[squid-users] squid chroot jail no running copy error
Hello all, I am new to the squid proxy. I do like it allot and it has already been very useful. Problem I have put squid in a chroot jail. I tested the squid configuration and function prior to building the chroot volume. every thing seems to work ok logging and chaching. When I try to do a squid -k shutdown or rotate the system tells me that their is no running copy. I did look at the FAQ and did try the solution for 11.43, did not help. squid pid is on the correct volume in the correct place. I was unable to locate anything in the mail archive. Hopefully I am not This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the email by you is prohibited. Este mensaje está para el recipiente señalado solamente y puede contener la información privilegiada, propietaria, o de otra manera privada. Si usted lo ha recibido en error, notifique por favor el remitente inmediatamente y suprima la original. Cualquier otro uso del email de usted se prohíbe. Rick G. Kilgore State of Colorado Department of Revenue IT/CSTARS (DDP/CCR/RWOC) E-Mail: [EMAIL PROTECTED] Phone: (303) 205-5659 Fax: (303) 205-5715
Re: [squid-users] squid chroot jail no running copy error
Version 2.5.STABLE6 Elsen Marc wrote: Hello all, I am new to the squid proxy. I do like it allot and it has already been very useful. Problem I have put squid in a chroot jail. I tested the squid configuration and function prior to building the chroot volume. every thing seems to work ok logging and chaching. When I try to do a squid -k shutdown or rotate the system tells me that their is no running copy. I did look at the FAQ and did try the solution for 11.43, did not help. squid pid is on the correct volume in the correct place. I was unable to locate anything in the mail archive. Hopefully I am not Squid version ? M. -- Hoy es: viernes julio veintedos des miles y cuatro fase del dia > coma esta usted --- how are you This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the email by you is prohibited. Este mensaje está para el recipiente señalado solamente y puede contener la información privilegiada, propietaria, o de otra manera privada. Si usted lo ha recibido en error, notifique por favor el remitente inmediatamente y suprima la original. Cualquier otro uso del email de usted se prohíbe. Rick G. Kilgore State of Colorado Department of Revenue IT/CSTARS (DDP/CCR/RWOC) E-Mail: [EMAIL PROTECTED] Phone: (303) 205-5659 Fax: (303) 205-5715
Re: [squid-users] squid chroot jail no running copy error
I am starting squid via the /etc/rc.d/rc3.d/S99local init file right now. the command in the file is "chroot /wka usr/local/squidSTABLE6/sbin/squid -sD I can see the process running as squid with ps -ef | grep squid. The pid from ps matches the pid in the squid.pid in the logs directory. OS type Fedora core 1. Mohsin Khan wrote: do you run the squid from jail chroot enviroment. ? Do you see the process when you do ps awux. --- "Rick G. Kilgore" <[EMAIL PROTECTED]> wrote: Hello all, I am new to the squid proxy. I do like it allot and it has already been very useful. Problem I have put squid in a chroot jail. I tested the squid configuration and function prior to building the chroot volume. every thing seems to work ok logging and chaching. When I try to do a squid -k shutdown or rotate the system tells me that their is no running copy. I did look at the FAQ and did try the solution for 11.43, did not help. squid pid is on the correct volume in the correct place. I was unable to locate anything in the mail archive. Hopefully I am not This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the email by you is prohibited. Este mensaje esta' para el recipiente sen~alado solamente y puede contener la informacio'n privilegiada, propietaria, o de otra manera privada. Si usted lo ha recibido en error, notifique por favor el remitente inmediatamente y suprima la original. Cualquier otro uso del email de usted se prohi'be. Rick G. Kilgore State of Colorado Department of Revenue IT/CSTARS (DDP/CCR/RWOC) E-Mail: [EMAIL PROTECTED] Phone: (303) 205-5659 Fax: (303) 205-5715 = Regards, Mohsin Khan CCNA ( Cisco Certified Network Associate 2.0 ) http://pk.aaghaz.net Happy is the one who can smile<<< __ Do you Yahoo!? Yahoo! Mail Address AutoComplete - You start. We finish. http://promotions.yahoo.com/new_mail -- Hoy es: viernes julio veintedos des miles y cuatro fase del dia > coma esta usted --- how are you This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the email by you is prohibited. Este mensaje esta' para el recipiente sen~alado solamente y puede contener la informacio'n privilegiada, propietaria, o de otra manera privada. Si usted lo ha recibido en error, notifique por favor el remitente inmediatamente y suprima la original. Cualquier otro uso del email de usted se prohi'be. Rick G. Kilgore State of Colorado Department of Revenue IT/CSTARS (DDP/CCR/RWOC) E-Mail: [EMAIL PROTECTED] Phone: (303) 205-5659 Fax: (303) 205-5715
Re: [squid-users] squid chroot jail no running copy error
That works, would have never thought that this would be necessary. Now I have to know why. on a mission. Thank you for you help and time. Dave Raven wrote: I'm not what you would call a Fedora pro, but I suspect you will need to chroot to the enviroment in order to run the squid -k reconfigure... E.g. chroot /wka usr/local/squidSTABLE6/sbin/squid -k reconfigure ? -Original Message- From: Rick G. Kilgore [mailto:[EMAIL PROTECTED] Sent: 20 August 2004 04:02 PM To: Mohsin Khan Cc: [EMAIL PROTECTED] Subject: Re: [squid-users] squid chroot jail no running copy error I am starting squid via the /etc/rc.d/rc3.d/S99local init file right now. the command in the file is "chroot /wka usr/local/squidSTABLE6/sbin/squid -sD I can see the process running as squid with ps -ef | grep squid. The pid from ps matches the pid in the squid.pid in the logs directory. OS type Fedora core 1. Mohsin Khan wrote: do you run the squid from jail chroot enviroment. ? Do you see the process when you do ps awux. --- "Rick G. Kilgore" <[EMAIL PROTECTED]> wrote: Hello all, I am new to the squid proxy. I do like it allot and it has already been very useful. Problem I have put squid in a chroot jail. I tested the squid configuration and function prior to building the chroot volume. every thing seems to work ok logging and chaching. When I try to do a squid -k shutdown or rotate the system tells me that their is no running copy. I did look at the FAQ and did try the solution for 11.43, did not help. squid pid is on the correct volume in the correct place. I was unable to locate anything in the mail archive. Hopefully I am not This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the email by you is prohibited. Este mensaje esta' para el recipiente sen~alado solamente y puede contener la informacio'n privilegiada, propietaria, o de otra manera privada. Si usted lo ha recibido en error, notifique por favor el remitente inmediatamente y suprima la original. Cualquier otro uso del email de usted se prohi'be. Rick G. Kilgore State of Colorado Department of Revenue IT/CSTARS (DDP/CCR/RWOC) E-Mail: [EMAIL PROTECTED] Phone: (303) 205-5659 Fax: (303) 205-5715 = Regards, Mohsin Khan CCNA ( Cisco Certified Network Associate 2.0 ) http://pk.aaghaz.net Happy is the one who can smile<<< __ Do you Yahoo!? Yahoo! Mail Address AutoComplete - You start. We finish. http://promotions.yahoo.com/new_mail -- Hoy es: viernes julio veintedos des miles y cuatro fase del dia > coma esta usted --- how are you This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the email by you is prohibited. Este mensaje esta' para el recipiente sen~alado solamente y puede contener la informacio'n privilegiada, propietaria, o de otra manera privada. Si usted lo ha recibido en error, notifique por favor el remitente inmediatamente y suprima la original. Cualquier otro uso del email de usted se prohi'be. Rick G. Kilgore State of Colorado Department of Revenue IT/CSTARS (DDP/CCR/RWOC) E-Mail: [EMAIL PROTECTED] Phone: (303) 205-5659 Fax: (303) 205-5715
Re: [squid-users] Block via mac address?
