RE: [squid-users] cache_dir slection criteria

[marc elsen]

I have noticed a strange behaviour of squid:
I have 4 disks of different size dedicated for cache_dirs in my machine.
With 4 cache_dirs of equal size (small enough to fit all disk sizes) all 
directories are used evenly.
After increasing to of the cache_dir located on the bigger disks the 
smaller cache_dirs are no longer used to store new objects.

What is the selection criteria when squid chooses the cache_dir?
Is there any explanation to this behaviour?
 There is a parameter called
  store_dir_selection_algorithm
in squid.conf.default , if I remember its name correctly.
Check it out, by reading the comment.
M.
_
Free mail? MSN Hotmail ! http://www.msn.be/hotmail

RE: [squid-users] Paying for help with NTLM and Squid

[marc elsen]

Hi I have a question about controling individual windows users in
squid, using NTLM auth (I whant to create acl's not only on group
level, but also on user level). If someone knows the answar how to do
this, then please email me here, I will gladly pay the first one that
comes up with the answar, for his help.
So 200USD to the first one that answers that question.
Send 200USD to the FAQ maintainers after reading it.
M.
_
Free mail? MSN Hotmail ! http://www.msn.be/hotmail

RE: [squid-users] FATAL: Received Segment Violation...dying.

[marc elsen]

Squid 2.5 Stable ports build
I have blocked this site that is causing the proxy abuse message.
When I try to browse this site - www.verschk.com - nothing comes up.
Arin shows it somewhere in Canada. Fellow colleague thinks it is a
spyware site.
What kind of a URL could cause Squid to die like this?
...
No kind of url should be  able to crash squid : upgrade to  the latest 
stable release.
Check again, then.

M.
_
Free mail? MSN Hotmail ! http://www.msn.be/hotmail

RE: [squid-users] request for pages fails the first time

[marc elsen]

>greetings
I have been having a bit of a problem with accessing pages quickly.
a request for a web site fails the first time it is pulled. the second time 
it comes in right away. This is consistent everywhere on my network except 
outside squid and my firewall. outside access is fine.

Im not sure if squid is being slow or is DNS.
I am running squid 2.5 stable 6 with squidguard. as a transparent proxy.
client req pt 80---> en0 {{ squid }} en1 <---> [ firewall ]<> isp
the squid box is working it's little butt off but i need to find out why we 
have to " double pump " to get a web site.
any ideas on where to look?
i have no idea what to look for in the cache manager.

any insight would be helpful
What is in access.log for the first failed request ?
Anything else and or more info in cache.log ?
M.
_
Free mail? MSN Hotmail ! http://www.msn.be/hotmailbe/

RE: Re[2]: [squid-users] replace policy not compiled in

[marc elsen]

>Hi!

EM>   - What is the output of :
EM> % squid -v
:/usr/local/squid/sbin# ./squid -v
Squid Cache: Version 3.0-PRE3-20041102
configure options: '--mandir=/usr/share/man' '--infodir=/usr/share/info' 
'--enable-default-err-language=Hungarian' '--enable-poll' '--enable-select' 
'--disable-http-violations' '--enable-linux-nefilter' 
'--disable-ident-lookups' '--enable-delay-pools' '--enable-gnuregex' 
'--prefix=/usr/local/squid' '--enable-underscores' '--enable-time-hack' 
'--with-samba-sources=/root/install/unpacked/samba-3.0.7' 
'--enable-cache-digests' '--sysconfdir=/etc/squid' '--enable-storeio=diskd' 
'--disable-icp' '--enable-dl-malloc' '--enable-err-languages=Hungarian' 
'--with-dl' '--enable-removal-policy=heap'

EM>   - What is the cache_replacement_policy syntax in squid.conf ?
It almost does not matter... :)
I tried with:
cache_replacement_policy heap LFUDA
memory_replacement_policy heap GDSF
and:
cache_replacement_policy LFUDA
memory_replacement_policy GDSF
The results are the same. Anyway, in src/repl I can see liblru.a, but
cannot see libheap.a
Might be a compile problem?
Hm, in the original output I saw apparent errors on what seems normally 
intended
comment lines :

Check the output of :
 % squid -k parse
too.
M.
_
Free mail? MSN Hotmail ! http://www.msn.be/hotmail

RE: [squid-users] FATAL: Received Segment Violation...dying. 2.5.stable7

[marc elsen]

Hi
Two days and two crash.
First:
2004/10/20 13:31:14| NETDB state saved; 797 entries, 102 msec
squid[0x80a6c19]
/lib/libpthread.so.0[0x4013af54]
/lib/libc.so.6[0x401b76b8]
/lib/libc.so.6(__libc_free+0xa7)[0x401fcaa3]
squid[0x80bc3fe]
squid[0x8089b62]
squid[0x8088bd9]
squid[0x806182a]
squid[0x8064fdc]
squid[0x8066bab]
squid[0x80677ef]
squid[0x80882c5]
/lib/libc.so.6(__libc_start_main+0xbb)[0x401a714f]
squid(shmat+0x59)[0x804b631]
FATAL: Received Segment Violation...dying.
Second (debug_options ALL,2):
2004/10/21 19:01:24| The reply for HEAD
http://v5.windowsupdate.microsoft.com/SelfUpdate/wuident.cab?0410211649
is ALLOWED, because it matched 'all'
squid[0x80a6c19]
/lib/libpthread.so.0[0x4013af54]
/lib/libc.so.6[0x401b76b8]
/lib/libc.so.6(__libc_free+0xa7)[0x401fcaa3]
squid[0x80bc3fe]
squid[0x8089b62]
squid[0x8088bd9]
squid[0x80617f3]
squid[0x80a1f5c]
squid[0x80a234c]
squid[0x80a21e2]
squid[0x80a2c6e]
squid[0x80a0068]
squid[0x807c015]
squid[0x806772d]
squid[0x80882c5]
/lib/libc.so.6(__libc_start_main+0xbb)[0x401a714f]
squid(shmat+0x59)[0x804b631]
FATAL: Received Segment Violation...dying.
#
After dying process is still runing but not work (not proxing).
#
# ./squid -v
Squid Cache: Version 2.5.STABLE7
configure options:  --prefix=/usr/local/squid-2.5.STABLE7 --with-dl
--enable-icmp --enable-storeio=aufs,diskd --enable-async-io
--enable-snmp --enable-cachemgr-hostname=xxx.xx.xx --enable-htcp
--enable-ssl --enable-forw-via-db --enable-cache-digests
--enable-default-err-language=Polish --enable-linux-netfilter
--disable-ident-lookups --enable-underscores --enable-stacktraces
Can somebody help?
File a bug report. See FAQ guidelines for colitting bug reports.
M.
_
Do you know all the advantages of a credit card? http://money.msn.be/bcc

Re: [squid-users] Dumb Cache Question

[Marc Elsen]

OTR Comm wrote:
> 
> Hello,
> 
> This may seem like a dumb question, but...
> 
> I have squid running with authentication and with squidGuard as a
> redirect program.  All this is working okay.  I have set some debugging
> hooks in the squidGuard code to watch operation and how squid and
> squidGuard interface.
> 
> My question is this, if squid is a caching proxy, how come it sends all
> GETs to the redirector?  That is, even a sight that is not blocked by

  The redirector usage is defined by >you< by specifying a redirector
in squid.conf , in this case squidGuard.
If squidGuard is the authority for your blocking purposes, then
by definition all url's must pass squidGuard first for checking.

> the squidGuard blacklist is passed to squidGuard for checking.  For
> example, every time I go to my own web site (http://www.wildapache.net),
> I see all the GETs go through squidGuard.
> 
> When does squid check it's cache for the information on any given
> request?  Is it after the call to squidGuard?
> 
  Most probably  , because squidGuard can transfer or transfers an URL
  into another one. Hence checking for the cache is only meaningfull
  for the returned-by-squidguard request.


> I guess I do not understand how squid works.  It seems to me that squid
> would check it's cache first before it called the redirector, but it
> doesn't seem to work this way.  Could someone please explain to me the
> functional model for squid and the justification for the model, or
> direct me to a site that can explain this?  A functional flow diagram
> would be helpful if one exists on the web.
> 
> Thanks,
> Murrah Boswell

-- 

 'Love is truth without any future.
 (M.E. 1997)

Re: [squid-users] basic question

[Marc Elsen]

Galea Gilbert wrote:
> 
> Hi all,
> 
> A basic question, let's assume a web site is cached by squid.
> The site is updated by the site maintainers.
> How will squid update it's old cached version?
> Is there an ageing process?
> 
> Best Regards,
> Gilbert
 
 You need to update your basic knowledge on these issues :
 Have a look at :

   http://www.mnot.net/cache_docs/

 M.

Re: [squid-users] Squid Authentication

[Marc Elsen]

melvin melvin wrote:
> 
> Hi all,
> 
> how do i setup squid authentication in a way that it ties with my Windows
> password? Is LDAP_auth able to do this? I need to set up password policies
> but i believe that the best thing is to use the same password for squid and
> windows so that all the existing policies for windows apply to squid.
> 
> Thanks in advanced.
> melvin
> 
 
  http://www.squid-cache.org/Doc/FAQ/FAQ-11.html#ss11.14

  M.

Re: [squid-users] Warning : 1 swapin MD5 Mismatches

[Marc Elsen]

Jose Nathaniel Nengasca wrote:
> 
> Hi, Can anyone tell me whats the problem causing this
> Warning : 1 swapin MD5 Mismatches on my cache.log? I guess I got this one
> when i reboot since my squid complaining to have "Too many redirector
> requests"
 
  http://www.squid-cache.org/mail-archive/squid-users/25/0164.html


  M.

Re: [squid-users] how to restrict chat on line

[Marc Elsen]

Li Wei wrote:
> 
> hi, all
> 
> I guess all of you must know ICQ. And I'd like to talk about QQ which is same as
> ICQ.
> 
> Through access log, I can nearly fix the destination domain. So then,
> I applied a rule to block the domain. But,unfortunately, they seemed to
> chat freely yet.
> 
> My configure:
> acl QQ dstdomain .tencent.com .icq.com
> http_access deny QQ
> 
> I think the chat must bind with another special protocl, or port.
> So simply blocking the site is ineffectual.
> 
 
 You will need firewalling tools and Intranet restriction towards the
Internet defined , in order to accomplish this then. If http is no
longer
involved then this is beyond squid's scope.

M.

Re: [squid-users] Best way to monitor user's bandwidth utilisation

[Marc Elsen]

aqil wrote:
> 
> I disable delaypools for one reason (just for a couple of days), and it
> becomes slow in the busy hours. I want to know who blocks the proxy
> server by monitoring user's bandwidth utilization, but how to do such
> monitoring ?
> 
> TIA
> Aqil

 Several tools can be found at :

  http://www.squid-cache.org/Scripts/

 M.


-- 

 'Love is truth without any future.
 (M.E. 1997)

Re: [squid-users] object updating delay ??

[Marc Elsen]

Paolo wrote:
> 
> Squid 2.2 stable5
> my problem is : uploading a new html document on my provider's web server,
> Squid does'nt display the updated document but the cached one. Forcing the
> browser's update does not give results. After a time of  ~15min. Squid
> update the object. I don't know if there's a bug of Squid or an option to
> set.
> Please help! :-) thank a lot!

