Re: [squid-users] x-forwarded-for patch for squid-2.5.Stable11
I am posting this on both dansguardian and squid lists so that it can help anyone with the x-forwarded-for patch. Download squid-2.5.STABLE9.tar.gz and follow_xff-2.5.STABLE5.patch on /tmp Extract the squid tar file with: tar xvfz squid-2.5.STABLE9.tar.gz copy follow_xff-2.5.STABLE5.patch to /tmp/squid-2.5.STABLE9 cd to /tmp/squid-2.5.STABLE9 and execute: patch -p0 follow_xff-2.5.STABLE5.patch you should get the following errors: FedoraCore2[/tmp/squid-2.5.STABLE9]patch -p0 follow_xff-2.5.STABLE5.patch patching file acconfig.h patching file bootstrap.sh Hunk #1 succeeded at 66 (offset 7 lines). patching file configure.in Hunk #1 succeeded at 1128 (offset 28 lines). patching file src/acl.c Hunk #1 succeeded at 2147 (offset 107 lines). patching file src/cf.data.pre Hunk #1 succeeded at 2144 (offset 29 lines). patching file src/client_side.c Hunk #2 succeeded at 185 (offset 2 lines). Hunk #4 succeeded at 3308 (offset 58 lines). patching file src/delay_pools.c patching file src/structs.h Hunk #1 FAILED at 594. Hunk #2 succeeded at 634 (offset 14 lines). Hunk #3 succeeded at 1621 (offset 2 lines). Hunk #4 succeeded at 1684 (offset 14 lines). Hunk #5 FAILED at 1697. 2 out of 5 hunks FAILED -- saving rejects to file src/structs.h.rej This means that two hunks (parts) of the patch failed to patch src/structs.h at around lines 594 and 1697. Now look at the src/structs.h.rej which should look like this: *** *** 594,599 int pipeline_prefetch; int request_entities; int detect_broken_server_pconns; } onoff; acl *aclList; struct { --- 594,604 int pipeline_prefetch; int request_entities; int detect_broken_server_pconns; + #if FOLLOW_X_FORWARDED_FOR +int acl_uses_indirect_client; +int delay_pool_uses_indirect_client; +int log_uses_indirect_client; + #endif /* FOLLOW_X_FORWARDED_FOR */ } onoff; acl *aclList; struct { *** *** 1681,1686 char *peer_login; /* Configured peer login:password */ time_t lastmod; /* Used on refreshes */ const char *vary_headers; /* Used when varying entities are detected. Chan ges how the store key is calculated */ }; struct _cachemgr_passwd { --- 1697,1707 char *peer_login; /* Configured peer login:password */ time_t lastmod; /* Used on refreshes */ const char *vary_headers; /* Used when varying entities are detected. Chan ges how the store key is calculated */ + #if FOLLOW_X_FORWARDED_FOR + /* XXX a list of IP addresses would be a better data structure + * than this String */ + String x_forwarded_for_iterator; + #endif /* FOLLOW_X_FORWARDED_FOR */ }; struct _cachemgr_passwd { As you can see the patch has found some 'issues' on line 594 where it was expecting something that it did not find. No problem, just open src/structs.h with 'vi' and go to line 594 and locate the line: int detect_broken_server_pconns; which should be somewhere around there. now insert the following as described by the .rej file (remove the + which means ADD) #if FOLLOW_X_FORWARDED_FOR int acl_uses_indirect_client; int delay_pool_uses_indirect_client; int log_uses_indirect_client; #endif /* FOLLOW_X_FORWARDED_FOR */ so around line 594 you should now have: int detect_broken_server_pconns; #if FOLLOW_X_FORWARDED_FOR int acl_uses_indirect_client; int delay_pool_uses_indirect_client; int log_uses_indirect_client; #endif /* FOLLOW_X_FORWARDED_FOR */ int balance_on_multiple_ip; int relaxed_header_parser; int accel_uses_host_header; int accel_no_pmtu_disc; } onoff; acl *aclList; OK, let's now go to line 1697 (more or less since we have just added a few lines around 594) locate the line: const char *vary_headers; /* Used when varying entities are detected. Chan ges how the store key is calculated */ which should