RE: [squid-users] Is OpenDNS efficient for squid?
Dear All, I was reading the article, but I guess it's too old. Can anybody update me Still Squid can't handle SSL(https) Pages? http://www.squid-cache.org/mail-archive/squid-users/200907/0073.html HTTP port 80 can be intercepted. Or other known plain HTTP port if you are very certain of them. HTTPS is encrypted. Thats what the 'S' means (Secure over SSL). You _cannot_ intercept an encrypted transaction and expect a plain-text HTTP processor to handle it. -Original Message- From: J. Webster [mailto:webster_j...@hotmail.com] Sent: Monday, February 08, 2010 7:05 PM To: swri...@shawnigan.ca; squid-users@squid-cache.org Subject: RE: [squid-users] Is OpenDNS efficient for squid? I have put the nameservers into squid.conf. However, today I received the same error. Squid times out on the following site https://www.skyplayer.com This is the dig result: [r...@# dig skyplayer.sky.com ; <<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2 <<>> skyplayer.sky.com ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35479 ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;skyplayer.sky.com. IN A ;; ANSWER SECTION: skyplayer.sky.com. 300 IN CNAME wildcard.sky.com.edgekey.net. wildcard.sky.com.edgekey.net. 21600 IN CNAME e3228.b.akamaiedge.net. e3228.b.akamaiedge.net. 20 IN A 92.123.93.52 ;; Query time: 162 msec ;; SERVER: 213.171.192.249#53(213.171.192.249) ;; WHEN: Mon Feb 8 13:57:05 2010 ;; MSG SIZE rcvd: 126 If dig works and nslookup gives: [r...@]# nslookup skyplayer.com Server: 213.171.192.249 Address: 213.171.192.249#53 Non-authoritative answer: Name: skyplayer.com Address: 80.238.9.232 Any reasons why squid won't resolve it? > Date: Sun, 7 Feb 2010 19:03:09 -0800 > From: swri...@shawnigan.ca > To: squid-users@squid-cache.org > Subject: Re: [squid-users] Is OpenDNS efficient for squid? > > - "Dieter Bloms" wrote: >> Hi, >> >> On Sun, Feb 07, J. Webster wrote: >> >>> Is there any problem with using opendns server as the dns_nameserver in >>> squid? >>> Is it slower than using the local hosts namersevrers? >>> I have an issue with dns timeouts for 1 or 2 websites and am having to >>> restart the dns cache (nscd) every 6 hours to flush it. >>> I thought adding the nameservers to the squid.conf would bypass this issue. >> >> you can savely disable nscd. >> I had some trouble with nscd till I disabled it. >> I think you don't get any performance issues. >> >> >> -- >> Gruß >> >> Dieter > > We switched to OpenDNS in December, after years of using our own djbdns > servers, and have not seen any issues. The server provides access to 650 > campus users over a 1Gb link, with typically 100Req/s throughout the day. Our > hope is that OpenDNS will reduce the time spent on ACL maintenance in squid, > and allow us to drop some ACLs completely. > > -- > Shawn Wright > I.T. Manager, Shawnigan Lake School > http://www.shawnigan.ca _ Tell us your greatest, weirdest and funniest Hotmail stories http://clk.atdmt.com/UKM/go/195013117/direct/01/
[squid-users] delay pool
Dear All, I want to configure Per user quota, Mean 2 GB per day internet access. Can I do it with delay pools? But in delay pool how And my 2nd question is delay pool bucket is for day or for week or month? Kindly reply Regards Adnan
RE: [squid-users] Squid HD Limitation
Dear All, I have problem with streaming, after squid streaming effect very badly. Do you have any idea how to fast streaming Also suggest if any cache changes, if it possible that it cache streaming if any one require cache HIT? Regards Adnan
[squid-users] Squid + youtube problem
Sorry for my last email :-( emailing on another problem subjected "Squid HD Limitation" I have problem with streaming, after squid streaming effect very badly. Do you have any idea how to fast streaming. Is it possible, that I cache youtube videos if any access for a two days at least. Your valuable suggestion are require Regards Adnan
