from:"Gregory Machin"

[squid-users] Browsing slow after adding squid proxy.

2011-07-19 Thread Gregory Machin

Hi.
Been a long time since I last looked at a squid proxy. After add a
proxy to the network , browsing seems to have slowed considerably.  I
have build a squid proxy , this is configured into the network on via
our Sonicwall using the proxy feature. When I looked into the
configuration I did a few optimizations based on what I found on a
couple of websites.  All though I opted not to tweak the OS more than
increase the ulimit as I would not expect it to be required given the
hardware. It is running out of a SSD drive.

When I run top the box is idle for the most part. there are about 100
users on this site.

So my question is what may I have configured incorrectly or missed
that would help?


The hardware is  :

4 Gig Ram
Intel(R) Xeon(R) CPU   E3110  @ 3.00GHz (dual core)
hard disk  is SSD 32 GB

The / file system is ext3
The /var system is ext4 (cache is /var/spool/squid).

The OS is Linux Ubuntu 10 LTS

the squid configuration file looks like

acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
acl localnet src 192.168.0.0/16 # TO BE correctly defined
acl SSL_ports port 443  # https
acl SSL_ports port 563  # snews
acl SSL_ports port 873  # rsync
acl Safe_ports port 80  # http
acl Safe_ports port 21  # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70  # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # SWAT
acl purge method PURGE
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access allow CONNECT
http_access deny CONNECT !SSL_ports
http_access allow localnet
http_access allow localhost
http_access deny all
icp_access allow localnet
icp_access deny all
http_port 3128
hierarchy_stoplist cgi-bin ?
cache_mem 2048 MB
maximum_object_size_in_memory 256 KB
cache_replacement_policy heap LFUDA
cache_dir aufs /var/spool/squid 1 23 256
maximum_object_size 64 MB
cache_swap_low 90
cache_swap_high 95
access_log /var/log/squid/access.log squid
buffered_logs on
refresh_pattern ^ftp:   144020% 10080
refresh_pattern ^gopher:14400%  1440
refresh_pattern -i (/cgi-bin/|\?) 0 0%  0
refresh_pattern (Release|Package(.gz)*)$0   20% 2880
refresh_pattern .   0   20% 4320
quick_abort_min 0 KB
quick_abort_max 0 KB
acl shoutcast rep_header X-HTTP09-First-Line ^ICY.[0-9]
upgrade_http0.9 deny shoutcast
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
extension_methods REPORT MERGE MKACTIVITY CHECKOUT
half_closed_clients off
always_direct allow all
hosts_file /etc/hosts
memory_pools off
coredump_dir /var/spool/squid


Thanks
G

Re: [squid-users] Alert!: Invalid header 'WWW-Authenticate: NTLM'

2008-12-18 Thread Gregory Machin

Running a normal  transparent proxy . Port 80 transparent port mapped to 3128.

thanks



On Thu, Dec 18, 2008 at 12:17 PM, Kinkie gkin...@gmail.com wrote:
 On Thu, Dec 18, 2008 at 7:36 AM, Gregory Machin g...@linuxpro.co.za wrote:
 Hi
 A client of ours needs to access a website that uses WWW-Authenticate:
 NTLM, but squid does not pass it through to the browser . The squid
 version is Squid Cache: Version 2.6.STABLE13
 Whats the work around for this ?

 Are you running in proxy or reverse-proxy mode?

 --
/kinkie

Re: [squid-users] Alert!: Invalid header 'WWW-Authenticate: NTLM'

2008-12-18 Thread Gregory Machin

going to compile 2.7 on the box and see if it works.

On Thu, Dec 18, 2008 at 1:01 PM, Amos Jeffries squ...@treenet.co.nz wrote:
 Gregory Machin wrote:

 Hi
 A client of ours needs to access a website that uses WWW-Authenticate:
 NTLM, but squid does not pass it through to the browser . The squid
 version is Squid Cache: Version 2.6.STABLE13
 Whats the work around for this ?
 Thanks

 Please try the latest Squid. The NTLM pass-thru hack was added somewhere in
 2.6, but I don't recall where. It's likely to be a later Squid-2 release if
 its not working in your current one.