 Verify, if possible, this problem using the latest stable release.

 M.

-- 

 'Love is truth without any future.
 (M.E. 1997)

Re: [squid-users] no_cache help

[Marc Elsen]

"Adaíl Oliveira" wrote:
> 
> Hi,
> I have a squid running in a machine but i don´t want make cache of one
> WebServer that i have in Intranet.
> I put the Tag: acl webserver dst  mywebserver.pt
> no_cache deny webserver
> 
> But when i visit the website this don´t work. And are create very files in
> Temporary Internet Files of my browser.
> 
> Can you help me?

 Browser cache(s) are independent from squid and by definition
 only under the control of the  browser.

 M.

> 
> --
> [EMAIL PROTECTED] ESTG -  (http://www.estg.iplei.pt)

-- 

 'Love is truth without any future.
 (M.E. 1997)

Re: [squid-users] SOAP

[Marc Elsen]

Rogerio Klayn wrote:
> 
> Hi,
> 
> I'm using a client-server software that uses an application SOAP,
> but my squid server don't accept it. What can I do ??? Are there some
> configuration for squid ? A patch ?

  What does it do ?
  Note that squid deals with http proxying only.

  M.
> 
> Thanks,
> 
> Rogerio Klayn

-- 

 'Love is truth without any future.
 (M.E. 1997)

Re: [squid-users] reiserfs or ext3

[Marc Elsen]

Raja R wrote:
> 
> Hi Gurus,
> I am planning for a new installation of squid-2.5 s4 with around 4*4 GB of
> cache dirs on linux 9, 1 GB RAM, scsi disks
> I need your advice on filesystem type which shud be used for the cache dirs.
> Ext3 or ReiserFS ? Which one is better ?

 Googalize yourself on this.

> 
> How will the squid.conf parameter change for the cache_dir option for both
> the file systems. I dont think we can specify ext3 or reiserfs there.
> Pls suggest.

 You don't specify a filesys in cache_dir, only a storage 'method'.

 Filesys has to be made (prepared) at the OS level.


 M.

> 
> Regards,Raja

-- 

 'Love is truth without any future.
 (M.E. 1997)

Re: [squid-users] running squid

[Marc Elsen]

[EMAIL PROTECTED] wrote:
> 
> I have installed squid 3 and was wondering if anyone knew how to make squid and 
> squidclient run from anywhere in a terminal window. Currently to run squid or any of 
> the program executables I first have to go into the directory the executable is 
> contain in (e.g. 'cd /usr/local/squid/sbin') and then run the executable with './' 
> infront of it (e.g. './squid'), another way I can do it is to type 'exec 
> /usr/local/squid/sbin/squid'. But I want to simply type 'squid' no matter what 
> directory I am in. I tried 'chmod a+x squid' but it did not help.

  
 Make sure that the dir. containing the squid exec is in your shell's
 PATH.

 M.


-- 

 'Love is truth without any future.
 (M.E. 1997)

Re: [squid-users] Respond Problem

[Marc Elsen]

Dirk Spiekermann wrote:
> 
> Well, if it is the only possibility I'll have to try it.
> 
> Thanks so far...
> 
 
 It's a kind of generalising answer, but the thing is also
 there is quite or no effective support left for 2.4 releases,
 hence the classical sentence.

 M.

Re: [squid-users] Respond Problem

[Marc Elsen]

Dirk Spiekermann wrote:
> 
> The Version of Squid is 2.4.STABLE3. OS is SuSE Linux 8.0 Kernel
> 2.4.18-4GB.
> 
> Transparent proxying isn't used.
> 
> I didn't find anything in the FAQ which could lead to a solution :-(
> The wierd thing is, that everything works, but not the message
> displaying, wich goes over https or http as all the other stuff!
> 
 
 Advising to have a go with 2.5.STABLE4

 M.

Re: [squid-users] Respond Problem

[Marc Elsen]

Dirk Spiekermann wrote:
> 
> Hi,
> 
> One of our customer has problems to do online ordering at one of his
> suppliers.
> He starts at the suppliers URL, then he goes to the order-section. After
>   he gave in his username and password he is directed to some
> https-pages on another Server. At this pages he has to upload a textfile
> which contains his order. After successful upload a corresponding
> message is displayed.
> The problem, that appears is, that if he is doing this with squid as
> proxy, the order is succesful, but the message does'nt appear. I really
> don't understand why the whole order works, but the last message isn't
> displayed. Some clues?
> 
  Very difficult & most probably not related to squid.
  Some hints :

   - which version of Squid ?
   - on which platform/os/version -> Check FAQ concerning possible
 OS Hazards.
 
   - is transp. proxying being used ?

  M.

Re: [squid-users] (111) connection refused error

[Marc Elsen]

melvin melvin wrote:
> 
> Hi all,
> 
> I've configured the ncsa_auth and it works fine. i've also added in the
> chpasswd function but when i tried to access the chpasswd, this error
> occurs.
> 
> While trying to retrieve the URL: http://14.5.1.100/cgi-bin/chpasswd.cgi
> 
> The following error was encountered:
> 
> Connection Failed
> The system returned:
> 
> (111) Connection refused
> The remote host or network may be down. Please try the request again.
> 
> I've checked the FAQs but they did not gave me any information on how to
> solve this.
> Any ideas?
> 
> 
 Is the webserver holding this cgi bin up and running ?
 Check it's status and logs.

 M.

Re: [squid-users] Timeout on search engines

[Marc Elsen]

[EMAIL PROTECTED] wrote:
> 
> I have configured squid 3, I have a parent proxy that must be used and I have set 
> the connection to it in my squid.conf file (provided below). I can browse the 
> internet fine and I can get to internet search engines fine but when I do a search 
> on a search engine (like www.google.com) the page will timeout. I have provided my 
> squid.conf file below
> 
> SQUID.CONF FILE
>

 Are you using :

  never_direct allow all

 which is needed in case parent is the only instance
 having internet access.

 Check the SQUID FAQ concerning using squid behind a firewall.

 M.

Re: [squid-users] async i/o

[Marc Elsen]

[EMAIL PROTECTED] wrote:
> 
> Is there a specific version of Squid where async i/o is considered stable
> and production-ready for Solaris 8?
> 
 
 Probably the latest stable release.
 If not, what are your experiences ?

 M.

Re: [squid-users] Ip Squid => Request => Access Refused

[Marc Elsen]

ROUTIER Gilles wrote:
> 
> Hy,
> 
> I would like that Squid presente with @ the IP of the customer when it
> carries out a request.
> Because currently, squid returns its IP to carry out its request what
> poses problems of safety measures.
> 
> Exemple :
> The customer is authorized to connect itself with his @ IP to a http
> server.
> When it is connected, the http server  receives to it @ IP of Squid and
> returns to him like message: "Refused Access"
> 
> Thanks
> Gil

 Basically , unavoidable by the nature of using the Squid proxy.
 Remote server can use the X-Forwarded-for field added by squid
 to the request to add the client ip.

 Squid can not presents itself with the ip of the customer, it's an
 app. not a network protocol.

 Basically, IP based auth. these days is outdated (conceptually).
 In today's Internet IP has been turned around into some
 kind of Superlan protocol (Nating tricks. e.d.). Make any source IP
 in most cases quite irrelevant in the context of app. authentication.

 Advise the remote site to use username/pw. authentication, for
instance.

 M.


-- 

 'Love is truth without any future.
 (M.E. 1997)

Re: [squid-users] MAC Address ACL

[Marc Elsen]

[EMAIL PROTECTED] wrote:
> 
> I know this was answered already, so my apologies.
> I need to know the ./configure parameter to allow MAC Address ACL's.
> 
> Regards,
> 
> Tim Rainier

  Check the SQUID FAQ.

  M.

-- 

 'Love is truth without any future.
 (M.E. 1997)

Re: [squid-users] TCP_MISS

[Marc Elsen]

Fritz Mesedilla wrote:
> 
> 1067848233.353  12589 192.168.247.21 TCP_MISS/200 3951 GET http://www.google.com/ - 
> DIRECT/216.239.57.99 text/html
> 
> How come I always get this on my squid logs? We always visit google. Then how come 
> it is still a miss?
> 
 
 http://www.ircache.net/cgi-bin/cacheability.py

  A nice tool , for quering cachebility parameters.

 M.

Re: [squid-users] file descriptors - urgent request

[Marc Elsen]

[EMAIL PROTECTED] wrote:
> 
> If anyone can give me a definitive response in the next two hours, I would
> be extremely grateful.
> 
> I believe that Squid needs a recompile, with a new system fd limit in
> place, in order to increase it's fd limit(?) Is there any way of increasing
> the fd limit for Squid withour a re-compile? System limit has already been

 No, check the  SQUID FAQ on this issue (filedescriptors).

 M.

> raised - just need to get Squid raised as well.
> 
> This is Solaris 2.8 with Squid 2.4.STABLE7.
> 
> TIA
> 
>

Re: [squid-users] Compilation error

[Marc Elsen]

melvin melvin wrote:
> 
> Hi all,
> 
> I have downloaded an external authentication program NCSA_PLUS but when i
> tried to compile it it always returns me this error.
> 
> *** No rule to make target '../../inclue/version.h', needed by
> 'ncsa_auth_plus.o'. Stop.
> 
> Did i forget to install the compiler or some sort because i cant seem to
> compile any of the NCSA authenticators that i have downloaded.
> 
> Thanks in advance
> Melvin
 

   http://www.squid-cache.org/mail-archive/squid-users/200010/0471.html


   M.

Re: [squid-users] Having a freak problem

[Marc Elsen]

nikonlinux wrote:
> 
> Hi, everybody...
> 
> I´m heavi this freak problem...
> 
> I´ve setting up a Linux Box as Squid-cahe and gatway
> for may network. The problem is:
> 
>  LAN: 129.12.7.0/24
> 
>  Gateway/Proxy: --> eth0: 129.12.7.1/24
>--> eth1: 129.12.7.2/24
> 
>  ADSL-Router: 129.12.7.254/24
> 
> (see: It´s all in the same class C)
> 
> I´m using this linux box as Gateway just to make sure
> that my clientes will no change the gateway manualy and
> start to have access to the internet.
> In my linux-box, when I can ping my LAN I can´t ping my
> ADSL-Router, or when I can ping bouth of them I can´t
> ping or have access to www.I´d already config
> 
> my /etc/resolv.conf.
> 
> What´s going on? Do I really need to set ip a gateway
> to set up a Squid-cahe?Don´t we have another way to do
> this saftely?
> 
> I´m using:
>--> 2 NIC´s Realteck
>--> Red Hat Linux 7.1
>--> ipchains  (I´ve tried IPTABLES too.)
> 
> Thanks a lot!!!
> 
 
 Note that squid and ip issues are unrelated.

 A squid box, can be anywhere on your perimeter on Intranet network,
 provided it has adequate Internet access or alternatively using
 parents who have (see FAQ).

 But for your Linux box, your to-ADSL-Net and your Intranet LAN
 can't be on the same ip NET. You must define different networks
 and use adequate routing statements.

 M.

Re: [squid-users] --> Squid with no cache...

