Re: [squid-users] users bypassing rules.. Help!?
Roland Roland schrieb: Hello, for a while now.. almost 3 weeks I've been using an ACL tht matches a specific file content with url_regex in this file there's facebook, and a few other sites that I don't want users to access. users have found a way to bypass these restrictions by using online sites that supports such a thing.. like using google translate service to translate sites which by default would be blocked.. or simply using other online websites that masks such a usage... anyone has a better way for me to block such sites? thanks in advance, Roland Hi Roland, use squidguard for this purpose : http://www.squidguard.org/ Regards from Germany, Philipp
Re: [squid-users] Blocked Domains help :(
IBT schrieb: Hi, I am still working on this strange error with my groups and permissions. I think I found something. now i just have to work out how to resolve it... 2009/05/25 18:08:02| logfileClose: closing log c:/squid/var/logs/store.log 2009/05/25 18:08:02| logfileClose: closing log c:/squid/var/logs/access.log 2009/05/25 18:08:02| Squid Cache (Version 2.7.STABLE6): Exiting normally. 2009/05/25 18:08:02| Starting Squid Cache version 2.7.STABLE6 for i686-pc-winnt... 2009/05/25 18:08:02| Running as Squid Windows System Service on Windows Server 2003 2009/05/25 18:08:02| Service command line is: 2009/05/25 18:08:02| Process ID 3228 2009/05/25 18:08:02| With 2048 file descriptors available 2009/05/25 18:08:02| With 2048 CRT stdio descriptors available 2009/05/25 18:08:02| Windows sockets initialized 2009/05/25 18:08:02| Using select for the IO loop 2009/05/25 18:08:02| Performing DNS Tests... 2009/05/25 18:08:02| Successful DNS name lookup tests... 2009/05/25 18:08:02| DNS Socket created at 0.0.0.0, port 2544, FD 5 2009/05/25 18:08:02| Adding nameserver 192.168.2.3 from squid.conf 2009/05/25 18:08:02| Adding nameserver 192.168.2.1 from squid.conf 2009/05/25 18:08:02| helperStatefulOpenServers: Starting 5 'mswin_negotiate_auth.exe' processes 2009/05/25 18:08:02| helperOpenServers: Starting 5 'mswin_check_lm_group.exe' processes 2009/05/25 18:08:02| User-Agent logging is disabled. 2009/05/25 18:08:02| Referer logging is disabled. 2009/05/25 18:08:02| logfileOpen: opening log c:/squid/var/logs/access.log 2009/05/25 18:08:02| Unlinkd pipe opened on FD 48 2009/05/25 18:08:02| Swap maxSize 1024000 + 32768 KB, estimated 0 objects 2009/05/25 18:08:02| Target number of buckets: 4064 2009/05/25 18:08:02| Using 8192 Store buckets 2009/05/25 18:08:02| Max Mem size: 32768 KB 2009/05/25 18:08:02| Max Swap size: 1024000 KB 2009/05/25 18:08:02| Local cache digest enabled; rebuild/rewrite every 3600/3600 sec 2009/05/25 18:08:02| logfileOpen: opening log c:/squid/var/logs/store.log 2009/05/25 18:08:02| Rebuilding storage in c:/squid/var/cache (CLEAN) 2009/05/25 18:08:02| Using Least Load store dir selection 2009/05/25 18:08:02| Current Directory is C:\squid\sbin 2009/05/25 18:08:02| Loaded Icons. 2009/05/25 18:08:02| Accepting proxy HTTP connections at 0.0.0.0, port 8085, FD 54. 2009/05/25 18:08:02| Accepting ICP messages at 0.0.0.0, port 3130, FD 55. 2009/05/25 18:08:02| Accepting HTCP messages on port 4827, FD 56. 2009/05/25 18:08:02| Accepting SNMP messages on port 3401, FD 57. 2009/05/25 18:08:02| Ready to serve requests. 2009/05/25 18:08:02| Store rebuilding is 5.5% complete 2009/05/25 18:08:03| Done reading c:/squid/var/cache swaplog (74365 entries) 2009/05/25 18:08:03| Finished rebuilding storage from disk. 2009/05/25 18:08:03| 74365 Entries scanned 2009/05/25 18:08:03| 0 Invalid entries. 2009/05/25 18:08:03| 0 With invalid flags. 2009/05/25 18:08:03| 74365 Objects loaded. 2009/05/25 18:08:03| 0 Objects expired. 2009/05/25 18:08:03| 0 Objects cancelled. 2009/05/25 18:08:03| 0 Duplicate URLs purged. 2009/05/25 18:08:03| 0 Swapfile clashes avoided. 2009/05/25 18:08:03| Took 0.5 seconds (140047.1 objects/sec). 