RE: [squid-users] SquidGuard Replacement
Sorry for my misunderstanding. It was a bad day for me. Please accept my apologies. -Original Message- From: Philipp Rusch - New Vision-IT [mailto:philipp.ru...@newvision- it.de] Sent: Thursday, January 08, 2009 12:02 PM To: squid-users@squid-cache.org Subject: Re: [squid-users] SquidGuard Replacement Thomas Raef schrieb: How do you figure that ufdb Guard is sub-optimal? Yes you can use shalla lists with this. I suggest you contact the owner and discuss your needs with him. He reads this list so I think he'll be available. Thomas J. Raef www.ebasedsecurity.com http://www.ebasedsecurity.com You're either hardened, or you're hacked! - --- *From:* Philipp Rusch - New Vision IT [mailto:philipp.ru...@newvision-it.de] *Sent:* Wed 1/7/2009 1:12 PM *To:* squid-users@squid-cache.org *Subject:* Re: [squid-users] SquidGuard Replacement Joseph L. Casale schrieb: I switched to ufdbguard and have been real pleased with it's performance and support. Thomas, Do I understand this right, the software is free but the db is not? Can one use shalla lists with this software? Thanks! jlc Joseph, I wasn't able to access the systems with the SG-config today. So let's solve your problem with SG tomorrow instead of hunting for a suboptimal solution. Did you try to post your prob to Shalla / Christine Kronberg ? She is usually a great help. CU, Philipp Thomas, I did not say that ufdbguard is a suboptimal solution. ALL I wanted to express with my mail was, that Joseph's search for a solution was leading to a somewhat suboptimal setup. He already had everything in place and encountered some problems, so I advised him to search for the reasons of that problem and solve them instaed of replacing components on a trial and error basis. And despite the possible second meaning of my original posting, I really wasn't trying to offend somebody. AND, btw, please keep in mind that english is not my mother's tongue. Regards from Germany, Philipp in his setup
RE: [squid-users] SquidGuard Replacement
I switched to ufdbguard and have been real pleased with it's performance and support. -Original Message- From: Joseph L. Casale [mailto:jcas...@activenetwerx.com] Sent: Tuesday, January 06, 2009 2:58 PM To: 'Philipp Rusch - New Vision-IT' Cc: squid-users@squid-cache.org Subject: RE: [squid-users] SquidGuard Replacement I'm using Squid3STABLE9 and SquidGuard 1.3 on three openSUSE10.3 boxes and tested the URL you gave us above without hanving any problems to access the TechNet site. So this must be something with your specific setup. What's the version of SG are you using ? Maybe you can post your problem to http://www.squidguard.org/mailinglist.html Philipp, I am using Squid3STABLE9 and SquidGuard 1.3-1.el5.rf on a couple of CentOS 5 boxes? My SquidGuard has only a local net defined with an acl blocking many shalla lists. My squid.conf is as follows: acl manager proto cache_object acl localhost src 127.0.0.1/32 acl to_localhost dst 127.0.0.0/8 acl localnet src 192.168.0.0/16 # RFC1918 possible internal network acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow localnet http_access allow localhost http_access deny all icp_access allow localnet icp_access deny all htcp_access allow localnet htcp_access deny all http_port 3128 hierarchy_stoplist cgi-bin ? access_log /var/log/squid/access.log squid url_rewrite_program /usr/bin/squidGuard refresh_pattern ^ftp: 144020% 10080 refresh_pattern ^gopher:14400% 1440 refresh_pattern (cgi-bin|\?)0 0% 0 refresh_pattern . 0 20% 4320 icp_port 3130 coredump_dir /var/spool/squid Both of my servers are independent with identical configs and exhibit the same behavior, how does your config compare? Thanks! jlc
RE: [squid-users] URL Filtering for Squid
ufdbGuard is the best. You can get it from www.urlfilterdb.com I like it because it's fast, updated frequently, easy to use and customize. And the guy running it is extremely helpful. No I am not related. I've used others in the past and when I finally upon this one, I felt such a relief. The guy really is fantastic at helping you achieve what you'd like (if possible) with his product. -Original Message- From: a bv [mailto:[EMAIL PROTECTED] Sent: Monday, November 10, 2008 3:12 AM To: squid-users@squid-cache.org Subject: [squid-users] URL Filtering for Squid Hi, What is /are the popular /commanly used open source (and maybe also the other free ones) URL/content filtering solution/software. And who are maintaining url databases? Regards