 Amos
 --
 Please be using
  Current Stable Squid 2.7.STABLE5 or 3.0.STABLE10
  Current Beta Squid 3.1.0.3 or 3.0.STABLE11-RC1

[squid-users] Alert!: Invalid header 'WWW-Authenticate: NTLM'

2008-12-17 Thread Gregory Machin

Hi
A client of ours needs to access a website that uses WWW-Authenticate:
NTLM, but squid does not pass it through to the browser . The squid
version is Squid Cache: Version 2.6.STABLE13
Whats the work around for this ?
Thanks

Re: [squid-users] error 401 when going via squid ???

2008-11-13 Thread Gregory Machin

Yes I would assume that the issue is related to Integrated Microsoft
Windows Authentication (a.k.a. NTLM) or something M$ cooked up

Squid Cache: Version 2.6.STABLE4
configure options: '--build=i686-redhat-linux-gnu'
'--host=i686-redhat-linux-gnu' '--target=i386-redhat-linux-gnu'
'--program-prefix=' '--prefix=/usr' '--exec-prefix=/usr'
'--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc'
'--includedir=/usr/include' '--libdir=/usr/lib'
'--libexecdir=/usr/libexec' '--sharedstatedir=/usr/com'
'--mandir=/usr/share/man' '--infodir=/usr/share/info'
'--exec_prefix=/usr' '--bindir=/usr/sbin'
'--libexecdir=/usr/lib/squid' '--localstatedir=/var'
'--datadir=/usr/share' '--sysconfdir=/etc/squid' '--enable-epoll'
'--enable-snmp' '--enable-removal-policies=heap,lru'
'--enable-storeio=aufs,coss,diskd,null,ufs' '--enable-ssl'
'--with-openssl=/usr/kerberos' '--enable-delay-pools'
'--enable-linux-netfilter' '--with-pthreads'
'--enable-ntlm-auth-helpers=SMB,fakeauth'
'--enable-external-acl-helpers=ip_user,ldap_group,unix_group,wbinfo_group'
'--enable-auth=basic,digest,ntlm'
'--enable-digest-auth-helpers=password'
'--with-winbind-auth-challenge' '--enable-useragent-log'
'--enable-referer-log' '--disable-dependency-tracking'
'--enable-cachemgr-hostname=localhost' '--enable-underscores'
'--enable-basic-auth-helpers=LDAP,MSNT,NCSA,PAM,SMB,YP,getpwnam,multi-domain-NTLM,SASL'
'--enable-cache-digests' '--enable-ident-lookups' '--with-large-files'
'--enable-follow-x-forwarded-for' '--enable-wccpv2'
'--enable-fd-config' '--with-maxfd=16384' 'CFLAGS=-fPIE -Os -g -pipe
-fsigned-char' 'LDFLAGS=-pie' 'build_alias=i686-redhat-linux-gnu'
'host_alias=i686-redhat-linux-gnu'
'target_alias=i386-redhat-linux-gnu'

thanks


On Wed, Nov 12, 2008 at 8:09 PM, Kinkie [EMAIL PROTECTED] wrote:
 On Wed, Nov 12, 2008 at 3:32 PM, Gregory Machin [EMAIL PROTECTED] wrote:
 Hi

 Hello Greg,

 I have a client that when he tries to access agentdeal.marvel.com the
 web server (IIS) does give a login prompt as it should and instead
 returns a 401 error.

 [...]

 I get the same problem with our proxy and some other people have this
 problem when, behind squid proxy's .

 What version of Squid, and is IIS trying to offer Integrated
 Microsoft Windows Authentication (a.k.a. NTLM)?


 --
/kinkie

[squid-users] error 401 when going via squid ???

2008-11-12 Thread Gregory Machin

Hi
I have a client that when he tries to access agentdeal.marvel.com the
web server (IIS) does give a login prompt as it should and instead
returns a 401 error.

