Re: [squid-users] Port Problem with squid
> When I take off transparent mode, the result is the same, it does not > access (time out) without squid, When you access www.example.com, does it redirect to www2.example.com:8098/login.aspx ? If yes, Webserver www.example.com is OK. Hope to hear from you. Thank you Indunil Jayasooriya
Re: [squid-users] Port Problem with squid
> Yes, that is correct. If I bypass squid and go to www.example.com, it > automatically redirects to www2.example.com:8098/login.aspx OK, SOUNDS GOOD. i.e nothing wrong with webserver www.example.com www2.example.com is running on port 8098. Can you change it to port 80 ? Then, Pls browse www.example.com via squid. -- Thank you Indunil Jayasooriya
Re: [squid-users] Port Problem with squid
> www2.example.com server is not my within my company. I cannot change > the port on it Again, pls disable both transparent intercept mode and dansguardian in squid. Then, browse www.example.com via squid. Pls give me the output of below command tail -f /var/log/squid/acccess.log and, also I need the output of below 2 apache logs of www.example.com at the same time? tail -f /var/log/httpd/access_log tail -f /var/log/httpd/error_log I think it is the easiest way to see what is going on there? -- Thank you Indunil Jayasooriya
Re: [squid-users] Port Problem with squid
> No other logging for it. Thanks for your logs. I think that 10.43.8.20 is the server where www2.example.com. So far, We checked in two ways. One way is without squid (Direct connection)Then, It worked. What is this path, Is it via a firewall? Pls write down that PATH. The , other PATH is via squid proxy. Then, It does not work. What is this PATH? I want to see reverse path filtering. hope to hear form you. - Thank you Indunil Jayasooriya
Re: [squid-users] Port Problem with squid
10.1.15.245 is the squid server. It resides on the LAN. 10.1.15.240 is the LAN interface 10.1.15.241 is connected to INTRANET What is you laptop ip? We know you (i.e your laptop) can access www2.example.com without squid. Can you tracert to www2.example.com (NOT throuogh squid) I think 10.1.15.240 is the gateway of your LAPTOP Pls come back to me... > > From my laptop (through squid) > > > > C:\Documents and Settings\edd>tracert www2.example.com > > Tracing route to 10.43.8.20 over a maximum of 30 hops > > 1<1 ms<1 ms<1 ms 10.1.15.245 -- this is my squid server > 2<1 ms<1 ms<1 ms 10.1.15.240 -- the is our router - LAN > interface > 3 1 ms<1 ms<1 ms 10.1.15.241 --- this is the 2nd > interface on the router, connected to the WAN (intranet, not internet) > 411 ms12 ms13 ms 10.43.113.57 > 5 8 ms13 ms12 ms 10.43.112.2 > 613 ms13 ms13 ms 10.43.8.20 > > Trace complete. > > C:\Documents and Settings\edd> > > > > > On Mon, Jun 2, 2008 at 3:25 PM, Indunil Jayasooriya <[EMAIL PROTECTED]> wrote: >>> No other logging for it. >> >> Thanks for your logs. I think that 10.43.8.20 is the server where >> www2.example.com. >> >> >> So far, We checked in two ways. One way is without squid (Direct >> connection)Then, It worked. >> >> What is this path, >> >> Is it via a firewall? Pls write down that PATH. >> >> The , other PATH is via squid proxy. Then, It does not work. >> >> What is this PATH? >> >> I want to see reverse path filtering. >> >> hope to hear form you. >> - >> Thank you >> Indunil Jayasooriya >> > -- Thank you Indunil Jayasooriya
Re: [squid-users] Port Problem with squid
> my laptop IP is 10.1.15.57. > > 10.1.15.240 is the LAN interface of the router. It is normally the > gateway - however when I am using squid (transparent) the squid server > becomes my gateway. Yeah, Interesting. Then, this is your network setup if you bypass squid , your laptop -> Firewall -> intranet(www.example.com) it directs to www2.example.com If you go via squid, this would be your network setup your laptop -> squid -> Firewall -> intranet(www.example.com) it directs to www2.example.com I think 10.1.15.240 is the gateway of squid server. How many ethernet does this squid server have? I think this is something that belongs to routing... -- Thank you Indunil Jayasooriya
Re: [squid-users] Port Problem with squid
I am GLAD to hear am very happy about your effort in solving this ISSUE. HAPPY squiding. On Mon, Jun 2, 2008 at 1:57 PM, Edward Dam <[EMAIL PROTECTED]> wrote: > Hello > > Thank you for all your help. I have figured out that it is actually > related to DNS. When I put the intranet DNS server (from that other > domain) in front of my own DNS server in resolv.conf, it now works > through squid. > > Thank you again for all your help, and I apologize if I wasted your time. > > On Mon, Jun 2, 2008 at 4:18 PM, Indunil Jayasooriya <[EMAIL PROTECTED]> wrote: >>> my laptop IP is 10.1.15.57. >>> >>> 10.1.15.240 is the LAN interface of the router. It is normally the >>> gateway - however when I am using squid (transparent) the squid server >>> becomes my gateway. >> >> Yeah, Interesting. >> Then, this is your network setup >> >> if you bypass squid , >> your laptop -> Firewall -> intranet(www.example.com) it directs to >> www2.example.com >> >> If you go via squid, this would be your network setup >> >> your laptop -> squid -> Firewall -> intranet(www.example.com) it >> directs to www2.example.com >> >> I think 10.1.15.240 is the gateway of squid server. How many ethernet >> does this squid server have? >> >> I think this is something that belongs to routing... >> >> >> -- >> Thank you >> Indunil Jayasooriya >> > -- Thank you Indunil Jayasooriya
Re: [squid-users] Access-list domain and user
> I want to know if it's possible to have an ACL to grant a user to > access a domain. > My users are authenticated with LDAP. Let's assume that user toto wants to have access to cnn.com . Pls try below > To grant access a user : acl prj1 proxy_auth toto acl domains4toto dstdomain .cnn.com http_access allow prj1 domains4toto http_reply_access allow prj1 domains4toto http_access deny prj1 Just try it out. -- Thank you Indunil Jayasooriya
Re: [squid-users] allow group 1 to access few sites and group 2 to access another group of sites
