Re: [squid-users] cachemgr.cgi problem
Hello Shaun, The problem might because the location of cgi script that you have accessed. You have to follow the steps to access the cachemgr.cgi on the web. 1. copy the /libexec/cachemgr.cgi to a web accessible location (/var/www/cgi-bin/). 2. Start the apache. 3. Access link http:///cgi-bin/cachemgr.cgi Thanks, Visolve Squid Team www.visolve.com/squid/ shaun p martin wrote: Hello, I'm not having any luck using the cachemgr.cgi script. When I run it against squid, it records a tcp miss, and forwards the request to the default parent, which returns jumbled html... instead of the usual cachemgr page. Is there an acl which will tell squid how to handle this? output in acces.log: 1202333684.384179 10.1.17.54 TCP_MISS/200 25976 GET cache_object://sq01/ - DEFAULT_PARENT/xxx.xxx.xxx.xxx text/html thanks shaun
Re: [squid-users] Squid doesn’t start
Hello Balram, Check with your system name by using this command in cygwin "hostname" . Then based on the output , set the "visible_hostname" in squid configuration. Example: $ hostname admin $ visible_hostname admin Thanks, Visolve Squid Team www.visolve.com/squid/ Balram wrote: Any one could help me to run Squid in my Windows XP Prof. I am trying to start Squid with the help of Cygwin on Window XP Professional, but Squid doesn't start. Message is to set 'visible hostname'. When I put any name in 'visible_hostname'in squid.conf file, there is message-"this is not qualified qualified domain name". What I have to do to start squid ? As I study squid-mailing list and other sites, I know only that many people are running squid in window XP Prof. . Thanks.
Re: [squid-users] cache_peer_access and multiple squid ports
Hello Smith, Try with the following configuration: http_port 3128 acl portA myport 3128 http_port 8090 acl portB myport 8090 cache_peer parentA.mydomain.local parent 3128 0 no-query no-digest login=PASS cache_peer_access parentA.mydomain.local deny !portA cache_peer parentB.mydomain.local parent 8090 0 no-query no-digest login=PASS cache_peer_access parentB.mydomain.local deny !portB Thanks, Visolve Squid Team www.visolve.com/squid/ Matthew Smith wrote: Hello! I have a squid box that I want to have listen on two ports for requests. I also have two parent proxies. I'd like to send requests from port A to parent A, while requests from port B should go to parent B. My config is as follows: http_port 3128 acl portA myport 3128 http_port 8090 acl portB myport 8090 cache_peer parentA.mydomain.local parent 3128 0 no-query no-digest login=PASS cache_peer_access parentA.mydomain.local allow portA cache_peer parentB.mydomain.local parent 8080 0 no-query no-digest login=PASS cache_peer_access parentB.mydomain.local allow portB access_log /var/log/squid/a_access.log squid portA access_log /var/log/squid/b_access.log squid portB Now, while the access logs print out the data as appropriate for each port, the requests on port B always seem to end up going DIRECT, while the first up requests are going to FIRST_UP_PARENT. I have tried "never_direct allow portB" to force portB requests to never be direct, but that does not work either... I figure I am missing something. Any help would be great. Thanks, Matt Smith
[squid-users] Re: re[squid-users] verse proxy headache
Hello, Squid latest version is squid-2.6STABLE18. You can configure the reverse proxy easily with squid-2.6. Reverse proxy configuration in squid-2.5 : http_port 80 # Port of Squid proxy httpd_accel_host 172.16.1.115 # IP address of web server httpd_accel_port 80 # Port of web server httpd_accel_single_host on # Forward uncached requests to single host httpd_accel_with_proxy on httpd_accel_uses_host_header off For more details visit at http://www.visolve.com/squid/whitepapers/reverseproxy.php#What_is_Reverse_Proxy_Cache Reverse proxy configuration in squid-2.6 : http_port 80 vhost cache_peer parent 0 no-query originserver Example: http_port 80 vhost cache_peer proxy.nour.net.sa parent 8080 0 no-query originserver For more Details: http://www.visolve.com/squid/squid26/contents.php Thanks, -Visolve Squid Team www.visolve.com/squid/ dirtybugg wrote: Hi please help me i am new to squid, i have squid 2.5 my squid.conf is below please help i am not able to brows our internet #Default: # http_port 3128 http_port 8080 #Default: # none #cache_peer proxy.saudi.net.sa parent 8080 3130 default no-query #cache_peer 62.149.115.12 parent 8080 3130 default no-query cache_peer proxy.nour.net.sa parent 8080 3130 default no-query #Default: # cache_dir ufs /var/spool/squid 100 16 256 cache_dir ufs /cache1 8000 16 256 cache_dir ufs /cache2 8000 16 256 #Default: # cache_access_log /var/log/squid/access.log cache_access_log /var/log/squid/access.log #Default: # pid_filename /var/run/squid.pid pid_filename /var/run/squid.pid auth_param basic children 5 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hours auth_param basic casesensitive off #Recommended minimum configuration: acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 563 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 563 # https, snews acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT acl snmpsaudiedi snmp_community rtgg0v1 #Recommended minimum configuration: # # Only allow cachemgr access from localhost http_access allow manager localhost http_access deny manager # Deny requests to unknown ports http_access deny !Safe_ports # Deny CONNECT to other than SSL ports http_access deny CONNECT !SSL_ports # # We strongly recommend the following be uncommented to protect innocent # web applications running on the proxy server who think the only # one who can access services on "localhost" is a local user #http_access deny to_localhost # # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS # Example rule allowing access from your local networks. Adapt # to list your (internal) IP networks from where browsing should # be allowed #acl our_networks src 192.168.1.0/24 192.168.2.0/24 #http_access allow our_networks acl user_networks src 192.168.19.0/24 acl svr_networks src 192.168.17.0/24 acl dmz_networks src 62.149.115.128/25 http_access allow user_networks http_access allow svr_networks http_access allow dmz_networks icp_access allow user_networks icp_access allow svr_networks icp_access allow dmz_networks # And finally deny all other access to this proxy http_access allow localhost http_access deny all #Default: # http_reply_access allow all # #Recommended minimum configuration: # # Insert your own rules here. # # # and finally allow by default http_reply_access allow all # TAG: icp_access # Allowing or Denying access to the ICP port based on defined # access lists # # icp_access allow|deny [!]aclname ... # # See http_access for details # #Default: # icp_access deny all # #Allow ICP queries from everyone icp_access allow all #Default: # none visible_hostname proxy1 #Example: # snmp_access allow snmppublic localhost # snmp_access deny all # #Default: # snmp_access deny all snmp_access allow snmpsaudiedi user_networks snmp_access deny all
Re: [squid-users] Why squid doesn't log anything when applying transparent proxy?
Check whether your browser goes through squid or not? You can find this by using the url: http://cbe.visolve.com/ If your browser goes through squid then the above url shows that the "proxy detected" column. Eventhough your access log is not shown anything then let us know your squid.conf file so that we will check the issue and help you out. If it is not going through squid then let us know your iptables rules. Thanks Visolve Squid Support Team On 7/5/2014 2:59 PM, Mark jensen wrote: I have deploy Transparent proxy using this tutorials: on L3 switch: http://wiki.squid-cache.org/ConfigExamples/Intercept/Cisco2501PolicyRoute on centos 6.5 box ( squid ): http://wiki.squid-cache.org/ConfigExamples/Intercept/LinuxRedirect when I request the web page from one client, It returns to me, so I thought that transparent proxy works fine. but the problem is that I can't find any records in the "access.log" file, so it seems that the client get the page from the server directly. 1- Is the problem that squid doesn't log when it is in a transparent mode? 2- Or is the client get the page directly from the server( if so, how can I add a rule to the Iptables or an access list to forbid the client from getting the page directly from the server) ? Mark
Re: [squid-users] what AV products have ICAP support?
Hi Jason Haar, Trend micro (Stop inbound threats & Secure outbound data) is one of the best Inter Scan Web Security Virtual Appliance. And also have listed other AV vendor: Samba-vscan-ICAP & isilonicap AV scan (EC2) , etc.. Regards, Visolve Squid On 8/18/2014 3:00 PM, Jason Haar wrote: Hi there I've been testing out squidclamav as an ICAP service and it works well. I was wondering what other AV vendors have (linux) ICAP-capable offerings that could similarly be hooked into Squid? Thanks
Re: [squid-users] refresh_pattern options don't work
Hello Aurelien, We thought your parameter specification is incorrect. you can try with Hyphen(override-expire) instead of using underscore (override_expire) refresh_pattern . 0 20% 4320 override-expire refresh_pattern . 0 20% 4320 reload-into-ims Thanks, Visolve Squid Team On Mon, 2006-04-24 at 11:19 +0200, Aurélien Bras wrote: > Hello, > > When i add this in my squid.conf : > > refresh_pattern . 0 20% 4320 override_expire > > I have this error message : > > redreshAddToList: Unknown option '.': override_expire > > With this line : > > refresh_pattern . 0 20% 4320 reload_into_ims > > Same think, I have this error : > > redreshAddToList: Unknown option '.': reload_into_ims > > I use Squid Version 2.5.STABLE7, i have the same problem with 2.5.STABLE12. > > Should I activate some stuff to activate these options ? > > Thanks for your answers. > > Aurélien. >
Re: [squid-users] Squid for NT
Hello Shawn, Go through these pages for more on installation details http://www.acmeconsulting.it/pagine/opensource/squid/squidnt25.htm http://www.acmeconsulting.it/pagine/opensource/squid/squidnt30.htm Thanks, Visolve Squid Team On Tue, 2006-05-02 at 14:08 +0800, Shawn Owens wrote: > I don't see an executable for the Squid for Windows NT; more like the > Linux bin. > > Anyone have working knowledge on how to install this on a Windows 2003 > platform? > > Thanks. > > > -- > The information contained in this message may be confidential > and is intended for the addressees only. If you have received > this message in error or there are any problems please notify > the sender immediately. > > The unauthorised use, disclosure, copying or alteration of this > message is strictly prohibited by law without express permission > of the original sender. > > BGC Contracting Pty Ltd will not be liable for direct, special, > indirect or consequential damages arising from any appropriation, > application or alteration of the contents of this message by a third > party or as a result of any virus being passed on. > > BGC Contracting Pty Ltd reserves the right to monitor and record > e-mail messages sent to and from this address for the purposes > of investigating or detecting any unauthorised usage of its system > and ensuring its effective operations. > > To unsubscribe from future communication please reply to the sender > of this email or forward this email to [EMAIL PROTECTED] > with the words "Unsubscribe" in the subject line. > -- > >
Re: [squid-users] squid start -- squid already running !
