Re: [squid-users] x-forwarded-for patch for squid-2.5.Stable11
I am posting this on both dansguardian and squid
lists so that it can help
anyone with the x-forwarded-for patch.
Download squid-2.5.STABLE9.tar.gz and
follow_xff-2.5.STABLE5.patch on /tmp
Extract the squid tar file with: tar xvfz
squid-2.5.STABLE9.tar.gz
copy follow_xff-2.5.STABLE5.patch to
/tmp/squid-2.5.STABLE9
cd to /tmp/squid-2.5.STABLE9 and execute: patch
-p0
follow_xff-2.5.STABLE5.patch
you should get the following errors:
FedoraCore2[/tmp/squid-2.5.STABLE9]patch -p0
follow_xff-2.5.STABLE5.patch
patching file acconfig.h
patching file bootstrap.sh
Hunk #1 succeeded at 66 (offset 7 lines).
patching file configure.in
Hunk #1 succeeded at 1128 (offset 28 lines).
patching file src/acl.c
Hunk #1 succeeded at 2147 (offset 107 lines).
patching file src/cf.data.pre
Hunk #1 succeeded at 2144 (offset 29 lines).
patching file src/client_side.c
Hunk #2 succeeded at 185 (offset 2 lines).
Hunk #4 succeeded at 3308 (offset 58 lines).
patching file src/delay_pools.c
patching file src/structs.h
Hunk #1 FAILED at 594.
Hunk #2 succeeded at 634 (offset 14 lines).
Hunk #3 succeeded at 1621 (offset 2 lines).
Hunk #4 succeeded at 1684 (offset 14 lines).
Hunk #5 FAILED at 1697.
2 out of 5 hunks FAILED -- saving rejects to file
src/structs.h.rej
This means that two hunks (parts) of the patch
failed to patch src/structs.h
at around lines 594 and 1697. Now look at the
src/structs.h.rej which
should look like this:
***
*** 594,599
int pipeline_prefetch;
int request_entities;
int detect_broken_server_pconns;
} onoff;
acl *aclList;
struct {
--- 594,604
int pipeline_prefetch;
int request_entities;
int detect_broken_server_pconns;
+ #if FOLLOW_X_FORWARDED_FOR
+int acl_uses_indirect_client;
+int delay_pool_uses_indirect_client;
+int log_uses_indirect_client;
+ #endif /* FOLLOW_X_FORWARDED_FOR */
} onoff;
acl *aclList;
struct {
***
*** 1681,1686
char *peer_login; /* Configured peer
login:password */
time_t lastmod; /* Used on
refreshes
*/
const char *vary_headers; /* Used when
varying
entities are detected.
Chan
ges how the store key is calculated */
};
struct _cachemgr_passwd {
--- 1697,1707
char *peer_login; /* Configured peer
login:password */
time_t lastmod; /* Used on
refreshes
*/
const char *vary_headers; /* Used when
varying
entities are detected.
Chan
ges how the store key is calculated */
+ #if FOLLOW_X_FORWARDED_FOR
+ /* XXX a list of IP addresses would be a
better data structure
+ * than this String */
+ String x_forwarded_for_iterator;
+ #endif /* FOLLOW_X_FORWARDED_FOR */
};
struct _cachemgr_passwd {
As you can see the patch has found some 'issues'
on
line 594 where it was
expecting something that it did not find. No
problem, just open
src/structs.h with 'vi' and go to line 594 and
locate the line:
int detect_broken_server_pconns;
which should be somewhere around there.
now insert the following as described by the .rej
file (remove the + which
means ADD)
#if FOLLOW_X_FORWARDED_FOR
int acl_uses_indirect_client;
int delay_pool_uses_indirect_client;
int log_uses_indirect_client;
#endif /* FOLLOW_X_FORWARDED_FOR */
so around line 594 you should now have:
int detect_broken_server_pconns;
#if FOLLOW_X_FORWARDED_FOR
int acl_uses_indirect_client;
int delay_pool_uses_indirect_client;
int log_uses_indirect_client;
#endif /* FOLLOW_X_FORWARDED_FOR */
int balance_on_multiple_ip;
int relaxed_header_parser;
int accel_uses_host_header;
int accel_no_pmtu_disc;
} onoff;
acl *aclList;
OK, let's now go to line 1697 (more or less since
we
have just added a few
lines around 594)
locate the line:
const char *vary_headers; /* Used when varying
entities are detected. Chan
ges how the store key is calculated */
which should be somewhere around there.