> is there a way using squid proxy to somehow allow certaint people to > access some websites and another group of people access another group > of websites? > > maybe some sort of authentication of some sort? yes. I am running with nsca_auth pls add below lines to squid.conf file auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/squid_passwd acl ncsa_users proxy_auth REQUIRED acl group1 proxy_auth user1 user2 user3 user4 user5 acl group2 proxy_auth user6 user7 acl group3 proxy_auth user9 user11 acl DOMAINSLIST1 dstdomain .bbc.com .cnn.com acl DOMAINSLIST2 dstdomain .google.com .yahoo.com .gmail.com acl DOMAINSLIST3 dstdomain .bsd.org .openbsd.org .freebsd.org .redhat.com http_access deny group1 !DOMAINSLIST1 http_access deny group2 !DOMAINSLIST2 http_access deny group3 !DOMAINSLIST3 http_access allow ncsa_users then, using htpasswd file , pls add users as follows [EMAIL PROTECTED] ~]# htpasswd /etc/squid/squid_passwd user1 New password: Re-type new password: Adding password for user user1 finally, Pls restart squid server. That's it Happy squiding -- Thank you Indunil Jayasooriya
Re: [squid-users] second squid proxy
On Tue, Jun 3, 2008 at 7:25 PM, Armend ALIAGA <[EMAIL PROTECTED]> wrote: > Hi all, > I would be gratefull if somebody could help me out on this issue, > I have a squid proxy (.i.e. IP.10.10.10.1) running wonderfull up to now.. > I set up another squid proxy ... and the issue is that I dont know how to > redirect all http requets from this one to the first proxy 10.10.10.1 without > going directly to internet ? ( I'am not allowed to NAT 2 IP in the pix ?!?) > I tried to do it with "cache peer parent 10.10.10.1 3128 3130" but I have an > error when aplying policy. > thanks, pls try belpw. cache_peer 10.10.10.1 parent 3128 0 no-query default acl all src 0.0.0.0/0.0.0.0 never_direct allow all -- Thank you Indunil Jayasooriya
Re: [squid-users] second squid proxy
On Wed, Jun 4, 2008 at 2:48 PM, Armend ALIAGA <[EMAIL PROTECTED]> wrote: > Hi , > thanks for your replies... > if I check the mark in internet options to bypass proxy for local address > I'am able to get through our intranet and other local sites, and also if I > uncheck the mark won't browse intranet - which means that the second proxy > works fine... > However I'am not able to browse internet ? > any idea? then, Pls add below I assume your LAN is 192.168.1.0/24, if it is something else, Pls change it accordingly cache_peer 10.10.10.1 parent 3128 0 no-query default acl lan src 192.168.1.0/24 http_access allow lan never_direct allow all -- Thank you Indunil Jayasooriya
Re: [squid-users] Squid 2.6 Access Log Not showing access to websites
> To my surprise, I can use internet even when squid service is > Thanks, > Kirtimaan > > Amos Jeffries wrote: >>down. So > now it means that squid is not configured properly ? > > How I can verify this, please guide. Could you pls draw your network diagram? How many ethernet does squid box have? Hope to hear from you. -- Thank you Indunil Jayasooriya
Re: [squid-users] Squid 2.6 Access Log Not showing access to websites
On Thu, Jun 5, 2008 at 11:37 AM, Kirtimaan <[EMAIL PROTECTED]> wrote: > Hello, > > There is one Eth in Squid Box. > > There is a DSL Router with IP 192.168.1.165 > > Squid box is configured to access internet and DNS service using this IP. > > There are 4 windows XP systems connected to same network and they use Squid > box IP as their gateway and DNS server address. > > so it is like > > WINDOW CLIENTS <=> SQUID BOX <=> DSL ROUTER. > > On squid box, there is a utility Guarddog used for port forwarding. So it > forward all traffic on port 80 to Squid port 3128. > > Squid box also have apache webserver, but that is configured on port 8080. > So if any one in network have to use intranet, we have to use like > http://squidbox:8080. > > When squid is running and we try to access it like http://squidbox it shows > a page > > --- >* Access Denied. > > Access control configuration prevents your request from being allowed > at this time. Please contact your service provider if you feel this is > incorrect. have you added ACL in squid.conf something like this. acl our_networks src 192.168.1.0/24 http_access allow our_networks Pls try it out -- Thank you Indunil Jayasooriya
Re: [squid-users] second squid proxy
>> On Tue, Jun 3, 2008 at 7:25 PM, Armend ALIAGA wrote: >> > Hi all, >> > I would be gratefull if somebody could help me out on this issue, >> > I have a squid proxy (.i.e. IP.10.10.10.1) running wonderfull up to now.. >> > I set up another squid proxy ... and the issue is that I dont know how to >> redirect all http requets from this one to the first proxy 10.10.10.1 without >> going directly to internet ? ( I'am not allowed to NAT 2 IP in the pix ?!?) >> > I tried to do it with "cache peer parent 10.10.10.1 3128 3130" but I have >> > an >> error when aplying policy. >> > thanks, >> >> pls try belpw. >> >> cache_peer 10.10.10.1 parent 3128 0 no-query default >> acl all src 0.0.0.0/0.0.0.0 >> never_direct allow all >> May I get your network set up with ips, if possible? I think it is like this. clients ---> 2ndsquidproxy ---> 1stsquidproxy(its ip is 10.10.10.1) --> Your firewall Hope to hear from you. -- Thank you Indunil Jayasooriya
Re: [squid-users] Squid keeps rotating.
> In my squid.conf I have edited the line logfile_rotate 0
> so this should prevent squid from changing access.log to access.log.1
That's true
> However for some reason it keeps doing that. Squid needs to write to
> /var/log/squid/access.log since that is a named pipe that has a text
> processor behind it. Any idea why Squid is still doing this ?
How's /etc/logrotate.d/squid file. this is JUST one .
Example of /etc/logrotate.d/squid
/var/log/squid/access.log {
daily
rotate 4
copytruncate
compress
notifempty
missingok
}
/var/log/squid/cache.log {
daily
rotate 4
copytruncate
compress
notifempty
missingok
}
/var/log/squid/store.log {
daily
rotate 4
copytruncate
compress
notifempty
missingok
# This script asks squid to rotate its logs on its own.
# Restarting squid is a long process and it is not worth
# doing it just to rotate logs
postrotate
/usr/sbin/squid -k rotate
endscript
}
As you can see, I use the /usr/sbin/squid -k rotate command to let
squid rotate his logs. You can issue this command everytime you feel
the need to.
