[squid-users] Squid keeps dieing
Hi all, Squid has died twice in the last few days, after repeated occureences of the following error message. We are using NTLM authentication and to the best of my knowledge there have been no changes, installs or uninstalls on the server. Squid info: Squid Cache: Version 2.5.STABLE3-20030803 configure options: --enable-delay-pools --enable-auth=ntlm,basic --enable-basic-auth-helpers=winbind --enable-ntlm-helpers=winbind Error Message: Nov 27 09:27:33 kirk squid[8526]: Squid Parent: child process 8528 started Nov 27 15:11:06 kirk (squid): unexpected state in AuthenticateNTLMFixErrorHeader. Nov 27 15:11:06 kirk squid[8526]: Squid Parent: child process 8528 exited due to signal 6 -- Simon Bryan IT Manager OLMC Parramatta
[squid-users] SQUID on an LTSP Server
Hi all, I have a number of clients running off an LTSP server, I need to block a number of them from accessing the internet, but allow access to the local intranet, and allow the rest to connect to the internet via our authenticating proxy. Now normally I would find this reasonably easy to do, however Squid seems to be seeing all the workstation requests as coming from the server (judging by the IP address). Obvioulsy it must be distinguishing them somehow, and I can use this to do my blocking. However I can't see what it is! For instance this request came from 'ws018' IP: 192.168.0.118 1062379643.804 1817 192.168.0.1 TCP_MISS/200 2179 GET http://www.smh.com.au/ffxImage/urlpicture_id_1062050683437_2003/08/30/home_th_fire3008.jpg - DIRECT/203.26.51.42 image/jpeg Is there anything I can turn on or off in the conf file to help me identify the clients with an acl? Simon Bryan IT Manager OLMC Parramatta
[squid-users] AuthenticateNTLMFixErrorHeader
Hi all, Came in this morning to find my Squid shutdown and many references to the following in the logs, I have no idea what is causing this or even if they are related. We are using NTLM authentication and are not experiencing any problems that have been brought to my attention. Squid -v gives: Squid Cache: Version 2.5.STABLE3-20030803 configure options: --enable-delay-pools --enable-auth=ntlm,basic --enable-basic-auth-helpers=winbind --enable-ntlm-helpers=winbind Aug 18 14:34:14 kirk (squid): unexpected state in AuthenticateNTLMFixErrorHeader. Simon Bryan IT Manager OLMC Parramatta
RE: [squid-users] wb_group
The only good way I can see to do this is to match against the authenticated username. Use a script to calculate which users in access.log are over their limit, then dump those to a file that you match on using a proxy_auth acl. acl overused proxy_auth /path/to/file Were already doing this. You can dump the first delay pool - it does nothing anyway. And I think you can remove the deny all from the second delay pool - users aren't added to delay pools by default. Having followed this instruction I amnow a happy boy! All is working as exepcted, users in the overused acl are being choked back to 33.3b/s and others are going full speed. Thanks all for the help, now to make backup copies of all these files (which I had neglected to do on the old server) cheers, Simon Bryan IT Manager OLMC Parramatta
Re: [squid-users] wb_group
Henrik Nordstrom said: Another thing to note is delay_access is not too happy about external acl types or other acl types which may require an external lookup of any kind. But it should work pretty good (but still not perfect) if you force the same acls to be evaluated in http_access. I finally remembered to check the cache log for details :-( arg. OK so the groups are being read correctly now. (Is there a debug_level that will show delay_pool details in the log? Returning to the delay_pools problem My current delay_pool listing is below, and the logs would indicate that users are in the correct groups. This particular configuration leads to everyone at full speed, which is a better default option! For the 'overused' acl, should i be using external_auth or RFC391 User as the type (or indeed another type), it reads the relevant usernames from a text file on the server. I am trying to not use one of the wb_group acl's here. delay_pools 2 delay_class 1 3 delay_parameters 1 -1/-1 -1/-1 -1/-1 delay_access 1 deny overused delay_class 2 2 delay_parameters 2 -1/-1 3600/3600 delay_access 2 allow overused delay_access 2 deny all Simon Bryan IT Manager OLMC Parramatta
[squid-users] wb_group