[Marc Elsen]

Alex Carlos Braga Antão wrote:
> 
> Hello,
>I'm trying to configure my squid to not do cache, just proxy, but it
> seems to have a minimum size...
>I know this message already passed here, but I couldn't find them.
>So, how can I configure squid to not cache the pages, just proxy ???
> Thanks...

 You have to configure (build) squid with the null storage device option
:

   % ./configure   --enable-storeio=null,ufs ...

 After that use the following directive in squid.conf :

   cache_dir null  /null


 M.





 
-- 

 'Love is truth without any future.
 (M.E. 1997)

Re: [squid-users] Squid error using winbind!

[Marc Elsen]

[EMAIL PROTECTED] wrote:
> 
> Hi folks,
> 
> got a bit further with my squid - winbind - nt - seamless login problem, but squid 
> is still showing n error and the prompt is
> also still showing up.
> 
> Here are the error messages:
> 
> [EMAIL PROTECTED] root]# /etc/rc.d/init.d/squid restart
> Stopping squid: 2003/10/30 10:41:59| Parsing Config File: Unknown authentication 
> scheme 'ntlm'.
> 2003/10/30 10:41:59| Parsing Config File: Unknown authentication scheme 'ntlm'.
> 2003/10/30 10:41:59| parseConfigFile: line 1178 unrecognized: 'auth-param ntlm 
> max_challenge_reuses 0'
> 2003/10/30 10:41:59| Parsing Config File: Unknown authentication scheme 'ntlm'.
> .  [  OK  ]
> 
>...

 Did you build squid with ntlm support ?

 M.

Re: [squid-users] strange problem with my squid

[Marc Elsen]

"Mr. Singh" wrote:
> 
> Dear Users
> 
> I am facing a very peculiar and difficult problem that I When my squid
> runs something keeps on writting on the HDD or something goes on in the
> system. Because HDD LED kepps on blinking but If I stop squid it also
> stops. I am unable to fix this problem . Is my squid attacked ? or
> corrupted ?
> 
> What shall I do ? Help me.
> I am running squid 2.3 stable

  You are verly likely to have disk activity when squid is running ...
  Because of the fact that squid store's and reads objects of the disk
  this in the context of it's purpose being web caching software.

  M.
> 
> Singh

-- 

 'Love is truth without any future.
 (M.E. 1997)

Re: [squid-users] running out of hard disk space

[Marc Elsen]

Noel Clarkson wrote:
> 
> Hi there,
> 
> I've been running a RedHat 7.0 box with squid 2.3.STABLE4 and it's been
> running fine for ages.  Just the other day it starts using a lot more cpu
> and memory than I've seen it use in the past and filling the hard disk the
> cache is on.  The cache is on it's own partition that's 1.8G, and the
> cache_dir disk space was set up as 1600 but I changed it to 1400 because it
> keeps filling the partition and then after reorting errors in the log,
> clears about 150Mb and then proceeds to fill it again.  This happens again
> and again with the cpu sitting at between 60 and 100% usage and about 40%
> memory usage (dual P3 450, 256Mb ram).
> 
> Any ideas what might be causing this or even where to look.   I can't
> understand why it is even comming close to filling the partition (it has
> it's own partition and it is only the cache no logs or anything else), I'm
> completely confused!

  Upgrade to the latest stable release.
  See whether this problem persists.

  M.

> 
> cheers,
> 
> noel

-- 

 'Love is truth without any future.
 (M.E. 1997)

Re: [squid-users] Need to install samba with winbind & ntlm support from source

[Marc Elsen]

Taiwo Akinosho wrote:
> 
> hello,
> 
> i need to install samba with winbind and ntlm support. i.e
> --with-winbind
> --with-winbind-auth-challenge (needed for ntlm)
> 
> The problem is i run the installion as expected.
> 1. ./configure -- .
> 2. make
> 3. make install.
> 
> yest samba does not seem installed. is there something i
> am not doing right. can someone please help.
> 
> if possible. i could appreciate an RPM of samba with these
> option compiled in. i will stll like to know where i am missing the
> point.
> 
> i will also have this problem with squid since i will need to
> enable :
> 
> --enable-auth="ntlm,basic"
> --enable-basic-auth-helpers="winbind"
> --enable-ntlm-auth-helpers="winbind"
> 
> Thanks alot guys.
 
 Help, this weekend I am only going think about winbind and samba :-)
:-)
 (no room for beer)

 You may want to check this weeks archives, there have been some
 interesting contributions this week on these topics.

 Best Regards,

 M.

Re: [squid-users] Read Receipts- Why? IT'S A MAILING LIST!

[Marc Elsen]

"Mark A. Lewis" wrote:
> 
> I have noticed that quite a few of the people posting here request read
> receipts. I for one feel that this is basically foolish and should be
> stopped. It is not only a pain for all the subscribers, but produces a
> ton of COMPLETELY unneeded mail from both ends.
 
 Your crusade may and is probably honest.
 But as usual , the debate may create more overhead then
 reduce traffic.

 I simply hit cancel on the request. Bit like the dropping
 attitude of my Firewall for several 'situations'.
 May be the best policy on the long run, since people may have
 this as default setting on their mailer, and you and I are not going
 to control this in the forseeable future...

 M.

Re: [squid-users] Some files can not download via proxy

[Marc Elsen]

[EMAIL PROTECTED] wrote:
> 
> Dear Sir / Madam,
> 
> I use Squid/2.4.STABLE6. All my traffic goes via proxy and it
> works cool but I found one exception. I am unable to download
> some files via proxy. If I want to download file (e.g.:
> http://sxdown.fixdown.net:88/ebook/l-mmsk02-2003-10-09.rar) via
> proxy I get following error message :
> 
> ERROR
> The requested URL could not be retrieved
> 
> --
> While trying to retrieve the URL:
> http://sxdown.fixdown.net:88/ebook/l-mmsk02-2003-10-09.rar
> 
> The following error was encountered:
> 
> Access Denied.
> Access control configuration prevents your request from being
> allowed at this time. Please contact your service provider if you
> feel this is incorrect.
> 
> Your cache administrator is root.
> 
> --
> Generated Thu, 23 Oct 2003 18:07:04 GMT by MyProxy.ext
> (Squid/2.4.STABLE6)
> 
> What I need to configure that it works via proxy.
> 
> Thank you very much, John Su.
> 
> -
> http://mail.centrum.sk/ - Chce¹ nový e-mail, zriaï si ho!
 

 Add port 88 to your safe ports acl in squid.conf.

 M.

Re: [squid-users] memory eat

[Marc Elsen]

Benjamín Vayá wrote:
> 
> Hi:
> 
> I've installed Squid Stable3 and I've a problem with memory resources. My
> server has two CPU 2.6 GHz and 2 GB of RAM. The Swap size is 4 GB.

  2.5.STABLE3 is it ?

> 
> When I starts squid, the RAM decrease progressively until 130MB free and, then,
> it begins to use Swap memory. After a time, all the Swap memory is spent. If I
> stop squid, the free memory dont increase. It seems as if there was somme
> process that does not release memory.
> 
> Somebody can help me?

  Depend, on which os/platform/version ?

  Probably not the case : but Linux can kind of decide to keep free mem.
  for caching. This can often be 'proven' by starting another
  big application, you
  can see that this allocated mem is 'pushed' away for the newly started
  application.

  M.

> 
> Best regards.

-- 

 'Love is truth without any future.
 (M.E. 1997)

Re: [squid-users] 2 GB file size limit

[Marc Elsen]

Bernhard Erdmann wrote:
> 
> > You can't because you probably hit a
> > restriction of your Filesystem , not squid.
> 
> Hi,
> 
> the filesystem (XFS) does support file sizes > 2 GB.
> 
> Regards,
> Bernie

  What's the exact message in cache.log ?

  M.

-- 

 'Love is truth without any future.
 (M.E. 1997)

Re: [squid-users] NTLM entries in cache.log

[Marc Elsen]

Alexander Kiselev wrote:
> 
> Hi all.
> 
> I'm using squid-2.5.STABLE2 with NTLM authentication method. It works good,
> but sometimes users have got password prompt in IE. I don't know why,
> because I don't see any error messages in Squid's log files, except a lot of
> the following in cache.log file:
> 
> 2003/10/23 06:17:49| AuthenticateNTLMHandleReply: invalid callback data.
> Releasing helper '0xc1d6278'.
> 2003/10/23 06:17:49| AuthenticateNTLMHandleReply: invalid callback data.
> Releasing helper '0xc1d6278'.
> 2003/10/23 06:23:40| AuthenticateNTLMHandleReply: invalid callback data.
> Releasing helper '0xe885948'.
> 2003/10/23 06:23:41| AuthenticateNTLMHandleReply: invalid callback data.
> Releasing helper '0xc1d6278'.
> 
> What are the above messages connected with?

http://www.squid-cache.org/mail-archive/squid-users/200301/0522.html



M.

> 
> Thanks.
> Alex.

-- 

 'Love is truth without any future.
 (M.E. 1997)

Re: [squid-users] Squid & FTP

[Marc Elsen]

Greg Darby wrote:
> 
> Thanks for that. How do i do apply the ACL for FTP? Currently there is no
> access at all...
 
 How do you mean, normally ftp is not restricted ?
 Which error is seen in the browser ?

 M.

Re: [squid-users] Squid & FTP

[Marc Elsen]

Greg Darby wrote:
> 
> Hi Marc,
> 
> Your last line  "Ftp sites can be access through squid, using ftp url's
> (only)"
> Do you mean you can or can't have Squid control ftp access ???
> 
  You can have control on which ftp sites can be visited or not
  through squid, using standard acl mechanisms,

  M.

Re: [squid-users] Squid & FTP

[Marc Elsen]

Greg Darby wrote:
> 
> Hi,
> 
> I have Squid running fine on Redhat 7.2 with lots of http access lists and
> squidguard however a need has arisen whereas i need to provide a few
> employees only access to external ftp sites. Can someone pls advise how to
> do this? Currently ftp connections are blocked through Squid. Can i do it
> with Squid or do i have to open up ftp for all clients and use my firewall
> do handle the rest?
> 
 
 You need to realize that squid is a http proxy.
 Ftp sites can be access through squid, using ftp url's (only)

 M.

Re: [squid-users] Compilation information

[Marc Elsen]

Benjamín Vayá wrote:
> 
> Hi there:
> 
> I've installed Squid on Red Hat 9, but I dont remember the options that I've
> used to compile it. Is there any way to know this information?
> 
> Thanks a lot for helping me!!

  %  squid -v

  will list the configure options squid was build with.
  Not the compiler options though.

  M.

-- 

 'Love is truth without any future.
 (M.E. 1997)

Re: [squid-users] Problem with URLs

[Marc Elsen]

GUILLEMOT Yann wrote:
> 
> Hello,
> 
> I use squid 2.5 stable 3 with cache and i have some problem when i want to
> obtain a web page as www.lactalis.fr.
> 
> When i use IE 5.5 sp2 i have a download pop up page  with download
> "/lactalis[1]".
> 
> I remark that i have not the problem with netscape 4.75 and IE 5.0 sp2.
> 
> I don't undestand because IE and Netscape receive the same packets TCP.
> (Ethereal)
> 
> I suppose it's a problem with cache.

  Your test seems to indicate browser issue(s) however.

  Verify this, by if possible connecting to problem url's directly
  whithout squid.

  M.