squid access logs

1226493177.205   2413 192.168.1.54 TCP_MISS/401 2199 GET
http://agentdeal.marvel.com/clm - DIRECT/65.202.37.147 text/html
1226493178.700   1256 192.168.1.54 TCP_MISS/401 2199 GET
http://agentdeal.marvel.com/favicon.ico - DIRECT/65.202.37.147
text/html
1226493181.792   1369 192.168.1.54 TCP_MISS/401 2199 GET
http://agentdeal.marvel.com/favicon.ico - DIRECT/65.202.37.147
text/html
1226493257.082   4573 192.168.1.54 TCP_MISS/401 2199 GET
http://agentdeal.marvel.com/clm - DIRECT/65.202.37.147 text/html
1226493679.353   1306 192.168.1.10 TCP_MISS/401 2199 GET
http://agentdeal.marvel.com/clm - DIRECT/65.202.37.147 text/html
1226493680.560   1068 192.168.1.10 TCP_MISS/401 2199 GET
http://agentdeal.marvel.com/favicon.ico - DIRECT/65.202.37.147
text/html
1226494460.532   3644 192.168.1.10 TCP_MISS/401 2199 GET
http://agentdeal.marvel.com/ - DIRECT/65.202.37.147 text/html
1226494460.975347 192.168.1.10 TCP_MISS/401 2199 GET
http://agentdeal.marvel.com/favicon.ico - DIRECT/65.202.37.147
text/html
1226494463.518346 192.168.1.10 TCP_MISS/401 2199 GET
http://agentdeal.marvel.com/clm - DIRECT/65.202.37.147 text/html
1226494463.960341 192.168.1.10 TCP_MISS/401 2199 GET
http://agentdeal.marvel.com/favicon.ico - DIRECT/65.202.37.147
text/html
1226494464.332338 192.168.1.10 TCP_MISS/401 2199 GET
http://agentdeal.marvel.com/favicon.ico - DIRECT/65.202.37.147
text/html
1226494521.459350 192.168.1.10 TCP_MISS/401 2199 GET
http://agentdeal.marvel.com/clm - DIRECT/65.202.37.147 text/html
1226494563.667397 192.168.1.10 TCP_MISS/401 2199 GET
http://agentdeal.marvel.com/clm - DIRECT/65.202.37.147 text/html
1226494784.619   1406 192.168.1.10 TCP_MISS/401 2199 GET
http://agentdeal.marvel.com/clm - DIRECT/65.202.37.147 text/html
1226494803.850869 192.168.1.10 TCP_MISS/401 2199 GET
http://agentdeal.marvel.com/clm - DIRECT/65.202.37.147 text/html
1226494818.346   1700 192.168.1.10 TCP_MISS/401 2199 GET
http://agentdeal.marvel.com/clm - DIRECT/65.202.37.147 text/html
1226496149.953608 192.168.1.10 TCP_MISS/401 2199 GET
http://agentdeal.marvel.com/clm - DIRECT/65.202.37.147 text/html
1226496150.337335 192.168.1.10 TCP_MISS/401 2199 GET
http://agentdeal.marvel.com/favicon.ico - DIRECT/65.202.37.147
text/html
1226496153.533541 192.168.1.10 TCP_MISS/401 2199 GET
http://agentdeal.marvel.com/favicon.ico - DIRECT/65.202.37.147
text/html
1226496170.539336 192.168.1.10 TCP_MISS/401 2199 GET
http://agentdeal.marvel.com/clm - DIRECT/65.202.37.147 text/html
1226496174.885332 192.168.1.10 TCP_MISS/401 2199 GET
http://agentdeal.marvel.com/clm - DIRECT/65.202.37.147 text/html
1226496372.749672 192.168.1.10 TCP_MISS/401 2199 GET
http://agentdeal.marvel.com/clm - DIRECT/65.202.37.147 text/html
1226496390.734476 192.168.1.10 TCP_MISS/401 2199 GET
http://agentdeal.marvel.com/clm - DIRECT/65.202.37.147 text/html

I get the same problem with our proxy and some other people have this
problem when, behind squid proxy's .
Many thanks
Greg

[squid-users] how to configure wccp load balancing with squid.

2008-11-10 Thread Gregory Machin

Hi
I'm looking for a howto or some docs to show how to do load balancing
. I have a single cisco router and would like to have two or more
squid caches. in a load balanced configuration .. Any suggestions ?
Thanks