I got it from below URL
http://linux.cudeso.be/linuxdoc/squid.php
Happy Squiding
--
Thank you
Indunil Jayasooriya
Re: [squid-users] Squid 2.6 Access Log Not showing access to websites
>> On squid box, there is a utility Guarddog used for port forwarding. So >> it forward all traffic on port 80 to Squid port 3128. > > I'd say your problem is here. You have port forwarded port 80 on the > server itself to port 3128 on the server itself. Same as configuring > Squid to listen on port 80 directly. I think Henrik is right. Pls do not uer suc a GUI tool. pls input iptables command by hand. > What you need is a rule which intercepts (NAT:s)any outgoing traffic to > port 80 on servers out on the Internet and redirect these to Squid. This > is different from port 80 on the server itself. Pls try below rules. #on the squidbox, Open squidport (3218) for LAN ips iptables -A INPUT -i eth0 -d ipofsquidbox -p tcp -s ipofLANs/24 --dport 3128 -j ACCEPT #Redirecting traffic destined to port 80 to port 3128 iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 80 -j REDIRECT --to-port 3128 Hope to hear from you. Happy squiding -- Thank you Indunil Jayasooriya
Re: [squid-users] help on performances
> Need some help on how to improve the performance of squid proxy. > > My problem is when I access any site directly it is faster but when used > proxy its slow. Pls try below command and ses its output squidclient mgr:info -- Thank you Indunil Jayasooriya
Re: [squid-users] Web Usage Statistics by Client IP
Hi Richard, Pls try sarg. here is HOW to . http://www.squid-cache.org/mail-archive/squid-users/200805/0172.html On Wed, Jun 11, 2008 at 6:38 PM, Richard Chapman <[EMAIL PROTECTED]> wrote: > Hi > > I am new to Squid - but found it very easy to get going. I am running Squid > 2.6 on Centos 5.1 Linux. and it workd brilliantly. > > I was hoping to be able to track down the Bandwidth Usage Stats for > individual client machines - to try to find out where all our bandwidth is > going. I have found the Cache Manager Statistics Reports - but haven't found > one with this info broken down by Client. > Is it there somewhere in one of the report - or do I need some additional > reporting tool? > > Thanks for the help. > > Richard. > > > > -- Thank you Indunil Jayasooriya
[squid-users] Re: Help with sarg usage
Hi Richard, I hope this may help you. http://www.squid-cache.org/mail-archive/squid-users/200805/0172.html On Sun, Jun 15, 2008 at 12:33 PM, Richard Chapman <[EMAIL PROTECTED]> wrote: > Hi > > I have satrg installed and working - but have not found much documentation > other than the man pages - which are fairly brief. > > Can anyone help me with these issues with sarg. > > 1) It appears to only use the current squid log by default - and the > documentation doesn't seem to tell me how I can get it to read several squid > log files. > 2) When I first installed it - and told it to place reports in > /var/ww/html/sarg - I could browse the report fine as > http://192.168.0.201/sarg - but for some reason - I now get a "Forbidden" > error". > 3) How do you access the reports at the default location: /var/www/sarg? > 4) If I specify the "-t HH-HH" option to restrict the report to a time range > - it doesn't seem to behave as I would expect. I get far less traffic > reported than I would expect over the period. I can't find any way to check > that it is reporting all the relevant trafic. > > Thanks > > Richard. > > -- Thank you Indunil Jayasooriya
Re: [squid-users] Where are the ircache.net cgi for creating graphs?
What about this? http://www.squid-cache.org/~wessels/squid-rrd/ On Sat, Jun 14, 2008 at 3:23 AM, Richard Hubbell <[EMAIL PROTECTED]> wrote: > Hello squid world, > > I was looking for the scripts that create the graphs on ircache.net, I found > everything but the cgi scripts. Does anyone know where to get them? > > Or maybe there's another package that's preferred to make use of RRD for > Squid? > > > > > > -- Thank you Indunil Jayasooriya
Re: [squid-users] iptables syntax
> I will run Squid on Linux OS, with transparent mode. > Should I use iptables to do the http intercept? > what's the iptables syntax? please help, thank you. How many network card does this squid box have? in squid.conf, Pls add below line http_port 3128 transparent This is the iptables rule #Redirecting traffic destined to port 80 to port 3128 iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 80 -j REDIRECT --to-port 3128 for more, pls visit below URL http://wiki.squid-cache.org/SquidFaq/InterceptionProxy Happy Squiding -- Thank you Indunil Jayasooriya
[squid-users] Re: Help with sarg usage
> Yes. That did help quite a bit. I had actually seen the link before from a > google search - but hadn't studied it properly. It certainly explains my > "forbidden" problem. I think I found a missing step though. The step by step > instructions do not tell you to make sarg.cron executable - so the cron job > wouldn't run until I corrected this. Yeah, sarg.cron should be executable. So, Pls execute it in following way. chmod 755 /var/www/sarg/sarg.cron > It still leaves me with a few queries though: > 1) I would like to be able to see what traffic flowed between (say) 13.00 on > 13 June 2008 and 14:00 on 13th June 2008. I think that it depends on the crontab. my crontab @ step by steb doc displays every 5 minute execution. So , Then, It has every 5 miniute data. For example, crontab executes every 5 minutes. Let's say 13 hrs , 13.05 hrs, 13.10 hrs ans so on. > I haven't found a way to do this yet. Is it possible with Sarg? I am trying > to find out what causes occasional large traffic bursts. First, Pls get Sarg woking. Then, begin to analyse. > 2) Is there some more complete documentation somewhere? The man page refers > to documentation in the "GNU info format". Where could I find this Difficult to say. -- Thank you Indunil Jayasooriya
[squid-users] Re: Help with sarg usage
