Re: [squid-users] Upgrade to 3.4.3 and TCP Connections to parent failing more often

2014-02-19 Thread Paul Carew 
Thank you Eliezer.

There are 2 initial Squid servers, that users connect to, load
balanced in a rather primitive way using a PAC file. Requests destined
for the internet are then relayed to the 2 parent servers via CARP.
All running Squid 3.4.3 on x64 CentOS based boxes.

The "connection failed" errors occur on connections from both of the
first line servers to both of the parent servers.

Load is quite small I believe, CPU usage sit's around 6% for the 5
minute average according to mgr:info. Memory usage is about 3.3GB out
of a 6GB total available on the box.

The connection errors I've looked into have all been regular HTTP connections.

I've been looking at it today and thought I was on to something when I
noticed a lot of TCP RSTs being dropped on a ASA firewall between the
two sets of servers, due to the RST not relating to an open
connection. However, despite alterations to the firewall (sysopt
connection timewait) these errors have persisted.



On 19 February 2014 14:56, Eliezer Croitoru  wrote:
> Are all these servers uses squid?
> I am not sure If I understood right?
> Two forward proxies?
> I will test it on one which is 3.4.3 and the upper one will be 3.4.1.
> What is the load on these servers?
> What type of connections are we talking about? CONNECT or regular http?
>
> Eliezer
>
>
> On 02/17/2014 04:56 PM, Paul Carew wrote:
>>
>> Hi
>>
>> I have recently upgraded our Squid servers from 3.3.11 to 3.4.3 and am
>> seeing the following error every few minutes in the cache log.
>>
>> 2014/02/17 13:43:02 kid1| TCP connection to wwwproxy02.domain.local/8080
>> failed
>>
>> I have 2 servers configured on the LAN which handle connections over a
>> private WAN and 2 other servers on another WAN connected to the
>> internet. The first 2 servers use the second pair of servers connected
>> to the internet as a parent with the following lines in squid.conf:
>>
>> cache_peer wwwproxy01.domain.local parent 8080 0 no-query no-digest carp
>> cache_peer wwwproxy02.domain.local parent 8080 0 no-query no-digest carp
>>
>> With 3.3.11 I occasionally got the error, maybe two or three times daily.
>>
>> Does anyone have any ideas why this might be occurring on 3.4.3 but
>> not 3.3.11? I've had a look at debug_options but can't see a section
>> that screams "debug me" for this particular error. Maybe section 11 or
>> 15?
>>
>> Many Thanks
>>
>> Paul
>>
>

Re: [squid-users] Upgrade to 3.4.3 and TCP Connections to parent failing more often

2014-02-19 Thread Eliezer Croitoru 

Are all these servers uses squid?
I am not sure If I understood right?
Two forward proxies?
I will test it on one which is 3.4.3 and the upper one will be 3.4.1.
What is the load on these servers?
What type of connections are we talking about? CONNECT or regular http?

Eliezer

On 02/17/2014 04:56 PM, Paul Carew wrote:

Hi

I have recently upgraded our Squid servers from 3.3.11 to 3.4.3 and am
seeing the following error every few minutes in the cache log.

2014/02/17 13:43:02 kid1| TCP connection to wwwproxy02.domain.local/8080 failed

I have 2 servers configured on the LAN which handle connections over a
private WAN and 2 other servers on another WAN connected to the
internet. The first 2 servers use the second pair of servers connected
to the internet as a parent with the following lines in squid.conf:

cache_peer wwwproxy01.domain.local parent 8080 0 no-query no-digest carp
cache_peer wwwproxy02.domain.local parent 8080 0 no-query no-digest carp

With 3.3.11 I occasionally got the error, maybe two or three times daily.

Does anyone have any ideas why this might be occurring on 3.4.3 but
not 3.3.11? I've had a look at debug_options but can't see a section
that screams "debug me" for this particular error. Maybe section 11 or
15?

Many Thanks

Paul

[squid-users] Upgrade to 3.4.3 and TCP Connections to parent failing more often

2014-02-17 Thread Paul Carew 
Hi

I have recently upgraded our Squid servers from 3.3.11 to 3.4.3 and am
seeing the following error every few minutes in the cache log.

2014/02/17 13:43:02 kid1| TCP connection to wwwproxy02.domain.local/8080 failed

I have 2 servers configured on the LAN which handle connections over a
private WAN and 2 other servers on another WAN connected to the
internet. The first 2 servers use the second pair of servers connected
to the internet as a parent with the following lines in squid.conf:

cache_peer wwwproxy01.domain.local parent 8080 0 no-query no-digest carp
cache_peer wwwproxy02.domain.local parent 8080 0 no-query no-digest carp

With 3.3.11 I occasionally got the error, maybe two or three times daily.

Does anyone have any ideas why this might be occurring on 3.4.3 but
not 3.3.11? I've had a look at debug_options but can't see a section
that screams "debug me" for this particular error. Maybe section 11 or
15?

Many Thanks

Paul

[squid-users] Upgrade from 2.5 to 3.4.2 > problems with SSL connect and put

2014-02-14 Thread DUPUIS , Stéphane 
Hello everybody.

This is my first post to this list, but today I really need help...
We have a really old server with Debian 3.1 and squid 2.5.
All is working well.

But, yes, time to upgrade :) We want to switch for a new
hardware, running centos 6.3 and squid 3.4.2

To switch servers, we just shutdown the old one,
(after taking the configuration file) and use his IPs on the new one.

For most of our customers, it worked.  But for some of them, It didn't.
We found that when we try to send a file using a "put" inside an SSL tunnel,
something goes wrong.

Client IP : 172.23.122.81
He need to connect (https) and send files to 10.118.123.155 and 10.118.123.156.

We took the squid log file (cache.log) in debug mode. But it's really hard
for me to read something useful inside. The access log don't show anything 
special :

13/Feb/2014:17:38:01 - S=172.23.122.81  D=frhtinet02 - TCP_MISS/200 CONNECT 
frhtinet02:443 - - 1589 131364
13/Feb/2014:17:40:21 - S=172.23.122.81  D=frhtinet01 - TCP_MISS/200 CONNECT 
frhtinet01:443 - - 1582 200513
13/Feb/2014:17:40:51 - S=172.23.122.81  D=frhtinet02 - TCP_MISS/200 CONNECT 
frhtinet02:443 - - 1589 129490
13/Feb/2014:17:42:04 - S=172.23.122.81  D=frhtinet01 - TCP_MISS/200 CONNECT 
frhtinet01:443 - - 1582 132196

(note that frhtinet01 is 10.118.123.155 and frhtinet02 is 10.118.123.156).

The cache.log file between 2014/02/13 17:40:00 and 2014/02/13 17:42:59.490 is
available here :
https://ftpext.bouyguestelecom.fr/cache.log?local_ident=6125350&u=6xsQ3VN2LNyWTJN2hc3UeVeoR6Fiseo

(this file will only stay online for 7 days)
Warning, there are other transfers occurring at that time, that the one we're 
talking about.
For example all url with "ptlfrtsoap" in them are irrelevant.

The only error I found inside this log, that could be link to our case is :
tunnel.cc(428) error: local=172.31.77.52:49509 remote=10.118.123.155:443 FD 21 
flags=1: read/write failure: (104) Connection reset by peer

But the server we are trying to connect to for sending files don't seems to 
have any problems.
If we go back with the old box (debian 3.1/squid 2.5) all is working well.

Any idea are welcome, and thanks for taking time to read me.



L'intégrité de ce message n'étant pas assurée sur internet, la société 
expéditrice ne peut être tenue responsable de son contenu ni de ses pièces 
jointes. Toute utilisation ou diffusion non autorisée est interdite. Si vous 
n'êtes pas destinataire de ce message, merci de le détruire et d'avertir 
l'expéditeur.

The integrity of this message cannot be guaranteed on the Internet. The company 
that sent this message cannot therefore be held liable for its content nor 
attachments. Any unauthorized use or dissemination is prohibited. If you are 
not the intended recipient of this message, then please delete it and notify 
the sender.

Re: [squid-users] Upgrade of SQUID from 3.1 to 3.2 on Freebsd 8.3

2013-01-14 Thread Amos Jeffries 

On 15/01/2013 5:00 a.m., Leslie Jensen wrote:



2013-01-14 16:05, Eliezer Croitoru skrev:

On 1/14/2013 1:48 PM, Leslie Jensen wrote:


I've now upgraded squid to 3.2 and rewritten the firewall rule that
resulted in a forwarding loop.

Unfortunately I've got no access now and I can't see where I've made 
the

error.

The browser says squid is rejecting the requests:
Access control configuration prevents your request from being 
allowed at

this time.


1358162295.975  0 172.18.0.1 TCP_MISS/403 4052 GET
http://www.skatteverket.se/ - HIER_NONE/- text/html
1358162295.976 11 172.18.0.102 TCP_MISS/403 4137 GET
http://www.skatteverket.se/ - HIER_DIRECT/172.18.0.1 text/html
1358162296.110  0 172.18.0.1 TCP_MISS/403 4166 GET
http://www.squid-cache.org/Artwork/SN.png - HIER_NONE/- text/html
1358162296.110 99 172.18.0.102 TCP_MISS/403 4251 GET
http://www.squid-cache.org/Artwork/SN.png - HIER_DIRECT/172.18.0.1
text/html
1358162296.219  0 172.18.0.1 TCP_MISS/403 4058 GET
http://www.skatteverket.se/favicon.ico - HIER_NONE/- text/html
1358162296.219  1 172.18.0.102 TCP_MISS/403 4143 GET
http://www.skatteverket.se/favicon.ico - HIER_DIRECT/172.18.0.1 
text/html

1358162296.239  0 172.18.0.1 TCP_MISS/403 4090 GET
http://www.skatteverket.se/favicon.ico - HIER_NONE/- text/html
1358162296.240  1 172.18.0.102 TCP_MISS/403 4175 GET
http://www.skatteverket.se/favicon.ico - HIER_DIRECT/172.18.0.1 
text/html




Look closly.. it's not squid.
if it was squid you would have seen TCP_DENIED.
you get a TCP_MISS which squid is ok with but a remote server DENIES you
with a 403 response.


Looking even closer there is a HEIR_NONE showing the frst TCP_MISS we 
from Squid.


I think there are two bugs here:
1) the Host verification logic is resulting in TCP_MISS being logged 
instead of TCP_DENIED on its 403 rejection.


2) his firewall intercept rules are catching Squid outbound traffic and 
redirecting it to Squid.




I would say it looks pretty bad since every request seems to go into
squid from two IP addresses which is like a loop.. but one which squid
can not recognize from an unknown reason.


172.18.0.1 is Squids own IP.





What have you done in the firewall to prevent the forwarding loop?

By the way did you tried to have a rule that allows all web requests
from the local machine of the proxy to not be intercepted?

Regards,
Eliezer


I've tried two things.

First I disabled the rule that redirects the web traffic so that it 
goes directly to the Internet.


It works.

Then with the above rule still disabled I made the browser aware of 
the proxy by setting it manually in the browser settings.


Then I get the same behaviour.

I'm aware that tcp_miss should not be squid but with the redirecting 
rule disabled I do not quite understand where it goes wrong.


I'll look into your suggestion and see if it helps.

Thanks :-)

/Leslie

Re: [squid-users] Upgrade of SQUID from 3.1 to 3.2 on Freebsd 8.3

2013-01-14 Thread Leslie Jensen 



2013-01-14 16:05, Eliezer Croitoru skrev:

On 1/14/2013 1:48 PM, Leslie Jensen wrote:


I've now upgraded squid to 3.2 and rewritten the firewall rule that
resulted in a forwarding loop.

Unfortunately I've got no access now and I can't see where I've made the
error.

The browser says squid is rejecting the requests:
Access control configuration prevents your request from being allowed at
this time.


1358162295.975  0 172.18.0.1 TCP_MISS/403 4052 GET
http://www.skatteverket.se/ - HIER_NONE/- text/html
1358162295.976 11 172.18.0.102 TCP_MISS/403 4137 GET
http://www.skatteverket.se/ - HIER_DIRECT/172.18.0.1 text/html
1358162296.110  0 172.18.0.1 TCP_MISS/403 4166 GET
http://www.squid-cache.org/Artwork/SN.png - HIER_NONE/- text/html
1358162296.110 99 172.18.0.102 TCP_MISS/403 4251 GET
http://www.squid-cache.org/Artwork/SN.png - HIER_DIRECT/172.18.0.1
text/html
1358162296.219  0 172.18.0.1 TCP_MISS/403 4058 GET
http://www.skatteverket.se/favicon.ico - HIER_NONE/- text/html
1358162296.219  1 172.18.0.102 TCP_MISS/403 4143 GET
http://www.skatteverket.se/favicon.ico - HIER_DIRECT/172.18.0.1 text/html
1358162296.239  0 172.18.0.1 TCP_MISS/403 4090 GET
http://www.skatteverket.se/favicon.ico - HIER_NONE/- text/html
1358162296.240  1 172.18.0.102 TCP_MISS/403 4175 GET
http://www.skatteverket.se/favicon.ico - HIER_DIRECT/172.18.0.1 text/html



Look closly.. it's not squid.
if it was squid you would have seen TCP_DENIED.
you get a TCP_MISS which squid is ok with but a remote server DENIES you
with a 403 response.

I would say it looks pretty bad since every request seems to go into
squid from two IP addresses which is like a loop.. but one which squid
can not recognize from an unknown reason.

What have you done in the firewall to prevent the forwarding loop?

By the way did you tried to have a rule that allows all web requests
from the local machine of the proxy to not be intercepted?

Regards,
Eliezer


I've tried two things.

First I disabled the rule that redirects the web traffic so that it goes 
directly to the Internet.


It works.

Then with the above rule still disabled I made the browser aware of the 
proxy by setting it manually in the browser settings.


Then I get the same behaviour.

I'm aware that tcp_miss should not be squid but with the redirecting 
rule disabled I do not quite understand where it goes wrong.


I'll look into your suggestion and see if it helps.

Thanks :-)

/Leslie

Re: [squid-users] Upgrade of SQUID from 3.1 to 3.2 on Freebsd 8.3

2013-01-14 Thread Eliezer Croitoru 

On 1/14/2013 1:48 PM, Leslie Jensen wrote:


I've now upgraded squid to 3.2 and rewritten the firewall rule that
resulted in a forwarding loop.

