[squid-users] Plain HTML site not opening through squid.
I am facing this weird problem while trying to open a site mkm.drdo.gov.in = using squid 3.1.10. While the site works fine bypassing squid. While using squid - I am getting "Zero Sized Reply" on the client browser w= hereas my access.log says http://mkm.drdo.gov.in/ - NONE/- text/html Any help is highly solicited.
[squid-users] Download cap using squid in linux.
Is there a way we can do following things using squid. 1. Put an upper cap on total Download size in a month per user (users are configured on LDAP). 2. Put an upper cap on the no of hours of usage per month per user. I shall be obliged if someone can tell me an alternate solution not there by default in squid. Thanks in anticipation. regards, Vivek
Re: [squid-users] Requirement to restrict one user accessing squid only from one I.P Address.
On Wed, Apr 28, 2010 at 3:50 PM, Amos Jeffries wrote: > Vivek Varghese Cherian wrote: >> >> Hi, >> >> My client has a requirement where he would like to ensure that a user >> authorized >> to squid should be able to access the internet from only one I.P Address. >> >> Her requirement is that even if one of her users shares her password >> with the second >> user, the second should not be able to login except from the first >> user's machine, not >> even on the second user's machine or any other machine in the network >> for that matter. >> >> The client has around 1000 users in her organization who frequently >> share their user names and password with other users. >> >> Any pointers/urls in this direction would be most welcome. If this >> question has been answered previously in this mailing list, a pointer >> in that direction would suffice. >> >> Thanks in advance. >> >> Regards, > > I see you are faced with the major job dealing with a seriously dangerous > habit amongst your users. > > The only real solution is education. The users must be taught not to share > access privileges. This is going to take some work and probably a fair > amount of time as well. > > You will need a plan of attack on the problem and support from your > organizations management to make this fully work. The management will need > to make policies prohibiting credentials being shared and outline some > consequences if they are. > > A) The easy initial catch is to use a max_user_ip type ACL which detects > multiple-IPs using the same credentials. > A deny_info splash page for that ACL can be used to inform the users that > their offence has been caught and re-inforce the organization policies. > This can be fooled in circumstances where DHCP dynamically assigns IPs, or > NAT hides whole groups of users. > > > B) As Jeff pointed out the arp type ACL can go beyond IP address and detect > individual machines network cards. > This can fail if the network has any routers between the users and Squid. > And may require organization-wide proxy-ARP protocol to be implemented. > > C) The other way is to create a database matching user logins to the IP > address the user is assigned. Create a external_acl_type script to take > %LOGIN %SRC parameters and lookup the database for a matching pair. > Returning OK/ERR about whether the request is allowed or not. > This can be fooled by NAT, or users setting their IP manually or relaying > requests through a box which does either for them. > > Amos > -- > Please be using > Current Stable Squid 2.7.STABLE9 or 3.1.1 > Thanks Jeff, Sagar and Amos for your invaluable feed backs. -- Vivek Varghese Cherian Senior Systems Administrator RHCT ( # 605010995430406) Website : http://vivekvc.freeshell.org Blog: http://vivekvc.wordpress.com Linkedin: http://www.linkedin.com/in/vivekvc IRC: Vivek and ViveKVC on both Freenode and OFTC GPG Key fingerprint = 1EB1 0647 9574 18A3 40B5 8D74 F842 576B 3C2B 8538
[squid-users] Requirement to restrict one user accessing squid only from one I.P Address.
