[squid-users] In what order does acls work
HI, Does the acls work according to the "first matching" rule principle? I want to allow only certain people to access certain hosts. I wrote the acl acl quant-srvs dstdomain "/etc/pf-tables/quant-srvs" acl quant-admins srcdomain "/etc/pf-tables/quant-admins" http_access allow quant-admins http_access deny quant-srvs it still seems to block "quant-admins" from accessing "quant-srvs" Thanks --Siju
Re: [squid-users] In what order does acls work
On Tue, Nov 3, 2009 at 4:50 PM, Amos Jeffries wrote: >> >> it still seems to block "quant-admins" from accessing "quant-srvs" >> Then the visitors rDNS domain names is not matching the listed > "quant-admins" domains. > I didnt get you :-( > There is nothing more we can offer without seeing the data you have in front > of you. > Could you please let me know what data I should provide? thanks --Siju
[squid-users] Squid Proxy Server 3.1 Beginers Guide by Kulbir Saini
Hi, There is a new book on Squid by Kulbir Saini http://amzn.to/hYKDdA or the full URL http://www.amazon.com/Squid-Proxy-Server-3-1-Beginners/dp/1849513902/ref=sr_1_1?ie=UTF8&qid=1301398883&sr=8-1 This would be a great book for beginners who need hands on experience in configuring squid. Also this is a good reference book for experienced users. Mentions Installations on BSDs in addition to Linux. Thanks --Siju
[squid-users] Re: Squid Proxy Server 3.1 Beginers Guide by Kulbir Saini
Sorry for the Amazon URL. Here is the Publisher's One https://www.packtpub.com/squid-proxy-server-31-beginners-guide/book thanks --Siju On Tue, Mar 29, 2011 at 5:17 PM, Siju George wrote: > Hi, > > There is a new book on Squid by Kulbir Saini > > http://amzn.to/hYKDdA > > or the full URL > > http://www.amazon.com/Squid-Proxy-Server-3-1-Beginners/dp/1849513902/ref=sr_1_1?ie=UTF8&qid=1301398883&sr=8-1 > > This would be a great book for beginners who need hands on experience > in configuring squid. > Also this is a good reference book for experienced users. > > Mentions Installations on BSDs in addition to Linux. > > Thanks > > --Siju >
[squid-users] load balancing traffic through squid on systems with 2 Internet connections
Hi, I have a System with two Internet connections. Is it possible to configure squid to load balance out going internet traffic through those two Internet Connections? Thank you so much Kind Regards Siju
Re: [squid-users] load balancing traffic through squid on systems with 2 Internet connections
On Nov 21, 2007 6:29 AM, Ming-Ching Tiew <[EMAIL PROTECTED]> wrote: > > From: "Ming-Ching Tiew" <[EMAIL PROTECTED]> > > > > This is assuming that you are running Linux :- > > Just set up multiple routing and weight assignment. > > You might have to turn off kernel option which > > caches multiple routing. > > > Thank you so much Ching for your kind response:-) I am running OpenBSD with route-to option in PF http://www.openbsd.org/faq/pf/pools.html#outgoing Is there any option to do it in the "squid.conf" file? I know there is a "tcp_outgoing_address" option. just wondering if it is possible to make it use all outgoing IP address in a round-robin manner :-) Thank you so much once again. Kind Regards Siju
Re: [squid-users] load balancing traffic through squid on systems with 2 Internet connections
On Nov 21, 2007 12:21 PM, Tek Bahadur Limbu <[EMAIL PROTECTED]> wrote: > Hi George, > > Siju George wrote: > > Hi, > > > > I have a System with two Internet connections. > > Is it possible to configure squid to load balance out going internet > > traffic through those two Internet Connections? > > To keep things simple, you can just use the "tcp_outgoing_address" > parameter in squid.conf. > It didn't work :-( I am running OpenSBD and using the route-to option in pf.conf http://www.openbsd.org/faq/pf/pools.html#outgoing to load balance Internet connections. It is not multipath routing with two default routes. Thank you so much for the response :-) Kind Regards Siju
Re: [squid-users] load balancing traffic through squid on systems with 2 Internet connections