be somewhere around there. now insert the following as described by the .rej file (remove the + which means ADD) #if FOLLOW_X_FORWARDED_FOR /* XXX a list of IP addresses would be a better data structure * than this String */ String x_forwarded_for_iterator; #endif /* FOLLOW_X_FORWARDED_FOR */ so around line 1697 you should now have: char *peer_login; /* Configured peer login:password */ time_t lastmod; /* Used on refreshes */ const char *vary_headers; /* Used when varying entities are detected. Changes how the store key is calculated */ #if FOLLOW_X_FORWARDED_FOR /*
Re: [squid-users] x-forwarded-for patch for squid-2.5.Stable11
Download squid-2.5.STABLE9.tar.gz and follow_xff-2.5.STABLE5.patch on /tmp Extract the squid tar file with: tar xvfz squid-2.5.STABLE9.tar.gz copy follow_xff-2.5.STABLE5.patch to /tmp/squid-2.5.STABLE9 cd to /tmp/squid-2.5.STABLE9 and execute: patch -p0 follow_xff-2.5.STABLE5.patch you should get the following errors: FedoraCore2[/tmp/squid-2.5.STABLE9]patch -p0 follow_xff-2.5.STABLE5.patch patching file acconfig.h patching file bootstrap.sh Hunk #1 succeeded at 66 (offset 7 lines). patching file configure.in Hunk #1 succeeded at 1128 (offset 28 lines). patching file src/acl.c Hunk #1 succeeded at 2147 (offset 107 lines). patching file src/cf.data.pre Hunk #1 succeeded at 2144 (offset 29 lines). patching file src/client_side.c Hunk #2 succeeded at 185 (offset 2 lines). Hunk #4 succeeded at 3308 (offset 58 lines). patching file src/delay_pools.c patching file src/structs.h Hunk #1 FAILED at 594. Hunk #2 succeeded at 634 (offset 14 lines). Hunk #3 succeeded at 1621 (offset 2 lines). Hunk #4 succeeded at 1684 (offset 14 lines). Hunk #5 FAILED at 1697. 2 out of 5 hunks FAILED -- saving rejects to file src/structs.h.rej This means that two hunks (parts) of the patch failed to patch src/structs.h at around lines 594 and 1697. Now look at the src/structs.h.rej which should look like this: *** *** 594,599 int pipeline_prefetch; int request_entities; int detect_broken_server_pconns; } onoff; acl *aclList; struct { --- 594,604 int pipeline_prefetch; int request_entities; int detect_broken_server_pconns; + #if FOLLOW_X_FORWARDED_FOR +int acl_uses_indirect_client; +int delay_pool_uses_indirect_client; +int log_uses_indirect_client; + #endif /* FOLLOW_X_FORWARDED_FOR */ } onoff; acl *aclList; struct { *** *** 1681,1686 char *peer_login; /* Configured peer login:password */ time_t lastmod; /* Used on refreshes */ const char *vary_headers; /* Used when varying entities are detected. Chan ges how the store key is calculated */ }; struct _cachemgr_passwd { --- 1697,1707 char *peer_login; /* Configured peer login:password */ time_t lastmod; /* Used on refreshes */ const char *vary_headers; /* Used when varying entities are detected. Chan ges how the store key is calculated */ + #if FOLLOW_X_FORWARDED_FOR + /* XXX a list of IP addresses would be a better data structure + * than this String */ + String x_forwarded_for_iterator; + #endif /* FOLLOW_X_FORWARDED_FOR */ }; struct _cachemgr_passwd { As you can see the patch has found some 'issues' on line 594 where it was expecting something that it did not find. No problem, just open src/structs.h with 'vi' and go to line 594 and locate the line: int detect_broken_server_pconns; which should be somewhere around there. now insert the following as described by the .rej file (remove the + which means ADD) #if FOLLOW_X_FORWARDED_FOR int acl_uses_indirect_client; int delay_pool_uses_indirect_client; int log_uses_indirect_client; #endif /* FOLLOW_X_FORWARDED_FOR */ so around line 594 you should now have: int detect_broken_server_pconns; #if FOLLOW_X_FORWARDED_FOR int acl_uses_indirect_client; int