Hi, My client has a requirement where he would like to ensure that a user authorized to squid should be able to access the internet from only one I.P Address. Her requirement is that even if one of her users shares her password with the second user, the second should not be able to login except from the first user's machine, not even on the second user's machine or any other machine in the network for that matter. The client has around 1000 users in her organization who frequently share their user names and password with other users. Any pointers/urls in this direction would be most welcome. If this question has been answered previously in this mailing list, a pointer in that direction would suffice. Thanks in advance. Regards, -- Vivek Varghese Cherian Senior Systems Administrator Website : http://vivekvc.freeshell.org Blog: http://vivekvc.wordpress.com Linkedin: http://www.linkedin.com/in/vivekvc IRC: Vivek and ViveKVC on both Freenode and OFTC GPG Key fingerprint: 0F53 447E A8D1 C4F7 C14E F117 A040 E935 7DFA D159
Re: [squid-users] squidclient help
Hi Amos, Thanks for your reply. i tired with "purge" tool. But works for localhost well. How do we use "purge" toll for remote squid ? Any possibilities ?... Thanks in advance. Thanks, Vivek -Original Message- From: Amos Jeffries To: squid-users@squid-cache.org Sent: Fri, 19 Feb 2010 4:38 pm Subject: Re: [squid-users] squidclient help Vivek wrote: Hi All, > I am trying to get the URLs of cached objects in disk in via squidclient. > #squidclient mgr:vm_objects > Retrieves the list of objects in the memory cache. It contains the URL > link ( GET http://127.0.0.1:3181/id=02591000260870/image.png ) --- KEY 3BAE20D702DCFA4225D988B1F151EA92 GET http://127.0.0.1:3181/id=02591000260870/image.png STORE_OK IN_MEMORY SWAPOUT_NONE PING_DONE CACHABLE,DISPATCHED,VALIDATED LV:1266548360 LU:1266548360 LM:-1EX:1266893960 0 locks, 0 clients, 1 refs Swap Dir -1, File 0X inmem_lo: 0 inmem_hi: 16553 swapout: 0 bytes queued --- > #squidclient mgr:objects > Retrieves the list of all cached objects (including those on disk). But > it doesn't contain the URL link. Sure it does... --- KEY 14A08323AC805484B4161AFCC0228C02 ^^^ hash of the URL and unique request meta data. :) Not very helpfull though I know. STORE_OK NOT_IN_MEMORY SWAPOUT_DONE PING_DONE CACHABLE,DISPATCHED,VALIDATED LV:1266548026 LU:1266548232 LM:-1EX:1266893626 0 locks, 0 clients, 2 refs Swap Dir 0, File 0X004471 --- > How do we get the URLs of disk cache objects using squidclient or any > other method... Lookup the "purge" tool. It does a lot of cache storage management stuff like you seem to want. Amos -- Please be using Current Stable Squid 2.7.STABLE8 or 3.0.STABLE24 Current Beta Squid 3.1.0.16
[squid-users] squidclient help
Hi All, I am trying to get the URLs of cached objects in disk in via squidclient. #squidclient mgr:vm_objects Retrieves the list of objects in the memory cache. It contains the URL link ( GET http://127.0.0.1:3181/id=02591000260870/image.png ) --- KEY 3BAE20D702DCFA4225D988B1F151EA92 GET http://127.0.0.1:3181/id=02591000260870/image.png STORE_OK IN_MEMORY SWAPOUT_NONE PING_DONE CACHABLE,DISPATCHED,VALIDATED LV:1266548360 LU:1266548360 LM:-1EX:1266893960 0 locks, 0 clients, 1 refs Swap Dir -1, File 0X inmem_lo: 0 inmem_hi: 16553 swapout: 0 bytes queued --- #squidclient mgr:objects Retrieves the list of all cached objects (including those on disk). But it doesn't contain the URL link. --- KEY 14A08323AC805484B4161AFCC0228C02 STORE_OK NOT_IN_MEMORY SWAPOUT_DONE PING_DONE CACHABLE,DISPATCHED,VALIDATED LV:1266548026 LU:1266548232 LM:-1EX:1266893626 0 locks, 0 clients, 2 refs Swap Dir 0, File 0X004471 --- How do we get the URLs of disk cache objects using squidclient or any other method... Thanks, Vivek
Re: [squid-users] Re: Credentails for embedded links
Hendrik, Thanks for your reply. Is it possible to set proxy authentication credentials ( username/password ) permanently in the browser. I tried that, but no luck. Please share your views; Thanks vivek -Original Message- From: Henrik Nordstrom To: Vivek Cc: squid-users@squid-cache.org; squ...@treenet.co.nz Sent: Mon, 5 Oct 2009 1:59 am Subject: [squid-users] Re: Credentails for embedded links ons 2009-09-23 klockan 06:29 -0400 skrev Vivek: Is there any workaround for this issue ( in squid or browser ) ? Has do be done in the browser. REgards Henrik
Re: [squid-users] Credentials for embedded links
