[squid-users] Are there any issues using MS Proxy 2 as upstream?
Hi all, Are there any issues using MS Proxy 2 as an upstream proxy for Squid? If so what are they and are they resolvable? Regards, Chris
[squid-users] http v1.1
Hi all, I'm running Squid 2.5 on Gentoo 2.6 A friend of mine who runs a webserver has asked me why my browser is reporting use of http 1.0 instead of 1.1. I informed him that I am going through Squid, and he asked if Squid supported 1.1 instead of 1.0 I can't find anything so far about this, can anyone tell me if either of us are missing something? Regards, Chris
RE: [squid-users] Extract username and write it to the log file without NTLM?
> Hi! > > Is there any way for squid to "extract" the username that is > logged in on > particular machine just by using information > from the browser? > > What i basically want to see is username of person that is > logged on to the > machine which is using the proxy WITHOUT prompting > users for "extra authentication", and then write it in the access.log > together with all other info (date,dst_url etc). > > Example: > > User Bob is logged on to domain/AD. He wants to surf on the > internet and > starts his MSIE. While he is surfing transparently (no extra auth) > i can extract the username he is logged in with on his > machine/domain and > then log this info into the access.log file. > > Is it possible? > Alternative solution (without using ntlm auth/extra password prompt)? > > thx > Omar Look into using ident authentication. Not really secure, but it is transparent and will let you log username without user-input etc. hth Regards, Chris _ It's fast, it's easy and it's free. Get MSN Messenger today! http://www.msn.co.uk/messenger
RE: [squid-users] Communicating with DansGuardian
I have installed squid2.5 on linux. Now i want to install DansGuardian filtering software. My question is what are all the options i have to change in squid.conf Hopefully none, though you may wish to allow Squid to listen on 127.0.0.1 by adding the line: http_access allow localhost Providing you already have an ACL called localhost, which should be there by default. and dansguardian.conf files so that the following Nothing, the default DG config should work with the default Squid config, albeit with the small alteration suggested above. This may be a question/topic more suited to the dansguardian mailing list however. Regards, Chris _ It's fast, it's easy and it's free. Get MSN Messenger today! http://www.msn.co.uk/messenger
RE: [squid-users] RE: Numeric IP, in-addr issues
You can do the lookup, but it will return info about the provider of the IP address and not the user of it. Just tried this for my own IP (public) and it returned full details of my ISP. Useful for tracing the source of an IP, and then the ISP could trace back who was allocated that IP if required. Regards, nry Adam, Surely I can't do a whois lookup (altho i haven't tried) if my service provider gives me just an IP but no dns entry? I'm thinking if the trend started (blocking IPs), there must've been a good reason. It is blocked even in my org. Cheers, Prash -Original Message- From: news [mailto:[EMAIL PROTECTED] Behalf Of Adam Aube Sent: 07 May 2004 19:50 To: [EMAIL PROTECTED] Subject: [squid-users] RE: Numeric IP, in-addr issues Prash wrote: > don't know about the docs mate but if a website does not have a dns entry > then you won't be able to "whois" and find out who runs that website or > even the contact address. You can do WHOIS lookups on IP addresses. This will give you the organization responsible for that address, and you can contact them. Adam _ Use MSN Messenger to send music and pics to your friends http://www.msn.co.uk/messenger
Re: [squid-users] another copy of squid
type the following command as root on the machine ps -A|grep squid This command will show u all the instances of squid running. If u wish to kill the process, u will need to issue the command kill -9 If the connections are active, it will take some time before squid process can actually get killed. I did not mean just that. I want to know how does squid determine whether it (squid) has been already launched? If you will try to launch squid while another copy is running, you will see: "squid is running". How does squid guess :)? It doesn't guess. When squid starts it'll create a pid file called 'squid'(not quite sure where?) and when it stops it will delete this pid file. When you start Squid again it will check for the existence of this pid file and if found Squid knows it is already running. hth Regards, Chris _ It's fast, it's easy and it's free. Get MSN Messenger today! http://www.msn.co.uk/messenger
RE: [squid-users] squid and firefox
I've a problem here. Don't laugh at me, I'm only doing what my customers want. I know this is not a squid issue at all and this should go to firefox forum but if you guys have some tips I'll be grateful I've five mozilla firefox browsers installed on linux. Each browser is allowed out via squid proxy which authenticates using an external auth. A usr/passwd is given to the client and it expires after 30 min. I have all the controls in squid i.e when the user is logging in, when to kick them out etc etc. Authentication mechanism is basic and a dialog pops up on the browser after 30 min expiry. Now I want the browser to display a timer. How do I do it please? Since this timer has to synchronise with a successful login.. I guess I'll have to hack firefox code. Second thing is if a user has forgotten to log out of a say yahoo or hotmail account, I don't want the next customer to read the previous customers emails etc. Since it's on Linux, couldn't you simply remove the ability to run Firefox from icons etc, and then create script that maybe runs Firefox, then after 30 mins closes it again? Any user would simply run a shortcut to the script from maybe the desktop, and then you'd be sure that after 30 mins Firefox would close again? May not quite be as simple as I think but I'm pretty sure it would work? If you set Firefox not to keep history, cookies etc when closed then I see no problems with previous users settings being found by others? Can't comment on the timer, though it is possible that something may already exist that is purely a 'timer app' in Linux. You could maybe call this to run at the same time as you start Firefox, and then the user can check this app at any time? The script would then close this app when it closes Firefox ? hth Regards, Chris _ Stay in touch with absent friends - get MSN Messenger http://www.msn.co.uk/messenger
Re: [squid-users] My Squid Hardware -- Any Tips/Advice Before It's Commissioned
> > generally, are there any tips anyone can advise > > regarding the best i can get out of my > > hardware/software configuration..?.. it's been a while > > since i've built an enterprise squid box, and i want > > to do it right the first time... pretty much excited > > and looking forward to it.. > > SUSE 8.2 is definitely _not_ the OS of choice for running a server in a > corporate environment. OTOH, it is stable & if you don't want support from SuSE, its fine. > If you need any support for this machine, you should > run SUSE LINUX Enterprise Server 8 (which is based on SUSE LINUX 8.1). Only > for this OS SUSE LINUX will provide any support and maintenance for more > than about two years (which is the normal lifetime for the SUSE LINUX 8.x, > 9.x). SLES 8 is supported for at least five years from General Availability > of the product (which means support and maintenance will be available until > 2007). I have to say this looks like a blatant commercial for the more expensive SLES, where the cheaper product (I'd use 9.0) is fine. I have corporate servers running every release of SuSE Linux from 7.0 onwards - and have used 5.3 (IIRC) for the same. If this box will run Squid and Squid only then I'd be looking into one of the more minimal distributions such as Debian. You don't need most of the 'junk' that distro's like Suse will install by default as most of the services etc that will be running by default on distro's like Suse will only serve to slow things down. hth Regards, Chris _ Find a cheaper internet access deal - choose one to suit you. http://www.msn.co.uk/internetaccess
Re: [squid-users] Squid and controlling access to internet in a classroom
This depends on loads of variables. If you use DHCP and have dynamic IP addressing then you can't really control access via station IP address since a room of PC's could never be guaranteed to have the same group of IP's all the time (unless you use unlimited lease times). You could possibly use MAC address limiting, as this should be static for each machine. Using this or IP address based 'rooms' would work if IP's are static, but you'd need to manually go round each machine and catalogue IP address etc. Depending on your type of network (eg NT domain, 2000 domain etc) you could look into either nt authentication helpers for username based control or possibly look into LDAP integration into the Active Directory which I believe may allow room/user based control providing you have used the AD to handle computer locations etc. There are commercial products which may help out here though, along with one possible free one: http://www.nryonline.co.uk/cx2 http://www.rm.com and look up SmartCache 2 http://www.censornet.com All offer way more than simply caching and room/user/computer based access control, and at least the first two offerings are directly aimed at educational establishments. hth Regards, Chris > > From: Geir Fossum [mailto:[EMAIL PROTECTED] > > > > I'm running the computersystems at a school. > > I wonder if there is a simple way to let the teachers toggle > > internetaccess > > on/off via a webpage and a ON/OFF button ? > > Which in turn reconfigures Squid and restarts the service. > > Interesting problem. Are we to assume that there are several classrooms, and > a teacher in one should not be able to shut off or turn on Internet access > in other classrooms? A simple redirect_program that checks for an on/off > variable (set by a webpage script) against the IP of a clasroom's > computer(s) is the solution that jumps out at me. > > Could also have the teacher power down the hub/switch the classroom > computers are connected to. =D > Hi, Yes, there are several classrooms and the teacher should only be allowed to toggle internetaccess on/off in the classroom he/she is using. The IT-staff should always be allowed to toggle every classroom on/off. Would it be hard to write such a redirector that check for a on/off parameter in the URL ? Regards, Geir _ Sign-up for a FREE BT Broadband connection today! http://www.msn.co.uk/specials/btbroadband
Re: [squid-users] squid fresh installation question
From past experience of installing Squid from source, check permissions on the log and cache directories. squid.conf specifies the user and group that Squid runs under. This user must have relevant permissions on the cache and log directories otherwise Squid can't start. hth Regards, nry Try this /usr/local/squid/sbin/squid -N This should start squid in the forground ... which will help you find any errors. If it working and you are happy then run it with out the -N. A /usr/local/squid/sbin/squid --help should provide some info. Michael. On Wed, 10 Mar 2004 16:25:36 +0400 "novelit" <[EMAIL PROTECTED]> wrote: > > where am i supposed to run ./squid? i have tried it in the squid > directory and it says 'No such file or Directory' > > thanks > gb > > - Original Message - > From: "Elsen Marc" <[EMAIL PROTECTED]> > To: "novelit" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> > Sent: Wednesday, March 10, 2004 4:04 PM > Subject: RE: [squid-users] squid fresh installation question > > > > > > > > > Dear all, > > I have a linux box running red hat 8.0 with > > squid installed > > by default. > > > > i have removed the squid default package > > using webmin and > > have installed and compiled new squid version 2.5 stable 5 in another > > location > > (/usr/local/squid) > > > > Compilation and configuration worked out > > fine, but now my > > main problem is client pc cannot connect to the proxy to access the > > internet. > > To start my squid, i use > > /usr/local/squid/sbin squid start, > > but it seems that there are no process of squid running since > > when i type > > ps -ef|grep squid, i can't find any squid process. > > > > Can anyone help me? thanks > > > > gb. > > > > > You normally don't start squid in that way ; just > > % ./squid > > presuming , the current directory contains the squid binary. > > Also and if you have a valid attempt , for starting squid; check > squid's : > > cache.log > > watch for any fatal errors in there, for instance. > > M. > > > > > -- Michael Gale Network Administrator Utilitran Corporation _ Tired of 56k? Get a FREE BT Broadband connection http://www.msn.co.uk/specials/btbroadband
[squid-users] Dynamic upstream proxy?
Hi all, I use Squid to perform local caching in many of the schools I support. I've always been able to point the upstream proxy settings in Squid to our County Councils proxies and this has worked fine. Local caches installed by myself have not been part of our Counties strategy, and they would rather schools purchased £3500 ISA Server hardware/software. County have now dictated that all browsers which access the Internet via a County Council connection must use a proxy.pac file to gain their internet settings. The use of a local cache such as Squid will no longer be supported, and apparently I will be unable to point Squid at the upstream proxy IP and port, as this will be be unavailable. Not quite sure how this will work though, as I see no reason why I can't continue to to point Squid boxes at the proxy IP and port which would officially be setup on local computers via the proxy.pac file. I'm fairly confident that dynamic upstream proxy configuration within Squid is not only impossible, but would go against how caching works and is configured in general. Can anyone confirm that dynamic upstream proxy settings are not supported by Squid (or any other cache!)? Regards, Chris _ Find a cheaper internet access deal - choose one to suit you. http://www.msn.co.uk/internetaccess
Re: [squid-users] sites on different ports
> > On Wed, Mar 03, 2004 at 07:45:46AM +0100, Elsen Marc wrote: > > > > I use squid on my Mandrake 9.1 server which has few acls for my users. > > > > Now, the problem is that my users need to access a domain with, > > > > https://web.example.net:7443 > > > > https://designs.example.net:8443 > > > > > > > > 1078318883.382 0 192.168.9.182 TCP_DENIED/403 1257 CONNECT > > :8443 - NONE/- text/html > > > > All the rest sites work very well with this machine. Only this https and > > port 8443 has problems. But that too when I remove the proxy settings in > > the browser it starts working. > > > > Can you please give me hints in this? > > See the SSL_ports and Safe_Ports acls. My friend's place where it works, she has a similar configuration like mine and her squid.conf does not have port 8443 listed anywhere. The only difference is that I am doing it on Mandrake 9.1 and she has Mandrake 9.2 in her company and we both are using the default squid which comes with the respective distros. Infact, I had helped her system administrator to setup squid. If you want I can post her as well as mine squid.conf file somewhere tomorrow. Ports 7443 and 8443 are likely not listed in the default Squid.conf file because they're not 'standard' https ports. Check the ACL's suggested by Henrik and add the port numbers mentioned to these ACL's. Restart Squid and things should work OK. Regards, Chris _ It's fast, it's easy and it's free. Get MSN Messenger today! http://www.msn.co.uk/messenger
RE: [squid-users] Not Seeing Web Performance Increase
Since installing squid I haven't seen a huge increase in web access and performance on the web site I visit. What options can I raise or tweak in order to see an increase in web surfing performance and general web access? This is what squid runs on Debian Linux w/2.6.2 Kernel Pentium Pro 200MHZ. 128MB RAM RAID 0 40GB Stripe dedicated as the cache directory What connection speed do you have? What is the website in question? Not all sites are cacheable and a local cache won't help that much for such sites (usually dynamic ones). Regards, nry _ It's fast, it's easy and it's free. Get MSN Messenger today! http://www.msn.co.uk/messenger
[squid-users] Squid ident lookups on Debian 3r2 not working?