RE: [squid-users] Block Windows Live Messenger with Squid
Messenger will also use port 80. You'll need to do l7-filter for that. Or using squid, setup acls for the messenger mimetype which will catch it if it's coming through port 80, and then also block port 1863. I believe that's been covered before in this group so you may want to search the archives. Sorry, but I don't have the exact details in front of me. Thomas J. Raef -Original Message- From: Cassiano Martin [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 21, 2008 11:05 AM To: adnann5 Cc: squid-users@squid-cache.org Subject: Re: [squid-users] Block Windows Live Messenger with Squid Messenger uses port 1863 tcp for communication, and some HTTPS SOAP requests to M$ servers. You need to block this port using iptables. iptables -A FORWARD -p tcp --dport 1863 -j DROP iptables -A FORWARD -p tcp --sport 1863 -j DROP adnann5 wrote: Hi Guys, I've a running a transparently working copy of squid 2.6 stable 19 on a Linux FC9 box. I wanted to block msn/windows live messenger through it, i've add following code in my squid.conf acl msnmime req_mime_type ^application/x-msn-messenger acl msngw url_regex -i gateway.dll http_access deny msnmime http_access deny msngw but messenger is still signing in... Does any body have another solution? Regards No virus found in this incoming message. Checked by AVG. Version: 7.5.524 / Virus Database: 269.23.21/1458 - Release Date: 5/21/2008 7:21 AM No virus found in this outgoing message. Checked by AVG. Version: 7.5.524 / Virus Database: 269.23.21/1458 - Release Date: 5/21/2008 7:21 AM
RE: [squid-users] How to Log Client IP's
Hello all, I am having a problem with the client IP's being logged in the access.log file. I am using Squid with Dansguardian, and we would like to have Squid log the IP's of each computer going through squid, but at the moment, all traffic appears to go through 127.0.0.1 in the log. How do I fix this, or what are some possible symptoms to this? [Tom Replied With:] I believe if you look through the archives in the Dansguardian list, you'll see a number of solutions. As I recall, a number of people have asked the same question. Thomas J. Raef e-Based Security, LLC http://www.ebasedsecurity.com [EMAIL PROTECTED] 1-866-251-5803 No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.5.516 / Virus Database: 269.21.4/1310 - Release Date: 3/4/2008 8:35 AM
RE: [squid-users] HTTPS proxy
Drop squidguard and use ufdbguard. It's the best. Thomas J. Raef -Original Message- From: Sam Przyswa [mailto:[EMAIL PROTECTED] Sent: Sunday, February 17, 2008 11:11 AM To: Squid Users List Subject: [squid-users] HTTPS proxy Hi, We use Squid and SquidGuard to control webmails access, that work fine, but for those who use HTTPS protocole Squid/SquidGuard doesn't operate. Is it a way to control HTTPS as well HTTP trafic ? Thanks in advance for your reply. Sam. -- Ce message a été vérifié par MailScanner pour des virus ou des polluriels et rien de suspect n'a été trouvé. No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.5.516 / Virus Database: 269.20.7/1284 - Release Date: 2/17/2008 2:39 PM No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.5.516 / Virus Database: 269.20.7/1284 - Release Date: 2/17/2008 2:39 PM
RE: [squid-users] urlpath_regex questions
This was for this URL: hjjp://www.purevideo.com/video- %22%3E'%3E%3CSc#x9RiPt%3Ealert(123)%3C/sCrIpT%3E%22' You see it's cutting off the urlpath right after the ''. Does anyone have any ideas as to what I'm doing wrong? Or what I can do to get the entire URL so I can match against my regex? # is not a part of URL, browser doesn't send the rest to Squid. Nothing you can do about it. http://en.wikipedia.org/wiki/Fragment_identifier [Tom Replied With:] Thank you. That saves me a lot of time. No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.5.516 / Virus Database: 269.19.15/1249 - Release Date: 1/29/2008 9:51 AM
[squid-users] urlpath_regex questions
I'm trying to filter some special characters in URLs.
