS/400 69453 ^SB5 http://196.43.208.18:3128/+%D4%B0%7C%84%D6 - DIRECT/196.43.208.18 text/html Any advice? Would Don't do transparent proxy work? You are going to get garbage. It just comes with the territory. That request at least appears to be one of the nicer pieces of software abusing port 80. Its passing a URL over. The other end is rejecting the relay. Maybe it doesn't like its binary crap being upgrade to HTTP/1.1 ASCII :). Could be some innocent user playing with some software that uses port 80 because it is not firewalled to the hilt. Or it could be an attack underway using you as a relay. Or it could be an infection trying to spread. You will only know by further investigation of the client host.name. Amos -- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.12 Beta testers wanted for 3.2.0.8 and 3.1.12.2
[squid-users] Mysar not working
Hi guys, Seems like I have a permission problem. Details are as follows. -Server is Ubuntu 10.10 (LAMP) -Squid v3.1.6 - Squint V1.2.6 (working) - Mysar v2.1.4 (not working) - modified log location to point to /var/log/squid3 via web GUI http://x.x.x.x/mysar MySQL Squid Access Report 2.1.4 Current active users: 0 Current date and time is: 16-06-2011 07:39:12 Last processed record: 31-12-1969 17:00:00 Number of records processed at last import: 0 Last clean-up of the database was done at: 00-00- wget http://sourceforge.net/projects/mysar/files/mysar/2.1.4/mysar-2.1.4.tar.gz Tar xvf mysar-2.1.4.tar.gz sudo tar zxvf mysar-2.1.4.tar.gz -C /usr/local sudo ln -s /usr/local/mysar/etc/mysar.apache /etc/apache2/conf.d/mysar sudo /etc/init.d/apache2 restart - Point your browser to the /mysar/ directory of your server and follow the instructions, for example: http://x.x.x.x/mysar/ Followed web installation guide for new install cd /usr/local/mysar/etc sudo cp config.ini.example config.ini sudo rm -rf /usr/local/mysar/www/install sudo ln -s /usr/local/mysar/etc/mysar.cron /etc/cron.d/mysar sudo restart cron cat /var/log/syslog Jun 16 07:29:35 Squid2 init: cron main process (3142) killed by TERM signal Jun 16 07:29:35 Squid2 cron[3568]: (CRON) INFO (pidfile fd = 3) Jun 16 07:29:35 Squid2 cron[3569]: (CRON) STARTUP (fork ok) Jun 16 07:29:35 Squid2 cron[3569]: Error: bad day-of-week; while reading /etc/crontab Jun 16 07:29:35 Squid2 cron[3569]: (*system*) ERROR (Syntax error, this crontab file will be ignored) Jun 16 07:29:35 Squid2 cron[3569]: (*system*mysar) WRONG INODE INFO (/etc/cron.d/mysar) Jun 16 07:29:35 Squid2 cron[3569]: (CRON) INFO (Skipping @reboot jobs -- not system startup) cat mysar.cron # mysar not only runs every minute but it also expects to be run every minute. # If you wish to change this, you need to adjust not only the cron entries below but also the $maxRunTime inside bin/mysar-importer.php * * * * * root/usr/local/mysar/bin/mysar-resolver.php gt; /usr/local/mysar/log/mysar-resolver.log 2gt;amp;1 0 0 * * * root/usr/local/mysar/bin/mysar-maintenance.php gt; /usr/local/mysar/log/mysar-maintenance.log 2gt;amp;1 # IMPORTER ## PHP - Slow but tested. The defult choice, for now. * * * * * root/usr/local/mysar/bin/mysar-importer.php gt; /usr/local/mysar/log/mysar-importer.log 2gt;amp;1 ## Binary. Fast but untested. Needs compile. Check README. #* * * * * root/usr/local/bin/mysar gt; /usr/local/mysar/log/mysar-importer.log 2gt;amp;1 oxadmin@...$ cat /usr/local/mysar/etc/mysar.cron # mysar not only runs every minute but it also expects to be run every minute. # If you wish to change this, you need to adjust not only the cron entries below but also the $maxRunTime inside bin/mysar-importer.php * * * * * root/usr/local/mysar/bin/mysar-resolver.php gt; /usr/local/mysar/log/mysar-resolver.log 2gt;amp;1 0 0 * * * root/usr/local/mysar/bin/mysar-maintenance.php gt; /usr/local/mysar/log/mysar-maintenance.log 2gt;amp;1 # IMPORTER ## PHP - Slow but tested. The defult choice, for now. * * * * * root/usr/local/mysar/bin/mysar-importer.php gt; /usr/local/mysar/log/mysar-importer.log 2gt;amp;1 ## Binary. Fast but untested. Needs compile. Check README. #* * * * * root/usr/local/bin/mysar gt; /usr/local/mysar/log/mysar-importer.log 2gt;amp;1 Troubleshooting Figured I would try to run the 2 commands that should run every minute manually to see what the results are sudo /usr/local/mysar/bin/mysar-resolver.php gt; /usr/local/mysar/log/mysar-resolver.log 2gt;amp;1 -bash: /usr/local/mysar/log/mysar-resolver.log: Permission denied sudo /usr/local/mysar/bin/mysar-maintenance.php gt; /usr/local/mysar/log/mysar-maintenance.log 2gt;amp;1 -bash: /usr/local/mysar/log/mysar-maintenance.log: Permission denied Here is the permission for the/usr/local/mysar/bin and /usr/local/mysar/log directories ls /usr/local/mysar/bin -hal total 32K drwxrwxr-x 3 root root 4.0K 2007-08-17 03:05 . drwxr-xr-x 12 root root 4.0K 2007-08-17 03:05 .. drwxrwxr-x 4 root root 4.0K 2007-08-17 03:05 mysar-binary-importer -rwxrwxr-x 1 root root 11K 2007-08-17 03:05 mysar-importer.php -rwxrwxr-x 1 root root 2.7K 2007-08-17 03:05 mysar-maintenance.php -rwxrwxr-x 1 root root 2.6K 2007-08-17 03:05 mysar-resolver.php ls /usr/local/mysar/log -hal total 8.0K drwxrwxr-x 2 root root 4.0K 2011-06-16 07:45 . drwxr-xr-x 12 root root 4.0K 2007-08-17 03:05 .. -rw-rw-r-- 1 root root0 2007-08-17 03:05 .keep I have not modified mysar-resolver.php mysar-maintenance.php. Any thoughts? Thanks.
