Re: [squid-users] allowing facebook for spesific client IPs

2011-09-17 Thread Babu Chaliyath 
On Fri, Sep 16, 2011 at 12:23 PM, a bv  wrote:
> Hi,
>
> Im trying to allow some client IPs to reach to facebook , and im
> generally blocking the facebook successfully.  I tried some entries
> like below  (which similar ones were working fine for other
> exceptions) but this doesnt seem to work
>
>
> acl   john src 10.x.y.z
>
> acl  jane  src 10.x.y.t
>
> acl facebook  dstdomain facebook.com (or .facebook.com)
>
>
> http_access allow john jane facebook.
>
>
> squid  -k reconfigure
>
> Regards
>

http_access allow statement must be followed by a http_access deny too

Babs

Re: [squid-users] squid cache statistics

2011-09-17 Thread Babu Chaliyath 
> I am looking for some nice application which gives me correct and
> perfect report of squid  cache performance.

squidclient mgr:info :)

Babs

Re: [squid-users] Adding WAN IP address to SQUID.CONF so users can run .net program

2011-09-17 Thread Babu Chaliyath 
On Thu, Sep 15, 2011 at 5:44 PM, Amos Jeffries  wrote:
> On 15/09/11 06:45, margaretgil...@chromalloy.com wrote:
>>
>> Hi Amos,
>>
>> Even if I do not use the IP address the .services.chromalloy.local is
>> being blocked.
>>
>> Adding the IP to this line
>> acl localServices dstdomain .services.chromalloy.local 192.168.3.42
>>
>> did not fix anything. Both addresses are blocked.
>
> Wow. Strange. Try setting debug_options to "ALL,1 28,4 85,2" and see what
> ACLs are denying it.
>
>
> Amos
> --

Sorry if I am jumping the gun, isn't it the IP of squid proxy server
to be used instead of 192.168.3.42?

Sorry if that question was wrong
Babs

Re: [squid-users] Limit usage of social network websites at workplace but not blocking them

2011-09-09 Thread Babu Chaliyath 
On Sat, Sep 3, 2011 at 6:58 PM, Hasanen AL-Bana  wrote:
> It could be possible with squid if you write some external acl helper
> script which checks the IP address (or username) and decides when to
> allow/deny access.
> However, facebook is out of control now since the site switched to
> HTTPS for most users ( or is it possible to intercept https traffic in
> squid 3 ? )
>
> On Sat, Sep 3, 2011 at 4:19 PM, Dennis Yurichev  wrote:
>>
>> Hi.
>>
>> It is well-known how to block social network websites in /etc/hosts,
>> squid, etc. But I don't want to block. I want to limit its usage and
>> give all users in my company, let's say, 10 minutes per day to each such
>> site or 30 minutes to group of sites like facebook, youtube, etc. Or,
>> limit each user to one single visit to facebook.com per day.
>>
>> Is squid configurable to do this? If so, how? What I need?
>

May be a time based ACL will be helpful to your situation, which will
allow users to access social networking   sites after a particular
time?
Check out the wiki
http://wiki.squid-cache.org/SquidFaq/SquidAcl#How_can_I_allow_some_clients_to_use_the_cache_at_specific_times.3F

Re: [squid-users] Squid not acting as a trnansparent proxy in freebsd

2011-08-10 Thread Babu Chaliyath 
>>
>> We are not sure if its the gateway part thats not working or the
>> squid config, we have installed squid 2.7, 3.0 and 3.1 followed at
>> most 10 tutorials and no luck getting a transparent proxy :(
>
> Sounds like you forgot to build Squid with --enable-transparent-ipfw
>
> Or possibly you set the box up as a bridge instead of a router.
>
> Amos
>
>
Along with what Amos said, also check ur firewall rule which does port
forwarding, Its needed  AFAIK to get transparent proxying

Babu

Re: [squid-users] sluggish squid

2010-12-28 Thread Babu Chaliyath 
You could try disabling acccess log and disabling cache to find if
they make difference