Basically my acl is:
acl badurl url_regex -i \\#x
http_access allow internal_net !badurl
However, when I hit an URL with img src=jav#x9;ascript:alert('test');
in the access.log it cuts the string off after jav so the regex never =
matches.
Here’s a log entry:
1201648890.642 4063 111.111.111.111 TCP_MISS/200 2774 GET
http://www.purevideo.com/video-%22%3E'%3E%3CScR - DIRECT/64.93.76.15 text/html
This was for this URL:
hjjp://www.purevideo.com/video-%22%3E'%3E%3CSc#x9RiPt%3Ealert(123)%3C/sCrIpT%3E%22'
You see it's cutting off the urlpath right after the ''.
Does anyone have any ideas as to what I'm doing wrong? Or what I can do to get
the entire URL so I can match against my regex?
Thank you in advance.
Thomas J. Raef
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.5.516 / Virus Database: 269.19.15/1249 - Release Date: 1/29/2008
9:51 AM
RE: [squid-users] time
HTTP doesn't maintain a connection. You send a request, it serves that request then does nothing until another request is sent. You can't accurately measure the time someone spends reading a webpage. They could go to a website that has War Peace on it, spend all week reading it and your logs would only show the initial page download (request) when in fact that person spent 24 hours a day, 5 days a week reading. Thomas J. Raef e-Based Security, LLC www.ebasedsecurity.com 1-866-838-6108 You're either hardened, or you're hacked! -Original Message- From: Polenyik Tibor [mailto:[EMAIL PROTECTED] Sent: Thursday, November 08, 2007 5:07 AM To: squid-users@squid-cache.org Subject: [squid-users] time Hi, I'd like to measure the time how many time a machine (ip address) use the internet, web browsing. Is it possible ? Thanks
RE: [squid-users] Full domain block
You'll have to modify each domain entry for squid dstdomain. The line containing youtube.com has to be .youtube.com in order for squid to block the entire domain. Thomas J. Raef e-Based Security, LLC www.ebasedsecurity.com 1-866-838-6108 You're either hardened, or you're hacked! -Original Message- From: Paul Cocker [mailto:[EMAIL PROTECTED] Sent: Monday, November 05, 2007 12:36 PM To: squid-users@squid-cache.org Subject: [squid-users] Full domain block Alas, it was all so perfectly planned. Grab some blacklists from Shalla - http://www.shallalist.de/ - and hook the domain lists into squid using dstdomain. Unfortunately, it seems squid's interpretation of domain names is incredibly literal, so rather than youtube.com blocking *.youtube.com, we in fact find that while youtube.com is blocked, www.youtube.com is just hunky dory because nsquid literally is blocking nothing but youtube.com. Since I'm running squidNT I am in a position where getting squidguard to run is a bit of a pain since I'll nened to get cygwin up and running and then it all feels like a bit of a hack. Is squidguard my only route here, or is there a way to tell squid to be rather more expansive in its domain name interpretation? Ideally this is something I need to get in place quickly. Paul IT Systems Admin TNT Post is the trading name for TNT Post UK Ltd (company number: 04417047), TNT Post (Doordrop Media) Ltd (00613278), TNT Post Scotland Ltd (05695897),TNT Post North Ltd (05701709) and TNT Post South West Ltd (05983401). Emma's Diary and Lifecycle are trading names for Lifecycle Marketing (Mother and Baby) Ltd (02556692). All companies are registered in England and Wales; registered address: 1 Globeside Business Park, Fieldhouse Lane, Marlow, Buckinghamshire, SL7 1HY.
