Re: [squid-users] Re: Re: Re: Re: Re: squid_ldap_group against nested groups/Ous
Hi. On 31.07.2012 04:54, Markus Moeller wrote: Hi Eugene, For squid_kerb_ldap to work with automatic ldap server detection you need to setup your DNS correctly. All SRV records must be hostnames (not IPs as in your cases some are). The the hostname will be resolved in an IP and back into a hostname to eliminated CNAMEs. For the final hostnames a ldap/hostname principal must exist. e.g TEST.com a CNAME resolves into 192.1.1.1 which resolves in server1.com which means a ldap/server1.com principal must exits. Thanks for a clear explanation, now I see why it doesn't work. And I was able to fix the binding to some particular DCs. But I think (it's only my imo though) that circular resolving to eliminate CNAMEs is a bit complicated: reverse zones aren't needed even for an AD domain to work properly. Thanks for your help and for your helper. Eugene.
Re: [squid-users] Character conversion between authentication and authorisation
On 31.07.2012 11:09, Markus Moeller wrote: How are special characters converted in squid ? For example my squid_kerb_auth would return müller for müller, but when using %LOGIN for the authorisation helper I get m%C3%BCller which I don't expect in squid_kerb_ldap. Are there fucntions in squid which convert strings into different chracter sets? Markus Strings passed to external_acl_type are URL-encoded to protect against parsing errors (whitespace in usernames, header content, etc). The character set is not altered. Amos
[squid-users] Character conversion between authentication and authorisation
How are special characters converted in squid ? For example my squid_kerb_auth would return müller for müller, but when using %LOGIN for the authorisation helper I get m%C3%BCller which I don't expect in squid_kerb_ldap. Are there fucntions in squid which convert strings into different chracter sets? Markus
[squid-users] Re: Re: Re: Re: Re: squid_ldap_group against nested groups/Ous
Hi Eugene, For squid_kerb_ldap to work with automatic ldap server detection you need to setup your DNS correctly. All SRV records must be hostnames (not IPs as in your cases some are). The the hostname will be resolved in an IP and back into a hostname to eliminated CNAMEs. For the final hostnames a ldap/hostname principal must exist. e.g TEST.com a CNAME resolves into 192.1.1.1 which resolves in server1.com which means a ldap/server1.com principal must exits. Regards Markus "Eugene M. Zheganin" wrote in message news:5016ea1e.9080...@norma.perm.ru... Hi, guys. Hi, Markus. :) I'm this weird guy that asks every 2 years about squid_kerb_ldap and then falls back to his letargic sleep. :) But it's not because I lose interest, but because of the time, and because of the old decent authorization schemes on my squids that still work fine even with Windows 7. But, last time I once again decided to setup the nested groups and GSS-SPNEGO. negotiate_wrapper works just fine, thanks again. So, to refresh your memory, last time :) I got this problem: inability to bind to LDAP server. I have an AD domain and a bunch of controllers. Some of my thoughts I described below, but first the output. The debug output looks like (fresh one, and sorry for the pseudographics, but it's a real output): ===Cut=== [emz@wizard:/usr/local/etc/squid]# ./squid_kerb_group.sh 2012/07/31 01:27:12| squid_kerb_ldap: Starting version 1.2.2 2012/07/31 01:27:12| squid_kerb_ldap: Group list Internet Users - Proxy1@ 2012/07/31 01:27:12| squid_kerb_ldap: Group Internet Users - Proxy1 Domain 2012/07/31 01:27:12| squid_kerb_ldap: Netbios list soft...