Hello Pwasenda, We expect that you are starting the already running process (squid). So first properly stop the squid using the rc script. After stopping, you can ensure with ps command for clean shutdown. Thanks, Visolve Squid Team http://squid.visolve.com On Wed, 2006-05-03 at 18:05 +0300, [EMAIL PROTECTED] wrote: > squid2.5-stable13 on SLES 9 > how do i ensure squid shuts down properly ? when i use the the rc script. > squid > gives "squid already running" when i try to start it which is not true > i always have to delete swap.state to start squid. > > how do i ensure clean shutdown ? > > > This message was sent using IMP, the Internet Messaging Program. >
Re: [squid-users] Squid and Virus protection ?
Hi, Yes, It is possible to run an anti virus proxy chained with squid to protect virus on the http transit. you can try the following setup HTTP -->SQUID --> ISVW Thanks, Visolve Squid Team. http://squid.visolve.com On Wed, 2006-05-03 at 12:12 +0200, Noc Phibee wrote: > Hi > > a small questions : > > - Can i add to squid a virus protection on the http transit ? > > - Anyàne know a linux solution for a charge repartition on a squid > cluster ? > > thanks bye > >
Re: [squid-users] squid improper shutdown
Hello pwasenda, We came to understand from your mail, you are stoping the squid binary(sbin/squid), which do not has such a stop option. Squid binary has only shutdown option. It should be executed as given below. Shutdown the squid using squid binary "/path to squid directory/sbin/squid -k shutdown". Stop the squid using rc script /path to rc script directory/squid stop If the path of the squid binary varies compared to the location of squid specified in rc script, Squid will not shutdown properly. So check for correctness. Thanks, Visolve Squid Team, http://squid.visolve.com On Tue, 2006-05-09 at 16:10 +0300, [EMAIL PROTECTED] wrote: > squid2.5 stable 13 sles9 , compiled from source. > > Am i insane ? > > server:/srv/www/htdocs # squid stop > 2006/05/09 15:47:50| Squid is already running! Process ID 5984 > server:/srv/www/htdocs # squid start > 2006/05/09 15:47:54| Squid is already running! Process ID 5984 > server:/srv/www/htdocs # squid start > 2006/05/09 15:49:41| Squid is already running! Process ID 5984 > server:/srv/www/htdocs # squid start > 2006/05/09 15:49:51| Squid is already running! Process ID 5984 > server:/srv/www/htdocs # squid stop > 2006/05/09 15:49:55| Squid is already running! Process ID 5984 > server:/srv/www/htdocs # squid stop > 2006/05/09 15:50:08| Squid is already running! Process ID 5984 > > > rcsquid stop works though. I have attached a copy. What is happening ? I > have a > feeling the when i restart the server, it doesn't wait for the squid to > properly exit, could i be correct ? how to avert this if so. > > > This message was sent using IMP, the Internet Messaging Program.
Re: [squid-users] SquidNT Error
Hello Shawn, You can check the following two log files. They will usually give you a hint about the cause of the problem squid.exe.log cache.log So you can see all error message. Thanks, Visolve Squid Team http://squid.visolve.com On Tue, 2006-05-09 at 16:39 +0800, Shawn Owens wrote: > I'm getting the following error for the NT service; any ideas? > > The SquidNT service terminated unexpectedly. It has done this 11 > time(s). The following corrective action will be taken in 6 > milliseconds: Restart the service. > > > -- > The information contained in this message may be confidential > and is intended for the addressees only. If you have received > this message in error or there are any problems please notify > the sender immediately. > > The unauthorised use, disclosure, copying or alteration of this > message is strictly prohibited by law without express permission > of the original sender. > > BGC Contracting Pty Ltd will not be liable for direct, special, > indirect or consequential damages arising from any appropriation, > application or alteration of the contents of this message by a third > party or as a result of any virus being passed on. > > BGC Contracting Pty Ltd reserves the right to monitor and record > e-mail messages sent to and from this address for the purposes > of investigating or detecting any unauthorised usage of its system > and ensuring its effective operations. > > To unsubscribe from future communication please reply to the sender > of this email or forward this email to [EMAIL PROTECTED] > with the words "Unsubscribe" in the subject line. > -- > >
Re: [squid-users] authenticate_ip_ttl 2 hours not working
Hello pwasenda, You should configure "acl aclname max_user_ip [-s] number" in squid configuration file, to make "authenticate_ip_ttl" work for more than one ip addresses. where the parameter(max_user_ip) controls the timeout on the ip entries. s is specified the limit is strict, denying browsing from any further IP addresses until the ttl has expired. Without s Squid will just annoy the user by "randomly" denying requests.(the counter is reset each time the limit is reached and a request is denied) Thanks, Visove Squid Team, http://squid.visolve.com On Wed, 2006-05-10 at 11:15 +0300, [EMAIL PROTECTED] wrote: > my authenticate_ip_ttl 2 hours line doesn't work. i can logon on two seperate > pc's and browse without any glitch. am using ntlm_auth.. > > solution ? > > > This message was sent using IMP, the Internet Messaging Program. >
Re: [squid-users] Problem when trying to block all but one domain
Hello Steinar, You have to configure the dstdomain for allowed sites in squid configuration file using acl. acl allowed_sites dstdomain www.itslearning.no Then you have to configure the rule to allow this site in your local network . http_access allow our_networks allowed_sites http_access deny all Thanks, Visolve Squid Team. http://squid.visolve.com On Thu, 2006-05-11 at 13:48 +0200, Steinar Vangen wrote: > I’m having a problem when I want to block all but one domain. > > The only domain I want my clients to use is www.itslearning.no > > I’ve tried using squid guard, but I can’t get the right result. > > Hope someone can help me > > Steinar > > > - > Start.no tilbyr nå raskere bredbånd til lavere pris. > Sjekk http://www.start.no/bredband/ for mer informasjon >
Re: [squid-users] Auto start SQUID during server boot up
Hello, We recommend you to configure rc script files of squid in rc.local or init.d to start squid while boot up. For more info visit this page http://www.squid-cache.org/Doc/FAQ/FAQ-3.html#ss3.6 Thanks, Visolve Squid Team. http://squid.visolve.com On Mon, 2006-05-15 at 03:08 -0700, nonama wrote: > HI everybody, > > What is your recommendation on auto startup during > boot up? Where should I configure it? > > Thank you. > > __ > Do You Yahoo!? > Tired of spam? Yahoo! Mail has the best spam protection around > http://mail.yahoo.com >
Re: [squid-users] Via: info
Hello Brent Clark, Yes it is possible.You can use header_access Via deny all Thanks, Visolve Squid Team, http://squid.visolve.com On Wed, 2006-05-17 at 09:33 +0200, Brent Clark wrote: > Hi all > > Im currently running nikto against my hosted box. > > In the audit file I see this > > Via: 1.0 my.machine.co.za:3128 (squid/2.5.STABLE13) > > Anyone know how I can switch this off, would it be possible to hide this > > Kind Regards > > Brent Clark >
Re: [squid-users] Use a parent proxy for https connexions
Hello Julien, If you use never_direct and you have multiple parent caches, then you probably want to mark one of them as a default choice in case Squid can't decide which one to use. That is done with the default keyword on a cache_peer line. never_direct allow all If you have only one parent,nothing is sent to the parent.Simply adding default to a parent does not force all requests to be sent to that parent.If you want to force all requests to your parent cache(s), use the never_direct option. Squid does not know what to do with an https request to handle such a request, Squid would need to speak the SSL protocol. Thanks, Visolve Squid Team, http://squid.visolve.com On Wed, 2006-05-17 at 15:36 +0200, Julien Cabillot wrote: > Hi, > (excuse my English, I'm a frenchie :)) > I try to install squid on my network, but I have a simple problem with > the HTTPS part. > I need to pass by an external proxy (I can't do nothing about this), > but I want a local cache. > I add the parent cache: > cache_peer 10.122.1.5 parent8080 0 no-query default > My ftp and http request pass by this proxy BUT (il y a toujours un > but): squid try to connect directly for https sites. > It's possible to pass by the external proxy for https request ? > > Thx
Re: [squid-users] thoughts about squidGuard?
Hello Philip, You have not mentioned the version of squidguard using.But the version of SquidGuard will not depend on the version of Squid. you can visit this page for more details of squidguard. :http://cri.univ-tlse1.fr/documentations/cache/squidguard_en.html Thanks, Visolve Squid Team, http://squid.visolve.com On Wed, 2006-05-17 at 16:36 -0400, Philip Hachey wrote: > Hi. I've setup squid-2.5.STABLE6 running on CentOS 4.3 and I'm > considering adding squidGuard [ http://www.squidguard.org/ ] to the mix to > block possible inappropriate web usage. I've hesitated since there > appears to be little recent development work or maintenance except for a > handful of patches which were not incorporated into a release. Has anyone > else used or is using squidGuard? Thoughts/comments? > > Thanks, > Philip Hachey >
Re: [squid-users] ACL for multiple users with multiple options
Hello, You should not use AND in http_access. You can use allow C M http_access allow C M Thanks, Visolve Squid Team, http://squid.visolve.com On Fri, 2006-05-19 at 06:14 +, mohammad imran wrote: > Hay All > > I am using squid in MS environment on testing base,We are using ISA Server > in production environment. > > I want to implement ACL for different users with different Options i.e. > > Giving some users MSN messenger acess not to all. > > I have made An access list > > acl C src 192.168.7.138/255.255.255.255 & > acl Mport 1080# msn messenger > > now how can i use these in http_access > I have tried > > http_access allow C AND M > > But this is not working error is "AclParseAccesLine ACL Name "AND" not > Found. > > > One more Question Is that I MS ISA Server2004 there is option of http > filtering so we can filter from > http header and block some signatures e.g. msn messenger using http .Can we > do the same here in squid. > > Very greateful to you for ur patience and support. > > Regards > Ever Smiling Imran > >
Re: [squid-users] Squid Authentification modes
Hello Julien, No, you can use one scheme of authentication at a time. For more details refer Squid-cache.org FAQ. Thanks, Visolve Squid Team, http://squid.visolve.com On Fri, 2006-05-19 at 11:04 +0200, REMY Julien wrote: > Hello, > > I sets up a proxy with Squid. I use the authentification mode msntauth for > the users present in Active Directory. > > In my company, in addition to the users present in Active Directory, there > are some users who have local accounts in a workgroup. This Workgroup, thanks > to a gateway, is join at the domain. > On the other hand, these users are not in Active Directory. > > I wanted to know if that were possible to use two modes of authentification. > In addition to the mode of authentification msntauth, I would like to use the > ncsa_auth mode. > > Is this possible? > > Thank you >
Re: [squid-users] Showing squid version
Hello Aguiar, You should compile squid by making the following changes in squid source file errorpage.c Edit src/errorpage.c Line:69 >From "Generated %T by %h (%s)\n" To "Generated %T by %h \n" Thanks, Visolve Squid Team, http://squid.visolve.com On Fri, 2006-05-19 at 10:47 +, Aguiar Magalhaes wrote: > Hi list, > > Where can i disable the message showing the squid > version at the bottom of the error pages, denied pages > and others ? > > I was looking for but i can't find this information > even in html files on the error directory. > > I'm using the 2.5 version. > > Thanks, > > Aguiar > > > > ___ > Abra sua conta no Yahoo! Mail: 1GB de espaço, alertas de e-mail no celular e > anti-spam realmente eficaz. > http://br.info.mail.yahoo.com/ >
Re: [squid-users] Log Format
Hello Michael,
Go through these pages for more details of Custom Log Formats with Squid
http://yergler.net/blog/2005/11/08/custom-log-formats-with-squid/
http://devel.squid-cache.org/customlog/logformat.html.