Hi all, I am working my way through why the delay_pools do not work for me, I suspected winbind and have been rebuilding everything. I have an issue with wb_group that I can't resolve. If I use wb_group -d and enter a valid username I get a list of groups as below: student /wb_group[22779](wb_check_group.c:343): Got 'student' from Squid (length: 7). /wb_group[22779](wb_check_group.c:237): SID:S-1-5-21-8915387-1576539265-1404200075-513 /wb_group[22779](wb_check_group.c:237): SID:S-1-5-21-8915387-1576539265-1404200075-3041 /wb_group[22779](wb_check_group.c:237): SID:S-1-5-21-8915387-1576539265-1404200075-3530 ERR However it always terminates with an ERR which seems to me what it must be sending to Squid so the users never fall into a group. I am using the Squid snapshot from 3rd August and Samba 2.2.8a, I have copied over the winbindd_nss.h file over the top of the Squid. Squid -v gives: Squid Cache: Version 2.5.STABLE3-20030803 configure options: --enable-delay-pools --enable-auth=ntlm,basic --enable-basic-auth-helpers=winbind --enable-ntlm-helpers=winbind wb_info gives all the right answers. Any clues appreciated. As a second question, when using wb_group in an acl do you use the NT group name eg 'teachers' or the SID number as given by wb_group on the command line? Cheers, Simon Bryan IT Manager OLMC Parramatta
RE: [squid-users] wb_group
Jay Turner said: You need to supply the account name and the group to the wb_group helper. OK will be returned if the user provided is in the group provided. ie DOMAIN\\username Domain Users See if that helps Yes it works from the command line OK with that syntax. Does Squid do that automatically? If not how do you configure the acl? I have the following at the moment: acl winauth external wb_group wwwusers acl banned external wb_group banned acl staff external wb_group Teachers acl students external wb_group Students Regards Jay -Original Message- From: Simon Bryan [mailto:[EMAIL PROTECTED] Sent: Monday, 4 August 2003 9:13 AM To: [EMAIL PROTECTED] Subject: [squid-users] wb_group Hi all, I am working my way through why the delay_pools do not work for me, I suspected winbind and have been rebuilding everything. I have an issue with wb_group that I can't resolve. If I use wb_group -d and enter a valid username I get a list of groups as below: student /wb_group[22779](wb_check_group.c:343): Got 'student' from Squid (length: 7). /wb_group[22779](wb_check_group.c:237): SID:S-1-5-21-8915387-1576539265-1404200075-513 /wb_group[22779](wb_check_group.c:237): SID:S-1-5-21-8915387-1576539265-1404200075-3041 /wb_group[22779](wb_check_group.c:237): SID:S-1-5-21-8915387-1576539265-1404200075-3530 ERR However it always terminates with an ERR which seems to me what it must be sending to Squid so the users never fall into a group. I am using the Squid snapshot from 3rd August and Samba 2.2.8a, I have copied over the winbindd_nss.h file over the top of the Squid. Squid -v gives: Squid Cache: Version 2.5.STABLE3-20030803 configure options: --enable-delay-pools --enable-auth=ntlm,basic --enable-basic-auth-helpers=winbind --enable-ntlm-helpers=winbind wb_info gives all the right answers. Any clues appreciated. As a second question, when using wb_group in an acl do you use the NT group name eg 'teachers' or the SID number as given by wb_group on the command line? Cheers, Simon Bryan IT Manager OLMC Parramatta Simon Bryan IT Manager OLMC Parramatta
[squid-users] delay_pools question - repost
Hi all, I have reposted this as I feel it may have got confused with another very similar post at the same time. Further info on the problem is that users are in *both* groups 'overused' and 'winauth' - I want to only effect those who have overused their accounts until the end of the month (all the ancillary scripting works fine) Can anyone tell me why with the delay_pool settings below *everyone* is put into delay_pool 2? acl overused proxy_auth /usr/local/squidalyser/data_exceed.out acl winauth external wb_group wwwusers acl banned external wb_group banned acl staff external wb_group Teachers acl students external wb_group Students acl password proxy_auth REQUIRED acl TEST dstdomain .passport.com acl chartermerc src 203.39.194.66 http_access deny all !password delay_pools 2 delay_class 1 1 delay_parameters 1 -1/-1 delay_access 1 deny overused delay_access 1 allow winauth delay_class 2 2 delay_parameters 2 3600/3600 3600/3600 delay_access 2 allow overused Simon Bryan IT Manager OLMC Parramatta Simon Bryan IT Manager OLMC Parramatta
[squid-users] delay_pools question