Regards
Babs

On Sun, Dec 26, 2010 at 2:40 AM, J Webster  wrote:
> I have had squid installed a while and tonight it is behaving very
> sluggishly.
> ANy ideas what I can do to check the problem?
> It doesn;t seem it is memory.
> Could be bandwidth related but I am getting could not connect errors from
> squid and then occasionally it connects but if it was bandwidth it would
> just be slowloading.
> httpd works fine, so does openvpn, and ssh, so must be a squid issue.
>
> There is no syn or ddos and I have about 120 connections.
>
> I have each use limited to 1Mb so really doubt a bandwidth issue...
> [root ]# netstat -nat | grep :80 | grep ESTABLISHED| wc -l
> 84
> [root ]# netstat -nat | grep :8080 | grep ESTABLISHED| wc -l
> 57
>
> CPU load averages 0.05 (1 min) 0.03 (5 mins) 0.00 (15 mins)
> Real memory 928.13 MB total, 254.31 MB used
>
> Virtual memory 509.84 MB total, 7.41 MB used
>
> Local disk space 232.06 GB total, 14.23 GB used
>

Re: [squid-users] How can I control upload bw?

2010-11-21 Thread Babu Chaliyath 
http://www.squid-cache.org/mail-archive/squid-users/200508/0503.html
This must help you

regards
Babs

On Thu, Nov 18, 2010 at 9:30 PM, Landy Landy  wrote:
> Hello.
>
> I have probably posted about this before, if so, please excuse the redundancy 
> on the topic.
>
> I am wondering if there's a way of controlling the upload bandwidth with 
> squid. I've tried for a while now to shape the traffic for our lan and 
> provide each client with 512kbps/128kbps and can't get it done when squid is 
> in the middle. I finally was able to control the download speed with tc and 
> iptables on the POSTROUTING chain but, can't control the clients' upload. 
> I've tried INPUT, PREROUTING but, nothing. I also gave access pools a shot 
> but couldn't get it to control upload, it controls everything, for example if 
> I set the individual pool it controls dl/up at that rate.
>
> Any suggestions?
>
> Thanks.
>
>
>
>

Re: [squid-users] authenticate users by Active Directory

2010-10-15 Thread Babu Chaliyath 
You might need to search old posts( many of them are there) to do what you want.
Q1. Yes you can authenticate squid users by Active Directory
Q2. You can keep, you can checkout Squid-Ldap aurthentication method
if you dont want to use SAMBA packages.

Babs

On 10/14/10, Riccardo Castellani  wrote:
> 1- Can I authenticate my users by Active Directory ?
>
> I have 3 Domain Controller servers where my domain is 'intern.it' (MS DNS)
> I have another domain, on the external side (extern.it) , which I use to
> publish web services and SMTP traffic (Linux srv, Bind9 package)
> Clients use MS internal dns, while Squid uses extern dns.
> Squid (2.7 Stable3) and Bind services are on the same server.
>
> 2- In order to integrating Squid authentication to Active Directory, can
> keep these 2 domains as now (divided and independent) ?
>
> I read that, for creating this system, I have to insert my squid into
> domain, by SAMBA package, but my purpose is keeping same behaviour and
> environment.
>
> Riccardo
>
>
>

Re: [squid-users] Squid 3.1 with MRTG, Not able to get Graphs- squid upgraded to 3.1.8 ( Resolved at last)

2010-10-11 Thread Babu Chaliyath 
Hi List,
At last I could get the MRTG running with squid 3.1.8, though it took
much time. Will be writing a howto soon regarding how to set up mrtg
on FreeBSD.
It was the SNMP_util.pm gave all the trouble as the port maintainers
did some changes of merging. Those who are breaking head with mrtg
kindly have p5-SNMP_Session port to be installed additionally and save
the time.
Hope that may help someone in future.

Thank you so much to those took their valuable time to reply to my
silly doubts and cleared and guided me.