Thanks,
Visolve Squid Team,
http://squid.visolve.com
On Fri, 2006-05-19 at 10:07 -0700, Michael Jeung wrote:
> Hey folks,
>
> I'm trying to get the custom log format working with squid. I
> basically want to emulate the apache combined logs format.
>
> I picked this off a website:
>
> logformat httpd %>a - %un [%{%d/%b/%Y:%H:%M:%S %z}tl] "%rm %ru %rq" %
> Hs %h" "%{User-agent}>h"
> cache_access_log /home/squid/logs/access.log httpd
>
> It works great. However, I need to get the request protocol and
> request query string into the log as well. According to the squid
> log format documentation, I'm looking for the %rq and %rp variables.
> But whenever I add either of those variables in, squid starts
> complaining about syntax errors.
>
> For example:
> logformat httpd %>a - %un [%{%d/%b/%Y:%H:%M:%S %z}tl] "%rm %ru %rq" %
> Hs %h" "%{User-agent}>h"
>
> gives this --
> FATAL: Can't parse configuration token: '%rq" %Hs %h"
> "%{User-agent}>h"'
>
> Squid Cache (Version 2.5.STABLE13): Terminated abnormally.
> CPU Usage: 0.003 seconds = 0.000 user + 0.003 sys
> Maximum Resident Size: 0 KB
> Page faults with physical i/o: 0
> Abort trap (core dumped)
>
> Is there something wrong with the %rp and %rq variables? I'm using
> Version 2.5.STABLE13.
>
> Thanks,
> Michael Jeung
>
>
Re: [squid-users] how to disable squid access log
Hello, If your squid version is 2.4,you can use cache_acces_log /dev/null If your Squid version is 2.5, You can use cache_access_log none to disable the access log file. Thanks, Visolve Squid Team, http://squid.visolve.com On Sun, 2006-05-21 at 19:53 -0700, Juntao Gao wrote: > Hi, > > the Access log file in my system increase quickly. > how to disable it? > use /dev/null ? > > the access log file seems is not recycled. > > Thanks > Ted > > __ > Do You Yahoo!? > Tired of spam? Yahoo! Mail has the best spam protection around > http://mail.yahoo.com >
Re: [squid-users] slow on a specific site
Hello, Check the delay_pools option Thanks, Visolve Squid Team, http://squid.visolve.com On Tue, 2006-05-23 at 16:14 +0400, Noel Manansala wrote: > hi, > > this is a problem that has been bothering me for so long now.. my > users connect to my squid machine, all sites that they visit are > 'returned' ok and fast except for a particular site. the site is > www.esri.com. it is very slow when connecting to that site.. when i > try to connect to that site from the squid machine itself, it is fast. > the problem only comes when the computers connected to the squid > machine are to access that site. > > any kind of help will be much appreciated. > > Thanks! >
Re: [squid-users] Questions about Squid read_timeout and retry behavior
Hello Katie, Check the "retry_on_error" in squid.conf file. If set to on Squid will automatically retry requests when receiving an error response. This is mainly useful if you are in a complex cache hierarchy to work around access control errors. Thanks, Visolve Squid Team, http://squid.visolve.com On Tue, 2006-05-23 at 17:32 -0400, Katie Wang wrote: > Hi, > > I am using Squid of Version 2.5.STABLE5, and I have a few questions > regarding the squid read_timeout behavior. I did some tests and I would > first summarize my observation as following: > > Summary Start - > > When squid conf is "read_timeout 1 minutes", if nothing at all has been > received yet in 1 minutes, the request will be automatically retried. The > number of times of re-try is 3. So the squid returns timeout error (504) in > 3 minutes. > > When squid conf is "read_timeout N minutes", where N=2 or 3, if nothing at > all has been received yet in N minutes, the request will be automatically > retried. The number of times of re-try is 2. So the squid returns timeout > error (504) in 2*N minutes. > > When squid conf is "read_timeout M minutes", where M>=4, if nothing at all > has been received in M minutes, the request will NOT be retried, and the > squid returns timeout error (504). > > --- End -- > > > My questions are: > > 1, Are the about behavior expected? If it is expected, can you provide more > detailed explanation about the rule of re-trying. > 2, Is there a way to configure the re-try behavior? e.g. the number of times > to retry, or to disable retry. > > Thanks a lot, > > Katie Wang > Software Development > VoiceGenie Technologies Inc > > >
Re: [squid-users] repeating squid -z
Hello Lawrence, Running "squid -z" will not clean or affect the already initialized caches. Thanks, Visolve Squid Team, http://squid.visolve.com On Thu, 2006-05-25 at 12:33 -0400, lawrence wang wrote: > Hello, > > Are there any ill (or good) effects of running squid -z on cache > directories which have already been initialized? I'm writing a deploy > script and it's more convenient for me to always run "squid -z", but i > want to make sure this won't clear my cache or anything like that. > Thanks! > > Lawrence >
Re: [squid-users] Not allowing HTTPS request
Hello Harish, Check your SSL_port configuration. Thanks, Visolve Squid Team, http://squid.visolve.com On Thu, 2006-05-25 at 15:51 +0530, harish wrote: > Hi All > > I have Installed and configured squid-2.5 on Centos4.2. As per my > observation that server is not allowing https request through it. When I try > to browse gmail it will denying my request. I am able to browse all other > site. Only site which sending through https request will deny access. > > Please do the needful > > Thanks in advance > > Regards > Harish > >
Re: [squid-users] Restart Squid
Hello, No need to restart squid to make effect of the squid configuration changes, just run "squid -k reconfigure" Thanks, Visolve Squid Team, http://squid.visolve.com On Fri, 2006-05-26 at 16:11 +0545, Harish Pokharel wrote: > Should I restart Squid after i make some acls entry in squid.conf >
Re: [squid-users] Manually expire content
On Wed, 2006-05-31 at 01:04 +0100, Robin Bowes wrote: > Hi, > > I'm planning to use squid to cache content from a content-rewriting > proxy (running apache). > > The proxy sucks content from a live site and replaces specific text strings. > > So, http://proxy.example.com/?id=12345 might map to the site > http://squid-cache.org replacing all instances of the word "squid" with > "foobar". I want squid to cache this. > > Is it possible to manually expire content in the squid cache when > changes are made to the content-rewriting in the proxy? > > Basically, I'd like to be able to say something like: > > Expire all content containing the query string "id=12345" > > Thanks for any suggestions. > > R. Hello Robin, You can try with purge tool.This is squid related software. The purge tool is a kind of magnifying glass into your squid-2 cache. You can use purge to have a look at what URLs are stored in which file within your cache. The purge tool can also be used to release objects which URLs match user specified regular expressions. A more troublesome feature is the ability to remove files squid does not seem to know about any longer. Thanks, Visolve Squid Team, http://squid.visolve.com
Re: [squid-users] how to write this urlpath_regex
On Tue, 2006-05-30 at 10:30 +0800, huang mingyou wrote: > hello,list. > I get a problem when I write a filter rule. I have two urls. > http://host/bbs/1.php and http://host/bbs/foo/bar/x.jpg > now,I want the squid can cache the jpg file but no cache for php > or other script file. > if I use urlpath_regex bbs php or other rule,the > http://host/bbs/foo/bar/x.jpg wile be filter too. > so ,how to write a rule,fileter bbs in the url but if have jpg ,then not > filter. > Hello Huang, By default squid don´t cache this acl type acl QUERY urlpath_regex cgi-bin \? no_cache deny QUERY you can to add \.php$ For more details visit this page: http://jmason.org/software/sitescooper/tao_regexps.html and no_cache directive. Thanks, Visolve Squid Team, http://squid.visolve.com
Re: [squid-users] Random authentication popups
On Thu, 2006-06-01 at 13:37 +0900, Scott Jarkoff wrote: > I have setup Squid to perform authentication via NTLM and everything > is working fine with the exception of 1 odd error. At random times > throughout the day, and for no apparent reason, an authentication > popup will be presented to the user. Merely clicking "cancel" will > allow the user to view the site. > > The proxy server has not yet been deployed throughout the organization > and therefore only has a very minimal load on it at the moment, yet it > does this random authentication thing. > > Does anyone have any ideas as to what might be causing this to happen? > Hello Scott, You can use this directive of squid.conf file to prevent the problem. "auth_param ntlm use_ntlm_negotiate off" You may also need to increase children based on your number of users. You can visit for more details:http://www.squid-cache.org/Doc/FAQ/FAQ-23.html#ss23.5 Thanks, Visolve Squid Team, http://squid.visolve.com
Re: [squid-users] NTLM Auth
On Fri, 2006-06-02 at 11:31 +0400, Teller Sgt Robert J (GCE RCT-7 DATA NCOIC) wrote: > Classification: UNCLASSIFIED > > I am currently running squid 2.5 stable compiled from source on a debian > 3.0 server. I am attempting to authenticate my users against an Active > Directory Domain Controller and I can get it to work with Basic Auth but > when I attempt to use NTLM it will keep asking for username and password > over and over and does not stop. Any help would be great. > Robert > Hello Robert, Could you provide the directory structure of your AD and the relevant squid configuration details. Thanks, Visolve Squid Team, http://squid.visolve.com
Re: [squid-users] Date issue