Hi all, Can anyone tell me why with the delay_pool settings below *everyone* is put into delay_pool 2? acl overused proxy_auth /usr/local/squidalyser/data_exceed.out acl winauth external wb_group wwwusers acl banned external wb_group banned acl staff external wb_group Teachers acl students external wb_group Students acl password proxy_auth REQUIRED acl TEST dstdomain .passport.com acl chartermerc src 203.39.194.66 http_access deny all !password delay_pools 2 delay_class 1 1 delay_parameters 1 -1/-1 delay_access 1 deny overused delay_access 1 allow winauth delay_class 2 2 delay_parameters 2 3600/3600 3600/3600 delay_access 2 allow overused Simon Bryan IT Manager OLMC Parramatta
Re: [squid-users] dansguardian or squidguard ?
Raja R said: Hi , Can anyone tell me which is the better one out of dansguardian and squidguard for content filtering ? has anybody done any comparision ? I am using squidguard and squid -2.5 stable 1... raja. AFAIK squidguard does not do 'content filtering' it filters on the basis of a pre-determined list of URL's. Dansguardian which we user does do content filtering based on the words in the page as well as regex and url filtering. Simon Bryan IT Manager OLMC Parramatta
[squid-users] Where is Squidalyser?
Hi all, In the final throes of rebuilding my squid proxy server and need Squidalyser. Every link I can find on the net points back to ababa.org and it is not allowing me to connect (don't have permission to access .. on ababa.org). If anyone knows where I can get the source files or has them and can send them my way I would really appreciate it. Cheers, Simon Bryan IT Manager OLMC Parramatta
Re: [squid-users] Where is Squidalyser?
Schelstraete Bart said: Simon Bryan wrote: Hi all, In the final throes of rebuilding my squid proxy server and need Squidalyser. Every link I can find on the net points back to ababa.org and it is not allowing me to connect (don't have permission to access .. on ababa.org). If anyone knows where I can get the source files or has them and can send them my way I would really appreciate it. Simon, After searching a time, I found them on: ftp://ftp.nhl.nl/pub/unix/squid/tools/ I suppose that the project has stopped...but I'm not sure of it.. Maybe Henrik can be so kind to place it on the Squid page? :) If we ask it all very nice :) Excellent , thankyou. I had managed to find an older version than this in the Google cache. Why I like Squidalyser is that it puts the data into a MySql database where it can be used for a number of other purposes such as quota management. Simon Bryan IT Manager OLMC Parramatta
[squid-users] Squidalyser help still
Hi all, I have the Squidalyser that Henrik has kindly placed on the Squid site, however it has no instructions as to how to setup the database. If anybody has these or knows what to do I would appreciate some help Cheers, Simon Bryan IT Manager OLMC Parramatta
[squid-users] OT:conf file needed back
Hi all, I remember sending my conf file recently to someone on this list to help them with an issue. However, following a fairly dramatic server failure (power spike took out the /var partition, at least we think it was a power spike), I would like to get a copy back again. If I did send it to you and you still have it can you please send it back to [EMAIL PROTECTED], thanks Simon Bryan IT Manager OLMC Parramatta
[squid-users] Back to delay_pools
Hi all, I am finally back to my delay pools setup and it is working fine but with two problems. I put users logins in a file when their total MB for the month reaches a certain limit, then their connection is slowed down to the equivalent of a 28k modem. This is working well. Problem 1: How do I give them unfettered access to the local network and only restrict access the the internet? Problem 2: The file of usernames is automatically generated from the Squidalyser database, howeverr I hav certain users (staff) who should never have their access restricted. If I have these 'super-users' usernames in a file is their a variation of the grep command that will remove them from the automatically generated list of names file? _ Simon Bryan IT Manager OLMC Parramata ICQ#: 137562751 _
[squid-users] winbind :-)
HI all, I downloaded and installed the daily snapshot from 280203 and bingo everything is now working!!! All I have to do now is to edit my lists. Time to have a cup of tea, headache tablet and a good lie down!! Thanks all for the help, especialy Henrik _ Simon Bryan IT Manager OLMC Parramata ICQ#: 137562751 _
[squid-users] winbind still!