Regards
Babs

On 10/4/10, Babu Chaliyath  wrote:
>> It's well worth upgrading to 3.1.8. Many of the 3.1 betas had broken
>> SNMP.
>>
>> Also check that the squid.mib being loaded came from the 3.1 install.
>>
>> We now have a full map of what the OID are and what versions they work
>> for. You may find this useful:
>> http://wiki.squid-cache.org/Features/Snmp#Squid_OIDs
>>
>>
>> Amos
>> --
>> Please be using
>>Current Stable Squid 2.7.STABLE9 or 3.1.8
>>Beta testers wanted for 3.2.0.2
>>
>
> Hi List,
> As suggested by Amos, I have upgraded the squid box to 3.1.8 and
> everything is working fine except the graph part with mrtg.
> mrtg version :mrtg-2.16.4
>
> My mrtg.cfg is as below
>
> LoadMIBs: /usr/local/etc/mrtg/squid.mib
> EnableIPv6: no
> WorkDir: /usr/local/www/apache22/data
> Options[_]: bits,growright
>
> Target[proxy-hit]: cacheHttpHits&cacheServerRequests:pub...@127.0.0.1:3401
> MaxBytes[proxy-hit]: 10
> Title[proxy-hit]: HTTP Hits
> Suppress[proxy-hit]: y
> LegendI[proxy-hit]: HTTP hits
> LegendO[proxy-hit]: HTTP requests
> Legend1[proxy-hit]: HTTP hits
> Legend2[proxy-hit]: HTTP requests
> YLegend[proxy-hit]: perminute
> ShortLegend[proxy-hit]: req/min
> Options[proxy-hit]: nopercent, perminute, dorelpercent, unknaszero,
> growright, pngdate
> #PNGTitle[proxy-hit]: Proxy Hits
>
> Target[proxy-srvkbinout]:
> cacheServerInKb&cacheServerOutKb:pub...@127.0.0.1:3401
> MaxBytes[proxy-srvkbinout]: 76800
> Title[proxy-srvkbinout]: Cache Server Traffic In/Out
> Suppress[proxy-srvkbinout]: y
> LegendI[proxy-srvkbinout]: Traffic In
> LegendO[proxy-srvkbinout]: Traffic Out
> Legend1[proxy-srvkbinout]: Traffic In
> Legend2[proxy-srvkbinout]: Traffic Out
> YLegend[proxy-srvkbinout]: per minute
> ShortLegend[proxy-srvkbinout]: b/min
> kMG[proxy-srvkbinout]: k,M,G,T
> kilo[proxy-srvkbinout]: 1024
> Options[proxy-srvkbinout]: nopercent, perminute, unknaszero, growright,
> pngdate
>
> I have verified that squid snmp is working through the following command
>
> #snmpget -On -m /usr/local/etc/mrtg/squid.mib -v 2c -c public
> 127.0.0.1:3401 cacheHttpHits cacheServerRequests cacheServerInKb
> cacheServerOutKb cacheUptime CacheSoftware cacheVersionId
>
> This gives me results without any errors so snmp part of squid is
> working fine I think
> Now when I run mrtg I could see the following errors in mrtg.log file
>
> 010-10-04 12:37:33 -- Started mrtg with config
> '/usr/local/etc/mrtg/mrtg.cfg'
> 2010-10-04 12:37:33 -- Unknown SNMP var cacheHttpHits
>  at /usr/local/bin/mrtg line 2242
> 2010-10-04 12:37:33 -- Unknown SNMP var cacheServerRequests
>  at /usr/local/bin/mrtg line 2242
> 2010-10-04 12:37:33 -- Unknown SNMP var cacheUptime
>  at /usr/local/bin/mrtg line 2242
> 2010-10-04 12:37:33 -- Unknown SNMP var cacheSoftware
>  at /usr/local/bin/mrtg line 2242
> 2010-10-04 12:37:33 -- Unknown SNMP var cacheVersionId
>  at /usr/local/bin/mrtg line 2242
> 2010-10-04 12:37:33 -- Use of uninitialized value $ret[-2] in
> concatenation (.) or string at /usr/local/bin/mrtg line 2261.
> 2010-10-04 12:37:33 -- Use of uninitialized value $ret[-1] in
> concatenation (.) or string at /usr/local/bin/mrtg line 2261.
> 2010-10-04 12:37:33 -- Unknown SNMP var cacheServerInKb
>  at /usr/local/bin/mrtg line 2242
> 2010-10-04 12:37:33 -- Unknown SNMP var cacheServerOutKb
>  at /usr/local/bin/mrtg line 2242
> 2010-10-04 12:37:33 -- Unknown SNMP var cacheUptime
>  at /usr/local/bin/mrtg line 2242
> 2010-10-04 12:37:33 -- Unknown SNMP var cacheSoftware
>  at /usr/local/bin/mrtg line 2242
> 2010-10-04 12:37:33 -- Unknown SNMP var cacheVersionId
>  at /usr/local/bin/mrtg line 2242
> 2010-10-04 12:37:33 -- Use of uninitialized value $ret[-2] in
> concatenation (.) or string at /usr/local/bin/mrtg line 2261.
> 2010-10-04 12:37:33 -- Use of uninitialized value $ret[-1] in
> concatenation (.) or string at /usr/local/bin/mrtg line 2261.
> 2010-10-04 12:37:33 -- 2010-10-04 12:37:33: ERROR:
> Target[proxy-hit][_IN_] ' $target->[0]{$mode} ' did not eval into
> defined data
> 2010-10-04 12:37:33 -- 2010-10-04 12:37:33: ERROR:
> Ta