@norma.com 2012/07/31 01:27:12| squid_kerb_ldap: Netbios name SOFTLAB Domain NORMA.COM 2012/07/31 01:27:12| squid_kerb_ldap: ldap server list NULL 2012/07/31 01:27:12| squid_kerb_ldap: No ldap servers defined. emz 2012/07/31 01:27:52| squid_kerb_ldap: Got User: emz set default domain: NORMA.COM 2012/07/31 01:27:52| squid_kerb_ldap: Got User: emz Domain: NORMA.COM 2012/07/31 01:27:52| squid_kerb_ldap: User domain loop: group@domain Internet Users - Proxy1@ 2012/07/31 01:27:52| squid_kerb_ldap: Default domain loop: group@domain Internet Users - Proxy1@ 2012/07/31 01:27:52| squid_kerb_ldap: Found group@domain Internet Users - Proxy1@ 2012/07/31 01:27:52| squid_kerb_ldap: Setup Kerberos credential cache 2012/07/31 01:27:52| squid_kerb_ldap: Get default keytab file name 2012/07/31 01:27:52| squid_kerb_ldap: Got default keytab file name /usr/local/etc/squid/HTTP.keytab 2012/07/31 01:27:52| squid_kerb_ldap: Get principal name from keytab /usr/local/etc/squid/HTTP.keytab 2012/07/31 01:27:52| squid_kerb_ldap: Keytab entry has realm name: NORMA.COM 2012/07/31 01:27:52| squid_kerb_ldap: Found principal name: HTTP/proxy-wizard.norma.c...@norma.com 2012/07/31 01:27:52| squid_kerb_ldap: Set credential cache to MEMORY:squid_ldap_19356 2012/07/31 01:27:52| squid_kerb_ldap: Got principal name HTTP/proxy-wizard.norma.c...@norma.com 2012/07/31 01:27:52| squid_kerb_ldap: Stored credentials 2012/07/31 01:27:52| squid_kerb_ldap: Initialise ldap connection 2012/07/31 01:27:52| squid_kerb_ldap: Canonicalise ldap server name for domain NORMA.COM 2012/07/31 01:27:52| squid_kerb_ldap: Resolved SRV _ldap._tcp.NORMA.COM record to spb-dc.norma.com 2012/07/31 01:27:52| squid_kerb_ldap: Resolved SRV _ldap._tcp.NORMA.COM record to spb-gc.norma.com 2012/07/31 01:27:52| squid_kerb_ldap: Resolved SRV _ldap._tcp.NORMA.COM record to sad-srv.norma.com 2012/07/31 01:27:52| squid_kerb_ldap: Resolved SRV _ldap._tcp.NORMA.COM record to hq-dc.norma.com 2012/07/31 01:27:52| squid_kerb_ldap: Resolved SRV _ldap._tcp.NORMA.COM record to hq-gc.norma.com 2012/07/31 01:27:52| squid_kerb_ldap: Resolved SRV _ldap._tcp.NORMA.COM record to nb-dc.norma.com 2012/07/31 01:27:52| squid_kerb_ldap: Resolved SRV _ldap._tcp.NORMA.COM record to mos-dc.norma.com 2012/07/31 01:27:52| squid_kerb_ldap: Resolved SRV _ldap._tcp.NORMA.COM record to sam-dc.norma.com 2012/07/31 01:27:52| squid_kerb_ldap: Resolved address 1 of NORMA.COM to hq-gc.norma.com 2012/07/31 01:27:52| squid_kerb_ldap: Resolved address 2 of NORMA.COM to fd00::322 2012/07/31 01:27:52| squid_kerb_ldap: Resolved address 3 of NORMA.COM to hq-gc.norma.com 2012/07/31 01:27:52| squid_kerb_ldap: Resolved address 4 of NORMA.COM to fd00::322 2012/07/31 01:27:52| squid_kerb_ldap: Resolved address 5 of NORMA.COM to hq-gc.norma.com 2012/07/31 01:27:52| squid_kerb_ldap: Resolved address 6 of NORMA.COM to fd00::322 2012/07/31 01:27:52| squid_kerb_ldap: Resolved address 7 of NORMA.COM to hq-gc.norma.com 2012/07/31 01:27:52| squid_kerb_ldap: Resolved address 8 of NORMA.COM to hq-dc.norma.com 2012/07/31 01:27:52| squid_kerb_ldap: Resolved address 9 of NORMA.COM to hq-dc.norma.com 2012/07/31 01:27:52| squid_kerb_ldap: Resolved address 10 of NORMA.COM to hq-gc.norma.com 2012/07/31 01:27:52| squid_kerb_ldap: Resolved address 11 of NORMA.COM to hq-dc.norma.co
[squid-users] File download fails through transparent Squid
Hello,
I have Squid 3.1.19 installed on Ubuntu 12.04 86_64 from packages. I need a
transparent proxy without disk cache for users working through Wi-Fi on
non-Windows (mostly Apple) devices. I performed a configuration and Squid works
for web surfing or streaming data but I'm experiencing issues with files
downloading. Basically every download that lasts more than 10 seconds fails
with error. I've been looking into logs and debugs, and tcpdump but no luck.