I have been busy testing and crashing my Squid setup (wish I had a test box!) I think one of the issues has been in smb.conf use default domain it was set to yes, now that it is set to no when i do a wbinfo -u I get domain\username instead of just username. It also seems to have had an impact on squid as whenever I activate a http_access rule with a group squid dies instantly with this in the logs, I tried a google search but the only pahe that metions this error was in Russian! It seems that it is actually doing something now as before it seemed to just ignore those lines altogether. Any ideas anyone: Feb 27 11:59:43 kirk squid[30144]: assertion failed: authenticate.c:618: auth_user_request != NULL Feb 27 11:59:43 kirk squid[29965]: Squid Parent: child process 30144 exited due to signal 6 Feb 27 11:59:43 kirk squid[29965]: Exiting due to repeated, frequent failures BTW Samba 2.2.5 and Squid nightly snapshot from 26/02/2003 and relevant conf sections below: auth_param ntlm program /usr/local/squid/libexec/wb_ntlmauth auth_param ntlm children 20 auth_param ntlm max_challenge_reuses 0 auth_param ntlm max_challenge_lifetime 2 minutes auth_param basic program /usr/local/squid/libexec/wb_auth auth_param basic children 5 auth_param basic realm OOOPS Something is wrong!!! auth_param basic credentialsttl 2 hours authenticate_ip_ttl 90 seconds external_acl_type NT_global_group %LOGIN /usr/local/squid/libexec/wb_group acl winauth external NT_global_group wwwusers acl staff external NT_global_group Teachers acl students external NT_global_group Students acl admins external NT_global_group Domain Admins authenticate_ttl 1 hour authenticate_ip_ttl 300 seconds acl password proxy_auth REQUIRED http_access deny !password #http_access deny !winauth #http_access deny students webmail Enabling any of theses lines gives the error above #http_access deny students webmail2 #http_access deny students TEST _ Simon Bryan IT Manager OLMC Parramata ICQ#: 137562751 _
RE: [squid-users] Winbind and Windows groups
yes, I have the following: auth_param ntlm program /usr/local/squid/libexec/wb_ntlmauth auth_param ntlm children 20 auth_param ntlm max_challenge_reuses 0 auth_param ntlm max_challenge_lifetime 2 minute auth_param basic program /usr/local/bin/smb_auth -W OLMC_CD -U 10.192.0.11 auth_param basic children 5 auth_param basic realm Poxy server at OLMC auth_param basic credentialsttl 1 hour and from below: authenticate_ttl 1 hour acl password proxy_auth REQUIRED http_access deny all !password and the logs show the username as domain\username I take it that this should work then? -Original Message- From: Henrik Nordstrom [mailto:[EMAIL PROTECTED]] Sent: Tue, 18. February 2003 2:06 AM To: [EMAIL PROTECTED] Cc: Squid-Users Subject: Re: [squid-users] Winbind and Windows groups Have you also configured authentication? (auth_param ...) The group helpers are only responsible for verifying group membership, and relies on the authentication helper(s) to first verify the username and password. Regards Henrik mån 2003-02-17 klockan 06.11 skrev Simon Bryan: Hi all, I have sorted out most of my winbind problems at least at Samba - command line level. However I still cannot get Squid to recognise the groups. The relevant kines from my Squid.conf file are below. Note that wbinfo -u returns the users, wbinfo -g returns the groups from the domain, if I feed a correct domain+username groupname to wb_group it returns 'OK' or 'ERR' as the case may be. Is there anything wrong in my conf file that is obvious, or can I not do this yet? Using SQUID snapshot from 13th Feb 03 ** * external_acl_type wb_group %LOGIN /usr/local/squid/libexec/wb_group acl winauth external wb_group wwwusers acl staff external wb_group Teachers acl students external wb_group Students