The cron job seems to create a new report > every 30 minutes - and delete the old one. Yes, that's right. The new report covers the full > period (presumably) covered by the current squid log file - until the time > the report is generated. Yes, that's right. I can't find a way to narrow down the time window > of the report. I also can't find a way to make it cover further back than > the current squid log file - What do u mean ? do you need older data than the current report? current crontab executes every 30 minutes and delete the old one. I think if it does not delete the old one, I would be older than current. So just, try to have about 10 reports and delete from 11. So , pls try below squid.cron [EMAIL PROTECTED] ~]# cat /var/www/sarg/sarg.cron #!/bin/sh /usr/bin/sarg cd /var/www/sarg/reports rm -rf *.11 Pls try it out. > > I seem to have something in my /etc/cron.daily which rotates the squid > access.log file at 4.02 am every morning. May I have a look at that? And also , have a look at these scrips. I have not used these.Pls try and see. If you succeed, Pls put a mail to this mailing list, then others can benifit from them. http://sarg.sourceforge.net/enhancements.php http://sarg.sourceforge.net/zhaolei.txt Happy Squiding -- Thank you Indunil Jayasooriya
[squid-users] Re: Help with sarg usage
> In any case - the report seems to cover the whole period of the log. Even > though the report is generates every 30 minutes - it appears to cover the > whole squid log period. YES Is there any way to restrict the report to a short > period (say 1 hour) of within the coverage of the squid log. I still do not know. I think it is good to send another mail with the subject of "restrict access log to a short period (say 1 hour)" Then, squid developers might be able to answer you. go ahead to bring this to an end Happy Squiding. -- Thank you Indunil Jayasooriya
Re: [squid-users] Setting a whitelist for ONE IP-Adress
> I tried the following config lines: > > # Define the pc/ip, which has to squid later > acl pc101 src 192.168.100.101/255.255.255.255 > > # define the whitelist > acl whitelist dstdomain "/squid/etc/whitelist.allow" > > # define the pc to use the whitelist > http_access pc101 whitelist Pls add the word allow as follows http_access allow pc101 whitelist Happy squiding -- Thank you Indunil Jayasooriya
Fwd: [squid-users] Setting a whitelist for ONE IP-Adress
Can you post me a default config with my three lines in it, so that the IP-Adress is using the whitelist defined and any other IPs can reach any site? Try below lines # Define the pc/ip, which has to squid later acl pc101 src 192.168.100.101/255.255.255.255 # define the whitelist acl whitelist url_regex -i "/squid/etc/whitelist.allow" http_access deny pc101 !whitelist then, create below file. touch /squid/etc/whitelist.allow and add below domains to that file. .allowedsites1.com .allowedsites2.com .allowedsites3.com #the rest has FULL ACCESS acl mynet 192.168.100.0/24 http_access allow mynet restart squid Happy Squiding -- Thank you Indunil Jayasooriya
Re: [squid-users] Question : Squid and iptables
> > I have a linux server and 3 ethernet card installed and squid is working > this server. > I m using two ADSL lines. I m sharing these ADSL lines with iproute. But i > have a problem. > ADSL1 and ADSL2 users has a same real ip address. All 80 port request exit > the one ADSL line. > What kind of routing am i making this protocols (iptables and squid)? Do you want to route port 80 (web) traffic via one ADSL line? the rest of traffcie via the other? if so, iptables and ip route2 can do it. then, you nerd policy routing. -- Thank you Indunil Jayasooriya
[squid-users] transparent intercepting proxy
Hi, I have setup transparent intercepting proxy (squid 2.6 branch) in RedHat EL5. It has 2 NICs. One is connected to router. The other is connected to LAN. Client's gateway is LAN ip address of the proxy server.Clients have 2 Dns entries. It works fine. If I remove dns entires of clinets PCs. It will NOT work. Is it normal? Without DNS sentires in Clients Pcs. Is it possible to work? Hope to hear from you. -- Thank you Indunil Jayasooriya
Re: [squid-users] transparent intercepting proxy
On Mon, Jul 7, 2008 at 3:19 PM, Alexandre Correa <[EMAIL PROTECTED]> wrote: > no, it´s now possible without dns ... browser need to resolve address > to ip to start connections Thanks for your quick responce. How Can I achieve it. All clinets use IE and firefox. Hope to hear from you. -- Thank you Indunil Jayasooriya
Re: [squid-users] transparent intercepting proxy
>> no, it´s now possible without dns ... browser need to resolve address >> to ip to start connections Thanks for your quick responce. How Can I achieve it. All clinets use IE and firefox. Hope to hear from you. -- Thank you Indunil Jayasooriya
Re: [squid-users] squid not asking for authentication
> sorry i am a new to this .. if only you could explain. or just give me some > link were i can get knowladge abt this Pls click below Urls http://wiki.squid-cache.org/SquidFaq/InterceptionProxy#head-7cfff26a112769fccff8f4d507961cd27ebe5eac http://www.squid-cache.org/mail-archive/squid-users/200708/0069.html Hope , it may help -- Thank you Indunil Jayasooriya
[squid-users] squid is quite slow with Acls
Hi , my squid box became quite slow after adding ACLs. they use ncsa_auth. belwo are a few Acls. # These IPs have access to sites given in ACL paxarusers with password acl paxarusers src 172.23.1.86 acl dstallowed4paxarusers dstdomain .paxaronline.com .dhl.com .dhl.com.lk acl ncsa_users proxy_auth required http_access allow paxarusers dstallowed4paxarusers ncsa_users http_access deny paxarusers # These IPS have access to sites given in ACL shipping with password acl shipping src 172.23.1.73 172.23.1.88 172.23.1.95 acl dstallowed4shipping dstdomain .apl.com .hanjin.com .maersk.com .mpower-shipper.com .tradecard.com .onlanka.com .dhl.com . dhl.com.lk .wde.eserviceslanka.com .corporate.ndbbank.com .hsbcnet.com .slpa.lk acl ncsa_users proxy_auth required http_access allow shipping dstallowed4shipping ncsa_users http_access deny shipping # These IPS have access to sites given in ACL Nike with password acl nike src 172.23.3.13 172.23.3.36 172.23.1.79 172.23.3.61 172.23.1.35 172.23.1.174 172.23.1.38 172.23.1.104 acl dstallowed4nike dstdomain .george.tactivity.com .nike.com .nikeconnect.com .google.com .google.lk .dhl.com .dhl.com.lk .a verydennison.com acl ncsa_users proxy_auth required http_access allow nike dstallowed4nike ncsa_users http_access deny nike #these have FULL ACCESS without password acl mynet src 172.23.0.0/255.255.0.0 http_access allow mynet Is it because of the above ACls. Any advice is expected. -- Thank you Indunil Jayasooriya