delay_pool_uses_indirect_client; int log_uses_indirect_client; #endif /* FOLLOW_X_FORWARDED_FOR */ int balance_on_multiple_ip; int relaxed_header_parser; int accel_uses_host_header; int accel_no_pmtu_disc; } onoff; acl *aclList; OK, let's now go to line 1697 (more or less since we have just added a few lines around 594) locate the line: const char *vary_headers; /* Used when varying entities are detected. Chan ges how the store key is calculated */ which should be somewhere around there. now insert the following as described by the .rej file (remove the + which means ADD) #if FOLLOW_X_FORWARDED_FOR /* XXX a list of IP addresses would be a better data structure * than this String */ String x_forwarded_for_iterator; #endif /* FOLLOW_X_FORWARDED_FOR */ so around line 1697 you should now have: char *peer_login; /* Configured peer login:password */ time_t lastmod; /* Used on refreshes */ const char *vary_headers; /* Used when varying entities are detected. Changes how the store key is
[squid-users] block streaming audio/video
Hai , How to block audio/video streaming using squid? I could only blocked download of audio/video extensions and its mime types. Pls help me to block audio/video streaming. Sarav __ Do you Yahoo!? Yahoo! Mail - You care about security. So do we. http://promotions.yahoo.com/new_mail
Re: [squid-users] How to stop play live audio/video files in the internet
--- D E Radel [EMAIL PROTECTED] wrote: - Original Message - From: saravanan ganapathy [EMAIL PROTECTED] To: squid-users@squid-cache.org Sent: Friday, April 15, 2005 7:58 PM Subject: [squid-users] How to stop play live audio/video files in the internet Hai , I have done the following configuration to block downloading audio/video file extensions 1) acl audio-video-ext urlpath_regex -i \.(mp3|mpeg|avi|wmf|ogg|wav|au|mov)($|\?) 2) acl audio-video rep_mime_type -i ^audio/mpeg$ But some of the users play songs online without downloading. How to stop it? Ex, http://raaga.com/channels/tamil/movie/T672.html Please suggest me Sarav Also block these filetypes: .wmv, .wma, .asf, .rm, .ram, .smil, .pls, .ra, .rax, .rv., .rvx, .rmx, .rm33j, .rms, .m4a, .m4p. grol Ok I included these file types also. But still streaming of audio/video works thru proxy. How to block audio/video streaming? Sarav __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Re: [squid-users] deny_info not working
--- Henrik Nordstrom [EMAIL PROTECTED] wrote: On Sat, 26 Mar 2005, saravanan ganapathy wrote: Hai, My config looks like acl audio-video-ext urlpath_regex -i \.(mp3|mpeg|avi|wmf|ogg|wav|au|mov)($|\?) http_access deny audio-video-ext all deny_info ERR_NOAUDIO_VIDEO audio-video-ext Squid blocks mp3 downloads, but my custom deny page(ERR_NOAUDIO_VIDEO) is not coming. I have this file ERR_NOAUDIO_VIDEO in the correct path where squid looks. This is because your accesses are denied by the all acl. Just take away the all acl from your http_access deny line and things should be fine.. If I remove all from my acl and it works. It doesn't work if I add 'worktime' in my acl as http_access deny audio-video-ext worktime Any limitations in deny_info like this? Sarav __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
RE: [squid-users] mime type based blocking on squid
