[squid-users] has this changed?

2003-07-30 Thread Raymond Norton 
I am trying to set up user authentication on my redhat 9.0 box using squid 
2.5.stable1-2
with the following:

auth_param basic program /usr/bin/ncsa_auth /usr/etc/passwd
acl password proxy_auth REQUIRED
http_access allow password

squid starts up, but does not utilize the added lines. When trying to stop squid
I get the following error:


[EMAIL PROTECTED] squid]# service squid start
Starting squid: .. [  OK  ]
[EMAIL PROTECTED] squid]# service squid stop
Stopping squid: 2003/07/30 14:32:36| aclParseAclLine: IGNORING: Proxy Auth ACL ''
because no authentication schemes are fully configured.
2003/07/30 14:32:36| aclParseAclLine: IGNORING invalid ACL: acl password proxy_auth
REQUIRED
2003/07/30 14:32:36| squid.conf line 1746: http_access allow password
2003/07/30 14:32:36| aclParseAccessLine: ACL name 'password' not found.
2003/07/30 14:32:36| squid.conf line 1746: http_access allow password
2003/07/30 14:32:36| aclParseAccessLine: Access line contains no ACL's, skipping


Any idea how to fix this?

Re: [squid-users] has this changed?

2003-07-31 Thread Raymond Norton 

> There is more "auth_param basic" parameters you need to set. See
> squid.conf.default.
>
> Regards
> Henrik

Using squid-2.5.STABLE1-2

After reading squid.conf.default I have added the following to my squid.conf
file in hopes of getting proxy_auth to work:

auth_param basic program /usr/etc/passwd

auth_param basic children 5

auth_param basic realm Squid proxy-caching web server

auth_param basic credentialsttl 2 hours





when starting squid I get the following error:



[EMAIL PROTECTED] squid]# service squid start

init_cache_dir /var/log/cache... /etc/init.d/squid: line 162: 13172 Aborted
$SQUID -z -F -D 2>/dev/null

Starting squid:

 [FAILED]





I haave set this up on older versions of squid without hardly any trouble,
but I am not sure what I am doing wrong here. Any help would be very much
appreciated.

[squid-users] initial connection to some sites slooowww

2003-08-02 Thread Raymond Norton 
If I bypass squid my web browsing is pretty fast. I have found mixed results
though when running through squid (on a redhat 9.0 box). Some sites come up
just as fast, others can take up 30 seconds for  a site to appear. It
doesn't seem to matter if I have been to the site before or not. Once I am
at a new site the remaining links on their index page come up as expected
for speed. I have changed a few settings after looking at some previous
posts, but nothing seems to resolve the problem.


Any ideas?




Raymond Norton

---

Wisdom is justified by her children.

--- Jesus

[squid-users] connection failed error

2005-09-12 Thread Raymond Norton 
I am helping a friend who has a new squid install with a basic squid.conf.
While trying to login to hotmail with the following url:

https://loginnet.passport.com/ppsecure/post.srf?, etc...

I get the hotmail login box, but upon submission it returns a squid error
page:

While trying to retrieve the URL: loginnet.passport.com:443
The following error was encountered:
Connection Failed
The system returned:
(111) Connection refused


What do I need to change to get this to work properly?


Raymond

Re: [squid-users] connection failed error

2005-09-13 Thread Raymond Norton 

>Is there some Firewall between the squid box and the outside Internet
> world ?
>
>M.
>


Yes, on the same box he has a shorewall install, but as far as I can tell
he has port 443 open from the net to the firewall, and vice versa. I don't
understand why the error indicates http and not https.

[squid-users] multiple requests to authenticate

2004-05-06 Thread Raymond Norton 
We run squid with ncsa_auth on a number of IPCop boxes with dansguardian
installed. Normally, when a user logs in they do not need to authenticate
again unless they open another browser window. I am getting complaints from
one school that they are being asked to reauthenticate multiple times per
session now. Is there something I can add to my squid.conf that will
eliminate this? As long as I'm at it I would like to modify my config (if
possible), so users only need to login once per session, no matter how many
windows they have open.




Raymond Norton
LCTN
[EMAIL PROTECTED]


To Infinity and beyond!

--Buzz Lightyear

Re: [squid-users] filtering solution

2004-06-28 Thread Raymond Norton 

>> Could you guys point me in a direction please?   I've loaded
>> dansguardian,
>> but see no way to let them turn the filter off for say 30 minutes if
>> they
>> desire.
>>


You could install ssh for win32 and create a script that would replace the
Dansguardian exceptioniplist file with one containing the IP of the PC
that you want to turn filtering off. This would force a username /
password to make the change. You could have a second script that changes
things back. Just for good measure you could create a cron job fire off
every hour or so that copies the original exceptionlist file back, in case
the user forgets to do it manually.

[squid-users] TCP_Denied

2003-09-12 Thread Raymond Norton 
I am trying to connect to a secure site, but keep getting the following
error. Being a novice with squid I am not sure what to change. Can anyone
help me with this?



