[squid-users] Cacheing in the cloud
Hello, with all of the SaaS, PaaS and the like running on clouds everywhere with packaged deployments that can't be tinkered with where does Squid and cacheing come into the game? Does squid run in these types of environments? If so, is the cacheing advantage realized the same as in traditional stand-alone hardware? I ran some searches @ squid-cache.org but I did not find any real good reading on this subject.
Re: [squid-users] url_rewrite_program in Java
I'm no Java expert but isn't your readline hanging the process by waiting for
input followed by a carriage return/linefeed sequence?
On Thu, 14 Jan 2010 15:00:35 -0800
"Lu, Roy" wrote:
> Does anyone have an example of a url rewrite program in Java. I tried
> with the following code but it did not work.
>
>
> Squid.conf:
> url_rewrite_program /usr/bin/java -classpath /usr/local/squid/sbin
> RewriteHelper
>
> RewriteHelper.java:
>
> import java.io.*;
>
> public class RewriteHelper {
>
> public static void main(String[] args) throws Throwable {
> try {
> BufferedReader in = new BufferedReader(new
> InputStreamReader(System.in));
> String input;
>
> while(true) {
> input = in.readLine();
> System.out.println(input);
> }
>
> } catch (Exception e) {
> e.printStackTrace();
> }
> }
> }
>
> It seems that Squid only regards 'java' as the rewrite program, not the
> entire command with the java class, i.e., '/usr/bin/java -classpath
> /usr/local/squid/sbin RewriteHelper'.
>
> Thanks.
> Roy
>
> **
>
> This message may contain confidential or proprietary information intended
> only for the use of the
> addressee(s) named above or may contain information that is legally
> privileged. If you are
> not the intended addressee, or the person responsible for delivering it to
> the intended addressee,
> you are hereby notified that reading, disseminating, distributing or copying
> this message is strictly
> prohibited. If you have received this message by mistake, please immediately
> notify us by
> replying to the message and delete the original message and any copies
> immediately thereafter.
>
> Thank you.
> **
>
> FACLD
>
--
David Brown
Re: [squid-users] Audio Problems
I don't know which FAQ are you say. Because in the Squid web page, the first entry in the FAQ say "Wha is Squid?" I need to allow users to "play" audio streaming. Without proxy that is posible, but when proxy is use (in IE) that is imposible. What I need to do? Thanks! style='FONT-SIZE:11px;FONT-FAMILY:tahoma,sans-serif'>size=1> From: Mark Elsen <[EMAIL PROTECTED]>Reply-To: Mark Elsen <[EMAIL PROTECTED]>To: david brown <[EMAIL PROTECTED]>CC: squid-users@squid-cache.orgSubject: Re: [squid-users] Audio ProblemsDate: Wed, 5 Oct 2005 18:52:21 +0200> > The LAN users can't play music from Internet with proxy server.> > How I resolve this?>>Chect the first entry of the FAQ.>>M. _ MSN Amor: busca tu ½ naranja http://latam.msn.com/amor/
[squid-users] Audio Problems
The LAN users can't play music from Internet with proxy server. How I resolve this? _ Charla con tus amigos en línea mediante MSN Messenger: http://messenger.latam.msn.com/
Re: [squid-users] LVS/TUN or LVS/DR
On Wed, 9 Feb 2005 10:59:21 -0500, Andrew Sawyers <[EMAIL PROTECTED]> wrote: > Any particular reason why you're after DR mode? I have several squids load > balanced in masq mode and we're able to handle more traffic then most sites > can aspire too - with basically 0 load on the LVS server. You have to do > some monkey patching to get DR mode to work; I personally think unless one > can show performance limitations on why you should go that route, it is an > unnecessary complexity. > I dunno about other OSes but under RedHat Enterprise 3 using the piranha suite LVS DR required no special stuff to be done. I just basically followed the the docco on linuxvirtualserver.org (RHEL Manuals only describe setting up a LVSNAT cluster for some reason). The only problem I had was deciding which way we wanted to handle the ARP problem inherent to LVS DR and Tun. We chose DR mode as with NAT mode every packet has to traverse the LVSNAT router both incoming and