Unfortunately I've got no access now and I can't see where I've made the
error.

The browser says squid is rejecting the requests:
Access control configuration prevents your request from being allowed at
this time.


1358162295.975  0 172.18.0.1 TCP_MISS/403 4052 GET
http://www.skatteverket.se/ - HIER_NONE/- text/html
1358162295.976 11 172.18.0.102 TCP_MISS/403 4137 GET
http://www.skatteverket.se/ - HIER_DIRECT/172.18.0.1 text/html
1358162296.110  0 172.18.0.1 TCP_MISS/403 4166 GET
http://www.squid-cache.org/Artwork/SN.png - HIER_NONE/- text/html
1358162296.110 99 172.18.0.102 TCP_MISS/403 4251 GET
http://www.squid-cache.org/Artwork/SN.png - HIER_DIRECT/172.18.0.1
text/html
1358162296.219  0 172.18.0.1 TCP_MISS/403 4058 GET
http://www.skatteverket.se/favicon.ico - HIER_NONE/- text/html
1358162296.219  1 172.18.0.102 TCP_MISS/403 4143 GET
http://www.skatteverket.se/favicon.ico - HIER_DIRECT/172.18.0.1 text/html
1358162296.239  0 172.18.0.1 TCP_MISS/403 4090 GET
http://www.skatteverket.se/favicon.ico - HIER_NONE/- text/html
1358162296.240  1 172.18.0.102 TCP_MISS/403 4175 GET
http://www.skatteverket.se/favicon.ico - HIER_DIRECT/172.18.0.1 text/html



Look closly.. it's not squid.
if it was squid you would have seen TCP_DENIED.
you get a TCP_MISS which squid is ok with but a remote server DENIES you 
with a 403 response.


I would say it looks pretty bad since every request seems to go into 
squid from two IP addresses which is like a loop.. but one which squid 
can not recognize from an unknown reason.


What have you done in the firewall to prevent the forwarding loop?

By the way did you tried to have a rule that allows all web requests 
from the local machine of the proxy to not be intercepted?


Regards,
Eliezer

Re: [squid-users] Upgrade of SQUID from 3.1 to 3.2 on Freebsd 8.3

2013-01-14 Thread Leslie Jensen 


I've now upgraded squid to 3.2 and rewritten the firewall rule that 
resulted in a forwarding loop.


Unfortunately I've got no access now and I can't see where I've made the 
error.


The browser says squid is rejecting the requests:
Access control configuration prevents your request from being allowed at 
this time.



1358162295.975  0 172.18.0.1 TCP_MISS/403 4052 GET 
http://www.skatteverket.se/ - HIER_NONE/- text/html
1358162295.976 11 172.18.0.102 TCP_MISS/403 4137 GET 
http://www.skatteverket.se/ - HIER_DIRECT/172.18.0.1 text/html
1358162296.110  0 172.18.0.1 TCP_MISS/403 4166 GET 
http://www.squid-cache.org/Artwork/SN.png - HIER_NONE/- text/html
1358162296.110 99 172.18.0.102 TCP_MISS/403 4251 GET 
http://www.squid-cache.org/Artwork/SN.png - HIER_DIRECT/172.18.0.1 text/html
1358162296.219  0 172.18.0.1 TCP_MISS/403 4058 GET 
http://www.skatteverket.se/favicon.ico - HIER_NONE/- text/html
1358162296.219  1 172.18.0.102 TCP_MISS/403 4143 GET 
http://www.skatteverket.se/favicon.ico - HIER_DIRECT/172.18.0.1 text/html
1358162296.239  0 172.18.0.1 TCP_MISS/403 4090 GET 
http://www.skatteverket.se/favicon.ico - HIER_NONE/- text/html
1358162296.240  1 172.18.0.102 TCP_MISS/403 4175 GET 
http://www.skatteverket.se/favicon.ico - HIER_DIRECT/172.18.0.1 text/html



My squid.conf

---
http_port 172.18.0.1:8080 intercept
http_port 127.0.0.1:8080
cache_mem 32 MB
maximum_object_size 100 MB
cache_dir ufs /usr/local/squid/cache 1024 16 256
cache_store_log none
access_log /usr/local/squid/logs/access.log squid
logfile_rotate 2
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
refresh_pattern ^ftp:   144020% 10080
refresh_pattern ^gopher:14400%  1440
refresh_pattern -i (cgi-bin|\?)00%  0
refresh_pattern .   0   20% 4320
acl localnet src 172.18.0.1-172.18.0.254
acl SSL_ports port 443
acl Safe_ports port 80  # http
acl Safe_ports port 21  # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 591 # filemaker
acl CONNECT method CONNECT
acl PURGE method PURGE
http_access allow manager localhost
http_access deny manager
http_access allow PURGE localhost
http_access deny PURGE
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access allow localnet
http_access deny all
icp_access allow localnet
icp_access deny all
visible_hostname machine01.no-ip.org
cache_mgr mym...@domain.se
buffered_logs on
coredump_dir /usr/local/squid/cache
---

Re: [squid-users] Upgrade of SQUID from 3.1 to 3.2 on Freebsd 8.3

2012-11-27 Thread Eliezer Croitoru 



On 11/22/2012 12:14 PM, Leslie Jensen wrote:
<>

At the moment I've reverted back to 3.1 but I would like to make a
successful upgrade :-)


Thanks

/Leslie


It seems to me like there is a problem in your NAT settings in PF.
but I didnt tested it.
I have been using this:
##start
ext_if=em0
int_if=em1
rede="{192.168.11.0/24}"


nat on $ext_if from $rede to any -> ($ext_if)

#rdr on $ext_if inet proto tcp to port 22 -> 192.168.1.102 22
#set skip on $int_if << These lines commented out
#set skip on $wi_if

# redirect only IPv4 web traffic to squid
rdr pass inet proto tcp from 192.168.11.0/24 to any port 80 -> 127.0.0.1 
port 3129


#block in
pass in quick on $int_if
pass in quick on $ext_if
pass out keep state
##end

with: squid.conf
#
# Recommended minimum configuration:
#

# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12  # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl localnet src fc00::/7   # RFC 4193 local private network range
acl localnet src fe80::/10  # RFC 4291 link-local (directly plugged) 
machines


acl SSL_ports port 443
acl Safe_ports port 80  # http
acl Safe_ports port 21  # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70  # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT

#
# Recommended minimum Access Permission configuration:
#
# Only allow cachemgr access from localhost
http_access allow localhost manager
http_access deny manager

# Deny requests to certain unsafe ports
http_access deny !Safe_ports

# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports

# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on "localhost" is a local user
#http_access deny to_localhost

#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#

# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
http_access allow localnet
http_access allow localhost

# And finally deny all other access to this proxy
http_access deny all

# Squid normally listens to port 3128
http_port 3128
http_port 3129 intercept

# Uncomment and adjust the following to add a disk cache directory.
#cache_dir ufs /usr/local/squid/var/cache/squid 100 16 256

# Leave coredumps in the first cache dir
coredump_dir /usr/local/squid/var/cache/squid

# Add any of your own refresh_pattern entries above these.
refresh_pattern ^ftp:   144020% 10080
refresh_pattern ^gopher:14400%  1440
refresh_pattern -i (/cgi-bin/|\?) 0 0%  0
refresh_pattern .   0   20% 4320

cache_effective_user squid
##end

and it seems to work fine.

I compiled squid with basic
./configure --enable-pf-transparent

nothing more.

Regards,
Eliezer

--
Eliezer Croitoru
https://www1.ngtech.co.il
sip:ngt...@sip2sip.info
IT consulting for Nonprofit organizations
eliezer  ngtech.co.il

Re: [squid-users] Upgrade of SQUID from 3.1 to 3.2 on Freebsd 8.3

2012-11-24 Thread Eliezer Croitoru 

Ho,

This is another story.
it seems to me like you configured something wrong in you IPFW.
It might be connected to squid but not directly.

Take a look at this Example and make sure what your settings are:
http://wiki.squid-cache.org/ConfigExamples/Intercept/Ipfw

What can be the problem is lack of definition of the SRC\CLIENTS 
interface interception only.


Hope it will help you.
if you can share you IPFW rules\script it will be helpful to others.

Regards,
Eliezer

On 11/24/2012 3:18 PM, Leslie Jensen wrote:



I've rebuild and installed version 3.2

The message below comes with every site I try to connect to.
I understand that a forwarding loop is not good but I fail to see the
cause.



2012/11/24 14:10:09 kid1| WARNING: Forwarding loop detected for:
GET /Artwork/SN.png HTTP/1.1^M
Host: www.squid-cache.org^M
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:6.0.2)
Gecko/20100101 Firefox
/6.0.2^M
Accept: image/png,image/*;q=0.8,*/*;q=0.5^M
Accept-Language: sv-se,sv;q=0.8,en-us;q=0.5,en;q=0.3^M
Accept-Encoding: gzip, deflate^M
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7^M
Referer: http://www.aftonbladet.se/^M
Via: 1.1 dentista01.no-ip.org (squid/3.2.3)^M
X-Forwarded-For: 172.18.0.100^M
Cache-Control: max-age=259200^M
Connection: keep-alive^M


Thanks

/Leslie


--
Eliezer Croitoru
https://www1.ngtech.co.il
sip:ngt...@sip2sip.info
IT consulting for Nonprofit organizations
eliezer  ngtech.co.il

Re: [squid-users] Upgrade of SQUID from 3.1 to 3.2 on Freebsd 8.3

2012-11-24 Thread Leslie Jensen 



Eliezer Croitoru skrev 2012-11-23 09:13:



On 11/23/2012 10:00 AM, Leslie Jensen wrote:

I'm not really sure that I understand the meaning or effect of the
above. We do not have browsers configured with proxy. When I set this up
a few years back the whole idea was that the users should not have to
make any configuration of the browser.

Maybe that's why we got the error with 3.2?

So if I understand correctly this is what I should do


 http_port 127.0.0.1:8080 intercept
 http_port 172.18.0.1:8080 intercept
 http_port 127.0.0.1:8080
 http_port 172.18.0.1:8080


The above settings cannot exist!
this is since you are using one port paired with IP for intercept.
squid must have one http_port XXX what ever if you will use it or not.
if you have one port used for either intercept or regular forward proxy
you can't use for another whatever use you want so:

http_port 172.18.0.1:8080 intercept
http_port 127.0.0.1:8080

should be what need.

Also I dont know why you should have a 127.0.0.1:8080 with intercept on
the same line.

I have never seen a use for that in real world unless you are
intercepting the local outgoing connections which I doubt is good.
But it's your needs.

Regards,
Eliezer








I've rebuild and installed version 3.2

The message below comes with every site I try to connect to.
I understand that a forwarding loop is not good but I fail to see the cause.



2012/11/24 14:10:09 kid1| WARNING: Forwarding loop detected for:
GET /Artwork/SN.png HTTP/1.1^M
Host: www.squid-cache.org^M
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:6.0.2) Gecko/20100101 Firefox
/6.0.2^M
Accept: image/png,image/*;q=0.8,*/*;q=0.5^M
Accept-Language: sv-se,sv;q=0.8,en-us;q=0.5,en;q=0.3^M
Accept-Encoding: gzip, deflate^M
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7^M
Referer: http://www.aftonbladet.se/^M
Via: 1.1 dentista01.no-ip.org (squid/3.2.3)^M
X-Forwarded-For: 172.18.0.100^M
Cache-Control: max-age=259200^M
Connection: keep-alive^M


Thanks

/Leslie

Re: [squid-users] Upgrade of SQUID from 3.1 to 3.2 on Freebsd 8.3

2012-11-23 Thread Leslie Jensen 



Eliezer Croitoru skrev 2012-11-23 09:13:







The above settings cannot exist!
this is since you are using one port paired with IP for intercept.
squid must have one http_port XXX what ever if you will use it or not.
if you have one port used for either intercept or regular forward proxy
you can't use for another whatever use you want so:

http_port 172.18.0.1:8080 intercept
http_port 127.0.0.1:8080

should be what need.

Also I dont know why you should have a 127.0.0.1:8080 with intercept on
the same line.

I have never seen a use for that in real world unless you are
intercepting the local outgoing connections which I doubt is good.
But it's your needs.

Regards,
Eliezer



Thank you!

I've made the change.

When I first set up this machine it was with squid version 2.6 or 2.7 if 
I remember correctly. It is set up with pf so that all outgoing http 
traffic should go through squid.


I followed instructions on the pf website and I also got advise from 
this list.


The configuration file has been along all the time and I might not have 
been totally observant for changes that where introduced in the various 
squid versions. As long as it has been working I've been happy.


With squid running so well I've not had to bother with configuration and 
therefore I'm sure I've forgot why I did certain configurations. That's 
why I comment a lot in the config file.


I really appreciate your help and I'm very open for suggestions that 
optimizes what I already have.


/Leslie

Re: [squid-users] Upgrade of SQUID from 3.1 to 3.2 on Freebsd 8.3

2012-11-23 Thread Eliezer Croitoru 



On 11/23/2012 10:00 AM, Leslie Jensen wrote:

I'm not really sure that I understand the meaning or effect of the
above. We do not have browsers configured with proxy. When I set this up
a few years back the whole idea was that the users should not have to
make any configuration of the browser.

Maybe that's why we got the error with 3.2?

So if I understand correctly this is what I should do


 http_port 127.0.0.1:8080 intercept
 http_port 172.18.0.1:8080 intercept
 http_port 127.0.0.1:8080
 http_port 172.18.0.1:8080


The above settings cannot exist!
this is since you are using one port paired with IP for intercept.
squid must have one http_port XXX what ever if you will use it or not.
if you have one port used for either intercept or regular forward proxy 
you can't use for another whatever use you want so:


http_port 172.18.0.1:8080 intercept
http_port 127.0.0.1:8080

should be what need.

Also I dont know why you should have a 127.0.0.1:8080 with intercept on 
the same line.


I have never seen a use for that in real world unless you are 
intercepting the local outgoing connections which I doubt is good.

But it's your needs.