Hi all, I have a very basic install of Debian 3 release 2 (stock 2.4 kernel) which includes a few things including Squid. I set Squid to perform ident lookups as I have on previous non-Debian servers and for some reason on Debian Squid doesn't log the ident response. Other non-Debian servers with the same squid config successfully obtain and log the ident response so I'm pretty sure it's not related to my clients. Other than ident, Squid is caching and working as expected. I'm also running DansGuardian and this too is not managing to log ident responses: I have tried pointing clients through Squid directly and through DG -> Squid and neither setup successfully logs the ident response. Am I missing something on the basic Debian install that is preventing the ident lookup from working? Up until now I've always used Red Hat or Fedora and these have always worked with ident lookups. Sincere thanks for any replies. Regards, Chris _ Express yourself with cool emoticons - download MSN Messenger today! http://www.msn.co.uk/messenger
RE: [squid-users] Blacklist
www.squidguard.org www.dansguardian.org You can also do some filtering with Squid itself in respect of regexp on URL's etc and also ban URLs/domains but I've never done this personally. hth Regards, Chris Hello all, I will appreciate if someone can give me hint on how i can block my clients from having access to some spammail sites. Thanx --Yemi __ Do you Yahoo!? Yahoo! Finance: Get your refund fast by filing online. http://taxes.yahoo.com/filing.html _ Stay in touch with absent friends - get MSN Messenger http://www.msn.co.uk/messenger
RE: [squid-users] Is it possible to handle 200reqs/s?
> To give you an idea: > Pentium III - 1Ghz, 1,5 GB Ram, RedHat 7.3 about 4000 clients > accessing > the server. > > Normally we have a 3Mbps line for our users and we handle 160Req/sec > but we once gave the users 5Mbps and we handled 220 Reqs/sec. > So I'm not > sure what the limit is of this machine. > BTW before optimizing squid we could only handle 60 Reqs/sec. > Optimizing is neccesary, the default of squid isn't really > good for big > loads. How did you achieve your squid optimizing ? M. I'm interested in the same question! How did you optimise Squid to get such an improvement? Regards, Chris _ Tired of 56k? Get a FREE BT Broadband connection http://www.msn.co.uk/specials/btbroadband
RE: [squid-users] Identd authentication
I have identd running on all clients. Squid doesn't appear to be caching ident lookups... maybe I'm missing something in my config for this? If Squid could pass the ident username somehow to DG with cache_peer then DG wouldn't need to do any ident requests (this works if you're using basic auth). I'm more worried about Squid's ident requests failing and users having to type in their username/password in order to authenticate. Ident could be taken out of the picture entirely if I had a client of some type on the Windows workstations that would handle the basic auth requests from squid automagically. Novell makes a SSO client for this sort of thing but it's too expen$ive. Why not purely use basic_auth? I thought that if you use DG -> Squid only, and used basic/proxy_auth on Squid, then DG can pull the username from the requests? This may be better answered in the DG forums though, as I've only ever used ident with DG. It could be worth using ident only, and removing the 1st Squid instance. Use ident in DG and see what happens. If it works OK then there's no need to use anything else. hth Regards, nry _ It's fast, it's easy and it's free. Get MSN Messenger today! http://www.msn.co.uk/messenger
RE: [squid-users] Identd authentication
From: "David Rippel" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Subject: [squid-users] Identd authentication Date: Thu, 05 Feb 2004 09:53:19 -0500 My current setup: Squid (ACLs) -> DansGuardian (filtering) -> Squid (Caching) What happens is that Squid sends an ident query to the client, if the username in the response (using an external acl) appears in a file that contains a list of allowed users (polled from an ldap server every hour), it allows the client access. From there, DG will send another ident query for logging purposes. If the ident query fails, the next acl uses basic auth and authenticates the user with ldap. The problem is that it generates two ident queries per request and I'm afraid on a network with over 3000 users this might be too much. It would be nice if Squid would treat ident as a true authentication mechanism and "remember" who the user is for a certain amount of time, like with basic auth. I thought Squid did cache ident lookups? Do I presume that you aren't able to run identd on all clients? DG can already handle ident lookups as you know, and the latest 2.7.x code handles multple filter levels. With multiple filter levels in place, if an ident lookup cannot be found then DG will run that request through 'filter1' which is the default filter level. You could in theory set filter1 to be very restrictive and filter2 to meet the company requirements. If an ident response is available then DG will filter as per company req: if it isn't (eg the user has disabled it) then they'd be restrictively filtered. The main problem with DG is that it currently does not cache ident lookups. This means that for a sinlge webpage of 10 images and some text etc, DG will do an ident lookup for EVERY request on that page. In itself this is almost worth considering using ldap authenication exclusively, though I have no idea about how much bandwidth/network overhead is required for each ident lookup/response pair: my guess is that it's actually pretty small. Maybe someone on here can quantify this guess? Regards, nry _ Express yourself with cool new emoticons http://www.msn.co.uk/specials/myemo
RE: [squid-users] Active feeding of Squid?
eceive an 8mbit downstream via satellite broadcast. 200kbit belong to me and my modem uplink, the rest belongs to other users, but isn't encrypted. ) is there a way to feed squid with pure server-to-client downstream without using it as proxy for this purpose? can i somehow let squid passively monitor a passing by ip datastream so fill the cache with it, to the benefit of the squid proxy clients? can i somehow "pump" the data into squid without ever having requested it? or is there a tool that works together with squid that does just that? thx, thomas hoeppler Only thing I can think of is if you schedule some cron jobs to use 'wget' and make wget go through your cache. This will allow you to 'pre-cache' websites etc, though obviously this will only let you pre-cache ones of your choice. hth nry _ Stay in touch with absent friends - get MSN Messenger http://www.msn.co.uk/messenger
RE: [squid-users] complete newbie
Is it possible someone can point me in the right direction? I have just installed Redhat9 which has squid installed as a componant. It seems to be installed in /etc/squid (certainly this is where the squid.conf file is located). Different Linux distributions will likely install Squid to a different location. Don't worry about where it is installed to, just worry about making it work! The location of squid.conf bears no relation to the location of the Squid binary/program itself. Firstly I have configured the ports for incomming requests from my workstations and I am happy with that and because the Local education authority run a filtering proxy service i am aware i need to set a parent proxy and the port to connect to it. this is where my problem lies, If i set it as a parent proxy and set the port for Squid to connect to it all well and good, but what happens with the returned traffic from the parent I assume it will come back on the same port I connect to the parent on, however, I dont have a clue as to where in the squid.conf this should be configured. You'll not likely need to alter much in the squid.conf file since most of the default settings will allow Squid to run without alteration. So long as you define 'cache_peer' correctly to point to your LEA's upstream proxy then Squid will work fine. You don't need to and possibly can't decalre the other ports you mention. I will say it;s worth telling your LEA about your cache, as they will instantly see your cache as a single client hogging all the requests and bandwidth and possibly disable it's access. They did that to me where I work until I told them about the cache! I would be much obliged if someone could help me I have already made one fruitless trip to the friendly computer supermarket who fail to stock any books on squid. So I will have to try and dig out my old redhat bible. You'll possibly only need to worry about the following lines in squid.conf: cache_peer visible_hostname cache_dir size (the default 100Mbytes likely is nowhere near big enough) Can't think of any other lines offhand. In Red Hat 9 you can use the GUI Services applet to set Squid to start automatically on boot-up. hth Regards, Chris _ Stay in touch with absent friends - get MSN Messenger http://www.msn.co.uk/messenger
Re: [squid-users] caching wihtout proxing
On Thu, 8 Jan 2004, Chris Wilcox wrote: > Hmm, I guess you could run wget commands on the Squid server. If you tell > wget to go through Squid, it will cache pages but is not really proxying as > it is the Squid box making the requests for the Squid box which is not 'on > behalf of' ie proxying. The proxy part I think is only when Squid makes web > requests for clients. Indeed, and in the above Squid would proxy for the wget client. True! :) Now to the more interesting question: How do you make anything useful out of the above, if it is only the wget command who is using the proxy? What you get is the ability to pre-cache content: something very useful in schools. You can schedule wget via cron to pre-cache pages during the night (quiet period in school browsing habits) and then during the teaching day those pre-cached pages will load that bit quicker. Can't see why you'd want to cache without proxying for reasons other than pre-caching though! This all comes in useful when you're developing what I'm involved with! > This has the effect of pre-caching content for LAN users who may wish to > browse the pre-cached pages at a later date and time. Regards, Chris _
Re: [squid-users] caching wihtout proxing
Hmm, I guess you could run wget commands on the Squid server. If you tell wget to go through Squid, it will cache pages but is not really proxying as it is the Squid box making the requests for the Squid box which is not 'on behalf of' ie proxying. The proxy part I think is only when Squid makes web requests for clients. This has the effect of pre-caching content for LAN users who may wish to browse the pre-cached pages at a later date and time. Regards, Chris On Thu, 8 Jan 2004, Dodjie Nava wrote: > squid can be used to proxy w/o caching. i don't think the other way > around is possible w/ squid. I don't see how the other way around could be possible with anything. Regards Henrik _ Express yourself with cool new emoticons http://www.msn.co.uk/specials/myemo
RE: [squid-users] What else does Squid need to run?