See the FAQ on www.squid-cache.org section 10.20 Rick Whitley wrote: Is it possible to block net access via the mac address of the user? I realize this is an open ended question, I want to know if this is possible with squid? thanks rick... Rom.5:8 -- Hoy es: viernes julio veintedos des miles y cuatro fase del dia > coma esta usted --- how are you This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the email by you is prohibited. Este mensaje esta' para el recipiente sen~alado solamente y puede contener la informacio'n privilegiada, propietaria, o de otra manera privada. Si usted lo ha recibido en error, notifique por favor el remitente inmediatamente y suprima la original. Cualquier otro uso del email de usted se prohi'be. Rick G. Kilgore State of Colorado Department of Revenue IT/CSTARS (DDP/CCR/RWOC) E-Mail: [EMAIL PROTECTED] Phone: (303) 205-5659 Fax: (303) 205-5715
Re: [squid-users] squid chroot jail no running copy error
Manual chroot currently. On Sat, Aug 21, 2004 at 01:01:53AM +0200, Henrik Nordstrom wrote: > > > On Fri, 20 Aug 2004, Rick G. Kilgore wrote: > > > I am new to the squid proxy. I do like it allot and it has already been > > very useful. > > Problem I have put squid in a chroot jail. I tested the squid > > configuration and function prior to building the chroot volume. every > > thing seems to work ok logging and chaching. > > When I try to do a squid -k shutdown or rotate the system tells me that > > their is no running copy. > > Then "squid -k ..." does not find the pid file. > > > Are you doing manual chrooting or using the chroot_dir directive in > squid.conf? > > Regards > Henrik --
Re: [squid-users] squid chroot jail no running copy error
I did try the chroot_directive today. Had trouble finding infomation on sintax. Any way I tried to use it as I would the normal chroot command. After startup squid was logging in old test directory not current prod dir. Is there some place I can get an example of how to set the chroot up for squid. I have the squid binary and the config on a duplicate tree where the chroot jail is. Henrik Nordstrom wrote: On Fri, 20 Aug 2004, Rick G. Kilgore wrote: I'm not what you would call a Fedora pro, but I suspect you will need to chroot to the enviroment in order to run the squid -k reconfigure... E.g. chroot /wka usr/local/squidSTABLE6/sbin/squid -k reconfigure That works, would have never thought that this would be necessary. Now I have to know why. on a mission. Because you chroot:ed Squid when you started it, all paths opened by Squid is relative to the chroot, not the normal system root. If you do not chroot "squid -k ..." in the same manner "squid -k ..." runs in a different environment and won't find the correct paths to either your configuration file or the pid file as it's view is relative to the system root directory, not your chroot. Using the chroot_dir directive in squid.conf is generally adviseable over manual chrooting of Squid. This makes sure paths is always correct and also allows you to keep sensitive information such as the configuration file and Squid binary etc outside of the chroot. Regards Henrik -- Hoy es: viernes julio veintedos des miles y cuatro fase del dia > coma esta usted --- how are you This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the email by you is prohibited. Este mensaje esta' para el recipiente sen~alado solamente y puede contener la informacio'n privilegiada, propietaria, o de otra manera privada. Si usted lo ha recibido en error, notifique por favor el remitente inmediatamente y suprima la original. Cualquier otro uso del email de usted se prohi'be. Rick G. Kilgore State of Colorado Department of Revenue IT/CSTARS (DDP/CCR/RWOC) E-Mail: [EMAIL PROTECTED] Phone: (303) 205-5659 Fax: (303) 205-5715
Re: [squid-users] squid chroot jail no running copy error
I removed the conf and binary from the chroot volume. Left the passwd, hosts, resolv files, and librarys on the chroot volume. Is this correct? Henrik Nordstrom wrote: On Wed, 25 Aug 2004, Rick G. Kilgore wrote: I did try the chroot_directive today. Had trouble finding infomation on sintax. Any way I tried to use it as I would the normal chroot command. chroot_dir /path/to/chroot/directory After startup squid was logging in old test directory not current prod dir. Sounds like it was given the wrong config file, or you are using the wrong binary. Is there some place I can get an example of how to set the chroot up for squid. The same as any other chroot, except that the squid binary and configuration file is left outside the chroot. Regards Henrik -- Hoy es: viernes julio veintedos des miles y cuatro fase del dia > coma esta usted --- how are you This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the email by you is prohibited. Este mensaje esta' para el recipiente sen~alado solamente y puede contener la informacio'n privilegiada, propietaria, o de otra manera privada. Si usted lo ha recibido en error, notifique por favor el remitente inmediatamente y suprima la original. Cualquier otro uso del email de usted se prohi'be. Rick G. Kilgore State of Colorado Department of Revenue IT/CSTARS (DDP/CCR/RWOC) E-Mail: [EMAIL PROTECTED] Phone: (303) 205-5659 Fax: (303) 205-5715
Re: [squid-users] chrooting: why and how?