Re: [squid-users] Squid 3.1 with MRTG, Not able to get Graphs- squid upgraded to 3.1.8

2010-10-04 Thread Babu Chaliyath 
> It's well worth upgrading to 3.1.8. Many of the 3.1 betas had broken SNMP.
>
> Also check that the squid.mib being loaded came from the 3.1 install.
>
> We now have a full map of what the OID are and what versions they work
> for. You may find this useful:
> http://wiki.squid-cache.org/Features/Snmp#Squid_OIDs
>
>
> Amos
> --
> Please be using
>Current Stable Squid 2.7.STABLE9 or 3.1.8
>Beta testers wanted for 3.2.0.2
>

Hi List,
As suggested by Amos, I have upgraded the squid box to 3.1.8 and
everything is working fine except the graph part with mrtg.
mrtg version :mrtg-2.16.4

My mrtg.cfg is as below

LoadMIBs: /usr/local/etc/mrtg/squid.mib
EnableIPv6: no
WorkDir: /usr/local/www/apache22/data
Options[_]: bits,growright

Target[proxy-hit]: cacheHttpHits&cacheServerRequests:pub...@127.0.0.1:3401
MaxBytes[proxy-hit]: 10
Title[proxy-hit]: HTTP Hits
Suppress[proxy-hit]: y
LegendI[proxy-hit]: HTTP hits
LegendO[proxy-hit]: HTTP requests
Legend1[proxy-hit]: HTTP hits
Legend2[proxy-hit]: HTTP requests
YLegend[proxy-hit]: perminute
ShortLegend[proxy-hit]: req/min
Options[proxy-hit]: nopercent, perminute, dorelpercent, unknaszero,
growright, pngdate
#PNGTitle[proxy-hit]: Proxy Hits

Target[proxy-srvkbinout]: cacheServerInKb&cacheServerOutKb:pub...@127.0.0.1:3401
MaxBytes[proxy-srvkbinout]: 76800
Title[proxy-srvkbinout]: Cache Server Traffic In/Out
Suppress[proxy-srvkbinout]: y
LegendI[proxy-srvkbinout]: Traffic In
LegendO[proxy-srvkbinout]: Traffic Out
Legend1[proxy-srvkbinout]: Traffic In
Legend2[proxy-srvkbinout]: Traffic Out
YLegend[proxy-srvkbinout]: per minute
ShortLegend[proxy-srvkbinout]: b/min
kMG[proxy-srvkbinout]: k,M,G,T
kilo[proxy-srvkbinout]: 1024
Options[proxy-srvkbinout]: nopercent, perminute, unknaszero, growright, pngdate

I have verified that squid snmp is working through the following command

#snmpget -On -m /usr/local/etc/mrtg/squid.mib -v 2c -c public
127.0.0.1:3401 cacheHttpHits cacheServerRequests cacheServerInKb
cacheServerOutKb cacheUptime CacheSoftware cacheVersionId

This gives me results without any errors so snmp part of squid is
working fine I think
Now when I run mrtg I could see the following errors in mrtg.log file