[squid-users] Forwarding loop detected for .. help

2008-10-09 Thread Gregory Machin

Hi
what cause this

2008/10/05 05:27:47| WARNING: Forwarding loop detected for:
GET 
/nic/update?hostname=za1fwl01.dnsalias.commyip=196.22.217.98wildcard=NOCHGmx=NOCHGbackmx=NOCHG
HTTP/1.0
Authorization: Basic c3ludGhlc2V1OmRvd251bmRlcg==
User-Agent: Fortinet_DDNSC/1.200310271130
Host: 66.*.*.133:3128
Via: 1.0 cache.mycache.co.za (squid/3.0.STABLE6), 1.0
cache.mycache.co.za (squid/3.0.STABLE6), 1.0 cache.mycache.co.za
(squid/3.0.STABLE6), 1.0 cache.mycache.co.za (squid/3.0.STABLE6), 1.0
cache.mycache.co.za (squid/3.0.STABLE6), 1.0 cache.mycache.co.za
(squid/3.0.STABLE6), 1.0 cache.mycache.co.za (squid/3.0.STABLE6), 1.0
cache.mycache.co.za (squid/3.0.STABLE6), 1.0 cache.mycache.co.za
(squid/3.0.STABLE6), 1.0 cache.mycache.co.za (squid/3.0.STABLE6), 1.0
cache.mycache.co.za (squid/3.0.STABLE6), 1.0 cache.mycache.co.za
(squid/3.0.STABLE6), 1.0 cache.mycache.co.za (squid/3.0.STABLE6), 1.0
cache.mycache.co.za (squid/3.0.STABLE6), 1.0 cache.mycache.co.za
(squid/3.0.STABLE6), 1.0 cache.mycache.co.za (squid/3.0.STABLE6), 1.0
cache.mycache.co.za (squid/3.0.STABLE6), 1.0 cache.mycache.co.za
(squid/3.0.STABLE6), 1.0 cache.mycache.co.za (squid/3.0.STABLE6), 1.0
cache.mycache.co.za (squid/3.0.STABLE6), 1.0 cache.mycache.co.za
(squid/3.0.STABLE6), 1.0 cache.mycache.co.za (squid/3.0.STABLE6), 1.0
cache.mycache.co.za (squid/3.0.STABLE6), 1.0 cache.mycache.co.za
(squid/3.0.STABLE6), 1.0 cache.mycache.co.za (squid/3.0.STABLE6), 1.0
cache.mycache.co.za (squid/3.0.STABLE6), 1.0 cache.mycache.co.za
(squid/3.0.STABLE6), 1.0 cache.mycache.co.za (squid/3.0.STABLE6), 1.0
cache.mycache.co.za (squid/3.0.STABLE6), 1.0 cache.mycache.co.za
(squid/3.0.STABLE6), 1.0 cache.mycache.co.za (squid/3.0.STABLE6), 1.0
cache.mycache.co.za (squid/3.0.STABLE6), 1.0 cache.mycache.co.za
(squid/3.0.STABLE6), 1.0 cache.mycache.co.za (squid/3.0.STABLE6), 1.0
cache.mycache.co.za (squid/3.0.STABLE6), 1.0 cache.mycache.co.za
(squid/3.0.STABLE6), 1.0 cache.mycache.co.za (squid/3.0.STABLE6), 1.0
cache.mycache.co.za (squid/3.0.STABLE6), 1.0 cache.mycache.co.za
(squid/3.0.STABLE6), 1.0 cache.mycache.co.za (squid/3.0.STABLE6), 1.0
cache.mycache.co.za (squid/3.0.STABLE6), 1.0 cache.mycache.co.za
(squid/3.0.STABLE6), 1.0 cache.mycache.co.za (squid/3.0.STABLE6), 1.0
cache.mycache.co.za (squid/3.0.STABLE6), 1.0 cache.mycache.co.za
(squid/3.0.STABLE6), 1.0 cache.mycache.co.za (squid/3.0.STABLE6), 1.0
cache.mycache.co.za (squid/3.0.STABLE6), 1.0 cache.mycache.co.za
(squid/3.0.STABLE6), 1.0 cache.mycache.co.za (squid/3.0.STABLE6), 1.0
cache.mycache.co.za (squid/3.0.STABLE6), 1.0 cache.mycache.co.za
(squid/3.0.STABLE6), 1.0 cache.mycache.co.za (squid/3.0.STABLE6), 1.0
cache.mycache.co.za (squid/3.0.STABLE6), 1.0 cache.mycache.co.za
(squid/3.0.STABLE6), 1.0 cache.mycache.co.za (squid/3.0.STABLE6), 1.0
cache.mycache.co.za (squid/3.0.STABLE6), 1.0 cache.mycache.co.za
(squid/3.0.STABLE6), 1.0 cache.mycache.co.za (squid/3.0.STABLE6), 1.0
cache.mycache.co.za (squid/3.0.STABLE6), 1.0 cache.mycache.co.za
(squid/3.0.STABLE6), 1.0 cache.mycache.co.za (squid/3.0.STABLE6), 1.0
cache.mycache.co.za (squid/3.0.STABLE6), 1.0 cache.mycache.co.za
(squid/3.0.STABLE6)
X-Forwarded-For: 66.8.89.82, 66.*.*.150, 66.*.*.150, 66.*.*.150,
66.*.*.150, 66.*.*.150, 66.*.*.150, 66.*.*.150, 66.*.*.150,
66.*.*.150, 66.*.*.150, 66.*.*.150, 66.*.*.150, 66.*.*.150,
66.*.*.150, 66.*.*.150, 66.*.*.150, 66.*.*.150, 66.*.*.150,
66.*.*.150, 66.*.*.150, 66.*.*.150, 66.*.*.150, 66.*.*.150,
66.*.*.150, 66.*.*.150, 66.*.*.150, 66.*.*.150, 66.*.*.150,
66.*.*.150, 66.*.*.150, 66.*.*.150, 66.*.*.150, 66.*.*.150,
66.*.*.150, 66.*.*.150, 66.*.*.150, 66.*.*.150, 66.*.*.150,
66.*.*.150, 66.*.*.150, 66.*.*.150, 66.*.*.150, 66.*.*.150,
66.*.*.150, 66.*.*.150, 66.*.*.150, 66.*.*.150, 66.*.*.150,
66.*.*.150, 66.*.*.150, 66.*.*.150, 66.*.*.150, 66.*.*.150,
66.*.*.150, 66.*.*.150, 66.*.*.150, 66.*.*.150, 66.*.*.150,
66.*.*.150, 66.*.*.150, 66.*.*.150, 66.*.*.150
Cache-Control: max-age=0
Connection: keep-alive