From: "Lamar Thomas" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Subject: [squid-users] What else does Squid need to run? Date: Wed, 24 Dec 2003 14:08:05 -0800 I an running RH 9.0 and I want to run Squid and Dan's Guardian web filtering. But first what do I need to get Squid up and running? Do I need Httpd, MySql etc...? Thanks for any help. Lamar As far as I know Squid is standalone and does not need other apps running for it to work. You'd aboviously need to configure squid (via the squid.conf file) to suit your LAN but other than that it'll work fine. Once you're happy that Squid is running fine, then move on to DansGuardian. I'd suggest at first that you don't force Squid to listen on a specific IP as DansGuardian by default will try and get hold of Squid on 127.0.0.1 and although you can change these settings at first you want to keep things as default as posible until you're happy with the way things are working. hth Regards, nry _ Sign-up for a FREE BT Broadband connection today! http://www.msn.co.uk/specials/btbroadband
RE: [squid-users] Blocking Adult sites ( SOrry for the empty mail)
From: "Walid Abd ElDayem" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Subject: [squid-users] Blocking Adult sites ( SOrry for the empty mail) Date: Wed, 24 Dec 2003 10:36:29 +0200 Hi list, Sorry for the repeated subject. I have searched google and the list archive on this topic and all what i have got that this can be done either by blocking specific domains or by using regular expression ACL Now my question is: 1- Is there any database for those sites that i can add on my access list ( Either free or with fees) 2- Is there anyone willing to share his reg list with me? Thanks in advance, Best Regards Kareem Mahgoub Try the following sites for filtering for use with Squid: http://www.squidguard.org http://dansguardian.org Things can be done directly with Squid ACLs but the above may be a more flexible and often easier way of doing things. hth Regards, nry _ Send a funky MSN Messenger Christmas card http://www.msn.co.uk/christmascard
RE: [squid-users] Bigger Squid setup recommendations
The hardware: HP ProLiant DL360, 3 GB RAM, dual 2.something gig Xeon CPU's, dual 72 GB 10k SCSI drives. I can hardware RAID the disks, but I'm not sure I want to given the massive amount of disk activity this box is destined for. (Or do I?) I only have this one box to work with at the moment. Spec sounds fine. The people: anywhere from 500 to 2,000 concurrent users, with the potential for up to 5,000+ in the event of a news event like 9/11. I'm planning to use SuSE 9 with squid transparently. I think I can handle setting up squid and the other little packages that we intend to mix in with it (already tested on a smaller scale), Unless you have major reasons to go for Suse you may wish to consider a more minimal distro. If you're happy with turning off/disabling stuff you don't need (including a GUI!) then fine but Suse will likely install loads of stuff you don't need which can possibly end up using CPU/RAM and hence slow your system down. With that type of max-load you want to keep it as lean as possible. but I'm not sure about sizing the partitions. Is one file system better than another for caching? >How many partitions? How big? Should I mirror the drives? I need the best performance with just a dash of fault tolerance. :) The config of the box will be backed up frequently in case it needs to be rebuilt. I'm thinking a partition scheme like this /boot 100MB reiser / 10 GB reiser /var/log 20 GB reiser /var/cache 30 GB aufs (or reiser? this is the cache_dir) Hmm, maybe RAID the OS drive but you should consider having multiple cache_dir's one for each drive you can have as a single drive. I think I'm right in saying that having a cache_dir per drive will give a better increase in performance compared with mirror RAIDing a cache_dir Are there any squid configuration parms that I should be aware for a deployment of this size? Any "gotchas" to look out for? Any on-going administrative bummers? Cool tools for administration? I'd like to run the package that comes with SuSE and can be updated with the provided tools, but I can compile and install from source if necessary. Any arguments in favor of one over the other? Bear in mind Squid won't benefit from multiple CPU's, though you can bind apps to specific CPU's and maybe give Squid it's own CPU and let everything else run on the other one? hth Regards, nry _ It's fast, it's easy and it's free. Get MSN Messenger today! http://www.msn.co.uk/messenger
Re: [squid-users] newbie squid on LAN issues
Should that not be 192.168.1.0/255.255.255.255 ? If you just use 255.255.255.0 doesn't that mean the netmask obscures the last IP number? If you start Squid from the command line, or run 'squid -k reconfigure' does it moan about 'netmask masks src IP range' or something similar? Seem to remember I had this problem the other day when I set Squid up somewhere and didn't have my notes handy! hth Regards, nry squid.conf has the following: acl local src 192.168.1.0/255.255.255.0 http_access allow local both the machines, and the router/switch are in that range. those two lines and the redirect_program line (for squidguard) are the only lines i changed in the config file. pings work fine in both directions. _ Get Hotmail on your mobile phone http://www.msn.co.uk/msnmobile
RE: [squid-users] Anyone successfully got squidalyser working on a Debain box ?
Never done it personally, but our ISP have provided us with a Debian Woody box that runs (amongst other things) Squid with SquidGuard so it can work. I'm presuming you're using debian packages and not installing from source? I'm also presuming you're using Woody (stable) and not one of the unstable versions? Regards, nry Hi I have configured the system and it allwork fine except for the following errors: (errors.log in Apache) No attribute '3d' at /usr/lib/cgi-bin/squidimg.pl line 54. Can't call method "png" on an undefined value at /usr/lib/cgi-bin/squidimg.pl line 70. I have patched the GD Lib to the latest version. I dont get any images at the bottom of the analysis. I have read all the docs as best I could. It refers to png being a Perl CPAN config issue, but I cant find how to fix it. I tried the older squidalyser 0.2.55 and go the same png error, but no 3d error. Please help Dale [EMAIL PROTECTED] _ Hotmail messages direct to your mobile phone http://www.msn.co.uk/msnmobile
[squid-users] How to make squid serve cached pages even if Internet connection is unavailable?
Hi all, I've done some google trawling on this and it appears that the current Squid 2.x release doesn't seem to support 'offline' browsing via the cache as well as older versions did. Many sites mention a patch which allows a value to be set in the squid.conf file which determines how Squid behaves if a monitored network connection is unavailable. If at all possible I'd really rather stick to the official squid release. If I do this, can I acheive the ability to let users browse cached content even if the origin server for this content is down? If so can anyone point me in the right direction of where to look? Thanks for any advice, Regards, nry _ Find a cheaper internet access deal - choose one to suit you. http://www.msn.co.uk/internetaccess
Re: [squid-users] so slow: part 3
http_port 192.168.3.1:3128 hierarchy_stoplist cgi-bin ? acl QUERY urlpath_regex cgi-bin \? no_cache deny QUERY cache_dir ufs /hdd1/squidcache 1000 16 256 acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1 acl to_localhost dst 127.0.0.0/8 acl MyLan src 192.168.3.1-192.168.3.254/255.255.255.255 acl self src 192.168.3.1/255.255.255.255 acl SSL_ports port 443 563 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 563 # https, snews acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow MyLan http_access allow self http_access allow localhost http_access deny all http_reply_access allow all icp_access allow all cache_mgr [EMAIL PROTECTED] cache_effective_user squid cache_effective_group squid visible_hostname Squid Cache I'd honestly suggest using the default squid.conf file that is installed with squid and only changing the minimum amount you need to. Again, double check permissions on the cache and log directory. Can you read the squid logs and see if any errors are reported in them. This may be your best bet to helping you find where the problem lies. Hope you get this sussed! Regards, nry http_port 3128 icp_port 0 acl QUERY urlpath_regex cgi-bin \? no_cache deny QUERY cache_mem 16 MB cache_dir ufs /proxy 200 16 256 redirect_rewrites_host_header off cache_replacement_policy GDSF acl localnet src 192.168.1.0/255.255.255.0 acl localhost src 127.0.0.1/255.255.255.255 acl Safe_ports port 80 443 210 119 70 21 1025-65535 acl CONNECT method CONNECT acl all src 0.0.0.0/0.0.0.0 http_access allow localnet http_access allow localhost http_access deny !Safe_ports http_access deny CONNECT http_access deny all maximum_object_size 1200 KB store_avg_object_size 50 kB cache_mgr [EMAIL PROTECTED] cachemgr_passwd tajne_haslo all cache_effective_user squid cache_effective_group squid log_icp_queries off buffered_logs on ( is this ok? can anyone give me example of squid.conf how should it looks like ? ) Some details: Squid is installed on PIII 700 Mhz, 256 MB RAM, HDD 20 Gb connected to inet on eth0 ( aDSL 512) and local net is on eth1. OS: Linux Slackware 8.1 There is only 1 partition and it is formatted as ext2 ( maybe this is a reason ?). Plz help, I have noe idea what can i do wrong... think i checked everything. -- Woebegone waitting for support from squid community. Best regards, mailto:[EMAIL PROTECTED] _ On the move? Get Hotmail on your mobile phone http://www.msn.co.uk/msnmobile
Re: Re[2]: [squid-users] why it works so SLOW ???
have just compiled newest stable version of squid... work this same slow about 20 second till anything appear on screan :( ( www browsing work perfect without squid ) i think its a reason of my squid.conf can I see ur squid.conf if possible plz send it to me -- Best regards, Maciejmailto:[EMAIL PROTECTED] Hi, Since I have certain things in my squid.conf that I'd prefer to keep private (IPs etc) here's the minimum lines you'll need to change: 1) cache_dir ufs /hdd1/squidcache 1000 16 256 2) acl MyLan src 192.168.3.1-192.168.3.254/255.255.255.255 3) http_access allow MyLan 4) visible_hostname Squid Cache These lines are: 1) Alter the path to your personal cache directory. Leave directory numbers etc standard. I've increased my cache_dir size to 1Gbyte. I have a VERY small LAN so 1Gbyte is enough. 2) Create an ACL for your LAN 3) Allow your LAN access through Squid 4) Unless your Squid box has a Fully Qualified Domain Name, set this to your liking. Last thing I can think of: make sure that the user for which Squid runs as (as listed in the squid.conf file) has full permissions on the cache_dir and log directories. My current guess is that Squid can't write to the cache or logs. Check these permissions and see if speed improves! hth Regards, nry _ Tired of 56k? Get a FREE BT Broadband connection http://www.msn.co.uk/specials/btbroadband
Re: [squid-users] why it works so SLOW ???
Ok, have you tried the following to see if you can repeat the problem: 1) Use a newer version of Squid. If you're compiling from source get the latest stable build. 2) Use a default install of Squid and use the default squid.conf options except for changing things like cache_dir, IP, ICP port etc. Leave everything at default, get it working and then start to 'play'. Things like cache_dir folders may be best left at the default until things are going. I'd think the default settings in squid.conf are there for a reason. Only change them if you know exactly why you are changing them. Don't alter ./configure options until a default compile works fine for you. 3) Do you get the same slowness if you use a different browser? 4) Are you browsing from the server running squid or are you browsing from a LAN client? 5) What OS are you running Squid on? Regards, nry [Im repeating this question because I havent receive help] Hallo everyone, My problem: I use squid to access WWW. But when I try to get to any page than I have to wait about 20 second or more till anything appear in my browser ( Opera 7.21 ). I have no idea why its like that. When I turn off squid and set browser not to use proxy then any page I request load immediately. If anyone would help me to resolve this problem then I ll be in debt forever. This is my squid version Squid Cache: Version 2.5.STABLE2 and this is options that I used to configure and compile configure options: --prefix=/proxy/usr --exec-prefix=/proxy/usr --enable-delay-pools --enable-cache-digests --enable-poll --disable-ident-lookups --enable-truncate --enable-removal-policies --enable-err-language=Polish and this is my squid.conf http_port 3128 icp_port 0 acl QUERY urlpath_regex cgi-bin \? no_cache deny QUERY cache_mem 32 MB cache_dir ufs /cache 100 8 126 redirect_rewrites_host_header off #replacement_policy GDSF acl localnet src 192.168.1.0/255.255.255.0 acl localhost src 127.0.0.1/255.255.255.255 acl Safe_ports port 80 443 210 119 70 21 1025-65535 acl CONNECT method CONNECT acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object httpd_accel_with_proxy on http_access allow localnet http_access allow localhost http_access deny !Safe_ports http_access deny CONNECT http_access deny all maximum_object_size 1000 KB ipcache_size 1024 ipcache_low 60 ipcache_high 75 cache_mgr [EMAIL PROTECTED] cache_effective_user squid cache_effective_group squid log_icp_queries off cachemgr_passwd tajnehaselko all buffered_logs on positive_dns_ttl 6 hours There is a state of my system: This is TOP 18:18:36 up 8 days, 21:06, 1 user, load average: 0.00, 0.00, 0.00 44 processes: 43 sleeping, 1 running, 0 zombie, 0 stopped CPU states: 0.0% user, 0.4% system, 0.0% nice, 99.6% idle Mem:255324K total, 153520K used, 101804K free,15340K buffers Swap:0K total,0K used,0K free,59500K cached PID USER PRI NI SIZE RSS SHARE STAT %CPU %MEM TIME COMMAND 15075 root 12 0 1712 1712 1512 S 0.1 0.6 0:00 sshd 15088 root 15 0 972 972 768 R 0.1 0.3 0:00 top 1 root 8 0 216 216 184 S 0.0 0.0 0:06 init 2 root 9 0 00 0 SW0.0 0.0 0:00 keventd 3 root 19 19 00 0 SWN 0.0 0.0 0:00 ksoftirqd_CPU0 4 root 9 0 00 0 SW0.0 0.0 0:00 kswapd 5 root 9 0 00 0 SW0.0 0.0 0:00 bdflush 6 root 9 0 00 0 SW0.0 0.0 0:00 kupdated 7 root -1 -20 00 0 SW< 0.0 0.0 0:00 mdrecoveryd 67 root 9 0 756 756 648 S 0.0 0.2 0:00 syslogd 70 root 9 0 464 464 392 S 0.0 0.1 0:00 klogd 100 root 8 0 696 696 612 S 0.0 0.2 0:00 inetd 103 root 9 0 1148 1148 1032 S 0.0 0.4 0:01 sshd 109 lp 9 0 884 884 744 S 0.0 0.3 0:00 lpd 112 root 9 0 568 568 488 S 0.0 0.2 0:00 crond 118 root 9 0 1612 1608 1008 S 0.0 0.6 0:00 smbd 122 root 9 0 472 472 408 S 0.0 0.1 0:01 gpm 125 root 9 0 00 0 SW0.0 0.0 0:00 eth1 127 root 9 0 1504 1504 896 S 0.0 0.5 0:00 dhcpd 143 root 9 0 00 0 SW0.0 0.0 0:00 eth0 343 root 9 0 484 484 420 S 0.0 0.1 0:00 agetty 344 root 9 0 484 484 420 S 0.0 0.1 0:00 agetty 345 root 9 0 484 484 420 S 0.0 0.1 0:00 agetty 346 root 9 0 484 484 420 S 0.0 0.1 0:00 agetty 347 root 9 0 484 484 420 S 0.0 0.1 0:00 agetty 348 root 9 0 484 484 420 S 0.0 0.1 0:00 agetty 5127 root 9 0 940 940 764 S 0.0 0.3 0:00 adsl-connect 5385 root 9 0 936 936 768 S 0.0 0.3 0:00 safe_mysqld 5407 mysql 9 0 12304 12M 2796 S 0.0 4.8 0:00 mysqld 540