Re: [squid-users] squid SSL
On 18/06/11 02:33, Ivan Matala wrote: how can i configure squid SSL? coz when i go to gmail.com, facebook.com, their require ssl support. i got ssl error. pls help what should i do? You should start by telling us what the error is please. Note that HTTPS is by default relayed directly over Squid without being touched. So the error should be something in your browser or the website its contacting. The error message will help us point you at what more to look at. Amos -- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.12 Beta testers wanted for 3.2.0.8 and 3.1.12.2
Re: [squid-users] WCCP mask bits
On 17/06/11 18:30, Jack Falworth wrote: Hi, I recently ran into a similar problem when using WCCPv2 in L2 mode and mask assignment. I configured Squid with two dynamic services like described in http://wiki.squid-cache.org/SquidFaq/InterceptionProxy#TProxy_Interception. The problem now is that if Squid is reconfigured during setting changes, some of the negotiation messages between Squid and router get lost. So after reconfiguration service 80 for traffic from clients to squid still works whereas in many cases service 90 for traffic from squid to the Internet got lost. This is especially bad since the router then still thinks that the proxy is alive and thus it continues sending traffic to it. But the responses are unfortunately not routed back to Squid causing are total service disruption. This is completely different issue. WCCP requires the router to drop the state if HEREIAM/ISEEYOU does not succeed. Squid has a small pause on reconfigure, which can delay the HEREIAM too long. Nasty effects, but WCCP state is active again within 10sec of the reconfigure completing. In order to get it working again, WCCP has to be switched off and after some seconds switched on again. NP: 15 seconds? (the 10sec HEREIAM interval, plus some wiggle room for the router to kill its state) This problem does not occur in Hash mode, but unfortunately in Hash mode many processing has to be done in software whereas in mask mode nearly anything can be done in hardware which is crucial when trying to create a high-performance setup. I'm currently using the latest Squid 2.7 version (because of missing COSS/Rockstore support in the 3.x series) but I already had a look on the WCCPv2 source in 3.1 and 3.2. It seems that there haven't been major changes, thus I assume that this problem will also exist there. The only patch related was some cleanup and rework of structures (http://www.squid-cache.org/Versions/v3/3.1/changesets/b9492.patch), but I don't think that this changed anything in this context. Can anybody help or did encounter the same problem? You are the first to mention that type of behaviour here. I think you may benefit from Squid sending a packet to the router detaching itself fully before a reconfigure. Then re-attaching afterwards. If you can assist by figuring out the packet content needed for the detatch it would help. The behaviour the rest of this thread is about is Squid being hard-coded with a 7-bit mask. You can set the flags to shift it around the fields, but its still the same pattern and size. Amos -- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.12 Beta testers wanted for 3.2.0.8 and 3.1.12.2
RE: [squid-users] WCCP mask bits
Amos, Any luck with coding the bit mask? Is there anything else you need from me? No pressure, this e-mail is mainly to keep this thread on track as you mentioned previously. -- Thanks, Bryan Shoebottom Network Systems Specialist Network Services Computer Operations Fanshawe College Phone: (519) 452-4430 x4904 Fax: (519) 453-3231 bshoebot...@fanshawec.ca -Original Message- From: Amos Jeffries [mailto:squ...@treenet.co.nz] Sent: June-17-11 11:29 AM To: squid-users@squid-cache.org Subject: Re: [squid-users] WCCP mask bits On 17/06/11 18:30, Jack Falworth wrote: Hi, I recently ran into a similar problem when using WCCPv2 in L2 mode and mask assignment. I configured Squid with two dynamic services like described in http://wiki.squid-cache.org/SquidFaq/InterceptionProxy#TProxy_Interception. The problem now is that if Squid is reconfigured during setting changes, some of the negotiation messages between Squid and router get lost. So after reconfiguration service 80 for traffic from clients to squid still works whereas in many cases service 90 for traffic from squid to the Internet got lost. This is especially bad since the router then still thinks