Hi, I think, this is a normal behaviour. Browser tries to fetch all embedded links in the same time. Any possibilities to avoid this, in Outlook mail or in browser or in squid... Please share your views. Vivek -Original Message- From: Vivek To: squid-users@squid-cache.org; squ...@treenet.co.nz; hen...@henriknordstrom.net Sent: Wed, 23 Sep 2009 3:59 pm Subject: [squid-users] Credentials for embedded links HI All, I am using squid with LDAP authentication. It works fine. I have configured the proxy settings in IE. My Outlook express uses the same proxy settings that is configured in IE. If I want to open any html attachments ( Attachment has embedded links href for images ), the browser pop-up authentication for all images. If the attachment has 10 images ( Embedded links images ), it open 10 pop-up window at a same time. Is there any workaround for this issue ( in squid or browser ) ? Thanks Vivek
[squid-users] Credentails for embedded links
HI All, I am using squid with LDAP authentication. It works fine. I have configured the proxy settings in IE. My Outlook express uses the same proxy settings that is configured in IE. If I want to open any html attachments ( Attachment has embedded links href for images ), the browser pop-up authentication for all images. If the attachment has 10 images ( Embedded links images ), it open 10 pop-up window at a same time. Is there any workaround for this issue ( in squid or browser ) ? Thanks Vivek
Re: [squid-users] wccp service lost issue
Amos, Thanks for your reply. I am using 300GB for caching ( aufs ) and 16GB of RAM. If the connection loss is a normal one, i will reconsider the way i rotate files. Thanks again. Vivek -Original Message- From: Amos Jeffries To: Vivek Cc: squid-users@squid-cache.org Sent: Fri, 21 Aug 2009 1:27 pm Subject: Re: [squid-users] wccp service lost issue Vivek wrote: Amos, I didn't see any errors related to squid restart/crash in cache.log. Is there any way to debug this ? Other than dumping the WCCP info display on the router I have no idea. As Adrian said, its probably just a temporary issue with a long index rebuild causing Squid to ignore one of the WCCP announcements. If so the loss time will remain the same no matter how frequently or infrequently you rotate. Thus less often will be less outage time. Amos -- Please be using Current Stable Squid 2.7.STABLE6 or 3.0.STABLE18 Current Beta Squid 3.1.0.13 You are invited to Get a Free AOL Email ID. - http://webmail.aol.in
Re: [squid-users] wccp service lost issue
Amos, I didn't see any errors related to squid restart/crash in cache.log. Is there any way to debug this ? Thanks, Vivek -Original Message- From: Amos Jeffries To: Tom Penndorf Cc: Vivek ; squid-users@squid-cache.org Sent: Wed, 19 Aug 2009 3:59 pm Subject: Re: [squid-users] wccp service lost issue Tom Penndorf wrote: Hello, Vivek schrieb: Amos, I am rotating the logs using " squid -k rotate ". In the crontab, 0 */1 * * * /usr/local/squid/sbin/squid -k rotate I think, this will cause squid to do an reload, so it will shortly stop the wccp-service. Perhaps, you should rotate the files only once a day. "-k rotate" was the right way to do it. Only reloads the helpers and rotates the logs. WCCP and other public-facing services should not be seeing any loss of service at all on rotate. Worst case is a short[1] lag while the store index journal gets rebuilt and dumped to disk. [1: for various definitions of 'short'.] Is there any sign in cache.log of Squid crashing at or around those times? 2.7 has an auto-restart built in that may be masking it from notice. Tom squid version - squd-2.7 Stable 6 IOS version - 12.4(15)T6 Thanks, Vivek Amos -- Please be using Current Stable Squid 2.7.STABLE6 or 3.0.STABLE18 Current Beta Squid 3.1.0.13 You are invited to Get a Free AOL Email ID. - http://webmail.aol.in
Re: [squid-users] wccp service lost issue