Re: [squid-users] Problem with squid and "connection reset by peer"
My guess is that something is running on the parent proxy every hour, and whatever is running takes about two minutes to complete and somehow interferes with the cache process. Could be log rotation/analysis or something similar maybe? I wouldn't think this is necessarily a fault with your squid box, more likely to be a fault with the upstream parent proxy. hth Regards, nry Hello I have a problem since two weeks with my squid proxy: It is not able to reach his parent ever hours and one minutes during 2 minutes. That means form 10:01 to 10:03, 11:01 to 10:03,... my proxy can't reach the parent. But ping and telnet pour 8080 on parent works fine Here is a part of my cache.log: 2003/11/19 09:07:31| urlParse: Illegal character in hostname 'www.heise.de+' 2003/11/19 10:01:00| sslReadServer: FD 87: read failure: (104) Connection reset by peer 2003/11/19 10:01:00| sslReadServer: FD 95: read failure: (104) Connection reset by peer 2003/11/19 10:01:00| sslReadServer: FD 184: read failure: (104) Connection reset by peer 2003/11/19 10:01:00| TCP connection to virus2.eu.domaine.com/8080 failed 2003/11/19 10:01:00| TCP connection to virus2.eu.domaine.com/8080 failed 2003/11/19 10:01:00| TCP connection to virus2.eu.domaine.com/8080 failed 2003/11/19 10:01:00| TCP connection to virus2.eu.domaine.com/8080 failed 2003/11/19 10:01:00| TCP connection to virus2.eu.domaine.com/8080 failed 2003/11/19 10:01:00| TCP connection to virus2.eu.domaine.com/8080 failed 2003/11/19 10:01:00| TCP connection to virus2.eu.domaine.com/8080 failed 2003/11/19 10:01:00| TCP connection to virus2.eu.domaine.com/8080 failed 2003/11/19 10:01:00| TCP connection to virus2.eu.domaine.com/8080 failed 2003/11/19 10:01:00| TCP connection to virus2.eu.domaine.com/8080 failed 2003/11/19 10:01:00| Detected DEAD Parent: virus2.eu.domaine.com/8080/0 2003/11/19 10:01:00| sslReadServer: FD 108: read failure: (104) Connection reset by peer 2003/11/19 10:01:00| sslReadServer: FD 35: read failure: (104) Connection reset by peer 2003/11/19 10:01:00| sslReadServer: FD 110: read failure: (104) Connection reset by peer 2003/11/19 10:01:00| sslReadServer: FD 178: read failure: (104) Connection reset by peer 2003/11/19 10:01:00| sslReadServer: FD 192: read failure: (104) Connection reset by peer 2003/11/19 10:01:00| sslReadServer: FD 56: read failure: (104) Connection reset by peer 2003/11/19 10:01:00| sslReadServer: FD 127: read failure: (104) Connection reset by peer 2003/11/19 10:01:00| sslReadServer: FD 160: read failure: (104) Connection reset by peer 2003/11/19 10:01:00| sslReadServer: FD 163: read failure: (104) Connection reset by peer 2003/11/19 10:01:00| sslReadServer: FD 78: read failure: (104) Connection reset by peer 2003/11/19 10:01:00| sslReadServer: FD 207: read failure: (104) Connection reset by peer 2003/11/19 10:01:00| sslReadServer: FD 81: read failure: (104) Connection reset by peer 2003/11/19 10:01:00| sslReadServer: FD 229: read failure: (104) Connection reset by peer 2003/11/19 10:01:00| sslReadServer: FD 561: read failure: (104) Connection reset by peer 2003/11/19 10:01:00| sslReadServer: FD 74: read failure: (104) Connection reset by peer 2003/11/19 10:01:00| sslReadServer: FD 86: read failure: (104) Connection reset by peer 2003/11/19 10:01:00| sslReadServer: FD 117: read failure: (104) Connection reset by peer 2003/11/19 10:01:00| sslReadServer: FD 187: read failure: (104) Connection reset by peer 2003/11/19 10:01:00| sslReadServer: FD 76: read failure: (104) Connection reset by peer 2003/11/19 10:01:00| sslReadServer: FD 94: read failure: (104) Connection reset by peer 2003/11/19 10:01:00| sslReadServer: FD 115: read failure: (104) Connection reset by peer 2003/11/19 10:01:00| sslReadServer: FD 124: read failure: (104) Connection reset by peer 2003/11/19 10:01:00| sslReadServer: FD 250: read failure: (104) Connection reset by peer 2003/11/19 10:01:00| sslReadServer: FD 116: read failure: (104) Connection reset by peer 2003/11/19 10:01:00| sslReadServer: FD 189: read failure: (104) Connection reset by peer 2003/11/19 10:01:00| sslReadServer: FD 102: read failure: (104) Connection reset by peer 2003/11/19 10:01:00| sslReadServer: FD 186: read failure: (104) Connection reset by peer 2003/11/19 10:01:00| Failed to select source for '[null_entry]' 2003/11/19 10:01:00| always_direct = -1 2003/11/19 10:01:00|never_direct = 1 2003/11/19 10:01:00|timedout = 0 2003/11/19 10:01:00| Failed to select source for 'http://w1.domaine.se/interactivetools/catalogue/pneumatics/img/D581_024.gif ' 2003/11/19 10:01:00| always_direct = -1 2003/11/19 10:01:00|never_direct = 1 2003/11/19 10:01:00|timedout = 0 2003/11/19 10:01:00| Failed to select source for 'http://w1.domaine.se/interactivetools/catalogue/pneumatics/img/D581_025.gif ' 2003/11/19 10:01:00| always_direct = -1 2003/11/19 10:01:00|never_direct = 1 2003/11/19 10:01:00|timedout = 0 2003/11/19 10:01:00| Failed to select source for 'http://w1.domaine.s
RE: [squid-users] Squid NT vs. Squid Linux
Hmm, 30-50 users really isn't a huge load on a server running Squid! We run an ISP provided Squid/SquidGuard/firewall/e-mail server in our school. We have around 100+ simultaneous Internet users on a 2Mbit DSL line. Server spec is really basic: P4 16Ghz 512MB RAM 40GB 7200rpm ATA-100 IDE Hard Disk 100Mbit switched LAN connection As mentioned, your Internet speed will be the real bottleneck here. I'd see no reason why something lower spec than above would easily provide a benefit to the 'feel' of Internet speed. It also depends on the style of browsing done by your LAN users. If they all visit the same websites/pages then things will definetly feel faster. If users have widely differing browsing habits then things may not improve too much as the majority of web content may end up not being served from the cache as no-one has looked at it before. Our school tends to reach up to 55-60% of hits being served from the cache but as a school we have fairly common browsing between users as students often visit pages as suggested by Teachers. You may also benefit by running a local DNS server, so DNS lookups can be performed 'on-LAN' as opposed to being performed by an Internet/ISP based DNS server. Check out BIND on Linux for this. It's not too hard to configure. Final comment is that on a 256kbit line, Squid is unlikely to end up being a bottleneck even on a very low powered server. Many commercial companies that provide Squid based caches use things as basic as AMD K6-2 450Mhz CPUs! Hope this is of use, Regards, nry Thanks Serassio and Adam for your feedback. I look briefly at Samba 3.0 and it looks like it will do the job for me. I need to read a little more about it to be able to configure it. As Serassio pointed out WAN bandwidth would be my bottleneck. I'm painfully aware of this fact: but unfortunately bandwidth isn't readily available and the little available is quite expensive in where this LAN is. Any recommendation on what hardware can comfortably handle 30-50 clients? As you can see I'm counting on Squid to solve a little of my bandwidth problem. I wouldn't want Squid to become the bottleneck instead so I don't mind investing in a slightly higher performance hardware for Squid if that would help. Thanks again for your response. -Original Message- From: Serassio Guido [mailto:[EMAIL PROTECTED] Sent: Saturday, November 15, 2003 2:47 AM To: Cafe Admin; [EMAIL PROTECTED] Subject: Re: [squid-users] Squid NT vs. Squid Linux Hi, At 04.33 15/11/2003, Cafe Admin wrote: >Hi All, >Does any one know if there is any noticeable peformance difference between >Squid on Windows 2000 Server and on RedHat Linux 9? I'm currently running >2.5-Stable3 on a dedicated RH9 box, and I know my hardware is being >underutlized (2.0GHz Xeon , 2x10k RPM SCSI, 640MB, 1000Mbps NIC). I'm >thinking about converting the machine to Windows File Server/PDC/SquidNT. >Serving 30 clients on 100MB network (who are constantly surfing the Net) >with 256Kbps connection to the Internet. As always thanks for your feedback. In the Windows port there are still some limitations: - Max. 2048 File Descriptors, so more than 100 concurrent client cannot be safely supported - The internal socket loop is select() based vs poll() or better on Unix/Linux - Transparent proxy is not available - Some async FS storage are not available (COSS, diskd) So currently I expect always better performance from a Linux/Unix based Squid. In Your configuration I think that major bottleneck can be the line speed: today an Internet bandwidth of 256 Kbit/s for 30 concurrent web client can be very low. Regards Guido - Guido Serassio Acme Consulting S.r.l. Via Gorizia, 69 10136 - Torino - ITALY Tel. : +39.011.3249426 Fax. : +39.011.3293665 Email: [EMAIL PROTECTED] WWW: http://www.acmeconsulting.it/ _ Find a cheaper internet access deal - choose one to suit you. http://www.msn.co.uk/internetaccess
Re: [squid-users] --> Multiple squid process....
Hello, I have an strange problem here. I Have : SQUID1 -> Dansguardian -> SQUID2 On the same machine, SQUID1 and SQUID2 are 2 different process, with different squid.conf files. I start them perfectly, butwhen i access my proxy the first time, SQUID2 multiplies +- 20 times. When I type a "ps ax |grep squid", I have 19 process there This never happened with me, and since I am using a squid.conf file modified from SQUID1, that does not multily... With it, I cannot kill the first process, that the rest still run. May be somthing with dansguardian Only way I can think of to check whether this is an 'issue' with DG or Squid2 is to maybe setup a client PC to access your Debian box through Squid2 and not through Squid1>DG>Squid2. With a client directly connecting to the net via Squid2 do you still get the same number of processes? I'm also wondering whether this is not necessarily wrong? Doesn't squid spawn child processes? In which case you'd expect to see multiple instances running. I do have this setup running on a test PC at home which is under very light use and running that command now shows only 3 processes running. I guess the heavier the usage, themore processes will be running. hth Regards, nry I use Debian woddy , Squid 2.5, DG 2.7.1-4. Thanks... _ Sign-up for a FREE BT Broadband connection today! http://www.msn.co.uk/specials/btbroadband
Re: [squid-users] How to: eliminate Squid messages error to my clients
Never used them myself as yet, but if you scan through the squid.conf file you'll notice that you can declare custom error messages for the errors that squid can report back to the browser. I guess you could get Squid to display a blank page for all errors which is kind of what you're after. Personally, I'd be curious to know what you aim to acheive as it'll make trouble-shooting very time consuming as you may be forced to look through squid's log files to trace problems which may be easier solved from the browser error message eg 'Unable to resolve domain' is a very useful message for users to see, especially ones with bad typing skills whove typed the URL incorrectly. If they see no error message then how do they know what has gone wrong? Regards, nry On Mon, 3 Nov 2003, NAP wrote: > I have installed Squid-2.5.STABLE4 on FreeBSD 5,1 and I am very happy. But I need to eliminate that Squid gives messages of error to my users. Basically you can't. By HTTP specification a proxy (i.e. Squid) MUST give some kind of response back to the client once the client has sent the request to the proxy. There is many things which differ when using a proxy compared to when not using a proxy. How most errors is detected and displayed to the user is one such thing. When not using a proxy errors is always detected by the browser (host not found, could not connect to host etc) and presented in various manners as the browser vendor seems fit, but when using a proxy almost all these errors are detected by the proxy and the proxy needs to send a message back to the browser explaining what happened. It is not technically possible to cause all errors to be detected by the browser like when not using a proxy. There is however methods you can use to minimize the amount of errors. One quite effective such measure is to make sure that unknown hosts is detected by the browser before sending the request to the proxy. Such detection can be done via proxy-pac scripts trying to resolve the IP address of the requested server and indicating that the browser should go direct if the IP address can not be found. Unfortunately I do not have the exact syntax of how to do such check in a pac script but I am pretty sure there is others on this list who do. Regards Henrik _ Sign-up for a FREE BT Broadband connection today! http://www.msn.co.uk/specials/btbroadband
[squid-users] Passing identd username to cache_peer?