Regards,
Eliezer

--
Eliezer Croitoru
https://www1.ngtech.co.il
sip:ngt...@sip2sip.info
IT consulting for Nonprofit organizations
eliezer  ngtech.co.il

Re: [squid-users] Upgrade of SQUID from 3.1 to 3.2 on Freebsd 8.3

2012-11-23 Thread Leslie Jensen 



Amos Jeffries skrev 2012-11-23 03:14:



+ 3.2 intercept port receiving forward-proxy requests will reject them
due to NAT failure/lies.

+ 3.2 Host header validation *will* reject if forward traffic is
validated as being intercepted.


** you need at minimum to add a http_port line without "intercept" on it
for the Squid icons and configured browsers to fetch from.




I'm not really sure that I understand the meaning or effect of the 
above. We do not have browsers configured with proxy. When I set this up 
a few years back the whole idea was that the users should not have to 
make any configuration of the browser.


Maybe that's why we got the error with 3.2?

So if I understand correctly this is what I should do


http_port 127.0.0.1:8080 intercept
http_port 172.18.0.1:8080 intercept
http_port 127.0.0.1:8080
http_port 172.18.0.1:8080


Thanks

/Leslie

Re: [squid-users] Upgrade of SQUID from 3.1 to 3.2 on Freebsd 8.3

2012-11-22 Thread Leslie Jensen 



Amos Jeffries skrev 2012-11-23 03:14:

On 23/11/2012 11:45 a.m., Eliezer Croitoru wrote:

The basic thing is to know he IP address of the client since you are
allowing only specific number of IP addresses to use the proxy.
You can send it to me on my private mail and just the relevant
"denied" lines are what I need.

Regards,
Eliezer

On 11/22/2012 4:41 PM, Leslie Jensen wrote:



Eliezer Croitoru skrev 2012-11-22 15:19:

Next time just clean the file first to make it more readable:
use the command cat squid.conf|sed 's/^[ \t]*//'|sed 's/^#.*//'|sed
'/^$/d'

##start



##end

it seems to me like forward proxy and the only reason I can think of to
not work is:
Missing credentials related settings.
With the current config file squid only allows users with specific SRC
ip which are only localhost\127.0.0.1/8 and a range of 172.18.0.0/24/
Also you didnt posted the access.log output for the request but it seem
like you have one missing ACL.


+ 3.2 intercept port receiving forward-proxy requests will reject them
due to NAT failure/lies.

+ 3.2 Host header validation *will* reject if forward traffic is
validated as being intercepted.


** you need at minimum to add a http_port line without "intercept" on it
for the Squid icons and configured browsers to fetch from.


Also, on checking the config file there are some minor anoyances which
will be adding extra warnings into your cache.log:

  * the "QUERY" ACL is now deprecated. You should remove it from your
config along with the "no_cache" (obsolete by itself) directive that
uses it.

* the hierarchy_stoplist is also deprecated and causes slightly more
harm than good. Can be removed.

* default refresh pattern is outdated. The current CGI pattern is "
refresh_pattern -i (/cgi-bin/|\?)0 0% 0   "

* remove localhost ACL re-definition. Using the old definition will
cause existing Squid to not even start. Fix for that has yet to be
published.

* remove localhost ACL re-definition

* remove to_localhost ACL re-definition


Amos


Thank you for all the good advise.

I couldn't find any denied lines in the log!

I'll run another test with 3.2 in the weekend using Amos suggestions and 
report back from that.


/Leslie

Re: [squid-users] Upgrade of SQUID from 3.1 to 3.2 on Freebsd 8.3

2012-11-22 Thread Amos Jeffries 

On 23/11/2012 11:45 a.m., Eliezer Croitoru wrote:
The basic thing is to know he IP address of the client since you are 
allowing only specific number of IP addresses to use the proxy.
You can send it to me on my private mail and just the relevant 
"denied" lines are what I need.


Regards,
Eliezer

On 11/22/2012 4:41 PM, Leslie Jensen wrote:



Eliezer Croitoru skrev 2012-11-22 15:19:

Next time just clean the file first to make it more readable:
use the command cat squid.conf|sed 's/^[ \t]*//'|sed 's/^#.*//'|sed
'/^$/d'

##start



##end

it seems to me like forward proxy and the only reason I can think of to
not work is:
Missing credentials related settings.
With the current config file squid only allows users with specific SRC
ip which are only localhost\127.0.0.1/8 and a range of 172.18.0.0/24/
Also you didnt posted the access.log output for the request but it seem
like you have one missing ACL.


+ 3.2 intercept port receiving forward-proxy requests will reject them 
due to NAT failure/lies.


+ 3.2 Host header validation *will* reject if forward traffic is 
validated as being intercepted.



** you need at minimum to add a http_port line without "intercept" on it 
for the Squid icons and configured browsers to fetch from.



Also, on checking the config file there are some minor anoyances which 
will be adding extra warnings into your cache.log:


 * the "QUERY" ACL is now deprecated. You should remove it from your 
config along with the "no_cache" (obsolete by itself) directive that 
uses it.


* the hierarchy_stoplist is also deprecated and causes slightly more 
harm than good. Can be removed.


* default refresh pattern is outdated. The current CGI pattern is " 
refresh_pattern -i (/cgi-bin/|\?)0 0% 0   "


* remove localhost ACL re-definition. Using the old definition will 
cause existing Squid to not even start. Fix for that has yet to be 
published.


* remove localhost ACL re-definition

* remove to_localhost ACL re-definition


Amos

Re: [squid-users] Upgrade of SQUID from 3.1 to 3.2 on Freebsd 8.3

2012-11-22 Thread Eliezer Croitoru 
The basic thing is to know he IP address of the client since you are 
allowing only specific number of IP addresses to use the proxy.
You can send it to me on my private mail and just the relevant "denied" 
lines are what I need.


Regards,
Eliezer

On 11/22/2012 4:41 PM, Leslie Jensen wrote:



Eliezer Croitoru skrev 2012-11-22 15:19:

Next time just clean the file first to make it more readable:
use the command cat squid.conf|sed 's/^[ \t]*//'|sed 's/^#.*//'|sed
'/^$/d'

##start



##end

it seems to me like forward proxy and the only reason I can think of to
not work is:
Missing credentials related settings.
With the current config file squid only allows users with specific SRC
ip which are only localhost\127.0.0.1/8 and a range of 172.18.0.0/24/
Also you didnt posted the access.log output for the request but it seem
like you have one missing ACL.

What are the IPFW rules for interception?

Eliezer



I'll remember to clean the file next time.

I've got the access.log. It's quite a large file and there are no
timestamps so that I could clean it and post the relevant information.

How should I do?

Thanks

/Leslie




--
Eliezer Croitoru
https://www1.ngtech.co.il
IT consulting for Nonprofit organizations
eliezer  ngtech.co.il

Re: [squid-users] Upgrade of SQUID from 3.1 to 3.2 on Freebsd 8.3

2012-11-22 Thread Leslie Jensen 



Eliezer Croitoru skrev 2012-11-22 15:19:

Next time just clean the file first to make it more readable:
use the command cat squid.conf|sed 's/^[ \t]*//'|sed 's/^#.*//'|sed '/^$/d'

##start
http_port 127.0.0.1:8080 intercept
http_port 172.18.0.1:8080 intercept
hierarchy_stoplist cgi-bin ? php asp
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_mem 32 MB
maximum_object_size 100 MB
cache_dir ufs /usr/local/squid/cache 1024 16 256
cache_store_log none
access_log /usr/local/squid/logs/access.log squid
logfile_rotate 2
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
refresh_pattern ^ftp:   144020% 10080
refresh_pattern ^gopher:14400%  1440
refresh_pattern (cgi-bin|\?)0   0%  0
refresh_pattern .   0   20% 4320
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
#acl localnet src 172.18.0.1-172.18.0.254
#try to change this into
acl localnet src 172.18.0.0/24

acl SSL_ports port 443
acl Safe_ports port 80  # http
acl Safe_ports port 21  # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 591 # filemaker
acl CONNECT method CONNECT
acl PURGE method PURGE
http_access allow manager localhost
http_access deny manager
http_access allow PURGE localhost
http_access deny PURGE
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access allow localnet
http_access deny all
icp_access allow localnet
icp_access deny all
#remove these if you want to remove something
visible_hostname 
cache_mgr YYY
buffered_logs on
coredump_dir /usr/local/squid/cache
##end

it seems to me like forward proxy and the only reason I can think of to
not work is:
Missing credentials related settings.
With the current config file squid only allows users with specific SRC
ip which are only localhost\127.0.0.1/8 and a range of 172.18.0.0/24/
Also you didnt posted the access.log output for the request but it seem
like you have one missing ACL.

What are the IPFW rules for interception?

Eliezer



I'll remember to clean the file next time.

I've got the access.log. It's quite a large file and there are no 
timestamps so that I could clean it and post the relevant information.


How should I do?

Thanks

/Leslie

Re: [squid-users] Upgrade of SQUID from 3.1 to 3.2 on Freebsd 8.3

2012-11-22 Thread Eliezer Croitoru 

Next time just clean the file first to make it more readable:
use the command cat squid.conf|sed 's/^[ \t]*//'|sed 's/^#.*//'|sed '/^$/d'

##start
http_port 127.0.0.1:8080 intercept
http_port 172.18.0.1:8080 intercept
hierarchy_stoplist cgi-bin ? php asp
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_mem 32 MB
maximum_object_size 100 MB
cache_dir ufs /usr/local/squid/cache 1024 16 256
cache_store_log none
access_log /usr/local/squid/logs/access.log squid
logfile_rotate 2
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
refresh_pattern ^ftp:   144020% 10080
refresh_pattern ^gopher:14400%  1440
refresh_pattern (cgi-bin|\?)0   0%  0
refresh_pattern .   0   20% 4320
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
#acl localnet src 172.18.0.1-172.18.0.254
#try to change this into
acl localnet src 172.18.0.0/24

acl SSL_ports port 443
acl Safe_ports port 80  # http
acl Safe_ports port 21  # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 591 # filemaker
acl CONNECT method CONNECT
acl PURGE method PURGE
http_access allow manager localhost
http_access deny manager
http_access allow PURGE localhost
http_access deny PURGE
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access allow localnet
http_access deny all
icp_access allow localnet
icp_access deny all
#remove these if you want to remove something
visible_hostname 
cache_mgr YYY
buffered_logs on
coredump_dir /usr/local/squid/cache
##end

it seems to me like forward proxy and the only reason I can think of to 
not work is:

Missing credentials related settings.
With the current config file squid only allows users with specific SRC 
ip which are only localhost\127.0.0.1/8 and a range of 172.18.0.0/24/
Also you didnt posted the access.log output for the request but it seem 
like you have one missing ACL.


What are the IPFW rules for interception?

Eliezer

On 11/22/2012 3:39 PM, Leslie Jensen wrote:



Amos Jeffries skrev 2012-11-22 13:24:

On 23/11/2012 12:28 a.m., Leslie Jensen wrote:



Pavel Bychykhin skrev 2012-11-22 12:15:



22.11.2012 12:14, Leslie Jensen пишет:

Hi list.

I just upgraded Squid from 3.1 to 3.2 on my Freebsd version 8.3

In my squid.conf I had the following lines that I got complaints from
when starting squid after the upgrade.

---
  Define access control lists
#   acl all is defined by default in version 3.0 STABLE

acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8



You should to remove all 3 entires from squid.conf, as they all are
predefined in squid 3.2



As I wrote, I did so but the users now get the error I described.



ACCESS_DENIED is an explicit ACL rejection. Your configuration details,
as well as that domain name and client IP you elided are important to
track this down.

Also, are you using a forward proxy?
   interception proxy? (how?)
   reverse proxy?
or a mixture of the above?

Amos



Sorry about that. With squid working with my conf file at version 3.1
but not 3.2 I didn't realise that the domain name would be important.

Here's my config file attached and the complete error message.


CacheHost: dentista01.no-ip.org
ErrPage: ERR_ACCESS_DENIED
Err: [none]
TimeStamp: Wed, 21 Nov 2012 07:47:59 GMT

ClientIP: 172.18.0.1

HTTP Request:
GET / HTTP/1.1
Host: www.praktikertjanst.se
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:16.0) Gecko/20100101
Firefox/16.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: sv-SE,sv;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Cookie: CP=null*; Vizzit=pn1180RxoESjRcHErLVI3Q==:1328713777
Via: 1.1 dentista01.no-ip.org (squid/3.2.3)
X-Forwarded-For: 172.18.0.101
Cache-Control: max-age=259200
Connection: keep-alive

Thanks

/Leslie




--
Eliezer Croitoru
https://www1.ngtech.co.il
IT consulting for Nonprofit organizations
eliezer  ngtech.co.il

Re: [squid-users] Upgrade of SQUID from 3.1 to 3.2 on Freebsd 8.3

2012-11-22 Thread Leslie Jensen 



Amos Jeffries skrev 2012-11-22 13:24:

On 23/11/2012 12:28 a.m., Leslie Jensen wrote:



Pavel Bychykhin skrev 2012-11-22 12:15:



22.11.2012 12:14, Leslie Jensen пишет:

Hi list.

I just upgraded Squid from 3.1 to 3.2 on my Freebsd version 8.3

In my squid.conf I had the following lines that I got complaints from
when starting squid after the upgrade.

---
  Define access control lists
#   acl all is defined by default in version 3.0 STABLE

acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8



You should to remove all 3 entires from squid.conf, as they all are
predefined in squid 3.2



As I wrote, I did so but the users now get the error I described.



ACCESS_DENIED is an explicit ACL rejection. Your configuration details,
as well as that domain name and client IP you elided are important to
track this down.

Also, are you using a forward proxy?
   interception proxy? (how?)
   reverse proxy?
or a mixture of the above?

Amos



Sorry about that. With squid working with my conf file at version 3.1 
but not 3.2 I didn't realise that the domain name would be important.


Here's my config file attached and the complete error message.