Amos, I am rotating the logs using " squid -k rotate ". In the crontab, 0 */1 * * * /usr/local/squid/sbin/squid -k rotate squid version - squd-2.7 Stable 6 IOS version - 12.4(15)T6 Thanks, Vivek -Original Message- From: Amos Jeffries To: Vivek Cc: squid-users@squid-cache.org Sent: Wed, 19 Aug 2009 1:14 pm Subject: Re: [squid-users] wccp service lost issue Vivek wrote: Hi All, I am currently using two squid server with Tproxy and wccp. Everything is working fine. I have scheduled a cronjob for everyone hour to rotating the squid logs. But at that time, in the router log, i saw the services 80 and 90 of both proxies lost their connection with router and then acquired with in a minute. %WCCP-1-SERVICELOST: Service 80 lost on client xx.xx.xx.xx %WCCP-1-SERVICELOST: Service 90 lost on client xx.xx.xx.xx %WCCP-5-SERVICEFOUND: Service 80 acquiredt on client xx.xx.xx.xx %WCCP-5-SERVICEFOUND: Service 90 acquired on client xx.xx.xx.xx %WCCP-1-SERVICELOST: Service 80 lost on client yy.yy.yy.yy %WCCP-1-SERVICELOST: Service 90 lost on client yy.yy.yy.yy %WCCP-5-SERVICEFOUND: Service 80 acquiredt on client yy.yy.yy.yy %WCCP-5-SERVICEFOUND: Service 90 acquired on client yy.yy.yy.yy Please give your views... Thanks in advance.. How exactly are you "rotating the squid logs" ? Amos -- Please be using Current Stable Squid 2.7.STABLE6 or 3.0.STABLE18 Current Beta Squid 3.1.0.13 You are invited to Get a Free AOL Email ID. - http://webmail.aol.in
[squid-users] wccp service lost issue
Hi All, I am currently using two squid server with Tproxy and wccp. Everything is working fine. I have scheduled a cronjob for everyone hour to rotating the squid logs. But at that time, in the router log, i saw the services 80 and 90 of both proxies lost their connection with router and then acquired with in a minute. %WCCP-1-SERVICELOST: Service 80 lost on client xx.xx.xx.xx %WCCP-1-SERVICELOST: Service 90 lost on client xx.xx.xx.xx %WCCP-5-SERVICEFOUND: Service 80 acquiredt on client xx.xx.xx.xx %WCCP-5-SERVICEFOUND: Service 90 acquired on client xx.xx.xx.xx %WCCP-1-SERVICELOST: Service 80 lost on client yy.yy.yy.yy %WCCP-1-SERVICELOST: Service 90 lost on client yy.yy.yy.yy %WCCP-5-SERVICEFOUND: Service 80 acquiredt on client yy.yy.yy.yy %WCCP-5-SERVICEFOUND: Service 90 acquired on client yy.yy.yy.yy Please give your views... Thanks in advance.. Thanks, Vivek You are invited to Get a Free AOL Email ID. - http://webmail.aol.in
[squid-users] Bridge / Transparent mode
Hi All, I am trying to make transparent proxy in bridge setup. Squid responses very quick in direct proxy mode. But it takes too long in transparent mode. In access.log i saw it took more minutes for every single request === Interfaces:- eth0 - Management br0 - eth2 eth3 I tried with following rules. ebtables -t broute -A BROUTING -p IPv4 --ip-protocol 6 --ip-destination-port 80 -j redirect --redirect-target ACCEPT iptables -t nat -A PREROUTING -i br0 -p tcp --dport 80 -j REDIRECT --to-port 3128 Squid - 2.7 stable 6 In squid.conf http_port 3128 transparent Thanks in advance. Thanks, Vivek You are invited to Get a Free AOL Email ID. - http://webmail.aol.in
[squid-users] Tproxy v 4 + bridge + Packets not redirected
Hi All, I have configured squid + Tproxy v4 in bridge mode. Traffic goes via bridge. But it doesn't redirected to squid. I have followed the this squid wiki page http://wiki.squid-cache.org/Features/Tproxy4 and applied all the rules. Tproxy 4 doesn't work in bridge mode or i missed anything ? Regards Vivek You are invited to Get a Free AOL Email ID. - http://webmail.aol.in
[squid-users] Tproxy + FreeBSD
Hi All, Where can I download tproxy patch for FreeBSD ?. I thing tproxy patch is available for cacheboy. If it's available for squid pls give the link. Regards VIvek You are invited to Get a Free AOL Email ID. - http://webmail.aol.in
Re: [squid-users] Squid Parent: child process 28104 exited due to signal 9
Amos and Hendrik Please share your inputs about this issue I am using two squid server with Tproxy- WCCP setup. version - squid-2.7 stable 6. One server is running perfectly. But one squid stops abnormally. The following error, we got in syslog. Kernel - 2.6.20 ( ctt proxy) OS - Fedora 7. RAM - 4GB (256 cache_mem) Quad-core ( It has good hardware compare that another one squid). The machine was working well in the bridge setup. Errors in the /var/log/messages Apr 23 20:38:19 proxy2 kernel: squid invoked oom-killer: gfp_mask=0xd0, order=0, oomkilladj=0 Apr 23 20:38:19 proxy2 kernel: squid invoked oom-killer: gfp_mask=0xd0, order=0, oomkilladj=0 Apr 23 20:38:20 proxy2 squid[28102]: Squid Parent: child process 28104 exited due to signal 9 Apr 23 20:38:20 proxy2 kernel: squid invoked oom-killer: gfp_mask=0xd0, order=0, oomkilladj=0 Apr 23 20:38:20 proxy2 kernel: squid invoked oom-killer: gfp_mask=0xd0, order=0, oomkilladj=0 Apr 23 20:38:21 proxy2 kernel: squid invoked oom-killer: gfp_mask=0xd0, order=0, oomkilladj=0 Apr 23 20:38:21 proxy2 kernel: squid invoked oom-killer: gfp_mask=0xd0, order=0, oomkilladj=0 Apr 23 20:38:21 proxy2 kernel: squid invoked oom-killer: gfp_mask=0xd0, order=0, oomkilladj=0 Please give your inputs. Regards Vivek You are invited to Get a Free AOL Email ID. - http://webmail.aol.in You are invited to Get a Free AOL Email ID. - http://webmail.aol.in