2009/05/25 18:08:03| Beginning Validation Procedure 2009/05/25 18:08:03| Completed Validation Procedure 2009/05/25 18:08:03| Validated 74365 Entries 2009/05/25 18:08:03| store_swap_size = 921584k 2009/05/25 18:08:03| storeLateRelease: released 0 objects /mswin_check_lm_group.exe NetUserGetGroups() failed.' /mswin_check_lm_group.exe NetUserGetGroups() failed.' /mswin_check_lm_group.exe NetUserGetGroups() failed.' how do i fix this mswin check error. I guess that is where all the problems lay. :) Did you specify the command line like the ones here: Squid [for Windows] doesn't know how to run external helpers based on scripts, like .bat, .cmd, .vbs, .pl, etc. So in squid.conf the interpreter path must be always specified, for example: redirect_program c:/perl/bin/perl.exe c:/squid/libexec/redir.pl redirect_program c:/winnt/system32/cmd.exe /C c:/squid/libexec/redir.cmd Have a look here: http://squid.acmeconsulting.it/ HTH, Philipp Rusch www.newvision-it.de
[squid-users] Squid, firewall in Suse 9.1
vaisakh schrieb: Hi all, Im working as a system/network admin. We are using suse9.1 for fetchmail. its working fine. now thw management wants to make the linux box as our firewall and proxy. i am not aware about Linux. basically im an MCSE...is any body pls help me to do this.now the ADSl is connected directly to the switch and linux box on the same switchhow to change the setup...pls help me...its urgent...how to configure thispls give me in details thanks and regards Vaisakh vaisakhm...@yahoo.com Hi Vaisakh, I will try to help you, I assume your ADSL-whatever thingy has an ethernet-interface. We need to know your IP-configuration, if you like, you can give details with private mail. First thing you need is a second ethernet interface for your linux-box, otherwise it would be senseless to setup a firewall on the box, since the ADSL would stay connected with all the rest of your LAN. Second, you will have to assign another IP-network to that second ethernet interface, let'say this is your external connection from now on. SuSE-Linux assigns names like eth0 ,eth1 and so on for its physical ethernet interfaces. So from now on you have a two interface firewall box with eth0 as your internal and eth1 as your external interface. The external zone which comprises your ADSL-device and the eth1 interface can be connected by a ethernet crossover cable. If you don't have one, try an ordinary LAN- patchcable, sometimes the ADSL boxes are smart enough to recognize the correct pinout for themselves. The internal eth0 interface is now the only connection to and from the outside of the LAN, this cable goes to your switch. The ADSL has no longer any connection to the switch. So, enough for this first things to do, it's up to you now. BTW, where are you from ? Regards from Germany - Philipp
Re: [squid-users] SquidGuard Replacement
Thomas Raef schrieb: How do you figure that ufdb Guard is sub-optimal? Yes you can use shalla lists with this. I suggest you contact the owner and discuss your needs with him. He reads this list so I think he'll be available. Thomas J. Raef www.ebasedsecurity.com http://www.ebasedsecurity.com You're either hardened, or you're hacked! *From:* Philipp Rusch - New Vision IT [mailto:philipp.ru...@newvision-it.de] *Sent:* Wed 1/7/2009 1:12 PM *To:* squid-users@squid-cache.org *Subject:* Re: [squid-users] SquidGuard Replacement Joseph L. Casale schrieb: I switched to ufdbguard and have been real pleased with it's performance and support. Thomas, Do I understand this right, the software is free but the db is not? Can one use shalla lists with this software? Thanks! jlc Joseph, I wasn't able to access the systems with the SG-config today. So let's solve your problem with SG tomorrow instead of hunting for a suboptimal solution. Did you try to post your prob to Shalla / Christine Kronberg ? She is usually a great help. CU, Philipp Thomas, I did not say that ufdbguard is a suboptimal solution. ALL I wanted to express with my mail was, that Joseph's search for a solution was leading to a somewhat suboptimal setup. He already had everything in place and encountered some problems, so I advised him to search for the reasons of that problem and solve them instaed of replacing components on a trial and error basis. And despite the possible second meaning of my original posting, I really wasn't trying to offend somebody. AND, btw, please keep in mind that english is not my mother's tongue. Regards from Germany, Philipp in his setup