now insert the following as described by the .rej
file (remove the + which
means ADD)
#if FOLLOW_X_FORWARDED_FOR
/* XXX a list of IP addresses would be a
better
data structure
* than this String */
String x_forwarded_for_iterator;
#endif /* FOLLOW_X_FORWARDED_FOR */
so around line 1697 you should now have:
char *peer_login; /* Configured peer
login:password */
time_t lastmod; /* Used on
refreshes
*/
const char *vary_headers; /* Used when
varying
entities are detected.
Changes how the store key is calculated */
#if FOLLOW_X_FORWARDED_FOR
/*
Re: [squid-users] x-forwarded-for patch for squid-2.5.Stable11
Download squid-2.5.STABLE9.tar.gz and
follow_xff-2.5.STABLE5.patch on /tmp
Extract the squid tar file with: tar xvfz
squid-2.5.STABLE9.tar.gz
copy follow_xff-2.5.STABLE5.patch to
/tmp/squid-2.5.STABLE9
cd to /tmp/squid-2.5.STABLE9 and execute: patch
-p0
follow_xff-2.5.STABLE5.patch
you should get the following errors:
FedoraCore2[/tmp/squid-2.5.STABLE9]patch -p0
follow_xff-2.5.STABLE5.patch
patching file acconfig.h
patching file bootstrap.sh
Hunk #1 succeeded at 66 (offset 7 lines).
patching file configure.in
Hunk #1 succeeded at 1128 (offset 28 lines).
patching file src/acl.c
Hunk #1 succeeded at 2147 (offset 107 lines).
patching file src/cf.data.pre
Hunk #1 succeeded at 2144 (offset 29 lines).
patching file src/client_side.c
Hunk #2 succeeded at 185 (offset 2 lines).
Hunk #4 succeeded at 3308 (offset 58 lines).
patching file src/delay_pools.c
patching file src/structs.h
Hunk #1 FAILED at 594.
Hunk #2 succeeded at 634 (offset 14 lines).
Hunk #3 succeeded at 1621 (offset 2 lines).
Hunk #4 succeeded at 1684 (offset 14 lines).
Hunk #5 FAILED at 1697.
2 out of 5 hunks FAILED -- saving rejects to
file
src/structs.h.rej
This means that two hunks (parts) of the patch
failed to patch src/structs.h
at around lines 594 and 1697. Now look at the
src/structs.h.rej which
should look like this:
***
*** 594,599
int pipeline_prefetch;
int request_entities;
int detect_broken_server_pconns;
} onoff;
acl *aclList;
struct {
--- 594,604
int pipeline_prefetch;
int request_entities;
int detect_broken_server_pconns;
+ #if FOLLOW_X_FORWARDED_FOR
+int acl_uses_indirect_client;
+int delay_pool_uses_indirect_client;
+int log_uses_indirect_client;
+ #endif /* FOLLOW_X_FORWARDED_FOR */
} onoff;
acl *aclList;
struct {
***
*** 1681,1686
char *peer_login; /* Configured
peer
login:password */
time_t lastmod; /* Used on
refreshes
*/
const char *vary_headers; /* Used when
varying
entities are detected.
Chan
ges how the store key is calculated */
};
struct _cachemgr_passwd {
--- 1697,1707
char *peer_login; /* Configured
peer
login:password */
time_t lastmod; /* Used on
refreshes
*/
const char *vary_headers; /* Used when
varying
entities are detected.