RE: [squid-users] Domain URL blacklists
Squid can handle these by itself. With a regular squid -k reconfigure after updating the files. For the list of pure hostnames a dstdomain acl is the best. For the list of URI snippets a urlpath_regex acl probably with -i is needed. If the domain/ip file is an pruned version of the domains with URI entries, then the URI may not be useful as its all caught by the domain. If they are different then yes both have a use. Amos [Tom replied with:] Amos, would you then recommend that the domain acl be listed before the url acl? That would block by domain if a url included an entry in the domain list - if that's the desired result, thus avoiding the expensive (resource wise) urlpath_regex lookup. I guess it would all depend on the desired results but something that should be considered when implementing acls. Thomas J. Raef e-Based Security, LLC www.ebasedsecurity.com 1-866-838-6108 You're either hardened, or you're hacked!
RE: [squid-users] transparent Proxy
You need to apply your acls with some deny statements. http_reply_access deny blockfiles for your mp3's, etc. To block websites I use dstdomain instead of url_regex. So my squid.conf contains: acl blocksites dstdomain /etc/squid/squid-block.acl http_access deny blocksites One other suggestion would be to block by filetype and not just file extension. Thomas J. Raef e-Based Security, LLC www.ebasedsecurity.com 1-866-838-6108 You're either hardened, or you're hacked! -Original Message- From: Tarak Ranjan [mailto:[EMAIL PROTECTED] Sent: Thursday, November 01, 2007 2:47 AM To: squid-users@squid-cache.org Subject: [squid-users] transparent Proxy Hi List, I'm new to this list. i have a question about transparent proxy. if i apply an ACL for downloading mp3 and mpeg. but it's not working, user's are able to download mp3 or mpeg... here is my config..squid.conf file. port 8080 acl blocksites url_regex /etc/squid/squid-block.acl quid-block.acl .meebo.coms .sex.com acl blockfiles urlpath_regex /etc/squid/multimedia.files.acl multimedia.files.acl \.[Aa][Vv][Ii]$ \.[Mm][Pp][Gg]$ \.[Mm][Pp][Ee][Gg]$ \.[Mm][Pp]3$ please guide me if there is anything wrong -- Thanks Regards, __ Tarak Ranjan IS-Team Liqwid Krystal E: [EMAIL PROTECTED] IM: [EMAIL PROTECTED] Online Learning|Certification|Learning Solutions--- Visit: www.liqwidkrystal.com
RE: [squid-users] Squid to Log DNS Querys
Hello, I wonder is there a way to log all DNS requests that go out of our network with Squid. Since I noticed that we had a Trojan Horse on our Company Network. And well it didnt send it self the data out. It did send DNS Querys to there DNS Server.. And a Firewall doesnt detect that. Is there a way to Log the DNS Querys with Squid so I can Monitor that myself? [Tom replied with:] Squid doesn't ever see DNS queries from your network. Answer is no. Thomas J. Raef e-Based Security, LLC www.ebasedsecurity.com 1-866-838-6108 You're either hardened, or you're hacked!
RE: [squid-users] transparent Proxy
Thomas Raef wrote: You need to apply your acls with some deny statements. http_reply_access deny blockfiles for your mp3's, etc. To block websites I use dstdomain instead of url_regex. So my squid.conf contains: acl blocksites dstdomain /etc/squid/squid-block.acl http_access deny blocksites One other suggestion would be to block by filetype and not just file extension. Hi List, I'm new to this list. i have a question about transparent proxy. if i apply an ACL for downloading mp3 and mpeg. but it's not working, user's are able to download mp3 or mpeg... here is my config..squid.conf file. port 8080 acl blocksites url_regex /etc/squid/squid-block.acl That should be: acl blocksites dstdomain /etc/squid/squid-block.acl quid-block.acl .meebo.coms .sex.com acl blockfiles urlpath_regex /etc/squid/multimedia.files.acl multimedia.files.acl \.[Aa][Vv][Ii]$ \.[Mm][Pp][Gg]$ \.[Mm][Pp][Ee][Gg]$ \.[Mm][Pp]3$ you can also simplify your regex a LOT, by adding -i to the acl and making it case insensitive. acl blockfiles urlpath_regex -i ... http_access is the best to use with this, it catches things on the way out before using up any bandwidth. http_access deny blocksites http_access deny blockfiles as Thomas Raef said earlier there is also the rep_mime_type acl for catching anything incoming that uses other file extensions (scripts etc) Amos [Tom replied with:] Ah yes. I recommended http_reply_access and as Amos stated correctly it should be http_access. For the rep_mime_type acl you could use: acl blockfile_type rep_mime_type audio/mpeg ... http_reply_access deny blockfile_type Thomas J. Raef e-Based Security, LLC www.ebasedsecurity.com 1-866-838-6108 You're either hardened, or you're hacked!