that the proxy is alive and thus it continues sending traffic to it. But the responses are unfortunately not routed back to Squid causing are total service disruption. This is completely different issue. WCCP requires the router to drop the state if HEREIAM/ISEEYOU does not succeed. Squid has a small pause on reconfigure, which can delay the HEREIAM too long. Nasty effects, but WCCP state is active again within 10sec of the reconfigure completing. In order to get it working again, WCCP has to be switched off and after some seconds switched on again. NP: 15 seconds? (the 10sec HEREIAM interval, plus some wiggle room for the router to kill its state) This problem does not occur in Hash mode, but unfortunately in Hash mode many processing has to be done in software whereas in mask mode nearly anything can be done in hardware which is crucial when trying to create a high-performance setup. I'm currently using the latest Squid 2.7 version (because of missing COSS/Rockstore support in the 3.x series) but I already had a look on the WCCPv2 source in 3.1 and 3.2. It seems that there haven't been major changes, thus I assume that this problem will also exist there. The only patch related was some cleanup and rework of structures (http://www.squid-cache.org/Versions/v3/3.1/changesets/b9492.patch), but I don't think that this changed anything in this context. Can anybody help or did encounter the same problem? You are the first to mention that type of behaviour here. I think you may benefit from Squid sending a packet to the router detaching itself fully before a reconfigure. Then re-attaching afterwards. If you can assist by figuring out the packet content needed for the detatch it would help. The behaviour the rest of this thread is about is Squid being hard-coded with a 7-bit mask. You can set the flags to shift it around the fields, but its still the same pattern and size. Amos -- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.12 Beta testers wanted for 3.2.0.8 and 3.1.12.2
[squid-users] Services on squid host being blocked -- by name only
My first squid setup. It's very very simple -- I defined acl our_networks in the default config with the Centos package to recognize our networks, and that's about it. I manually configured my desktop firefox to use the squid proxy I set up (the proxy is not on my desktop; it's on lnx01, we'll call it (the real name is longer and hard to type)). lnx01 also runs Apache, and some local websites (nagios, mrtg, a foswiki, that kind of thing). From my desktop, using the proxy, I can access external sites, and I can access other inside sites -- except for the ones hosted on lnx01, the same system that squid runs on. Then I found something even weirder -- if I use the IP address instead of the DNS name for lnx01, I can get to the sites it hosts through the proxy. So, http://lnx01/mrtg fails (gets the requested url could not be retrieved and access denied; the error page has a squid signature at the bottom). But http://192.168.1.22/mrtg succeeds. (There's an FQDN for lnx01 that I'm glossing over; the full and short names behave the same.) Other internal people, not using the proxy, can access the sites hosted on lnx01 as before, no problem, no change. Haven't been able to find discussion of anything like this googling around or scanning the FAQ. I'm sure it's something I've got wrong in my config, but I looked pretty carefully to see which ACLs would apply to this request, and which http_access statements involved those ACLs, and I can't find anything that would be denying access by name. In fact I don't know how I'd do it deliberately if I wanted to. But then, I first looked at the squid docs today (well, I did run it for a while over a decade ago in a different job, but I don't remember much, and I imagine it's change since then). I've currently got the firewall on lnx01 off, so it's not some interaction with the firewall. The access.log file shows the access, and the denial, but nothing that tells me anything. The squid.out log shows nothing since creating the swap directories when I first ran it. Any thoughts? -- David Dyer-Bennet, d...@dd-b.net; http://dd-b.net/ Snapshots: http://dd-b.net/dd-b/SnapshotAlbum/data/ Photos: http://dd-b.net/photography/gallery/ Dragaera: http://dragaera.info
Re: [squid-users] Services on squid host being blocked -- by name only