[squid-users] parent proxy issue
Hi, I want to forward all the webtraffice to a parent proxy. I have given below lines in squid.conf file cache_peer 192.168.0.3 parent 3128 0 no-query default acl mynet src 192.168.0.0./24 http_access allow mynet never_direct allow all But. it does not work? Both are squid 2.6 on RH EL 5 ANy idea? -- Thank you Indunil Jayasooriya
Re: [squid-users] parent proxy issue (SOLVED)
> > You have a typo in your ACL config. 192.168.0.0. is not an IP address. I'm > > surprised your squid even starts. > > 192.168.0.0. is a mistake only in this mail. But, in squid.conf file I have > added correctly. > > Anyway, I have added a rule for tranceparent interception. I removed it. Now, > It works. -- Thank you Indunil Jayasooriya
Re: [squid-users] squid and squidguard
>> Also i saw that this is a commercial product. Do you know any free >> software like this ? What about this? Pls try http://www.shallalist.de/ -- Thank you Indunil Jayasooriya
Re: [squid-users] squid https
On Tue, Sep 2, 2008 at 11:30 AM, İsmail ÖZATAY <[EMAIL PROTECTED]> wrote: > Hi, > > I am trying to redirect https traffic to squid for days. 2 weeks ago i sent > a post to this group and tried some advices but could not fix my problem. If > i use server ip and squid port with any browser ( without redirecting https > or ftp port with iptables ) it works ( both https anf ftp ) but when i > redirect https this error accurs ; > > 192.168.1.105 TCP_DENIED/400 2194 GET error:invalid-request - NONE/- > text/html > > After that i used this advice ; > > https_port 443 cert=/etc/squid/cert.pem key=/etc/squid/private.pem > > Last i tried this one that does not work with squid on OpenBSD4.3 ; I use OpenBSD 4.3 I think you are trying to redirect https and ftp. Transparent interception of HTTPS traffic is (by design) not possible. Squid 3HEAD includes a feature called sslbump Pls visit below Urls http://markmail.org/message/5d7rtqbhwwcivkkx?q=transparent+https&page=1&refer=vhkzezxg7n643ik2 http://markmail.org/message/mkgy5jjr6wdthi5k?q=transparent+https&page=1&refer=vhkzezxg7n643ik2 -- Thank you Indunil Jayasooriya
Re: [squid-users] squid https
> I am using Squid Cache: Version 2.6.STABLE18 and when i applied sslBump i > got error. Can you use this option with the same version of mine ? I think > you are using squid 3. I tried this option like this ; I also use squid Version 2.6.STABLE18 from OpenBSD port tree as transparent interception. I think below may help you http://wiki.squid-cache.org/Features/SslBump?highlight=%28C%7B1%7DategoryWish%29%7C%28C%7B1%7DategoryFeature%29%7C%28completed%29%7C%28Version...%3A.%2A3.1%29%7C%28Status...%3A%29%7C%28ETA...%3A%29 Happy Squiding -- Thank you Indunil Jayasooriya
Re: [squid-users] Interception caching problems
Hi, Pls fill below varable with yours. $LAN= Lan ip range. example- 192.168.0.0/24 $INTERFAZ_INT= Interface connects to the Internet $INTERFAZ_LAN= Interface conncects to Lan $LAN_IP of the squid box = Lan ip. example- 192.168.0.1 I use below rules for tranceparent interception on Linux. #Enabling ip forwarding echo "1" > /proc/sys/net/ipv4/ip_forward #For squid traffic to Accept iptables -A INPUT -d $LAN_IP -p tcp -s $LAN --dport 3128 -j ACCEPT iptables -A FORWARD -p udp -s $LAN --dport 53 -m state --state NEW -j ACCEPT iptables -A FORWARD -p tcp -s $LAN -m multiport --dports 20,21,22,25,43,53,80,443,110,143 -m state --state NEW -j ACCEPT iptables -A OUTPUT -p udp --dport 53 -j ACCEPT iptables -A OUTPUT -p tcp -m multiport --dports 20,21,22,25,43,53,80,443,110,143 -j ACCEPT iptables -t nat -A POSTROUTING -p udp -o $INTERFAZ_INT -s $LAN --dport 53 -j SNAT --to-source $INT_IP iptables -t nat -A POSTROUTING -p tcp -o $INTERFAZ_INT -s $LAN -m multiport --dports 20,21,22,25,43,53,80,443,110,143 -j SNAT --to-source $INT_IP #Redirecting traffic destined to port 80 to port 3128 iptables -t nat -A PREROUTING -p tcp -i $INTERFAZ_LAN --dport 80 -j REDIRECT --to-port 3128 in addition to that, Pls check you Clients PCs. their gateway, DNS servers
[squid-users] Vedio streming erros
Hi, We want to go to below website which contains streaming vedio. When We get there all the images. But We will NOT get streaming vedio. If We bypass squid, We get streamig Vedio. http://uticctv.mine.nu/index.htm The above site has a user name and password. I can Not give it you. sorry for it. Anyway, This is squid version , Pls see below Squid Cache: Version 2.6.STABLE6 Your Idead expected -- Thank you Indunil Jayasooriya
[squid-users] The requested URL was not found on this server - squid
Hi AlL, I get below error while browsing a website. its home page is http://pathiranatimber.mine.nu I get the homepage.. (Sorry , I canNOT give usermame and password) - When I give username and password. It will go to the following page http://pathiranatimber.mine.nu/home.cgi Then , it give below error. The requested URL was not found on this server This is what access log says. 1226568643.800 1468 192.1.54.62 TCP_MISS/200 4485 GET http://pathiranatimber.mine.nu/ - DIRECT/124.43.227.181 text/html 1226568644.134805 192.1.54.62 TCP_MISS/200 938 GET http://pathiranatimber.mine.nu/css.css - DIRECT/124.43.227.181 text/plain 1226568645.053891 192.1.54.62 TCP_MISS/200 385 GET http://pathiranatimber.mine.nu/jpg/arrow03.gif - DIRECT/124.43.227.181 image/gif 1226568645.361 1198 192.1.54.62 TCP_MISS/200 2164 GET http://pathiranatimber.mine.nu/jpg/login_7.jpg - DIRECT/124.43.227.181 image/jpeg 1226568645.517 1354 192.1.54.62 TCP_MISS/200 2250 GET http://pathiranatimber.mine.nu/jpg/login_5.jpg - DIRECT/124.43.227.181 image/jpeg 1226568645.791 1628 192.1.54.62 TCP_MISS/200 4119 GET http://pathiranatimber.mine.nu/jpg/login_3.jpg - DIRECT/124.43.227.181 image/jpeg 1226568646.129 1075 192.1.54.62 TCP_MISS/200 4102 GET http://pathiranatimber.mine.nu/jpg/login_8.jpg - DIRECT/124.43.227.181 image/jpeg 1226568657.218809 192.1.54.62 TCP_MISS/200 367 POST http://pathiranatimber.mine.nu/home.cgi - DIRECT/124.43.227.181 text/html But, If I bybass squid, It works fine. This is a streaming video site. But, remember, There is NO firewall running. All ports are open. ANY ADVICE -- Thank you Indunil Jayasooriya
[squid-users] How to exclude some ip addresses from squid access log.