RE: [squid-users] transparent Proxy
Thomas Raef wrote: You need to apply your acls with some deny statements. http_reply_access deny blockfiles for your mp3's, etc. To block websites I use dstdomain instead of url_regex. So my squid.conf contains: acl blocksites dstdomain /etc/squid/squid-block.acl http_access deny blocksites ok. it's seems to me that it's working. i have another issue for this . while manually in my browser if i select proxy then the acl's are working fine . when i select Auto detect that time it's not working, in the sense acl's are hot hitting. although i've disable allow_direct [Tom replied with:] More information about your configuration is needed. Are you using a transparent proxy? If not, then your users could easily add their own proxy settings and bypass squid. If you are using squid in transparent mode, then your firewall rules redirecting port 80 traffic to squid are needed. I know the topic of blocking access to anonymous proxies has been discussed numerous times here, but nobody seems to have a solution. Thomas J. Raef e-Based Security, LLC www.ebasedsecurity.com 1-866-838-6108 You're either hardened, or you're hacked!
RE: [squid-users] Domain URL blacklists
My bad, in fact from further analysis it seems that the domain files are the mysite.com listings and URLs are things like mysite.com/something/?somethingelse.htm. Does the later have any relevance or use within Squid? Paul Cocker IT Systems Administrator [Tom replied with:] I don't know about others, but for blocking we generally take the, guilt by association strategy. If a site has one web page that needs to be blocked (URLs) we block the entire domain. Some might say that's overkill, but that's the strategy we take. That' my 2 cents worth. Thomas J. Raef e-Based Security, LLC www.ebasedsecurity.com 1-866-838-6108 You're either hardened, or you're hacked!
RE: [squid-users] Re: block spyware with squid
Sure it's easy when you block by rep_mime_type application/octet-stream Then you're not blocking by a file extension. I would never think of blocking by file extension. Too many ways around it. We've seen programs that will take an executable and convert to either an html file or a php. The aforementioned method blocks these and many other executable methods. Try it, you'll like it. Thomas J. Raef e-Based Security, LLC www.ebasedsecurity.com 1-866-838-6108 You're either hardened, or you're hacked! -Original Message- From: Leonardo Rodrigues Magalhães [mailto:[EMAIL PROTECTED] Sent: Thursday, October 25, 2007 1:12 PM To: Thomas Raef; Squid Users Subject: Re: [squid-users] Re: block spyware with squid Once i tried that and had LOTS of false-positives with Windows CGI based applications, just like: http://www.something.com/myscript.exe?value=blabla myscript.exe is not a downloadable file, it's a script that will be executed and return HTML code to the browser. And there's all those URLs that will reply with a executable download but has no .exe on the URL ... It's a simple idea, but not as easy to implement as it seems. Thomas Raef escreveu: Why not block all executables except from a list of whitelisted sites? Allow windowsupdates.com, Microsoft.com, adobe.com,... That negates the need for signature based detection. -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email [EMAIL PROTECTED] My SPAMTRAP, do not email it
RE: [squid-users] Re: block spyware with squid
Why not block all executables except from a list of whitelisted sites? Allow windowsupdates.com, Microsoft.com, adobe.com,... That negates the need for signature based detection. Thomas J. Raef e-Based Security, LLC www.ebasedsecurity.com 1-866-838-6108 You're either hardened, or you're hacked! -Original Message- From: Indunil Jayasooriya [mailto:[EMAIL PROTECTED] Sent: Wednesday, October 24, 2007 1:34 AM To: squid-users Subject: [squid-users] Re: block spyware with squid Hi, I want to block spyware while users browse internet. Are there any ACLs to block this ? Have you done this before? -- Thank you Indunil Jayasooriya