On Fri, 2006-06-02 at 10:25 +0200, Hement Gopal wrote: > THIS IS A TEST > DISCLAIMER WITH FONTS MODIFIED. Hello Hement, Compile squid by altering the following line in squid source file src/errorpage.c. Default: "Generated %T by %h (%s)\n" The signature by defaults uses %T as timestamp, but if you like then you can use %t instead for a timestamp using local time zone. "Generated %t by %h (%s)\n" Thanks, Visolve Squid Team, http://squid.visolve.com
Re: [squid-users] FW: using Squid as a proxy server
On Sat, 2006-06-03 at 08:43 +0200, Bluemountain wrote: > PLez help, I have a 2003 server domain and 40 users in a call center, > can ANYONE help me with the below query??? > > Hi, > I am new to squid and have a new client that apparently has a squid proxy > that is not working, can anyone tell me how to even begin to fix this > problem, and get there proxy up and running again? I am absolute > clueless Hello Roux, Could you send me the details of your version,log files and configuration. Thanks, Visolve Squid Team, http://squid.visolve.com
Re: [squid-users] Transparent Reverse Proxy
On Fri, 2006-06-02 at 16:49 +0200, Cole wrote: > Hi. > > I wanted to know if its possible to setup squid to be a transparent reverse > proxy/httpd accelerator > for multiple servers behind squid. I read through all the ViSolve stuff > regarding this, and that all > makes sense, I was just wondering if its possible to multiple servers in > transparent mode? > > Regards > /Cole > > Hello Cole, Yes it is possible to setup reverse proxy for multiple servers. You have to make squid to resolve to appropriate servers through DNS or hosts file. And squid configuration has to me modified as given in http://squid.visolve.com/squid/reverseproxy.htm Let us know if you have some specific questions. Thanks, Visolve Squid Team, http://squid.visolve.com
Re: [squid-users] external file processing with squid
On Fri, 2006-06-02 at 12:03 -0700, power159 wrote: > Hi > > i want to know its this possible that check file extension or Type and if > it was for example image , open a a program and do something in image and > send send it to user ? with current configuration or editing source .. > > Thanks > Hello , You could write a redirector and when the url matches for an image, it can be replaced with a different one (url having different image). But editing the image is not trivial. Thanks, Visolve Squid Team, http://squid.visolve.com
Re: [squid-users] permanantly caching a site/content
On Tue, 2006-06-06 at 10:51 +1000, [EMAIL PROTECTED] wrote: > is it possible to set an acl to permanently cache a site? regardless of the > disk/cache size? > > i've looked over all of the doco and i cant find anything > > > tia > Hello Tia, You can try with the following refresh_pattern -i www.site.com/. 4320 100% 43200 override-expire override-lastmod -- Thanks, Visolve Squid Team, http://squid.visolve.com
Re: [squid-users] Broken Upload
On Wed, 2006-06-07 at 11:12 +0330, Mehdi Sarmadi wrote: > Dears > > I've problem with upload use, uploads more than 1MB get broken often. > What should affect on such usage? Any configuration directive or > system hardware? > > Looking forward to your reply > TIA > Hello Tia, Check the "delay_pools" configuration directive in squid. -- Thanks, Visolve Squid Team, http://squid.visolve.com
Re: [squid-users] Broken Upload
On Wed, 2006-06-07 at 11:12 +0330, Mehdi Sarmadi wrote: > Dears > > I've problem with upload use, uploads more than 1MB get broken often. > What should affect on such usage? Any configuration directive or > system hardware? Hi, If the error(time out) is due to the read_timeout then that will be logged in the cache.log as ERR_READ_TIMEOUT So check your cache.log -- Thanks, Visolve Squid Team, http://squid.visolve.com
Re: [squid-users] Squid + Websense
On Wed, 2006-06-07 at 08:17 -0700, Daniel EPEE LEA wrote: > Hello, > > Does anyone have links about squid + websense > integration ? > Is there an altenative to Websense in the opensource > world ? > > Thanks for links and advice. > > Regards, > > Daniel > > > - > T OG O D B ET H E G L O R Y :) > -- > > __ > Do You Yahoo!? > Tired of spam? Yahoo! Mail has the best spam protection around > http://mail.yahoo.com > Hello Daniel, For Web Content Filtering there are Dansguardian,Poesia http://dansguardian.org/ (open source but restricted for commercial use) http://sourceforge.net/projects/poesia/ For URL Based Filtering there is squidguard http://www.squidguard.org/
Re: [squid-users] Squid - Upgrading Weird Problem - Timeout
On Wed, 2006-06-07 at 13:32 -0300, Palula wrote: > Ok... I can't figure this one out... > > I've just upgraded my Squid to 2.5/STABLE11 with yum (previously was using > 2.5/STABLE6). And this problem started. > > I receive this message on the clients browsers: > > The requested URL could not be retrieved > - > > While trying to retrieve the URL: http://www.google.com.br/ > > The following error was encountered: > > Unable to determine IP address from host name for www.google.com.br > The dnsserver returned: > > Timeout > This means that: > > The cache was not able to resolve the hostname presented in the URL. > Check if the address is correct. > Your cache administrator is [EMAIL PROTECTED] > > - > Generated Wed, 07 Jun 2006 05:01:08 GMT by netradio.com.br > (squid/2.5.STABLE11) > > The weirdest thing is that I can browse with the server. And worst... > Everything returns to normal when I restart squid service (ex: > /etc/rc.d/init.d/squid restart) > > So this means it has to be a small glitch. I can't be related to network > problems. If it were network problems, by restarting squid, things would > continue to go wrong right? Has anyone gone through this? > > Hi, What is the dns_nameservers configured on the squid.conf. Are able to query the dnsserver from command line using dig dig @dnsnameserver goolge.com.br If does not get the correct record, try changing the dnsserver. -- Thanks, Visolve Squid Team, http://squid.visolve.com
Re: [squid-users] want to install squid on ubuntu
On Thu, 2006-06-08 at 03:03 +0500, Naveed Razaq wrote: > hi > > any body who can help me to configure squid on ubuntu > > thank > naveed razaq > Hello Razag, Install squid with #apt-get install squid and edit the squid conf file as your needs refer http://squid.visolve.com/squid/sqguide.htm for configuring squid. -- Thanks, Visolve Squid Team, http://squid.visolve.com
Re: [squid-users] SQUID 2.5 STABLE4 and AD 2003 R2
Meyerovich Aleksandr EB_NY wrote: 1. Which options Squid needs to be complied with to be able to authenticate against Windows 2003 R2 Active Directory with 2003 Functional Domain Level enabled? 2. Which authentication helper would work in this situation? Thanks a lot for help. Regards, Alex Meyerovich Hello Alex, you can compile squid by enabling the following configuration options "--enable-ntlm-auth-helpers=SMB,winbind \ --enable-external-acl-helpers=ip_user,ldap_group,unix_group,wbinfo_group,winbind_group \ --enable-auth=basic,ntlm --with-winbind-auth-challenge --enable-basic-auth-helpers=LDAP,MSNT,NCSA,PAM,SMB,YP,getpwnam,multi-domain-NTLM,SASL,winbind" with the authentication methods as your requirement. NTLM auth helper should work for your situation. Thanks, Visolve Squid Team, http://squid.visolve.com <http://squid.visolve.com/>
Re: [squid-users] file descriptor problem
genco yilmaz wrote: Hi, Squid generates the following warning on cache.log file: WARNING! your cache is running out of filedescriptors. I know that there is no available FD for squid but I couldn't solve it yet. I have tried the methods mentioned in squid archive to increase FD number but nothing changed. I have added ; * soft nofile 8192 * hardnofile 65535 lines into the /etc/security/limits.conf file then I have issued "ulimit -HSn 8192" to increase the per process file descriptor limit but squid still says that there is 1024 file descriptor available at startup. Hello Yilmaz, Squid might be compiled with 1024 fildescriptors. So You need to set the ulimit -Hsn 8192 and recompile the squid Thanks, Visolve Squid Team, http://squid.visolve.com
Re: [squid-users] Blacklisting problem, simple fix?
Dave Mullen wrote: Fellow Users, I have squid running with a blacklist, but I seem to have found an issue with my config. The blacklist lists a domain, but it's not blocking any subdomains of that domain. Should it? Is there an option that turns on this recursion or something? For example: playboy.com is blocked in domains. www.playboy.com or members.playboy.com are still reachable. Shouldn't they be stopped as well as the playboy.com? Any thoughts? Thanks in advance, Dave Mullen Hello Dave, You can block the domain with subdomain using regular expression in acl. acl domain_block dstdom_regex [-i] playboy.com (or) acl domain_block url_regex [-i] playboy.com http_access deny domain_block Thanks, Visolve Squid Team, http://squid.visolve.com
Re: [squid-users] Selective .dll block
John Halfpenny wrote: hi. i've been running squid with dansguardian for a while, works really well. however, some people here need to use ebay and as i have dll files blocked at dans it won't work properly. as dans doesn't have an exception list for filetype, i thought about controlling them with the squid instance dans 'sits on'. my question is- how do i create an acl to ban .dll files, but allow the one necessary .dll file through? (ebayisapi.dll) is it possible to do with a single acl, or will i need to create an 'ok' acl followed by a 'not ok' acl? :-) Hello John, You can try with the following acl FILE urlpath_regex [-i]\.dll acl FILE1 urlpath_regex [-i]\.dll http_access allow FILE http_access deny FILE1 Thanks, Visolve Squid Team, http://squid.visolve.com <http://squid.visolve.com>
Re: [squid-users] I have Squid 2.5 stable 14 running on a Linux box using the WCCPv1.