Hi Everyone, I have the need of monitoring squid web browsing . So I am going to use sarg. It usually shows all the ip addresses. I want to excldue ip addresses of some managers from sarg. So , I think If I can exclude those ips from squid access.log, It would be a solution. and also, Can I exclude ftp access to some ip addresses? Pls grant your advice. -- Thank you Indunil Jayasooriya
Re: [squid-users] How to exclude some ip addresses from squid access log(SOLVED)
Hi, Thanks for all. Added the below to sarg.conf file to exclude ips . it works fine. # TAG: exclude_string "string1:string2:...:stringn" # Records from access.log file that contain one of listed strings will be ignored. # exclude_string "192.1.54.2:192.1.54.9:192.1.54.34:192.1.54.43:192.1.54.65" -- Thank you Indunil Jayasooriya
Re: [squid-users] squid caching report
Hi ALL Here is HOW to - Step by Step. I use this on Redhat/CentOS SARG - Step by Step - Fisst install rpmforge-release RPM . Then, perform below steps [r...@worldnet ~]# yum install sarg [r...@worldnet ~]# cd /etc/httpd/conf.d/ [r...@worldnet conf.d]# cp sarg.conf sarg.conf.orig [r...@worldnet conf.d]# cat sarg.conf Alias /sarg /var/www/sarg DirectoryIndex index.html Order deny,allow Deny from all Allow from all [r...@worldnet conf.d]# /etc/init.d/httpd restart Then, [r...@worldnet ~]# cd /var/www/sarg/ Now, Edit words ONE-SHOT and One shot reports of index.html to reports and reports (Every 30 minutes) as follows. web-reports web-reports Then, [r...@worldnet sarg]# cd /etc/sarg/ [r...@worldnet sarg]# cp sarg.conf sarg.conf.orig And edit, sarg.conf Pls coment out below line as follows, #output_dir /var/www/sarg/ONE-SHOT and, Add below line. output_dir /var/www/sarg/web-reports Then, issue below command, [r...@worldnet sarg]# /usr/bin/sarg SARG: Records in file: 1514, reading: 100.00% Then, touch [r...@worldnet ~]# touch /var/www/sarg/sarg.cron [r...@worldnet sarg]# cat /var/www/sarg/sarg.cron #!/bin/bash cd /var/www/sarg/web-reports rm -rf * /usr/bin/sarg [r...@wolrdnet sarg]# chmod 755 /var/www/sarg/sarg.cron Then, [r...@worldnet ~]# cd /etc/cron.d [r...@worldnet cron.d]# touch sarg [r...@worldnet ~]# cat /etc/cron.d/sarg 0 15 * * * root /var/www/sarg/sarg.cron > /dev/null 2>&1 Then, issue below commands. [r...@worldnet ~]# /etc/cron.daily/sarg [r...@worldnet ~]# /etc/cron.weekly/sarg [r...@worldnet ~]# /etc/cron.monthly/sarg Now, Browse as follows. http://192.168.101.25/sarg That's it. On Fri, Jan 16, 2009 at 2:58 PM, Andreev Nikita wrote: > Hi. > > You can use cacti but it's MRTG-like. The best tools I know for squid > reports are sarg (which is rather popular) and lightsquid (it makes > reports a lot faster but I don't know if it's popular outside Russia). > > Regards, > LPIC-1, EMCPA > Nikita Andreev > > -- Thank you Indunil Jayasooriya
[squid-users] How to deny ftp in squid.conf file
Hi, Is there a way to block ftp access to some client ip addresses in squid.conf file and the rest of users should be ble to access ftp sites Lets's assume I want to block ftp access to clients ips such as 192.168.1.2, 192.168.1.4, 192.168.1.10 and the rest should be able to access ftp sites. What about ACLs like below ? acl ftp proto FTP acl noftpips src 192.168.1.2 192.168.1.4 192.168.1.10 http_access allow ! noftpips Your ideas ? -- Thank you Indunil Jayasooriya
Re: [squid-users] set 'visible_hostname'
> FATAL: Could not determine fully qualified hostname. Please > set 'visible_hostname' > > Squid Cache (Version 2.5.STABLE4): Terminated abnormally. > CPU Usage: 0.020 seconds = 0.020 user + 0.000 sys > Maximum Resident Size: 0 KB > Page faults with physical i/o: 252 > Aborted > > > I don't Know what can I do in squid.conf file , pls type visible_hostname yourhostname then, type below command squid -k reconfigure That's it -- Thank you Indunil Jayasooriya
[squid-users] Fwd: How to limit a user to access a few sites.
Hi , I am now running squid with ncsa_auth. I have bound ip addresses to usernames. So users now can access Internet from their ips. Now I want a few users to prevent from accessing all the sites. But Instead, I want them to allow to access a few sites scuh as google.com,cnn.com, bbc.com. I want to limit in that way. I have wriiten below rules. But those users still can access all the sites. external_acl_type ip_user %SRC %LOGIN %DST /usr/lib/squid/ip_user_check -f /etc/squid/ip.conf acl ncsa_users proxy_auth REQUIRED acl ip_users external ip_user %SRC %LOGIN %DST http_access deny !ncsa_users http_access deny !ip_users http_access allow ip_users http_access allow ncsa_users my ip.conf file is like this. [EMAIL PROTECTED] squid]# cat /etc/squid/ip.conf 192.168.101.25 indunil .google.com .bbc.com .cnn.com 192.168.101.90 www90 Accoring to the above file, User indunil with ip address 192.168.101.25 has access to google.com,bbc.com and cnn.com. But the user indunil still has access to all the sites. How can I solve this? -- Thank you Indunil Jayasooriya -- Thank you Indunil Jayasooriya
[squid-users] How to limit web browsing for some ipadresses.