[squid-users] NTLM + squid
Dear All, I have configured squid with TPROXY + NTLM + winbind, everything work fine, but my client compliant around mid night we can't access internet. There is no cron job no reports, only one thing that mid night all my 1000+ user came and access internet. So my question is there any connection limit of winbind + squid? Mean number of user or request per second or minute it support? Regards Adnan
[squid-users] squid
Dear all Why squid TIME+ option increasing all the time? Is it because load or queue? Squid# TOP 32313 proxy 15 0 194m 190m 2216 S5 5.4 68:21.44 squid 23727 root 15 0 8244 2012 1200 S0 0.1 25:02.96 winbindd Why swap memory not utilizing as well physical memory is utilizing properly. Squid# free -m total used free sharedbuffers cached Mem: 3547 3263283 0157 2632 -/+ buffers/cache:473 3073 Swap: 8581 0 8581 Need your valuable suggestions Regards Adnan
[squid-users] SQuid Slow
Dear all, Is there any way to fast the simple html pages. Currently everything working fine, but user complaint that it appear all html page at once which cause delay. So my question is it possible that as squid receive object it should display to user's, instead of display whole website at once. That’s how I guess user will be not boar if there browser's displaying object's. Require your help Regards Adnan
RE: [squid-users] Two Login Windows
It bcoz you enable two authentication mechanism, Ntlm as well basic disable one and it will not prompt two time :-) -Original Message- From: Benedikt Brandt [mailto:fo...@b1online.de] Sent: Saturday, March 27, 2010 5:21 PM To: squid-users@squid-cache.org Subject: [squid-users] Two Login Windows Hello alltogether I am running Squid 2.7 Stable on a Debian Lenny system. The Squidusers authenticate against an ADS-Server and everything works fine, as long as the user connects from a computer within the Domain. When using the Proxy from a computer outside the Domain a Login Window appears, as it is supposed to. However this Login Window doesn't work. It just says: The proxy 192.168.3.101:3128 is requesting a username and password. The site says: "" After giving the correct login-information, this window just pops up again and again and again. However after cancelling this window, a second window appears saying: The proxy 192.168.3.101:3128 is requesting a username and password. The site says: "Squid proxy-caching web server" Entering the login-information in this window works. The user isn`t queried again and has access to the internet. Why is this first useless login window showing up? Is there any way to suppress it? Or have I misconfigured something? My squid.conf is attached. Thanks in advance. Hopefully I am not violating some rules right now. Since this is my first post on a mailinglist, I am simply missing the experience. Benedikt ~~ auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp auth_param ntlm children 10 auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic auth_param basic children 5 auth_param basic realm Squid proxy-caching web server external_acl_type winbind_group_helper %LOGIN /usr/lib/squid/wbinfo_group.pl acl lehrer external winbind_group_helper "/etc/squid/lehrer" acl schuelerpriv external winbind_group_helper "/etc/squid/schuelerpriv" acl all src all acl manager proto cache_object acl localhost src 127.0.0.1/32 acl to_localhost dst 127.0.0.0/8 acl agc proxy_auth "/var/lib/squidguard/db/BL/gruppen/agc" acl AuthUsers proxy_auth REQUIRED acl fails rep_mime_type ^.*mms.* acl fails rep_mime_type ^.*ms-hdr.* acl fails rep_mime_type ^.*x-fcs.* acl fails rep_mime_type ^.*x-ms-asf.