> 
> I purge completely my cache and i don't have any more problem.
> 
> Also i have the problem when i want to consult PDF File example
> http://www.enterasys.com/products/switching/6C107/6C107.pdf...
> 
> Is it important to purge periodicallty cache ? (Crontab)
> 
> Sincerly.
> 
> Yann Guillemot
> Lactalis Informatique - service réseau
> tel : 02 43 59 51 50
> fax : 02 43 59 27 61

-- 

 'Love is truth without any future.
 (M.E. 1997)

Re: [squid-users] Using MAC Address in ACL

[Marc Elsen]

Frank Chibesakunda wrote:
> 
> How do i use MAC to implement an ACL to block users during a specified
> time...
> 

 http://www.squid-cache.org/Doc/FAQ/FAQ-10.html#ss10.20

 Well the FAQ entry is the first part, the example acl's should
 be combined with a time related acl.

 Note that 'Mac' based solutions are limited to those boxed which
 are on the same subnet as your squid box.

 M.

 
> rgds
> 
> Frank
> 
> --
> PK

-- 

 'Love is truth without any future.
 (M.E. 1997)

Re: [squid-users] Transparent Proxy Problem

[Marc Elsen]

Mahmood Ahmed wrote:
> 
> Hello All!
> 
> I know it very well that the problem i am seeking help about is not squid
> related but as i am so desperate thats why i am asking this question here.
> my squid 2.5 Stable 4 is running very fine, iptables is redirecting the port
> 80 to port 8080 but clients accessing https sites like hotmail and
> rhn.redhat.com are not able to get through. As i am only redirecting http
> traffic and allowing ip_forwarding thats why i cant understand why my clients
> cant access https sites.
> my iptables rule is as follow
> 
> /usr/bin/iptables -t nat -A PREROUTING -p tcp -s 202.133.44.0/0 --dport
> 80:80 -j REDIRECT --to-ports 8080
> I will be very thank full to recieve any help.
> 
> PS: MSN messenger and yahoo messenger are working fine with squid ( no
> problem of login or file transfer)
> 

 You may be bitten by fundamental drawbacks of setups related to transp.
 proxying : does it work when the browser is set to use the proxy
directly ?

 If yes, then some sites for instance check whether 'interleaving' http
-
 https connections come from the same origin when accessing the site
through
 authorization schemes.

 The more fundamental issue is that transp. proxying breaks 
 ip host to host networking 'semantics'. Meaning http 
 proxying should 'execute' at the app. level in the networking stack  
 and should be kept separate and or not intervene with ip (and vice
versa).

 M.

Re: [squid-users] Re. Squid 2.5 with WCCP2 (on Redhat 9)

[Marc Elsen]

Simon Vella wrote:
> 
> Hi,
> 
> We're trying to set up Squid 2.5 with WCCPv2 (on a Redhat 9 server). From
> all the docs we found, we hardly found any info on WCCP2 with Squid. The
> only info is that found with the patch for Squid for WCCP2.
> 
> Could you please clarify some questions?
> a) The WCCPv2 patch (found at
> http://www.swelltech.com/pengies/joe/patches/squid-2.2.wccp2.patch) should
> work with Squid 2.5, right? Is there another patch for Squid 2.5 to support
> WCCPv2?
> b) The WCCPv2 patch for Squid makes squid talk WCCPv2 with the routers. So
> why do we need the ip_wccp.o module for the kernel?
> c) The Cisco router (when it has a cache in its WCCP table) sets up a GRE
> tunnel with the Squid box. As such, we need the kernel to support GRE
> tunneling, and we need to setup the GRE tunnel from the Linux side too,
> right? Also, the linux box must be set up to forward packets.
> d) The Linux box must be set up to use ip_tables to redirect the HTTP
> requests received through the GRE tunnel, to the squid port (8080 in our
> case). The destination IP is not changed, so does the Squid still accept the
> HTTP packet because it is set in HTTP_accelerator mode?
> 
> Hope someone finds time to answer my long email :)

  I am not using WCCP myself but you may find this link informative :

 http://www.sublime.com.au/squid-wccp/ 

  M.

> 
> 10x
> 
> Simon Vella

-- 

 'Love is truth without any future.
 (M.E. 1997)

Re: [squid-users] Control squid VSZ and RSS from growing

[Marc Elsen]

"Zand, Nooshin" wrote:
> 
> What library squid is using?
> Would you please let me know what option did you use for compiling
> squid?
> I used diskd then I switched to aufs.

 I must say I am (still) on Redhat 6.2 (using 2.5STABLE4). This could
 of course be related.
 Direct comparisions should probably come from Redhat 9 users.
 But aufs is advisable on Linux.

 M.

> 
> Regards,
> nooshin
> -----Original Message-
> From: Marc Elsen [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, October 21, 2003 12:03 AM
> To: Zand, Nooshin
> Cc: [EMAIL PROTECTED]
> Subject: Re: [squid-users] Control squid VSZ and RSS from growing
> 
> "Zand, Nooshin" wrote:
> >
> > Hi,
> >
> > How can I control squid VSZ and RSS from growing.
> > Run squid2.5Stable4 on Redhat Linux 9.
> > Here are the list of library in use.
> > Is any known issue on using lpthread on linux?
> >
> >   libcrypt.so.1 => /lib/libcrypt.so.1 (0x4001a000)
> > libpthread.so.0 => /lib/tls/libpthread.so.0 (0x40047000)
> > libm.so.6 => /lib/tls/libm.so.6 (0x40055000)
> > libresolv.so.2 => /lib/libresolv.so.2 (0x40078000)
> > libnsl.so.1 => /lib/libnsl.so.1 (0x4008a000)
> > libc.so.6 => /lib/tls/libc.so.6 (0x4200)
> > /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x4000)
> >
> > Regards,
> > nooshin
> 
>  I have a fairly steady process size, after a few weeks with
> squid on Linux (+aufs in use).
> Make sure 'cache_mem' is set to reasonable value with respect
> to physical mem (e.g).
> 
> M.
> 
> --
> 
>  'Love is truth without any future.
>  (M.E. 1997)

-- 

 'Love is truth without any future.
 (M.E. 1997)

Re: [squid-users] Control squid VSZ and RSS from growing

[Marc Elsen]

"Zand, Nooshin" wrote:
> 
> Hi,
> 
> How can I control squid VSZ and RSS from growing.
> Run squid2.5Stable4 on Redhat Linux 9.
> Here are the list of library in use.
> Is any known issue on using lpthread on linux?
> 
>   libcrypt.so.1 => /lib/libcrypt.so.1 (0x4001a000)
> libpthread.so.0 => /lib/tls/libpthread.so.0 (0x40047000)
> libm.so.6 => /lib/tls/libm.so.6 (0x40055000)
> libresolv.so.2 => /lib/libresolv.so.2 (0x40078000)
> libnsl.so.1 => /lib/libnsl.so.1 (0x4008a000)
> libc.so.6 => /lib/tls/libc.so.6 (0x4200)
> /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x4000)
> 
> Regards,
> nooshin

 I have a fairly steady process size, after a few weeks with
squid on Linux (+aufs in use).
Make sure 'cache_mem' is set to reasonable value with respect
to physical mem (e.g).

M.


-- 

 'Love is truth without any future.
 (M.E. 1997)

Re: [squid-users] RE: Squid process dies constantly

[Marc Elsen]

JOHNSON DAVID R wrote:
> 
> J > >
> > >   Unfortunately the Squid process dies constanlty on us here a HU.
> We
> > > have around 3000 users that connect to Squid in order to use the
> internet.
> > > I am using the squid_ldap_auth module and it works great but for some
> > > reason the squid child processes seem to fail and the Squid module
> becomes
> > > corrupt. Upon attempt to restart the service the parent process tries to
> > > spawn some children but then the parent dies. This has happened 5 times
> so
> > > far and 2x in 1 day! I have checked the access logs to see if maybe some
> > > app is causing the process to crash but the ACLs i have in place block
> > > problem sites such as gator and statblaster. I tried increasing the
> number
> > > of child processes to 32 but that did not solve the problem either.
> > >
> > >   Has anyone had this problem or know a fix?
> 
>  Which version of squid are you using ?
> 
> > > squid-2.4.STABLE7-4

 Hmm, you are likely to get advised 'from everyone' to use
 the latest stable release (2.5S4)

 Support for 2.4 versions is fading out, (rapid).

> 
>  On which platform/os/version ?
> 
> > > Red Hat Linux release 8.0 (Psyche)
> 
>  What's in cache.log when squid dies ?
> > > Here is a tail of the cache.log
> 
> > >2003/10/18 02:14:27| helperOpenServers: Starting 30 'squid_ldap_auth'
> processes
> > > 2003/10/18 02:14:27| Unlinkd pipe opened on FD 39
> > > 2003/10/18 02:14:27| Swap maxSize 102400 KB, estimated 7876 objects
> > > 2003/10/18 02:14:27| Target number of buckets: 393
> > > 2003/10/18 02:14:27| Using 8192 Store buckets
> > > 2003/10/18 02:14:27| Max Mem  size: 8192 KB
> > > 2003/10/18 02:14:27| Max Swap size: 102400 KB
> > > 2003/10/18 02:14:27| Rebuilding storage in /var/spool/squid (DIRTY)
> > > 2003/10/18 02:14:27| Using Least Load store dir selection
> > > 2003/10/18 02:14:27| Set Current Directory to /var/spool/squid

 This 'window' from the file, does not give the info I am looking for.
 I just mean, as squid crashes look for something like 'FATAL'.

 I need a full startup trace and what is just before that (the crash
 probably).


 Best Regards,

 M.

> 
> 
> M.
> 
> --
> 
>  'Love is truth without any future.
>  (M.E. 1997)

-- 

 'Love is truth without any future.
 (M.E. 1997)

Re: [squid-users] squid and kswapd cpu problem

[Marc Elsen]

Anders Larsson wrote:
> 
> Ok ill test that
> 
> But the machine has 4Gb ram so why not using 500MB ? is it better to let
> squid increase if it's needed?

 Ok, look at the process size versus in-memory-part, (RSS) to see
 whether squid 'fits' or not.
 I advise to try the low cache_mem setting,for starters anyway.

 M.

> 
> // Anders
> 
> On Mon, 2003-10-20 at 13:58, Marc Elsen wrote:
> > Anders Larsson wrote:
> > >
> > > Hi!
> > >
> > > We have a squid 2.4.STABLE7 l with kernel-2.4.22
> > > Then problem is that the machine get very high load and kswapd takes
> > > about 100% of the cpu this happens when there are lots of new requests
> > > to squid and when squid has taken around 800Mb ram..  the high load
> > > stays for aboun 30 min.
> > >
> > > any hints what we can do for for this?
> > >
> > > some related squid.conf infos
> > >
> > > cache_mem 500 MB
> > > cache_swap_low 90
> > > cache_swap_high 95
> > > maximum_object_size_in_memory 8 KB
> > > cache_dir ufs /var/spool/squid 4000 16 256
> > > negative_ttl 1 minutes
> > > positive_dns_ttl 1 hours
> > > negative_dns_ttl 1 minutes
> > >
> >
> >  Reduce :
> >
> >cache_mem
> >
> >  setting to 16 or 32Mb. Read full comments on this parameter in
> >  squid.conf.default.
> >
> >  M.
> --

-- 

 'Love is truth without any future.
 (M.E. 1997)

Re: [squid-users] RE: Squid process dies constantly

[Marc Elsen]

J > >
> >   Unfortunately the Squid process dies constanlty on us here a HU. We
> > have around 3000 users that connect to Squid in order to use the internet.
> > I am using the squid_ldap_auth module and it works great but for some
> > reason the squid child processes seem to fail and the Squid module becomes
> > corrupt. Upon attempt to restart the service the parent process tries to
> > spawn some children but then the parent dies. This has happened 5 times so
> > far and 2x in 1 day! I have checked the access logs to see if maybe some
> > app is causing the process to crash but the ACLs i have in place block
> > problem sites such as gator and statblaster. I tried increasing the number
> > of child processes to 32 but that did not solve the problem either.
> >
> >   Has anyone had this problem or know a fix?