Hi all, I'm aware that when using basic_auth I can use 'login=*:password' in the cache_peer definition to make squid pass the basic_auth username to the peer cache. But when only using identd lookups the identd string is not passed in the same manner. Is this possible and if so how? Cheers for any replies, Chris _ Stay in touch with absent friends - get MSN Messenger http://www.msn.co.uk/messenger
Re: [squid-users] Help with running 2 instances of squid
Hello, I have three versions of squid running on the same machine, two in production and one for development. The best way that I found was to have three entirely separate compiles for each version where I actually change the names of the squid executables, config files, directory structures, pids, ports, etc. Then I fire them off independently with separate init.d scripts (I work under linux). BTW, I call different redirectors with each 'version' of squid. I guess it depends on circumstances. I originally thought of using seperate installs of Squid for each task, but we're working on a commercial product and really want to avoid the need to manage two packages for Squid instead of one. The problem has been narrowed down to the second init.d script to start the second squid instance, as I can manually start each squid from the relevant conf file without error. Thanks for the reply, Regards, nry Murrah Boswell Systems Administrator Wild Apache Internet Services Chris Wilcox wrote: > > Hi all, > > As far as I can tell, I have followed everything I'm supposed to have to > make this work. I wish to run two instances of Squid on the same machine: > Squid/2.4.STABLE6 on Debian Woody stable. > > I have squid.conf and squid2.conf with the relevant settings altered. > > Squid.conf listens on port 3128 on the external IP. I have not altered the > PID file path for this one. > Squid2.conf listens on port 8085 on 127.0.0.1 I have altered the PID file > path to be /var/run/squid2.pid I have created a different cache directory > etc, and specified these within the squid2.conf file, along with checkong > relevant permissions on these directories. > > I have then copied the squid init.d script and called this squid2. I have > altered squid2 to have a different name string, and altered all relevant > entries within this script to point to the squid2 details eg cache directory > etc. This squid2 script is set to use 'squid2.pid' as I've specified in > squid2.conf > > Yet still, when I do 'squid2 start' it always returns 'Squid is already > running! Process ID 213' > > I'm now lost. Am I missing something really obvious here? I've been trying > to get this going for a good few weeks now! > > Major thanks for any advice and suggestions! > > Regards, > > nry > > _ > Use MSN Messenger to send music and pics to your friends > http://www.msn.co.uk/messenger _ It's fast, it's easy and it's free. Get MSN Messenger today! http://www.msn.co.uk/messenger
Re: [squid-users] IDE performance
All, I just curios about UltraATA (IDE) performance, as now the high speed of UltraATA 133 is already exist. Does someone try to use UltraATA for big Bandwidth and high request? If yes, how big and how high is it? Our cache was provided by our ISP. Alongside simply caching it also handles blacklist based filtering which I'm guessing is done via SquidGuard. We have potentially 130 simultaneous users on a 100Mbit switched network. Our internet connection is provided by a 2Mbit DSL line (2Mbit up and down). Cache spec is roughly: P4 1.6 Ghz 512MB RAM 40GB IDE HD which I think will be ATA-100 and 7200rpm The difference between ATA-100 and ATA-133 is negligible usually, since this is the external interface speed. I'd look more at seek times and internal transfer times, as seek time will possibly have a bigger effect on performance for a heavily used cache, this is why SCSI is best for very heavy usage since seek times are way quicker than IDE (usually!). You'll see big benefits if you use multiple cache disks, since often the disk speed etc is the limiting factor with squid as opposed to CPU power. More RAM will also help out. If you plan to use IDE, I'd go for a 7200rpm (or higher if they exist yet?) drive, with an 8MB (or higher) buffer. Usually bigger disks give a better performance due to data density on the platters but check some reviews out first. Still, this all depends on the planned network on which you're cache will be running! Regards, nry _ Find a cheaper internet access deal - choose one to suit you. http://www.msn.co.uk/internetaccess
Re: [squid-users] Help with running 2 instances of squid
On Sat, 18 Oct 2003, Chris Wilcox wrote: > and the init.d script still gives the same error. I'm guessing it's a fault > with my editing of the script since if I start two squid's manually (squid > -f /etc/squid.confandsquid -f /etc/squid2.conf) then it works > without problems. If starting Squid manually with -f arguments work fine then the Squid parts of things are done, and all that remains is to get the init scripts operating correctly. Assuming the init scripts are shell scripts you may be able to trace what the script are doing by running it as "sh -x /path/to/initscript start" or by inserting "set -x" commands at carefully selected locations. Thanks Henrik, I'll give that a go. As always I'll keep going till this works! Regards, nry _ Hotmail messages direct to your mobile phone http://www.msn.co.uk/msnmobile
Re: [squid-users] Help with running 2 instances of squid
On Sat, 18 Oct 2003, Chris Wilcox wrote: > Yet still, when I do 'squid2 start' it always returns 'Squid is already > running! Process ID 213' You only get this error if you try to start two Squids with the same pid_filename. Which is what's confusing me! I copied the original squid start up script and believe I have edited it to start a second instance. I have set pid_filename in the second 'squid2.conf' file to be a different pid_filename and the init.d script still gives the same error. I'm guessing it's a fault with my editing of the script since if I start two squid's manually (squid -f /etc/squid.confandsquid -f /etc/squid2.conf) then it works without problems. I posted the script to this list about an hour ago to see if someone can spot what I have missed. Regards, Chris _ Hotmail messages direct to your mobile phone http://www.msn.co.uk/msnmobile
Re: [squid-users] Help with running 2 instances of squid
Ok, if I manually start the squid instances using 'squid -f /etc/squid.conf' and 'squid -f /etc/squid2.conf' then it all works correcttly. I'm therefire guessing that I haven't edited the init.d script correctly!] Any pointers based on the script I posted in my previous message? Thanks and regards, nry HEllo, Are you also starting the squid with the other configuration file? (squid -f [configile]) Bart Chris Wilcox wrote: Hi all, As far as I can tell, I have followed everything I'm supposed to have to make this work. I wish to run two instances of Squid on the same machine: Squid/2.4.STABLE6 on Debian Woody stable. I have squid.conf and squid2.conf with the relevant settings altered. Squid.conf listens on port 3128 on the external IP. I have not altered the PID file path for this one. Squid2.conf listens on port 8085 on 127.0.0.1 I have altered the PID file path to be /var/run/squid2.pid I have created a different cache directory etc, and specified these within the squid2.conf file, along with checkong relevant permissions on these directories. I have then copied the squid init.d script and called this squid2. I have altered squid2 to have a different name string, and altered all relevant entries within this script to point to the squid2 details eg cache directory etc. This squid2 script is set to use 'squid2.pid' as I've specified in squid2.conf Yet still, when I do 'squid2 start' it always returns 'Squid is already running! Process ID 213' I'm now lost. Am I missing something really obvious here? I've been trying to get this going for a good few weeks now! Major thanks for any advice and suggestions! Regards, nry _ Use MSN Messenger to send music and pics to your friends http://www.msn.co.uk/messenger _ Express yourself with cool emoticons - download MSN Messenger today! http://www.msn.co.uk/messenger
Re: [squid-users] Help with running 2 instances of squid
Are you also starting the squid with the other configuration file?
(squid -f [configile])
The init.d script for squid2 is pasted below:
**Start of script***
#! /bin/sh
#
# squid Startup script for the SQUID HTTP proxy-cache.
#
# Version: @(#)squid.rc 2.20 01-Oct-2001 [EMAIL PROTECTED]
#
NAME=squid2
DAEMON=/usr/sbin/squid
LIB=/usr/lib/squid
PIDFILE=/var/run/$NAME.pid
SQUID_ARGS="-D -sYC -f /etc/squid2.conf"
[ ! -f /etc/default/squid2 ] || . /etc/default/squid2
PATH=/bin:/usr/bin:/sbin:/usr/sbin
[ -x $DAEMON ] || exit 0
grepconf2 () {
w=" " # space tab
sq=/etc/$NAME.conf
# sed is cool.
res=`sed -ne '
s/^'$1'['"$w"']\+[^'"$w"']\+['"$w"']\+\([^'"$w"']\+\).*$/\1/p;
t end;
d;
:end q' < $sq`
[ -n "$res" ] || res=$2
echo "$res"
}
#
# Try to increase the # of filedescriptors we can open.
#
maxfds () {
[ -n "$SQUID_MAXFD" ] || return
[ -f /proc/sys/fs/file-max ] || return 0
[ $SQUID_MAXFD -le 4096 ] || SQUID_MAXFD=4096
global_file_max=`cat /proc/sys/fs/file-max`
minimal_file_max=$(($SQUID_MAXFD + 4096))
if [ "$global_file_max" -lt $minimal_file_max ]
then
echo $minimal_file_max > /proc/sys/fs/file-max
fi
ulimit -n $SQUID_MAXFD
}
start () {
cdr=`grepconf2 cache_dir /var/spool/squid/$NAME`
case "$cdr" in
[0-9]*)
echo "squid: squid2.conf contains 2.2.5 syntax - not
starting!" >&2
exit 1
;;
esac
maxfds
umask 027
cd $cdr
start-stop-daemon --quiet --start \
--pidfile $PIDFILE \
--exec $DAEMON -- $SQUID_ARGS < /dev/null
sleep 1
}
stop () {
PID=`cat $PIDFILE 2>/dev/null`
start-stop-daemon --stop --quiet --pidfile $PIDFILE --exec $DAEMON
#
# Now we have to wait until squid has _really_ stopped.
#
sleep 2
if test -n "$PID" && kill -0 $PID 2>/dev/null
then
echo -n "Waiting ."
cnt=0
while kill -0 $PID 2>/dev/null
do
cnt=`expr $cnt + 1`
if [ $cnt -gt 60 ]
then
#
# Waited 120 seconds now. Fail.
#
echo -n " Failed.. "
break
fi
sleep 2
echo -n "."
done
[ "$1" = verbose ] && echo "done."
else
[ "$1" = verbose ] && echo "$NAME."
fi
}
case "$1" in
start)
echo -n "Starting proxy server: "
start
echo "$NAME."
;;
stop)
echo -n "Stopping proxy server: "
stop verbose
;;
reload|force-reload)
echo "Reloading $NAME configuration files"
start-stop-daemon --stop --signal 1 \
--pidfile $PIDFILE --quiet --exec $DAEMON
;;
restart)
echo "Restarting proxy server: "
stop
start
echo "$NAME."
;;
*)
echo "Usage: /etc/init.d/$NAME
{start|stop|reload|force-reload|restart}"
exit 1
;;
esac
exit 0
***End of
Script
it makes no difference to the error message by adding or removing the '-f
/etc/squid2.conf' to the parameters at the top of the script.
Thanks again for further help,
Regards,
nry
Chris Wilcox wrote:
Hi all,
As far as I can tell, I have followed everything I'm supposed to have to
make this work. I wish to run two instances of Squid on the same machine:
Squid/2.4.STABLE6 on Debian Woody stable.
I have squid.conf and squid2.conf with the relevant settings altered.
Squid.conf listens on port 3128 on the external IP. I have not altered
the PID file path for this one.
Squid2.conf listens on port 8085 on 127.0.0.1 I have altered the PID file
path to be /var/run/squid2.pid I have created a different cache directory
etc, and specified these within the squid2.conf file, along with checkong
relevant permissions on these directories.