010-10-04 12:37:33 -- Started mrtg with config '/usr/local/etc/mrtg/mrtg.cfg'
2010-10-04 12:37:33 -- Unknown SNMP var cacheHttpHits
 at /usr/local/bin/mrtg line 2242
2010-10-04 12:37:33 -- Unknown SNMP var cacheServerRequests
 at /usr/local/bin/mrtg line 2242
2010-10-04 12:37:33 -- Unknown SNMP var cacheUptime
 at /usr/local/bin/mrtg line 2242
2010-10-04 12:37:33 -- Unknown SNMP var cacheSoftware
 at /usr/local/bin/mrtg line 2242
2010-10-04 12:37:33 -- Unknown SNMP var cacheVersionId
 at /usr/local/bin/mrtg line 2242
2010-10-04 12:37:33 -- Use of uninitialized value $ret[-2] in
concatenation (.) or string at /usr/local/bin/mrtg line 2261.
2010-10-04 12:37:33 -- Use of uninitialized value $ret[-1] in
concatenation (.) or string at /usr/local/bin/mrtg line 2261.
2010-10-04 12:37:33 -- Unknown SNMP var cacheServerInKb
 at /usr/local/bin/mrtg line 2242
2010-10-04 12:37:33 -- Unknown SNMP var cacheServerOutKb
 at /usr/local/bin/mrtg line 2242
2010-10-04 12:37:33 -- Unknown SNMP var cacheUptime
 at /usr/local/bin/mrtg line 2242
2010-10-04 12:37:33 -- Unknown SNMP var cacheSoftware
 at /usr/local/bin/mrtg line 2242
2010-10-04 12:37:33 -- Unknown SNMP var cacheVersionId
 at /usr/local/bin/mrtg line 2242
2010-10-04 12:37:33 -- Use of uninitialized value $ret[-2] in
concatenation (.) or string at /usr/local/bin/mrtg line 2261.
2010-10-04 12:37:33 -- Use of uninitialized value $ret[-1] in
concatenation (.) or string at /usr/local/bin/mrtg line 2261.
2010-10-04 12:37:33 -- 2010-10-04 12:37:33: ERROR:
Target[proxy-hit][_IN_] ' $target->[0]{$mode} ' did not eval into
defined data
2010-10-04 12:37:33 -- 2010-10-04 12:37:33: ERROR:
Target[proxy-hit][_OUT_] ' $target->[0]{$mode} ' did not eval into
defined data
2010-10-04 12:37:33 -- 2010-10-04 12:37:33: ERROR:
Target[proxy-srvkbinout][_IN_] ' $target->[1]{$mode} ' did not eval
into defined data
2010-10-04 12:37:33 -- 2010-10-04 12:37:33: ERROR:
Target[proxy-srvkbinout][_OUT_] ' $target->[1]{$mode} ' did not eval
into defined data

All I could make out from these error was mrtg not reading squid.mib
file. Am I right?
Now I am stuck and I suspect a broken mrtg? or  did I go wrong
somewhere? Do kindly let me know what went wrong and how to proceed
further.
Thanx in advance
Babs

Re: [squid-users] Allow downloading EXE files from specific site only

2010-09-30 Thread Babu Chaliyath 
On 9/30/10, Malvin Rito  wrote:
> Hi List,
>
> We been running Squid Proxy 3.0 for 1 year now and there were some issues
> wherein some of our clients PC need to be allowed to download *.EXE files
> from specific site (e.g. autodesk.com website). Since we already BLOCKED
> files including downloading EXE files from our squid config, is there any
> way we can allow not blocking EXE files from specific website or domain?
>
> I appreciate your help in advance.
>
> Regards,
> Malvin
>
>
>
>

Hi Malvin,
Below is what I have for my squid, I hope that must help you
Kindly note that this acl must be placed in squid.conf bfore the exe
blocking acl

acl freesites url_regex "/usr/local/etc/squid/freesites"
http_access allow freesites

specify all your allowed sites from where you want users to download
exes in the freesites files
Also kindly change the location appropriately for the freesites , if
linux change that to /etc/squid/freesites

Re: [squid-users] Squid 3.1 with MRTG, Not able to get Graphs

2010-09-09 Thread Babu Chaliyath 
2010/9/9 Henrik Nordström :
> tor 2010-09-09 klockan 11:36 +0530 skrev Babu Chaliyath:
>> Hi List,
>> I am trying to get mrtg graphing of my squid box running freebsd 7.2
>> with squid 3.1.0.13, I was able to get the mrtg while running 2.6
>> version of squid, but once  moved to 3.1 version, I am not able to get
>> the mrtg graph at all, I would greatly appreciate if any
>> suggestions/clues what might have gone wrong on my mrtg setup.
>
> I did not see any reference to the Squid MIB from your mrtg config.
>
> Regards
> Henrik
>
>

Ooops! I missed  "LoadMIBs: /usr/local/etc/mrtg/squid.mib" line while
pasting it in my mail, yes it is there in my mrtg.cfg
btw mib.txt file is renamed as squid.mib.