Keith Owen wrote: I have Squid 2.5 stable 14 running on a Linux box using the WCCPv1. This setup seems to be having troubles with e-mail websites (ex mail.yahoo.com & hotmail.com) If anyone can offer suggestions that would be appreciated. Hello , Could you send me the error message in browser while you are browsing these sites. Thanks, Visolve Squid Team, http://squid.visolve.com
Re: [squid-users] Limited site access
[EMAIL PROTECTED] wrote: We've a situation at our facility where specific clients sit in static IP address block This clients are considered "restricted" and I need a way to get these clients to access a set of websites that I've defined. There's probably 20 or 30 sites. Can I get some recommendations on how to do this most-efficiently? Much appreciated, Tim Rainier Hello Rainer, You can solve your problem with the following acl restricted src x.x.x.x/. acl restricted_sites dst /usr/local/restrict.txt http_access allow restricted restricted_sites http_access deny restricted You can create a file(restrict.txt) to list the restricted sites. For more details: http://www.squid-cache.org/Doc/FAQ/FAQ-10.html Thanks, Visolve Squid Team, http://squid.visolve.com
Re: [squid-users] SQUID DNS problems
Falko Zurell wrote: Hello list, I got a strange problem with our squid server (squid 2.5.12 on linux) . We have a network with multiple subdomains. Lets say ads.domain.com and localtions.domain.com My squid host is a linux box with the correct /etc/resolv.conf settings. The machine itself can resolve all host names in our network. If i do a nslookup or host request I can resolve hosts on all our subdomains. But the squid can't resolve hosts in one of the subdomain (ads.domain.com). The domain it can't resolve in is a windows domain, served by MS DNS-Server. I wonder why the operating system can correctly resolve all the hostnames but the squid doesn't. I even entered all our DNS-Servers in the squid.conf but this doesn't helped. I even changed the default domain of the squid host to the ads.domain.com but this also doesn't resolved to problem. Does anyone has an idea on that? Thanks --- Falko Zurell Head of Application Management Hello Falko, What is the dns_nameservers configured on the squid.conf. Are able to query the dnsserver from command line using dig dig @dns_nameservers ads.domain.com If does not get the correct record, try changing the dnsserver. Thanks, Visolve Squid Team, http://squid.visolve.com
Re: [squid-users] Error - Cache Manager Access Denied
Gabe Matteson wrote: I receive this error after logging into Squid's cachemgr.cgi site... Any idea's how to resolve this? Thank you. - Gabe The following error was encountered: * Cache Manager Access Denied. Sorry, you are not currently allowed to request: cache_object://srvsquid1.rrg.local/ from this cache manager until you have authenticated yourself. === SQUID.CONF === acl all src 0.0.0.0/0.0.0.0 acl cachemgr proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 563 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 563 # https, snews acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT acl server_vlan src 172.18.2.0/255.255.255.0 acl client_vlan src 172.18.5.0/255.255.255.0 #http_access allow cachemgr localhost http_access allow cachemgr all http_access deny cachemgr all # Deny requests to unknown ports http_access deny !Safe_ports # Deny CONNECT to other than SSL ports http_access deny CONNECT !SSL_ports # We strongly recommend the following be uncommented to protect innocent # web applications running on the proxy server who think the only # one who can access services on "localhost" is a local user #http_access deny to_localhost http_access allow client_vlan http_access deny all Hello Matteson, Your password might not be match with cachemgr_passwd.Check the cachemgr_passwd directive in squid.conf -- Thanks, Visolve Squid Team, http://squid.visolve.com
Re: [squid-users] Multiple domains and multiple backend servers : use of httpd_accel ?
Crimso wrote: Hi, I currently use squid on a virtual private server the following way : www.domains.com -> squid -> my server The VPS is localized in Italy so my websites seems to be in Italy for the search engines, although my server is localized in France. I use : "http_accel_host www.myserverhost.com" directive and it works perfectly. For some reasons I'd like to add some domains to my configuration, but these domains are hosted on another server (I can't change that, it doesn't depend on me...) The result should be : www.domain1.com -> Squid -> server1 www.domain2.com -> Squid -> server2 I really don't see how to do that since the http_accel_host directive can only be used once... Hello Crimso, If you are using the reverse proxy for more than one web server, then we must use the word virtual as the httpd_accel_host. For more details: http://squid.visolve.com/squid/reverseproxy.htm -- Thanks, Visolve Squid Team, http://squid.visolve.com
Re: [squid-users] configuring external acls in squid 2.5stable6 on fc3
ankush grover wrote:
hey friends,
I am using Squid 2.5 Stable 6 on FC3. I am trying to configure an
external acl to make
"request_body_max_size" work inside an acl.
An example is given on this url
http://www.mail-archive.com/squid-users@squid-cache.org/msg16568.html
the external acl defined in my squid.conf file
external_acl_type request_body %{Content-Length} /etc/squid/request.sh
acl external request_max_250 request_body 256000
http_access allow mynetwork request_max_250
Messages which we are getting while restarting the squid
Stopping squid: 2006/06/16 14:01:12| squid.conf line 1816: acl
external request_max_250 request_body 256000
2006/06/16 14:01:12| aclParseAclLine: Invalid ACL type 'request_max_250'
2006/06/16 14:01:12| squid.conf line 1900: http_access allow mynetwork
request_max_250
2006/06/16 14:01:12| aclParseAccessLine: ACL name 'request_max_250 not
found.
What is the best way of configure external acl's in squid ? An example
will be very helpful
Thanks & Regards
Ankush Grover
Hello Grover,
Your acl format is incorrect "acl external request_max_250 request_body
256000 ". You can try with "acl request_max_250 external request_body
256
--
Thanks,
Visolve Squid Team,
http://squid.visolve.com
Re: [squid-users] Re: Squid for beginner
ankush grover wrote: On 6/16/06, Oshio Adams <[EMAIL PROTECTED]> wrote: Is there any where I can get Squid information for beinngers. I need a basic set up that works before I start making changes I parse ok I start ok But cant browse via the squid server from a system. Oshio Hello Oshio, Check your cache.log whether squid is running . If squid is running check the access.log while you are browsing. For more details about squid quick start guide: http://squid.visolve.com/squid/sqguide.htm -- Thanks, Visolve Squid Team, http://squid.visolve.com
Re: [squid-users] Date and Expires headers not updating?
lawrence wang wrote: Squid seems to have a bug with Expires and Date headers: It fetches an object and caches the headers. The object expires, and Squid fetches it again. The object is unmodified, so Squid continues to use the cached object. However, it appears that it also continues to return the old Expires and Date headers, even though it seems to be using new values "under the hood". This will confuse downstream caches, won't it? Hello Lawrence, We guess this is something to do in webserver. -- Thanks, Visolve Squid Team, http://squid.visolve.com
Re: [squid-users] Help. SQUID very very slow.
Sergey Bondar wrote: Hi all. I am using squid for 7 year. No complains, but two week ago I installed new squid on brand new Dell Server to replace old machine. So Squid on new computer working much slower then on old one. If I go through NAT on new server it is fast. Over 50 people going through squid. Here is the specs: OLD Computer: FreeBSD 4.5-RELEASE #0: Tue Apr 30 18:25:23 EDT 2002 i386 CPU: Pentium III (501.14-MHz 686-class CPU) 512 Mb RAM squid-2.4.STABLE4 cache_dir 700 24 256 cache_mem 256 M Internet line: DSL 700 kb NEW Computer: FreeBSD 6.1-RELEASE #0: Fri Jun 16 13:10:14 EDT 2006 i386 DELL Server PE1420 ACPI APIC Table: Timecounter "i8254" frequency 1193182 Hz quality 0 CPU: Intel(R) Xeon(TM) CPU 3.00GHz (2992.52-MHz 686-class CPU) 1 Gb RAM squid-2.5.STABLE12 cache_dir 3000 128 512 cache_mem 500 M Internet line: T1 I tried GENERIC kernel and My own with out all not needed drivers same results Hello Bonder, Your new server might be started with filling stage in cache . It will be fast when the cache is full. -- Thanks, Visolve Squid Team, http://squid.visolve.com
Re: [squid-users] Replicate web object in peer cache server
Eswari Pd. Sharma wrote: Hi squid users, We are running peer transparent cache servers . In peer cache server, the web objects are store identical in each peer server and when request comes it look on its own and if doesnt get it look from the siblings , eventually it takes time and degrades the performance of cache server. I want to replicate web objects in peer cache server also and see the performance of cache server. Do anyone have idea how to replicate web objects in peer server ? Hello Eswari, For the details of peer cache: http://squid.visolve.com/squid/squid24s1/neighbour.htm. -- Thanks, Visolve Squid Team, http://squid.visolve.com
Re: [squid-users] Novell lookup
Keith Owen wrote: Can anyone lead me in the right direction. Is there a way for the access.log instead of IP addresses to have user names? We are a "Novell shop". Thanks in advance. Hello Owen, The 8th field of access.log is Ident. If ident_lookup is on, this field may contain the username associated with the client connection as derived from the ident service. If you are already authenticated with username , the username will display automatically at the 8th field of access.log. For more details about access.log format: http://squid.visolve.com/squid/squid24s1/glossary.htm#access.log. -- Thanks, Visolve Squid Team, http://squid.visolve.com
Re: [squid-users] Group ACLs
Luís Fernando C. Talora wrote: Hum, I see now... And how would the acl line to group those ACLs into one be like? Hello Fernando, You can try with following acl acl usr_sites dstdomain site1, site2, site 3... (or) acl usr_sites dstdomain "/path/to/sitesfile" -- Thanks, Visolve Squid Team, http://squid.visolve.com
Re: [squid-users] Does squid admits ubiquity?
[EMAIL PROTECTED] wrote: Hello, i use squid with ncsa_auth to identify my users, but i have a problem whith the accounts; how to prevent users to connect themselves on different machines with the same account at the same time? I don't know if i was clear I've tried to use at the same time the same accounts on different machine and it was possible. I need to prevent it, because postal police couldn't believe in ubiquity.. Hello Davide, You can try with "acl aclname max_user_ip [-s] number" directive in squid.conf. -- Thanks, Visolve Squid Team, http://squid.visolve.com
Re: [squid-users] delay access to cached objects
Santosh Rani wrote: Sirs/ Madams I wonder how should I tell squid not to cache any thing! I am trying to chain two squid proxies. Both squids are installed on different machines. (I may sound foolish here! pardon me). I am telling one machine (machine 'A') to fetch data from other squid machine (machine 'B'). In machine 'A' , I have this line under TAG 'cache_peer' cache_peer 192.168.x.x sibling 8080 3130 proxy-only I am not able to get data from cache of machine 'A' by this directive (It is fetching data from internet) . Do I have to pass some directive in squid's configuration file on machine 'A' too? Hello Santhosh Rani, For more detailed configuration of squid forward all requests to another proxy: http://info.ccone.at/INFO/Squid/FAQ-4.html#ss4.9 -- Thanks, Visolve Squid Team, http://squid.visolve.com
Re: [squid-users] OWA reverse proxy with 2.6RC2
Another question maybe off topic but is Squid able to do reverse proxying for multiple urls using different backend (peer cache)? How is the link between the https_port and the cache_peer done in this case? Using cache_peer_domain? Hello Grilli, cache_peer_access is more flexibility directive to solve your problem. For more details see: http://www.visolve.com/squid/squid30/accesscontrols.html#cache_peer_access -- Thanks, Visolve Squid Team, http://squid.visolve.com
Re: [squid-users] What does squid call items in its' cache?