Hi , I am now running squid with ncsa_auth. I have bound ip addresses to usernames. So users now can access Internet from their ips. Now I want a few users to prevent from accessing all the sites. But Instead, I want them to allow to access a few sites scuh as google.com,cnn.com ,bbc.com. I want to limit in that way. I have wriiten below rules. But those users still can access all the sites. external_acl_type ip_user %SRC %LOGIN %DST /usr/lib/squid/ip_user_check -f /etc/squid/ip.conf acl ncsa_users proxy_auth REQUIRED acl ip_users external ip_user %SRC %LOGIN %DST http_access deny !ncsa_users http_access deny !ip_users http_access allow ip_users http_access allow ncsa_users my ip.conf file is like this. [EMAIL PROTECTED] squid]# cat /etc/squid/ip.conf 192.168.101.25 indunil .google.com .bbc.com .cnn.com 192.168.101.90 www90 Accoring to the above file, User indunil with ip address 192.168.101.25 has access to google.com,bbc.com and cnn.com. But the user indunil of ip address 192.168.101.25 still has access to all the sites. I want ip address 192.168.101.25 to allow above urls. How can I solve this? -- Thank you Indunil Jayasooriya
[squid-users] How to setup both Transpaent Proxy and firewall on the same Machine.
Hi ALL, I want to setup Transpaent Proxy on the box running iptables Firewall. With iptables, I have given below rules. iptables -F INPUT iptables -F OUTPUT iptables -F FORWARD iptables -F -t nat iptables -F -t mangle #Enabling ip forwarding echo "1" > /proc/sys/net/ipv4/ip_forward #enable syn cookies (prevent against the common 'syn flood attack') echo "1" > /proc/sys/net/ipv4/tcp_syncookies #do source validation by reversed path echo "1" > /proc/sys/net/ipv4/conf/all/rp_filter #Enable tracking mechanism /sbin/modprobe -a ip_conntrack_ftp ip_nat_ftp iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A INPUT DROP iptables -A FORWARD DROP iptables -A OUTPUT DROP in addition to that, There are many rules , ALL work fine. in squid.conf file, I have added below rules, http_port 3128 cache_mem 64 MB cache_dir ufs /var/spool/squid 100 16 256 cache_access_log /var/log/squid/access.log cache_log /var/log/squid/cache.log cache_store_log /var/log/squid/store.log httpd_accel_host virtual httpd_accel_port 80 httpd_accel_with_proxy on httpd_accel_uses_host_header on And, Then, I did below command. iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128 But, When I browse Internet , request will not get ridirected to 3128 port. So I can not use squid as a Transpaent Proxy. Where have I gone wrong? I reffered to below URL. http://www.tldp.org/HOWTO/TransparentProxy.html#toc2 Pls help me. -- Thank you Indunil Jayasooriya
Fwd: [squid-users] How to setup both Transpaent Proxy and firewall on the same Machine.(SOLVED)
Hi , Thanks for your below rule. iptables -A INPUT -p tcp -s 192.168.0.0/24 --dport 3128 -j ACCEPT Now, It works fine.
[squid-users] FTP error with squid
Hi, when I try to browse a ftp site with squid, I get bellow error. How can I solve this? This is the way I tired. ftp://192.168.102.2 The requested URL could not be retrieved An FTP authentication failure occurred while trying to retrieve the URL: ftp://192.168.102.2 Squid sent the following FTP command: PASS and then received this reply User anonymous cannot log in. Your cache administrator is root. Generated Mon, 18 Jun 2007 04:57:21 GMT by box.domain.com (squid/2.5.STABLE6) -- Thank you Indunil Jayasooriya
[squid-users] SHOULD I NEED TO RECOMPILE THE KERNEL
Hi, I am still runnig Redhat 9 box with sendmail and squid. It is quite slow. It has only 128 MB RAM. So I upgraded it to 512 MB RAM. Now, It is running with 512 MB RAM. But, It is still slow. No progress has been achived. Some users say it is slower than before. Actually, I also have noticed it is NOW SLOWER than before. WHY IS THAT? SHOULD I NEED TO RECOMPILE THE KERNEL as I installed a new 512 MB RAM ? help needed? -- Thank you Indunil Jayasooriya
Re: [squid-users] SHOULD I NEED TO RECOMPILE THE KERNEL
mPoolAlloc calls: 130764 memPoolFree calls: 122430 File descriptor usage for squid: Maximum number of file descriptors: 1024 Largest file desc currently in use: 22 Number of file desc currently in use: 19 Files queued for open: 0 Available number of file descriptors: 1005 Reserved number of file descriptors: 100 Store Disk files open: 0 Internal Data Structures: 1515 StoreEntries 176 StoreEntries with MemObjects 174 Hot Object Cache Items 1488 on-disk objects -- Thank you Indunil Jayasooriya
[squid-users] username and password in TRANSPARENT mode
Hi, I am runing squid with nsca_ath feature. I have configured client browser to use squid proxy server with ip address and port 3128. All work fine. Then, I configured SQUID in TRANSPARENT mode. Then, I lost the user name and password feature. Is it NORMAL in TRANSPARENT mode? This happened in SQUID 2.5. -- Thank you Indunil Jayasooriya
[squid-users] Fwd: username and password in TRANSPARENT mode
Hi Hendrik, Colud you pls give a good explanation for below matter? I am runing squid with nsca_ath feature. I have configured client browser to use squid proxy server with ip address and port 3128. All work fine. Then, I configured SQUID in TRANSPARENT mode. Then, I lost the user name and password feature. Is it NORMAL in TRANSPARENT mode? This happened in SQUID 2.5. -- Thank you Indunil Jayasooriya -- Thank you Indunil Jayasooriya
[squid-users] TRANSEPARENT PROXY WITH SQUID 2.6
Hi, I am running squid as a TRANSEPARENT PROXY WITH SQUID 2.5 on CENTOS 4.5. Pls see below for squid.con file. http_port 3128 cache_mem 64 MB cache_dir ufs /var/spool/squid 100 16 256 cache_access_log /var/log/squid/access.log cache_log /var/log/squid/cache.log cache_store_log /var/log/squid/store.log # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS # Example rule allowing access from your local networks. Adapt # to list your (internal) IP networks from where browsing should # be allowed acl mynet src 192.168.101.0/24 http_access allow mynet httpd_accel_host virtual httpd_accel_port 80 httpd_accel_with_proxy on httpd_accel_uses_host_header on I am ruunnig itables on the SAME BOX. I have added below rules for squid. #Redirecting traffic destined to port 80 to port 3128 iptables -t nat -A PREROUTING -p tcp -i eth2 --dport 80 -j REDIRECT --to-port 3128 #For squid traffic to Accept iptables -A INPUT -i eth2 -d 192.168.101.254 -p tcp -s 192.168.101.0/24 --dport 3128 -j ACCEPT Evrything works fine. Now, I am ging to upgrade CENTOS 4.5 to CENTOS 5. It comes with SQUID 2.6. But, squid.conf file in SQUID 2.6 has no below lines. httpd_accel_host virtual httpd_accel_port 80 httpd_accel_with_proxy on httpd_accel_uses_host_header on So, I want to know how to setup squid as a TRANSEPARENT PROXY, when it comes to SQUID 2.6. any idea? -- Thank you Indunil Jayasooriya
[squid-users] How can I purge an object from my cache?