CacheHost: dentista01.no-ip.org
ErrPage: ERR_ACCESS_DENIED
Err: [none]
TimeStamp: Wed, 21 Nov 2012 07:47:59 GMT

ClientIP: 172.18.0.1

HTTP Request:
GET / HTTP/1.1
Host: www.praktikertjanst.se
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:16.0) Gecko/20100101
Firefox/16.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: sv-SE,sv;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Cookie: CP=null*; Vizzit=pn1180RxoESjRcHErLVI3Q==:1328713777
Via: 1.1 dentista01.no-ip.org (squid/3.2.3)
X-Forwarded-For: 172.18.0.101
Cache-Control: max-age=259200
Connection: keep-alive

Thanks

/Leslie


#   Squid listens on the loopback and on
#   the internal interface (8080 port)

#   If you run Squid on a dual-homed machine with an internal
#   and an external interface we recommend you to specify the
#   internal address:port in http_port.
#   This way Squid will only be visible on the internal address.
#   transparent to work with PF

# In Squid 3.1+ the transparent option has been split.
# Use 'intercept to catch PF packets.
#
#   http_port 127.0.0.1:8080 transparent
http_port 127.0.0.1:8080 intercept
#   http_port 172.18.0.1:8080 transparent
http_port 172.18.0.1:8080 intercept

#   Words defined in this tag when matched in the URLs,
#   directs squid not to query caches.
#   For example dynamic content - php or asp pages.

hierarchy_stoplist cgi-bin ? php asp
acl QUERY urlpath_regex cgi-bin \?
   no_cache deny QUERY

#   Specify the amount of RAM, to be used for caching the
#   so called: In-Transit objects, Hot Objects,
#   Negative-Cached objects.

cache_mem 32 MB

#   If a file size is less than - 100 MB,
#   squid will place it in cache

maximum_object_size 100 MB

#   Define the path to cache directory where all objects
#   which are to be cached are stored:
#   1024 - is the amount of disk space (MB)
#   to use under /usr/local/squid/cache directory
#   16 - is the number of first-level subdirectories
#   which will be created under the
#   /usr/local/squid/cache directory
#   256 - is the number of second-level
#   subdirectories which will be created under
#   each first-level directory
#   Specify the amount of RAM, to be used for caching the
#   so called: In-Transit objects, Hot Objects,
#   Negative-Cached objects.

cache_mem 32 MB

#   If a file size is less than - 100 MB,
#   squid will place it in cache

maximum_object_size 100 MB

#   Define the path to cache directory where all objects
#   which are to be cached are stored:
#   1024 - is the amount of disk space (MB)
#   to use under /usr/local/squid/cache directory
#   16 - is the number of first-level subdirectories
#   which will be created under the
#   /usr/local/squid/cache directory
#   256 - is the number of second-level
#   subdirectories which will be created under
#

Re: [squid-users] Upgrade of SQUID from 3.1 to 3.2 on Freebsd 8.3

2012-11-22 Thread Amos Jeffries 

On 23/11/2012 12:28 a.m., Leslie Jensen wrote:



Pavel Bychykhin skrev 2012-11-22 12:15:



22.11.2012 12:14, Leslie Jensen пишет:

Hi list.

I just upgraded Squid from 3.1 to 3.2 on my Freebsd version 8.3

In my squid.conf I had the following lines that I got complaints from
when starting squid after the upgrade.

---
  Define access control lists
#   acl all is defined by default in version 3.0 STABLE

acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8



You should to remove all 3 entires from squid.conf, as they all are
predefined in squid 3.2



As I wrote, I did so but the users now get the error I described.



ACCESS_DENIED is an explicit ACL rejection. Your configuration details, 
as well as that domain name and client IP you elided are important to 
track this down.


Also, are you using a forward proxy?
  interception proxy? (how?)
  reverse proxy?
or a mixture of the above?

Amos

Re: [squid-users] Upgrade of SQUID from 3.1 to 3.2 on Freebsd 8.3

2012-11-22 Thread Leslie Jensen 



Pavel Bychykhin skrev 2012-11-22 12:15:



22.11.2012 12:14, Leslie Jensen пишет:

Hi list.

I just upgraded Squid from 3.1 to 3.2 on my Freebsd version 8.3

In my squid.conf I had the following lines that I got complaints from
when starting squid after the upgrade.

---
  Define access control lists
#   acl all is defined by default in version 3.0 STABLE

acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8



You should to remove all 3 entires from squid.conf, as they all are
predefined in squid 3.2



As I wrote, I did so but the users now get the error I described.

Re: [squid-users] Upgrade of SQUID from 3.1 to 3.2 on Freebsd 8.3

2012-11-22 Thread Pavel Bychykhin 



22.11.2012 12:14, Leslie Jensen пишет:

Hi list.

I just upgraded Squid from 3.1 to 3.2 on my Freebsd version 8.3

In my squid.conf I had the following lines that I got complaints from when 
starting squid after the upgrade.

---
  Define access control lists
#   acl all is defined by default in version 3.0 STABLE

acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8



You should to remove all 3 entires from squid.conf, as they all are predefined 
in squid 3.2

--
Best regards,
Pavel

[squid-users] Upgrade of SQUID from 3.1 to 3.2 on Freebsd 8.3

2012-11-22 Thread Leslie Jensen 

Hi list.

I just upgraded Squid from 3.1 to 3.2 on my Freebsd version 8.3

In my squid.conf I had the following lines that I got complaints from 
when starting squid after the upgrade.


---
 Define access control lists
#   acl all is defined by default in version 3.0 STABLE

   acl manager proto cache_object
   acl localhost src 127.0.0.1/32
   acl to_localhost dst 127.0.0.0/8


--
squid Ncd10
2012/11/20 16:12:45| WARNING: (B) '127.0.0.1' is a subnetwork of (A) 
'127.0.0.1'
2012/11/20 16:12:45| WARNING: because of this '127.0.0.1' is ignored to 
keep splay tree searching predictable
2012/11/20 16:12:45| WARNING: You should probably remove '127.0.0.1' 
from the ACL named 'localhost'
2012/11/20 16:12:45| WARNING: (B) '127.0.0.1' is a subnetwork of (A) 
'127.0.0.1'
2012/11/20 16:12:45| WARNING: because of this '127.0.0.1' is ignored to 
keep splay tree searching predictable
2012/11/20 16:12:45| WARNING: You should probably remove '127.0.0.1' 
from the ACL named 'localhost'
2012/11/20 16:12:45| WARNING: (B) '127.0.0.0/8' is a subnetwork of (A) 
'127.0.0.0/8'
2012/11/20 16:12:45| WARNING: because of this '127.0.0.0/8' is ignored 
to keep splay tree searching predictable
2012/11/20 16:12:45| WARNING: You should probably remove '127.0.0.0/8' 
from the ACL named 'to_localhost'

--

I commented out the lines and squid seems to start.


Now the users get:

-
CacheHost: machine01.domain.country
ErrPage: ERR_ACCESS_DENIED
Err: [none]
TimeStamp: Wed, 21 Nov 2012 07:47:59 GMT

ClientIP: "removed for security"

HTTP Request:
GET / HTTP/1.1
Host: www.somewhere.here
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:16.0) Gecko/20100101
Firefox/16.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: sv-SE,sv;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Cookie: CP=null*; Vizzit=pn1180RxoESjRcHErLVI3Q==:1328713777
Via: 1.1 machine01.domain.country (squid/3.2.3)
X-Forwarded-For: "removed for security"
Cache-Control: max-age=259200
Connection: keep-alive
-

I have compiled squid with the same parameters, Please see below, so I 
do not really understand why this happens.


--
Squid 3.1
SQUID_KERB-AUTH X   (ON)
SQUID_NIS_AUTH  X   (ON)
SQUID_IPV6  X   (ON)
SQUID_DELAY_POOLS   X   (ON)
SQUID_SNMP  X   (ON)
SQUID_HTCP  X   (ON)
SQUID_WCCP  X   (ON)
SQUID_IPFW  X   (ON)
SQUID_PFX   (ON)
SQUID_AUFS  X   (ON)
SQUID_KQUEUEX   (ON)

Squid 3.2
AUTH_KERB   X   (ON)
AUTH_NISX   (ON)
DELAY_POOLS X   (ON)
FS_AUFS X   (ON)
HTCPX   (ON)
IPV6X   (ON)
KQUEUE  X   (ON)
SNMPX   (ON)
TP_IPFW X   (ON)
TP_PF   X   (ON)
WCCPX   (ON)
--


At the moment I've reverted back to 3.1 but I would like to make a 
successful upgrade :-)



Thanks

/Leslie

Re: [squid-users] upgrade but leave earlier version running?

2012-08-17 Thread Eliezer Croitoru 

On 8/17/2012 8:20 PM, J Webster wrote:

Is there a way to install the new version of squid and leave 2.6 running
and then swpa them over once I am sure everything in verison 3 is
running on the server ok?
I don;t believe CentOS 5.8 has anything in the repos above 2.6 so is
there a way I can use yum without installing from source and compiling?
you can try using rpm of fedora 15-17 but there is a chance you will get 
some problems.


if you ask me i recommend to compile from source anyway to fit your 
specific needs.


if you are up for the task you can create an rpm yourself on other 
centos 5.8 similar machine and install the rpm or compile and copy the 
binary files.


if you really want to make sure that everything works on the new server 
you should create a test machine first to make sure everything works 
there and then continue a procedure of upgrade with backup on the way 
and rollover plan to be safe.


Regards,
Eliezer

--
Eliezer Croitoru
https://www1.ngtech.co.il
IT consulting for Nonprofit organizations
eliezer  ngtech.co.il

[squid-users] upgrade but leave earlier version running?

2012-08-17 Thread J Webster 
Is there a way to install the new version of squid and leave 2.6 running 
and then swpa them over once I am sure everything in verison 3 is 
running on the server ok?
I don;t believe CentOS 5.8 has anything in the repos above 2.6 so is 
there a way I can use yum without installing from source and compiling?

Re: [squid-users] upgrade

2010-08-03 Thread John Doe 
From: J. Webster 

> I currently have squid 2.6 running on centos - they haven't 
> updated their repository yet.
> WIll upgrading to 3.1.6 have any performance 
> enhancements?
> Can I leave the existing cache in place and config files or 
> will they be overwritten during the make commands?

Check that your setup is not using 2.x only features...
Not all squid 2.x features have been ported to 3.x yet.
http://www.squid-cache.org/Versions/v3/3.0/RELEASENOTES.html
And I am not sure 3.x has better perfs yet.

JD

Re: [squid-users] upgrade

2010-08-03 Thread J Webster 

So, I could just do yum upgrade squid?

--
From: "Amos Jeffries" 
Sent: Tuesday, August 03, 2010 10:00 AM
To: 
Subject: Re: [squid-users] upgrade


Riaan Nolan wrote:

Centos meh. their repo's are so far behind they think they are in front.

It's better to upgrade. Since I upgraded things started working
properly, like external ACLs with ldap_groups in Active Directory.
No more problems for me.

 > Can I leave the existing cache in place and config files or
I trashed my existing cache, so I would not know if it will work.

Don't compile it from SRC ... get the src RPM e.g
yum install rpm-build openjade linuxdoc-tools openldap-devel pam-devel
openssl-devel httpd rpm-devel
wget
http://www.jur-linux.com/rpms/el-updates/5Client/SRPMS/squid-3.1.0.15-2.el5.src.rpm 
rpm -ivh squid-3.1.0.15-2.el5.src.rpm

rpmbuild -bb squid.spec


Looks like they have 3.1.4 in there too. Either one.



All the best to you :)

ciao/Riaan

On 03/08/2010 14:44, J. Webster wrote:

I currently have squid 2.6 running on centos - they haven't updated =
their
repository yet.
WIll upgrading to 3.1.6 have any performance
enhancements?


Over 2.6 definitely.
A small bit in speed, and a LOT in HTTP/1.1 protocol support which amounts 
to streamlining and bandwidth.



Can I leave the existing cache in place and config files or
will they be =
overwritten during the make commands?


Only existing binaries and documentation gets replaced.

Existing cache is not touched until squid starts. Then some pieces get 
upgraded during normal operation.


Existing config is not touched, new config files should get added as/if 
needed.


Amos
--
Please be using
  Current Stable Squid 2.7.STABLE9 or 3.1.5

Re: [squid-users] upgrade

2010-08-03 Thread Amos Jeffries 

Riaan Nolan wrote:

Centos meh. their repo's are so far behind they think they are in front.

It's better to upgrade. Since I upgraded things started working
properly, like external ACLs with ldap_groups in Active Directory.
No more problems for me.

 > Can I leave the existing cache in place and config files or
I trashed my existing cache, so I would not know if it will work.

Don't compile it from SRC ... get the src RPM e.g
yum install rpm-build openjade linuxdoc-tools openldap-devel pam-devel
openssl-devel httpd rpm-devel
wget
http://www.jur-linux.com/rpms/el-updates/5Client/SRPMS/squid-3.1.0.15-2.el5.src.rpm 


rpm -ivh squid-3.1.0.15-2.el5.src.rpm
rpmbuild -bb squid.spec


Looks like they have 3.1.4 in there too. Either one.



All the best to you :)

ciao/Riaan

On 03/08/2010 14:44, J. Webster wrote:

I currently have squid 2.6 running on centos - they haven't updated =
their
repository yet.
WIll upgrading to 3.1.6 have any performance
enhancements?


Over 2.6 definitely.
A small bit in speed, and a LOT in HTTP/1.1 protocol support which 
amounts to streamlining and bandwidth.



Can I leave the existing cache in place and config files or
will they be =
overwritten during the make commands?


Only existing binaries and documentation gets replaced.

Existing cache is not touched until squid starts. Then some pieces get 
upgraded during normal operation.


Existing config is not touched, new config files should get added as/if 
needed.


Amos
--
Please be using
  Current Stable Squid 2.7.STABLE9 or 3.1.5

Re: [squid-users] upgrade

2010-08-03 Thread Riaan Nolan 

Centos meh. their repo's are so far behind they think they are in front.

It's better to upgrade. Since I upgraded things started working
properly, like external ACLs with ldap_groups in Active Directory.
No more problems for me.

> Can I leave the existing cache in place and config files or
I trashed my existing cache, so I would not know if it will work.

Don't compile it from SRC ... get the src RPM e.g
yum install rpm-build openjade linuxdoc-tools openldap-devel pam-devel
openssl-devel httpd rpm-devel
wget
http://www.jur-linux.com/rpms/el-updates/5Client/SRPMS/squid-3.1.0.15-2.el5.src.rpm
rpm -ivh squid-3.1.0.15-2.el5.src.rpm
rpmbuild -bb squid.spec

All the best to you :)

ciao/Riaan

On 03/08/2010 14:44, J. Webster wrote:

I currently have squid 2.6 running on centos - they haven't updated =
their
repository yet.
WIll upgrading to 3.1.6 have any performance
enhancements?
Can I leave the existing cache in place and config files or
will they be =
overwritten during the make commands?




