[squid-users] Re: Latest stable version for debian Wheezy
and squidclient as 3.1.20 http://packages.debian.org/wheezy/squidclient Regards On Sat, Nov 23, 2013 at 9:16 AM, Sachin Gupta wrote: > Hi All, > > Which version of squid is stable and available for Debian Wheezy? > > Will 3.3.10 work on wheezy. Debian.org shows 2.7. > > Regards
[squid-users] Latest stable version for debian Wheezy
Hi All, Which version of squid is stable and available for Debian Wheezy? Will 3.3.10 work on wheezy. Debian.org shows 2.7. Regards
[squid-users] Re: squid dstdom_regex not working as expected
We want to block URLs like mail.yahoo.com, but not yahoo.com. Using dstdom_regex acl for this. Regards On Fri, Nov 1, 2013 at 4:01 PM, Sachin Gupta wrote: > Hi All, > > I have configured a list of blacklist URLs. > One of these is set to (\.*)\.yahoo\.com > > Now if i try to access URLs http://mail.yahoo.com from my browser, it blocks. > But if i try to access http://www.yahoo.com, it allows. > > If i try to test the regular expression on > http://gskinner.com/RegExr/, it doestnt match. > > Please guide. > > Regards
[squid-users] squid dstdom_regex not working as expected
Hi All, I have configured a list of blacklist URLs. One of these is set to (\.*)\.yahoo\.com Now if i try to access URLs http://mail.yahoo.com from my browser, it blocks. But if i try to access http://www.yahoo.com, it allows. If i try to test the regular expression on http://gskinner.com/RegExr/, it doestnt match. Please guide. Regards
Re: [squid-users] squid url_rewrite_program
Thanks John. does url_rewrite_access solve this? Sample below. I tried but doesnt seem to work. url_rewrite_program acl allow_port myportname xxx4 xxx5 url_rewrite_access allow allow_port Regards Sachin On Wed, Oct 30, 2013 at 9:51 PM, John Doe wrote: > From: Sachin Gupta > >> We want the url_rewrite_program to work only when traffic comes from a >> specific port only. > > url_rewrite_access + a port acl...? > > JD
[squid-users] squid url_rewrite_program
Hi, Need inputs regarding squid url_rewrite_program. Squid in our deployment listens on multiple ports. Each set of ports is meant for a different purpose and specific actions are required for some specfic ports. We also have a url_rewrite_program which till now was working for all ports. However this has to be changed now :( We want the url_rewrite_program to work only when traffic comes from a specific port only. How can this be done? There doesnt seem to be a directive in squid.conf where i can tell squid to invoke rewrite program for specific ports only. Regards
Re: [squid-users] How to determine if URL in HttpRequest is an Ip address
Thanks Amos. Its working fine now. Regards On Wed, Oct 16, 2013 at 3:01 PM, Amos Jeffries wrote: > Question: > > > On 16/10/2013 4:50 a.m., Sachin Gupta wrote: >> >> Is there a way to determine in squid code if the URL being accessed is >> an Ipaddress? > > > You ask how to identify _whether_ the URL contained numeric IP. > > > Answer: > > > On 16/10/2013 3:48 p.m., Amos Jeffries wrote: >> >> You can test the request->GetHostIsNumeric() in the current releases to >> see if the host portion of the URL is an IP address. > > > "Use GetHostIsNumeric()" is the answer ... > > > > On 16/10/2013 7:48 p.m., Sachin Gupta wrote: >> >> We are using squid 3.1.6 and every time i access a IP Based URL, i get >> 1 for GetHostIsNumeric(). > > > ... because it produces 1 whenever the URL contains a numeric IP as the > host/domain name. > > > http://example.com/ ---> GetHostIsNumeric() => 0 (false) > > http://1.2.3.4/ ---> GetHostIsNumeric() => 1 (true) > > > > Amos
Re: [squid-users] How to determine if URL in HttpRequest is an Ip address
We are using squid 3.1.6 and every time i access a IP Based URL, i get
1 for GetHostIsNumeric(). There is a limitation from client for
upgradation of the release :(
Searched the net and found that IsAnyAddr() had bugs and Address.cc in
ip was modified.