RE: [squid-users] Blocking proxies
How will going through squid prevent the users from connecting to an outside proxy in order to avoid being blocked? Please clarify. Thank you for responding. -Original Message- From: Amos Jeffries [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 07, 2007 8:18 PM To: Thomas Raef Cc: squid-users@squid-cache.org Subject: RE: [squid-users] Blocking proxies -Original Message- From: Peter Albrecht [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 07, 2007 10:04 AM To: squid-users@squid-cache.org Subject: Re: [squid-users] Blocking proxies Hi Thomas, On Tuesday 07 August 2007 15:41, Thomas Raef wrote: How can we block open proxy use? Either transparent or non-transparent. We looked at using l7-filter but there must be an acl or some config option to block users from accessing outside proxy servers. We have a school in need of this. What do you want to block? 1) Users from the school accessing another proxy somewhere? Then you need to block all http/https requests on your router. I.e., every connection that does not come from your proxy needs to be blocked. [Tom replied with:] I am detecting all http/https connections with l7-filter and forcing the use of the squid box. Will that block access to all anonymous proxies? Do I need to use: header_access X-Forwarded-For deny all Proxies that provide/send X-Forwarded-For are by definition NOT anonymous. There is no way you can detect proper anon proxies without a specific test. To properly block access to them all you will need a full list. Which is impossible to create and very hard to maintain. Or some other such acl? It sounds more like you want to use an ACL that prevents abuse of the CONNECT method. Used to make your proxy connect to some other service as a tunnel. It's useful for https, but often abused. You say you are already redirecting outbound port 80, 81, and 8080 requests to your own squid? That should cover anyone trying to bypass you. Amos
[squid-users] Blocking proxies
How can we block open proxy use? Either transparent or non-transparent. We looked at using l7-filter but there must be an acl or some config option to block users from accessing outside proxy servers. We have a school in need of this. Yes? No? Thank you in advance. Thomas J. Raef e-Based Security, LLC www.ebasedsecurity.com 1-866-838-6108 You're either hardened, or you're hacked!
RE: [squid-users] Blocking proxies
-Original Message- From: Peter Albrecht [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 07, 2007 10:04 AM To: squid-users@squid-cache.org Subject: Re: [squid-users] Blocking proxies Hi Thomas, On Tuesday 07 August 2007 15:41, Thomas Raef wrote: How can we block open proxy use? Either transparent or non-transparent. We looked at using l7-filter but there must be an acl or some config option to block users from accessing outside proxy servers. We have a school in need of this. What do you want to block? 1) Users from the school accessing another proxy somewhere? Then you need to block all http/https requests on your router. I.e., every connection that does not come from your proxy needs to be blocked. [Tom replied with:] I am detecting all http/https connections with l7-filter and forcing the use of the squid box. Will that block access to all anonymous proxies? Do I need to use: header_access X-Forwarded-For deny all Or some other such acl? Thank you for your reply. 2) Other users from the outside using your proxy? Define an ACL to allow access only from your internal network. Or have Squid listen on the internal network interface only. Hope this helps, Peter -- Peter Albrecht, Novell Training Services
RE: [squid-users] squidguard website?