On Nov 22, 2007 2:16 AM, Henrik Nordstrom <[EMAIL PROTECTED]> wrote: > On ons, 2007-11-21 at 13:50 +0900, Adrian Chadd wrote: > > On Wed, Nov 21, 2007, Ming-Ching Tiew wrote: > > > > > As far as I know, you could do "split access" using > > > the 'tcp_outgoing_address' method, but you can't > > > get squid to use it in round-robin manner. > > > > > > I might be wrong. :-) > > > > I don't think there is, but making squid do that with a small source patch > > wouldn't be difficult. > > But not something I would recommend. Many sites dislikes clients coming > from more than one IP during the same session. The client IP is often > embedded in session cookies etc, making the session fail if the IP > changes. > Yes Henrik. Such sites are identified and there is af firewall rule added to PF in OpenBSD to route them through the same interface.. But it is not a problem with majority of the sites. Thank you so much for the response :-) Kind Regards Siju
Re: [squid-users] load balancing traffic through squid on systems with 2 Internet connections
On Nov 22, 2007 8:33 AM, Ming-Ching Tiew <[EMAIL PROTECTED]> wrote: > From: "Siju George" <[EMAIL PROTECTED]> > > > > > > But not something I would recommend. Many sites dislikes clients coming > > > from more than one IP during the same session. The client IP is often > > > embedded in session cookies etc, making the session fail if the IP > > > changes. > > > > > > > Yes Henrik. > > Such sites are identified and there is af firewall rule added to PF in > > OpenBSD to route them through the same interface.. But it is not a > > problem with majority of the sites. > > > > Perhaps it will be interesting for squid to have an acl called random :- > > ( is there one already ? ) > > eg > >acl rnd random 50 # 50 % > >tcp_outgoing_address x.x.x.x rnd <--- use x 50 % of time >tcp_outgoing_address y.y.y.y rnd < use y 50% of time >tcp_outgoing_address z.z.z.z <--- have to provide a > default in case nothing is matched > > And the random acl can be used together with other acl too ! > > eg > acl link1 dst . > tcp_outgoing_address x.x.x.x link1 rnd > > :-) > If you use the http://www.openbsd.org/faq/pf/pools.html#outgoing method as I use now then even through the outgoing address will be changed for 50% of the packets those same packets will be routed out through the default interface only :-( Thankyou so much kind Regards Siju
[squid-users] routing sqiud traffic through a second interface
Hi, I am running squid on an OpenBSD machine which has 3 interfaces. One for LAN and the other two for 2 internet connections. I would like to loadbalance the traffic comming from squid through the two internet connections. How can I acheive that? thanks Siju
[squid-users] Configuring tcp_outgoing_address for Squid with 2 internet connections when 1 connection uses dhcp to get the IP address
Hi all, I am nearing completion of the configuration of the OpenBSD Gateway with two internet connections. So there is a problem with squid. The task is to configure a set of users "dsl_users" alone use the DSL connection to connect to websites and force all others use the cable modem connection. The file "/etc/squid.conf" gives the following instructions for that. --- # TAG: tcp_outgoing_address # Allows you to map requests to different outgoing IP addresses # based on the username or sourceaddress of the user making # the request. # # tcp_outgoing_address ipaddr [[!]aclname] ... # # Example where requests from 10.0.0.0/24 will be forwareded # with source address 10.1.0.1, 10.0.2.0/24 forwarded with # source address 10.1.0.2 and the rest will be forwarded with # source address 10.1.0.3. # # acl normal_service_net src 10.0.0.0/255.255.255.0 # acl good_service_net src 10.0.1.0/255.255.255.0 # tcp_outgoing_address 10.0.0.1 normal_service_net # tcp_outgoing_address 10.0.0.2 good_service_net # tcp_outgoing_address 10.0.0.3 # # Processing proceeds in the order specified, and stops at first fully # matching line. # #Default: # none but the problem is that though I have the IP of the DSL connection fixed I get a differrent IP each time I reboot for cable connection. So how do I configure this? presently i am stuck with the following configuration. # acl dsl_users src aaa.aaa.aaa.aaa/32, bbb.bbb.bbb.bbb/32, ccc.ccc.ccc.ccc/32 tcp_outgoing_address dsl.dsl.dsl.dsl dsl_users tcp_outgoing_address # Since I am not able to give the IP address for the last "tcp_outgoing_address" squid shows error and doesnot start up. Could someone provide an Idea of how to solve the problem ??? Thankyou somuch kind Regards Siju