NOTICE: If received in error, please destroy and notify sender. Sender does not 
intend to waive confidentiality or privilege. Use of this email is prohibited 
when received in error.

[squid-users] upgrade

2010-08-03 Thread J. Webster 

I currently have squid 2.6 running on centos - they haven't updated =
their 
repository yet.
WIll upgrading to 3.1.6 have any performance 
enhancements?
Can I leave the existing cache in place and config files or 
will they be =
overwritten during the make commands?

Re: [squid-users] Upgrade to 3.1.1

2010-04-02 Thread Jeff Peng 
You'd better compile and make for the new installation of 3.1.

On Fri, Apr 2, 2010 at 8:44 PM, GIGO .  wrote:
>
> Is it possible to upgrade from Squid3.0 to Squid3.1.1 by applying patch/diff. 
> Is there any howto available which can be refered to? Should every body 
> upgrade?
> _
> Hotmail: Trusted email with Microsoft’s powerful SPAM protection.
> https://signup.live.com/signup.aspx?id=60969

[squid-users] Upgrade to 3.1.1

2010-04-02 Thread GIGO . 

Is it possible to upgrade from Squid3.0 to Squid3.1.1 by applying patch/diff. 
Is there any howto available which can be refered to? Should every body 
upgrade?
_
Hotmail: Trusted email with Microsoft’s powerful SPAM protection.
https://signup.live.com/signup.aspx?id=60969

[squid-users] upgrade help

2010-02-01 Thread David C. Heitmann 

what have i to do, to upgrade squid version 2.7 stable 3 to the new release?

thanks forward
greetz david

Re: [squid-users] Upgrade from 2.6 to 3.0 on Red Hat

2009-09-23 Thread Amos Jeffries 

Iosif wrote:
I would like to perform an upgrade from 2.6 to 3.0. 


What is the procedure to perform the upgrade?


0) locate the packages suitable for install to your system. or prepare 
to build your own squid  http://wiki.squid-cache.org/SquidFaq has 
info there.



1) find the 3.0 release notes: 
http://www.squid-cache.org/Versions/v3/3.0/RELEASENOTES.html


2) read section 8 carefully (it does include features in 2.6 despite the 
title). Looking for mention of any features or config options you need 
to use. If you find one you cant do without, then abort. 3.0 is not a 
good upgrade for you.


3) read sections 6 and 7 carefully as well. Make any changes you need to.



Should the existing configuration ...squid/etc files need to be deleted?


No. just altered according to results from the above (#3) checks.



Can a backup be performed to be used to reverse back the configuration if
the new version will not work?


Of course you can if you wish.

If you are lucky you may be able to simply uninstall the new version and 
install a replacement old version. Then drop in the config files.



Worst case you might need to run " squid -v " (before doing the upgrade) 
to find out where all the libexec (helper binaries) and other files used 
by squid are located. The configure options give an idea list what file 
names and where.  They will also need to be down-graded along with the 
config files if you revert to the old version. This is usually automatic 
when installing packaged versions.


... or the old build options can be used to rebuild an old version clean.


Amos
--
Please be using
  Current Stable Squid 2.7.STABLE7 or 3.0.STABLE19
  Current Beta Squid 3.1.0.13

[squid-users] Upgrade from 2.6 to 3.0 on Red Hat

2009-09-23 Thread Iosif 
I would like to perform an upgrade from 2.6 to 3.0. 

What is the procedure to perform the upgrade? 

Should the existing configuration ...squid/etc files need to be deleted?

Can a backup be performed to be used to reverse back the configuration if
the new version will not work?
  
Thanks
Jo


__
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com

Re: [squid-users] Upgrade Squid on Ubuntu

2009-07-30 Thread John Doe 
From: Kevin C. Connell 
> I am relatively new to Squid (and Linux as well for that matter), and I have 
> a 
> question.
> I am wanting to upgrade a Squid installation running on Ubuntu, and I thought 
> this could be done using apt-get update, followed by apt-get u upgrade.
> It seems that many things were upgraded successfully... but not Squid.  
> Perhaps 
> an entry is needed in the sources.list file, or ?


Maybe you already have the latest version ubuntu packaged...
If it is the case and you want a more recent version, you might have to find an 
other repository, or install some .deb packages...
Or you could compile the latest version...

JD

[squid-users] Upgrade Squid on Ubuntu

2009-07-29 Thread Kevin C. Connell 
Greetings,

I am relatively new to Squid (and Linux as well for that matter), and I have a 
question.

I am wanting to upgrade a Squid installation running on Ubuntu, and I thought 
this could be done using apt-get update, followed by apt-get u upgrade.

It seems that many things were upgraded successfully... but not Squid.  Perhaps 
an entry is needed in the sources.list file, or ?

This question perhaps should be asked in an Ubuntu users group, but I thought I 
would try here first.


Good day,

-Kevin

Re: [squid-users] Upgrade from 2.6 to 3.0

2009-03-02 Thread sameer shinde 
Hi Drew,

If you are satisfied with the performance of squid2.6 and you can
survive with it.
I would rather suggest not to upgrade to 3.0 and stay with squid 2.6.

What it matters is, Is current squid satisfying your needs? It doesn't
matter what version are you using?

~~
Sameer Shinde.
M:- +91 98204 61580
Millions saw the apple fall, but Newton was the one who asked why.


On Tue, Mar 3, 2009 at 3:13 AM, Amos Jeffries  wrote:
>>
>> I've been using 2.6 for about a year or so.
>>
>> Should I be looking at upgrading to 3.0.
>>
>> Has anyone else upgraded from 2.6 to 3.0 and what problems, if any, have
>> you run into?
>> _

Re: [squid-users] Upgrade from 2.6 to 3.0

2009-03-02 Thread Amos Jeffries 
>
> I've been using 2.6 for about a year or so.
>
> Should I be looking at upgrading to 3.0.
>
> Has anyone else upgraded from 2.6 to 3.0 and what problems, if any, have
> you run into?
> _
> Hotmail® is up to 70% faster. Now good news travels really fast.
> http://windowslive.com/online/hotmail?ocid=TXT_TAGLM_WL_HM_70faster_032009


Problems we know people are hitting:

 * some altered configure switches/options

 * altered or missing squid.conf settings

  --> Do please read the release notes section 8 before upgrading.

 * stricter processing of squid.conf (WARNINGS: about issues previously
unmentioned).

 * missing features. Some were not ported Squid-2 => Squid-3 for the 3.0
release.

  --> Do please check the list of stuff you are currently using/needing
are still supported in 3.0 before the upgrade.

HTH
Amos

[squid-users] Upgrade from 2.6 to 3.0

2009-03-02 Thread Drew Wrobel 


I've been using 2.6 for about a year or so.

Should I be looking at upgrading to 3.0.

Has anyone else upgraded from 2.6 to 3.0 and what problems, if any, have you 
run into?
_
Hotmail® is up to 70% faster. Now good news travels really fast. 
http://windowslive.com/online/hotmail?ocid=TXT_TAGLM_WL_HM_70faster_032009

Re: [squid-users] Upgrade Apache(httpd) and now the domain URLs are weird

2009-02-06 Thread Amos Jeffries 


da...@davidwbrown.name wrote:

Hello Squid gurus and mortals, I have a curious situation. I upgraded my 
Apache2 (2.2.11). Out-of-the-box: ./configure; make; make install without 
touching any .conf file I now have the following condition with 3 domains: A, B 
and C. My question: is the Squid-cache holding these pages in memory and even 
though the DocumentRoot is not defined anywhere (httpd.conf) the pages exist 
anyway? If the Squid cache is persisting these pages how do I remove them from 
the cache without a total cache clear and rebuild? Thanks in advance and please 
advise, David.

http://A --> fetches the domain name: A and the expected html page for domain 
name: A.
http://B --> fetches the domain name: A and the same page unexpectedly.
http://C --> fetches the domain name: B and the expected page for domain name: 
B.


First: please set your mailer to wrap text.

I would have replied answers after each of your questions, but can't be 
bothered fixing your wrap problem. So I'll leave you to figure out what 
answers what.


Your access log is the only place that can answer that question. HTTP 
PURGE method requests for the URL.



Amos
--
Please be using
  Current Stable Squid 2.7.STABLE6 or 3.0.STABLE13
  Current Beta Squid 3.1.0.5

[squid-users] Upgrade Apache(httpd) and now the domain URLs are weird

2009-02-06 Thread david 
Hello Squid gurus and mortals, I have a curious situation. I upgraded my 
Apache2 (2.2.11). Out-of-the-box: ./configure; make; make install without 
touching any .conf file I now have the following condition with 3 domains: A, B 
and C. My question: is the Squid-cache holding these pages in memory and even 
though the DocumentRoot is not defined anywhere (httpd.conf) the pages exist 
anyway? If the Squid cache is persisting these pages how do I remove them from 
the cache without a total cache clear and rebuild? Thanks in advance and please 
advise, David.

http://A --> fetches the domain name: A and the expected html page for domain 
name: A.
http://B --> fetches the domain name: A and the same page unexpectedly.
http://C --> fetches the domain name: B and the expected page for domain name: 
B.

Re: [squid-users] upgrade process

2008-09-23 Thread Amos Jeffries 
> Is there a way to use squid to block access to our site from specific IP
> addresses?? So that they get redirected elsewhere or something like that?
> We use a python redirector to handle virtual hosting and then squid
> decides which of two zope clients gets the request. Just not sure where
> to put something like this.

Blocking is easy.
Just add an ACL which lists the IPs and an "http_access deny theACLname".
It goes above the http_access lines for allowing access to the peer domains.


On the side, you would do much better to change the python redirector to a
external_acl_type helper for access to each peer and make the zope servers
accept the public URL people are requesting. Particularly since you only
have two back-end peers it should be easy.

It solves so many bugs that redirection by its nature causes. External ACL
also adds concurrency support and has a small cache associated, to reduce
helper load.

Amos

Re: [squid-users] upgrade process

2008-09-23 Thread Allen Schmidt Sr. 
Is there a way to use squid to block access to our site from specific IP 
addresses?? So that they get redirected elsewhere or something like that?
We use a python redirector to handle virtual hosting and then squid 
decides which of two zope clients gets the request. Just not sure where 
to put something like this.


Thanks

Re: [squid-users] Upgrade from 2.6STABLE12 to 2.7STABLE4

2008-09-09 Thread Diego Woitasen 

On Mon, September 8, 2008 4:51 pm, Chris Nighswonger wrote:
> Is there anything I should be aware of prior to upgrading a perfectly
> good working install of 2.6STABLE12 to 2.7STABLE4?
>
> Regards,
> Chris
>

No. I've done that upgrade a few days ago without problems.

-- 
Diego Woitasen
XTECH - Soluciones Linux para empresas
(54) 011 5219-0678

[squid-users] Upgrade from 2.6STABLE12 to 2.7STABLE4

2008-09-08 Thread Chris Nighswonger 
Is there anything I should be aware of prior to upgrading a perfectly
good working install of 2.6STABLE12 to 2.7STABLE4?

Regards,
Chris

Re: [squid-users] upgrade to squid 3.0 breaking existing authentication module

2008-05-20 Thread frigoris . ma 
On Mon, May 19, 2008 at 8:22 PM, Amos Jeffries <[EMAIL PROTECTED]> wrote:
> [EMAIL PROTECTED] wrote:
>>
>> Dear Henrik:
>>
>> Thanks for the reply.I tried fixing the uid/gid and the authenticator
>> processed no longer crashed.
>>
>> However, squid never seemed to be using them to do the authentication.
>> The ACL and http_access parts of my configuration file are ported from
>> the old config which actually worked.
>>
>> These parts of the config file are largely identical to the default
>> one, except for the one ACL
>> of "proxy_auth" and the corresponding http_access entry.
>>
>> The result is that squid never really authenticate a user matching the
>> proxy_auth ACL. If one surfs the web via my cache, he gets an "Access
>> Denied" error page from squid, and there are no prompt for entering
>> username and password before the error page is delivered. I tried the
>> PAM authenticator and the result was similar.
>>
>> I guess I'll have to downgrade to 2.6 and do some comparisons to find
>> out the problem.
>
> If you would care to share the ACL and http_access lists we may be able to
> help.
>
> I'd also advise going up to stable 4+ as there are a number of small bugs
> that have been found and fixed since stable 2.
>
> Amos
> --
> Please use Squid 2.6.STABLE20 or 3.0.STABLE5
>

I have enclosed a portion of my config file in the attachment.

Thanks.

Re: [squid-users] upgrade to squid 3.0 breaking existing authentication module

2008-05-19 Thread Amos Jeffries 

[EMAIL PROTECTED] wrote:

Dear Henrik:

Thanks for the reply.I tried fixing the uid/gid and the authenticator
processed no longer crashed.

However, squid never seemed to be using them to do the authentication.
The ACL and http_access parts of my configuration file are ported from
the old config which actually worked.

These parts of the config file are largely identical to the default
one, except for the one ACL
of "proxy_auth" and the corresponding http_access entry.

The result is that squid never really authenticate a user matching the
proxy_auth ACL. If one surfs the web via my cache, he gets an "Access
Denied" error page from squid, and there are no prompt for entering
username and password before the error page is delivered. I tried the
PAM authenticator and the result was similar.

I guess I'll have to downgrade to 2.6 and do some comparisons to find
out the problem.


If you would care to share the ACL and http_access lists we may be able 
to help.


I'd also advise going up to stable 4+ as there are a number of small 
bugs that have been found and fixed since stable 2.


Amos
--
Please use Squid 2.6.STABLE20 or 3.0.STABLE5

Re: [squid-users] upgrade to squid 3.0 breaking existing authentication module

2008-05-18 Thread frigoris . ma 
Dear Henrik:

Thanks for the reply.I tried fixing the uid/gid and the authenticator
processed no longer crashed.

However, squid never seemed to be using them to do the authentication.
The ACL and http_access parts of my configuration file are ported from
the old config which actually worked.

These parts of the config file are largely identical to the default
one, except for the one ACL
of "proxy_auth" and the corresponding http_access entry.