Here's my Squid:
# squid3 -v
Squid Cache: Version 3.1.19
configure options: '--build=x86_64-linux-gnu' '--prefix=/usr'
'--includedir=${prefix}/include' '--mandir=${prefix}/share/man'
'--infodir=${prefix}/share/info' '--sysconfdir=/etc' '--localstatedir=/var'
'--libexecdir=${prefix}/lib/squid3' '--srcdir=.' '--disable-maintainer-mode'
'--disable-dependency-tracking' '--disable-silent-rules'
'--datadir=/usr/share/squid3' '--sysconfdir=/etc/squid3'
'--mandir=/usr/share/man' '--with-cppunit-basedir=/usr' '--enable-inline'
'--enable-async-io=8' '--enable-storeio=ufs,aufs,diskd'
'--enable-removal-policies=lru,heap' '--enable-delay-pools'
'--enable-cache-digests' '--enable-underscores' '--enable-icap-client'
'--enable-follow-x-forwarded-for' '--enable-auth=basic,digest,ntlm,negotiate'
'--enable-basic-auth-helpers=LDAP,MSNT,NCSA,PAM,SASL,SMB,YP,DB,POP3,getpwnam,squid_radius_auth,multi-domain-NTLM'
'--enable-ntlm-auth-helpers=smb_lm,'
'--enable-digest-auth-helpers=ldap,password'
'--enable-negotiate-auth-helpers=squid_kerb_auth'
'--enable-external-acl-helpers=ip_user,ldap_group,session,unix_group,wbinfo_group'
'--enable-arp-acl' '--enable-esi' '--enable-zph-qos' '--enable-wccpv2'
'--disable-translation' '--with-logdir=/var/log/squid3'
'--with-pidfile=/var/run/squid3.pid' '--with-filedescriptors=65536'
'--with-large-files' '--with-default-user=proxy' '--enable-linux-netfilter'
'build_alias=x86_64-linux-gnu' 'CFLAGS=-g -O2 -fPIE -fstack-protector
--param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security'
'LDFLAGS=-Wl,-Bsymbolic-functions -fPIE -pie -Wl,-z,relro -Wl,-z,now'
'CPPFLAGS=-D_FORTIFY_SOURCE=2' 'CXXFLAGS=-g -O2 -fPIE -fstack-protector
--param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security'
--with-squid=/build/buildd/squid3-3.1.19
IP tables forward everything from 80 port to Squid on 3128 port:
-A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
Here's my config:
acl my_networks src 192.168.110.0/24 10.21.40.0/24 10.20.40.0/24
192.168.109.0/24
cache deny all
acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access allow my_networks
http_access deny all
cache_store_log /dev/null
http_port 3128 transparent
hierarchy_stoplist cgi-bin ?
coredump_dir /var/spool/squid3
refresh_pattern ^ftp: 144020% 10080
refresh_pattern ^gopher:14400% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern (Release|Packages(.gz)*)$ 0 20% 2880
refresh_pattern . 0 20% 4320
httpd_suppress_version_string On
error_directory /usr/share/squid-langpack/en
Here's the last couple records I see in debug:
2012/07/30 18:06:27.339| clientReplyContext::sendMoreData:
http://mirror.cst.temple.edu/opensuse/distribution/12.1/iso/openSUSE-12.1-DVD-x86_64.iso,
7131720 bytes (4096 new bytes)
2012/07/30 18:06:27.339| clientReplyContext::sendMoreData: FD 213
'http://mirror.cst.temple.edu/opensuse/distribution/12.1/iso/openSUSE-12.1-DVD-x86_64.iso'
out.offset=7127299
2012/07/30 18:06:27.339| clientStreamCallback: Calling 1 with cbdata
0x7fe40c97bc30 from node 0x7fe40c890008
2012/07/30 18:06:27.339| cbdataReferenceValid: 0x7fe40c35ff98
2012/07/30 18:06:27.339| cbdataReferenceValid: 0x7fe40c5763d8
2012/07/30 18:06:27.339| cbdataReferenceValid: 0x7fe40c5763d8
2012/07/30 18:06:27.339| cbdataReferenceValid: 0x7fe40c5763d8
2012/07/30 18:06:27.339| cbdataReferenceValid: 0x7fe40c5763d8
2012/07/30 18:06:27.339| cbdataLock: 0x7fe40c97abc8=2
2012/07/30 18:06:27.339| cbdataLock: 0x7fe40c97abc8=3
2012/07/30 18:06:27.339| The AsyncCall clientWriteBodyComplete constructed,
this=0x7fe40c34b630 [call778693]
2012/07/30 18:06:27.339| cbdataLock: 0x7fe40c97abc8=4
2012/07/30 18:06:27.339| cbdataUnlock: 0x7fe40c97abc8=3
2012/07/30 18:06:27.