On 18/06/11 09:43, David Dyer-Bennet wrote: My first squid setup. It's very very simple -- I defined acl our_networks in the default config with the Centos package to recognize our networks, and that's about it. I manually configured my desktop firefox to use the squid proxy I set up (the proxy is not on my desktop; it's on lnx01, we'll call it (the real name is longer and hard to type)). lnx01 also runs Apache, and some local websites (nagios, mrtg, a foswiki, that kind of thing). From my desktop, using the proxy, I can access external sites, and I can access other inside sites -- except for the ones hosted on lnx01, the same system that squid runs on. Then I found something even weirder -- if I use the IP address instead of the DNS name for lnx01, I can get to the sites it hosts through the proxy. So, http://lnx01/mrtg fails (gets the requested url could not be retrieved and access denied; the error page has a squid signature at the bottom). But http://192.168.1.22/mrtg succeeds. (There's an FQDN for lnx01 that I'm glossing over; the full and short names behave the same.) access denied is a it weird. Unless you have deny to_localhost matching those requests. (not part of the default config from upstream) Other internal people, not using the proxy, can access the sites hosted on lnx01 as before, no problem, no change. Haven't been able to find discussion of anything like this googling around or scanning the FAQ. I'm sure it's something I've got wrong in my config, but I looked pretty carefully to see which ACLs would apply to this request, and which http_access statements involved those ACLs, and I can't find anything that would be denying access by name. In fact I don't know how I'd do it deliberately if I wanted to. But then, I first looked at the squid docs today (well, I did run it for a while over a decade ago in a different job, but I don't remember much, and I imagine it's change since then). I've currently got the firewall on lnx01 off, so it's not some interaction with the firewall. The access.log file shows the access, and the denial, but nothing that tells me anything. The squid.out log shows nothing since creating the swap directories when I first ran it. Any thoughts? With the default config it all comes down to DNS resolution showing Squid an IP it can contact. Log into a shell on lnx01 box and type host lnx01. See what IP Squid is told to relay to. If it is too difficult to fix DNS, you can work around DNS issues by adding a cache_peer entry for each of the local apps. BUT access denied is an explicit block somewhere in http_access which this does not fix. Amos -- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.12 Beta testers wanted for 3.2.0.8 and 3.1.12.2
Re: [squid-users] squid SSL
this is want i want to achieve: i have a server and i want all ports to be forwaded to a remote squid proxy.. i want udp and tcp ports starting from 1:65535. is it possible? this means,, all yahoo messenger traffic, games, skype will be forwarded to squid. thanks On Fri, Jun 17, 2011 at 8:27 AM, Amos Jeffries squ...@treenet.co.nz wrote: On 18/06/11 02:33, Ivan Matala wrote: how can i configure squid SSL? coz when i go to gmail.com, facebook.com, their require ssl support. i got ssl error. pls help what should i do? You should start by telling us what the error is please. Note that HTTPS is by default relayed directly over Squid without being touched. So the error should be something in your browser or the website its contacting. The error message will help us point you at what more to look at. Amos -- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.12 Beta testers wanted for 3.2.0.8 and 3.1.12.2
[squid-users] How to apply youtube patch?
Hello, I was wondering If there might be a way to install DIFF FILE for Youtube on Windows with SQUID 2.7Stable8! Im using this version from http://www.serassio.it/SquidNT.htm Also , if there is no way to install it on Windows then there might be another trick to install 2 instances of Squid on the same OS but is there any steps to follow please as step by step? BTW , Caching Youtube videos are working well when I use minimum_object_size 512 bytes .. the bad thing in it , it ignores everything less than 512 bytes .. any idea please? Thank you
Re: [squid-users] squid SSL
On 18/06/11 15:32, Ivan Matala wrote: this is want i want to achieve: i have a server and i want all ports to be forwaded to a remote squid proxy.. i want udp and tcp ports starting from 1:65535. is it possible? No. Squid is an HTTP proxy. Only HTTP (TCP port 80) traffic is accepted for proxy relay or interception. With difficulty and much user annoyance some people also manage port 443. Which is encrypted, but still has HTTP protocol formatting. this means,, all yahoo messenger traffic, games, skype will be forwarded to squid. thanks On Fri, Jun 17, 2011 at 8:27 AM, Amos Jeffries wrote: On 18/06/11 02:33, Ivan Matala wrote: how can i configure squid SSL? coz when i go to gmail.com, facebook.com, their require ssl support. i got ssl error. pls help what should i do? You should start by telling us what the error is please. Note that HTTPS is by default relayed directly over Squid without being touched. So the error should be something in your browser or the website its contacting. The error message will help us point you at what more to look at. Amos -- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.12 Beta testers wanted for 3.2.0.8 and 3.1.12.2