Applied the patch and modified the functions IsAnyAddr to
bool
Ip::Address::IsAnyAddr() const
{
return IN6_IS_ADDR_UNSPECIFIED(&m_SocketAddr.sin6_addr) ||
IN6_ARE_ADDR_EQUAL(&m_SocketAddr.sin6_addr, &v4_anyaddr);
}
IsIPv4() to
bool
Ip::Address::IsIPv4() const
{
return IN6_IS_ADDR_V4MAPPED( &m_SocketAddr.sin6_addr );
}
IsIPv6 to:
bool
Ip::Address::IsIPv6() const
{
return !IsIPv4();
}
Still i keep on getting 1 for IP Based urls.
Please suggest.
Regards
Sachin
On Wed, Oct 16, 2013 at 10:44 AM, Amos Jeffries wrote:
> On 16/10/2013 4:13 p.m., Sachin Gupta wrote:
>>
>> Yes. I intent to check the host portion only.
>>
>> In HttpRequest.h, a check is being made:
>>
>> if ( host_addr.IsAnyAddr() ) {
>> xstrncpy(host, src, SQUIDHOSTNAMELEN);
>> host_is_numeric = 0;
>>
>> Does host_addr mean the host part of the destination URL?
>
>
> No. It means the results of attempting to parse the host portion of URL as
> an IP address.
>
> Please use the accessor I mentioned earlier.
>
> Amos
Re: [squid-users] How to determine if URL in HttpRequest is an Ip address
Yes. I intent to check the host portion only.
In HttpRequest.h, a check is being made:
if ( host_addr.IsAnyAddr() ) {
xstrncpy(host, src, SQUIDHOSTNAMELEN);
host_is_numeric = 0;
Does host_addr mean the host part of the destination URL?
Regards
On Wed, Oct 16, 2013 at 8:18 AM, Amos Jeffries wrote:
> On 16/10/2013 4:50 a.m., Sachin Gupta wrote:
>>
>> Hi,
>>
>> I have the HttpRequest object from which urlPath can be found.
>> Is there a way to determine in squid code if the URL being accessed is
>> an Ipaddress?
>>
>> Regards
>
>
> Full-URL is never an IP address. It may contain one. But there is also
> scheme and optional /path ?query-string and #fragment sections to btaken
> into account.
>
> You can test the request->GetHostIsNumeric() in the current releases to see
> if the host portion of the URL is an IP address.
>
> Amos
[squid-users] How to determine if URL in HttpRequest is an Ip address
Hi, I have the HttpRequest object from which urlPath can be found. Is there a way to determine in squid code if the URL being accessed is an Ipaddress? Regards
Re: [squid-users] configuring acl for blocking (URLs and IPs/Subnets)
It cant be asked to read from a file? acl aclname dst "subnets_file" with subnets_file having entries like: 192.0.2.192/27 ... ... ... Wont this work? Regards On Tue, Oct 15, 2013 at 1:45 PM, Amos Jeffries wrote: > On 15/10/2013 8:28 p.m., Sachin Gupta wrote: >> >> Thanks Amos. >> >> For handling subnets, do i need to create a separate ACL? or it can be >> clubbed in the list of IPs? >> >> acl aclname dst [-n] ip-address/mask >> OR >> >> acl aclname dst "subnets_file" > > > The format is start-finish/mask. With finish and mask both being optional. > So... > > acl foo dst 192.0.2.1 > acl foo dst 192.0.2.20-192.0.2.24 > acl foo dst 192.0.2.128-192.0.2.192/25 > acl foo dst 192.0.2.192/27 > > are all valid entries. As are any IPv6 addresses in the same format. > > >> The documentation http://www.squid-cache.org/Doc/config/acl/ mentions >> that this is a slow acl. >> How does this work actually? Is it so that for each request, a dns >> query is done and matched against this acl? > > > Yes. Exactly that reason. > > Amos
Re: [squid-users] configuring acl for blocking (URLs and IPs/Subnets)
Thanks Amos. For handling subnets, do i need to create a separate ACL? or it can be clubbed in the list of IPs? acl aclname dst [-n] ip-address/mask OR acl aclname dst "subnets_file" The documentation http://www.squid-cache.org/Doc/config/acl/ mentions that this is a slow acl. How does this work actually? Is it so that for each request, a dns query is done and matched against this acl? Regards On Tue, Oct 15, 2013 at 9:44 AM, Amos Jeffries wrote: > On 15/10/2013 4:59 p.m., Sachin Gupta wrote: >> >> Hi All, >> >> I have setup a list of URLs and IPs dumped into a file which need to >> be blocked. >> acl is setup as per documentation: > > > ?? > > >> However, upon testing, the IPs are not getting blocked. Also there are >> some subnets in the same file. Those are also not getting blocked. >> >> Is there a special handling required here? or this approach is >> incorrect for blocking IPs or subnets? > > > Based on the description I guess you have one file witha mix of things to > block on. > You need the file to be separated into different sets of properties. > > For example: > * one list of IPs > * one list of domains > * one list of full-URL regex patterns > * one list of path-only regex patterns > > Each set needs to be configured as a different ACL name and type defining > what property of the transation is to be tested against the values listed in > that set. > Then the http_access controls designed to test the ACLs and determine > whetherit gets allowed/denied when the ACL matches. > > More details can be found at http://wiki.squid-cache.org/SquidFaq/SquidAcl. > > Amos