Re: [squid-users] SquidGuard Replacement
Joseph L. Casale schrieb: I switched to ufdbguard and have been real pleased with it's performance and support. Thomas, Do I understand this right, the software is free but the db is not? Can one use shalla lists with this software? Thanks! jlc Joseph, I wasn't able to access the systems with the SG-config today. So let's solve your problem with SG tomorrow instead of hunting for a suboptimal solution. Did you try to post your prob to Shalla / Christine Kronberg ? She is usually a great help. CU, Philipp
Re: [squid-users] SquidGuard Replacement
Joseph L. Casale schrieb: When logging in to MS Technet, I get this: ERROR The requested URL could not be retrieved The following error was encountered while trying to retrieve the URL: http:443 Unable to determine IP address from host name The DNS server returned: Name Error: The domain name does not exist.This means that the cache was not able to resolve the hostname presented in the URL. Check if the address is correct. Your cache administrator is root. Generated Tue, 06 Jan 2009 19:12:01 GMT by dev.activenetwerx.int (squid/3.0.STABLE9) What does http:443 mean? This is only a problem when squidGuard is enabled? The url that it tanked on is: https://login.live.com/login.srf?wa=wsignin1.0rpsnv=10ct=1231267843rver=5.5.4177.0wp=MCMBIwlcxt=technet%24technet%24technetwreply=https%3a%2f%2ftechnet.microsoft.com%2fen-ca%2fsubscriptions%2fmanage%2fbb980931.aspxlc=1033id=254354cru=http%3a%2f%2ftechnet.microsoft.com%2fen-ca%2fsubscriptions%2fdefault.aspx Why would it work without squidGuard? I am seeming to have a lot of problems with squidGuard, anyone got a reco on a replacement? Thanks! jlc Hello Joseph, I'm using Squid3STABLE9 and SquidGuard 1.3 on three openSUSE10.3 boxes and tested the URL you gave us above without hanving any problems to access the TechNet site. So this must be something with your specific setup. What's the version of SG are you using ? Maybe you can post your problem to http://www.squidguard.org/mailinglist.html Regards, - Philipp
Re: [squid-users] Re: cached MS updates !
Richard Neville schrieb: Henrik Nordstrom henrik at henriknordstrom.net writes: On mån, 2008-06-16 at 08:16 -0700, pokeman wrote: thanks henrik for you reply any other way to save bandwidth windows updates almost use 30% of my entire bandwidth Microsoft has a update server you can run locally. But you need to have some control over the clients to make them use this instead of windows update... Or you could look into sponsoring some Squid developer to add caching of partial objects with the goal of allowing http access to windows update to be cached. (the versions using https can not be done much about...) Regards Henrik Hi, Just thought id let you know, I currently am using an IPCop Firewall, and one of the plugins (the reason i went with IPCOP) is an update accelerator plugin, that stores Windows, Apple, Symmantec, Avast and linux updates on the firewalls drive.. I actually found this site because i was trying to get help, and the developer of the plugin seems cranky at the best of times. Basically the system works, updates that a PC doesnt have gets loaded from the firewall rather then the internet, but the updates themselves, it seems that MS use multiple servers to store each update, now when I update a SP2 XP pro system, it sees SP3, it downloaded a 850meg file, thats fine, it must be multilanguage versions that its downloading.. the problem is that i update another SP2 system and it starts downloading the 850 megs again as its got the same file name, but comming from a different server. would anyone here know how to rectify this? im a 100% noob at linux but i have managed to get it up and running without too much issue. here's the plugin website for those interested. http://update-accelerator.advproxy.net/ any help would be appreciated :) planetx...@gmail.com Why don't use the way Hendrik already recommended ? I'd use Microsoft WSUS, its free and easy to setup. And it will manage all these issues you have automagically. HTH, Philipp
Re: [squid-users] cached MS updates !