I have then copied the squid init.d script and called this squid2. I have
altered squid2 to have a different name string, and altered all relevant
entries within this script
[squid-users] Help with running 2 instances of squid
Hi all, As far as I can tell, I have followed everything I'm supposed to have to make this work. I wish to run two instances of Squid on the same machine: Squid/2.4.STABLE6 on Debian Woody stable. I have squid.conf and squid2.conf with the relevant settings altered. Squid.conf listens on port 3128 on the external IP. I have not altered the PID file path for this one. Squid2.conf listens on port 8085 on 127.0.0.1 I have altered the PID file path to be /var/run/squid2.pid I have created a different cache directory etc, and specified these within the squid2.conf file, along with checkong relevant permissions on these directories. I have then copied the squid init.d script and called this squid2. I have altered squid2 to have a different name string, and altered all relevant entries within this script to point to the squid2 details eg cache directory etc. This squid2 script is set to use 'squid2.pid' as I've specified in squid2.conf Yet still, when I do 'squid2 start' it always returns 'Squid is already running! Process ID 213' I'm now lost. Am I missing something really obvious here? I've been trying to get this going for a good few weeks now! Major thanks for any advice and suggestions! Regards, nry _ Use MSN Messenger to send music and pics to your friends http://www.msn.co.uk/messenger
Re: [squid-users] Running two instances of Squid from one binary
Chris Wilcox wrote: Hi all, Our current project currently requires the use of two seperate squid instances with a web filter in the middle. Clients would connect to Squid1 and be authorised then passed to the filter which would use Squid2 as the cache. Squid1 would not cache, just log. You can run two separate squids by using two separate config files (see the commandline parameters for squid, particularly -f ). And that's it. So you need to use 2 different configuration files. rgrds, Bart But I thought that since I was using an edited squid init.d script, that this second script should have correctly started Squid with the specified second squid.conf (called squid2.conf)? Regards, nry _ On the move? Get Hotmail on your mobile phone http://www.msn.co.uk/msnmobile
[squid-users] Running two instances of Squid from one binary
Hi all, Our current project currently requires the use of two seperate squid instances with a web filter in the middle. Clients would connect to Squid1 and be authorised then passed to the filter which would use Squid2 as the cache. Squid1 would not cache, just log. Rather than maintain our own squid package on top of the existing one for our chosen distro (Debian) we're hoping to nake use of the ability to run more than one instance of squid from the single binary. I could be wrong, but I believe what I need to do is create a second squid conf file called eg squid2.conf, and alter the relevant sections in this conf file to match the needs of Squid2 eg log/cache dirs. port, IP etc. I believe I have done this correctly. I then thought I could happily copy the existing squid init.d script and alter it to start a second squid instance but it doesn't seem to work. Squid1 works, the filter works, but adding squid2 stops it working. The main lines I can see that need altered are those shown below: NAME=squid2 DAEMON=/usr/sbin/squid LIB=/usr/lib/squid PIDFILE=/var/run/$name.pid SQUID_ARGS="-D -sYC" There are also another couple of lines which I've altered which are to do with config file paths etc. When I try to manually run this script it says that squid is already started and lists the pid number. From the edits I've listed above I'm not sure why this is happening as I've specified a different NAME hence a different pid file etc. Am I going in the right direction or have I missed something obvious (or not!)? The Squid docs say this is possible but nothing I've found on the web or the squid site has helped me get this working. Major thanks for any replies! Regards, nry _ Find a cheaper internet access deal - choose one to suit you. http://www.msn.co.uk/internetaccess
Re: [squid-users] Single squid in a squid -> filter -> squid setup
> We are planning on using the "peer_access allow|deny acl acl acl ..." > ACL so I am glad someone else has further confirmed this 'should' work. I'm > hoping this will work fine with external ACL's aswell? We will be writing a > custom one to allow us to authorise users based on our custom Identd string > returned from clients. That will be more problematic, as the ports aren't exposed to external ACL's at this point. If you want to do ident, you need to have squid perform the ident checks. (You can check the ident result in an external helper IIRC). Yep, Squid will do the identd lookup and pass this to the external ACL we write. As far as possible we really want to use what is already in existence and has been tested. So far the only thing we need to do that doesn't exist within Squid is check a custom identd string. Something which I wouldn't expect Squid to do anyhow! There is a webpage for the entire projet which I won't post on this list but if people 'are' interested I'm happy to reply offlist. Thanks and regards, nry _ Use MSN Messenger to send music and pics to your friends http://www.msn.co.uk/messenger
Re: [squid-users] Single squid in a squid -> filter -> squid setup
Cheers for the replies folks, I am currently tending to agree with the use of two seperate instances of Squid. Aside from the logs, it should actually make our system easier to manage as I got really confused trying to suss out a squid.conf that may or may not always have a true upstream proxy. Using two squid instances means this issue is no longer apparent as any true upstream proxy would only need to be declared (or not declared as the case may be!) in the caching squid, not the authenticating/ACL'ing squid that clients connect to. We are planning on using the "peer_access allow|deny acl acl acl ..." ACL so I am glad someone else has further confirmed this 'should' work. I'm hoping this will work fine with external ACL's aswell? We will be writing a custom one to allow us to authorise users based on our custom Identd string returned from clients. Thanks again. Regards, nry _ Tired of 56k? Get a FREE BT Broadband connection http://www.msn.co.uk/specials/btbroadband
Re: [squid-users] Single squid in a squid -> filter -> squid setup
Hmm, apparently it is being done with one squid instance by at least 2 people I've messaged on a forum though they've yet to describe it fully enough for me to understand. I was kinda wondering why I can't just send localhost requests direct (either direct to the web or direct to a true parent proxy) and requests from the LAN through to the DansGuardian instances. This wouldn't loop as far as I can see? Regards, nry On Sun, 2003-09-28 at 01:50, Chris Wilcox wrote: > Hi all, > > I've tried posting on this in the filter (DansGuardian) message board with > not much success as it seems to require more knowledge about Squid than the > filtering. You'll be hitting a routing loop, so no, you cannot do it with one squid. You can do it with one squid /binary/ though - simply passing the squid an explicit config file. In the config for squid 1. use cache_dir null, and disable all caching - no_cache deny all. Otherwise your filter policy will be bypassable. There is info on the FAQ on running two squid on the same machine. Cheers, Rob -- GPG key available at: <http://members.aardvark.net.au/lifeless/keys.txt>. << signature.asc >> _ Stay in touch with absent friends - get MSN Messenger http://www.msn.co.uk/messenger
[squid-users] Single squid in a squid -> filter -> squid setup
Hi all, I've tried posting on this in the filter (DansGuardian) message board with not much success as it seems to require more knowledge about Squid than the filtering. I wish to use Squid alongside a custom identd client to allow me to allow/disallow Internet/Cache access to client stations based on the string returned from the identd client running on these clients. The string returned at this point is likely irrelevant. The initial plan was to have 2 instances of Squid running on the same server. Stations would connect to Squid1 which would authenticate via the identd client and control cache access. Squid1 would not cache. If allowed access, Squid1 would direct stations to an instance of DansGuardian running on the same server which would in turn connect to a second instance of squid which handled caching (call this Squid2). The plan was to use ACL's (and 4 custom ACL's) on Squid1 to handle 4 instances of DansGuardian, each running a different filter config so in effect we could direct a station to the relevant filter allowing us to run different filter levels for different user groups. Hope this makes sense so far? It was planned to be set up as "station -> Squid1(auth) -> DansGuardian(1-4) -> Squid2(cache)". DansGuardian appears to Squid as an upstream parent proxy running on 127.0.0.1 with a port chosen by me eg 8080. After discussion it was suggested by a few people that the above can be done with a single instance of Squid as opposed to two seperate ones. I've been playing with this sugestion for a good few days now with no success. I can happily get this setup running as "station -> DansGuardian -> Squid" but can't quite suss out the ACL's to allow this to work as "station -> Squid -> DansGuardian -> Squid". In the majority of usage cases, the server would also have a true upstream proxy/cache aswell. We're currently using Debian and hoped to stick with stable releases of packages so the use of a single Squid is the best way to accomplish this as we wouldn't need to create our own package of Squid to allow us to use a second instance and then have to maintain this extra package alongside the Debian stable one. I'm currently trying to get this working with a single DansGuardian instance and get this working before I move on to having a further 3 instances to allow for the different filter levels. So, my questions at last! 1) Is the use of a single Squid instance do-able for the situation described? 2) If it is possible is anyone willing to give me a hint as to what my ACL setup may need to be? 3) Can we use a single installation of Squid and start 2 instances with different squid.conf files? Sincere thanks for any response to this. Once we get this sorted and running in either way we can move on to the management console! Regards, nry _ Express yourself with cool emoticons - download MSN Messenger today! http://www.msn.co.uk/messenger
[squid-users] access.log analysis queries
Hi all, We're beginning to look at the logfile analysis section of an ongoing Squid based project. Nothing in existence really offers what we need as it's not really tailored towards our market or our users, plus our logs contain an identd lookup string which is customised to our requirements and doesn't return the usual username only information so existing logfile analysis progs and scripts don't handle it the way we need. My query is in regard to the best way to go about analysing logs in general. Main outputs from log querying will be displayed in a browser, and since our current strengths lie in php we're aiming to use this as the language of choice. I've been playing with using regexp to take a line from the access.log and split it into the relevant sections, but I'm unsure whether this is the best or most efficient way of doing things. The expression to match each line is very complicated and I'm under the impression that regexp matches are CPU intensive so large logfiles may take an age to process (our product could easily have upwards of 250 simultaneous users). Can anyone comment on ways logfiles can be analysed, and possibly what drawbacks and/or advantages each way may have? We'll likely be running a logfile per week, which then gets archived and a new log started but this will be looked at during our testing phase which is a while off yet! Any comments on this will be gratefully accepted! Regards, nry _ Get Hotmail on your mobile phone http://www.msn.co.uk/msnmobile
Re: [squid-users] Site access problem
My guess is the port shown in the error mesaage: 7773 Does this not need added to the safe_ports list? I had a similar issue with a friends site who runs his webserver on a non-standard port... hth nry > i'm trying to connect to site www.lightrio.com.br, and there they put a > flash to link: > https://200.170.45.6:7773/pls/sau/sau_pc_segda_via_cta.sau_pr_lst_cta > > and when a try to connect using transparent proxy, and error is shown in > access.log: > > TCP_DENIED/403 1044 CONNECT 200.170.45.6:7773 - NONE/- - Post your squid.conf (without blank lines or comments). Adam _ Hotmail messages direct to your mobile phone http://www.msn.co.uk/msnmobile
Re: [squid-users] Squid cache full --Cant surf
The cache directory itself shouldn't cause this since Squid manages this space itself by deleting least recently used files once the cache gets low on space. Are you rotating your squid logs? There's the 3 logs to rotate, and unless you do this regularly then it's likely the log files are growing to a size that fills the disk and this is causing the problem. Either that or you may have set your cache dir size to bigger than the amount of physical space you actually have on your disk? I guess this could cause squid some problems when it thinks it should be able to write files to disk but can't. Not rotating the error logs culd also cause this to happen since the logs would fill up the disk leaving squid with not enough left to use. hth Regards, nry Dear all, I have squid caching server. My server cache drive gets full in 1 and half month but when it gets full. My lan users cant surf the internet. When i rebuilt the cache then it will start again to work. What should i do so that i dont have to rebuilt the cache. any help will be greatly appreciated. Joel _ Sign-up for a FREE BT Broadband connection today! http://www.msn.co.uk/specials/btbroadband
Re: [squid-users] Tool to display access.log and store.log
I'm stuck. The access log file will show what files, URLs, sites and times of things being accessed from the Internet. If you use authentication it will also show you who was looking at these things. I can't see how the store log will help here, as theoretically both the store log and the access log should kind of show the same things as accessed pages will usually be stored/cached and hence show up in both the access and store log. Regards, nry > Hi all! > > Im trying to have my squid logs displayed in an nice manner on my web > server. > Calamaris does the job with the access.log file, but most of all i wish to > display > the info from the store.log file. Calamaris dosent seem to be able to > handel it. > I need to se "site names" "urls" "downloads" and "time". Im trying to > findout how much "illigal" > surfing that is done. > > > > Q. Is there an application that can convert my store.log and access.log > into a nice .html > file? Or is there a combination of tools to use? > > > Regards > > > Mattias Olsson > IT Consultant > Communication Solutions > [EMAIL PROTECTED] > Phone: +46 8 730 6573 > Mobile: +46 70 629 1071 > _ Sign-up for a FREE BT Broadband connection today! http://www.msn.co.uk/specials/btbroadband