Um, Google says it's: http://www.squidguard.org Thomas J. Raef e-Based Security, LLC www.ebasedsecurity.com 1-866-838-6108 You're either hardened, or you're hacked! -Original Message- From: SSCR Internet Admin [mailto:[EMAIL PROTECTED] Sent: Thursday, July 26, 2007 9:40 PM To: squid-users@squid-cache.org Subject: [squid-users] squidguard website? Is there a new maintainer for squidguard? IF yes, what is the URL for it? TIA Nats -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
RE: [squid-users] unable to open mail.yahoo.com properly
Can you post your squid.conf file? I had this same issue and I solved it with: acl Special dstdomain .yahoo.com ... always_direct allow Special -Original Message- From: Amos Jeffries [mailto:[EMAIL PROTECTED] Sent: Friday, June 29, 2007 4:00 AM To: ajit kumar Cc: Squid Subject: Re: [squid-users] unable to open mail.yahoo.com properly ajit kumar wrote: Hi, I am using squid with Stable13 as a transparent proxy. All is working fine. There is a problem with mail.yahoo.com However mail.yahoo.com will let me login. It will display the contents of the mail box. When i click on the mail to see the content it only shows the header and footer of the mail. Does not display the content. however when I copy the blank area and paste it in notepad it i can see the message. Hmm, that sounds familiar You would be using InternetExplorer no? I have seen this 'invisible' text happening when a website is coded as valid XHTML 1.0 and viewed in IE5.5/6. I would guess that yahoo are using XHTML with DIV tags (the XML equivalent of the deprecated P tags) to display their page properly according to the RFC standards. Also , it does not let me to see attachment. Some of the button on pages does not work. Like. forward etc. ... similar to how IE handled XHTML BUTTON objects, but not definitive The layout of the page is not displayed properly. ... again just like how IE shows HTML4 / XHTML pages. Have you noticed: Objects overlapping they shouldn't? Have coloured borders where they shouldn't? Objects wrapping when they shouldn't? Failing to wrap when they should? Fonts seem overly large for the space the text is meant to occupy? Gradient rainbows of color appearing as a few solid blocks? Background images forming tiles when you expect a strech would do? Scrollbars on display where you would not expect them? Objects missing from pages? ... only to reappear at random during scrolling? ... or after changing to another program window for a second? Page re-arrange itself while you scroll? Your computer crashing when you load a web page? Try another web browser ... Amos
RE: [squid-users] IM blocking in squid?
Wouldn't that mean that all IM traffic has to be redirected through Squid? Or would this be to block IM that tries to go through port 80? I think a wiki about how squid could block IM under certain circumstances would be useful. I'd offer my time toward this. -Original Message- From: Adrian Chadd [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 26, 2007 3:03 AM To: squid-users@squid-cache.org Subject: [squid-users] IM blocking in squid? G'day again everyone, People keep asking about how to block IM in Squid; would anyone like to kick up some ACLs that they use to block IM? I'll wrap it up and place it into a Wiki article. (If you'd like to write a Wiki article or keep it updated then please let me know.) Thanks, Adrian
RE: [squid-users] IM blocking in squid?
Sorry for top posting. Consider me slapped silly... -Original Message- From: Thomas Raef [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 26, 2007 7:47 AM To: Adrian Chadd; squid-users@squid-cache.org Subject: RE: [squid-users] IM blocking in squid? Wouldn't that mean that all IM traffic has to be redirected through Squid? Or would this be to block IM that tries to go through port 80? I think a wiki about how squid could block IM under certain circumstances would be useful. I'd offer my time toward this. -Original Message- From: Adrian Chadd [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 26, 2007 3:03 AM To: squid-users@squid-cache.org Subject: [squid-users] IM blocking in squid? G'day again everyone, People keep asking about how to block IM in Squid; would anyone like to kick up some ACLs that they use to block IM? I'll wrap it up and place it into a Wiki article. (If you'd like to write a Wiki article or keep it updated then please let me know.) Thanks, Adrian
RE: [squid-users] IM blocking in squid?
I personally use iptables with the l7-filter module to catch and block IM traffic. It works great. -Original Message- From: Matus UHLAR - fantomas [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 26, 2007 8:12 AM To: squid-users@squid-cache.org Subject: Re: [squid-users] IM blocking in squid? On 26.06.07 07:47, Thomas Raef wrote: Wouldn't that mean that all IM traffic has to be redirected through Squid? if you want to block IM traffic in squid, then all IM traffic must be (re)directed to squid. Or would this be to block IM that tries to go through port 80? I think a wiki about how squid could block IM under certain circumstances would be useful. There were many siuch questions on this list. Note that IM communication is usually not done via HTTP, and even if, there has be list of hosts/ports/URLs to block. Try searchin this list archives. -- Matus UHLAR - fantomas, [EMAIL PROTECTED] ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. To Boot or not to Boot, that's the question. [WD1270 Caviar]
RE: [squid-users] IM blocking in squid?