John Oliver wrote: I want to purge some (or even all) of the stuff in squid's cache. But every possible name I've passwd with squidclient gets rejected with a 404. I've tried *, www.mydomain.com, http://www.mydomain.com, http://www.mydomain.com/*... nothing is working. Is there a way to list the cache? Hello Oliver, You can try with purge tool to solve your problem.The purge tool is a kind of magnifying glass into your squid-2 cache. You can use purge to have a look at what URLs are stored in which file within your cache. The purge tool can also be used to release objects which URLs match user specified regular expressions. A more troublesome feature is the ability to remove files squid does not seem to know about any longer. For more details of purge tool at: http://www.wa.apana.org.au/~dean/squidpurge/ -- Thanks, Visolve Squid Team, http://squid.visolve.com
Re: [squid-users] Strange behaviour with squid
Luca Manganelli wrote: Hi, I've configured my squid proxy to use NTLM authentication. When I access to internet from a PC with Firefox, an authentication window appears: Please write username and password for proxy "" on testproxy:3128 I write user and pwd, but the same window appears. If I press ESC (close window), another window appears: Please write username and password for proxy "Squid Test Proxy" on testproxy:3128 The only difference is the proxy name, but after I wrote user and password the proxy works! Why the proxy is acting in this mode? Hello Manganelli, Check your auth_param configuration in squid.conf file. -- Thanks, Visolve Squid Team, http://squid.visolve.com
Re: [squid-users] HOWTO accelerate WindowsUpdate
John Mok wrote: Hi, I am using squid-2.5.STABLE12 on FC3 Linux and would like to reduce the Internet traffic and accelerate for windowsupdate. I found that there were many TCP_MISS for windowsupdate (as shown below) although I set a large value for maximum object size (e.g. 600MB) and I was sure that a previous user had got the update before. Hello John Mok, Squid won't support caching of dynamic pages. acl QUERY urlpath_regex cgi-bin \? no_cache deny QUERY -- Thanks, Visolve Squid Team, http://squid.visolve.com
Re: [squid-users] How to set up a reverse proxy server over SSL?
fulan Peng wrote: Hi, I have compiled Squid 3.0 pre-release4 with its default. Then I changed one line from http-access deny all to http-access allow all and tried out the non-ssl forward proxy server worked. Now I want to set up with SSL and a reverse proxy server. Could you please help to tell where is a tutorial or a sample configuration file? Hello Peng, The following steps are used to configure the squid-3.0 with SSL Compile squid with the ssl support option ./configure --prefix=/usr/local/squid --enable-ssl Edit the squid configuration for squid with SSL support (Reverse proxy) https_port 443 protocol=http cert=/path/to/server/certificate/server_cert.pem key=/path/to/server/key/server_priv_key.pem vport=back end server listen> acl SSL method CONNECT never_direct allow SSL create a Swap Directory /usr/local/squid/sbin/squid -z Start Squid /usr/local/squid/sbin/squid -- Thanks, Visolve Squid Team, http://squid.visolve.com
Re: [squid-users] different round-robin parents
[EMAIL PROTECTED] wrote: Hello, is it possible to use different group of round-robin parents ? I've got some local squid servers that forward internet requests to 2 squid parent servers (configured with round-robin). In parallel, for some specific intranets website, i would need to forward these requests to some another couple of squid servers, and so implementing another couple of round-robin parents. Hello, The round-robin option must be used on more than one cache_peer line to be useful. Connections to caches configured with this options are spread evenly (round-robined) among the caches. This can be used by client caches to communicate with a group of loaded parents, so that load is spread evenly. If you have multiple Internet connections, with a parent cache on each side, you can use this option to do some basic load-balancing of the connections. In other words,the round-robin option is similar to default, except that Squid forwards the request to the parent with the lowest use count. The cache_peer_domain restrictions still apply, of course. A typical configuration might look like: cache_peer proxy.visolve.com1 parent 3128 3130 round-robin no-query cache_peer proxy.visolve.com2 parent 3128 3130 round-robin no-query For more details visit: http://squid.visolve.com/squid/squid24s1/glossary.htm. -- Thanks, Visolve Squid Team, http://squid.visolve.com
Re: [squid-users] disk space over limit
lawrence wang wrote: squid-users, i hope you can save me once again :) i've been getting a lot of the errors below. does this look like something i can fix with reconfiguration or recompilation? 2006/07/04 20:59:42| WARNING: Disk space over limit: 440086904 KB > 432410624 KB 2006/07/04 20:59:53| WARNING: Disk space over limit: 439706788 KB > 432410624 KB 2006/07/04 21:00:04| WARNING: Disk space over limit: 439553980 KB > 432410624 KB 2006/07/04 21:00:15| WARNING: Disk space over limit: 439485096 KB > 432410624 KB Hello Lawrence, This might be swap.state has been corrupted. Such corruption can occur on unexpected system shutdowns (power failure, kernel panic etc). You can try with the following 1. Shut down squid. 2. Remove the swap.state files from your cache directories. 3. Start Squid again. It will rebuild swap.state from the cache files. -- Thanks, Visolve Squid Team, http://squid.visolve.com
Re: [squid-users] Squid won't debug
John Oliver wrote: [EMAIL PROTECTED] squid-2.5.STABLE14]# /usr/local/squid/sbin/squid -k debug squid: ERROR: No running copy Squid is not running Start Squid first then debug it #/usr/local/squid/sbin/squid #/usr/local/squid/sbin/squid -k debug See the outputs in cache.log I was trying to find out why I always get: ERROR The requested URL could not be retrieved While trying to retrieve the URL: http://localhost:81/ The following error was encountered: * Access Denied. Access control configuration prevents your request from being allowed at this time. Please contact your service provider if you feel this is incorrect. I tried "http_access allow all" since I'm using Squid as an accelerator, but that didn't work. Check your iptables setting. #iptables -L If there is any rule set for denying port 81,remove it and then try it again. Also you can check to know whether the port 81 is opened. #telnet localhost 81 -- Thanks, Visolve Squid Team, http://squid.visolve.com
Re: [squid-users] httpd_accel in Squid 2.6.STABLE1 problem
Jon wrote: First I added cache_peer virtual parent 80 3130 originserver and http_port 80 vhost to the conf file. But I get this error: The following error was encountered: * Unable to forward this request at this time. Hello Jon, You can try with following directive in squid.conf file. cache_peer virtual parent 80 0 no-query originserver -- Thanks, Visolve Squid Team, http://squid.visolve.com
Re: [squid-users] httpd_accel in Squid 2.6.STABLE1 problem
Jon wrote: tor 2006-07-06 klockan 12:26 -0400 skrev Jon: Thanks for the reply and I tried cache_peer virtual parent 80 0 no-query originserver but it gave me an error The following error was encountered: Unable to determine IP address from host name for virtual Hello Jon, You can try with Server IP address instead of virual . cache_peer [Ip address] parent 80 0 no-query originserver -- Thanks, Visolve Squid Team, http://squid.visolve.com
Re: [squid-users] How to restrict the users & validate the login credientials
Pavan Kumar Mahoorker wrote: Hi all, I have configured SQUID as HTTP proxy and allowed some range of IPs. And when I use internet form my PC for which I have configured this SQUID PC as proxy server and i can see all the traffic going through the proxy. Now I want to allow the PC's to access the Proxy server only if the login credentials authentication is success. And if the PC's fail to authenticate then the proxy should block the traffic. I have modified the /etc/squid/squid.conf file but looks like it needs a external auth server like LDAP, APACHE & etc... Let me know what needs to be done to achieve this Hello Kumar, The Squid source code comes with a few authentcation processes for Basic authentication. These include LDAP: Uses the Lightweight Directory Access Protocol NCSA: Uses an NCSA-style username and password file. MSNT: Uses a Windows NT authentication domain. PAM: Uses the Linux Pluggable Authentication Modules scheme. SMB: Uses a SMB server like Windows NT or Samba. getpwam: Uses the old-fashioned Unix password file. sasl: Uses SALS libraries. winbind: Uses Samba authenticate in a Windows NT domain If you have LDAP then you can configure with squid. Configuration of LDAP can be done with the following Compiling squid with ldap support. ./configure --enable-basic-auth-helpers="LDAP" In squid.conf file edit the following auth_param basic program /usr/local/squid/libexec/squid_ldap_auth -b dc=yourdomain,dc=com -f uid=%s -h yourdomain.com acl password proxy_auth REQUIRED http_access allow password http_access deny all This Squid-LDAP Setup allows the users in the LDAP to access the pages and deny all the others. Similarly you can configure with the other authentication methods. -- Thanks, Visolve Squid Team, http://squid.visolve.com
Re: [squid-users] Re: httpd_accel in Squid 2.6.STABLE1 problem
peter S wrote: I am having trouble with squid config in 2.6 stable1.They have taken out httpd_accel_port and httpd_accel_host and replaced them with defaultsite http_port and cache_peer originserver options. When I put in the name of my server defaultsite http_port and the port that I am using under the cache_peer option squid returns an error saying that it doesn't understand the host name or port. I had to go back to another version of squid. Does anyone have a squid config http accelrater example for 2.6? Hello Peter, http accelrater for 2.6 can be done by the following modification in squid.conf http_port 80 vhost cache_peer virtual parent 80 0 noquery originserver (or) cahce_peer [backend server IP] parent 80 0 noquery originserver http_access allow all Thanks, Visolve Squid Team, http://squid.visolve.com
Re: [squid-users] Only MISSES in Access log
Thomas Tronier-Rasmussen wrote: Hi Squid Users, I'm new to Squid, and I just installed it via Yum. After setting up ACL's I can access the Internet, but in my access log, I only get TCP_MISS/200 and TCP_REFRESH_MISS/200 when refreshing websites. I can't figure out what's wrong, any ideas? - I thought squid was configured to do caching by default. Hello Thomas, Squid doesnot support to cache the dynamic pages. It only cache the static html pages. We guess your server might be filling stage in cache. -- Thanks, Visolve Squid Team, http://squid.visolve.com
Re: [squid-users] ACL wildcards?