1063418371.130 1 172.21.0.1 TCP_DENIED/407 1300 CONNECT map.nwea.org:443 -
NONE/- -





acl all src 0.0.0.0/0.0.0.0

acl localhost src 127.0.0.1/255.255.255.255

acl localnet src 172.21.0.0/255.255.0.0

acl SSL_ports port 443 563

acl Safe_ports port 80 # http

acl Safe_ports port 21 # ftp

acl Safe_ports port 443 563 # https, snews

acl Safe_ports port 70 # gopher

acl Safe_ports port 210 # wais

acl Safe_ports port 1025-65535 # unregistered ports

acl Safe_ports port 280 # http-mgmt

acl Safe_ports port 488 # gss-http

acl Safe_ports port 591 # filemaker

acl Safe_ports port 777 # multiling http

acl Safe_ports port 800 # Squids port (for icons)

acl Safe_ports port 1433 # skyward

acl Safe_ports port 16125 # skyward

acl Safe_ports port 26125 # skyward

acl Safe_ports port 16126 # ns1

acl Safe_ports port 36125 # extra

acl Safe_ports port 46125 # fintrain

acl Safe_ports port 56125 # stutrain

acl Safe_ports port 81 # ipcop

# acl CONNECT method CONNECT

# http_access allow localhost

http_access allow !Safe_ports

# http_access allow CONNECT !SSL_ports

# http_access allow localnet

http_access allow password

always_direct allow local-servers

http_access deny all

maximum_object_size 4096 KB

minimum_object_size 0 KB

cache_mem 2000 KB

cache_dir ufs /var/log/cache 50 16 256

request_body_max_size 0 KB

reply_body_max_size 0 KB

Re: [squid-users] TCP_Denied

2003-09-12 Thread Raymond Norton 
This is in an IPCop box. Very simple config. Here is the whole thing.

shutdown_lifetime 5 seconds

icp_port 0

http_port 172.21.0.1:800

acl QUERY urlpath_regex cgi-bin \?

no_cache deny QUERY

cache_effective_user squid

cache_effective_group squid

pid_filename /var/run/squid.pid

cache_access_log /var/log/squid/access.log

cache_log /var/log/squid/cache.log

cache_store_log /var/log/squid/store.log

log_mime_hdrs off

forwarded_for off

authenticate_program /usr/lib/squid/ncsa_auth /home/.htpasswd

acl password proxy_auth REQUIRED

acl local-servers dstdomain bbe.k12.mn.us map.nwea.org nwea.org

acl all src 0.0.0.0/0.0.0.0

acl localhost src 127.0.0.1/255.255.255.255

acl localnet src 172.21.0.0/255.255.0.0

acl SSL_ports port 443 563

acl Safe_ports port 80 # http

acl Safe_ports port 21 # ftp

acl Safe_ports port 443 563 # https, snews

acl Safe_ports port 70 # gopher

acl Safe_ports port 210 # wais

acl Safe_ports port 1025-65535 # unregistered ports

acl Safe_ports port 280 # http-mgmt

acl Safe_ports port 488 # gss-http

acl Safe_ports port 591 # filemaker

acl Safe_ports port 777 # multiling http

acl Safe_ports port 800 # Squids port (for icons)

acl Safe_ports port 1433 # skyward

acl Safe_ports port 16125 # skyward

acl Safe_ports port 26125 # skyward

acl Safe_ports port 16126 # ns1

acl Safe_ports port 36125 # extra

acl Safe_ports port 46125 # fintrain

acl Safe_ports port 56125 # stutrain

acl Safe_ports port 81 # ipcop

# acl CONNECT method CONNECT

# http_access allow localhost

http_access allow !Safe_ports

# http_access allow CONNECT !SSL_ports

# http_access allow localnet

http_access allow password

always_direct allow local-servers

http_access deny all

maximum_object_size 4096 KB

minimum_object_size 0 KB

cache_mem 2000 KB

cache_dir ufs /var/log/cache 50 16 256

request_body_max_size 0 KB

reply_body_max_size 0 KB





- Original Message - 
From: "Adam Aube" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, September 12, 2003 10:28 PM
Subject: Re: [squid-users] TCP_Denied


> > I am trying to connect to a secure site, but keep getting the following
> > error. Being a novice with squid I am not sure what to change. Can
anyone
> > help me with this?
>
> You didn't send your complete squid.conf (or at least I hope you didn't) -
> there's quite a bit missing.
>
> Post your entire squid.conf, and then maybe we can help you.
>
> Adam
>

Re: [squid-users] TCP_Denied

2003-09-12 Thread Raymond Norton 
>
> > http_access allow !Safe_ports
> > # http_access allow CONNECT !SSL_ports
>
> Make these two lines:
>
> http_access deny !Safe_ports
> http_access deny CONNECT !SSL_ports
>
> This will keep your Squid box from being exploited to do all sorts of
nasty
> things (including spamming).
>
> > acl Safe_ports port 800 # Squids port (for icons)
>


I forgot all the changes I had made because of this problem. I have changed
things back to the original config, icluding your recommendations. Here is
my present config and a tail of  /var/log/squid/access.log. I still get
denied??