Re: [squid-users] How to trick splay trees?
On 31/07/2012 1:25 a.m., Jannis Kafkoulas wrote: Hi, (I use squid 2.7. STABLE9 on RedHat EL 5.6) Following problem: I have following dstdomains defined going to par-std and par-alt cache_peers respectively: acl alt dstdomain .fa-intracomp.net acl std dstdomain .intracomp.com Now I'd like "abc.intracomp.com" to also go via cache_peer par-alt. Following two tries didn't work: # acl alt-2 dstdom_regex -i abc.intracomp.com # acl alt dstdomain abc.intracomp.com The dstdomain one is faster. Both are correct for your requested policy. The key word you stated being "also" ... The requests were sent to par-std cache_peer cache_peer 192.10.10.22parent31280 no-query login=PASS proxy-only no-digest name=par-std cache_peer 192.10.10.22parent800 no-query login=PASS proxy-only no-digest name=par-alt cache_peer_access par-alt allow alt-2 cache_peer_access par-alt allow alt cache_peer_access par-std allow std Is there a way for that to work at all? Unless given some specific selection algorithm (digest, ICP, hshes, carp, roundrobin etc) Squid lists peers in configuration order when attemping to pass traffic. As I said above the key word in your policy statements is "also" - with both peers *available* for use Squid will pick the first one that works. With par-std being listed first your logs will show it being used until such time as it becomes unresponsive or overloaded. Then par-alt will pick up the slack for that one domain. I think you are looking at the logs and seeing only par-std, thinking its not working when actually it is. You can test by changing the order of cache_peer definitions in your config and seeing the preferred peer switch to the par-alt when the new ACL is added. NOTE: you canot send a request via *both* using TCP unicast links, just one. Amos
Re: [squid-users] Re: Re: Re: Re: squid_ldap_group against nested groups/Ous
Hi, guys. Hi, Markus. :) I'm this weird guy that asks every 2 years about squid_kerb_ldap and then falls back to his letargic sleep. :) But it's not because I lose interest, but because of the time, and because of the old decent authorization schemes on my squids that still work fine even with Windows 7. But, last time I once again decided to setup the nested groups and GSS-SPNEGO. negotiate_wrapper works just fine, thanks again. So, to refresh your memory, last time :) I got this problem: inability to bind to LDAP server. I have an AD domain and a bunch of controllers. Some of my thoughts I described below, but first the output. The debug output looks like (fresh one, and sorry for the pseudographics, but it's a real output): ===Cut=== [emz@wizard:/usr/local/etc/squid]# ./squid_kerb_group.sh 2012/07/31 01:27:12| squid_kerb_ldap: Starting version 1.2.2 2012/07/31 01:27:12| squid_kerb_ldap: Group list Internet Users - Proxy1@ 2012/07/31 01:27:12| squid_kerb_ldap: Group Internet Users - Proxy1 Domain 2012/07/31 01:27:12| squid_kerb_ldap: Netbios list soft...