[squid-users] Squid Parent: child process 28104 exited due to signal 9
Hi All, I am using two squid server with Tproxy- WCCP setup. version - squid-2.7 stable 6. One server is running perfectly. But one squid stops abnormally. The following error, we got in syslog. Kernel - 2.6.20 ( ctt proxy) OS - Fedora 7. RAM - 4GB (256 cache_mem) Quad-core ( It has good hardware compare that another one squid). The machine was working well in the bridge setup. Apr 23 20:38:19 proxy2 kernel: squid invoked oom-killer: gfp_mask=0xd0, order=0, oomkilladj=0 Apr 23 20:38:19 proxy2 kernel: squid invoked oom-killer: gfp_mask=0xd0, order=0, oomkilladj=0 Apr 23 20:38:20 proxy2 squid[28102]: Squid Parent: child process 28104 exited due to signal 9 Apr 23 20:38:20 proxy2 kernel: squid invoked oom-killer: gfp_mask=0xd0, order=0, oomkilladj=0 Apr 23 20:38:20 proxy2 kernel: squid invoked oom-killer: gfp_mask=0xd0, order=0, oomkilladj=0 Apr 23 20:38:21 proxy2 kernel: squid invoked oom-killer: gfp_mask=0xd0, order=0, oomkilladj=0 Apr 23 20:38:21 proxy2 kernel: squid invoked oom-killer: gfp_mask=0xd0, order=0, oomkilladj=0 Apr 23 20:38:21 proxy2 kernel: squid invoked oom-killer: gfp_mask=0xd0, order=0, oomkilladj=0 Please give your inputs. Regards Vivek You are invited to Get a Free AOL Email ID. - http://webmail.aol.in
[squid-users] Re: Tproxy + wccp + tcp_outgoing_address
Henrik, Thanks for your reply. I will check all the things you had mention. Get you back to you if i need. Thanks again for your reply. Regards Vivek -Original Message- From: Henrik Nordstrom To: Vivek Cc: squid-users@squid-cache.org Sent: Sun, 19 Apr 2009 1:42 pm Subject: Re: Tproxy + wccp + tcp_outgoing_address sön 2009-04-19 klockan 03:52 -0400 skrev Vivek: I have configured two squid servers in tproxy+wccp mode and its working fine. I am using squid 2.7 (ctt proxy) and gre tunnel. Browsing is very slow compare than normal tproxy+bridge mode. I assume the problem is both incoming and outgoing=2 0traffic passed via eth0 (Gigabit Ethernet ). I kind of doubt you have more than 900Mbps of traffic. I have an idea to use eth1 interface and change the tcp_outgoing_address from eth0 ip to eth1 ip. Won't help. The problem is something else. Is it possible? Ofcourse, but it's not as simple as tcp_outgoing_address. . or any other way to avoid this bottleneck First step is to identify the cause to the bottleneck. 1. How is the performance if you configure the browser to use the proxy? 2. Have you verified cabling, switch negotiation etc? Regards Henrik You are invited to Get a Free AOL Email ID. - http://webmail.aol.in
[squid-users] Tproxy + wccp + tcp_outgoing_address
Hi All, I have configured two squid servers in tproxy+wccp mode and its working fine. I am using squid 2.7 (ctt proxy) and gre tunnel. Browsing is very slow compare than normal tproxy+bridge mode. I assume the problem is both incoming and outgoing traffic passed via eth0 (Gigabit Ethernet ). I have an idea to use eth1 interface and change the tcp_outgoing_address from eth0 ip to eth1 ip. Is it possible ?. or any other way to avoid this bottleneck Thanks in advance. Regards VIvek You are invited to Get a Free AOL Email ID. - http://webmail.aol.in
Re: [squid-users] FreeBSD - Squid 2.7 - Transparent
My question is simple. Based on the instarutions given by http://wiki.squid-cache.org/ConfigExamples/Intercept/FreeBsdIpfw we should use " --enable-ipfw-transparent " this option when configuration squid. But the above option not available in squid 2.7. Is there any alternative for that? Regards Vivek -Original Message- From: Leslie Jensen To: Vivek Cc: squid-users@squid-cache.org; hen...@henriknordstrom.net; squ...@treenet.co.nz Sent: Wed, 8 Apr 2009 5:01 pm Subject: Re: [squid-users] FreeBSD - Squid 2.7 - Transparent HI All, I am trying to use squid 2.7 in FreeBSD machine. But there is no option available "--enable-ipfw-transparent" for configure the squid in transparent mode. How can we enable transparent mode when configuring squid?. Regards Vivek Before you compile, do make config! /Leslie -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. You are invited to Get a Free AOL Email ID. - http://webmail.aol.in