[squid-users] High Squid CPU usage on new RH9 2.4.20.9 kernel
Hi all, After upgrading my RH9 kernel via up2date, Squid can be seen running at really high CPU usage even with a single user accessing simple web pages. CPU usage (taken from 'top') can easily hit and go above 40% which makes the rest of the system crawl to a snails pace with the cursor hanging/jumping etc when I try to do anything on the PC running Squid. I have just upgraded to SQUID 2.5 STABLE3 from source and I'm having the same high CPU usage. I can boot back to the older kernel and if no-one can suggest anything then I will be doing that ASAP as this is driving me nuts! :) When typing this mail I could see the words b e i n g t y p e d o n e l e t t e r a t a t i m e ! This is running on a tiny home LAN of 2 PC's and the Linux server running Squid so it's not mission critical I guess, but still! Thanks for any response, Regards, nry _ Hotmail messages direct to your mobile phone http://www.msn.co.uk/msnmobile
Re: [squid-users] firewall and squid
I'm doing this on my home LAN but purely because I don't have the cash (pun?) to have seperate computers for the firewall and cache. Still, there's nothing stopping you having a firewall in more than one place so you could run Squid from the DMZ but still have the squid box running it's own firewall to make sure everything is closed off other than say port 3128 so the only vulnerability on that box is likely to be Squid itself. Still, my firewall is set up only to accept incoming connections that the LAN has initiated,so if someone port scans me they see only the ports I need to have open (eg http and smtp). Works quite well really I reckon. Regards, nry Fritz Mesedilla wrote: > > Hello! I'm quite new here. > > Would it be possible for me to have squid and a firewall on the same server? I'm concerned about security and also on budget. > Theoretically, there is no problem. But I would advise agains it, also because of spurious port usage of squid when maintaining connections. One of the purposes of firewalls, is to control this. Also because of traffic generated , it will make the squid box 'noticable' and prone to attack. Therefore our squid is on DMZ, behind firewall M. _ Express yourself with cool emoticons - download MSN Messenger today! http://www.msn.co.uk/messenger
Re: [squid-users] RV: squid1 -> dg -> squid2
This can't work as there is now way to get Squid to pass DG the username etc, so DG cannot do any authentication at all hence it's passing everything through the default settings and not logging stuff correctly. I think you also posted this in the DG message board, and answers from there will apply also. I can't comment on the page display problem, though I'm sure someone on the DG board did respond to this? Regards, nry The first squid is use to authenticate users with the wb_ntlmauth helper and then redirect the request to DG for filtering. The second squid is use to connect to internet to resolve the request. The problem is: Dansguard didn´t see the real user, insted apply all the filter rules for all users and never update the access.log file (for denied access) and the cachedump file (for connected users) Example When i access an unfiltered site like www.google.com all seem good but when i access an filtered site like www.playboy.com i didn´t get the deny page, insted the url is show in the browser and all the body is empty and nothing is logged in the /var/log/dansguardian/access.log file. RGDS _ Get Hotmail on your mobile phone http://www.msn.co.uk/msnmobile
Re: [squid-users] Problem: high use of processor time
How many clients are simultaneously accessing the Internet through the cache, and what is your Internet connection speed? How long after the system starts does it begin to hog the CPU usage, and does it slowly build up or suddenly jump to using 99.9%? Regards, nry Hello, in this university we are using many versions of squid (2.4stable7, 2.5stable1 and 2.5stable3) with the same problem. Time later from start, the squid process use 99.9 of time processor. Squid is running on a Athlon XP 2000+,512 Mb of memory and a 20 Gb cache on a IDE 7200 rpm disk. Sisop is Linux Mandrake 8.2, standard installation. We try many compilation options (enable-async-io, etc.) without better performance. Known related problems to this ? Any idea ? Thanks in advance Sergio. Stats show: client_http.requests = 5.993292/sec client_http.kbytes_in = 2.873313/sec client_http.kbytes_out = 28.059805/sec client_http.all_median_svc_time = 3.112631 seconds client_http.miss_median_svc_time = 7.794210 seconds client_http.nm_median_svc_time = 0.000911 seconds client_http.nh_median_svc_time = 3.112631 seconds client_http.hit_median_svc_time = 0.000911 seconds server.all.requests = 3.563309/sec server.all.errors = 0.00/sec server.all.kbytes_in = 25.863153/sec server.all.kbytes_out = 1.966653/sec server.http.requests = 3.449976/sec server.http.kbytes_in = 25.366490/sec server.http.kbytes_out = 1.923320/sec dns.median_svc_time = 0.018519 seconds unlink.requests = 0.09/sec page_faults = 0.00/sec select_loops = 931.210185/sec select_fds = 1308.447560/sec swap.outs = 0.619996/sec swap.ins = 2.413317/sec swap.files_cleaned = 0.00/sec aborted_requests = 1.923320/sec syscalls.polls = 961.009978/sec syscalls.disk.opens = 1.799987/sec syscalls.disk.closes = 1.826654/sec syscalls.disk.reads = 1.449990/sec syscalls.disk.writes = 2.79/sec syscalls.disk.seeks = 0.06/sec syscalls.disk.unlinks = 0.00/sec syscalls.sock.accepts = 5.433296/sec syscalls.sock.sockets = 3.633308/sec syscalls.sock.connects = 3.603308/sec syscalls.sock.binds = 0.00/sec syscalls.sock.closes = 6.496621/sec syscalls.sock.reads = 1282.134410/sec syscalls.sock.writes = 28.383136/sec syscalls.sock.recvfroms = 5.986625/sec syscalls.sock.sendtos = 3.016646/sec cpu_time = 299.29 seconds wall_time = 300.002088 seconds cpu_usage = 99.762639% ___ NOCC, http://nocc.sourceforge.net _ Express yourself with cool emoticons - download MSN Messenger today! http://www.msn.co.uk/messenger
Re: [squid-users] Squid Performance
For only 30 clients, you really don't need to spend that much cash on such a high specced server! A simple Duron/Celeron based system with 256 or maybe 512MB RAM would more than suffice! Our ISP provided cache/firewall servers at least 100 simultaneous client machines and is nothing more than a Celeron 1200 with 512MB RAM and a IDE 40GB HD and it has no problems keeping up with demand on a 2Mbit line. Really, on that few client machines, I really doubt you'll notice any performance degredation running on a much lower spec machine! The slowest link in the cog is the Internet connection, and personally I'd save my money on the server and upgrade the net connection instead and run Squid on a much lower spec machine...still, reading your post again it appears you may have most of the hardware? If so it's a bit different. Dual-processor wise, I think I'm right in saying that Squid can't take advantage of this so it wouldn't be worth the extra cash, plus running with dual-CPU's you're usually better off buying matched pairs otherwise you can often run into problems. As for Squid, I'd be very surprised if the standard install of Squid that comes with RH9 couldn't easily handle the load of 30 client machines. My tuppence worth anyhow! Regards, nry I'm complete newbie in the Squid and Linux worlds (I've lived in a different world for far too long). I just joined the wagon about a month ago. I need your inputs on how to set up a high performance Squid box: My hardware details: Machine: Dell PowerEdge 1600SC CPU: Intel Xeon 2.0GHz, 533Mz FSB Mem: 640MB PC2100 DDR, ECC. HD: Two 36GB, 10K RPM, Ultra320 SCSI Drives HD Ctler: Single Channel Ultra320 controller OS: Red Hat Linux 9.0 Squid ver: 2.5.STABLE3 Comm Interface: 1000Mbps Ethernet uplink to Squid box. Clients: Thirty Pentium 4, Windows XP machines. This setup will be for clients with the sole aim of browsing the internet. I have a relatively slow connection (128Kbps, may increase to 256kbps). This Linux box will be dedicated to running Squid. It also runs Apache just so I can use cachemgr. I don't serve pages to any one. It also runs BIND caching-only DNS. I read this will improve response time? I have successfully set up squid and running nicely (thanks to the tremendous amount of resource available on Squid, including this mailing list archive). What I'm looking for is how to optimize Squid for my situation. I'm willing to do the following hardware enhancements if it will significantly boost Squid's performance. Please rank the options if possible. 1.) Add another Xeon processor (I have a dual processor server board) 2.) Add another 512MB of memory 3.) Add another hard drive (or more if necessary). If you feel my hardware is enough and all that I need is some software tweaking please tell me before I pump more doe into Squid. My OS shares one HD with a 5.9GB partition for one cache directory. The other cache dir is on a 5.9GB partition on the second drive. I'm thinking about adding a 7200RPM IDE drive for the OS and cache log and dedicating the tow SCSI's for Squid cache. My cache_mem = 128, and total cache size is set to 2GB for now. Any recommendations? I'm used a Squid RPM with 1024 file descriptors. What are my chances of running out of file descriptors given the number of clients? My file-max in Linux is 65529, but I read that Squid can't use more than the 1024 until I recompile with some options. The problem is I'm quite green with Linux and Squid environments so I don't feel comfortable compiling either (for fear of leaving out something and taking a performance hit). In other words I prefer not to fix anything that aint gonna break. If there are any simple tasks that I can do in Linux/Squid to improve performance please help. I appreciate your contribution. Thanks. _ Tired of 56k? Get a FREE BT Broadband connection http://www.msn.co.uk/specials/btbroadband
[squid-users] Squid v3 performance compared to v2?
Hi all, On the same hardware, is there likely to be any major performance difference between Squid v3 and Squid v2? Thanks for any response, Regards, nry _ Use MSN Messenger to send music and pics to your friends http://www.msn.co.uk/messenger
Re: [squid-users] Blocking Kazaa, msn messenger...
Personally I'd think this was a firewall issue as this can be used to block ports etc used by the said applications. Others may disagree though! Regards, nry I think i've read all the information in squid's FAQ and user's guide but i would like to know if there is a way to block: - Kazaa - Yahoo Messenger - Aol Messenger - msn messenger i know you can block specific servers but connections with type peer to peer? how? THANK U! _ Add photos to your e-mail with MSN 8. Get 2 months FREE*. http://join.msn.com/?page=features/featuredemail _ Hotmail messages direct to your mobile phone http://www.msn.co.uk/msnmobile
Re: [squid-users] Re: Urgent Please
I'm guessing that providing you've set up your ACL's correctly, your LAN PC's should have no problems using Squid. I'm presuming what you have forgotten is to setup an ACL to allow localhost have access to Squid hence when you're connecting to Squid from the actual Squid box itself it doesn't work since the Squid box itself will only see the localhost IP of 127.0.0.1 so you'll need to add some lines like the following to make it work: acl ThisComputer src 127.0.0.1/255.255.255.255 http_access allow ThisComputer hth Regards, nry _ Stay in touch with absent friends - get MSN Messenger http://www.msn.co.uk/messenger
Re: [squid-users] Kazaa - ICQ - FTP through Squid 2.4 STABLE 7
I'm running squid 2.4 STABLE 7 in my main server (LINUX RH 8.0) and I can't connect to ICQ, Kazaa, Morpheus, and AudioGalaxy. Can i use FTP through Squid? How? Can anyone guide me throw this?! I must connect to them! Squid wouldn't affect the working of these programs and can't since Squid is a http proxy, not a proxy for other protocols such as ftp, pop3 and smtp. If the software worked before Squid and you haven't touched the configuration of these programs since, then there's no reason for them not to work now. If you have configured these programs to somehow use squid then you need to reset the configuration to what you had before. As far as I'm aware (and I have played with this at home a fair bit) the only thing that would stop your programs from working would be firewall related. In short words, what you want is not possible with Squid. Squid can only cache and handle http requests. Regards, nry _ It's fast, it's easy and it's free. Get MSN Messenger today! http://www.msn.co.uk/messenger
Re: [squid-users] my squid.conf - suggestions?
From: Michael Kastinger <[EMAIL PROTECTED]> To: Henrik Nordstrom <[EMAIL PROTECTED]> CC: [EMAIL PROTECTED] Subject: Re: [squid-users] my squid.conf - suggestions? Date: Mon, 04 Aug 2003 18:43:36 +0200 Henrik Nordstrom wrote: mån 2003-08-04 klockan 13.24 skrev [EMAIL PROTECTED]: maybe one of you have some suggestions for my squid.conf to optimize the performance. Squid performance is relatlvely little about squid.conf settings, and a lot about hardware setup. (memory, number of drives, speed of drives etc, in priority order) Regards Henrik IBM Netfinity 7000 M10 dual pentium 2 400 mhz 2048 MB ECC RAM 3 SCSI drivers 7,2k upm ( raid 5 ) I'm sure I read somewhere that RAID5 is THE worst RAID setup to run with Squid? To do with overheads but I can't remember whether it was on reading, writing or both. May be worth someone confirming this incase I'm wrong though?!? Regards, nry _ On the move? Get Hotmail on your mobile phone http://www.msn.co.uk/msnmobile
[squid-users] External acl efficiency: text file/MySql lookup
Hi again all, I'm looking at writing an external acl helper that checks the value returned by a customised version of identd. The helper would take the identd response and compare it with data held either in flat text files or in a MySql database. I believe I'm right in thinking that the data in the text file or DB can be dynamic ie I can alter the data in the file or DB without having to reconfigure Squid? My basic question is: for a text file or DB with around 1500 lines/rows, would there be any major performance difference between the use of text files compared to holding the same data in a MySql database? The server this would run on would be dedicated to running Squid and would be specced something like: Athlon XP 1800+ or above 512 or 1024MB DDR RAM 80GB ATA-100 7200rpm HD Running on fully switched 100Mbit network, serving around 150 client stations Thanks for any response, nry _ On the move? Get Hotmail on your mobile phone http://www.msn.co.uk/msnmobile
Re: [squid-users] Re: is there a way I can recieve replies only?