Chan
ges how the store key is calculated */
+ #if FOLLOW_X_FORWARDED_FOR
+ /* XXX a list of IP addresses would be a
better data structure
+ * than this String */
+ String x_forwarded_for_iterator;
+ #endif /* FOLLOW_X_FORWARDED_FOR */
};
struct _cachemgr_passwd {
As you can see the patch has found some 'issues'
on
line 594 where it was
expecting something that it did not find. No
problem, just open
src/structs.h with 'vi' and go to line 594 and
locate the line:
int detect_broken_server_pconns;
which should be somewhere around there.
now insert the following as described by the
.rej
file (remove the + which
means ADD)
#if FOLLOW_X_FORWARDED_FOR
int acl_uses_indirect_client;
int delay_pool_uses_indirect_client;
int log_uses_indirect_client;
#endif /* FOLLOW_X_FORWARDED_FOR */
so around line 594 you should now have:
int detect_broken_server_pconns;
#if FOLLOW_X_FORWARDED_FOR
int acl_uses_indirect_client;
int delay_pool_uses_indirect_client;
int log_uses_indirect_client;
#endif /* FOLLOW_X_FORWARDED_FOR */
int balance_on_multiple_ip;
int relaxed_header_parser;
int accel_uses_host_header;
int accel_no_pmtu_disc;
} onoff;
acl *aclList;
OK, let's now go to line 1697 (more or less
since
we
have just added a few
lines around 594)
locate the line:
const char *vary_headers; /* Used when varying
entities are detected. Chan
ges how the store key is calculated */
which should be somewhere around there.
now insert the following as described by the
.rej
file (remove the + which
means ADD)
#if FOLLOW_X_FORWARDED_FOR
/* XXX a list of IP addresses would be a
better
data structure
* than this String */
String x_forwarded_for_iterator;
#endif /* FOLLOW_X_FORWARDED_FOR */
so around line 1697 you should now have:
char *peer_login; /* Configured
peer
login:password */
time_t lastmod; /* Used on
refreshes
*/
const char *vary_headers; /* Used when
varying
entities are detected.
Changes how the store key is
[squid-users] block streaming audio/video
Hai , How to block audio/video streaming using squid? I could only blocked download of audio/video extensions and its mime types. Pls help me to block audio/video streaming. Sarav __ Do you Yahoo!? Yahoo! Mail - You care about security. So do we. http://promotions.yahoo.com/new_mail
Re: [squid-users] How to stop play live audio/video files in the internet
--- D E Radel [EMAIL PROTECTED] wrote: - Original Message - From: saravanan ganapathy [EMAIL PROTECTED] To: squid-users@squid-cache.org Sent: Friday, April 15, 2005 7:58 PM Subject: [squid-users] How to stop play live audio/video files in the internet Hai , I have done the following configuration to block downloading audio/video file extensions 1) acl audio-video-ext urlpath_regex -i \.(mp3|mpeg|avi|wmf|ogg|wav|au|mov)($|\?) 2) acl audio-video rep_mime_type -i ^audio/mpeg$ But some of the users play songs online without downloading. How to stop it? Ex, http://raaga.com/channels/tamil/movie/T672.html Please suggest me Sarav Also block these filetypes: .wmv, .wma, .asf, .rm, .ram, .smil, .pls, .ra, .rax, .rv., .rvx, .rmx, .rm33j, .rms, .m4a, .m4p. grol Ok I included these file types also. But still streaming of audio/video works thru proxy. How to block audio/video streaming? Sarav __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Re: [squid-users] deny_info not working
--- Henrik Nordstrom [EMAIL PROTECTED] wrote: On Sat, 26 Mar 2005, saravanan ganapathy wrote: Hai, My config looks like acl audio-video-ext urlpath_regex -i \.(mp3|mpeg|avi|wmf|ogg|wav|au|mov)($|\?) http_access deny audio-video-ext all deny_info ERR_NOAUDIO_VIDEO audio-video-ext Squid blocks mp3 downloads, but my custom deny page(ERR_NOAUDIO_VIDEO) is not coming. I have this file ERR_NOAUDIO_VIDEO in the correct path where squid looks. This is because your accesses are denied by the all acl. Just take away the all acl from your http_access deny line and things should be fine.. If I remove all from my acl and it works. It doesn't work if I add 'worktime' in my acl as http_access deny audio-video-ext worktime Any limitations in deny_info like this? Sarav __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