 Which version of squid are you using ?
 On which platform/os/version ?

 What's in cache.log when squid dies ?

 M.


-- 

 'Love is truth without any future.
 (M.E. 1997)

Re: [squid-users] squid and kswapd cpu problem

[Marc Elsen]

Anders Larsson wrote:
> 
> Hi!
> 
> We have a squid 2.4.STABLE7 l with kernel-2.4.22
> Then problem is that the machine get very high load and kswapd takes
> about 100% of the cpu this happens when there are lots of new requests
> to squid and when squid has taken around 800Mb ram..  the high load
> stays for aboun 30 min.
> 
> any hints what we can do for for this?
> 
> some related squid.conf infos
> 
> cache_mem 500 MB
> cache_swap_low 90
> cache_swap_high 95
> maximum_object_size_in_memory 8 KB
> cache_dir ufs /var/spool/squid 4000 16 256
> negative_ttl 1 minutes
> positive_dns_ttl 1 hours
> negative_dns_ttl 1 minutes
> 
 
 Reduce :

   cache_mem

 setting to 16 or 32Mb. Read full comments on this parameter in
 squid.conf.default.

 M.

Re: [squid-users] SQUID and WCCP on CISCO router

[Marc Elsen]

Wilhelm Farrugia wrote:
> 
> Hello,
> 
> Can someone help me install and configure squid to work with wccp and a
> cisco router running IOS 122-19. I am installing the latest stable squid
> version on Linux Redhat 9.
> 
> Thank you,
> Regards,

  http://www.sublime.com.au/squid-wccp/

  M.

  
> 
> Wilhelm

-- 

 'Love is truth without any future.
 (M.E. 1997)

Re: [squid-users] How to avoid proxying for some sites?

[Marc Elsen]

Boniforti Flavio wrote:
> 
> Hello all.
> 
> I would like to know _how_ do I have to configure squid to tell it that
> accessing a defined site (mysite.org) doesn't have to be handled by
> squid (that is, the server on "mysite.org" should see the client's IP
> address and not squid's one).

 Your question is confusing , do you mean not handled by squid OR
see the client's IP when going through squid ?

 M.

> 
> Thank you!

-- 

 'Love is truth without any future.
 (M.E. 1997)

Re: [squid-users] smb_auth then refresh behavior

[Marc Elsen]

David wrote:
> 
> Hello all,
> 
> Squid 2.4.6 on Debian 3.0
> & from squid.conf...
> authenticate_program /usr/lib/squid/smb_auth -W our_domain -U w.x.y.z
> 
> Each time a user opens a browser they are challenged for their username and
> password as normal but then once the authentication has taken place they
> receive a "This page cannot be displayed" error.  If they click on the
> refresh button they then receive the page.

  http://www.squid-cache.org/Doc/FAQ/FAQ-5.html#ss5.13

  
> 
> Is that normal?  I seem to remember the page being displayed correctly when I
> first put these systems in many moons ago.
> 
> Also, what's the state of play with Samba 3 & Squid 2.5 etc.?  I'm trying to
> make another Debian machine play with wb_ntlmauth and all I get is the "Can't
> connect to winbindd. Dying" error even though I can ping winbindd and wbinfo
> -a mydomain\\myuser%password works fine.  There are similar errors in the
> cache.log and when I run wb_auth -d.
> 
> Please let me know if you need more info.
> 
> Cheers,
> 
> David.

-- 

 'Love is truth without any future.
 (M.E. 1997)

Re: [squid-users] Does SQUID handle relative URI

[Marc Elsen]

Harish Siddaiah wrote:
> 
> Hello,
> 
> I would like to send my HTTP request to a proxy server as POST /relativeuri/
> HTTP1.1 .
> 
> But it seems that SQUID doesn't like it? Is there any configuration setting
> to get rid of that problem?

  ??

  Squid is not a webserver.

  Any POST 'command' like that is bogus.

  M.

> 
> Thanks.
> 
> Harish
> 
> _
> Hotmail messages direct to your mobile phone http://www.msn.co.uk/msnmobile

-- 

 'Love is truth without any future.
 (M.E. 1997)

Re: [squid-users] HTTP Relay and limit bandwitdth ...

[Marc Elsen]

Olivier BELLON wrote:
> 
> Hi all,
> 
> I would like to know if it's possible to setup Squid to act as a "HTTP
> Proxy Relay" (without cache) with the capability to limit bandwidth for
> each connection.
> In fact, I want this "HTTP Proxy Relay" redirect all the http requests of
> our students to an already installed proxy without having a local cache
> (like a transparent proxy ?) and i want to limit each connection from ip
> range to 64 kB / seconds.
> 
> If it's possible, could you help me to setup this ?

  You can configure squid with no cache using the directive

cache_dir null  /null

  This assumes squid was configured with the null storage device :

  % ./configure --enable-storeio=null,ufs


  You can use delay pools for limiting bandwith per connection.
  See squid.conf.default for details.

  M.



> 
> Best regards to all
> Olivier B.

-- 

 'Love is truth without any future.
 (M.E. 1997)

Re: [squid-users] squid exited on signal 4 on FreeBSD

[Marc Elsen]

[EMAIL PROTECTED] wrote:
> 
> Hi
> 
> I have squid 2.5.STABLE3 running on FreeBSD-STABLE.
> Some times (once on day, one week) squid ended with signal 4, I don't why.
> You see log:
> = logs ===
> Sep 24 18:12:31 posejdon /kernel: pid 73950 (squid), uid 65534: exited on signal 4
> Sep 24 18:12:31 posejdon /kernel: Sep 24 18:12:31 posejdon /kernel: pid 73950 
> (squid), uid 65534: exited on signal 4
> Sep 24 18:12:31 posejdon squid[24588]: Squid Parent: child process 73950 exited due 
> to signal 4
> Sep 24 18:12:34 posejdon squid[24588]: Squid Parent: child process 22766 started
> Sep 24 18:12:34 posejdon squid[22766]: Starting Squid Cache version 2.5.STABLE3 for 
> i386-portbld-freebsd4.8...
> Sep 24 18:12:34 posejdon squid[22766]: Process ID 22766
> Sep 24 18:12:34 posejdon squid[22766]: With 11095 file descriptors available
> Sep 24 18:12:34 posejdon squid[22766]: Performing DNS Tests...
> Sep 24 18:12:34 posejdon squid[22766]: Successful DNS name lookup tests...
> Sep 24 18:12:34 posejdon squid[22766]: DNS Socket created at 0.0.0.0, port 3524, FD 5
> Sep 24 18:12:34 posejdon squid[22766]: Adding nameserver 217.173.198.2 from 
> squid.conf
> Sep 24 18:12:34 posejdon squid[22766]: Adding nameserver 217.173.198.3 from 
> squid.conf
> Sep 24 18:12:34 posejdon squid[22766]: Unlinkd pipe opened on FD 11
> Sep 24 18:12:34 posejdon squid[22766]: Swap maxSize 24576000 KB, estimated 1890461 
> objects
> Sep 24 18:12:34 posejdon squid[22766]: Target number of buckets: 94523
> Sep 24 18:12:34 posejdon squid[22766]: Using 131072 Store buckets
> Sep 24 18:12:34 posejdon squid[22766]: Max Mem  size: 8192 KB
> Sep 24 18:12:34 posejdon squid[22766]: Max Swap size: 24576000 KB
> Sep 24 18:12:34 posejdon squid[22766]: Rebuilding storage in /usr/home/w3cache 
> (DIRTY)
>  

 - Use the latest stable release (STABLE4)

 - Make sure that none of your log files are extremely big (>2Gig)

 - Depending, on kernel source,etc. installed you may have 
include.h in sys dirs.  Examining this file gives the meaning of
signal 4, I don't know the path of in freebsd however. However
this may not always be relevant, see my next point :

 - In worst case,this could be related to compiler (gcc) errors,
compile without optimization.

 Happy Debugging,

 M.

Re: [squid-users] Website Logon/Timeout Problem (Help me beat Microsoft! - Please)

[Marc Elsen]

[EMAIL PROTECTED] wrote:
> 
> We have installed Squid on one of our school servers and it is fast,
> very fast.
> Unfortunately we can't switch to it just yet as we have a problem.
> When we are on a web site that requires us to log on eg
> username/password - once we press submit the system just hangs
> doesn't want to know. We can get onto sites but if that site requires a
> logon it's just no go.
> We are desperate to move onto squid (and move away from *Microsoft*) but
> until we resolve this issue we can't.
> 
> Some information about our Squid setup:
> 
> Installed to Linux server.
> 
> Linux – distribution is Clarkconnect (CC) 1.3 - which is Redhat 7.3. (we
> do not know Linux and wanted a turnkey solution). CC offers 2 choices –
> gateway and stand alone. Gateway installs firewall which is not required
> and adds complications in client setup. So we have set up as stand alone
> and added 2nd NIC for external access and then only installed Squid. To
> best of knowledge there is no firewall or other software installed.
> 
> Squid – installed using apt-get from clarkconnect. Version 2.4. Not
> running in transparent mode (clients are all explicitly pointing to the
> proxy server via W2K GPO). Have tried installing 2.5 (in case of SSL
> problems) but wanted dependent applications and lack of Linux knowledge
> prevented further investigation and see below for SSL workround failure.
> 
> Our proxy looks upstream to a parent proxy server at our ISP.
> 
> Clients – in IE (or Mozilla – same problems occur with both) – proxy is
> set to point to the proxy server and port. We have tried pointing the
> SSL proxy to a different proxy server which should work ('cos it does
> when all settings point to it) - but it does not. [All Clients do work
> with identical settings (except ip and port) when pointing at MS Proxy,
> Netscape Proxy and Mailtraq Proxy servers].
> 
> We have posted on CC forums without success.
> 
> Problem exists on the following url:
> http://www.clarkconnect.com/forums/search.php?Catenter a subject and
> then click submit - client hangs. Same with several login pages/scripts
> on other websites.
> 
> Does anyone know the answer?
 
 In case of a parent ISP and no direct Internet access for your squid,
then you need :

   never_direct allow al

in squid.conf

M.

Re: [squid-users] Acces to a non anomymous FTP site through squid

[Marc Elsen]

>...
> 
> If it's possible, I would like to configure squid to doing it
> automatically.
> Can I configure it for redirecting the addres ftp://ftp.foo.com/ to
> ftp://username:[EMAIL PROTECTED] ?
> 
> Do you know if it possible ?