How do I prevent it ?

[squid-users] access denied without prompting for login

2008-10-01 Thread Gregory Machin

Hi
I have the following squid config (below) that worked for a while then
squid started giving page faults so I removed squid then reinstalled
it now when I try to open a site I get access denied with out even
being prompted for my username and password. I have tested the ldap
auth and that is working from the command line.. What have I missed ?
what caused it to break?
Current version of squid  2.6.STABLE16
on Fedora 8


thanks

auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic program /usr/lib64/squid/squid_ldap_auth -R -b
OU=Organizational Structure,DC= snip
acl ldapauth proxy_auth REQUIRED
http_access allow ldapauth

acl all src 0.0.0.0/0.0.0.0
acl locallan src 10.0.1.0/255.255.255.255
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl Safe_ports port 80  # http
acl Safe_ports port 21  # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70  # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT


http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
visible_hostname greg-test
http_access allow localhost
http_access deny all
http_port 3128

hierarchy_stoplist cgi-bin ?
maximum_object_size_in_memory 50 KB
cache_replacement_policy heap LFUDA
maximum_object_size 4096 KB
access_log /var/log/squid/access.log squid

acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY
refresh_pattern ^ftp:   144020% 10080
refresh_pattern ^gopher:14400%  1440
refresh_pattern .   0   20% 4320
quick_abort_min 0 KB
quick_abort_max 0 KB
quick_abort_pct 95
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
half_closed_clients off
dns_nameservers 10.0.1.250 196.33.158.230 66.8.85.139
memory_pools off
coredump_dir /var/spool/squid

Re: [squid-users] squid authentication against windows Active Directory 2008 ??

2008-09-16 Thread Gregory Machin

then I would have to install samba from what I understand, and or
policy is not file sharing services allowed on the firewalls . Is
there a way to get a single sign on with out installing samba ?

On Mon, Sep 15, 2008 at 5:56 PM, Kevin Blackwell [EMAIL PROTECTED] wrote:
 Gregory,

 I was running into the same problems. I finally for it working.

 Couple of questions

 1. What OS
 2. Why not use ntlm_auth? Works better.

 Kevin

 On Mon, Sep 15, 2008 at 9:06 AM, Gregory Machin [EMAIL PROTECTED] wrote:
 Hi
 I'm batteling to  get squid_ldap_auth to authenticate against M$
 windows Active Directory 2008 with my config below

 /usr/lib64/squid/squid_ldap_auth -b OU=Organizational
 Structure,DC=example,DC=co,DC=za -h 10.*.*.250 -D
 CN=squid,OU=Other,OU=TC JHB,OU=Company,OU=Organizational
 Structure,DC=example,DC=co,DC=za -w Password1 -f
 ((uid=%s)(objectclass=user))

 I have used a similar config on windows Active Directory 2003 and it
 worked perfectly fine. Is there a catch to authenticating against the
 2008 version of AD ? or have I missed some thing ..