Hmm, not sure about your e-mail, but I canset filters in Hotmail so mail from specific places goes into certain folders eg mail with 'squid users' in the Subject goes into a 'Squid Users' folder. That way I don't clutter my inbox. Regards, nry _ Get Hotmail on your mobile phone http://www.msn.co.uk/msnmobile
[squid-users] Any guidelines on writing external_acl_type s?
Hi all, I've had a good search through google and found nothing. Are there any limits or things that can't be done with this type of ACL? Eg can the helper class query a DB, can it be written in any language? Can it be a simple perl script? I'm kinda thinking of something like the following: cache_peer cache1.foo.net parent 3128 3139 cache_peer cache2.foo.net parent 3128 3139 cache_peer cache3.foo.net parent 3128 3139 cache_peer cache4.foo.net parent 3128 3139 external_acl_type check1 etc (checks if access allowed to cache1) external_acl_type check2 etc (checks if access allowed to cache2) external_acl_type check3 etc (checks if access allowed to cache3) external_acl_type check4 etc (checks if access allowed to cache4) cache_peer_access cache1.foo.net allow check1 cache_peer_access cache2.foo.net allow check2 cache_peer_access cache3.foo.net allow check3 cache_peer_access cache4.foo.net allow check4 I know the syntax likely isn't 100% but hopefully people may get the idea of what I'm trying to do. I'm aiming to have a modifed identd server on client machines which returns 'username:hostname' as a single string. I want to pass this to an external_acl_type which checks if 1) the host has access and if so 2) does the username have access to this cache peer? I'm aiming to have a different filter level on each peer cache. I hope this would give me hostname based access control and within that different filter levels per user Thanks for any response, Regards, nry _ Sign-up for a FREE BT Broadband connection today! http://www.msn.co.uk/specials/btbroadband
Re: [squid-users] Image Caching
I use a squid version 2.4. I got a simple problem, i guess. How i can set the squid, to never never store any image in your cache, CUZ here we got a lot of web developers and designers. We are got so much problems with squid. The squid store all images, and when a designer change this images, him cant see the new image, cuz the squid store the old image. Thanks I'm guessing that if the designers click the 'Refresh' button on their browser then Squid will load the new image into it's cache and display it correctly? I'd suggest a few things to try: Find out which URL's the images come from and tell squid to go direct for these URL's then it won't cache them, or you could also tell your browsers to bypass squid for certain URL's and this will have the same affect. Where do the images come from? Are they local images (ie on the LAN) or are they coming externally from the web? If they're local then you really need to tell your browsers not to go through squid for local addresses (IP's, URL's etc etc) since this is giving squid work to do that it shouldn't be doing. hth Regards, nry _ Find a cheaper internet access deal - choose one to suit you. http://www.msn.co.uk/internetaccess
[squid-users] Squid code: before results get returned to browser
Hi all, Could any knowledgeable people tell me/us whereabouts in the squid code (file name and line) the part is that finally returns the request result to the browser? We're looking at the possibility of sending these results through an external program before they are returned to the browser Thanks for any reply, nry _ Express yourself with cool emoticons - download MSN Messenger today! http://www.msn.co.uk/messenger
RE: [squid-users] acl ident_regex
Thanks for all the replies folks, I'm sure that when I used identd on my clients at work ages ago, squid logged hostname and username in it's logs, and I'm also 99.9% sure this was a standard ident server and not a modified one. However, I am aware of an ident server for Windows which does currently return hostname within the response, and the person responsible may be open to modifying his code to meet our needs (likely for a fee but it would be worth it). For our project to work, we need a way of transparently being able to control access by client hostname aswell as username. The hostname will be used to determine whether Internet access is allowed, and the username will be used to specify which filter is to be used for that user unless the user themselves are denied access. Our project needs to be reliant only on itself, ie it cannot rely on the network configuration it is being used on, and it cannot require any major changes to the network for it to work. We are happy that ident on the clients is an option, and the majority of our target audience will already have security in place that wouldn't allow users access to any ident server running on their machines. A vast majority of our target networks will be using dynamic DHCP, so it is likely that client computers will not have the same IP address on each connection to the cache so it isn't an option to control access by IP. Also, using MAC address is way too much of a hassle for the proposed end-uers of our system to contemplate. Installing ident servers on client machines is at this moment as much work as we want the end-uers to need to undertake. If anyone is curious, the project proposal is sited at http://www.nryonline.co.uk/project If anyone has any further suggestions how we could undertake the ability to control access by hostname then we are very open to suggestions! Regards and thanks again, nry > Sorry, but no there is no such field type in the ident protocol. My bad; I read it wrong. The two response types are "USERID" and "ERROR". As you have mentioned, "OTHER" is an operating system type within the USERID response. What I was trying to point out was that there should be no reason why he couldn't return the hostname. If it happens that his hostnames do not conform to the rules of the operating system, he can use the OTHER operating system type and remain in compliance. One other point that I was hinting about... Even his non-technical users can easily make the ident reply be anything *they* want it to be, too. Thanks, Rick > -Original Message- > From: Henrik Nordstrom [mailto:[EMAIL PROTECTED] > Sent: Friday, July 25, 2003 12:52 PM > To: Rick Matthews > Cc: Chris Wilcox; [EMAIL PROTECTED] > Subject: RE: [squid-users] acl ident_regex > > > fre 2003-07-25 klockan 18.42 skrev Rick Matthews: > > > <http://identd.dyndns.org/identd/rfc1413.txt>, in addition to the > > response type USERID, there is an additional type "OTHER": > > Sorry, but no there is no such field type in the ident protocol. > > OTHER is a operating system type and indicates that the username which > follows is not structured according to any standard operating system > rules, and probably not meant to be human readable. > > There can only be one username in the same ident reply. > > In all operating system types you are allowed to return pretty much > anything as username, but if the operating system type is anything else > than OTHER then the returned username SHOULD follow the rules of that > operating system. > > It is perfectly fine if you set your ident server to return the hostname > as userid, if this is what you wishes to make your users identify > themselves as to the network (using ident). > > Squid will use whatever is sent as user ident in the reply, ignoring the > opsys field. > > Regards > Henrik > > -- > Donations welcome if you consider my Free Squid support helpful. > https://www.paypal.com/xclick/business=hno%40squid-cache.org > > Please consult the Squid FAQ and other available documentation before > asking Squid questions, and use the squid-users mailing-list when no > answer can be found. Private support questions is only answered > for a fee or as part of a commercial Squid support contract. > > If you need commercial Squid support or cost effective Squid and > firewall appliances please refer to MARA Systems AB, Sweden > http://www.marasystems.com/, [EMAIL PROTECTED] > _ Hotmail messages direct to your mobile phone http://www.msn.co.uk/msnmobile
[squid-users] acl ident_regex
Hello again all, Been having yet another read through the ACL types I can use within squid. Does ident_regex allow pattern matching on the entire string returned from an ident lookup? eg if I have an altered version of an identd server running on a client PC, and this returns (amongst other things) username and client PC hostname, would it be possible for ident_regex to look for a certain hostname within the returned ident string? If not, is it possible to pass the hostname info (or if need be, all the info) from the ident query to an external ACL type and use this to allow/disallow access to the cache? If I can suss out access control via hostname then I will be a very happy bunny (or other small fluffy animal)! Regards, nry _ Find a cheaper internet access deal - choose one to suit you. http://www.msn.co.uk/internetaccess
[squid-users] Squid code/identd query
Not sure if this is possible, but is there anywhere within the squid code that defines which part of the identd request is used to allow the username ACL capability of squid? I presume this must exist somewhere? If I (can!) alter this to instead use the hostname response from identd then I have the ability to control Internet access by PC hostname. So, say I then use SquidGuard aswell to filter the content, can I get squid to pass the correct part of the identd response (ie the username) to squidguard? Any form of response gratefully accepted! Regards, nry _ It's fast, it's easy and it's free. Get MSN Messenger today! http://www.msn.co.uk/messenger
[squid-users] Am I right in thinking squid can block using client PC hostname?
I believe I am right in thinking that providing identd is installed on client PC's, I can define an ACL for squid with a list of PC hostnames in, then tell squid whether to allow these names or not? I don't want to block on username, I want to block by the name of the computer itselfif this isn't possible has anyone got any suggestions as to how I might do this? nry _ Find a cheaper internet access deal - choose one to suit you. http://www.msn.co.uk/internetaccess
RE: [squid-users] Predictive caching?
> -Original Message- > From: Chris Wilcox [mailto:[EMAIL PROTECTED] > Just had a suggestion about a project I'm working on: can we provide > predictive caching? I know it's possible to use cron and > wget to schedule > downloads of pages to keep them in the cache, but is there > any way I can get > squid to follow links on pages it downloads so they load even > quicker when > requested by users? I don't think so, but it seems like this is the sort of thing you could easily tinker with as a seperate program. Here's my thought: Write your own very basic proxy, maybe in Perl or some other interpreted language for the proof-of-concept version so it's easy to tweak. Point your browser at this proxy, and point your proxy at Squid. Then your experimental proxy can follow the links in the page, after passing it on to the web browser, and Squid will automatically cache whatever it retrieves. Make sense? If you decide to play with this, keep us posted. I find the idea pretty interesting. hehe, I wasn't thinking along the lines of writing my own proxy or software. Reading into it, I don't think it would actually have the overwhelming impact on speed which it may appear it has when it was first mentioned to me. Thanks for the reply though, Regards, nry _ Sign-up for a FREE BT Broadband connection today! http://www.msn.co.uk/specials/btbroadband
[squid-users] Predictive caching?
Hi all, Just had a suggestion about a project I'm working on: can we provide predictive caching? I know it's possible to use cron and wget to schedule downloads of pages to keep them in the cache, but is there any way I can get squid to follow links on pages it downloads so they load even quicker when requested by users? There's nothing in the docs so I'm presuming this is a no? In which case, is anyone aware of ways I can get this type of behaviour to work? Regards, nry _ Use MSN Messenger to send music and pics to your friends http://www.msn.co.uk/messenger
[squid-users] Get Squid to log to MySql database?
Morning all, After a fair amount of searching I'm none-the-wiser on this one. Is there any way (easy preferred but not essential!) I can get Squid to log directly to a MySql database or do I need to regularly run a script via cron to put the squid logfile into MySql? Thanks for any replies, nry _ Stay in touch with absent friends - get MSN Messenger http://www.msn.co.uk/messenger
Re: [squid-users] Can squid direct different users to differentparent proxies?
Hi again, Thanks for that, I thought I'd scoured the relevant documentation but it seems I hadn't! I believe what I am looking for is 'cache_peer_access' Thanks again, nry From: Henrik Nordstrom <[EMAIL PROTECTED]> To: Chris Wilcox <[EMAIL PROTECTED]> CC: [EMAIL PROTECTED] Subject: Re: [squid-users] Can squid direct different users to differentparent proxies? Date: 27 Jun 2003 00:50:48 +0200 tor 2003-06-26 klockan 22.41 skrev Chris Wilcox: > Hi all, > > If I define 2 ACL's containing eg staff users and student users, is it > possible to send staff to one parent proxy and students to another parent > proxy? Generally yes. There is some minor restrictions if you are using external acls, or other acls depending on external lookups, but most often these are not an issue. Regards Henrik -- Donations welcome if you consider my Free Squid support helpful. https://www.paypal.com/xclick/business=hno%40squid-cache.org Please consult the Squid FAQ and other available documentation before asking Squid questions, and use the squid-users mailing-list when no answer can be found. Private support questions is only answered for a fee or as part of a commercial Squid support contract. If you need commercial Squid support or cost effective Squid and firewall appliances please refer to MARA Systems AB, Sweden http://www.marasystems.com/, [EMAIL PROTECTED] _ Express yourself with cool emoticons - download MSN Messenger today! http://www.msn.co.uk/messenger
[squid-users] Can squid direct different users to different parent proxies?
Hi all, If I define 2 ACL's containing eg staff users and student users, is it possible to send staff to one parent proxy and students to another parent proxy? Thanks for any replies, nry _ It's fast, it's easy and it's free. Get MSN Messenger today! http://www.msn.co.uk/messenger