 Not by default no, you would need to write some sort of redirector
 for that.

 M.

> 
> Thanks by advance
> 
> Thierry

-- 

 'Love is truth without any future.
 (M.E. 1997)

Re: [squid-users] Unable to retrieve an URL when it is first access

[Marc Elsen]

LINDER Thierry wrote:
> 
> Hello,
> 
> I've installed the latest stable version of squid on a RedHat 9 Linux server.
> It works very well but I found a particula situation:
> 
> If a user has a default html page with special caracters when he launch his browser, 
> the proxy send hime back an error(ERR_INVALID_URL):
> ...

 
 Check access.log in this case, see what squid receives for this
 request.

 Verify whether this isn't a browser issue
 (bug ?). Try with different browser(s)

 M.

Re: [squid-users] Acces to a non anomymous FTP site through squid

[Marc Elsen]

LINDER Thierry wrote:
> 
> Hello,
> 
> I've installed the lastest stable version of squid on a RedHat 9 Linux
> server.
> It works well for HTTP and FTP (ftp://...) connection.
> 
> If I use an URL ftp://..., squid authenticate me as anonymous user with
> a password specified in my squid.conf file ftp_user.
> Well, but I would like to open an ftp://... session on a specific site
> with an another couple of username/password.
> On this site, the anonymous entry is not valid.
> 
> I've read through the FAQ, configuration guide and I don't find any
> information how I can resolve that!
> 
> Does I need to create a specific ACL for that ?
> If it's the case, thanks for your help.
> 
> Thierry Linder

  Use this syntax :

  ftp://username:[EMAIL PROTECTED]/

  M.


-- 

 'Love is truth without any future.
 (M.E. 1997)

Re: [squid-users] cannot connect to localhost : 3128 : connection refused

[Marc Elsen]

Phil Lucs wrote:
> 
> Hello to everyone,
> 
> I am having difficulty getting Squid to run at work where I need to set up a
> proxy cache server that connects to another proxy cache server already
> running squid.
> 
> When I run squidclient to see if Squid is correctly configured I get the
> ever present:
> 
> Client: ERROR: Cannot connect to localhost:3128: Connection refused
> 
> I've been hacking around at the squid.conf and it has changed dramatically
> from the configuration file i have started with, and is becoming less
> understandable to me.
> 
> I want to show you the squid.conf file but first i need to explain a few
> details about the IP addresses.
> 172.28.18.22 is the static IP address assigned to the proxy cache server
> running squid which is not yet functional.
> 172.28.30.87 is the IP address of the gateway through which all traffic
> leaving the internal network to the internet must go through. Hence it is
> the upstream proxy cache I want as a cache peer - an upstream proxy cache.
> 
> This is the squid.conf file:
> 
> cache_mgr [EMAIL PROTECTED]
> http_port 172.28.18.22:3128
> http_port 127.0.0.1:3128
> 
> icp_port 0
> htcp_port 0
> cache_dir ufs /usr/local/squid/var/cache 100 16 256
> cache_access_log /usr/local/squid/var/logs/access.log
> cache_log /usr/local/squid/var/logs/cache.log
> cache_store_log /usr/local/squid/var/logs/store.log
> 
> cache_peer 172.28.30.87 parent 80 0 default no-query
> cache_peer 172.28.30.87 parent 3128 3130 default no-query
> 
> acl all src 0.0.0.0/0.0.0.0
> acl manager proto cache_object
> acl localhost src 127.0.0.1/255.255.255.255
> acl local_net src 172.28.0.0/255.255.0.0
> acl SSL_ports port 443 563
> acl Safe_ports port 80 21 443 563 70 210 1025-65535
> acl CONNECT method CONNECT
> 
> http_access allow manager localhost
> # http_access deny manager
> http_access deny !Safe_ports
> http_access deny CONNECT !SSL_ports
> http_access allow localhost
> http_access allow local_net
> # http_access deny all
> 
> icp_access allow all
> 
> miss_access allow all
> 
> If anyone can help me I would be greatly appreciative. The team and I need
> the squid log files to monitor the performance of distributed proxy caches
> by returning counter datum.
> 
> All the best,
> Phillip Lucs


 What's in cache.log when squid is started ?

 M.

-- 

 'Love is truth without any future.
 (M.E. 1997)

Re: [squid-users] squid + snmp

[Marc Elsen]

Aleksandar Simonovski wrote:
> 
> hi,
> if someone can tell me wtah i'm doing wrong here
> i get this error when i try cfgmaker:
> 
> /usr/bin/cfgmaker --global 'WorkDir: /var/www/html/squid' --global 'Options[_]: 
> bits,growright' --output  /etc/mrtg.squid.cfg [EMAIL PROTECTED]:3401
> 
> SNMP Error:
> Received SNMP response with error code
>   error status: noSuchName
>   index 1 (OID: 1.3.6.1.2.1.1.1.0)
> SNMPv1_Session (remote host: "xxx.xxx.xxx.xxx" [xxx.xxx.xxx.xxx].3401)
>   community: "public"
>  request ID: 1557196032
> PDU bufsize: 8000 bytes
> timeout: 2s
> retries: 5
> backoff: 1)
> SNMPGET Problem for sysDescr sysContact sysName sysLocation sysObjectID on [EMAIL 
> PROTECTED]:3401
> --base: Vendor Id:
> --base: Populating confcache
> 
> This is in my squid.conf:
> 
> acl kes src xxx.xxx.xxx.xxx
> acl snmppublic snmp_community public
> snmp_access allow snmppublic kes
> anmp_access deny all
> 
> Can i use cfgmaker with squid or not

 Think not; you need to download the SQUID mib, specify it in mrtg.conf
 with the 'LoadMib' command, then use wanted stats related to squid in
 mrtg.cfg.

 You may find examples in the archives,even googeling on squid,mrtg etc.
 may return samples already.

 M.

> 
> thanx

-- 

 'Love is truth without any future.
 (M.E. 1997)

Re: [squid-users] Squid accounting.

[Marc Elsen]

Rio Martin wrote:
> 
> Dear all,
> I have a plan to build squid as an authentication machines for web access to
> all of my users. Squid would be act as an authentication gateway and squid
> should be able to handle accounting for all of the users.
> 
> Does anyone know good software or online documentation regarding this ?
> Thanks ..
> 
> Regards,
> Rio Martin.

  http://www.squid-cache.org/Scripts/


  M.

-- 

 'Love is truth without any future.
 (M.E. 1997)

Re: [squid-users] Any ideas on the FATAL error

[Marc Elsen]

Meyerovich Aleksandr EB_NY wrote:
> 
> Once in two weeks or so Squid crashes and re-starts until it finally dies.
> 
> This messages are found in the cache.log file:
> 
> FATAL: Received Segment Violation...dying.
> 2003/10/03 23:22:30| Not currently OK to rewrite swap log.
> 2003/10/03 23:22:30| storeDirWriteCleanLogs: Operation aborted.
> CPU Usage: 0.094 seconds = 0.080 user + 0.014 sys
> Maximum Resident Size: 0 KB
> Page faults with physical i/o: 2731
> Memory usage for squid via mallinfo():
> total space in arena:2101 KB
> Ordinary blocks: 2092 KB  2 blks
> Small blocks:   0 KB  0 blks
> Holding blocks:   200 KB  1 blks
> Free Small blocks:  0 KB
> Free Ordinary blocks:   9 KB
> Total in use:2292 KB 109%
> Total free: 9 KB 0%
> 2003/10/03 23:22:33| Starting Squid Cache version 2.5.STABLE1 for 
> i686-pc-linux-gnu...
> 2003/10/03 23:22:33| Process ID 17069
> 2003/10/03 23:22:33| With 1024 file descriptors available
> 2003/10/03 23:22:33| Performing DNS Tests...
> 
> The platform is RedHat 8.0



  Advising to upgrade to 2.5.STABLE4

  M.

Re: [squid-users] Trouble with access.log

[Marc Elsen]

matt wrote:
> 
> Hello,
> 
> I am writing on behalf of my school, which uses the
> Squid proxy (on Linux) to block access to porn,
> violence, drugs, and other materials accessable on the
> internet.
> 
> We have run into an issue which I was wondering if
> anyone knows of a fix (in squid.conf, or otherwise)
> for...
> 
> When the access.log records accesses (including a
> TCP_DENY that is a blocked site), a URL such as a
> Google search that has the "?" (query) character in it
> is cut off at the question-mark. This can be
> problematic when a Google search is blocked for /some/
> reason, but we cannot tell what the search was
> actually for.
> 
> Is there something we can do to have the entire URL
> logged / is there a new version of Squid that corrects
> this?
> 
> Thanks in advance,
> matt garber

  
#  TAG: strip_query_terms
#   By default, Squid strips query terms from requested URLs before
#   logging.  This protects your user's privacy.
#
#Default:
# strip_query_terms on


 Set this parameter to off in squid.conf.

 M.

Re: [squid-users] Can i block ftp server ?

[Marc Elsen]

Soccal Andrea wrote:
> 
> hi guys
> can i block an ftp server or squid snif only http protocol (i don't remeber)
> 
> for example ftp://ftp.com ?
> 
> chers
 
 Squid supports ftp url's in browsers. You can block the FTP protocol
 in squid by using appropriate ACL statements in squid.conf.
 
 Check the FAQ for starters.

 M.

Re: [squid-users] problem with updates on max osx

[Marc Elsen]

Chris Debono wrote:
> 
> Hi
> 
> 
> 
> I have some mac OSX clients using a squid as transparent proxy and
> browsing works fine, however I have a problem downloading the max OSX
> updates. As soon as it tries to download them, I get an error.

 What is the error, then ?


 M.

Re: [squid-users] Somebody send me the conf file ?

[Marc Elsen]

Boniforti Flavio wrote:
> 
> I need to get my hands on a NEW squid 2.5ST1 conf file, not edited by
> anyone!
> 
 What about :

 squid.conf.default

 which is always there.

 M.

Re: [squid-users] how to unsubscribe from this mailing list ?

[Marc Elsen]

Maged Hussein wrote:
> 
> Hello Guys,
> 
> My email will be changed to another one, so i need to remove this email
> [EMAIL PROTECTED]
> how that

 This info is >easily< available in the full headers of each mail
 you receive from this list or at :

 http://www.squid-cache.org/mailing-lists.html

 (...!)

 M.


-- 

 'Love is truth without any future.
 (M.E. 1997)

Re: [squid-users] Block stream

[Marc Elsen]

Soccal Andrea wrote:
> 
> hi
> how to block stream audio video ?
> thks
> 
  Basically, this is not a  squid question. Since SQUID deals with
  http only.
 
  If you mean,apps. using http as a transport mechanism, then again
  there is no 'one click' solution : depending on mime types used by
  the application this could for instance be used for blocking  purposes
  through appropriate ACL configuration(s) in SQUID.

  Each application will have to be tackled/blocked by this kind
  of 'fingerprinting' and taking appropriate acl 'steps' in squid.conf
(e.g).


 M.

Re: [squid-users] VIM Editor

[Marc Elsen]

Awie wrote:
> 
> All,
> 
> I copied to the file squid.conf to CD-RW by using MS Windows based software.
> After copying back to Linux I found a [dos] note at the bottom of VIM
> editor. There is no ASCII characters in the scripts.
> 
> Is it possible the [dos] note cause some problem to Squid?

