[squid-users] Squid 3 with transparent proxy
Hi. I'm trying to user squid 3 qith transparent proxy but it doesn't work :( My config: http_port 3129 transparent hierarchy_stoplist cgi-bin ? acl all src 0/0 no_cache deny all hosts_file /etc/hosts acl localhost src 127.0.0.1/255.255.255.255 acl localhost src 192.168.0.16 acl localhost src 192.168.0.2 http_access allow localhost http_access deny all http_reply_access allow all icp_access allow all visible_hostname acept iptables on my gateway (other macine, 192.168.0.2): iptables -t nat -A PREROUTING -s 192.168.0.16 -p tcp --dport 80 -j DNAT --to 192.168.0.22:3129 i got this error: ERROR The requested URL could not be retrieved While trying to retrieve the URL: / http://www.yahoo.com.br/ The following error was encountered: * * Invalid URL * Some aspect of the requested URL is incorrect. Possible problems: * Missing or incorrect access protocol (should be `http://'' or similar) * Missing hostname * Illegal double-escape in the URL-Path * Illegal character in hostname; underscores are not allowed using vhost instead of transparent on http_port: ERROR The requested URL could not be retrieved While trying to retrieve the URL: http://www.yahoo.com.br/ The following error was encountered: * * Unable to forward this request at this time. * This request could not be forwarded to the origin server or to any parent caches. The most likely cause for this error is that: * The cache administrator does not allow this cache to make direct connections to origin servers, and * All configured parent caches are currently unreachable. what's wrong? i can't see I'm using test config without any block. :( :( :( thanks
[squid-users] Multiple kinds of authentication
Hi all. Is there any way to make multiple kinds of auth from same server? I'm currently using postgresql and a program made by my self to auth users. I also have LDAP server and i would like to auth users using this server, using source IP to know who must auth on postgre and who must auth on LDAP, in the same squid server. Is there any way to do it? How? thanks
[squid-users] Any way to do this? allow/deny acces by login
Hi Is there any way to allow or deny acces to specific sites (defined by acel) checking by login name? I have an auth. programm that authenticate my squid users on postgresql. What i want is to create one more col on my table like all_enabled or group and if is all enabled or group X, this user have access to all sites (including blocked for default users). Is there any way to do this kind of authentication? I'm trying everything including external ACL's, but i'm lost! Thanks!
[squid-users] Squid very slow
Hi... I'm using squid 2.5stable9 in acceleration (reverse) mode, with authentication. Authentication is only for external users (acl), local users (192.168.X.X) goes direclty. The problem is: squid is verry slow is i try to access apache direct on port 81, it's very veryy ver fastbut by squid, they make some seconds (sometimes 1~2~3~more seconds) to load a simple page. It's not a traffic or network problem, since my server don't have access (until now) and accessing apache directly it's very fast. what could be? my config: visible_hostname rio hierarchy_stoplist cgi-bin ? acl QUERY urlpath_regex cgi-bin \? auth_param basic program /usr/local/bin/authpop.py auth_param basic children 5 auth_param basic realm Intranet - Ribeirao Preto auth_param basic credentialsttl 2 hours refresh_pattern ^ftp:144020%10080 refresh_pattern ^gopher:14400%1440 refresh_pattern .020%4320 acl password proxy_auth REQUIRED acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl redesliberadas src /usr/local/squid/etc/redesliberadas no_cache deny ALL http_access allow redesliberadas http_access allow password !redesliberadas http_reply_access allow all icp_access allow all http_port 80 httpd_accel_port 81 httpd_accel_host 192.168.202.4 httpd_accel_single_host on httpd_accel_with_proxy on httpd_accel_uses_host_header on forwarded_for on cachemgr_passwd rweerg54 all coredump_dir /var/spool/squid
Re: [squid-users] is really impossible?
Henrik Nordstrom escreveu: On Thu, 31 Mar 2005, [ISO-8859-1] Jonis Maurin Ceará wrote: PS: reverse proxy is working fine Also, authentication isn't working in this case (password/user wrong) Have you enabled the hidden define for using authentication in accelerator setups? hummmthis exists?? LOL i can't find Regards Henrik
Re: [squid-users] is really impossible?
humm.just fund it in google: --enable-auth-on-accel configure option to enable authentication in accelerator setups (Henrik Nordstrom) from Squid 3.0 release notes (key changes from 2.5 I'm using squid 2.5stable from Redhat enteprise ES and i don't know if my squid is compiled with this option... this options is what you're talking about? (hidden define) thanks Henrik Nordstrom escreveu: On Fri, 1 Apr 2005, [ISO-8859-1] Jonis Maurin Ceará wrote: Have you enabled the hidden define for using authentication in accelerator setups? hummmthis exists?? LOL i can't find See archives. Regards Henrik
[squid-users] is really impossible?
Hi. It's really impossible to run squid as transparent proxy (NAT) + authentication? :( Anyone know any other solution? I have my intranet server.but now, i must access this server from outside but with some kind of password/authentication.