 How is the best way to debug this as squid does not log or output any
 errors even when in debugging mode ..

 when is run
 [EMAIL PROTECTED] ~]# /usr/lib64/squid/squid_ldap_auth -b
 OU=Organizational Structure,DC=techconcepts,DC=co,DC=za -h
 10.0.1.250 -D CN=squid,OU=Other,OU=TC
 JHB,OU=Company,OU=Organizational
 Structure,DC=techconcepts,DC=co,DC=za -w Password1 -f
 ((uid=%s)(objectclass=user)) -v3
 gregory.machin Password1
 ERR Success

 I get ERR Success
 I believe I should get OK
 How can I get more info out of this interface ?

 Thanks in advance .

[squid-users] testing squid_ldap_auth

2008-09-12 Thread Gregory Machin

Hi
I'm looking for a methode to test squid_ldap_auth out side of the squid config.
I have try the following at the command line

[EMAIL PROTECTED] ~]# /usr/lib64/squid/squid_ldap_auth -b
OU=Organizational Structure,DC=example,DC=co,DC=za -h 10.0.1.250
squid [EMAIL PROTECTED])rd1
ERR Success

From what I have read ERR Success imply s that authentication was
successful , but when I try and used this in a squid config the user
in not able to authenticate when prompted by the browser. How do I
locate that breaking point, there are no error in cache.log ?
What do I do next to find the problem.

[squid-users] alot of strange requests comming from child proxy

2008-08-22 Thread Gregory Machin

I have a client that we provide conectivity for. they have a fire will
running a squid proxy that is configured with our proxy as it's parent
proxy and most of the traffic I'm seeing looks like this

1219394376.025 119836 192.168.199.253 TCP_MISS/000 0 GET
http://192.168.200.10/secars/secars.dll?h=BDA3879CF852B95325CD75608CD49315436E38A1B858309C419143C4240C16B00CB181C599C323EF8D893FA74D9B19FF36B489B0B0C1035F8206A3AB6DF27E36FBA34062AE1AE4E6980A04003009E371E49453B5E0D62BC333D1B882580717AFEFCB725D0F0257C6C0F1D1B477B03BA82F0A6B2271256AAAD3807B5AEAD42274A3B23C0E045C51B7E61D5775D0F97BEAD0430165964F5F4A31DEBCC8F9DF1669C2DD64C791538CEB227CB9612ED2660F8AF3D9E7F77B509FF3F6BC9421F039ED7B47C559076B49E8B1884821FE0920B777EE7A27F384B0B82F99478A56FB5EDA7AFB10AAEAB2B70A94671358A63C5EDEE287BB7256ABA297402B7A9DD8375195D5CFCA9B67B1FA0AA253AB4DD45B9CDC03788336BBD9DB028559F1A33F8C9EB2CC40A44D7F1B8B1369F08B61EC355F176E5D283F5D8B6B07F9FBB3B8C0E93DF21E677ECC878284133CE2E6283A9560AD1A91690FCBD075867B916926EE9BDC744D62F9F2A1FC2683AA97882D595FA830AF9AF483040F0EE80F99E34F4F158B3DD670B89FE39FC3822032F819B0D4A559321E12D54D5DD7ABEE09725578A7FA1D682CADEA93A98E44F62D284566463F32
- DIRECT/192.168.200.10 -
1219394376.112 119812 192.168.199.253 TCP_MISS/000 0 GET
http://192.168.201.143/secars/secars.dll?h=6C16C7F7CB8552608F100CA8B11F626AEC4B4A1F8925D5E0B4FE5434FEC16DEE329F29B39AA3A9685FA0FC904838EFA3C17ABA5D1A93EE6AF9DE0C6502FEE3D03CE77A1F2D64703660F9155B65BD9449D4985F0C6F66EE924F314CD8E01C2E7D25314888DAAC08294F0241DFFB2646827D4C249A6C9358D79FA51D4E4D117752F96DB435B9613368DFBB94622FA64AD7B135E9FAF62828A870BACAFDD2D7131E1F9EAD313528FCC6D725877013AF93A8493466CD5229DFD128D4E059D36844F367F8D37328E3E642618B382E791227DFFC70360A9A349E217F822E72A2B5E65574397D1EB8C7BBD69B3E3AAE4A7A67BEB1A4D4E98A229671F8E752F397D685F5E14E2B596E683AC565B227C4272F10786543DE6F6F9E71902F0BC3175E2AE663708E71FB304C2AFB5E97852AA43E03843837D4B1D0A39289BD371D135C68ACA90040A3F117C97BD7CC2D837D8121C410A1DD633B6DA05D57191AF6147EFC87CC051D3DCC49CFC099CE4197CD83B583C7
- DIRECT/192.168.201.143 -
1219394376.313 119792 192.168.199.253 TCP_MISS/000 0 GET
http://192.168.200.10/secars/secars.dll?h=8A4F1743217F213893940A066FA0327A70013D90ADCFFAA63D79E536816A8D6954969B4CD1504F360A7186CE6C7ABBAAAE38944D2ADC272600A263B849B99EB8718A2F72F491BE9313E232C715A6D554014389799E4095D5F7B4B3B25668337891F2BDA12D30F9C7B388132354AFB497965315DED9345938C5A265F307A9D2412116A795987AEDA39E92AB4234359D857876663CE5B5CC14B97BAC7BAF138D6F6A427C74BA0AF2741379F0897C27BABC40417C5651E8EE8E5BFF57E2F3A9AC96C62DEB85BB528E48599705A1FAC16914B2B209058C3EF7709B1E21F32AE4F476ED25B3290C433D01208844E41F5027AFE287BB7256ABA297402B7A9DD8375195D5CFCA9B67B1FA0AA253AB4DD45B9CDC03788336BBD9DB028559F1A33F8C9EB280E54DD44843B0ADF5ED98992B3308B455A96EE2C15924C1AB1D75B42E6CAE64DD1D7574ED8CA99617961917E51323A68B7910134E6CABFA446BA9D277ED9722D6B86D0672BDCE22CEFC58139078B44B190BA8A72E65067772B61F1876A5EEA1321E12D54D5DD7ABEE09725578A7FA1D682CADEA93A98E44F62D284566463F32
- DIRECT/192.168.200.10 -