RE: [squid-users] mime type based blocking on squid
--- Chris Robertson [EMAIL PROTECTED] wrote: -Original Message- From: saravanan ganapathy [mailto:[EMAIL PROTECTED] Sent: Friday, March 25, 2005 4:15 AM To: squid-users@squid-cache.org Subject: [squid-users] mime type based blocking on squid Hai, I configured as the following in my squid-5.STABLE9 acl audiomime rep_mime_type -i ^application/audio/mpeg$ acl audiomime1 rep_mime_type -i application/audio/mpeg http_access deny audiomime all http_access deny audiomime1 all http_reply_access deny audiomime all http_reply_access deny audiomime1 all But its not working. Still my squid allows audio/mpeg type of downloads. The squid log shows the correct file type (audio/mpeg). But it is not denied. What would be the problem? Sarav Currently you are blocking a mime_type of application/audio/mpeg, when you should be blocking audio/mpeg. As you said, the squid log shows the correct file type. Chris Thx Chris. I have changed my acl as acl audio-video rep_mime_type -i ^audio/mpeg$ acl audio-video rep_mime_type -i ^audio/x-mpeg$ http_reply_access deny audio-video all and its working fine. Is there any way to use deny_info for http_reply_access ? Sarav __ Do you Yahoo!? Yahoo! Mail - Helps protect you from nasty viruses. http://promotions.yahoo.com/new_mail
[squid-users] deny_info not working
Hai, My config looks like acl audio-video-ext urlpath_regex -i \.(mp3|mpeg|avi|wmf|ogg|wav|au|mov)($|\?) http_access deny audio-video-ext all deny_info ERR_NOAUDIO_VIDEO audio-video-ext Squid blocks mp3 downloads, but my custom deny page(ERR_NOAUDIO_VIDEO) is not coming. I have this file ERR_NOAUDIO_VIDEO in the correct path where squid looks. How to troubleshoot? Sarav __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
[squid-users] mime type based blocking on squid
Hai, I configured as the following in my squid-5.STABLE9 acl audiomime rep_mime_type -i ^application/audio/mpeg$ acl audiomime1 rep_mime_type -i application/audio/mpeg http_access deny audiomime all http_access deny audiomime1 all http_reply_access deny audiomime all http_reply_access deny audiomime1 all But its not working. Still my squid allows audio/mpeg type of downloads. The squid log shows the correct file type (audio/mpeg). But it is not denied. What would be the problem? Sarav __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Re: [squid-users] mime type based blocking on squid
--- saravanan ganapathy [EMAIL PROTECTED] wrote: Hai, I configured as the following in my squid-5.STABLE9 acl audiomime rep_mime_type -i ^application/audio/mpeg$ acl audiomime1 rep_mime_type -i application/audio/mpeg http_access deny audiomime all http_access deny audiomime1 all http_reply_access deny audiomime all http_reply_access deny audiomime1 all But its not working. Still my squid allows audio/mpeg type of downloads. The squid log shows the correct file type (audio/mpeg). But it is not denied. What would be the problem? Any help please ? Sarav __ Do you Yahoo!? Yahoo! Small Business - Try our new resources site! http://smallbusiness.yahoo.com/resources/
[squid-users] Re: [dansguardian] x-forwarded-for patch install problem
--- Lucia Di Occhi [EMAIL PROTECTED] wrote:
I am posting this on both dansguardian and squid
lists so that it can help
anyone with the x-forwarded-for patch.
Download squid-2.5.STABLE9.tar.gz and
follow_xff-2.5.STABLE5.patch on /tmp
Extract the squid tar file with: tar xvfz
squid-2.5.STABLE9.tar.gz
copy follow_xff-2.5.STABLE5.patch to
/tmp/squid-2.5.STABLE9
cd to /tmp/squid-2.5.STABLE9 and execute: patch -p0
follow_xff-2.5.STABLE5.patch
you should get the following errors:
FedoraCore2[/tmp/squid-2.5.STABLE9]patch -p0
follow_xff-2.5.STABLE5.patch
patching file acconfig.h
patching file bootstrap.sh
Hunk #1 succeeded at 66 (offset 7 lines).
patching file configure.in
Hunk #1 succeeded at 1128 (offset 28 lines).
patching file src/acl.c
Hunk #1 succeeded at 2147 (offset 107 lines).
patching file src/cf.data.pre
Hunk #1 succeeded at 2144 (offset 29 lines).
patching file src/client_side.c
Hunk #2 succeeded at 185 (offset 2 lines).