--- Chris Robertson [EMAIL PROTECTED] wrote: -Original Message- From: saravanan ganapathy [mailto:[EMAIL PROTECTED] Sent: Friday, March 25, 2005 4:15 AM To: squid-users@squid-cache.org Subject: [squid-users] mime type based blocking on squid Hai, I configured as the following in my squid-5.STABLE9 acl audiomime rep_mime_type -i ^application/audio/mpeg$ acl audiomime1 rep_mime_type -i application/audio/mpeg http_access deny audiomime all http_access deny audiomime1 all http_reply_access deny audiomime all http_reply_access deny audiomime1 all But its not working. Still my squid allows audio/mpeg type of downloads. The squid log shows the correct file type (audio/mpeg). But it is not denied. What would be the problem? Sarav Currently you are blocking a mime_type of application/audio/mpeg, when you should be blocking audio/mpeg. As you said, the squid log shows the correct file type. Chris Thx Chris. I have changed my acl as acl audio-video rep_mime_type -i ^audio/mpeg$ acl audio-video rep_mime_type -i ^audio/x-mpeg$ http_reply_access deny audio-video all and its working fine. Is there any way to use deny_info for http_reply_access ? Sarav __ Do you Yahoo!? Yahoo! Mail - Helps protect you from nasty viruses. http://promotions.yahoo.com/new_mail
[squid-users] deny_info not working
Hai, My config looks like acl audio-video-ext urlpath_regex -i \.(mp3|mpeg|avi|wmf|ogg|wav|au|mov)($|\?) http_access deny audio-video-ext all deny_info ERR_NOAUDIO_VIDEO audio-video-ext Squid blocks mp3 downloads, but my custom deny page(ERR_NOAUDIO_VIDEO) is not coming. I have this file ERR_NOAUDIO_VIDEO in the correct path where squid looks. How to troubleshoot? Sarav __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
[squid-users] mime type based blocking on squid
Hai, I configured as the following in my squid-5.STABLE9 acl audiomime rep_mime_type -i ^application/audio/mpeg$ acl audiomime1 rep_mime_type -i application/audio/mpeg http_access deny audiomime all http_access deny audiomime1 all http_reply_access deny audiomime all http_reply_access deny audiomime1 all But its not working. Still my squid allows audio/mpeg type of downloads. The squid log shows the correct file type (audio/mpeg). But it is not denied. What would be the problem? Sarav __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Re: [squid-users] mime type based blocking on squid
--- saravanan ganapathy [EMAIL PROTECTED] wrote: Hai, I configured as the following in my squid-5.STABLE9 acl audiomime rep_mime_type -i ^application/audio/mpeg$ acl audiomime1 rep_mime_type -i application/audio/mpeg http_access deny audiomime all http_access deny audiomime1 all http_reply_access deny audiomime all http_reply_access deny audiomime1 all But its not working. Still my squid allows audio/mpeg type of downloads. The squid log shows the correct file type (audio/mpeg). But it is not denied. What would be the problem? Any help please ? Sarav __ Do you Yahoo!? Yahoo! Small Business - Try our new resources site! http://smallbusiness.yahoo.com/resources/
[squid-users] Re: [dansguardian] x-forwarded-for patch install problem
--- Lucia Di Occhi [EMAIL PROTECTED] wrote: I am posting this on both dansguardian and squid lists so that it can help anyone with the x-forwarded-for patch. Download squid-2.5.STABLE9.tar.gz and follow_xff-2.5.STABLE5.patch on /tmp Extract the squid tar file with: tar xvfz squid-2.5.STABLE9.tar.gz copy follow_xff-2.5.STABLE5.patch to /tmp/squid-2.5.STABLE9 cd to /tmp/squid-2.5.STABLE9 and execute: patch -p0 follow_xff-2.5.STABLE5.patch you should get the following errors: FedoraCore2[/tmp/squid-2.5.STABLE9]patch -p0 follow_xff-2.5.STABLE5.patch patching file acconfig.h patching file bootstrap.sh Hunk #1 succeeded at 66 (offset 7 lines). patching file configure.in Hunk #1 succeeded at 1128 (offset 28 lines). patching file src/acl.c Hunk #1 succeeded at 2147 (offset 107 lines). patching file src/cf.data.pre Hunk #1 succeeded at 2144 (offset 29 lines). patching file src/client_side.c Hunk #2 succeeded at 185 (offset 2 lines). Hunk #4 succeeded at 3308 (offset 58 lines). patching file src/delay_pools.c patching file src/structs.h Hunk #1 FAILED at 594. Hunk #2 succeeded at 634 (offset 14 lines). Hunk #3 succeeded at 1621 (offset 2 lines). Hunk #4 succeeded at 1684 (offset 14 lines). Hunk #5 FAILED at 1697. 