Thanx for that quick reply
Regards
Babs

[squid-users] Squid 3.1 with MRTG, Not able to get Graphs

2010-09-08 Thread Babu Chaliyath 
Hi List,
I am trying to get mrtg graphing of my squid box running freebsd 7.2
with squid 3.1.0.13, I was able to get the mrtg while running 2.6
version of squid, but once  moved to 3.1 version, I am not able to get
the mrtg graph at all, I would greatly appreciate if any
suggestions/clues what might have gone wrong on my mrtg setup.

System details as follows
OS verion FreeBSD 7.2
Squid version 3.1.0.13
mrtg version 2.16.2
my mrtg.cfg

##MRTG Configuration file ###
WorkDir: /home/www/mrtg/
Options[_]: bits,growright
logFormat: rrdtool

Target[proxy-hit]: cacheHttpHits&cacheServerRequests:pub...@localhost:3401
MaxBytes[proxy-hit]: 10
Title[proxy-hit]: HTTP Hits
Suppress[proxy-hit]: y
LegendI[proxy-hit]: HTTP hits
LegendO[proxy-hit]: HTTP requests
Legend1[proxy-hit]: HTTP hits
Legend2[proxy-hit]: HTTP requests
YLegend[proxy-hit]: perminute
ShortLegend[proxy-hit]: req/min
Options[proxy-hit]: nopercent, perminute, dorelpercent, unknaszero,
growright, pngdate
PNGTitle[proxy-hit]: Proxy Hits

Target[proxy-srvkbinout]: cacheServerInKb&cacheServerOutKb:pub...@localhost:3401
MaxBytes[proxy-srvkbinout]: 76800
Title[proxy-srvkbinout]: Cache Server Traffic In/Out
Suppress[proxy-srvkbinout]: y
LegendI[proxy-srvkbinout]: Traffic In
LegendO[proxy-srvkbinout]: Traffic Out
Legend1[proxy-srvkbinout]: Traffic In
Legend2[proxy-srvkbinout]: Traffic Out
YLegend[proxy-srvkbinout]: per minute
ShortLegend[proxy-srvkbinout]: b/min
kMG[proxy-srvkbinout]: k,M,G,T
kilo[proxy-srvkbinout]: 1024
Options[proxy-srvkbinout]: nopercent, perminute, unknaszero, growright, pngdate
PNGTitle[proxy-srvkbinout]: Proxy Traffic In/Out

## End of MRTG Configuration ###

Kindly note that I can successfully run the following command too

#snmpwalk -m /usr/local/etc/squid/mib.txt -v2c -Cc -c public
localhost:3401 .1.3.6.1.4.1.3495.1.1

SQUID-MIB::cacheSysVMsize.0 = INTEGER: 16348
SQUID-MIB::cacheSysStorage.0 = INTEGER: 7535652
SQUID-MIB::cacheUptime.0 = Timeticks: (162270170) 18 days, 18:45:01.70

Pls let me know how can I get the graphing started
Thanx & Regards
Babs

Re: [squid-users] Mailing-list admins: can we set up reply-to?

2009-11-19 Thread Babu Chaliyath 
> Ack. Just because I did not voice an opinion does not mean that I agree
> with the current practice.  It is more of not wanting to send "me too"
> emails to the list.
>
> I believe sending replies to the list is the norm and personal replies
> is the exception.  And email headers should reflect that, i.e. Reply-To:
> squid-users@squid-cache.org should be in the list email headers.
>
> --
> Eray
>

I am for it as it would be very convenient when we use we based mail
services like gmail etc


Regards
Babs

Re: [squid-users] Squid 3.1 + mrtg

2009-11-10 Thread Babu Chaliyath 
Hey Thanx Henrik,

And Amos,
Yes Definitely I can test them for sure.
I here to do any help I can offer