authenticate_ttl 1 hour authenticate_ip_ttl 300 seconds #a list of webmail domains from Dansguardian acl webmail dstdomain /etc/dansguardian/blacklists/mail/domains #some regex expressions that used to work OK with IP based acls acl webmail2 urlpath_regex /usr/local/squid/acls/webmailregex acl password proxy_auth REQUIRED #using this as a test, if I make it a http_access deny TEST all it works acl TEST dstdomain .passport.com http_access deny redworm http_access deny FTPDownloads PUT http_access deny banned-url http_access allow manager localhost http_access deny manager http_access deny CONNECT !SSL_ports http_access allow CONNECT SSL_ports http_access deny !Safe_ports http_access deny to_localhost http_access deny all !password http_access deny students TEST http_access deny students webmail webmail2 http_access allow local_servers http_access allow FTPDownloads http_access allow our_networks http_access allow olmcwarnings #And finally deny all other access to this proxy http_access allow all ** ** ** _ Simon Bryan IT Manager OLMC Parramata ICQ#: 137562751 _ -- Henrik Nordstrom [EMAIL PROTECTED] MARA Systems AB, Sweden
RE: [squid-users] Winbind and Windows groups
The following is in the SQUID FAQ so I thought I would try it anyway (I currently have Samba 2.2.5), however in the Squid directories there is no winbindd_nss.h file and in the 'helper/external_acl' directory there is no wb_group directory In the snapshot from 20030123, the winbindd_nss file exists in the first two directories but the wb_group directory is also not there. Have there been changes in this area and if so woudl they be effecting my problem? Have re-built with the 20030123 snapshot but there is no change. Squid-2.5.STABLE1 works with Samba 2.2.4 or 2.2.5. Samba With Samba 2.2.6, the winbindd interface changed and Squid 2.5.STABLE1 will not work as distributed. Replacing the winbindd_nss.h file in Squid's helpers/basic_auth/winbind, helpers/ntlm_auth/winbind and helpers/external_acl/wb_group/ directories with the version in Samba's source/nsswitch drectory is needed for the helpers to work properly. -Original Message- From: Henrik Nordstrom [mailto:[EMAIL PROTECTED]] Sent: Tue, 18. February 2003 9:07 AM To: [EMAIL PROTECTED] Subject: Re: [squid-users] Winbind and Windows groups Looks fine from what I can tell, and should work.. But your http_access rules is a bit complex I think, but no immediately obvious errors except for the allow CONNECT ... thing which may override later filters if using https://.. Regards Henrik On Monday 17 February 2003 22.19, you wrote: yes, I have the following: auth_param ntlm program /usr/local/squid/libexec/wb_ntlmauth auth_param ntlm children 20 auth_param ntlm max_challenge_reuses 0 auth_param ntlm max_challenge_lifetime 2 minute auth_param basic program /usr/local/bin/smb_auth -W OLMC_CD -U 10.192.0.11 auth_param basic children 5 auth_param basic realm Poxy server at OLMC auth_param basic credentialsttl 1 hour and from below: authenticate_ttl 1 hour acl password proxy_auth REQUIRED http_access deny all !password and the logs show the username as domain\username I take it that this should work then? -Original Message- From: Henrik Nordstrom [mailto:[EMAIL PROTECTED]] Sent: Tue, 18. February 2003 2:06 AM To: [EMAIL PROTECTED] Cc: Squid-Users Subject: Re: [squid-users] Winbind and Windows groups Have you also configured authentication? (auth_param ...) The group helpers are only responsible for verifying group membership, and relies on the authentication helper(s) to first verify the username and password. Regards Henrik mån 2003-02-17 klockan 06.11 skrev Simon Bryan: Hi all, I have sorted out most of my winbind problems at least at Samba - command line level. However I still cannot get Squid to recognise the groups. The