* acl fails2 urlpath_regex dvrplayer mediastream mms:// acl fails2 urlpath_regex \.asf$ \.afx$ \.flv$ \.swf$ \.exe$ \.gz$ acl deny_rep_mime_flashvideo rep_mime_type -i video/flv acl deny_rep_mime_shockwave rep_mime_type -i ^application/x-shockwave-flash$ acl x-type req_mime_type -i ^application/octet-stream$ acl x-type req_mime_type -i application/octet-stream acl x-type req_mime_type -i ^application/x-mplayer2$ acl x-type req_mime_type -i application/x-mplayer2 acl x-type req_mime_type -i ^application/x-oleobject$ acl x-type req_mime_type -i application/x-oleobject acl x-type req_mime_type -i application/x-pncmd acl x-type req_mime_type -i ^video/x-ms-asf$ acl x-type2 rep_mime_type -i ^application/octet-stream$ acl x-type2 rep_mime_type -i application/octet-stream acl x-type2 rep_mime_type -i ^application/x-mplayer2$ acl x-type2 rep_mime_type -i application/x-mplayer2 acl x-type2 rep_mime_type -i ^application/x-oleobject$ acl x-type2 rep_mime_type -i application/x-oleobject acl x-type2 rep_mime_type -i application/x-pncmd acl x-type2 rep_mime_type -i ^video/x-ms-asf$ acl x-type2 rep_mime_type -i application/zip acl x-type2 rep_mime_type -i ^application/zip$ acl x-type2 rep_mime_type -i application/x-rar-compressed acl x-type2 rep_mime_type -i ^application/x-rar-compressed$ acl x-type2 rep_mime_type -i application/x-tar acl x-type2 rep_mime_type -i ^application/x-tar$ acl localnet src 172.16.0.0/12 # RFC1918 possible internal network acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT http_access allow fails lehrer http_access allow fails schuelerpriv http_access allow fails agc http_access deny fails http_access allow fails2 lehrer http_access allow fails2 schuelerpriv http_access allow fails2 agc http_access deny fails2 http_access allow x-type lehrer http_access allow x-type schuelerpriv http_access allow x-type agc http_access deny x-type http_access allow x-type2 lehrer http_access allow x-type2 schuelerpriv http_access allow x-type2 agc http_access deny x-type2 http_access allow manager localhost http_access allow lehrer http_access allow schuelerpriv http_access allow agc http_access deny manager http_access deny !Safe_ports http_access deny CONNECT
RE: [squid-users] Trouble writing external acl helper
Dear All, I am adding my problem if you ppl can solve by external ACL Helper... my clients mostly hitting local PC names as http request, which cause file descriptor in use and in that response Internet speed slow even dead slow.. Is it virus? What if I want to allow that them all, then how can I allow them Common thing them all is there is no .com or .org or .net. so is it possible that I make an acl that allow http request without having domain name (.com, .net or .org etc) Looking forward to you response 1271255037.123 0 10.90.0.103 TCP_DENIED/407 7629 OPTIONS http://iqra-pc/ - NONE/- text/html 1271255037.194 1 10.90.0.103 TCP_DENIED/407 7629 OPTIONS http://iqra-pc/ - NONE/- text/html 1271255037.264 0 10.90.0.103 TCP_DENIED/407 7629 OPTIONS http://iqra-pc/ - NONE/- text/html 1271255037.334 0 10.90.0.103 TCP_DENIED/407 7629 OPTIONS http://iqra-pc/ - NONE/- text/html 1271255037.404 1 10.90.0.103 TCP_DENIED/407 7629 OPTIONS http://iqra-pc/ - NONE/- text/html 1271255037.476 1 10.90.0.103 TCP_DENIED/407 7629 OPTIONS http://iqra-pc/ - NONE/- text/html 1271255037.544 1 10.90.0.103 TCP_DENIED/407 7629 OPTIONS http://iqra-pc/ - NONE/- text/html 1271255037.614 0 10.90.0.103 TCP_DENIED/407 7629 OPTIONS http://iqra-pc/ - NONE/- text/html 1271255037.686 0 10.90.0.103 TCP_DENIED/407 7629 OPTIONS http://iqra-pc/ - NONE/- text/html 1271255037.755 0 10.90.0.103 TCP_DENIED/407 7629 OPTIONS http://iqra-pc/ - NONE/- text/html 1271255037.832 0 10.90.0.103 TCP_DENIED/407 7629 OPTIONS http://iqra-pc/ - NONE/- text/html 1271255037.894 1 10.90.0.103 TCP_DENIED/407 7629 OPTIONS http://iqra-pc/ - NONE/- text/html 1271255037.965 0 10.90.0.103 TCP_DENIED/407 7629 OPTIONS http://iqra-pc/ - NONE/- text/html 1271255038.036 0 10.90.0.103 TCP_DENIED/407 7629 OPTIONS http://iqra-pc/ - NONE/- text/html 1271255038.105 0 10.90.0.103 TCP_DENIED/407 7629 OPTIONS http://iqra-pc/ - NONE/- text/html 1271255038.175 0 10.90.0.103 TCP_DENIED/407 7629 OPTIONS http://iqra-pc/ - NONE/- text/html 1271255038.245 0 10.90.0.103 TCP_DENIED/407 7629 OPTIONS http://iqra-pc/ - NONE/- text/html 1271255038.316 1 10.90.0.103 TCP_DENIED/407 7629 OPTIONS http://iqra-pc/ - NONE/- text/html 1271255038.386 0 10.90.0.103 TCP_DENIED/407 7629 OPTIONS http://iqra-pc/ - NONE/- text/html 1271255038.455 1 10.90.0.103 TCP_DENIED/407 7629 OPTIONS http://iqra-pc/ - NONE/- text/html 1271255038.526 1 10.90.0.103 TCP_DENIED/407 7629 OPTIONS http://iqra-pc/ - NONE/- text/html 1271255038.596 0 10.90.0.103 TCP_DENIED/407 7629 OPTIONS http://iqra-pc/ - NONE/- text/html 1271255038.673 0 10.90.0.103 TCP_DENIED/407 7629 OPTIONS http://iqra-pc/ - NONE/- text/html 1271255038.736 0 10.90.0.103 TCP_DENIED/407 7629 OPTIONS http://iqra-pc/ - NONE/- text/html 1271255038.806 1 10.90.0.103 TCP_DENIED/407 7629 OPTIONS http://iqra-pc/ - NONE/- text/html 1271255038.876 0 10.90.0.103 TCP_DENIED/407 7629 OPTIONS http://iqra-pc/ - NONE/- text/html 1271255038.947 1 10.90.0.103 TCP_DENIED/407 7629 OPTIONS http://iqra-pc/ - NONE/- text/html 1271255039.016 0 10.90.0.103 TCP_DENIED/407 7629 OPTIONS http://iqra-pc/ - NONE/- text/html 1271255039.090 0 10.90.0.103 TCP_DENIED/407 7629 OPTIONS http://iqra-pc/ - NONE/- text/html -Original Message- From: marriedto51 [mailto:johnmwil...@talktalk.net] Sent: Wednesday, April 14, 2010 1:38 PM To: squid-users@squid-cache.org Subject: [squid-users] Trouble writing external acl helper I am almost certainly missing something very basic, but I haven't found out what after searching here and elsewhere, so any help will be greatly appreciated. I'm using squid 3.1 on Fedora 12 (64-bit). I want to write an external acl helper (for fun!) and started with a toy example written in C which is only going to allow the URL "http://www.google.com";. It works as I expect when I run it at the command line (lines are read one-by-one from standard input and a reply of "OK" or "ERR" appears on standard output), but the output I get from squid says: 2010/04/14 08:40:23.731| helperOpenServers: Starting 5/5 'toy_helper' processes ... 2010/04/14 08:40:31.197| WARNING: toy_helper #1 (FD 7) exited 2010/04/14 08:40:31.197| WARNING: toy_helper #3 (FD 11) exited 2010/04/14 08:40:31.198| WARNING: toy_helper #2 (FD 9) exited 2010/04/14 08:40:31.198| WARNING: toy_helper #4 (FD 13) exited 2010/04/14 08:40:31.198| Too few toy_helper processes are running ... FATAL: The toy_helper helpers are crashing too rapidly, need help! In the squid.conf file I've put: external_acl_type toy_helper %PATH /tmp/squid-tests/toy_helper acl toy external toy_helper This squid.conf and the toy_helper executable are both in /tmp/squid-tests, and everything there is world-readable. Lastly, here is the source for toy_helper: 1 #include 2 #include 3 #defin
[squid-users] Need Help
Dear Sir, i am working in a company, Pakistan. My Network setting is Squid Machine ---> Packeeter (Hardware for Bandwidth Management (With out NATing)) -> F5 (aggreated internet connection (With out NATing) ) > Router (NATing) i want to configure Squid with dansguardian for content filter. but problem which i am facing is that squid do NAT and don't forward Client IP. Which i want to forward client IP to Packeeter and squid do cache, log and content filtering job. But i am facing this problem and i study lots of Document and no success so Please guide me and Help me to resolve this problem. looking forward to your positive response. Regards M.Adnan Shahzad System Administrator
[squid-users] TPROXY Squid
Dear All, what and how TPROXY works M.Adnan Shahzad System Administrator