what is it ? and should I my proxy be receiving these requests ?

Thanks

Re: [squid-users] alot of strange requests comming from child proxy

2008-08-22 Thread Gregory Machin

On Fri, Aug 22, 2008 at 11:34 AM, Michael Alger [EMAIL PROTECTED] wrote:
 On Fri, Aug 22, 2008 at 10:49:53AM +0200, Gregory Machin wrote:
 I have a client that we provide conectivity for. they have a fire
 wall running a squid proxy that is configured with our proxy as
 it's parent proxy and most of the traffic I'm seeing looks like
 this

 1219394376.025 119836 192.168.199.253 TCP_MISS/000 0 GET
 http://192.168.200.10/secars/secars.dll?h=BDA3...
 - DIRECT/192.168.200.10 -
 1219394376.112 119812 192.168.199.253 TCP_MISS/000 0 GET
 http://192.168.201.143/secars/secars.dll?h=6C16C...
 - DIRECT/192.168.201.143 -
 1219394376.313 119792 192.168.199.253 TCP_MISS/000 0 GET
 http://192.168.200.10/secars/secars.dll?h=8A4F...
 - DIRECT/192.168.200.10 -

 what is it ?

 Not sure, may be something to do with Symantec EndPoint Protection
 Manager; whatever that is. At least that's the references I've seen
 in a Google search for secars.dll.

 and should I my proxy be receiving these requests ?

 That depends - are 192.168.200.x and 192.168.201.x under your
 control? Or more correctly: does your client need to access these
 addresses via your proxy?

those ips are on the clienst lan / wan that behind the proxy .

 It may be that they need reconfigure their squid to go direct for
 that server rather than use your proxy.

[squid-users] TCP_NEGATIVE_HIT/404 615 GET for file that does exist

2007-10-03 Thread Gregory Machin

Hi
There is a file I'm trying to download via my proxy, but cant ...
squid loggs show

1191409989.051  0 192.168.2.203 TCP_NEGATIVE_HIT/404 615 GET
http://www.coltech.co.za/pnp/files/vPbPsCrVJ/SFUP-V447B4-D.zip greg
NONE/- text/html

If i bypass the proxy I can download the file fine ... what would be
causing this ?

Greg

[squid-users] white listing acls

2007-03-27 Thread Gregory Machin


Hi
I'm looking for an example of how to have white lists for one subnet
but the other subnet is full access ...

Many Thanks

--
Gregory Machin
[EMAIL PROTECTED]
www.linuxpro.co.za

[squid-users] limit size of download per user group..

2005-02-27 Thread Gregory Machin

Hi
Please could you advise me how I can limit the size of file downloads
on a per user / ip range acl baises ?