I was able to leave the squid.conf and executable on my regular volume and use the squid chroot directive to chroot squid (thanks to help from this forum). I did notice that the mime.conf files will need to be on the chroot volume, but you should be able to leave the squid.conf and executable off the chroot volume. Joe Cooper wrote: Boniforti Flavio wrote: Hello all! I noticed that there's the option to "chroot" my squid. Now, which benefits could I get from this configuration? What should I be doing/configuring for getting "chroot" to work in squid? Thank you all again... chrooting Squid gives the same benefits as chrooting any service, namely that if an exploit is discovered in Squid and your Squid gets exploited, the attacker only has access to the contents of the chroot environment. This minimizes the damage an attacker can do to your system, and the data they can get access to. You'll need a mini-system directory where Squid will live...It will include Squid's log directory, the cache partitions, and the configuration file. It will also need to include all of the helper programs that you use, and it might need any shared libraries and system configuration files (like resolve.conf) that Squid relies on (it could be that shared libraries are pulled in before Squid chroots, and so they might not be needed--Henrik wrote the chroot code I think, or at least maintains it now, maybe he'll chime in with clarification). Squid is historically among the more secure network server daemons (thank everyones favorite developers for that), with only a few rapidly corrected exploitable conditions in recent memory, so the feature doesn't get much discussion. But it is a worthwhile process, if your server provides other services or contains data that you take seriously. On a dedicated caching machine, it may be an unnecessary hassle. -- Hoy es: viernes julio veintedos des miles y cuatro fase del dia > coma esta usted --- how are you This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the email by you is prohibited. Este mensaje esta' para el recipiente sen~alado solamente y puede contener la informacio'n privilegiada, propietaria, o de otra manera privada. Si usted lo ha recibido en error, notifique por favor el remitente inmediatamente y suprima la original. Cualquier otro uso del email de usted se prohi'be. Rick G. Kilgore State of Colorado Department of Revenue IT/CSTARS (DDP/CCR/RWOC) E-Mail: [EMAIL PROTECTED] Phone: (303) 205-5659 Fax: (303) 205-5715
Re: [squid-users] chrooting: why and how?
Works just as if it was not chroot jailed at all. Actually with the conf file in the chroot I had more problems accessing external ACL and other oddities. Joe Cooper wrote: Henrik Nordstrom wrote: On Tue, 31 Aug 2004, Joe Cooper wrote: resolve.conf) that Squid relies on (it could be that shared libraries are pulled in before Squid chroots, and so they might not be needed--Henrik wrote the chroot code I think, or at least maintains it now, maybe he'll chime in with clarification). If you use the chroot directive in squid.conf then only logs, cache and a dev/null node is minimally required within the chroot directory structure. It is also a good idea to set up a syslog socket within the chroot (man syslogd). The squid configuration file and any data referenced from there should be outside of the chroot directory, and unless you use any helpers no libraries is required either. Out of curiosity: without squid.conf in the chroot, how does a -k reconfigure work? -- Hoy es: viernes julio veintedos des miles y cuatro fase del dia > coma esta usted --- how are you This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the email by you is prohibited. Este mensaje esta' para el recipiente sen~alado solamente y puede contener la informacio'n privilegiada, propietaria, o de otra manera privada. Si usted lo ha recibido en error, notifique por favor el remitente inmediatamente y suprima la original. Cualquier otro uso del email de usted se prohi'be. Rick G. Kilgore State of Colorado Department of Revenue IT/CSTARS (DDP/CCR/RWOC) E-Mail: [EMAIL PROTECTED] Phone: (303) 205-5659 Fax: (303) 205-5715
Re: [squid-users] filtering malware
I use the brute force method right now until I learn more. Basically we do not allow for any windows executable extensions to be downloaded from the web. We have exceptions such as windows update and that. Has helped me quite a bit with the problem I was having with malware/spyware and other garbage. mailinglists wrote: Hi alltogether I wonder what you do against stuff like coolwebsearch and so on. As it is quite difficult to get rid of this junk it once gets installed on a MS Windows box I wonder whether there would be efficient and effective ways of making squid filter it. How do you guys do that? There surely must exist ways. Thanks for any suggestions Philipp -- Hoy es: viernes julio veintedos des miles y cuatro fase del dia > coma esta usted --- how are you This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the email by you is prohibited. Este mensaje está para el recipiente señalado solamente y puede contener la información privilegiada, propietaria, o de otra manera privada. Si usted lo ha recibido en error, notifique por favor el remitente inmediatamente y suprima la original. Cualquier otro uso del email de usted se prohíbe. Rick G. Kilgore State of Colorado Department of Revenue IT/CSTARS (DDP/CCR/RWOC) E-Mail: [EMAIL PROTECTED] Phone: (303) 205-5659 Fax: (303) 205-5715