2 out of 5 hunks FAILED -- saving rejects to file src/structs.h.rej This means that two hunks (parts) of the patch failed to patch src/structs.h at around lines 594 and 1697. Now look at the src/structs.h.rej which should look like this: *** *** 594,599 int pipeline_prefetch; int request_entities; int detect_broken_server_pconns; } onoff; acl *aclList; struct { --- 594,604 int pipeline_prefetch; int request_entities; int detect_broken_server_pconns; + #if FOLLOW_X_FORWARDED_FOR +int acl_uses_indirect_client; +int delay_pool_uses_indirect_client; +int log_uses_indirect_client; + #endif /* FOLLOW_X_FORWARDED_FOR */ } onoff; acl *aclList; struct { *** *** 1681,1686 char *peer_login; /* Configured peer login:password */ time_t lastmod; /* Used on refreshes */ const char *vary_headers; /* Used when varying entities are detected. Chan ges how the store key is calculated */ }; struct _cachemgr_passwd { --- 1697,1707 char *peer_login; /* Configured peer login:password */ time_t lastmod; /* Used on refreshes */ const char *vary_headers; /* Used when varying entities are detected. Chan ges how the store key is calculated */ + #if FOLLOW_X_FORWARDED_FOR + /* XXX a list of IP addresses would be a better data structure + * than this String */ + String x_forwarded_for_iterator; + #endif /* FOLLOW_X_FORWARDED_FOR */ }; struct _cachemgr_passwd { As you can see the patch has found some 'issues' on line 594 where it was expecting something that it did not find. No problem, just open src/structs.h with 'vi' and go to line 594 and locate the line: int detect_broken_server_pconns; which should be somewhere around there. now insert the following as described by the .rej file (remove the + which means ADD) #if FOLLOW_X_FORWARDED_FOR int acl_uses_indirect_client; int delay_pool_uses_indirect_client; int log_uses_indirect_client; #endif /* FOLLOW_X_FORWARDED_FOR */ so around line 594 you should now have: int detect_broken_server_pconns; #if FOLLOW_X_FORWARDED_FOR int acl_uses_indirect_client; int delay_pool_uses_indirect_client; int log_uses_indirect_client; #endif /* FOLLOW_X_FORWARDED_FOR */ int balance_on_multiple_ip; int relaxed_header_parser; int accel_uses_host_header; int accel_no_pmtu_disc; } onoff; acl *aclList; OK, let's now go to line 1697 (more or less since we have just added a few lines around 594) locate the line: const char *vary_headers; /* Used when varying entities are detected. Chan ges how the store key is calculated */ which should be somewhere around there. now insert the following as described by the .rej file (remove the + which means ADD) #if FOLLOW_X_FORWARDED_FOR /* XXX a list of IP addresses would be a better data structure * than this String */ String x_forwarded_for_iterator; #endif /* FOLLOW_X_FORWARDED_FOR */ so around line 1697 you should now have: char *peer_login; /* Configured peer login:password */ time_t lastmod; /* Used on refreshes */ const char *vary_headers; /* Used when varying entities are detected. Changes how the store key is calculated */ #if FOLLOW_X_FORWARDED_FOR /* XXX a list of IP addresses would be a better data structure * than this String */ String x_forwarded_for_iterator;
Re: [squid-users] x-forwarded-for patch install problem