Hunk #4 succeeded at 3308 (offset 58 lines).
patching file src/delay_pools.c
patching file src/structs.h
Hunk #1 FAILED at 594.
Hunk #2 succeeded at 634 (offset 14 lines).
Hunk #3 succeeded at 1621 (offset 2 lines).
Hunk #4 succeeded at 1684 (offset 14 lines).
Hunk #5 FAILED at 1697.
2 out of 5 hunks FAILED -- saving rejects to file
src/structs.h.rej
This means that two hunks (parts) of the patch
failed to patch src/structs.h
at around lines 594 and 1697. Now look at the
src/structs.h.rej which
should look like this:
***
*** 594,599
int pipeline_prefetch;
int request_entities;
int detect_broken_server_pconns;
} onoff;
acl *aclList;
struct {
--- 594,604
int pipeline_prefetch;
int request_entities;
int detect_broken_server_pconns;
+ #if FOLLOW_X_FORWARDED_FOR
+int acl_uses_indirect_client;
+int delay_pool_uses_indirect_client;
+int log_uses_indirect_client;
+ #endif /* FOLLOW_X_FORWARDED_FOR */
} onoff;
acl *aclList;
struct {
***
*** 1681,1686
char *peer_login; /* Configured peer
login:password */
time_t lastmod; /* Used on refreshes
*/
const char *vary_headers; /* Used when varying
entities are detected.
Chan
ges how the store key is calculated */
};
struct _cachemgr_passwd {
--- 1697,1707
char *peer_login; /* Configured peer
login:password */
time_t lastmod; /* Used on refreshes
*/
const char *vary_headers; /* Used when varying
entities are detected.
Chan
ges how the store key is calculated */
+ #if FOLLOW_X_FORWARDED_FOR
+ /* XXX a list of IP addresses would be a
better data structure
+ * than this String */
+ String x_forwarded_for_iterator;
+ #endif /* FOLLOW_X_FORWARDED_FOR */
};
struct _cachemgr_passwd {
As you can see the patch has found some 'issues' on
line 594 where it was
expecting something that it did not find. No
problem, just open
src/structs.h with 'vi' and go to line 594 and
locate the line:
int detect_broken_server_pconns;
which should be somewhere around there.
now insert the following as described by the .rej
file (remove the + which
means ADD)
#if FOLLOW_X_FORWARDED_FOR
int acl_uses_indirect_client;
int delay_pool_uses_indirect_client;
int log_uses_indirect_client;
#endif /* FOLLOW_X_FORWARDED_FOR */
so around line 594 you should now have:
int detect_broken_server_pconns;
#if FOLLOW_X_FORWARDED_FOR
int acl_uses_indirect_client;
int delay_pool_uses_indirect_client;
int log_uses_indirect_client;
#endif /* FOLLOW_X_FORWARDED_FOR */
int balance_on_multiple_ip;
int relaxed_header_parser;
int accel_uses_host_header;
int accel_no_pmtu_disc;
} onoff;
acl *aclList;
OK, let's now go to line 1697 (more or less since we
have just added a few
lines around 594)
locate the line:
const char *vary_headers; /* Used when varying
entities are detected. Chan
ges how the store key is calculated */
which should be somewhere around there.
now insert the following as described by the .rej
file (remove the + which
means ADD)
#if FOLLOW_X_FORWARDED_FOR
/* XXX a list of IP addresses would be a better
data structure
* than this String */
String x_forwarded_for_iterator;
#endif /* FOLLOW_X_FORWARDED_FOR */
so around line 1697 you should now have:
char *peer_login; /* Configured peer
login:password */
time_t lastmod; /* Used on refreshes
*/
const char *vary_headers; /* Used when varying
entities are detected.