[squid-users] Need Ideas
Good Morning All I am very new to squid. I like the product, still a lot of learning to do. I have a problem that may or may not be similar to some one out there and am looking for advice. Problem: We have two networks, One has only one point of ingress and egress which I have autonomous control of. Squid is working well for this network, although does kind of make the uses mad, no free roaming the world downloading a bunch of junk. The second networks, routers and layer three switchs are controled by a higher state network group, much like an ISP with no single point of ingress or egress. The deparment that I am trying to help would like to use squid to finally lock down Internet access due to virus/malware/spyware and just junk slowing machines down. The network is spread across several subnets, buildings ect. The network does use DHCP. Can I use squid as a gateway so to speak. I.E. change the DHCP for the affected subnets to point to an interface on the squid server and allow all traffic through it with the ability to block and filter Internet access. Or is this just a plain bad idea. The section I am working with really does not want to install a large number of squid servers to try and resolve the problem. As allways I appreciate and thank you all for your time and effort. Rick G. Kilgore State of Colorado Department of Revenue IT/CSTARS (DDP/CCR/RWOC) E-Mail: [EMAIL PROTECTED] Phone: (303) 205-5659 Fax: (303) 205-5715
[squid-users] milked.free.fr Porn site block
Hello all, I am having trouble limiting access to milked.free.fr. This is a porn site. I have tried a url_regex statement for this site and the site it resolves to with an nslookup. I have some one who is currently accessing this site, need to block and issue a customized error message stating penalty for accessing porn on our campus Internet connection. -- Hoy es: viernes julio veintedos des miles y cuatro fase del dia > coma esta usted --- how are you This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the email by you is prohibited. Este mensaje está para el recipiente señalado solamente y puede contener la información privilegiada, propietaria, o de otra manera privada. Si usted lo ha recibido en error, notifique por favor el remitente inmediatamente y suprima la original. Cualquier otro uso del email de usted se prohíbe. Rick G. Kilgore State of Colorado Department of Revenue IT/CSTARS (DDP/CCR/RWOC) E-Mail: [EMAIL PROTECTED] Phone: (303) 205-5659 Fax: (303) 205-5715
[squid-users] Need help blocking Porn site
Hello all I have to word this message carefully as my last message was blocked by the mail server as spam. I have a need to limit the following url minus the dots "milked free fr" this site is a pornography site. used a url_regex statement on this site and the site that it resolved to using nslookup. I have an individual that is accessing this site and I need to block it, plus display a customized error message indicating punishment for accessing pornography sites from the campus Internet service. -- Hoy es: viernes julio veintedos des miles y cuatro fase del dia > coma esta usted --- how are you This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the email by you is prohibited. Este mensaje está para el recipiente señalado solamente y puede contener la información privilegiada, propietaria, o de otra manera privada. Si usted lo ha recibido en error, notifique por favor el remitente inmediatamente y suprima la original. Cualquier otro uso del email de usted se prohíbe. Rick G. Kilgore State of Colorado Department of Revenue IT/CSTARS (DDP/CCR/RWOC) E-Mail: [EMAIL PROTECTED] Phone: (303) 205-5659 Fax: (303) 205-5715
Re: [squid-users] Need help blocking Porn site