2.6.16.14 works like a charm. Thomas J. Raef e-Based Security, LLC www.ebasedsecurity.com 1-866-838-6108 You're either hardened, or you're hacked! -Original Message- From: Eray Aslan [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 26, 2007 9:30 AM To: squid-users@squid-cache.org Subject: Re: [squid-users] IM blocking in squid? On 26.06.2007 16:47, Thomas Raef wrote: I personally use iptables with the l7-filter module to catch and block IM traffic. It works great. Which kernel are you using? Last I checked l7-filter did not work with recent kernels. Upstream was moving towards userland (no more kernel patching). If you are using the userland version, any problems? -- Eray
RE: [squid-users] Clean the cache
First of all, you must stop Squid of course. You can use the command: % squid -k shutdown The fastest way to restart with an entirely clean cache is to over write the swap.state files for each cache_dir in your config file. Note, you can not just remove the swap.state file, or truncate it to zero size. Instead, you should put just one byte of garbage there. For example: % echo /cache1/swap.state Repeat that for every cache_dir, then restart Squid. Be sure to leave the swap.state file with the same owner and permissions that it had before! Another way, which takes longer, is to have squid recreate all the cache_dir directories. But first you must move the existing directories out of the way. For example, you can try this: % cd /cache1 % mkdir JUNK % mv ?? swap.state* JUNK % rm -rf JUNK Repeat this for your other cache_dir's, then tell Squid to create new directories: % squid -z -Original Message- From: Alejandro [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 12, 2006 1:03 PM To: squid-users@squid-cache.org Subject: [squid-users] Clean the cache Dear all, I have Squid 2.6 over Linux and I want to clean the cache in a good manner...what is the best way to do it ??? Thanks !!! alejandro.-
RE: [squid-users] AOL webmail squid
No it does not work even when going direct in non-proxy mode. I get the same thing - no messages. Do you have any other ideas??? I'm stumped. -Original Message- From: Mark Elsen [mailto:[EMAIL PROTECTED] Sent: Thursday, October 26, 2006 8:18 AM To: Thomas Raef Cc: squid-users@squid-cache.org Subject: Re: [squid-users] AOL webmail squid I have a user who insists on accessing his AOL email through webmail. Whenever he logs into his AOL account and checks email, nothing shows below the usual AOL banner stuff. I've added: acl Special dstdomain .aol.com http_access allow Special internal_net ... always_direct allow Special always_direct is related to whether or not cache peers will be used for a certain site. Not for browsers to go direct to a site. ... But it still doesn't show his email. I've flushed the cache as well. This is setup in a transparent proxy mode. Does it work, when the browser is configured to use the proxy explicitly (proxy config settings) ? M. .
[squid-users] AOL webmail squid
I have a user who insists on accessing his AOL email through webmail. Whenever he logs into his AOL account and checks email, nothing shows below the usual AOL banner stuff. I've added: acl Special dstdomain .aol.com http_access allow Special internal_net ... always_direct allow Special ... But it still doesn't show his email. I've flushed the cache as well. This is setup in a transparent proxy mode. Has anyone faced this issue? If so, how did you correct it? Thank you in advance. Thomas J. Raef e-Based Security, Inc. www.ebasedsecurity.com You're either hardened, or you're hacked!
RE: [squid-users] AOL webmail squid
No. It does not work in non-transparent mode either. I double checked after reading your reply. Thank you. -Original Message- From: Mark Elsen [mailto:[EMAIL PROTECTED] Sent: Thursday, October 26, 2006 8:18 AM To: Thomas Raef Cc: squid-users@squid-cache.org Subject: Re: [squid-users] AOL webmail squid I have a user who insists on accessing his AOL email through webmail. Whenever he logs into his AOL account and checks email, nothing shows below the usual AOL banner stuff. I've added: acl Special dstdomain .aol.com http_access allow Special internal_net ... always_direct allow Special always_direct is related to whether or not cache peers will be used for a certain site. Not for browsers to go direct to a site. ... But it still doesn't show his email. I've flushed the cache as well. This is setup in a transparent proxy mode. Does it work, when the browser is configured to use the proxy explicitly (proxy config settings) ? M.