Richard Neville schrieb: Hi Phillip, the issue is: I run a computer repair business, the pcs that are comming in needed updates have various network configurations, as far as I'm aware, WSUS is good if you have existing set PC list that you configure to look at your server for updates, as I'm always getting different systems, I thought a fully transparent system would be best Thanks for the email! Happy christmas! Sent from my iPhone On 21/12/2008, at 10:42 PM, Philipp Rusch - New Vision IT philipp.ru...@newvision-it.de mailto:philipp.ru...@newvision-it.de wrote: Richard Neville schrieb: Henrik Nordstrom henrik at henriknordstrom.net writes: On mån, 2008-06-16 at 08:16 -0700, pokeman wrote: thanks henrik for you reply any other way to save bandwidth windows updates almost use 30% of my entire bandwidth Microsoft has a update server you can run locally. But you need to have some control over the clients to make them use this instead of windows update... Or you could look into sponsoring some Squid developer to add caching of partial objects with the goal of allowing http access to windows update to be cached. (the versions using https can not be done much about...) Regards Henrik Hi, Just thought id let you know, I currently am using an IPCop Firewall, and one of the plugins (the reason i went with IPCOP) is an update accelerator plugin, that stores Windows, Apple, Symmantec, Avast and linux updates on the firewalls drive.. I actually found this site because i was trying to get help, and the developer of the plugin seems cranky at the best of times. Basically the system works, updates that a PC doesnt have gets loaded from the firewall rather then the internet, but the updates themselves, it seems that MS use multiple servers to store each update, now when I update a SP2 XP pro system, it sees SP3, it downloaded a 850meg file, thats fine, it must be multilanguage versions that its downloading.. the problem is that i update another SP2 system and it starts downloading the 850 megs again as its got the same file name, but comming from a different server. would anyone here know how to rectify this? im a 100% noob at linux but i have managed to get it up and running without too much issue. here's the plugin website for those interested. http://update-accelerator.advproxy.net/ any help would be appreciated :) planetx...@gmail.com mailto:planetx...@gmail.com Why don't use the way Hendrik already recommended ? I'd use Microsoft WSUS, its free and easy to setup. And it will manage all these issues you have automagically. HTH, Philipp Richard, ok - I see and I understand your point of view. But still, I would suggest something like the c't offline updater then: http://www.heise.de/software/download/ct_offline_update/38170 (there is also an english version of this around ...) This is far less complicated than Olegs solution and saves a lot of bandwidth while being perfetctly suited for your various systems needs. You just start the script and it does the rest from a local cache. Happy christmas to you , too! HTH, Philipp from Germany
Re: [squid-users] Insert Header or Footer into retrieved pages?
Alex Rousskov schrieb: On Wed, 2008-09-24 at 10:26 -0700, Rodre Ghorashi-Zadeh wrote: Does anyone know where I can get the reference icap server mentioned here: http://wiki.squid-cache.org/Features/ICAP with a 404 URL of http://www.icap-forum.org/spec/icap-server10.tar.gz ? Tried the Internet Archive? If you cannot find it anywhere, please let me know and I will try to dig up a copy. I do not know whether I have one though. Can someone offer up a different solution to just inject a simple html header into the pages returned via the squid proxy? You can also wait for eCAP work to be completed. I am supposed to commit the missing bits by September 29. HTH, Alex. Hello Rodre, http://www.icap-forum.org/documents/other/icap-server10.zip they changed the URL ... to Alex: that is great news about eCAP, we appreciate your work ! Regards from Germany, Philipp Rusch
Re: [squid-users] Squid requirements
Adrian Chadd schrieb: What we're really missing is a bunch of hardware x, config y, testing z, results a, b, c. TMF used to have some stuff up for older hardware but there's just nothing recent to use as a measuring stick.. Adrian 2008/7/16 Chris Robertson [EMAIL PROTECTED]: Luis Daniel Lucio Quiroz wrote: HI folks I already know that there is not a recipe for squid. But I wonder if anyone knows an official document that lists squid requirements. Regards, LD That's a bit like asking What kind of a car should I get?. You need to give some details of the expected workload. In general, get a higher clocked CPU, as much RAM and as many drives as you can afford, and use regex based ACLs sparingly. Chris OK - then let's start collecting some numbers with more recent hardware: we have a Squid 3 stable 5 on a opensuse 10.3 running on following system for about 100 users with adequate response times: IBM xSeries 3250 M2 1x Intel Core 2 Duo E4600 2.4 Ghz/800 MHz (2 MB L2 cache) 3 GB PC2-5300 CL5 ECC DDR2 SDRAM DIMM 2x 250 GB SATA hard drive as a mirror configuration This system is doing virus-scanning with ICAP-enabled Squid through KAV 5.5 Kaspersky AntiVirus for Internet Gateways AND it is doing web-content filtering with SquidGuard 1.3 AND it is doing NTLM AUTH against the internal W2k3-ADS-domain Best regards, -- Mit freundlichen Grüßen, Philipp Rusch