[squid-users] configuring acl for blocking (URLs and IPs/Subnets)
Hi All, I have setup a list of URLs and IPs dumped into a file which need to be blocked. acl is setup as per documentation: However, upon testing, the IPs are not getting blocked. Also there are some subnets in the same file. Those are also not getting blocked. Is there a special handling required here? or this approach is incorrect for blocking IPs or subnets? Regards Sachin
Re: [squid-users] Set field in HTTP header in Squid 3.1
Thanks Alex. We are in a stage where even ICAP cannot be deployed :( So i had started digging into SQUID code to find where hooks can be placed. I was trying to do the following: 1. Configured and ACL (whiteLst) in squid.conf for the allowed list of file. 2. In code i am trying to find a place where it says that url abc,com matches ACL (whiteLst) specified in conf file. If the ACL name matches to whiteLst, i will call a function to add a custom header. I have not been able to find such a place in the code as of yet where i can safely say that my ACL (whiteLst) match has happened. Found a code where "ACLMatchedList" is populated, but on debugging it seems to be generally populated with ACL "ALL". Not sure where the "ALL" acl is being picked up. Some "indent_*" acl is being matched. Even tried with enabling debug logs for squid. Seems it matches the ACL (whiteLst) but then also matches some ACL "ALL", hence overwriting the Matched ACL name. Still debugging, though some pointers or inputs would be welcome here. Thanks in Adv. Regards On Wed, Sep 18, 2013 at 9:41 PM, Alex Rousskov wrote: > On 09/17/2013 09:48 PM, Sachin Gupta wrote: > >> We are using Squid 3.1 and need to do the following: >> 1. We have a list of URLs which we want to allow. >> 2. Squid to read this list of URLs and for each matching entry in the >> list, set a particular field (insert a string) in the HTTP header. >> 3. Using this header string, a URL filtering program will allow the >> URLs to be accessed. >> >> I explored the squid functionality and came across following: >> a. header_replace : Not sure how i can use this for my case. Examples >> and references are welcome. >> b. request_header_replace: Not available in 3.1. Not possible to >> upgrade to latest squid release. >> >> Is there any other option to do the same? Please suggest. > > > If Squid upgrade is not an option, you can either modify your Squid > sources or use eCAP/ICAP to do the adaptations you need. > > > > HTH, > > Alex. >
[squid-users] Set field in HTTP header in Squid 3.1
Hi, We are using Squid 3.1 and need to do the following: 1. We have a list of URLs which we want to allow. 2. Squid to read this list of URLs and for each matching entry in the list, set a particular field (insert a string) in the HTTP header. 3. Using this header string, a URL filtering program will allow the URLs to be accessed. I explored the squid functionality and came across following: a. header_replace : Not sure how i can use this for my case. Examples and references are welcome. b. request_header_replace: Not available in 3.1. Not possible to upgrade to latest squid release. Is there any other option to do the same? Please suggest. Regards
[squid-users] Re: Log Squid logs to Syslog server on the Network
> Hi, > > Is there a way to log SQUID log messages to a Syslog server listening on the > network? > > Please guide. > Regards
[squid-users] Re: URL blacklist/block and redirector
Hi, > > > I came through quite a number of redirectors listed on the site: > http://www.squid-cache.org/Misc/redirectors.html > > However was not able to decide which one of these suits my requirement. > > I will be having a list of URLs which need to be blocked written in a file > and specified in the squid configuration file. > Also on blocking of the URL, the User should be displayed a custom page. > > Please guide. > > Regards