Shoebottom, Bryan wrote: Hello, Is it possible to use wildcards in an ACL? For example, currently I do this? acl restricted dstdomain .domain1.tld acl restricted dstdomain .domain2.tld acl restricted dstdomain .domain3.tld acl restricted dstdomain .domain4.tld Can I do this? acl restricted dstdomain .domain?.tld Thanks, Hello Bryan, Try with ACL acl aclname dstdom_regex [-i] xxx.. -- Thanks, Visolve Squid Team, http://squid.visolve.com
Re: [squid-users] Queing downloads
Janco van der Merwe wrote: Hi guys, I have an interesting question which I hope somebody will be able= to help me or give me a push in the right direction. Firstly we are running Squid 2.5 Stable 10 on Fedora Core 4, behi= nd a Shorewall firewall with squid_ldap_group authentication. Now= what I want to know is, is it possible for Squid or any other Li= nux package to queue a download job for after hours, lets say tha= t a user wants to download a file @ 10:00 in the morning but I on= ly want to allow that download after 5 in the afternoon. (I hope=20= that I'm making sense) To get back to my question.is it possible, can Squid or any o= ther program do that??? I tried searching on the net but wasn= 't very successful. Hello Merwe, Yes. It is possible. You can try with the following ACL acl aclname time [day-abbrevs] [h1:m1-h2:m2] -- Thanks, Visolve Squid Team, http://squid.visolve.com
Re: [squid-users] Squid Transparent Proxy with Auth User
RdBSD wrote: Dear All, Is there any futures in squid-3 that will auth user with transparent proxy mode ? Hello, No . It is not possible. With interception proxying, the client thinks it is talking to an origin server and would never send the /Proxy-authorization/ request header. For more details visit: http://wiki.squid-cache.org/SquidFaq/InterceptionProxy#head-e56904dd4dfe0e21e5c2903473c473d401533ac7 Thanks, Visolve Squid Team, http://squid.visolve.com
Re: [squid-users] status codes meanings..
Linda W wrote: I was trying to track down a problem and got distracted on squid status codes. I was curious on how to interpret these. I extracted the status codes from each line, sorted, counted and got: 1 TCP_CLIENT_REFRESH_MISS/000 955 TCP_CLIENT_REFRESH_MISS/200 *TCP_CLIENT_REFRESH_MISS -* The client issued a "no-cache" pragma, or some analogous cache control command along with the request. Thus, the cache has to refetch the object. 6 TCP_MISS/000 *TCP_MISS* -The requested object was not in the cache 1 TCP_NEGATIVE_HIT/404 *TCP_NEGATIVE_HIT* - Request for a negatively cached object, e.g. "404 not found", for which the cache believes to know that it is inaccessible. Also refer to the explainations for /negative_ttl/ in your /squid.conf/ file. 2 TCP_SWAPFAIL_MISS/200 --- *TCP_SWAPFAIL_MISS* - The object was believed to be in the cache, but could not be accessed. For more details of squid status codes in: http://wiki.squid-cache.org/SquidFaq/SquidLogs#head-2914f3a846d41673d4ae34018142e672b8f258ce -- Thanks, Visolve Squid Team, http://squid.visolve.com
Re: [squid-users] Download always get disconnected through proxy
Yong Bong Fong wrote: Dear friends, Wondering if anyone else face smilar issue to me with downloading problems through proxy. Many users complained to me that when they download through proxy, they often get corrupted file or download disconnected half way. Only if using download manager can the download be more reliable. I have come to the conclusion that it is my proxy problem because on the same link of download, if I use other direct connections internet, the download is perfect, but when go through proxy there is the problem with download disconnected... any idea what went wrong? thanks for taking time reading my mail... Regards Yong Hello Yong, Check and send the cache.log messages while you are downloading through proxy. -- Thanks, Visolve Squid Team, http://squid.visolve.com
Re: [squid-users] Howto NOT log URLs in access.log
Michael Ellis wrote: Hi, I was wondering if anyone knows of a way to configure squid so that it does not write the URL to access.log. All I want to know is who was browsing the web from which computer and when (date, client ip, and authname). This is to comply with personal privacy and information policies and laws. Hello Mike Ellis, In squid-2.6, you can customize the access log format by using logformat directive in squid.conf file. logformat squid %ts.%03tu %6tr %>a %Ss/%03Hs %http://squid.visolve.com
Re: [squid-users] How to rotate logs in Squid
Mehmet, Levent (Accenture) wrote: Hi We have just installed Squid and I would like to know how rotate the logs files. Hello Mehmet, The command " squid -k rotate" will rotate the log files. -- Thanks, Visolve Squid Team, http://squid.visolve.com
Re: [squid-users] TCP_MISS/503
Fabio wrote: hi everyone I have a BIG problem I can't solve with my squid. sometimes (randomly) I have an error in retrieving the URL in logs it appears as: 1153487449.160 2211 10.91.195.69 TCP_MISS/503 1660 GET http://www.sing365.com/music/lyric.nsf/Disposition-lyrics-Tool/C574A6A82533DECC48256A57002CEDB3 - NONE/- text/html 1153487449.332 1 10.91.195.69 TCP_MISS/503 1538 GET http://www.sing365.com/favicon.ico - NONE/- text/html 1153487455.352 45 10.91.195.69 TCP_MISS/503 1660 GET http://www.sing365.com/music/lyric.nsf/Disposition-lyrics-Tool/C574A6A82533DECC48256A57002CEDB3 - NONE/- text/html from what it's depends? where can I find the explanation of the error codes? regards, Hello Fabio, *TCP_MISS* message will come when the requested object is not in the cache. For more details about squid status codes visit at: http://wiki.squid-cache.org/SquidFaq/SquidLogs#head-2914f3a846d41673d4ae34018142e672b8f258ce. -- Thanks, Visolve Squid Team, http://squid.visolve.com
Re: [squid-users] Maybe I should not have apt-get dist-upgrade
Brent Clark wrote: Hey all This morning I came across something most strange. I upgrade from 2.5 to 2.6 via debians apt-get dist-upgrade. I now see the following Restarting Squid HTTP proxy: squid2006/07/25 09:11:56| parseConfigFile: line 136 unrecognized: 'httpd_accel_host virtual' 2006/07/25 09:11:56| parseConfigFile: line 137 unrecognized: 'httpd_accel_port 80' 2006/07/25 09:11:56| parseConfigFile: line 138 unrecognized: 'httpd_accel_with_proxy on' 2006/07/25 09:11:56| parseConfigFile: line 139 unrecognized: 'httpd_accel_uses_host_header on' 2006/07/25 09:11:56| parseConfigFile: line 146 unrecognized: 'httpd_accel_single_host off' Hello Brent Clark, The above configuration directives are changed from squid -2.5. The transparent proxy setup can be done by using the following directive in squid-2.6. http_port 172.16.1.57: transparent For more detials about squid-2.6 at : http://www.squid-cache.org/Versions/v2/2.6/squid-2.6.STABLE1-RELEASENOTES.html -- Thanks, Visolve Squid Team, http://squid.visolve.com
Re: [squid-users] authentication
Paul wrote: Hi, I have configure my squid with poxy_auth and all the computers which use internet use this proxy (of course I need to enter login and password), but I have a machine which is not possible to enter the password. Any one knows how can I make an exception with one user. Is it possible to avoid the squid authentication for one user or IP address. Hello Paul, Yes. You can avoid the squid authentication for one ip address by using following ACL configuration in squid.conf file. auth_param basic program /usr/local/squid/libexec/ncsa_auth /usr/local/squid/etc/passwd acl auth_users proxy_auth REQUIRED acl restricted src "/usr/local/squid/iplist" acl allow_user src 172.16.1.27 http_access allow allow_user http_access allow auth_users restricted -- Thanks, Visolve Squid Team, http://squid.visolve.com
Re: [squid-users] HTML Caching
Andrew Yoward wrote: Hi Folks, how to turn off caching of HTML? Hello Andrew, It can be done by using following ACL acl html rep_mime_type -i text/html cache deny html -- Thanks, Visolve Squid Team, http://squid.visolve.com
Re: [squid-users] (111) connection refused ERROR FOR SITES REQUIRING LOGIN
vinayan K P wrote: Hello, Hope someone could help me. I am using a squid proxy (squid-2.5.STABLE13-1.FC4) behind another squid proxy and firewall. Hello Vinayan, If you are behind a firewall then you can't make direct connections to the outside world, so you *must* use a parent cache. Squid doesn't use ICP queries for a request if it's behind a firewall or if there is only one parent. You can use the /never_direct/ access list in /squid.conf/ to specify which requests must be forwarded to your parent cache outside the firewall, and the /always_direct/ access list to specify which requests must not be forwarded. For example, if Squid must connect directly to all servers that end with /mydomain.com/, but must use the parent for all others, you would write: acl INSIDE dstdomain .mydomain.com always_direct allow INSIDE never_direct allow all For more Details visit: http://wiki.squid-cache.org/SquidFaq/ConfiguringSquid#head-f7c4c667d4154ec5a9619044ef7d8ab94dfda39b -- Thanks, Visolve Squid Team, http://squid.visolve.com
Re: [squid-users] Accelerator Question
Pablo García wrote: Hi, I was running a Squid in accelerator mode, for a bunch of web sites I own. The setup was very basic : Client ---Internet--- Squid --Local Lan-- Web servers the squid decides wich web server to access for the content based on /etc/hosts so, my settings in the squid.conf were : httpd_accel_port 80 httpd_accel_host virtual httpd_accel_with_proxy on httpd_accel_uses_host_header on Now, I changed to Squid 2.6 Stable 2, and since the configuration changes for this scenario I'm not sure how to configure it right. Is this the right configuration option ? "http_port 80 vhost vport" or is this other ? "http_port 80 transparent" Hello Pablo, Transparent Proxy setup for squid-2.6Stable 2 can be done by using the following configuration directive in squid.conf file. "http_port 3128 transparent" Reverse proxy setup can be done by using the following directives http_port 80 vhost cache_peer virtual parent 0 no-query originserver xxxx-Server listen port -- Thanks, Visolve Squid Team, http://squid.visolve.com
Re: [squid-users] Ignoring certain status codes/content inspection?