[squid-users] FreeBSD - Squid 2.7 - Transparent
HI All, I am trying to use squid 2.7 in FreeBSD machine. But there is no option available "--enable-ipfw-transparent" for configure the squid in transparent mode. How can we enable transparent mode when configuring squid?. Regards Vivek You are invited to Get a Free AOL Email ID. - http://webmail.aol.in
Re: [squid-users] Squid-tproxy patch for squid 3.0
Thanks Amos, As per the benchmark result 2.7 perform better than 3.1. But Tproxy v2 patch for 2.7 is obsolete. So that i need Tproxy v4 patch for squid 2.7. If anybody have have ?.. --Vivek -Original Message- From: Amos Jeffries To: Vivek Cc: squid-users@squid-cache.org Sent: Tue, 7 Apr 2009 2:23 pm Subject: Re: [squid-users] Squid-tproxy patch for squid 3.0 Vivek wrote: Thanks Amos, We want Tproxy v4 support ( 2.6.28 kernel support) for squid 2.7. If we could get squid-3.0-tproxy patch from any achieves it would be very helpful for us to develop a patch for 2.7.. There no single patch just a large collection of incremental changes. The 2.7 code base is also a lot different to the 3.x codebase in these areas. Whats missing from 3.1 that you need from 2.7? It would be a more future-proof work if the port was along the developer roadmap. Amos -- Please be using Current Stable Squid 2.7.STABLE6 or 3.0.STABLE13 Current Beta Squid 3.1.0.6 You are invited to Get a Free AOL Email ID. - http://webmail.aol.in
Re: [squid-users] Squid-tproxy patch for squid 3.0
Thanks Amos, We want Tproxy v4 support ( 2.6.28 kernel support) for squid 2.7. If we could get squid-3.0-tproxy patch from any achieves it would be very helpful for us to develop a patch for 2.7.. Thanks in advance. -VIvek -Original Message- From: Amos Jeffries To: Vivek Cc: squid-users@squid-cache.org Sent: Tue, 7 Apr 2009 12:17 pm Subject: Re: [squid-users] Squid-tproxy patch for squid 3.0 Vivek wrote: Hi All, I need squid tproxy patch for squid 3.0. I know squid 3.1 has the built-in code for tproxy support. But i need the patch file. Where can i download the patch( Not kernel patch) squid-tproxy patch?. If anybody knows give the link. The patch I and others were initially providing was found to be broken and was dropped when the support in 3.1 required a major kernel overhaul to fix the problem. Amos -- Please be using Current Stable Squid 2.7.STABLE6 or 3.0.STABLE13 Current Beta Squid 3.1.0.6 You are invited to Get a Free AOL Email ID. - http://webmail.aol.in
[squid-users] Squid-tproxy patch for squid 3.0
Hi All, I need squid tproxy patch for squid 3.0. I know squid 3.1 has the built-in code for tproxy support. But i need the patch file. Where can i download the patch( Not kernel patch) squid-tproxy patch?. If anybody knows give the link. Regards Vivek You are invited to Get a Free AOL Email ID. - http://webmail.aol.in
Re: [squid-users] Re: cache-peer problem - query string requests
Amos, Thanks for your reply. It is working. Regards Vivek -Original Message- From: Amos Jeffries To: Vivek Cc: squid-users@squid-cache.org; hen...@henriknordstrom.net Sent: Mon, 6 Apr 2009 5:51 pm Subject: [squid-users] Re: cache-peer problem - query string requests Vivek wrote: Hi All, I am using squid 2.7 and configured Polipo server as a parent of squid.. cache_peer 172.16.1.40 parent8123 3130 no-query default I think maybe heirarchy_stoplist is set in your Squid. Be aware there are bugs when Squid sends dynamic requests to peers which have not been resolved yet. Namely that Squid for legacy reasons forces no-cache into the headers on peer requests. Amos -- Please be using Current Stable Squid 2.7.STABLE6 or 3.0.STABLE13 Current Beta Squid 3.1.0.6 You are invited to Get a Free AOL Email ID. - http://webmail.aol.in
[squid-users] cache-peer problem - query string requests
Hi All, I am using squid 2.7 and configured Polipo server as a parent of squid.. cache_peer 172.16.1.40 parent8123 3130 no-query default But all the requests go via Polipo except the URLs with query ? string. How do we force the squid to send all the request to parent? You are invited to Get a Free AOL Email ID. - http://webmail.aol.in
Re: [squid-users] Pipeline and prefetch in squid