@norma.com 2012/07/31 01:27:12| squid_kerb_ldap: Netbios name SOFTLAB Domain NORMA.COM 2012/07/31 01:27:12| squid_kerb_ldap: ldap server list NULL 2012/07/31 01:27:12| squid_kerb_ldap: No ldap servers defined. emz 2012/07/31 01:27:52| squid_kerb_ldap: Got User: emz set default domain: NORMA.COM 2012/07/31 01:27:52| squid_kerb_ldap: Got User: emz Domain: NORMA.COM 2012/07/31 01:27:52| squid_kerb_ldap: User domain loop: group@domain Internet Users - Proxy1@ 2012/07/31 01:27:52| squid_kerb_ldap: Default domain loop: group@domain Internet Users - Proxy1@ 2012/07/31 01:27:52| squid_kerb_ldap: Found group@domain Internet Users - Proxy1@ 2012/07/31 01:27:52| squid_kerb_ldap: Setup Kerberos credential cache 2012/07/31 01:27:52| squid_kerb_ldap: Get default keytab file name 2012/07/31 01:27:52| squid_kerb_ldap: Got default keytab file name /usr/local/etc/squid/HTTP.keytab 2012/07/31 01:27:52| squid_kerb_ldap: Get principal name from keytab /usr/local/etc/squid/HTTP.keytab 2012/07/31 01:27:52| squid_kerb_ldap: Keytab entry has realm name: NORMA.COM 2012/07/31 01:27:52| squid_kerb_ldap: Found principal name: HTTP/proxy-wizard.norma.c...@norma.com 2012/07/31 01:27:52| squid_kerb_ldap: Set credential cache to MEMORY:squid_ldap_19356 2012/07/31 01:27:52| squid_kerb_ldap: Got principal name HTTP/proxy-wizard.norma.c...@norma.com 2012/07/31 01:27:52| squid_kerb_ldap: Stored credentials 2012/07/31 01:27:52| squid_kerb_ldap: Initialise ldap connection 2012/07/31 01:27:52| squid_kerb_ldap: Canonicalise ldap server name for domain NORMA.COM 2012/07/31 01:27:52| squid_kerb_ldap: Resolved SRV _ldap._tcp.NORMA.COM record to spb-dc.norma.com 2012/07/31 01:27:52| squid_kerb_ldap: Resolved SRV _ldap._tcp.NORMA.COM record to spb-gc.norma.com 2012/07/31 01:27:52| squid_kerb_ldap: Resolved SRV _ldap._tcp.NORMA.COM record to sad-srv.norma.com 2012/07/31 01:27:52| squid_kerb_ldap: Resolved SRV _ldap._tcp.NORMA.COM record to hq-dc.norma.com 2012/07/31 01:27:52| squid_kerb_ldap: Resolved SRV _ldap._tcp.NORMA.COM record to hq-gc.norma.com 2012/07/31 01:27:52| squid_kerb_ldap: Resolved SRV _ldap._tcp.NORMA.COM record to nb-dc.norma.com 2012/07/31 01:27:52| squid_kerb_ldap: Resolved SRV _ldap._tcp.NORMA.COM record to mos-dc.norma.com 2012/07/31 01:27:52| squid_kerb_ldap: Resolved SRV _ldap._tcp.NORMA.COM record to sam-dc.norma.com 2012/07/31 01:27:52| squid_kerb_ldap: Resolved address 1 of NORMA.COM to hq-gc.norma.com 2012/07/31 01:27:52| squid_kerb_ldap: Resolved address 2 of NORMA.COM to fd00::322 2012/07/31 01:27:52| squid_kerb_ldap: Resolved address 3 of NORMA.COM to hq-gc.norma.com 2012/07/31 01:27:52| squid_kerb_ldap: Resolved address 4 of NORMA.COM to fd00::322 2012/07/31 01:27:52| squid_kerb_ldap: Resolved address 5 of NORMA.COM to hq-gc.norma.com 2012/07/31 01:27:52| squid_kerb_ldap: Resolved address 6 of NORMA.COM to fd00::322 2012/07/31 01:27:52| squid_kerb_ldap: Resolved address 7 of NORMA.COM to hq-gc.norma.com 2012/07/31 01:27:52| squid_kerb_ldap: Resolved address 8 of NORMA.COM to hq-dc.norma.com 2012/07/31 01:27:52| squid_kerb_ldap: Resolved address 9 of NORMA.COM to hq-dc.norma.com 2012/07/31 01:27:52| squid_kerb_ldap: Resolved address 10 of NORMA.COM to hq-gc.norma.com 2012/07/31 01:27:52| squid_kerb_ldap: Resolved address 11 of NORMA.COM to hq-dc.norma.com 2012/07/31 01:27:52| squid_kerb_ldap: Resolved address 12 of NORMA.COM to hq-gc.norma.com 2012/07/31 01:27:52| squid_kerb_ldap: Resolved address 13 of NORMA.COM to 192.168.92.189 2012/07/31 01:27:52| squid_kerb_ldap: Resolved address 14 of NORMA.COM to 192.168.92.189 2012/07/31 01:27:52| squid_kerb_ldap: Resolved address 15 of NORMA.COM to 192.168.92.189 2012/07/31 01:27:52| squid_kerb_ldap: Resolved address 16 of NORMA.COM to 192.168.173.3 2012/07/31 01:27:52| squid_kerb_ldap: Resolved address 17 of NORMA.COM to 192.168.180.26 2012/07/31 01:27:52| squid_kerb_ldap:
[squid-users] Digest problem