Hi All, I wnat to purge an object from squid cache. I refered to below URL. http://wiki.squid-cache.org/SquidFaq/OperatingSquid#head-f418956943bd72ee8b94390ec9df241c3d1dfd20 # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS # Example rule allowing access from your local networks. Adapt # to list your (internal) IP networks from where browsing should # be allowed acl mynet src 192.168.101.0/25 http_access allow mynet acl PURGE method PURGE acl localhost src 127.0.0.1/255.255.255.255 http_access allow PURGE localhost http_access deny PURGE When, I restart squid , I will get below error. [EMAIL PROTECTED] squid]# /etc/init.d/squid restart Stopping squid: 2007/08/15 10:50:54| WARNING: '127.0.0.1' is a subnetwork of ' 127.0.0.1' 2007/08/15 10:50:54| WARNING: because of this ' 127.0.0.1' is ignored to keep splay tree searching predictable 2007/08/15 10:50:54| WARNING: You should probably remove ' 127.0.0.1' from the ACL named 'localhost' .. [ OK ] Starting squid: . [ OK ] Where have I gone wrong? -- Thank you Indunil Jayasooriya
Re: [squid-users] How can I purge an object from my cache?
On 8/15/07, Amos Jeffries <[EMAIL PROTECTED]> wrote: > > Hi All, > > > > I want to purge an object from squid cache. I refered to below URL. > > > > http://wiki.squid-cache.org/SquidFaq/OperatingSquid#head-f418956943bd72ee8b94390ec9df241c3d1dfd20 > > > > # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS > > > > # Example rule allowing access from your local networks. Adapt > > # to list your (internal) IP networks from where browsing should > > # be allowed > > > > acl mynet src 192.168.101.0/25 > > http_access allow mynet > > > > acl PURGE method PURGE > > acl localhost src 127.0.0.1/255.255.255.255 > > http_access allow PURGE localhost > > http_access deny PURGE > > > > When, I restart squid , I will get below error. > > > > > > [EMAIL PROTECTED] squid]# /etc/init.d/squid restart > > Stopping squid: 2007/08/15 10:50:54| WARNING: '127.0.0.1' is a > > subnetwork of ' 127.0.0.1' > > 2007/08/15 10:50:54| WARNING: because of this ' 127.0.0.1' is ignored > > to keep splay tree searching predictable > > 2007/08/15 10:50:54| WARNING: You should probably remove ' 127.0.0.1' > > from the ACL named 'localhost' > > .. > > [ OK ] > > Starting squid: . [ OK ] > > > > Where have I gone wrong? > > It looks like squid has barfed on the multiple spaces between src and 127. > Try removing those. BELOW URL HELPED ME. http://cvs.squid-cache.org/mail-archive/squid-users/200503/0305.html localhost has been defined by deault. Sc, I chaned as follows. acl PURGE method PURGE acl lclhost src 127.0.0.1/255.255.255.255 http_access allow PURGE lclhost http_access deny PURGE then, restarted. It works. Then , I tried to remove stuff from cache. some worked. Some DID NOT. Pls see below DID NOT WORK [EMAIL PROTECTED] squid]# squidclient -m purge http://mail.google.com/ HTTP/1.0 404 Not Found Server: squid/2.5.STABLE14 Mime-Version: 1.0 Date: Wed, 15 Aug 2007 09:39:04 GMT Content-Length: 0 DID NOT WORK [EMAIL PROTECTED] squid]# squidclient -m PURGE http://www.google.lk/ HTTP/1.0 404 Not Found Server: squid/2.5.STABLE14 Mime-Version: 1.0 Date: Wed, 15 Aug 2007 09:30:38 GMT Content-Length: 0 WORKED [EMAIL PROTECTED] squid]# squidclient -m PURGE http://www.lakbima.lk/images/sflag.gif HTTP/1.0 200 OK Server: squid/2.5.STABLE14 Mime-Version: 1.0 Date: Wed, 15 Aug 2007 09:27:12 GMT Content-Length: 0 WORKED [EMAIL PROTECTED] squid]# squidclient -m PURGE http://www.lakbima.lk/ HTTP/1.0 200 OK Server: squid/2.5.STABLE14 Mime-Version: 1.0 Date: Wed, 15 Aug 2007 09:27:22 GMT Content-Length: 0 My question is why some worked and DID NOT? I chaned as follows > Amos > > > -- Thank you Indunil Jayasooriya
[squid-users] How to enable these FEATURES in SQUID
Hi, I want to enable below fetures in SQUID. features are, when users access Internet with nsca_auth featue, They are asked to type username and password. Can I set a life time (5 days or 2 weeks like that) to that password .when that time period expires, Users SHOULD change their passwords. password should have below fetures. to add the new passwrd, old password should be entered. it should contain both numbers and letters. minimum lenth of the password should be 8 characters. Finally, I need a Password change log too. YOUR COMMENTS? -- Thank you Indunil Jayasooriya
[squid-users] Re: How to enable these FEATURES in SQUID
> Hi, > > I want to enable below fetures in SQUID. > > features are, > > when users access Internet with nsca_auth featue, They are asked to > type username and password. > > Can I set a life time (5 days or 2 weeks like that) to that password > .when that time period expires, Users SHOULD change their passwords. > > password should have below fetures. > > to add the new passwrd, old password should be entered. > it should contain both numbers and letters. > minimum lenth of the password should be 8 characters. > > Finally, > > I need a Password change log too. > > > YOUR COMMENTS? > -- Thank you Indunil Jayasooriya