That is a helper? Where would I get this animal? Mohsin Khan wrote: if you deny all porn the best thing is use squidGuard. --- Muthukumar <[EMAIL PROTECTED]> wrote: I have a need to limit the following url minus the dots "milked free fr" this site is a pornography site. used a url_regex statement on this site and the site that it resolved to using nslookup. Are you saying as *.milked.free.fr url pages, then set an acl as, acl deny_site dstdomain .milked.free.fr I have an individual that is accessing this site and I need to block it, plus display a customized error message indicating punishment for accessing pornography sites from the campus Internet service. We can collect and set acl for indidual for example say, acl individual src / http_access deny individual deny_site deny_info ERR_CUSTOM_ACCESS_DENIED individual deny_site Customized error pages are located source/errors/ directory.. See more TAG of deny_info. Regards, - Muthu. --- === It is a "Virus Free Mail" === Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.756 / Virus Database: 506 - Release Date: 9/8/2004 = Regards, Mohsin Khan CCNA ( Cisco Certified Network Associate 2.0 ) http://forum.aaghaz.net Happy is the one who can smile<<< __ Do you Yahoo!? Yahoo! Mail - 50x more storage than other providers! http://promotions.yahoo.com/new_mail -- Hoy es: viernes julio veintedos des miles y cuatro fase del dia > coma esta usted --- how are you This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the email by you is prohibited. Este mensaje esta' para el recipiente sen~alado solamente y puede contener la informacio'n privilegiada, propietaria, o de otra manera privada. Si usted lo ha recibido en error, notifique por favor el remitente inmediatamente y suprima la original. Cualquier otro uso del email de usted se prohi'be. Rick G. Kilgore State of Colorado Department of Revenue IT/CSTARS (DDP/CCR/RWOC) E-Mail: [EMAIL PROTECTED] Phone: (303) 205-5659 Fax: (303) 205-5715
Re: [squid-users] milked.free.fr Porn site block
Url_regex acl noporn url_regex ^http://milked.free.fr.* http_access deny noporn Christoph Haas wrote: On Fri, Sep 10, 2004 at 08:25:07AM -0600, Rick G. Kilgore wrote: I am having trouble limiting access to milked.free.fr. This is a porn site. I have tried a url_regex statement for this site and the site it resolves to with an nslookup. I have some one who is currently accessing this site, need to block and issue a customized error message stating penalty for accessing porn on our campus Internet connection. Doesn't "acl porn dstdomain milked.free.fr" work? How did your url_regex ACL look like? Christoph -- Hoy es: viernes julio veintedos des miles y cuatro fase del dia > coma esta usted --- how are you This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the email by you is prohibited. Este mensaje esta' para el recipiente sen~alado solamente y puede contener la informacio'n privilegiada, propietaria, o de otra manera privada. Si usted lo ha recibido en error, notifique por favor el remitente inmediatamente y suprima la original. Cualquier otro uso del email de usted se prohi'be. Rick G. Kilgore State of Colorado Department of Revenue IT/CSTARS (DDP/CCR/RWOC) E-Mail: [EMAIL PROTECTED] Phone: (303) 205-5659 Fax: (303) 205-5715
[squid-users] Advice on squidGuard
Hello all, I know this is a mailing list for squid, but as squidGuard is a plugin for squid I am soliciting advice. Details: Running squid 2.5 stable6 on Fedora core 1, in a chroot jail. Question: Should I instal squidGuard on the Jail volume or will it wouk with squid installed off of the jailed volume? -- Hoy es: viernes julio veintedos des miles y cuatro fase del dia > coma esta usted --- how are you This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the email by you is prohibited. Este mensaje está para el recipiente señalado solamente y puede contener la información privilegiada, propietaria, o de otra manera privada. Si usted lo ha recibido en error, notifique por favor el remitente inmediatamente y suprima la original. Cualquier otro uso del email de usted se prohíbe. Rick G. Kilgore State of Colorado Department of Revenue IT/CSTARS (DDP/CCR/RWOC) E-Mail: [EMAIL PROTECTED] Phone: (303) 205-5659 Fax: (303) 205-5715
[squid-users] ACL issues of time
Hello all, This problem feels like a time out setting but am unable to locate a solution. Problem: If I set up a deny rule for a URL that some one has gone to the following happens: 1. Anybody who has NOT been to this URL is denied out right. 2. If they went to the site prior to the access rule it seems to take days for the rule to finally deny them. How do I make the rules apply now?
Re: [squid-users] ACL issues of time
Sorry should have given back ground. version 2.5 Stable6. Yes this is after a -k reconfigure. have actually done a shut down of squid as well. Andreas Pettersson wrote: 2. If they went to the site prior to the access rule it seems to take days for the rule to finally deny them. I assume you run -k reconfigure after changes to squid.conf. Which version of squid are you running? /Andreas --
[squid-users] Metacharacter support
What is the extent of the squid metacharater support. Does is follow say the normal egrep metacharacter set, or does it support the perl extended version.