 Possibly , verify with :

  % squid -k parse

 M.

> 
> Please advise.
> 
> Thx & Rgds,
> 
> Awie

-- 

 'Love is truth without any future.
 (M.E. 1997)

Re: [squid-users] Help: DNS tests

[Marc Elsen]

mauro wrote:
> 
> Hello.
> As I try to run squid from /sbin/ with -NCd1 options, system makes DNS tests
> that fail if I'm disconnected from internet. No problem if a connection is
> running. This is a proper work? The above option reads from etc/resolv.conf
> right? This should work even if there's no connection...or I'm wrong? A last

 How do you expect,to  'lookup' www.microsoft.com  , if you have no
 internet connection.
 Perhaps , you want to ask something else. Rephrase ?

> question...have I to rerun -NCd1 and -z options every time I boot squid?
> Thanks in advance

 No.

 M.


-- 

 'Love is truth without any future.
 (M.E. 1997)

Re: [squid-users] Ftp THrough proxy

[Marc Elsen]

michel lodap wrote:
> 
> Hi All,
> 
> Iam having trouble ftp-ing through squid
> It's working fine when I don't go through or when I use a ftp client.
> 
> For exemple I went to the hp web site and tried to download some
> drivers(there is no restrictions at all concerning downloads).
> This is what I am getting.
> 
> ERROR
> The requested URL could not be retrieved
> 
> The following URL could not be retrieved:
> 
> ftp://ftp.hp.com/pub/softlib/software1/lj845/lj-1908-1/lj845en.exe
> 
> Squid sent the following FTP command:
> 
> RETR lj845en.exe
> and then received this reply
> Can't build data connection: Connection timed out.This might be caused by
> an FTP URL with an absolute path (which does not comply with RFC 1738). If
> this is the cause, then the file can be found at
> ftp://ftp.hp.com/%2f/pub/softlib/software1/lj845/lj-1908-1/lj845en.exe.
> 
> Your cache administrator is root
> 
> Any advice?
> Many thanks in advance
  

 Hm, the original url works for me.
 Through squid 2.5S4 on redhat 6.2

 Make sure that you are not confronted with firewalling issues.

 A good test,for instance is, to see what happens if the ftp is done
 manually with the ftp command from the squid box.

 M.

Re: [squid-users] no cache on website

[Marc Elsen]

Jay Turner wrote:
> 
> Will always_direct produce the same results?
> 
> ie pages won't be served from the cache as the request will be sent directly
> to the origin server.
> Or is this only applicable in proxy chaining?
> 
> 
 Yes, this is unrelated to your original question : always_direct
relates
to the use of cache hierarchies.

M.

Re: [squid-users] no cache on website

[Marc Elsen]

Fritz Mesedilla wrote:
> 
> Hello!
> I have a simple question... I want certain websites not to be cached by squid.
> For example, we have a stats website and we don't want it cached.
> How do this?
> 
> 
 Checkout the :
 
  no_cache

 directive in squid.conf.

 M.

Re: [squid-users] Using squidGuard to redirect to non sitefinder page...

[Marc Elsen]

"Neil A. Hillard" wrote:
> 
> Hi,
> 
> I've been asked to redirect all unregistered .com and .net domains
> (that would now go to VeriSign's sitefinder) to our own internal 'The
> domain you entered doesn't exist' page.

 Your are on the forefront of the 'real internet' :-) .

> 
> I'm currently running squidGuard and everythings working OK.  I've
> added a new rule in so that my domainlist contains the following:
> 
> 64.94.110.11
> 
> but unfortunately the site doesn't get blocked when I go to
> http://www.verisignsuck.com/ but does when I go to http://64.94.110.11/
> 
> I'm assuming that squidGuard doesn't perform reverse lookups.  Does any
> one know any way around this with squidGuard ???  If not can you recommend
> a different redirector that will handle this ???
> 
> Many thanks in advance,
> 

 Perhaps put the domain name in the blacklist too :

 sitefinder.verisign.com

 This may help.
 
 M.

Re: [squid-users] Squid is VERY slow on two urls.

[Marc Elsen]

[EMAIL PROTECTED] wrote:
> 
> Hello,
> 
> we have to proxy-servers, one squid 2.5stable3 and one older
> Netscape-proxyserver.
> 
> The squid is working very fine, but htis two URLS
> http://www.soqrates.de/soqrates/
> https://195.226.162.38/projects/piconew/index.html
> 
> They are VERY VERY Slow.
> Browsing this URLs via the Netscape-Proxy is very fast. Both proxys use the
> same connection to the internet.
> All other urls are working fast on both machines.
> 
> Where can I find a way to solv thsi, because we want to turn of the
> Netscape very soon.
> 
> Kind regards
> 
> Stefan Vogel

 This problem does not exist for me (2.5S3 on redhat 6.2).

 Meaning the sentence 'squid is slow for 2 urls' must be fine tuned
 and is related to your particular infrastructure and setup.
 Things to check

   - FAQ : Os specifics for your platform
   - Check cache.log
   - Watchout for dns errors in cache.log (e.g)

 M.


-- 

 'Love is truth without any future.
 (M.E. 1997)

Re: [squid-users] "assertion failed" on exit

[Marc Elsen]

oleg-s wrote:
> 
> hello.
> is this a bug or just normal under some circumstances?
> -
> 2003/09/17 05:17:12| FD 7 Closing HTTP connection
> 2003/09/17 05:17:12| Shutting down...
> 2003/09/17 05:17:12| assertion failed: digest/auth_digest.c:551: 
> "memPoolInUseCount(digest_request_pool) == 0"
> 2003/09/17 05:17:12| assertion failed: digest/auth_digest.c:487: 
> "memPoolInUseCount(digest_user_pool) == 0"
> 2003/09/17 05:17:12| assertion failed: digest/auth_digest.c:240: 
> "memPoolInUseCount(digest_nonce_pool) == 0"
> 2003/09/17 05:17:12| Closing unlinkd pipe on FD 35
> 2003/09/17 05:17:12| storeDirWriteCleanLogs: Starting...
> 2003/09/17 05:17:14| 65536 entries written so far.
> 2003/09/17 05:17:14|131072 entries written so far.
> 2003/09/17 05:17:22|196608 entries written so far.
> 2003/09/17 05:17:25|   Finished.  Wrote 204811 entries.
> 2003/09/17 05:17:25|   Took 12.7 seconds (16066.7 entries/sec).
> CPU Usage: 636.840 seconds = 320.510 user + 316.330 sys
> Maximum Resident Size: 0 KB
> Page faults with physical i/o: 665
> Memory usage for squid via mallinfo():
> total space in arena:   63249 KB
> Ordinary blocks:63121 KB   2405 blks
> Small blocks:   0 KB  0 blks
> Holding blocks:   200 KB  1 blks
> Free Small blocks:  0 KB
> Free Ordinary blocks: 128 KB
> Total in use:   63321 KB 100%
> Total free:   128 KB 0%
> 2003/09/17 05:17:25| Open FD  37 squid -> diskd
> 2003/09/17 05:17:25| Squid Cache (Version 2.5.STABLE3): Exiting normally.
> ---
> thanks for answers.
> oleg

 All assertion messages are bug related.

 Have a go with the lastest STABLE4 release.

 M.


-- 

 'Love is truth without any future.
 (M.E. 1997)

Re: [squid-users] TCP_MISS/000

[Marc Elsen]

Andrew Boening wrote:
> 
> Hi all,
> 
> Seem to be getting around 10 websites that give this error in the log
> 
> TCP_MISS/000 0 GET http://www.neowin.net/ - NONE/- -
> 
> We are running Squid v2.4STABLE1 as a transparent proxy
> 
> Wondering if there is a resolve for this issue, or whether we should update
> to v2.5STABLE3
> 
> Cheers,

 Mostly seen , when the browser aborts the connection, before any data
 from the site is received.
 Your connection to this site may be sluggish for various 'internet
reasons'.

 Upgrading is advised anyway, note that the current stable release is 
 STABLE4

 M.

> 
> Andrew
> GoldenIT

-- 

 'Love is truth without any future.
 (M.E. 1997)

Re: [squid-users] WCCP-Hotmail-Yahoo...

[Marc Elsen]

Valton Hashani wrote:
> 
> Hi all,
> Can you help me in this one, please.
> I cannot enter mail.yahoo.com and hotmail.com (inbox). Squid box is working
> as transparent proxy using WCCP with  Cisco 7200 router.
> I have read almost all emails that are in mailing list which have to do with
> this problem but I haven't found anything for transparent proxy which is
> configured to run with WCCP. I believe you have experienced this problem.
> Thank you in advance.
> Valton

 Does it work, when the browser is set to use the squid directly,
 via proxy conf ?

 If so , you may want to opt for not using trans. proxying.

 Some services (webserver), check whether subsequent https connections
 are the coming from the same origin as the original http access.

 There's no solution, other then not to use transp. proxing in this
case.

 M.


-- 

 'Love is truth without any future.
 (M.E. 1997)

Re: [squid-users] cache initialization problem

[Marc Elsen]

Fritz Mesedilla wrote:
> 
> I keep getting this error:
> 
> /usr/local/squid/sbin/squid -f /usr/local/squid/etc/squid.conf -z
> 
> 2003/08/27 17:07:59| Squid is not safe to run as root!  If you must
> 2003/08/27 17:07:59| start Squid as root, then you must configure
> 2003/08/27 17:07:59| it to run as a non-priveledged user with the
> 2003/08/27 17:07:59| 'cache_effective_user' option in the config file.
> FATAL: Don't run Squid as root, set 'cache_effective_user'!
> Squid Cache (Version 2.5.STABLE3): Terminated abnormally.
> CPU Usage: 0.006 seconds = 0.006 user + 0.000 sys
> Maximum Resident Size: 0 KB
> Page faults with physical i/o: 235
> 
> I have set
> cache_effective_user squid
> cache_effective_group squid
 
 What does :

squid -k parse

 have to say ?

 M.

Re: [squid-users] Can squid support huge website ?

[Marc Elsen]

alit alit wrote:
> 
> Dear sir/madam
> 
> I am a software programmer and website administrator working in one of the
> biggest websites in China.  The page view of my company's website is top 10
> in china and top 150 in the world. Therefore, I want to use the squid as  a
> reverse proxy server to reduce  the load of the webservers in my company's
> website.
> 
> But when I use the squid , I found that the squid is very slow !!  It is
> slower even then using apache directly. So I want to know if the squid just
> can use in the small website? And it can't support more then 1500
> connections at the same time ? Or maybe I didn't do a corrent
> configuration.
> 
> this is my squid.conf and squid installed in red hat linux 6.2:
> #visible name
> visible_hostname 61.144.56.59
> memory_replacement_policy heap LFUDA
> cache_replacement_policy heap LFUDA
> # cache config: space use 10G and memory use 2048M
> cache_dir ufs /home/squid/var/cache 9216 32 256
> cache_mem 700 MB
> cache_effective_user nobody
> cache_effective_group nobody
> 
> http_port 80
> httpd_accel_host 61.140.254.153
> httpd_accel_single_host on
> httpd_accel_port 80
> #httpd_accel_uses_host_header on
> #httpd_accel_with_proxy on
> 
> # accelerater my domain only
> acl acceleratedHostA dstdomain .gznet.com
> acl acceleratedHostB dstdomain .avl.com.cn
> # accelerater http protocol on port 80
> acl acceleratedProtocol protocol HTTP
> acl acceleratedPort port 80
> # access arc
> acl all src 0.0.0.0/0.0.0.0
> no_cache allow all
> # Allow requests when they are to the accelerated machine AND to the
> # right port with right protocol
> 
> # logging
> emulate_httpd_log on
> cache_store_log none
> 
> # manager
> http_access allow all
> 
 On which box/os/version ?
 How much memory ?