I have 2 servers as sibling cache_peer: Server1: visible_hostname teste cache_peer 172.29.0.99 sibling 3128 3130 proxy-only cache_peer_access 172.29.0.99 allow all icp_access allow all icp_hit_stale on Server2 visible_hostname squid2 cache_peer 172.29.0.96 sibling 3128 3130 proxy-only cache_peer_access 172.29.0.96 allow all icp_access allow all icp_hit_stale on But when a client ask to squid2, I got this error in teste: 1343674849.531 43 172.29.0.99 TCP_MISS/404 360 GET http://teste:3128/squid-internal-periodic/store_digest - NONE/- text/plain Both server, squid -v: Squid Cache: Version 3.1.10 configure options: '--build=x86_64-redhat-linux-gnu' '--host=x86_64-redhat-linux-gnu' '--target=x86_64-redhat-linux-gnu' '--program-prefix=' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib64' '--libexecdir=/usr/libexec' '--sharedstatedir=/var/lib' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--exec_prefix=/usr' '--libexecdir=/usr/lib64/squid' '--localstatedir=/var' '--datadir=/usr/share/squid' '--sysconfdir=/etc/squid' '--with-logdir=$(localstatedir)/log/squid' '--with-pidfile=$(localstatedir)/run/squid.pid' '--disable-dependency-tracking' '--enable-arp-acl' '--enable-follow-x-forwarded-for' '--enable-auth=basic,digest,ntlm,negotiate' '--enable-basic-auth-helpers=LDAP,MSNT,NCSA,PAM,SMB,YP,getpwnam,multi-domain-NTLM,SASL,DB,POP3,squid_radius_auth' '--enable-ntlm-auth-helpers=smb_lm,no_check,fakeauth' '--enable-digest-auth-helpers=password,ldap,eDirectory' '--enable-negotiate-auth-helpers=squid_kerb_auth' '--enable-external-acl-helpers=ip_user,ldap_group,session,unix_group,wbinfo_group' '--enable-cache-digests' '--enable-cachemgr-hostname=localhost' '--enable-delay-pools' '--enable-epoll' '--enable-icap-client' '--enable-ident-lookups' '--enable-linux-netfilter' '--enable-referer-log' '--enable-removal-policies=heap,lru' '--enable-snmp' '--enable-ssl' '--enable-storeio=aufs,diskd,ufs' '--enable-useragent-log' '--enable-wccpv2' '--enable-esi' '--with-aio' '--with-default-user=squid' '--with-filedescriptors=16384' '--with-dl' '--with-openssl' '--with-pthreads' 'build_alias=x86_64-redhat-linux-gnu' 'host_alias=x86_64-redhat-linux-gnu' 'target_alias=x86_64-redhat-linux-gnu' 'CFLAGS=-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic -fpie' 'LDFLAGS=-pie' 'CXXFLAGS=-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic -fpie' --with-squid=/builddir/build/BUILD/squid-3.1.10 What should I do to fix it? -- Rafael Gomes Consultor em TI LPIC-1 MCSO (71) 8318-0284 Atenção: Este e-mail pode conter anexos no formato ODF (Open Document Format)/ABNT (extensões odt, ods, odp, odb, odg). Antes de pedir os anexos em outro formato, você pode instalar gratuita e livremente o BrOffice (http://www.broffice.org).
[squid-users] How to trick splay trees?
Hi, (I use squid 2.7. STABLE9 on RedHat EL 5.6) Following problem: I have following dstdomains defined going to par-std and par-alt cache_peers respectively: acl alt dstdomain .fa-intracomp.net acl std dstdomain .intracomp.com Now I'd like "abc.intracomp.com" to also go via cache_peer par-alt. Following two tries didn't work: # acl alt-2 dstdom_regex -i abc.intracomp.com # acl alt dstdomain abc.intracomp.com The requests were sent to par-std cache_peer cache_peer 192.10.10.22parent31280 no-query login=PASS proxy-only no-digest name=par-std cache_peer 192.10.10.22parent800 no-query login=PASS proxy-only no-digest name=par-alt cache_peer_access par-alt allow alt-2 cache_peer_access par-alt allow alt cache_peer_access par-std allow std Is there a way for that to work at all? Thanks Janis