[squid-users] Squid PURGE acl warning--help
Hi all, I entered acl PURGE method PURGE acl localhost src 127.0.0.1 http_access allow PURGE localhost http_access deny PURGE in my squid.conf file from the advice given at http://www.squid-cache.org/Doc/FAQ/FAQ-7.html#ss7.5 Now when I start Squid I get the warning # /usr/local/sbin/squid 2005/03/09 18:25:59| WARNING: '127.0.0.1' is a subnetwork of '127.0.0.1' 2005/03/09 18:25:59| WARNING: because of this '127.0.0.1' is ignored to keep splay tree searching predictable 2005/03/09 18:25:59| WARNING: You should probably remove '127.0.0.1' from the ACL named 'localhost' So I changed it to acl PURGE method PURGE acl localhost src 127.0.0.1/32 http_access allow PURGE localhost http_access deny PURGE But still I get the same warning!!! Could someone please tell me how to fix this issue??? thankyou so much kind regards Siju
Re: [squid-users] Deny media
On 4/26/05, Matus UHLAR - fantomas <[EMAIL PROTECTED]> wrote: > > I'm afraid the only way how to really deny people from downloading such > files, is applying content-filter > -- How do we do content filtering with Squid?? Should we use some other software in conjunction with it?? Is a free software available for Unix?? Thankyou so much Kind regards Siju
[squid-users] Squid and ACL with two internet connections
Hi all, I have a computer running Squid. It is connected to a LAN and two internet connections using 3 NICs how will I configure it so that access from the LAN to a set of websites will go through one Internet connection and access to all other websites will go through the other internet connection Thankyou so much kind regards Siju
Re: [squid-users] Squid and ACL with two internet connections
On 8/17/05, Chris Robertson <[EMAIL PROTECTED]> wrote: > > -Original Message- > > From: Siju George [mailto:[EMAIL PROTECTED] > > Sent: Tuesday, August 16, 2005 4:23 AM > > To: squid-users > > Subject: [squid-users] Squid and ACL with two internet connections > > > > > > Hi all, > > > > I have a computer running Squid. > > > > It is connected to a LAN and two internet connections using 3 NICs > > > > how will I configure it so that access from the LAN to a set of > > websites will go through one Internet connection and access to all > > other websites will go through the other internet connection > > > > Thankyou so much > > > > kind regards > > > > Siju > > > > Look into the tcp_outgoing_address directive. > Thankyou so much Chris for the reply but the squid.conf says tcp_outgoing_address # Allows you to map requests to different outgoing IP addresses # based on the username or sourceaddress of the user making # the request. # # tcp_outgoing_address ipaddr [[!]aclname] ... # # Example where requests from 10.0.0.0/24 will be forwareded # with source address 10.1.0.1, 10.0.2.0/24 forwarded with # source address 10.1.0.2 and the rest will be forwarded with # source address 10.1.0.3. # # acl normal_service_net src 10.0.0.0/255.255.255.0 # acl good_service_net src 10.0.1.0/255.255.255.0 # tcp_outgoing_address 10.0.0.1 normal_service_net # tcp_outgoing_address 10.0.0.2 good_service_net # tcp_outgoing_address 10.0.0.3 # # Processing proceeds in the order specified, and stops at first fully # matching line. I my case the source address of the user making the request is same. I want the same user to be able to connect through squid and use one internet connection for a set of websites and the other internet connection for all other websites. Thankyou so much for the response kind regards Siju
Re: [squid-users] Squid and ACL with two internet connections