The result is that squid never really authenticate a user matching the
proxy_auth ACL. If one surfs the web via my cache, he gets an "Access
Denied" error page from squid, and there are no prompt for entering
username and password before the error page is delivered. I tried the
PAM authenticator and the result was similar.

I guess I'll have to downgrade to 2.6 and do some comparisons to find
out the problem.

Regards,

Cong.

On Sun, May 18, 2008 at 11:06 PM, Henrik Nordstrom
<[EMAIL PROTECTED]> wrote:
> On sön, 2008-05-18 at 11:56 +0800, [EMAIL PROTECTED] wrote:
>
>> [ omitted: squid initializing ]
>> 2008/05/18 03:21:49| helperOpenServers: Starting 5 'squidauth.pl' processes
>> 2008/05/18 03:21:49| ipcCreate: /usr/lib/squid/squidauth.pl: (13)
>> Permission denied
>
> Maybe your cache_effective_user setting changed, making the helper now
> run under a different userid than before..
>
> Regards
> Henrik
>

Re: [squid-users] upgrade to squid 3.0 breaking existing authentication module

2008-05-18 Thread Henrik Nordstrom 
On sön, 2008-05-18 at 11:56 +0800, [EMAIL PROTECTED] wrote:

> [ omitted: squid initializing ]
> 2008/05/18 03:21:49| helperOpenServers: Starting 5 'squidauth.pl' processes
> 2008/05/18 03:21:49| ipcCreate: /usr/lib/squid/squidauth.pl: (13)
> Permission denied

Maybe your cache_effective_user setting changed, making the helper now
run under a different userid than before..

Regards
Henrik


signature.asc
Description: This is a digitally signed message part

[squid-users] upgrade to squid 3.0 breaking existing authentication module

2008-05-17 Thread frigoris . ma 
Dear all,

I use squid on my personal computer to provide HTTP proxy service to my
friends at college. I'm not a sysadmin --- just using squid occasionally
when necessary. I use a basic authenticator module written in Perl by
Thomas Börnert "squidauth.pl" .

The problem was like this. I recently upgraded my squid version from 2.6
to 3.0 after an OS upgrade. Back in the 2.6 days the module worked fine.
After I ported the authentication part of my squid.conf to the 3.0
version, it stopped working. After the squid service was started, the
authenticator processes got terminated unexpectedly. I looked at my logs
and found the suspicious lines (from /var/log/squid/cache.log):

[ omitted: squid initializing ]
2008/05/18 03:21:49| helperOpenServers: Starting 5 'squidauth.pl' processes
2008/05/18 03:21:49| ipcCreate: /usr/lib/squid/squidauth.pl: (13)
Permission denied
2008/05/18 03:21:49| ipcCreate: /usr/lib/squid/squidauth.pl: (13)
Permission denied
2008/05/18 03:21:49| ipcCreate: /usr/lib/squid/squidauth.pl: (13)
Permission denied
2008/05/18 03:21:49| ipcCreate: /usr/lib/squid/squidauth.pl: (13)
Permission denied
2008/05/18 03:21:49| ipcCreate: /usr/lib/squid/squidauth.pl: (13)
Permission denied
[ ... stuff omitted ...]
2008/05/18 03:21:49| Accepting  HTTP connections at 0.0.0.0, port 3128,
FD 19.
2008/05/18 03:21:49| Accepting ICP messages at 0.0.0.0, port 3130, FD 20.
2008/05/18 03:21:49| HTCP Disabled.
2008/05/18 03:21:49| Ready to serve requests.
2008/05/18 03:21:49| WARNING: basicauthenticator #1 (FD 8) exited
2008/05/18 03:21:49| WARNING: basicauthenticator #2 (FD 9) exited
2008/05/18 03:21:49| WARNING: basicauthenticator #3 (FD 10) exited
2008/05/18 03:21:49| WARNING: basicauthenticator #4 (FD 11) exited
2008/05/18 03:21:49| Too few basicauthenticator processes are running
FATAL: The basicauthenticator helpers are crashing too rapidly, need help!

Squid Cache (Version 3.0.STABLE2): Terminated abnormally.
CPU Usage: 0.059 seconds = 0.041 user + 0.018 sys
Maximum Resident Size: 0 KB
Page faults with physical i/o: 0
Memory usage for squid via mallinfo():
total space in arena:3380 KB
Ordinary blocks: 3329 KB  3 blks
Small blocks:   0 KB  0 blks
Holding blocks:  1972 KB  9 blks
Free Small blocks:  0 KB
Free Ordinary blocks:  51 KB
Total in use:5301 KB 157%
Total free:51 KB 2%
[end of log]

This strange behavior was not encountered with the 2.6 version. I have
no idea about the ipcCreate failures. I have offline-tested the
authenticator which turned out to be working properly.

I'd be glad to hear your suggestions.

Thanks in advance.

Cong.

Re: [squid-users] Upgrade from Squid 2.5 Stable6 to Squid 2.6 Stable19 - Part II

2008-04-24 Thread Amos Jeffries 

Chris Robertson wrote:

Amos Jeffries wrote:

Thank you. There is a wiki page I'm trying to make useful:
http://wiki.squid-cache.org/SquidFaq/CompilingSquid

Are there any other must-knows for RedHat?
  


SELinux on RHEL 5 does not give the proper context to the default SNMP 
port (3401) (as of selinux-policy-2.4.6-106.el5) .  The command 
"semanage port -a -t http_cache_port_t -p udp 3401" takes care of this 
problem (via http://tanso.net/selinux/squid/).


Chris


Thank you. Wiki updated.

Amos
--
Please use Squid 2.6.STABLE19 or 3.0.STABLE4

Re: [squid-users] Upgrade from Squid 2.5 Stable6 to Squid 2.6 Stable19 - Part II

2008-04-24 Thread Chris Robertson 

Amos Jeffries wrote:

Thank you. There is a wiki page I'm trying to make useful:
http://wiki.squid-cache.org/SquidFaq/CompilingSquid

Are there any other must-knows for RedHat?
  


SELinux on RHEL 5 does not give the proper context to the default SNMP 
port (3401) (as of selinux-policy-2.4.6-106.el5) .  The command 
"semanage port -a -t http_cache_port_t -p udp 3401" takes care of this 
problem (via http://tanso.net/selinux/squid/).


Chris

Re: [squid-users] Upgrade from Squid 2.5 Stable6 to Squid 2.6 Stable19 - Part II

2008-04-23 Thread Amos Jeffries 
> Thompson, Scott (WA) wrote:
>> Sorry in my previous post I assumed I was running 2.6 Stable 6 and I
>> wanted to u/g to Stable 19 but it appears I am running 2.5 Stable6 and I
>> want to u/g to Squid 2.6 Stable 19
>>
>
> Some configuration changes might be needed to migrate from 2.5 to 2.6.
> See
> http://www.squid-cache.org/Versions/v2/2.6/squid-2.6.STABLE1-RELEASENOTES.html#s1
> for details.
>
>> I have found that when I run squid -v I get the following output
>>
>> Squid Cache: Version 2.5.STABLE6
>> configure options:  --build=i686-redhat-linux-gnu
>> --host=i686-redhat-linux-gnu --target=i386-redhat-linux-gnu
>> --program-prefix= --prefix=/usr --exec-prefix=/usr --bindir=/usr/bin
>> --sbindir=/usr/sbin --sysconfdir=/etc --datadir=/usr/share
>> --includedir=/usr/include --libdir=/usr/lib --libexecdir=/usr/libexec
>> --localstatedir=/var --sharedstatedir=/usr/com --mandir=/usr/share/man
>> --infodir=/usr/share/info --exec_prefix=/usr --bindir=/usr/sbin
>> --libexecdir=/usr/lib/squid --localstatedir=/var --sysconfdir=/etc/squid
>> --enable-poll --enable-snmp --enable-removal-policies=heap,lru
>> --enable-storeio=aufs,coss,diskd,null,ufs --enable-ssl
>> --with-openssl=/usr/kerberos --enable-delay-pools
>> --enable-linux-netfilter --with-pthreads
>> --enable-ntlm-auth-helpers=SMB,winbind
>> --enable-external-acl-helpers=ip_user,ldap_group,unix_group,wbinfo_group
>> ,winbind_group --enable-auth=basic,ntlm --with-winbind-auth-challenge
>> --enable-useragent-log --enable-referer-log
>> --disable-dependency-tracking --enable-cachemgr-hostname=localhost
>> --disable-ident-lookups --enable-truncate --enable-underscores
>> --datadir=/usr/share
>> --enable-basic-auth-helpers=LDAP,MSNT,NCSA,PAM,SMB,YP,getpwnam,multi-dom
>> ain-NTLM,SASL,winbind
>>
>> Does that mean I can just run ./configure from the folder in which I
>> extracted the Squid 2.6 Stable19 files with the above command line
>> switches and I will have Stable 19 installed? I assume I would have to
>> restart the squid service!
>>
>
> You can, but you might want to pare down the list a little.  I start
> with "configure --prefix=/usr --includedir=/usr/include
> --datadir=/usr/share --bindir=/usr/sbin --libexecdir=/usr/lib/squid
> --localstatedir=/var --sysconfdir=/etc/squid" to use the RedHat
> directories and add options from there.

Thank you. There is a wiki page I'm trying to make useful:
http://wiki.squid-cache.org/SquidFaq/CompilingSquid

Are there any other must-knows for RedHat?

>
>> Any info would be greatly appreciated
>>
>
> Be aware that the RHEL 5 Squid package
> (squid-2.6.STABLE6-5.el5_1.3.i386.rpm) adds a configuration directive
> (max_filedesc) which is not present in the non-RedHat-customized version.
>

The most recent releases of Squid have configure options --with-maxfd=N
(2.x) or --with-filedescriptors=N (3.x) which replace that old RH
squid.conf directive.

>> Scott
>>
>
> Chris
>
>

Re: [squid-users] Upgrade from Squid 2.5 Stable6 to Squid 2.6 Stable19 - Part II

2008-04-23 Thread Chris Robertson 

Thompson, Scott (WA) wrote:

Sorry in my previous post I assumed I was running 2.6 Stable 6 and I
wanted to u/g to Stable 19 but it appears I am running 2.5 Stable6 and I
want to u/g to Squid 2.6 Stable 19
  


Some configuration changes might be needed to migrate from 2.5 to 2.6.  
See 
http://www.squid-cache.org/Versions/v2/2.6/squid-2.6.STABLE1-RELEASENOTES.html#s1 
for details.



I have found that when I run squid -v I get the following output

Squid Cache: Version 2.5.STABLE6
configure options:  --build=i686-redhat-linux-gnu
--host=i686-redhat-linux-gnu --target=i386-redhat-linux-gnu
--program-prefix= --prefix=/usr --exec-prefix=/usr --bindir=/usr/bin
--sbindir=/usr/sbin --sysconfdir=/etc --datadir=/usr/share
--includedir=/usr/include --libdir=/usr/lib --libexecdir=/usr/libexec
--localstatedir=/var --sharedstatedir=/usr/com --mandir=/usr/share/man
--infodir=/usr/share/info --exec_prefix=/usr --bindir=/usr/sbin
--libexecdir=/usr/lib/squid --localstatedir=/var --sysconfdir=/etc/squid
--enable-poll --enable-snmp --enable-removal-policies=heap,lru
--enable-storeio=aufs,coss,diskd,null,ufs --enable-ssl
--with-openssl=/usr/kerberos --enable-delay-pools
--enable-linux-netfilter --with-pthreads
--enable-ntlm-auth-helpers=SMB,winbind
--enable-external-acl-helpers=ip_user,ldap_group,unix_group,wbinfo_group
,winbind_group --enable-auth=basic,ntlm --with-winbind-auth-challenge
--enable-useragent-log --enable-referer-log
--disable-dependency-tracking --enable-cachemgr-hostname=localhost
--disable-ident-lookups --enable-truncate --enable-underscores
--datadir=/usr/share
--enable-basic-auth-helpers=LDAP,MSNT,NCSA,PAM,SMB,YP,getpwnam,multi-dom
ain-NTLM,SASL,winbind

Does that mean I can just run ./configure from the folder in which I
extracted the Squid 2.6 Stable19 files with the above command line
switches and I will have Stable 19 installed? I assume I would have to
restart the squid service!
  


You can, but you might want to pare down the list a little.  I start 
with "configure --prefix=/usr --includedir=/usr/include 
--datadir=/usr/share --bindir=/usr/sbin --libexecdir=/usr/lib/squid 
--localstatedir=/var --sysconfdir=/etc/squid" to use the RedHat 
directories and add options from there.



Any info would be greatly appreciated
  


Be aware that the RHEL 5 Squid package 
(squid-2.6.STABLE6-5.el5_1.3.i386.rpm) adds a configuration directive 
(max_filedesc) which is not present in the non-RedHat-customized version.



Scott
  


Chris

Re: [squid-users] Upgrade from Squid 2.5 Stable6 to Squid 2.6Stable19 - Part II

2008-04-21 Thread Amos Jeffries 

Henrik Nordstrom wrote:

mån 2008-04-21 klockan 16:25 +0800 skrev Thompson, Scott (WA):

#cat /proc/version
Linux version 2.6.9-11.EL ([EMAIL PROTECTED]) (gcc version 3.4.3 20050227 (Red 
Hat 3.4.3-22)) #1 Wed Jun 8 16:59:52 CDT 2005


Then the update for RHEL should probably work for you:

http://www.squid-cache.org/Download/binaries.dyn



If not the full configure and compile instructions are in the Wiki FAQ:

http://wiki.squid-cache.org/SquidFaq/CompilingSquid
http://wiki.squid-cache.org/SquidFaq/InstallingSquid

Amos
--
Please use Squid 2.6.STABLE19 or 3.0.STABLE4

RE: [squid-users] Upgrade from Squid 2.5 Stable6 to Squid 2.6Stable19 - Part II

2008-04-21 Thread Henrik Nordstrom 
mån 2008-04-21 klockan 16:25 +0800 skrev Thompson, Scott (WA):
> #cat /proc/version
> Linux version 2.6.9-11.EL ([EMAIL PROTECTED]) (gcc version 3.4.3 20050227 
> (Red Hat 3.4.3-22)) #1 Wed Jun 8 16:59:52 CDT 2005

Then the update for RHEL should probably work for you:

http://www.squid-cache.org/Download/binaries.dyn


Regards
Henrik

RE: [squid-users] Upgrade from Squid 2.5 Stable6 to Squid 2.6Stable19 - Part II

2008-04-21 Thread Thompson, Scott (WA) 
#cat /proc/version
Linux version 2.6.9-11.EL ([EMAIL PROTECTED]) (gcc version 3.4.3 20050227 (Red 
Hat 3.4.3-22)) #1 Wed Jun 8 16:59:52 CDT 2005


-Original Message-
From: Henrik Nordstrom [mailto:[EMAIL PROTECTED] 
Sent: Monday, 21 April 2008 4:18 PM
To: Thompson, Scott (WA)
Cc: squid-users@squid-cache.org
Subject: Re: [squid-users] Upgrade from Squid 2.5 Stable6 to Squid 2.6Stable19 
- Part II

mån 2008-04-21 klockan 15:32 +0800 skrev Thompson, Scott (WA):
> Sorry in my previous post I assumed I was running 2.6 Stable 6 and I
> wanted to u/g to Stable 19 but it appears I am running 2.5 Stable6 and I
> want to u/g to Squid 2.6 Stable 19

What OS are you running?