--- saravanan ganapathy [EMAIL PROTECTED] wrote: --- Henrik Nordstrom [EMAIL PROTECTED] wrote: On Wed, 9 Mar 2005, saravanan ganapathy wrote: Hand edit the files, adding the changes patch could not automatically figure out what to do with (failed/rejected). What are the files to be edited? What are all the changes to be done? See the output of the patch command. There is two filenames mentioned... patching file src/structs.h 2 out of 5 hunks FAILED -- saving rejects to file src/structs.h.rej Really I don't know what to be changed in src/structs.h src/structs.h.rej Pls help me Sarav I tried to find the docs in the net,but couldn't. Hope some of you already did this configuration. Can you pls help me? Sarav __ Do you Yahoo!? Take Yahoo! Mail with you! Get it on your mobile phone. http://mobile.yahoo.com/maildemo
[squid-users] x-forwarded-for patch install problem
Hai When I tried to apply follow_xff-2.5.patch on squid-2.5.STABLE9 , I am getting the following error patching file src/structs.h Hunk #1 FAILED at 592. Hunk #2 succeeded at 634 (offset 16 lines). Hunk #3 succeeded at 1619 (offset 7 lines). Hunk #4 succeeded at 1679 (offset 16 lines). Hunk #5 FAILED at 1692. 2 out of 5 hunks FAILED -- saving rejects to file src/structs.h.rej How to solve this problem? PS : I am using redhat9.0 Sarav __ Celebrate Yahoo!'s 10th Birthday! Yahoo! Netrospective: 100 Moments of the Web http://birthday.yahoo.com/netrospective/
Re: [squid-users] x-forwarded-for patch install problem
--- Henrik Nordstrom [EMAIL PROTECTED] wrote: On Wed, 9 Mar 2005, saravanan ganapathy wrote: Hai When I tried to apply follow_xff-2.5.patch on squid-2.5.STABLE9 , I am getting the following error patching file src/structs.h Hunk #1 FAILED at 592. Hunk #2 succeeded at 634 (offset 16 lines). Hunk #3 succeeded at 1619 (offset 7 lines). Hunk #4 succeeded at 1679 (offset 16 lines). Hunk #5 FAILED at 1692. 2 out of 5 hunks FAILED -- saving rejects to file src/structs.h.rej How to solve this problem? Hand edit the files, adding the changes patch could not automatically figure out what to do with (failed/rejected). What are the files to be edited? What are all the changes to be done? Can u pls help me on this? Sarav __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
[squid-users] custom acl for file upload
Hai, I restrict the file size upload in squid using request_body_max_size 1 MB. But I want to increase the limit(say 3 MB) for some sites only. How to write acl for this? Pls help me Note : I am using squid-2.4.STABLE6-6.7.3. Due to some dependency, I am not upgrading to 2.5. So I need the solution for my current version itself Sarav __ Do you Yahoo!? Jazz up your holiday email with celebrity designs. Learn more. http://celebrity.mail.yahoo.com
[squid-users] pac implementation
Hai, I am using squid-2.4.STABLE6-6.7.3 on RH7.2 for some time and now I would like to implement pac with this. This is to use proxy for everything except my local hosts in my domain. I already configured in most of my clients that bypass proxy for my domain. But if I use pac, then though the local sites are not through the proxy, every request will hit the proxy server. Am I correct? Will the proxy server load increase due to pac implementation? Please guide me. Sarav __ Do you Yahoo!? Yahoo! Mail - 50x more storage than other providers! http://promotions.yahoo.com/new_mail
[squid-users] mime type based extension blocking
Hai, I am very new to this group and coudn't find answer for my query in the archives. I want to block certain extensions to get downloaded.(for ex. exe) It works fine with the following rule. acl exe-filter urlpath_regex -i \.exe\?* http_access deny exe-filter But it also blocks urls which contains exe in it, though its not an exe download.I heard that we can solve this issue by implementing squid2.5 and using http_reply_access rep_mime_type. Can you please send me the correct syntax to use for my case? Please help me Sarav __ Do you Yahoo!? Yahoo! Domains Claim yours for only $14.70/year http://smallbusiness.promotions.yahoo.com/offer