relevant kines from my Squid.conf file are below. Note that wbinfo -u returns the users, wbinfo -g returns the groups from the domain, if I feed a correct domain+username groupname to wb_group it returns 'OK' or 'ERR' as the case may be. Is there anything wrong in my conf file that is obvious, or can I not do this yet? Using SQUID snapshot from 13th Feb 03 * * * external_acl_type wb_group %LOGIN /usr/local/squid/libexec/wb_group acl winauth external wb_group wwwusers acl staff external wb_group Teachers acl students external wb_group Students authenticate_ttl 1 hour authenticate_ip_ttl 300 seconds #a list of webmail domains from Dansguardian acl webmail dstdomain /etc/dansguardian/blacklists/mail/domains #some regex expressions that used to work OK with IP based acls acl webmail2 urlpath_regex /usr/local/squid/acls/webmailregex acl password proxy_auth REQUIRED #using this as a test, if I make it a http_access deny TEST all it works acl TEST dstdomain .passport.com http_access deny redworm http_access deny FTPDownloads PUT http_access deny banned-url http_access allow manager localhost http_access deny manager http_access deny CONNECT !SSL_ports http_access allow CONNECT SSL_ports http_access deny !Safe_ports http_access deny to_localhost http_access deny all !password http_access deny students TEST http_access deny students webmail webmail2 http_access allow local_servers http_access allow FTPDownloads http_access allow our_networks http_access allow olmcwarnings #And finally deny all other access to this proxy http_access allow all * * ** ** _ Simon Bryan IT Manager OLMC Parramata ICQ#: 137562751 _ -- Henrik Nordstrom [EMAIL PROTECTED] MARA Systems AB, Sweden
[squid-users] Winbind and Windows groups
Hi all, I have sorted out most of my winbind problems at least at Samba - command line level. However I still cannot get Squid to recognise the groups. The relevant kines from my Squid.conf file are below. Note that wbinfo -u returns the users, wbinfo -g returns the groups from the domain, if I feed a correct domain+username groupname to wb_group it returns 'OK' or 'ERR' as the case may be. Is there anything wrong in my conf file that is obvious, or can I not do this yet? Using SQUID snapshot from 13th Feb 03 *** external_acl_type wb_group %LOGIN /usr/local/squid/libexec/wb_group acl winauth external wb_group wwwusers acl staff external wb_group Teachers acl students external wb_group Students authenticate_ttl 1 hour authenticate_ip_ttl 300 seconds #a list of webmail domains from Dansguardian acl webmail dstdomain /etc/dansguardian/blacklists/mail/domains #some regex expressions that used to work OK with IP based acls acl webmail2 urlpath_regex /usr/local/squid/acls/webmailregex acl password proxy_auth REQUIRED #using this as a test, if I make it a http_access deny TEST all it works acl TEST dstdomain .passport.com http_access deny redworm http_access deny FTPDownloads PUT http_access deny banned-url http_access allow manager localhost http_access deny manager http_access deny CONNECT !SSL_ports http_access allow CONNECT SSL_ports http_access deny !Safe_ports http_access deny to_localhost http_access deny all !password http_access deny students TEST http_access deny students webmail webmail2 http_access allow local_servers http_access allow FTPDownloads http_access allow our_networks http_access allow olmcwarnings #And finally deny all other access to this proxy http_access allow all ** _ Simon Bryan IT Manager OLMC Parramata ICQ#: 137562751 _
[squid-users] delay-pools really ntlm prob