Aparently some RedHat based Linux, but which one, and which version?

Regards
Henrik

Re: [squid-users] Upgrade from Squid 2.5 Stable6 to Squid 2.6 Stable19 - Part II

2008-04-21 Thread Henrik Nordstrom 
mån 2008-04-21 klockan 15:32 +0800 skrev Thompson, Scott (WA):
> Sorry in my previous post I assumed I was running 2.6 Stable 6 and I
> wanted to u/g to Stable 19 but it appears I am running 2.5 Stable6 and I
> want to u/g to Squid 2.6 Stable 19

What OS are you running?

Aparently some RedHat based Linux, but which one, and which version?

Regards
Henrik

Re: [squid-users] Upgrade from Stable6 to stable19

2008-04-21 Thread Henrik Nordstrom 
mån 2008-04-21 klockan 14:25 +0800 skrev Thompson, Scott (WA):
> Stupid question I am sure, but Linux is not one of my strong points
> Is there a good link for some doco on how to upgrade Squid from Stable 6
> to Stable 19?
> Do I have to reinstall and recompile?

2.6.STABLE19 understands 2.6.STABLE6 configurations without any change.
Just upgrade Squid and restart it..

How to best upgrade Squid depends on how you installed it in the first
place. I.e. if you installed Squid as a OS vendor provided binary, or by
hand from source. If OS vendor provided then find an upgrade for your
OS.

Regards
Henrik

Re: [squid-users] Upgrade from Squid 2.5 Stable6 to Squid 2.6 Stable19 - Part II

2008-04-21 Thread Adrian Chadd 
(Top-post)

Yes, that should work just fine.



Adrian

On Mon, Apr 21, 2008, Thompson, Scott (WA) wrote:
> Sorry in my previous post I assumed I was running 2.6 Stable 6 and I
> wanted to u/g to Stable 19 but it appears I am running 2.5 Stable6 and I
> want to u/g to Squid 2.6 Stable 19
> 
> I have found that when I run squid -v I get the following output
> 
> Squid Cache: Version 2.5.STABLE6
> configure options:  --build=i686-redhat-linux-gnu
> --host=i686-redhat-linux-gnu --target=i386-redhat-linux-gnu
> --program-prefix= --prefix=/usr --exec-prefix=/usr --bindir=/usr/bin
> --sbindir=/usr/sbin --sysconfdir=/etc --datadir=/usr/share
> --includedir=/usr/include --libdir=/usr/lib --libexecdir=/usr/libexec
> --localstatedir=/var --sharedstatedir=/usr/com --mandir=/usr/share/man
> --infodir=/usr/share/info --exec_prefix=/usr --bindir=/usr/sbin
> --libexecdir=/usr/lib/squid --localstatedir=/var --sysconfdir=/etc/squid
> --enable-poll --enable-snmp --enable-removal-policies=heap,lru
> --enable-storeio=aufs,coss,diskd,null,ufs --enable-ssl
> --with-openssl=/usr/kerberos --enable-delay-pools
> --enable-linux-netfilter --with-pthreads
> --enable-ntlm-auth-helpers=SMB,winbind
> --enable-external-acl-helpers=ip_user,ldap_group,unix_group,wbinfo_group
> ,winbind_group --enable-auth=basic,ntlm --with-winbind-auth-challenge
> --enable-useragent-log --enable-referer-log
> --disable-dependency-tracking --enable-cachemgr-hostname=localhost
> --disable-ident-lookups --enable-truncate --enable-underscores
> --datadir=/usr/share
> --enable-basic-auth-helpers=LDAP,MSNT,NCSA,PAM,SMB,YP,getpwnam,multi-dom
> ain-NTLM,SASL,winbind
> 
> Does that mean I can just run ./configure from the folder in which I
> extracted the Squid 2.6 Stable19 files with the above command line
> switches and I will have Stable 19 installed? I assume I would have to
> restart the squid service!
> 
> Any info would be greatly appreciated
> 
> Scott

-- 
- Xenion - http://www.xenion.com.au/ - VPS Hosting - Commercial Squid Support -
- $25/pm entry-level VPSes w/ capped bandwidth charges available in WA -

[squid-users] Upgrade from Squid 2.5 Stable6 to Squid 2.6 Stable19 - Part II

2008-04-21 Thread Thompson, Scott (WA) 
Sorry in my previous post I assumed I was running 2.6 Stable 6 and I
wanted to u/g to Stable 19 but it appears I am running 2.5 Stable6 and I
want to u/g to Squid 2.6 Stable 19

I have found that when I run squid -v I get the following output

Squid Cache: Version 2.5.STABLE6
configure options:  --build=i686-redhat-linux-gnu
--host=i686-redhat-linux-gnu --target=i386-redhat-linux-gnu
--program-prefix= --prefix=/usr --exec-prefix=/usr --bindir=/usr/bin
--sbindir=/usr/sbin --sysconfdir=/etc --datadir=/usr/share
--includedir=/usr/include --libdir=/usr/lib --libexecdir=/usr/libexec
--localstatedir=/var --sharedstatedir=/usr/com --mandir=/usr/share/man
--infodir=/usr/share/info --exec_prefix=/usr --bindir=/usr/sbin
--libexecdir=/usr/lib/squid --localstatedir=/var --sysconfdir=/etc/squid
--enable-poll --enable-snmp --enable-removal-policies=heap,lru
--enable-storeio=aufs,coss,diskd,null,ufs --enable-ssl
--with-openssl=/usr/kerberos --enable-delay-pools
--enable-linux-netfilter --with-pthreads
--enable-ntlm-auth-helpers=SMB,winbind
--enable-external-acl-helpers=ip_user,ldap_group,unix_group,wbinfo_group
,winbind_group --enable-auth=basic,ntlm --with-winbind-auth-challenge
--enable-useragent-log --enable-referer-log
--disable-dependency-tracking --enable-cachemgr-hostname=localhost
--disable-ident-lookups --enable-truncate --enable-underscores
--datadir=/usr/share
--enable-basic-auth-helpers=LDAP,MSNT,NCSA,PAM,SMB,YP,getpwnam,multi-dom
ain-NTLM,SASL,winbind

Does that mean I can just run ./configure from the folder in which I
extracted the Squid 2.6 Stable19 files with the above command line
switches and I will have Stable 19 installed? I assume I would have to
restart the squid service!

Any info would be greatly appreciated

Scott

[squid-users] Upgrade from Stable6 to stable19

2008-04-20 Thread Thompson, Scott (WA) 
Stupid question I am sure, but Linux is not one of my strong points
Is there a good link for some doco on how to upgrade Squid from Stable 6
to Stable 19?
Do I have to reinstall and recompile?

Cheers,
Scott

Re: [squid-users] upgrade process

2008-04-03 Thread Allen Schmidt Sr. 
Reverse. Internet browsers hit squid and are redirected to our zope 
servers for content.


Thanks for the info. I will start reading.

Allen



Henrik Nordstrom wrote:


ons 2008-04-02 klockan 08:22 -0400 skrev Allen Schmidt Sr.:


We currently are on SUSE and squid is the only thing on this box.
Version 2.5.STABLE10

How hard is it to upgrade to more recent versions? We are only using it 
for caching...in front of a pair of Zope clients.



Forward with clients going out to the Internet or reverse with Internet
clients coming in to your web severs?

For forward proxying there is very little to consider when upgrading.
Most existing configurations should just work.

For reverse proxy setups there is a bit more as the squid.conf syntax
for reverse proxying has changed in 2.6+.

The 2.6 release notes tries to list all configuration differences,
enabling you to build an opinion on how hard it may be to adjust your
setup.


Regards
Henrik

Re: [squid-users] upgrade process

2008-04-02 Thread Henrik Nordstrom 

ons 2008-04-02 klockan 08:22 -0400 skrev Allen Schmidt Sr.:
> We currently are on SUSE and squid is the only thing on this box.
> Version 2.5.STABLE10
> 
> How hard is it to upgrade to more recent versions? We are only using it 
> for caching...in front of a pair of Zope clients.

Forward with clients going out to the Internet or reverse with Internet
clients coming in to your web severs?

For forward proxying there is very little to consider when upgrading.
Most existing configurations should just work.

For reverse proxy setups there is a bit more as the squid.conf syntax
for reverse proxying has changed in 2.6+.

The 2.6 release notes tries to list all configuration differences,
enabling you to build an opinion on how hard it may be to adjust your
setup.


Regards
Henrik

[squid-users] upgrade process

2008-04-02 Thread Allen Schmidt Sr. 

We currently are on SUSE and squid is the only thing on this box.
Version 2.5.STABLE10

How hard is it to upgrade to more recent versions? We are only using it 
for caching...in front of a pair of Zope clients.


Just curious.

Thanks

Re: [squid-users] upgrade from 2.5 to 2.6 to add NTLM

2008-02-07 Thread jeff donovan 

Thank you all who replied,

I'll post more after i recompile.

-jeff

Re: [squid-users] upgrade from 2.5 to 2.6 to add NTLM

2008-02-07 Thread Adrian Chadd 
There's nothing special to make it work through 2.6. It should
just work.




Adrian

On Thu, Feb 07, 2008, jeff donovan wrote:
> 
> On Feb 7, 2008, at 1:30 PM, Leonardo Rodrigues Magalh?es wrote:
> 
> >
> >
> >jeff donovan escreveu:
> >>
> >>okay that sounds promising. Your saying ( i'm doing this so my  
> >>fuzzy brain is clear ) that you can access a web site that uses  
> >>NTLM to access restricted web content ? right now 2.5 does not work.
> >
> >  Yes ... i can confirm that based on my tests here. sites with NTLM  
> >auth do NOT work through squid 2.5 but seems to work fine through  
> >2.6 and 3.0, according to my tests here. My production boxes are  
> >still 2.5 and as i have VERY LITTLE problems with NTLM sites, i  
> >havent upgraded them yet.
> >
> >  I'm not saying user authentication through NTLM. That 2.5 can do  
> >well. Yes i'm telling about SITE NTLM authentication passing through  
> >squid 2.6 and 3.0.
> 
> thank you very much leonardo.
> 
> now :) would you be willing to share your config ? is there anything  
> special that you had to do in your test box.
> 
> -j

-- 
- Xenion - http://www.xenion.com.au/ - VPS Hosting - Commercial Squid Support -
- $25/pm entry-level VPSes w/ capped bandwidth charges available in WA -

Re: [squid-users] upgrade from 2.5 to 2.6 to add NTLM

2008-02-07 Thread Leonardo Rodrigues Magalhães 



jeff donovan escreveu:


thank you very much leonardo.

now :) would you be willing to share your config ? is there anything 
special that you had to do in your test box.


   No special configuration is needed. Just get 2.6/3.0 working and 
you'll have NTLM site authentication working properly !


--


Atenciosamente / Sincerily,
Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br

Minha armadilha de SPAM, NÃO mandem email
[EMAIL PROTECTED]
My SPAMTRAP, do not email it

Re: [squid-users] upgrade from 2.5 to 2.6 to add NTLM

2008-02-07 Thread Kinkie 
On Feb 7, 2008 7:30 PM, Leonardo Rodrigues Magalhães
<[EMAIL PROTECTED]> wrote:
>
>
> jeff donovan escreveu:
> >
> > okay that sounds promising. Your saying ( i'm doing this so my fuzzy
> > brain is clear ) that you can access a web site that uses NTLM to
> > access restricted web content ? right now 2.5 does not work.
>
> Yes ... i can confirm that based on my tests here. sites with NTLM
> auth do NOT work through squid 2.5 but seems to work fine through 2.6
> and 3.0, according to my tests here. My production boxes are still 2.5
> and as i have VERY LITTLE problems with NTLM sites, i havent upgraded
> them yet.
> I'm not saying user authentication through NTLM. That 2.5 can do
> well. Yes i'm telling about SITE NTLM authentication passing through
> squid 2.6 and 3.0.

That's exact. Squid 2.6 and 3.0 do support the kind of infrastructure
needed to properly forward the broken NTLM protocol.
I'll update the wiki article to reflect this.

Thanks.

-- 
/kinkie

Re: [squid-users] upgrade from 2.5 to 2.6 to add NTLM

2008-02-07 Thread jeff donovan 


On Feb 7, 2008, at 1:30 PM, Leonardo Rodrigues Magalhães wrote:




jeff donovan escreveu:


okay that sounds promising. Your saying ( i'm doing this so my  
fuzzy brain is clear ) that you can access a web site that uses  
NTLM to access restricted web content ? right now 2.5 does not work.


  Yes ... i can confirm that based on my tests here. sites with NTLM  
auth do NOT work through squid 2.5 but seems to work fine through  
2.6 and 3.0, according to my tests here. My production boxes are  
still 2.5 and as i have VERY LITTLE problems with NTLM sites, i  
havent upgraded them yet.


  I'm not saying user authentication through NTLM. That 2.5 can do  
well. Yes i'm telling about SITE NTLM authentication passing through  
squid 2.6 and 3.0.


thank you very much leonardo.

now :) would you be willing to share your config ? is there anything  
special that you had to do in your test box.