outgoing. With DR/Tun only the incoming request packet traverses the LVS Router while the response packets go direct to the client. This has bandwidth advantages as most of the traffic is going from the squid server to the client. We just thought why put more network load on the LVS router when we don't have to, plus with our large environment (possible 40,000 concurrent devices) we thought LVSDR more scalable. __ David Brown Senior Systems Engineer CSM Technology Adelaide, SA, Australia > Andrew > -- > Zope Managed Hosting > Systems Administrator/Software Engineer > Zope Corporation > (540) 361-1700 > > > -Original Message- > > From: Henrik Nordstrom [mailto:[EMAIL PROTECTED] > > Sent: Wednesday, February 09, 2005 7:11 AM > > To: Askar > > Cc: Squid Users > > Subject: Re: [squid-users] LVS/TUN or LVS/DR > > > > On Wed, 9 Feb 2005, Askar wrote: > > > > > and yes all the caches are on the same switch, and we will also put the > > LVS > > > Director on the same switch with cache servers. > > > I thinks LVS/DR is what we have to go for ? :) sorry for my stupid > > question > > > again and again > > > > Yes. > > > > To make this setup simpler the LVS should have three network interfaces > > > > 1: Client network > > > > 2: Internet > > > > 3: Cache servers > > > > or alternatively two > > > > 1: Client Network > > > > 2: Internet + Cache Servers > > > > > > > > Using DR with the cache servers on the same network segment as the client > > network is a bit tricky. Not if you only do interception, but if you want > > to provide a proxy address as well (recommended). > > > > Regards > > Henrik > >
Re: [squid-users] LVS/TUN or LVS/DR
On Tue, 8 Feb 2005 20:49:40 +0100 (CET), Henrik Nordstrom <[EMAIL PROTECTED]> wrote: > > > On Tue, 8 Feb 2005, Askar wrote: > > > I am wondering if anyone here running "Virtual Server via IP Tunneling" or > > "Virtual Server via Direct Routing", LVS based caches cluster. > Yep, I am currently using a LVS/DR LVS cluster of 2 squid proxies in our production environment. Persistency is set at 10mins to get around some small issues we had with cache children when we were using DNS round robin - not sure if persistency is needed or not but put it in just in case. No problems whatsoever so far (been running for about a month). Incidentally, and most definitely off topic, we are also using LVS to load balance HTTP/S, FTP, IMAP, POP and LDAP - works like a charm. Regards, David Brown > Not currently, but I have used LVS/DR and LVS/NAT in the past a lot to > load balance servers, including Squid proxy servers. Never had any reason > to use LVS/TUN as you only need this if there is a router inbetween LVS > and the host, and LVS/NAT is not desireable. > > Why you ask? > > Regards > Henrik >
Re: [squid-users] auth_param username rewrite
On Wed, 19 Jan 2005 23:17:58 +0100 (CET), Henrik Nordstrom <[EMAIL PROTECTED]> wrote: > On Mon, 17 Jan 2005, Scott wrote: > > > Sorry Henrik, should have elaborated a little... I have over 1000 customer > > sites.. that would be a little ugly to set up and very ugly to maintain. > > Not very, but a little yes. > > >> It must be another proxy (such as Squid) and it must support forwarding of > >> the user credentials to another proxy but with a modified username (which > >> Squid does btw.. see the login= cache_peer option). > > > > I'll take a look at this me thinks > > I am not sure you will find any which does what you want. > > Probably easier to modify Squid to your desires. If you use Basic > authentication then all you should need to modify is the decoding of the > authentication header to always add the client ip to the username. > > see src/auth/basic/auth_basic.c authenticateBasicDecodeAuth() > Henrik / All, My company has actually subcontracted out this partcular task and we implemented the solution yesterday. (We needed to do username rewriting based on client source IP). The code writers have said that they are happy to release the patch to the community however there's a raft of red tape, intellectual property and management approval to be done before we can. Hopefully there won't be any objections and we can release the patch for possible inclusion in squid. Will keep the list posted. Regards David Brown > Regards > Henrik >