I can only find out how to do it globaly ... :-(

Many Thanks
-- 
Gregory Machin
[EMAIL PROTECTED]
[EMAIL PROTECTED]
www.linuxpro.co.za
Web Hosting Solutions
Scalable Linux Solutions 
www.iberry.info (support and admin)
www.goeducation (support and admin)
+27 72 524 8096

[squid-users] Fw: Squid and load splitting.

2004-01-10 Thread Gregory Machin

Hi all.
Could some please advise me on how to do the following ..

I have 2 incomming lines one is adsl with a capped internation limit (ie:
when reach 3 gig international bowsing dies) the and is a slow diginet line.

I want to be able to setup squid so that once the 3gig limit is reached
(sites timeout) all traffic for internatinal sites is passed through the
diginet line. Both lines currently have there own squid proxy servers.

Many Thanks ..
Gregory Machin

[squid-users] parent cach not showing child cache requests in it's logs

2003-12-19 Thread Gregory Machin

Hi all.

I have a number squid proxies on my network the one child proxy is set =
to use the primary proxy as perant, but the requests aren't being =
displayed in the logs.
This is my acl config for the child proxy. I have used both the ip and =
the FQNS of the parent proxy ..

 shutdown_lifetime 30 seconds


pid_filename /var/run/squid.pid
cache_access_log /cache/squid/logs/access.log
cache_log /cache/squid/logs/cache.log
cache_store_log none
emulate_httpd_log on
log_mime_hdrs off

http_port 192.168.10.250:8080


cache_peer ns2.ct-net.org parent 3128 3130 no-query default

acl local-ip dst 192.168.0.0/16
acl all src 0.0.0.0/0.0.0.0
always_direct allow local-ip
never_direct allow all
acl localhost src 127.0.0.1/32
acl localnet src 192.168.0.0/16

always_direct allow localnet

acl Safe_ports port 80  # http
acl Safe_ports port 20-21   # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70  # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1021-65535  # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl SSL_ports port 21 25 110 143 443 563 1080
acl CONNECT method CONNECT

http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access allow localnet
http_access deny all


request_timeout 45 seconds
pconn_timeout 240 


Many thanks
Gregory Machin
072 5248 096
[EMAIL PROTECTED]
[EMAIL PROTECTED]

System Administrator for
 - Academy Internalional
 - Vukani Skills Lab

Systems Developer for 
  sylque.com
  scsza.com
  linuxpro.co.za

Programming 
  Mysql 
  PHP
  Delphi
  Kylix

[squid-users] seamless authentication with active directory

-- Thread Gregory Machin

->









  
  [squid-users] seamless authentication with active directory
  
  
  
  
  
  








	

	squid-users 

	
		
			-- Thread --
			-- Date --
			





			
		
	



	
	
	




 




<!--
google_ad_client = "pub-7266757337600734";
google_alternate_ad_url = "http://www.mail-archive.com/blank.png";
google_ad_width = 160;
google_ad_height = 600;
google_ad_format = "160x600_as";
google_ad_channel = "8427791634";
google_color_border = "FF";
google_color_bg = "FF";
google_color_link = "006792";
google_color_url = "006792";
google_color_text = "00";
//-->








[squid-users] seamless authentication with active directory
Gregory Machin
 


Re: [squid-users] seamless authentication with active directory
Kinkie





 






  
  





Reply via email to

[squid-users] Browsing slow after adding squid proxy.

Re: [squid-users] Alert!: Invalid header 'WWW-Authenticate: NTLM'

Re: [squid-users] Alert!: Invalid header 'WWW-Authenticate: NTLM'

[squid-users] Alert!: Invalid header 'WWW-Authenticate: NTLM'

Re: [squid-users] error 401 when going via squid ???

[squid-users] error 401 when going via squid ???

[squid-users] how to configure wccp load balancing with squid.

[squid-users] Forwarding loop detected for .. help

[squid-users] access denied without prompting for login

Re: [squid-users] squid authentication against windows Active Directory 2008 ??

[squid-users] testing squid_ldap_auth

[squid-users] alot of strange requests comming from child proxy

Re: [squid-users] alot of strange requests comming from child proxy

[squid-users] TCP_NEGATIVE_HIT/404 615 GET for file that does exist

[squid-users] white listing acls

[squid-users] limit size of download per user group..

[squid-users] Fw: Squid and load splitting.

[squid-users] parent cach not showing child cache requests in it's logs

[squid-users] seamless authentication with active directory

19 matches

Site Navigation

Mail list logo

Footer information