On 8/17/05, Joost de Heer <[EMAIL PROTECTED]> wrote: > > Thankyou so much Chris for the reply but the squid.conf says > > > > tcp_outgoing_address > > # Allows you to map requests to different outgoing IP addresses > > # based on the username or sourceaddress of the user making > > # the request. > > # > > # tcp_outgoing_address ipaddr [[!]aclname] ... > > # > > # Example where requests from 10.0.0.0/24 will be forwareded > > # with source address 10.1.0.1, 10.0.2.0/24 forwarded with > > # source address 10.1.0.2 and the rest will be forwarded with > > # source address 10.1.0.3. > > # > > # acl normal_service_net src 10.0.0.0/255.255.255.0 > > # acl good_service_net src 10.0.1.0/255.255.255.0 > > # tcp_outgoing_address 10.0.0.1 normal_service_net > > # tcp_outgoing_address 10.0.0.2 good_service_net > > # tcp_outgoing_address 10.0.0.3 > > # > > # Processing proceeds in the order specified, and stops at first > > fully > > # matching line. > > > > I my case the source address of the user making the request is same. > > Then make your acl so it differs between users. The ip acl is just an > example. > Thankyou so much :-) its working!! kind regards Siju
[squid-users] squid and logmein.com
Hi, Has anybody using Squid come across https://secure.logmein.com/ How do I control such traffic using squid?? i.e how can I allow /deny such traffic with squid?? Thankyou so much kind regards Siju
[squid-users] Smart way to Block Streaming Video/audio websites
Hi, Cond some one please tell me what is the effective way for blocking streaming media from websites like 1) http://video.google.com/ 2) http://www.youtube.com/ I know I can block these websites with the "dstdomain" ACL but is there a smarter way to do tihs with squid? or by using anyother software along with Squid? Or atleast is there a place where I can get a list of such popular streaming websites so that I can block them? Thankyou so much Kind Regards Siju
[squid-users] unable to filter .m3u file with acls
Hi, I have a file that stores reular expressions to block a set of URLs that end a certain way. all the urls except that end with the .m3u extension is blocked. Yes I restarted squid after changing the configuration file. Could some one help me sort the issue? I checked with http://www.2600.com/wbai/wbai.m3u but it is not blocked. My acl in squid.conf is acl media-url-regex url_regex -i "/etc/squid/acls/media-url-regex" http_access deny media-url-regex the content of the file "/etc/squid/acls/media-url-regex" is given below. It seems strange that I can block al others except .m3u # pwd /etc/squid/acls # cat media-url-regex \.mp3$ \.mp4$ \.asx$ \.wma$ \.wmv$ \.avi$ \.mpeg$ \.mpg$ \.qt$ \.ram$ \.rm$ \.iso$ \.wav$ \.wmf$ \.exe$ \.zip$ \.gz$ \.rar$ \.bzip$ \.bzip2$ \.dll$ \.midi$ \.cda$ \.csv$ \.pls$ \.mov$ \.qtl$ \.m3u$ # Thankyou so much KInd regards Siju
[squid-users] squid ftp proxying clarification
Dear Squid people, I was using a Windows proxy server for connecting Our LAN users to the Internet. So once the ftp-client program in the users computers was configured with the Windows Proxy IP address and another port other than 21(which is specified as FTP proxy port in the Windows Proxy Server) in the ftp-proxies section,users could connect to ftp sites on the internet by just typing the site URL in the ftp-client. The ftp-client most of us use is FileZilla. I Plan to swithch over to OpenBSD 3.5 Proxy and Firewall machine. So now I have OpenBSD 3.5 installed on a computer with Squid Proxy Installed on it. I also managed to get Squid configured and the LAN users can access the Websites on the Internet through it. There is no problem with http access and it is much faster I think. I am a bit confused about configuring the ftp proxy part of it. I got a bit confused from the documentation about transparent proxying and all. Could You please tell me what are the parameters I should change in the squid.conf and what values I should give them so that the users in the LAN can access the FTP sites as earlier? Is it possible to restrict users and specify which users can access which sites? Note: The Squid Proxy is installed on an OpenBSD 3.5 computer with 2 NICs. One NIC has an Internet static IP address and is connected to an ADSL router. The other NIC has an Internal IP Address and is connected to the LAN switch. Could you also please refer me to some resource on the internet which explains what "transparent proxying" is and what "passive mode" and "active mode" is. If I enable "packet filtering" in OpenBSD are there specific issues that I should be careful about while using "Squid Proxy"? Thanks for this Proxy Software God Bless you Siju
[squid-users] WARNING cache_mem is larger than total disk cache space-help!