[squid-users] Number of Authenticators
Hi All, Had a quick look around on the internet but couldn't find any info on this topic. How many users / connections can each external authenticator handle, specifically the squid_ldap_auth and squid group authenticators? Ie looking to match a number of authenticators to number of concurrent users eg 1000 users = 10 authenticators. Any info appreciated. Cheers -- David Brown
Re: [squid-users] Squid and Apache Authentication
Hi Henrik, n2h2 content filter is the product we are using - I believe the actual product line name is Bess. it can work with squid as the n2h2 people have written a redirector for squid but (by n2h2s own admission) it doesnt work very well. It doesnt do user or group based filtering and it can only handle 150 connections per second - our environment will be generating 300 connections per second. We wanted to use squid but our customer decided they wanted the user and group filtering so we had to go to a Cisco Content Engine. Cheers __ David Brown RHCE MCP CCA CSM Technology 99 Frome St, Adelaide SA 5001 Ph: (08) 8418 7804 Fax: (08) 8418 7820 Mob: 0414 494 802 Email: [EMAIL PROTECTED] Henrik Nordstrom <[EMAIL PROTECTED] org> To [EMAIL PROTECTED] 23/09/2004 09:48 cc AM"'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]> Subject Re: [squid-users] Squid and Apache Authentication On Thu, 23 Sep 2004 [EMAIL PROTECTED] wrote: > - they could just go direct - we are using the upstream peer to do content > filtering as the particular content filter software we were forced to use > uses a proprietry Cisco IFP protocol to communicate with caches :( May I ask which content filter software you use? Regards Henrik
Re: [squid-users] Squid and Apache Authentication
Through some help from this list i figured out how to do something similar just last night. In squid 3.0 there is the cache_peer option login=PROXYPASS - this option converts proxy-authorization to http-authorization and then passes it to the nominated cache_peer. So what we do is make everyone authenticate to the proxy and then if they are going to auth.domain they go through cache_peer with login=PROXYPASS and the auth credentials are passed to the target webpage which can then use an apache auth or php to allow them access to the requested page. All requests not destined for auth.domain are passed to a different cache_peer - they could just go direct - we are using the upstream peer to do content filtering as the particular content filter software we were forced to use uses a proprietry Cisco IFP protocol to communicate with caches :( Not exactly what you are looking for but might help Cheers __ David Brown RHCE MCP CCA CSM Technology 99 Frome St, Adelaide SA 5001 Ph: (08) 8418 7804 Fax: (08) 8418 7820 Mob: 0414 494 802 Email: [EMAIL PROTECTED] Martyn Bright <[EMAIL PROTECTED] uk>To 23/09/2004 12:12 cc AM Subject [squid-users] Squid and Apache Authentication I would like to be able to use a web page on my Apache server to validate a users id and password, and then redirect them on to another external site via a copy of Squid installed on the same machine. I have seen numerous references to this as a possibility, but can anyone give me confirmation that it works and what steps I will require to configure it. Thanks Martyn Bright
[squid-users] Fw: WWW Auth rewrites
Hi, Has anyone successfully got squid to convert proxy authentication to WWW authentication and if so how do you do it?? I've been experimenting with the cache_peer option login=PROXYPASS but not much luck. Ive tried with Redhat RPMs and the latest nightly snapshots (squid-2.5.STABLE6-20040921 and squid-3.0-PRE3-20040830). Unfortunately i've found very minimal docco for this feature through google and the squid source / website / manpages etc. Any help appreciated. Cheers ______ David Brown RHCE MCP CCA CSM Technology 99 Frome St, Adelaide SA 5001 Ph: (08) 8418 7804 Fax: (08) 8418 7820 Mob: 0414 494 802 Email: [EMAIL PROTECTED]