Regards
Babs

On Mon, Nov 9, 2009 at 11:13 AM, Amos Jeffries  wrote:
> Babu Chaliyath wrote:
>>>
>>> Converting IPv4 address fields to IPv6+IPv4 shared trees...
>>>
>>> The client info table had cacheClientAddressType added as .1,
>>> cacheClientAddress shuffled to .2
>>>  ... which bumped all cacheClient* from .N to .N+1
>>>
>>> The peering table had cachePeerIndex added as .1 and
>>> cacheClientAddressType
>>> added as .2
>>>  ... which bumped all cachePeer* from .N to .N+2
>>>
>>> Amos
>>
>> Now thats all going above my head as far as mrtg setup for the squid
>> 3.1 is concerned. Can U guys tell me where and what changes I need to
>> make it working?
>> Sorry for this but I couldnt get much idea from these.
>>
>> Regards
>> Babs
>
> Um, I think the best way to go forward is for us to fix this ASAP.
> Are you able to test patches if I do the code?
>
> Amos
> --
> Please be using
>  Current Stable Squid 2.7.STABLE7 or 3.0.STABLE20
>  Current Beta Squid 3.1.0.14
>

Re: [squid-users] Squid 3.1 + mrtg

2009-11-08 Thread Babu Chaliyath 
>
> Converting IPv4 address fields to IPv6+IPv4 shared trees...
>
> The client info table had cacheClientAddressType added as .1,
> cacheClientAddress shuffled to .2
>  ... which bumped all cacheClient* from .N to .N+1
>
> The peering table had cachePeerIndex added as .1 and cacheClientAddressType
> added as .2
>  ... which bumped all cachePeer* from .N to .N+2
>
> Amos

Now thats all going above my head as far as mrtg setup for the squid
3.1 is concerned. Can U guys tell me where and what changes I need to
make it working?
Sorry for this but I couldnt get much idea from these.

Regards
Babs

Re: [squid-users] anonymous proxy

2009-11-03 Thread Babu Chaliyath 
On Tue, Nov 3, 2009 at 9:13 PM, espoire20  wrote:
>
> Hi
>
> I have my Server proxy under Squid work very well but in the last time the
> users start to use anonymous proxy that allow users to connect to the
> Internet via an external site and bypass restrictions , so if you know some
> blocking tools under squid or linux to stop this big problem
>
> i will be thankfull if you can help me
>
> many thanks

3 things might help you
1. A good Accepted User Policy enforcement
2. A simple regex deny for proxy and a block list
3. Sarg/Calamaris report to find out suspicious sites

Regards
Babs

Re: [squid-users] Squid 3.1 + mrtg

2009-11-02 Thread Babu Chaliyath 
> Make sure that the mib.txt you/mrtg are using came from the 3.1 source code.
> There have been major changes to the MIB numbering in 3.1.
>
> Amos
> --
> Please be using
>  Current Stable Squid 2.7.STABLE7 or 3.0.STABLE20
>  Current Beta Squid 3.1.0.14
>

Hi, thanx for the reply

Yes I am using the mib.txt file which came with squid 3.1 only. I have
installed it from the ports.

Regards
Babs

[squid-users] Squid 3.1 + mrtg

2009-11-02 Thread Babu Chaliyath 
Hi List,
Struggling to get mrtg working with squid. No values shown in the mrtg graph.

My System as follows
OS Freebsd 7.2
Squid 3.1.0.14
Snmpwalk 5.4.2.1
mrtg 2.16.2


Squid snmp acls are working fine as I am getting results with following command
#snmpwalk -m /usr/local/etc/squid/mib.txt -v2c -Cc -c public
localhost:3401 .1.3.6.1.4.1.3495.1.1

But when I run mrtg
I am getting following errors

Unknown SNMP var cacheServerRequests
at /usr/local/bin/mrtg line 2202
Unknown SNMP var cacheServerRequests
at /usr/local/bin/mrtg line 2202
Unknown SNMP var cacheUptime
at /usr/local/bin/mrtg line 2202
Unknown SNMP var cacheSoftware
at /usr/local/bin/mrtg line 2202
Unknown SNMP var cacheVersionId

Btw I am using the mrtg configurator downloaded from Adrian Chadd's
squid blog. Available in <
http://www.xenion.com.au/static/squid-mrtg-1.0.tar.gz >

It would be great if any can help me out with some clues where I am going wrong.
Regards
Babs