Thanks Amos and Hendrik. Your replies creates more interest on this topic. It helped us very much. Thanks Again. Regards, Vivek -Original Message- From: Henrik Nordstrom To: Amos Jeffries Cc: Vivek ; squid-users@squid-cache.org Sent: Tue, 31 Mar 2009 11:02 am Subject: Re: [squid-users] Pipeline and prefetch in squid tis 2009-03-31 klockan 11:15 +1300 skrev Amos Jeffries: I think pipeline is about pushing multiple separate requests down a single TCP link before the first replies have come back. Increasing the speed of responses, but at cost of error reliability in the later requests. pipeline_prefetch makes Squid process more than one concurrent request when the client pipelines requests to Squid. Squid does not pipeline requests to the server, instead it sends each concurrent request over a new connection. Due to some security & technical issues with HTTP over TCP it's not very likely Squid will pipeline requests in general any time soon. Collapsed Forwarding is about merging multiple client requests into a single request and sending only one request. Reply goes to multiple clients. (Think something like multi-cast stream merging, but for HTTP.) Correct. Actually Squid always does this when it knows the reply is cachable. The difference with collapsed_forwarding enabled is that Squid then assumes the reply will be cachable until it knows otherwise. Regards Henrik You are invited to Get a Free AOL Email ID. - http://webmail.aol.in
Re: [squid-users] Re: Transparent proxy in the same machine
Amos, Thanks for your reply. We did with tcp_outgoing_tos packet marking. (Redirect all the packet except marking). It's working. Is it correct or it will create any problems? Do share your views. Thanks, Vivek -Original Message- From: Amos Jeffries To: Vivek Cc: squid-users@squid-cache.org Sent: Mon, 30 Mar 2009 1:05 pm Subject: [squid-users] Re: Transparent proxy in the same machine Vivek wrote: Hi All, I am trying to use squid on my machine and I dont want to do the proxy settings for all the browsers that I use. So I have configure squid in transparent mode and redirected the http request to port 3128. How do I differentiate the browser request and the squid's forward request and how to add an iptables exception ?. You can't on the same machine. Try setting the environment global: http_proxy="http://127.0.0.1:3128/"; (assuming thats the IP/port squid is listening for localhost stuff. Then your browsers and other software only need to be set to 'use system settings'. That setting is the default on a lot of system utilities, so it catches their web access to useful effect too. Amos -- Please be using Current Stable Squid 2.7.STABLE6 or 3.0.STABLE13 Current Beta Squid 3.1.0.6 You are invited to Get a Free AOL Email ID. - http://webmail.aol.in
[squid-users] Transparent proxy in the same machine
Hi All, I am trying to use squid on my machine and I dont want to do the proxy settings for all the browsers that I use. So I have configure squid in transparent mode and redirected the http request to port 3128. How do I differentiate the browser request and the squid's forward request and how to add an iptables exception ?. Thanks, Vivek You are invited to Get a Free AOL Email ID. - http://webmail.aol.in
[squid-users] Transparent proxy in the same machine
Hi All, I am trying to use squid on my machine and I dont want to do the proxy settings for all the browsers that I use. So I have configure squid in transparent mode and redirected the http request to port 3128. You are invited to Get a Free AOL Email ID. - http://webmail.aol.in
[squid-users] Pipeline and prefetch in squid
Hello All, 1. What is use of pipeline_prefetch in squid configuration? 2. What is the difference between pipelining and collapsed forwarding? I need your inputs. -Vivek You are invited to Get a Free AOL Email ID. - http://webmail.aol.in
[squid-users] Cisco router IOS version for WCCP
Hi All, Which IOS version in 12.4 series is best for Squid+Tproxy+Wccp setup?. Some versions has bugs in traffic redirection. Please post the version details. Thanks, Vivek N. You are invited to Get a Free AOL Email ID. - http://webmail.aol.in
Re: [squid-users] Re: Need your help : Tproxy + WCCP