1063427751.743 1420 172.21.0.1 TCP_MISS/200 3877 CONNECT map.nwea.org:443
admin DIRECT/66.45.48.119 -

1063427751.767 1032 172.21.0.1 TCP_MISS/200 1016 CONNECT map.nwea.org:443
admin DIRECT/66.45.48.119 -

1063427751.779 423 172.21.0.1 TCP_MISS/200 370 CONNECT map.nwea.org:443
admin DIRECT/66.45.48.119 -

1063427751.835 473 172.21.0.1 TCP_MISS/200 4648 CONNECT map.nwea.org:443
admin DIRECT/66.45.48.119 -

1063427753.229 1 172.21.0.1 TCP_DENIED/407 1457 GET

1063427756.930 5189 172.21.0.1 TCP_MISS/200 370 CONNECT map.nwea.org:443
admin DIRECT/66.45.48.119 -

1063427759.800 8033 172.21.0.1 TCP_MISS/200 370 CONNECT map.nwea.org:443
admin DIRECT/66.45.48.119 -

1063427760.640 8847 172.21.0.1 TCP_MISS/200 370 CONNECT map.nwea.org:443
admin DIRECT/66.45.48.119 -

1063427771.335 1 172.21.0.1 TCP_DENIED/407 1463 GET

1063427771.389 1 172.21.0.1 TCP_DENIED/407 1442

106342.160 25362 172.21.0.1 TCP_MISS/200 369 CONNECT map.nwea.org:443
admin DIRECT/66.45.48.119 -

1063427779.746 1 172.21.0.1 TCP_DENIED/407 1300 CONNECT map.nwea.org:443 -
NONE/- -







shutdown_lifetime 5 seconds

icp_port 0

http_port 172.21.0.1:800

acl QUERY urlpath_regex cgi-bin \?

no_cache deny QUERY

cache_effective_user squid

cache_effective_group squid

pid_filename /var/run/squid.pid

cache_access_log /var/log/squid/access.log

cache_log /var/log/squid/cache.log

cache_store_log /var/log/squid/store.log

log_mime_hdrs off

forwarded_for off

authenticate_program /usr/lib/squid/ncsa_auth /home/.htpasswd

acl password proxy_auth REQUIRED

acl local-servers dstdomain bbe.k12.mn.us map.nwea.org nwea.org

acl all src 0.0.0.0/0.0.0.0

acl localhost src 127.0.0.1/255.255.255.255

acl localnet src 172.21.0.0/255.255.0.0

acl SSL_ports port 443 563

acl Safe_ports port 80 # http

acl Safe_ports port 21 # ftp

acl Safe_ports port 443 563 # https, snews

acl Safe_ports port 70 # gopher

acl Safe_ports port 210 # wais

acl Safe_ports port 1025-65535 # unregistered ports

acl Safe_ports port 280 # http-mgmt

acl Safe_ports port 488 # gss-http

acl Safe_ports port 591 # filemaker

acl Safe_ports port 777 # multiling http

# acl Safe_ports port 800 # Squids port (for icons)

acl Safe_ports port 1433 # skyward

acl Safe_ports port 16125 # skyward

acl Safe_ports port 26125 # skyward

acl Safe_ports port 16126 # ns1

acl Safe_ports port 36125 # extra

acl Safe_ports port 46125 # fintrain

acl Safe_ports port 56125 # stutrain

acl Safe_ports port 81 # ipcop

acl CONNECT method CONNECT

# http_access allow localhost

http_access deny !Safe_ports

http_access deny CONNECT !SSL_ports

# http_access allow localnet

http_access allow password

always_direct allow local-servers

http_access deny all

maximum_object_size 4096 KB

minimum_object_size 0 KB

cache_mem 2000 KB

cache_dir ufs /var/log/cache 50 16 256

request_body_max_size 0 KB

reply_body_max_size 0 KB

Re: [squid-users] TCP_Denied

2003-09-13 Thread Raymond Norton 
>
> > 1063418371.130 1 172.21.0.1 TCP_DENIED/407 1300 CONNECT
map.nwea.org:443 -
> > NONE/- -
>
> This is Squid asking your client program (browser etc) to authenticate.
>
> Regards
> Henrik
>

That is what it seems, but I have no way of passing authentication to the
program. This site uses the link https://map.nwea.org/taa.hta . When I
launch the link I get a download box, which I select "open in current
location"  A program launches specific to this site. At this point I have
authenticated twice to squid. I can move around the site just fine, but
there is a link for uploading records to their file server It looks like it
will work, but then I get the above error, and the following error in the
browser "Error sending request: HTTP 407 returned, etc..". Is there a way to
make an exception for this site in squid? I really need to fix this, ASAP.

Thanks in advance

Re: [squid-users] TCP_Denied

2003-09-13 Thread Raymond Norton 

Thank you everyone.!

I finally got it to work.