Re: [squid-users] squid feeding 2 subnets
it is possible to assign multiple addresses to some devices, but they must be cabable of handling this situation. Examples, CISCO routers by use of the Secondary statement, Linux/RedHat depending on what you are try to implement. Elsen Marc wrote: Hello, Here's an alternative thought : I want my squid proxy server to feed internet to 2 subnets : 192.168.0.0/255 192.168.1.0/255 If I were to put 3 NICs : 1 for WAN and two for LAN with the 2 subnet . Can squid be made to feed simultaneously 2 LAN NICs on two subnets ? That's not up to SQUID, but to hosts on the two subnets, having or setting appropriate routing info (tables), for 'finding' the SQUID box , in each case. And the SQUID host, on it's own having correct routing info for each subnets. OR If we could assign two IPs to the one LAN NIC. Will that work ? Not , in IP's simplest model, where each interface is supposed to be on one separate subnet. But basically this is not squid but a layer 3 issue. Update your IP knowledge accordingly. M. -- Hoy es: viernes julio veintedos des miles y cuatro fase del dia > coma esta usted --- how are you This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the email by you is prohibited. Este mensaje está para el recipiente señalado solamente y puede contener la información privilegiada, propietaria, o de otra manera privada. Si usted lo ha recibido en error, notifique por favor el remitente inmediatamente y suprima la original. Cualquier otro uso del email de usted se prohíbe. Rick G. Kilgore State of Colorado Department of Revenue IT/CSTARS (DDP/CCR/RWOC) E-Mail: [EMAIL PROTECTED] Phone: (303) 205-5659 Fax: (303) 205-5715
[squid-users] Always-Direct
Good Day to all Question about always-direct. Our application team does not want to rewrite a program that relies heavily on the IP address to maintain the identity of a connection to the client. I hate this idea and want the application redone correctly. It has been suggested that I use always-direct to bypass squid IP masking. My understanding was that always-direct just stopped the search of the cache and sends request directly to the listed server/s. Can some confirm or deny for me. Thanks in advance. -- ¡Feliz Navidad y Feliz Año Nuevo a todos! fase del dia: -> ¡se levantó por cualquier otro nombre es todavía se levantó! This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the email by you is prohibited. Este mensaje está para el recipiente señalado solamente y puede contener la información privilegiada, propietaria, o de otra manera privada. Si usted lo ha recibido en error, notifique por favor el remitente inmediatamente y suprima la original. Cualquier otro uso del email de usted se prohíbe. Rick G. Kilgore State of Colorado Department of Revenue IT/ESG/CSTARS/ISO (DDP/CCR/RWOC/ROAD) E-Mail: [EMAIL PROTECTED] Phone: (303) 205-5659 Fax: (303) 205-5715 smime.p7s Description: S/MIME Cryptographic Signature
[squid-users] blacklists
I have finally got my hands around some basic ACL's. Would like to use some blacklists if they work ok. Do I really need to load squidgaurd to use the blacklists properly/avoid performance issues? Would like to see some nested ACL's is any body has time to help a little on that as well Thanks for your time in advance. -- ¡Feliz Navidad y Feliz Año Nuevo a todos! fase del dia: -> ¡se levantó por cualquier otro nombre es todavía se levantó! This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the email by you is prohibited. Este mensaje está para el recipiente señalado solamente y puede contener la información privilegiada, propietaria, o de otra manera privada. Si usted lo ha recibido en error, notifique por favor el remitente inmediatamente y suprima la original. Cualquier otro uso del email de usted se prohíbe. Rick G. Kilgore State of Colorado Department of Revenue IT/ESG/CSTARS/ISO (DDP/CCR/RWOC/ROAD) E-Mail: [EMAIL PROTECTED] Phone: (303) 205-5659 Fax: (303) 205-5715 smime.p7s Description: S/MIME Cryptographic Signature
[squid-users] Graphics in custom messages
This is most likely a dump question, and did not see any thing in FAQ. I have designed several custom messages for squid. We would like to put our official logos in the message if possible. I have experimented with this, and it appears that the normal img src= statements do not work properly. Is it possible to put graphics in the error messages? -- ¡Feliz Navidad y Feliz Año Nuevo a todos! fase del dia: -> ¡se levantó por cualquier otro nombre es todavía se levantó! This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the email by you is prohibited. Este mensaje está para el recipiente señalado solamente y puede contener la información privilegiada, propietaria, o de otra manera privada. Si usted lo ha recibido en error, notifique por favor el remitente inmediatamente y suprima la original. Cualquier otro uso del email de usted se prohíbe. Rick G. Kilgore State of Colorado Department of Revenue IT/ESG/CSTARS/ISO (DDP/CCR/RWOC/ROAD) E-Mail: [EMAIL PROTECTED] Phone: (303) 205-5659 Fax: (303) 205-5715