Henrik, Thanks for your prompting reply. I had configured the WCCP rules on the Ethernet 0 interface(Clients connected interface). Eth 1 - Squid server, Serial Int - internet. ip wccp 80 redirect in ip wccp 90 redirect out WCCP status in the router. Cisco-2851-IFT#sh ip wccp 80 detail WCCP Client information: WCCP Client ID: xx.xx.xx.xx Protocol Version:2.0 State: Usable Initial Hash Info: Assigned Hash Info: Hash Allotment: 256 (100.00%) Packets s/w Redirected: 5 Connect Time:00:04:31 Bypassed Packets Process: 0 Fast: 0 CEF: 0 Errors:0 Cisco-2851-IFT#sh ip wccp 90 detail WCCP Client information: WCCP Client ID: xx.xx.xx.xx Protocol Version:2.0 State: Usable Initial Hash Info: Assigned Hash Info: Hash Allotment: 256 (100.00%) Packets s/w Redirected: 0 Connect Time:00:05:11 Bypassed Packets Process: 0 Fast: 0 CEF: 0 Errors:0 Please give some ideas for troubleshooting this.. Thanks Vivek N. -Original Message- From: Henrik Nordstrom To: Vivek Cc: squid-users@squid-cache.org Sent: Wed, 18 Feb 2009 5:10 pm Subject: Re: [squid-users] Re: Need your help : Tproxy + WCCP ons 2009-02-18 klockan 06:31 -0500 skrev Vivek: wccp2_router xx.xx.xx.xx wccp_version 4 Why? This is related to WCCP(v1) and 4 is the default. No need to specify. In fact we should probably remove this directive even as it's not of any much practical use today, those with such old IOS versions better upgrade anyway.. wccp2_forwarding_method 1 wccp2_return_method 1 wccp2_assignment_method 1 wccp2_service dynamic 80 wccp2_service_info 80 protocol=tcp flags=src_ip_hash priority=240 ports=80 Ok. wccp2_service dynamic 90 wccp2_service_info 90 protocol=tcp flags=dst_ip_hash,ports_source priority=240 ports=80 No obvious errors there. and service 80 and 90 are enabled in the router. But only 80 service is working( Packets redirected), 90 service is not working. I would triple-check that the router config is correct. - Service configured - The router view of the wccp state. - That the wccp service is attached to the right interface of the router Regards Henrik You are invited to Get a Free AOL Email ID. - http://webmail.aol.in
Re: [squid-users] Re: Need your help : Tproxy + WCCP
Henrik, Thanks for your reply. This is my squid configuration for WCCP. wccp2_router xx.xx.xx.xx wccp_version 4 wccp2_forwarding_method 1 wccp2_return_method 1 wccp2_assignment_method 1 wccp2_service dynamic 80 wccp2_service_info 80 protocol=tcp flags=src_ip_hash priority=240 ports=80 wccp2_service dynamic 90 wccp2_service_info 90 protocol=tcp flags=dst_ip_hash,ports_source priority=240 ports=80 and service 80 and 90 are enabled in the router. But only 80 service is working( Packets redirected), 90 service is not working. Do share your views here. Thanks, Vivek N -Original Message- From: Henrik Nordstrom To: vivek...@aol.in Cc: squid-users@squid-cache.org Sent: Wed, 18 Feb 2009 3:04 pm Subject: [squid-users] Re: Need your help : Tproxy + WCCP There is no difference in WCCP or router configuration only because TPROXY is used. Are you really sure the WCCP + router config is the same? tis 2009-02-17 klockan 06:49 -0500 skrev vivek...@aol.in: Hello All, I am trying to setup a Tproxy+WCCP. WCCP+Transparent proxy works fine and also Tproxy works good without WCCP. I had followed the following link for WCCP configuration: http://wiki.squid-cache.org/ConfigExamples/FullyTransparentWithTPROXY. Only SYNC packets reaches the web server and return packets doesn't come to squid server. So we get connection timeout error. Problem in squid or Router ?. Please share your views on this issue. Thanks, Vivek You are invited to Get a Free AOL Email ID. - http://webmail.aol.in You are invited to Get a Free AOL Email ID. - http://webmail.aol.in
[squid-users] ZPH configuration in squid 2.7
Hi all, I try configure ZPH in squid 2.7 my configuration file like this.. tcp_outgoing_tos 0x20 example zph_mode tos In tcpdump shows all packet tos(0x20)... i need mark only in hit packets. how to configure all zph options.. please explain.. Thanks.
[squid-users] Problem In wccp2_service_info flag :dest_port_hash
Hi all, wccp2_service_info in squid configuration has 8 flags.. all flags work properly.. But ddest_port_hash not working. when we defined the that squid stop with errors..error: unknown flag: dest_port_hash -- Thanks Vivek .N
[squid-users] Squid2.5 config problem on W2KServer
I'm trying to setup squid 2.5 on win2k server box. This box has 2 NIC cards, one internal & other going to internet. The error I get is ' could not determine fully qualified hostname'. In my config file I've visible_hostname set to the local machine's hostname. I even tried setting the internale IP as visible_hostnem but no luck. Can someone please tell me what am I missing? Thanks, Vivek _ Add MSN 8 Internet Software to your existing Internet access and enjoy patented spam protection and more. Sign up now! http://join.msn.com/?page=dept/byoa