Oscar Rylin wrote: Recently, one of our accelerated machines started throwing out errors, and it got me thinking. Would it be possible to have Squid not cache objects based on a status code (for instance 500/Internal server error, 403 forbidden etc)? This would be something along the lines of content-inspection, so a quick take of the flow that would happen would be: 1: Client connects to Squid and requests www.normally.cacheable/object 2: Squid notices that the object is stale and attempts to retrieve a fresh copy from the origin server 3: Origin server returns Status: 500 in the headers, and Squid defaults to serving up the stale object instead of the fresh (but broken) object Any ideas, finger-pointing or such would be greatly appreciated Hello Oscar Rylin, We guess it might be Time-to-Live (TTL) for failed requests. Certain types of failures (such as "connection refused" and "404 Not Found") are negatively-cached for a configurable amount of time. The default is 5 minutes. Note that this is different from negative caching of DNS lookups. Check with negative_ttl directive in squid.conf file. -- Thanks, Visolve Squid Team, http://squid.visolve.com
Re: [squid-users] Squid access control problem.
Adam O'Neill wrote: I set "http_access allow all" (after specifying the local network with a proper subnet did not work) in addtion to "http_reply_access allow all" and "acl Safe_ports port 80". I still receive a "Access control configuration prevents your request from being allowed at this time." error when trying to browse. I assume I still have to change something in the acl, but I can't determine what. Working off a minimally modified default configuration. Current test browser is IE. Hello Adam, Consult your browser's help feature. Also, some firewalls, LAN scripts, or Internet Service Providers (ISP) prevent access to the on-line application because of the port or IP address. For more details about access list and ACL elements visit : http://wiki.squid-cache.org/SquidFaq/SquidAcl Thanks, Visolve Squid Team http://www.visolve.com/squid/
Re: [squid-users] what does it means
kashif Mazhar wrote: plz tel me what does this line means and why this is happening to my squid, As squid started unefficient after 1 day and within 4 to 5 days it goes DIE. along with many error lines i found this in it. plz let me know about it. 2006/08/08 18:06:00| idnsCheckQueue: ID 329f: giving up after 31 tries and 306.2 seconds Hello Mazhar, Check your DNS setup and cache.log messages Thanks, Visolve Squid Team http://www.visolve.com/squid/
Re: [squid-users] Increasing filedescriptors
Stuart J. Newman wrote: I am running squid 2.5.STABLE3 from Redhat in Redhat Enterprise Linux 3. I have followed the instructions to increase the number of filedescriptors to 2048 using the instructions in the FAQ. I have checked include/autoconf.h and verified that the 2048 number was in the header file. However, when I use Cachemgr to examine the number of filedescriptors, it says I have only 1024. Where have I gone wrong? Stuart J. Newman System Engineer IT Globalsat Telecommunications Voice (240) 553-9423 Fax (301) 483-4350 [EMAIL PROTECTED] www.globalsat.com Hello Newman, Squid might be compiled with 1024 filedescriptors. So need to set the "ulimit -HSn 2048" and recompile the squid. Thanks, Visolve Squid Team http://www.visolve.com/squid/
Re: [squid-users] How to control the bandwidth of websites using squid?
Jamshid KP wrote: HI, In my company we are using Fedora Core 2 as Operating System and Squid-2.5and Proxy server. I wish to delay the bandwidth of somewebsites through Squid. Please help me to find out where will I put the URL of websites in Squid.conf delay the bandwidth One more matter also. Is there any other way like..creating a file and adding website URL's in that file instaead of editing squid.conf file everytime to delay the bnadwidth Hello Jamshid, Delay pools provide a way to limit the bandwidth of certain requests based on any list of criteria. The idea came from a Western Australian university who wanted to restrict student traffic costs (without affecting staff traffic, and still getting cache and local peering hits at full speed). For more details visit: http://wiki.squid-cache.org/SquidFaq/MiscFeatures?highlight=%#head-fd9b4b7ba1854a3c21796173af9d0b9aee33e376 Thanks, Visolve Squid Team http://www.visolve.com/squid/
Re: [squid-users] Authentication for Selective Users
Manish Kathuria wrote: Squid proxy server has been configured with Basic Authentication and is running perfectly. Is it possible to allow some users to bypass Authentication on the basis of their IP Addresses and/or Mac addresses under this or some other Authentication Scheme ? Hello Kathuria, Yes. It can be done by using the following configuration in squid.conf. acl allow_users src "/usr/local/squid/iplist_for_allowusers" http_access allow allow_users http_access allow auth_users Thanks, Visolve Squid Team http://www.visolve.com/squid/
Re: [squid-users] almost there , just a little help needed
S t i n g r a y wrote: Well thanks to all the help you guys provided i have enabled for the first time OpenBSD + squid+ squidguard on my network, internet seems to work very fast now . thank you now i want to know how to block only specific ips "specified in a file" to download .exe & mp3 files from internet according to my limited knowledge i have made this config , but its not working , can you please tell me whats wrong ? & how should i put it ? Expression file \.(ra?m|mpe?g?|mov|movie|qt|avi|dif|dvd?|exe|mp3)($|\?) Hello Stingray, You can block the downloands for specificied IP's by using the following acl setting in squid configuration file(squid.conf). acl restricted_IPs src "/usr/local/ip_list_file" acl restricted_dwnlds urlpath_regex [i] \.mp3$ \.exe$ http_access deny restricted_dwnlds restricted_IPs Thanks, Visolve Squid Team http://www.visolve.com/squid/
Re: [squid-users] http_port - squid 2.6
Dave wrote: Hi Old versions of squid used: http_port proxy.gdmckee.home:3128 82.36.186.17:80 When I try the same from squid 2.6 I get an error. How can I correct = this? Only using squid as a proxy server and a reverse proxy. Hello Dave, The reverse proxy for squid-2.6 is little bit different from older version. It can be done by the following modification in squid.conf http_port 80 vhost cache_peer virtual parent [server listen port] 0 no-query originserver http_access allow all Thanks, Visolve Squid Team http://www.visolve.com/squid/
Re: [squid-users] ntlm authentication
Wilson A. Galafassi Jr. wrote: Hello. Can someone tell me some good documentation or howto to use ntlm authentication with samba? Hello Galafassi, NTLM authentication is a challenge-response authentication type. NTLM is a bit different and does not obey the standard rules of HTTP connection management. The authentication is a three step (5 way) handshake per TCP connection, not per request. For more details to configure ntlm visit : http://www.visolve.com/squid/ Thanks, Visolve Squid Team http://www.visolve.com/squid/
Re: [squid-users] squid-2.6.STABLE2-20060814 -- Delay Pools Working ?..
Rayudu Madhava wrote: Sir, Delay Pools in squid 2.6 stable 2 (20060814) seems not working.. Hello Madhava, Delay pools now work again in squid-2.6STABLE3. For more details visit: http://www.squid-cache.org/Versions/v2/2.6/squid-2.6.STABLE3-RELEASENOTES.html Thanks, Visolve Squid Team http://www.visolve.com/squid/
Re: [squid-users] Access Denied (Newbie)
beno wrote: Hi; Here are what I believe are the pertinent lines from my squid.conf file: cache_peer 2012.vi parent 7080 2020 default no-query http_port 2020 vhost acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl Safe_ports port 80 8080 7080 transparent where "2012.vi" is the name of the site, "7080" is the port to which Zope is listening for requests and "2020" is where squid is listening. I want all requests for all pages on 2012 to be passed transparently to port 7080. When I surf to that page, however, I get a squid error stating that access is denied. However, before I passed this request through squid, I got no such error and the page was correctly served. Please help me understand what I've done wrong. TIA, Hello , Check your http_access rules in squid.conf. Thanks, Visolve Squid Team http://www.visolve.com/squid/
Re: [squid-users] How to hide squid version information?
Monty Ree wrote: Hello, all. I would like to hide squid version or server information for security reason. So I set "via off" at squid.conf file. But via information is seen as ever. Is there any directive or method like ServerTokens at apache? Hello , Compile squid by altering the following line in squid source file src/errorpage.c. Line:69: "Generated %T by %h (%s)\n" In the above line %s denotes the squid version which can modified to the requirement. Thanks, Visolve Squid Team http://www.visolve.com/squid/
Re: [squid-users] Forwarding loop?
Ralf Hildebrandt wrote: We're using a intranet -> squid -> Dansguardian -> squid -> Internet setup to filter the traffic for viruses This must be the cause for this warning: Aug 27 23:18:46 proxy-cvk-2 squid[27921]: WARNING: Forwarding loop detected for: Client: 127.0.0.1 http_port: 127.0.0.1: GET http://127.0.0.1/squid-internal-periodic/store_digest HTTP/1.0^M Accept: application/cache-digest^M Accept: text/html^M Host: 127.0.0.1:3129^M Via: 0.0 wlan-proxy.charite.de:3128 (squid/2.6.STABLE3), 1.0 proxy-cvk-2-nocache.charite.de: (squid/2.6.STABLE3)^M X-Forwarded-For: unknown, unknown, 127.0.0.1^M Cache-Control: max-age=259200^M Connection: keep-alive^M X-Forwarded-For: unknown, unknown, 127.0.0.1^M ^M Aug 27 23:18:46 proxy-cvk-2 squid[27916]: temporary disabling (Not Found) digest from 127.0.0.1 How can I prevent the internal stuff from being forwarded to the parent_proxy? Hello Hildebrand, A forwarding loop is when a request passes through one proxy more than once. You can get a forwarding loop if * a cache forwards requests to itself. This might happen with interception caching (or server acceleration) configurations. * a pair or group of caches forward requests to each other. This can happen when Squid uses ICP, Cache Digests, or the ICMP RTT database to select a next-hop cache. Thanks, Visolve Squid Team www.visolve.com/squid/
Re: [squid-users] reverse proxy v2.6
dale wilhelm wrote: it appears that reverse proxy has been removed from the 2.6 version... does anyone know of a reason why this rm'd and if there is a work around??? i have the following in my config for 2.5: httpd_accel_host ( ip addr ) httpd_accel_port 8083 httpd_accel_single_host on httpd_accel_with_proxy on all httpd_accel* directives are now gone... any help would be Hello Wilhelm, Reverse proxy configuration for squid-2.6 can be done by using the following configuration in squid.conf. http_port 80 vhost cache_peer virtual parent [server listen port] 0 no-query originserver http_access allow all Thanks, Visolve Squid Team www.visolve.com/squid/