Hi all, I have been having trouble getting delay-pools working (as some may have noticed). It seems however that my main problem is getting ntlm authentication to work. It is working with STABLE2.5 -20032301 - but I apparently need to go to a more recent snapshot to get delay-pools and proxy-auth working together. I am using Samba 2.2.5 However when I use STABLE2.5 - 20030213 I get no throughput at all. When I look in the logs I see that every request is TCP DENIED/407 and no user name listed. the -v option gives me: Squid Cache: Version 2.5.STABLE1-20030213 configure options: --enable-auth=ntlm,basic --enable-basic-auth-helpers=winbind,SMB - -enable-ntlm-auth-helpers=winbind --enable-external-acl-helpers=wbinfo_group --enable-delay-pools It seems my getting this to work in the first place was a fluke!! Is there anything else I need to do in the Squid directories to have ntlm to work? Note that if I re-install the Jan 23 file ntlm works fine. _ Simon Bryan IT Manager OLMC Parramata ICQ#: 137562751 _
[squid-users] delay_pools
Hi all, I am trying to find out if delay_pools canbe used with: a. external acls such as winbind b. proxy_auth acls - where the list of users is read from a file I find many references to delay_pools but they all seem to use the IP address to differentiate between clients. _ Simon Bryan IT Manager OLMC Parramata ICQ#: 137562751 _
[squid-users] ntlm questions
Hi all, I am using Squid2.5STABLE1 on RH7.2, have successfully implemented ntlm authentication (after much grief related to getting Samba to compile properly). I was following another thread in this list about ntlm and not needing a proxy_auth line when using an external authenticator. Which turned out to be true, however it seems to also then allow non-authenticated use of the proxy! I see now that there are large numbers of lines in my logs where the 'user' is the machines IP address and the download is permitted. Previously they would be denied. Is this correct behaviour? I find I need: acl password proxy_auth REQUIRED http_access deny all !password for access to non-authenticated users to be denied. Or am I doing something dumb(again!)? Also should I be able to use: acl staff external wb_group Teachers in http_access rule like: acl webmail dstdomain /etc/dansguardian/blacklists/mail/domains http_access allow webmail staff http_access deny webmail cause it doesn't seem to work for me, the docs seem to indicate that it is possible. 'Teachers' is a group on the NT Server. I believe the relevant lines of my conf file are below: auth_param ntlm program /usr/local/squid/libexec/wb_ntlmauth auth_param ntlm children 5 auth_param ntlm max_challenge_reuses 0 auth_param ntlm max_challenge_lifetime 2 minutes auth_param basic program /usr/local/bin/smb_auth -W OLMC_CD -U 10.192.0.11 auth_param basic children 20 auth_param basic realm Poxy server at OLMC auth_param basic credentialsttl 1 hours external_acl_type wb_group %LOGIN /usr/local/squid/libexec/wb_group acl winauth external wb_group wwwusers acl staff external wb_group Teachers authenticate_ttl 1 hour authenticate_ip_ttl 300 seconds # TIMEOUTS # ACCESS CONTROLS acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl cachemanager src 10.192.0.21 acl SSL_ports port 443 563 4545 acl Safe_ports port 21 70 80 81 82 88 210 563 1010 1025-65535 1082 4545 acl CONNECT method CONNECT acl webdav method PROPFIND TRACE PURGE PROPPATCH MKCOL COPY MOVE LOCL UNLOCK acl password proxy_auth REQUIRED http_access deny all !password _ Simon Bryan IT Manager OLMC Parramata ICQ#: 137562751 _
[squid-users] Webalizer interpretation
Hi all, I am using Webalizer on my web servers to analyze the logs and I like the look of it. However when I apply it to my Squid logs I am not sure I am getting the information I want, cache-hits in MB, downloads from the internet in MB. Does Webalizer give me this info or is there a better one for Squid that will do the graphical display of data (my superiors like it!) _ Simon Bryan IT Manager OLMC Parramata ICQ#: 137562751 _