Hi, I installed Squid on OpenBSD 3.5 to use as a Proxy between the Internet and LAN. I am able to connect to the internet and view webpages from the internet but when I start squid initially the following error shows up. "WARNING cache_mem is larger than total disk cache space!" The total disk cache space on my system is 600Mb. ie. I have a 600 MB Swap partition. How can I rectify this problem? There are at presently 12 LAN users at present and it will grow to 35 soon. They use internet very heavily! How should I configure the cache memory? I mean could you please recommend the Optimum Cache Size? If necessarry I am willing to increase the total disk cache space. ie. I'll repartition Swap. I need speed and Optimum Perfomance. Below is relevant portion of my squid.conf Posted so you can have a look. I configured by reading the pdf provied from the squid website. Well in the way I understood it. Please look into this problem and help me. Thankyou Somuch, warm regards Siju # OPTIONS WHICH AFFECT THE CACHE SIZE cache_mem 300 MB cache_swap_low 90 cache_swap_high 95 maximum_object_size 4096 KB minimum_object_size 0 KB maximum_object_size_in_memory 8 KB memory_replacement_policy lru
[squid-users] error while purging object from cache
Hi all I am runnning Squid ob OpenBSD 3.5. I have the lines acl PURGE method PURGE acl localhost src 127.0.0.1 http_access allow PURGE localhost http_access deny PURGE in my squid .conf but when I give the command squidclient -m PURGE http://... to purge an object form squid in the local host. I get the following error message client: ERROR: Cannot connect to localhost:3128: Connection refused. Could Someone please tell me what is wrong? Thankyou Somuch regards Siju
Re: [squid-users] error while purging object from cache
n Sat, 16 Oct 2004 09:21:39 +0200, Andreas Pettersson <[EMAIL PROTECTED]> wrote: > > but when I give the command > > > > squidclient -m PURGE http://... > > > > to purge an object form squid in the local host. I get the following > > error message > > > > client: ERROR: Cannot connect to localhost:3128: Connection refused. > > Is squid listening for requests on port 3128? > > /Andreas > > Squid is running on port 8080 --Siju
Re: [squid-users] error while purging object from cache
Thankyou somuch Andreas,Diego and Henrik, Its working now regards Siju On Sat, 16 Oct 2004 16:50:30 +0200 (CEST), Henrik Nordstrom <[EMAIL PROTECTED]> wrote: > On Sat, 16 Oct 2004, Siju George wrote: > > > Squid is running on port 8080 > > Then you need to tell squidclient which port it should contact. > > Regards > Henrik >
[squid-users] Using two internet connections with Squid
Hi all, At present my Proxy server and firewall is an OpenBSD 3.6 box running Squid. I have a DSL internet connection with Static IP. The squid proxy listens on 127.0.0.1:8080. The clients have their browsers configured to use proxy server address as 172.16.1.1:8080 which is the internal interface of the OpenBSD gateway. The requests that comes to 172.16.1.1:8080 is redirected by PF to 127.0.0.1:8080 and thus squid acts as the proxy for all requests. Now things are working fine. But I want to add a third NIC to the OpenBSD Gateway with a cable internet connection. The IP address, Gateway address and DNS will be got by DHCP on that interface. Now I want to allow only a certain group on the LAN to use the DSL connection. All others should use the cable modem connection to connect to the internet. How can I accomplish this with squid. Should I add more redirection rules NAT rules in my firewall or can I just manage with some changes in squid ? I am sorry this is not a Packetfilter mailinglist but since these should work in conjunction so I mention it . Has anyone done this before? Please help me Thankyou so much God bless you all Kind Regards Siju
Re: [squid-users] Using two internet connections with Squid
Hi Elsen, Thankyou so much for the reply :) On Fri, 10 Dec 2004 14:01:23 +0100, Elsen Marc <[EMAIL PROTECTED]> wrote: > > Check the > > tcp_outgoing_address > > directive in squid.conf.default -> and comments. > One of my internet connections is through a DSL static IP in that case I'll be able to give tcp_outgoing_address in squid.conf. BUT the other connection is through a cable modem and the IP address is got by dhcp. Since the IP address keeps on changing for every reconnect how should I give the tcp_outgoing_address for users using this connection. Thankyou so much Good Luck Kind Regards Siju