 Your cache_mem is very (too?)  high in value;try with 32M

 M.

Re: [squid-users] firewall and squid

[Marc Elsen]

Fritz Mesedilla wrote:
> 
> Hello! I'm quite new here.
> 
> Would it be possible for me to have squid and a firewall on the same server? I'm 
> concerned about security and also on budget.
> 
 
 Theoretically, there is no problem.
 But I would advise agains it, also because of spurious port usage
 of squid when maintaining connections.

 One of the purposes of firewalls, is to control this.

 Also because of traffic generated , it will make the squid box
 'noticable' and prone to attack.

 Therefore our squid is on DMZ, behind firewall

 M.

Re: [squid-users] implementing delay_pools

[Marc Elsen]

Suryaman Maharjan wrote:
> 
> hi !
> I am new to squid and using squid-2.3.STABLE4-1 rpm as proxy server for my
> LAN. I am implementing delay_pools to limit bandwidth of some hosts in LAN
> which are found to consume lot of bandwidths.
> I have read in FAQ that the squid need to be re-compiled. Plese help me
> how it is to be done.
> 
> surya
 
   You will need :

--enable-delay-pools

   during the configure stage of squid.

  See the file 'INSTALL' as how to compile/install squid.

  Your mentioned squid is version is >very< old. Advising to use
  the latest STABLE release.

  M.

-- 

 'Love is truth without any future.
 (M.E. 1997)

Re: [squid-users] exited on signal 6

[Marc Elsen]

Kenneth Oncinian wrote:
> 
> Hi All,
> 
> I cant start squid using /usr/local/squid/sbin/squid to start as daemon mode,
> if I will start it that way, signal 6 error occur:
> 
> Squid Parent: child process 1761 started
> Squid Parent: child process 1761 exited due to signal 6
> Squid Parent: child process 1764 started
> Squid Parent: child process 1764 exited due to signal 6
> 
> The only way I can start squid is by using /usr/local/sbin/squid -d1NC -D & to
> detach to the terminal.
> 
> Im using  squid-2.5.STABLE1 running on Slackware 9 Linux.

  Hints : - make sure that none of your log files are too big (>2Gig)
  - Try with the latest stabke release (2.5S3).

  M.

> 
> Thanks and best regards,
> Kenneth Oncinian

-- 

 'Love is truth without any future.
 (M.E. 1997)

Re: [squid-users] Can Some Body send me the ACL order

[Marc Elsen]

[EMAIL PROTECTED] wrote:
> 
> Hi all
> 
> I am new to Squid .I want to setup an ACL so that just specific IP can
> access ineternet .
> i tried my self but it seems not working properly. So can some body send me
> an acl.
> I am Thankful in advance
> 
> Maqsood Ahmad

  http://www.squid-cache.org/Doc/FAQ/FAQ-10.html#ss10.2

  M.

-- 

 'Love is truth without any future.
 (M.E. 1997)

Re: [squid-users] squid authentication

[Marc Elsen]

Mehmet Ziya Ozudogru wrote:
> 
> Hi
> When authenticating squid users is there a way to take usernames and
> passwords from windows login information so that browser does not ask
> for username and password and use that ?
> 
> Any hints will be appreciated...

 This is a FAQ...
 
 M.

-- 

 'Love is truth without any future.
 (M.E. 1997)

Re: [squid-users] checking link availability

[Marc Elsen]

aqil wrote:
> 
> I want squid to detect whether the internet link is avaliable or not.
> And then of course, if not available, have squid to inform people that the problem is
> coming from our ISP, not from squid nor anything else.
> 
> What comes to mind is to ping to our ISP's router (or DNS server, as
> this morning squid returned ERR_DNS_FAIL when the link from ISP was
> down) and then pass the result to squid...
> 
> Is it possible that squid can can interpret the ping result ? How ?
 
 Basically, Squid is a network application.
 It doesn't deal  with or control these lower level networking issues.
 
 M.

Re: [squid-users] The Squid Cache (version 2.5.STABLE3-20030709) died.

[Marc Elsen]

e wrote:
> 
> Hi,
> 
> After three or four days installed Squid 2.5.STABLE3, I've got following
> message. but server was running OK.
> Has any one had same experience? what is this all about?
> 
> ==
> You've encountered a fatal error in the Squid Cache version
> 2.5.STABLE3-20030709.
> If a core file was created (possibly in the swap directory),
> please execute 'gdb squid core' or 'dbx squid core', then type 'where',
> and report the trace back to [EMAIL PROTECTED]
> 
 
 Check cache.log, you may find more info in there.

 M.

Re: [squid-users] no HIT ?

[Marc Elsen]

Rully Budisatya wrote:
> 
> Hi,
> 
> I probably did something wrong with my squid.
> The proxy seems to have no 'HIT' whatsoever, it continues to give me only
> MISSES.
> Can somebody tell me what happened ?

 Depending on methodologies used (aka browser reload) ,this may leed
 to this unwanted (averse) effect when testing your proxy.

 Make sure also  objects accessed are cacheable using e.g. :

  http://www.ircache.net/cgi-bin/cacheability.py

 (include squid version and platform (version), can be usefull).

 M.


 
> 
> Thanks.
> ...
> Rully

-- 

 'Love is truth without any future.
 (M.E. 1997)

Re: [squid-users] kernel: file: table is full

[Marc Elsen]

Adam Clark wrote:
> 
> I'm running squid-2.5.STABLE3 on FreeBSD 5.1 for home use
> so not a large load on it.
> 
> I used to run the same setup on FreeBSD 4.8 with no troubles.
> This seems to be a reocurring problem that I have only had
> with freebsd 5.1
> it seems to go ok for about 3 weeks,
> killing squid and restarting it fixes the problem, except I cant
> ssh to the box coz the file table it full
> 
> Jul 13 00:36:59 milkrun kernel: file: table is full
> Jul 13 00:36:59 milkrun last message repeated 3066 times
> 
> I have followed the freebsd section for SysV stuff at
> http://www.squid-cache.org/Doc/FAQ/FAQ-22.html
> 
> I'e seent this problem dotted around with no solution
> 
 
  http://mail.os.org.za/pipermail/freebsd/2001-September/007476.html

 M.

Re: [squid-users] 2003/08/13 08:20:21| httpAccept: FD 15: accept failure: (24) Too many open files

[Marc Elsen]

Brian Hechinger wrote:
> 
> i get a TON of these.  had to restart squid.  is this related to my other issue
> with Resource temporarily unavailable?  is this the solaris ufs thing biting me
> in the you know what?
> 
> if it's the UFS issue, i can drop VxFS on there to fix it, if it's the other
> thing, it might be time to port the SiteMinder patch to STABLE3
> 
 
 Check your kernel config; you will need to increase the max. open
 files limit.
 
 M.

Re: [squid-users] newbie on squid-cache

[Marc Elsen]

aqil wrote:
> 
> Pada 13-Aug-2003, franklin LECOINTRE menulis:
> > Hello,
> > it's the first time I'm configuring squid and I have a little question about
> > ACL.
> > I would like to deny http_access to my users to web sites containing words
> > in the url like SEX YOUNG ... everything that is not in relation with the
> > work.
> > I have found the way to deny http_access to some sites giving th explicit
> > URL, but how can I do the deny access to URL in witch I can found some words
> > ?
> 
> Je crois que tu as besoin de squidguard ou dansguardian...
> 
> Moi ici, j'y travailles et est en train d'essayer faire marcher
> SquidGuard..

 Please use English on the list.

 Thx a lot.

 M.


-- 

 'Love is truth without any future.
 (M.E. 1997)

Re: [squid-users] VERY URGENT! failed to open swap log

[Marc Elsen]

"Philippe Dhont (Sea-ro)" wrote:
> 
> hi,
> 
> Yesterday i added a computer in my squid script for access, no big deal but
> since then my squid stops when i start it:
> 
 Can you elaborate : 'script for access' what do you mean by this ?
 What do you want to do ?
 Show the script (e.g.) ?

> squid parent: child process 7938 started
> storediropentmpswaplog: failed to open swap log

  Which command are you using to start squid ?

> 
> and this for a few times!
> how is this possible ?

  Which version of squid are you using ?
  On which platform/os/version ?

 M.

> 
> greetz!
> /philippe

-- 

 'Love is truth without any future.
 (M.E. 1997)

Re: [squid-users] Compile error: squid-2.5.STABLE3-20030806

[Marc Elsen]

Marc-Christian Petersen wrote:
> 
> Hi developers,
> 
> I'm getting compile errors when I specify extra CFLAGS options like this:
> Previous squid versions and snapshots worked pretty well with extra CFLAGS.
> 
> ...-c -o aufs/async_io.o `test -f aufs/async_io.c || echo './'`aufs/async_io.c
> aufs/aiops.c:36:2: #error "_REENTRANT MUST be defined to build squid async io
> support."
> make[4]: *** [aufs/aiops.o] Error 1
> make[4]: *** Waiting for unfinished jobs
> make[4]: Leaving directory `/opt/squid/src/squid-2.5.STABLE3-20030806/src/fs'
> make[3]: *** [all-recursive] Error 1
> make[3]: Leaving directory `/opt/squid/src/squid-2.5.STABLE3-20030806/src/fs'
> make[2]: *** [all-recursive] Error 1
> make[2]: Leaving directory `/opt/squid/src/squid-2.5.STABLE3-20030806/src'
> make[1]: *** [all] Error 2
> make[1]: Leaving directory `/opt/squid/src/squid-2.5.STABLE3-20030806/src'
> make: *** [all-recursive] Error 1

 Whilst I don't have the solution, for this type of errors
 you may also want to specify :

 Platform/os/version ?

 Compiler & version ?

 M.

> 
> --
> ciao, Marc

-- 

 'Love is truth without any future.
 (M.E. 1997)

Re: [squid-users] OS browser logging

[Marc Elsen]

Colin wrote:
> 
> Hi,
> 
> I installed Squid as a reverse proxy, it is important=20
> for me and my clients to log the client browser and OS
> (sent in the http header) like in apache. Is this possible=20
> in squid? if not will this feature be included in future versions?=20
> Is there a program which kan run with squid to log requests
> with OS and browser name?
> 
> Many thanks in advance,

 Configure squid with :


   --enable-useragent-log


 M.

> 
> Colin

-- 

 'Love is truth without any future.
 (M.E. 1997)

Re: [squid-users] Authneticating Windows NT/2000 users with squid

[Marc Elsen]

[EMAIL PROTECTED] wrote:
> 
> Hi all
> 
> How can I authenticate windows NT/2000 domain users with squid.Can squid be
> integrated to use Windows Authentication.
> Any suggesstions /solutions.
 
 Check the Squid FAQ.

 M.