Changes how the store key is calculated */
#if FOLLOW_X_FORWARDED_FOR
/* XXX a list of IP addresses would be a better
data structure
* than this String */
String x_forwarded_for_iterator;
Re: [squid-users] x-forwarded-for patch install problem
--- saravanan ganapathy [EMAIL PROTECTED] wrote: --- Henrik Nordstrom [EMAIL PROTECTED] wrote: On Wed, 9 Mar 2005, saravanan ganapathy wrote: Hand edit the files, adding the changes patch could not automatically figure out what to do with (failed/rejected). What are the files to be edited? What are all the changes to be done? See the output of the patch command. There is two filenames mentioned... patching file src/structs.h 2 out of 5 hunks FAILED -- saving rejects to file src/structs.h.rej Really I don't know what to be changed in src/structs.h src/structs.h.rej Pls help me Sarav I tried to find the docs in the net,but couldn't. Hope some of you already did this configuration. Can you pls help me? Sarav __ Do you Yahoo!? Take Yahoo! Mail with you! Get it on your mobile phone. http://mobile.yahoo.com/maildemo
[squid-users] x-forwarded-for patch install problem
Hai When I tried to apply follow_xff-2.5.patch on squid-2.5.STABLE9 , I am getting the following error patching file src/structs.h Hunk #1 FAILED at 592. Hunk #2 succeeded at 634 (offset 16 lines). Hunk #3 succeeded at 1619 (offset 7 lines). Hunk #4 succeeded at 1679 (offset 16 lines). Hunk #5 FAILED at 1692. 2 out of 5 hunks FAILED -- saving rejects to file src/structs.h.rej How to solve this problem? PS : I am using redhat9.0 Sarav __ Celebrate Yahoo!'s 10th Birthday! Yahoo! Netrospective: 100 Moments of the Web http://birthday.yahoo.com/netrospective/
Re: [squid-users] x-forwarded-for patch install problem
--- Henrik Nordstrom [EMAIL PROTECTED] wrote: On Wed, 9 Mar 2005, saravanan ganapathy wrote: Hai When I tried to apply follow_xff-2.5.patch on squid-2.5.STABLE9 , I am getting the following error patching file src/structs.h Hunk #1 FAILED at 592. Hunk #2 succeeded at 634 (offset 16 lines). Hunk #3 succeeded at 1619 (offset 7 lines). Hunk #4 succeeded at 1679 (offset 16 lines). Hunk #5 FAILED at 1692. 2 out of 5 hunks FAILED -- saving rejects to file src/structs.h.rej How to solve this problem? Hand edit the files, adding the changes patch could not automatically figure out what to do with (failed/rejected). What are the files to be edited? What are all the changes to be done? Can u pls help me on this? Sarav __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
[squid-users] custom acl for file upload
Hai, I restrict the file size upload in squid using request_body_max_size 1 MB. But I want to increase the limit(say 3 MB) for some sites only. How to write acl for this? Pls help me Note : I am using squid-2.4.STABLE6-6.7.3. Due to some dependency, I am not upgrading to 2.5. So I need the solution for my current version itself Sarav __ Do you Yahoo!? Jazz up your holiday email with celebrity designs. Learn more. http://celebrity.mail.yahoo.com
[squid-users] pac implementation
Hai, I am using squid-2.4.STABLE6-6.7.3 on RH7.2 for some time and now I would like to implement pac with this. This is to use proxy for everything except my local hosts in my domain. I already configured in most of my clients that bypass proxy for my domain. But if I use pac, then though the local sites are not through the proxy, every request will hit the proxy server. Am I correct? Will the proxy server load increase due to pac implementation? Please guide me. Sarav __ Do you Yahoo!? Yahoo! Mail - 50x more storage than other providers! http://promotions.yahoo.com/new_mail
[squid-users] mime type based extension blocking
Hai, I am very new to this group and coudn't find answer for my query in the archives. I want to block certain extensions to get downloaded.(for ex. exe) It works fine with the following rule. acl exe-filter urlpath_regex -i \.exe\?* http_access deny exe-filter But it also blocks urls which contains exe in it, though its not an exe download.I heard that we can solve this issue by implementing squid2.5 and using http_reply_access rep_mime_type. Can you please send me the correct syntax to use for my case? Please help me Sarav __ Do you Yahoo!? Yahoo! Domains Claim yours for only $14.70/year http://smallbusiness.promotions.yahoo.com/offer