-j

Re: [squid-users] upgrade from 2.5 to 2.6 to add NTLM

2008-02-07 Thread Leonardo Rodrigues Magalhães 



jeff donovan escreveu:


okay that sounds promising. Your saying ( i'm doing this so my fuzzy 
brain is clear ) that you can access a web site that uses NTLM to 
access restricted web content ? right now 2.5 does not work.


   Yes ... i can confirm that based on my tests here. sites with NTLM 
auth do NOT work through squid 2.5 but seems to work fine through 2.6 
and 3.0, according to my tests here. My production boxes are still 2.5 
and as i have VERY LITTLE problems with NTLM sites, i havent upgraded 
them yet.


   I'm not saying user authentication through NTLM. That 2.5 can do 
well. Yes i'm telling about SITE NTLM authentication passing through 
squid 2.6 and 3.0.


--


Atenciosamente / Sincerily,
Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br

Minha armadilha de SPAM, NÃO mandem email
[EMAIL PROTECTED]
My SPAMTRAP, do not email it






smime.p7s
Description: S/MIME Cryptographic Signature

Re: [squid-users] upgrade from 2.5 to 2.6 to add NTLM

2008-02-07 Thread jeff donovan 


On Feb 7, 2008, at 12:53 PM, Leonardo Rodrigues Magalhães wrote:




Dave Holland escreveu:


On Thu, Feb 07, 2008 at 10:29:14AM -0500, jeff donovan wrote:

Are the NTLM auth modules that come with squid used just for  
accessing

the squid cache ?


As I understand it: yes.



I have done some tests with squid 2.6/3.0 recently and seems  
that sites with NTLM auth do work FINE with squid 2.6/3.0. I'm  
stilll running squid 2.5 in production boxes and sites with NTLM  
auth do NOT work through squid 2.5.


I'm preparing some upgrades here to allow sites with NTLM auth  
to work properly, as my tests confirmed.


Of course, i'm also thinking on the possibility of skipping 2.6  
and going forward to squid 3.0 stable 1 !!!


okay that sounds promising. Your saying ( i'm doing this so my fuzzy  
brain is clear ) that you can access a web site that uses NTLM to  
access restricted web content ? right now 2.5 does not work.

Re: [squid-users] upgrade from 2.5 to 2.6 to add NTLM

2008-02-07 Thread jeff donovan 


On Feb 7, 2008, at 11:57 AM, Dave Holland wrote:


On Thu, Feb 07, 2008 at 10:29:14AM -0500, jeff donovan wrote:
Are the NTLM auth modules that come with squid used just for  
accessing

the squid cache ?


As I understand it: yes.

See:
http://wiki.squid-cache.org/SquidFaq/CompleteFaq#head-663844d925e559109734bd02d6dd049a861197e0

which says:
"Windows NT Challenge/Response authentication requires implicit
end-to-end state and will not work through a proxy server."

I ran into this last week, and asked the IIS admin to switch to basic
authentication + SSL instead -- which does work through Squid.

Dave


okay thats what i thought but i was "hoping" there was a light at the  
end of the tunnel.


-jeff

Re: [squid-users] upgrade from 2.5 to 2.6 to add NTLM

2008-02-07 Thread Dave Holland 
On Thu, Feb 07, 2008 at 10:29:14AM -0500, jeff donovan wrote:
> Are the NTLM auth modules that come with squid used just for accessing  
> the squid cache ?

As I understand it: yes.

See:
http://wiki.squid-cache.org/SquidFaq/CompleteFaq#head-663844d925e559109734bd02d6dd049a861197e0

which says:
"Windows NT Challenge/Response authentication requires implicit
end-to-end state and will not work through a proxy server."

I ran into this last week, and asked the IIS admin to switch to basic
authentication + SSL instead -- which does work through Squid.

Dave
-- 
** Dave Holland ** Systems Support -- Special Projects Team **
** 01223 496923 ** Sanger Institute, Hinxton, Cambridge, UK **
"Once more, with feeling."


-- 
 The Wellcome Trust Sanger Institute is operated by Genome Research 
 Limited, a charity registered in England with number 1021457 and a 
 company registered in England with number 2742969, whose registered 
 office is 215 Euston Road, London, NW1 2BE.

[squid-users] upgrade from 2.5 to 2.6 to add NTLM

2008-02-07 Thread jeff donovan 

Greetings

i have been running into several issues with my Squid proxy ( running  
transparent )

Squid Cache: Version 2.5.STABLE7
configure options:  --host=PPC --enable-async-io --enable-snmp -- 
enable-underscores


accessing Windows IIS6.0 web servers using NTLM authentication. The  
Authentication basically fails refreshing the page. Some sites drop to  
basic Auth and the users can continue. But others require the full  
verification. If I bypass squid the users can authenticate.


I have been reading the release notes and some docs  Squid 2.6.

Are the NTLM auth modules that come with squid used just for accessing  
the squid cache ? or can these modules help my users connections to  
remote IIS servers ?


will 2.6 help in my case ?

TIA

-jeff

[squid-users] Upgrade from 2.6STABLE14 to STABLE17 with "Invalid capability version 0" message

2007-12-02 Thread Uto Cen 
Hi,
after upgrading the squid on Linux (2.6.9), I receive the "Invalid
capability version 0" message in the log.
What does the line mean, and more importantly, will that impact stability?

Thanks, Uto

Re: [squid-users] upgrade to squid3:

2007-10-10 Thread Brian J. Murrell 
On Tue, 2007-10-09 at 09:45 -0400, Brian J. Murrell wrote:
> 
> Probably because I have not actually rolled my own but am using the
> squid3 package in Ubuntu Feisty.  :-)  Hrm, even the soon-to-be-released
> Gutsy only has 3.0.PRE6-1.  I guess the maintainer is not keeping close
> with releases.  I will prod him/her.  Probably rolling a 3.0 RC1 would
> not be terribly difficult either though.

Well, I rolled my own 3.0.RC1 deb for Ubuntu Feisty and installed it and
low-and-behold, all of the problems I was having have "magically" :-)
disappeared.

b.

-- 
My other computer is your Microsoft Windows server.

Brian J. Murrell


signature.asc
Description: This is a digitally signed message part

Re: [squid-users] upgrade to squid3:

2007-10-09 Thread Christos Tsantilas 
Hi Brian,
   Are you using the cache created by squid2.6 with squid3?
The squid 3.0 before release PRE7 has problems using caches created with
squid2.6.

The squid-3.0.RC1 is supposed to be compatible with caches created with
squid2.6, and also has many bug fixes.

Regards,
Christos

Brian J. Murrell wrote:
> I've upgraded from squid 2.6 to 3.0.PRE5-5 and now I am getting various
> errors in my log.  For example:
> 
> 20:32:58 squid storeSwapMetaUnpack: bad type (9)!
> 20:32:59 squid storeSwapMetaUnpack: bad type (9)!
> 20:33:02 squid storeSwapMetaUnpack: bad type (9)!
> 20:33:27 squid squidaio_queue_request: WARNING - Queue congestion
> 20:33:27 squid storeSwapMetaUnpack: bad type (9)!
> 20:33:40 squid storeSwapMetaUnpack: bad type (9)!
> 20:34:03 squid storeSwapMetaUnpack: bad type (9)!
> 20:36:02 squid storeSwapMetaUnpack: bad type (9)!
> 20:36:02 squid storeSwapMetaUnpack: bad type (9)!
> 
> There have been other messages but I don't have any others on hand right
> now.  Perhaps all of my messages are related to the same issue and if I
> can cure the above messages, the others will just go away.
> 
> So, any idea what those messages above are trying to tell me?  Or what I
> can do do gather further information?
> 
> Thanx!
> 
> b.
>

Re: [squid-users] upgrade to squid3:

2007-10-09 Thread Tek Bahadur Limbu 

Hi Brian,


Brian J. Murrell wrote:

I've upgraded from squid 2.6 to 3.0.PRE5-5 and now I am getting various
errors in my log.  For example:

20:32:58 squid storeSwapMetaUnpack: bad type (9)!
20:32:59 squid storeSwapMetaUnpack: bad type (9)!
20:33:02 squid storeSwapMetaUnpack: bad type (9)!
20:33:27 squid squidaio_queue_request: WARNING - Queue congestion
20:33:27 squid storeSwapMetaUnpack: bad type (9)!
20:33:40 squid storeSwapMetaUnpack: bad type (9)!
20:34:03 squid storeSwapMetaUnpack: bad type (9)!
20:36:02 squid storeSwapMetaUnpack: bad type (9)!
20:36:02 squid storeSwapMetaUnpack: bad type (9)!


Which storage scheme are you using for your cache?



There have been other messages but I don't have any others on hand right
now.  Perhaps all of my messages are related to the same issue and if I
can cure the above messages, the others will just go away.


Have you tried stopping Squid and manually restarting it?

You can try cleaning your cache_dirs and starting with a new cache.
Then check once again for any messages in your cache.log.




So, any idea what those messages above are trying to tell me?  Or what I
can do do gather further information?


I am not really sure what those messages mean but I have seen them at 
some point in time on my caches. I guess it's somehow related to storage 
corruption.


But my question is, are those messages which are appearing on your 
cache.log giving you problems like slowness in web browsing, errors 
while accessing web pages, etc?


Since Ubuntu still does not seem to have the latest Squid-3.0.RC1 binary 
packages, why don't you try downloading the squid-3.0.RC1 source package 
and compiling it?


http://www.squid-cache.org/Versions/v3/3.0/squid-3.0.RC1.tar.gz

You will have more control over Squid this way. Squid has one of the 
best FAQs, installation, wiki guides, etc, covering almost everything 
from installation to fine-tuning your cache.


Thanking you...





Thanx!

b.




--

With best regards and good wishes,

Yours sincerely,

Tek Bahadur Limbu

System Administrator

(TAG/TDG Group)
Jwl Systems Department

Worldlink Communications Pvt. Ltd.

Jawalakhel, Nepal

http://www.wlink.com.np

http://teklimbu.wordpress.com

Re: [squid-users] upgrade to squid3:

2007-10-09 Thread Brian J. Murrell 
On Tue, 2007-10-09 at 10:18 -0300, Thiago Cruz wrote:
> Hi Brian,

Hi Thiago,

> Why don't you try squid-3.0.RC1?

Probably because I have not actually rolled my own but am using the
squid3 package in Ubuntu Feisty.  :-)  Hrm, even the soon-to-be-released
Gutsy only has 3.0.PRE6-1.  I guess the maintainer is not keeping close
with releases.  I will prod him/her.  Probably rolling a 3.0 RC1 would
not be terribly difficult either though.

> If the problem persist could you post
> your .conf?

The whole thing?  It's a bit large with acls and such.  Is there some
settings you are interested in that I could post in the interest of
saving bandwidth and not overwhelming others?

b.

-- 
A day in the yard with my son is just like a day at work.  He goes
hunting around for stuff and brings it back to me and says: "Hey Dad,
look what I found.  The money is for me and the screw is for you."


signature.asc
Description: This is a digitally signed message part

Re: [squid-users] upgrade to squid3:

2007-10-09 Thread Thiago Cruz 
Hi Brian,

Why don't you try squid-3.0.RC1? If the problem persist could you post
your .conf?

[]'s
Thiago Cruz

On 10/9/07, Brian J. Murrell <[EMAIL PROTECTED]> wrote:
> I've upgraded from squid 2.6 to 3.0.PRE5-5 and now I am getting various
> errors in my log.  For example:
>
> 20:32:58 squid storeSwapMetaUnpack: bad type (9)!
> 20:32:59 squid storeSwapMetaUnpack: bad type (9)!
> 20:33:02 squid storeSwapMetaUnpack: bad type (9)!
> 20:33:27 squid squidaio_queue_request: WARNING - Queue congestion
> 20:33:27 squid storeSwapMetaUnpack: bad type (9)!
> 20:33:40 squid storeSwapMetaUnpack: bad type (9)!
> 20:34:03 squid storeSwapMetaUnpack: bad type (9)!
> 20:36:02 squid storeSwapMetaUnpack: bad type (9)!
> 20:36:02 squid storeSwapMetaUnpack: bad type (9)!
>
> There have been other messages but I don't have any others on hand right
> now.  Perhaps all of my messages are related to the same issue and if I
> can cure the above messages, the others will just go away.
>
> So, any idea what those messages above are trying to tell me?  Or what I
> can do do gather further information?
>
> Thanx!
>
> b.
>
> --
> My other computer is your Microsoft Windows server.
>
> Brian J. Murrell
>

[squid-users] upgrade to squid3:

2007-10-09 Thread Brian J. Murrell 
I've upgraded from squid 2.6 to 3.0.PRE5-5 and now I am getting various
errors in my log.  For example:

20:32:58 squid storeSwapMetaUnpack: bad type (9)!
20:32:59 squid storeSwapMetaUnpack: bad type (9)!
20:33:02 squid storeSwapMetaUnpack: bad type (9)!
20:33:27 squid squidaio_queue_request: WARNING - Queue congestion
20:33:27 squid storeSwapMetaUnpack: bad type (9)!
20:33:40 squid storeSwapMetaUnpack: bad type (9)!
20:34:03 squid storeSwapMetaUnpack: bad type (9)!
20:36:02 squid storeSwapMetaUnpack: bad type (9)!
20:36:02 squid storeSwapMetaUnpack: bad type (9)!

There have been other messages but I don't have any others on hand right
now.  Perhaps all of my messages are related to the same issue and if I
can cure the above messages, the others will just go away.

So, any idea what those messages above are trying to tell me?  Or what I
can do do gather further information?

Thanx!

b.

-- 
My other computer is your Microsoft Windows server.

Brian J. Murrell


signature.asc
Description: This is a digitally signed message part

Re: [squid-users] upgrade question stable 2.5 stable 5 to stable 12

2005-11-30 Thread Ronny T. Lampert 
> I am currently running 2.5 Stable 5 and want to upgrade to Stable 12.
> Will my Stable 5 conf file work in Stable 12 ?

Yes. I have updated from S3 until S12, using each version in between.

Look into the cache.log (after starting the new squid) to see if squid
complains about a setting.

I had the problem that I just copied the executable over, but didn't update
the error directory, so there were some files missing.
Copying the new error directory over did help.

Cheers,
Ronny

[squid-users] upgrade question stable 2.5 stable 5 to stable 12

2005-11-30 Thread Hement Gopal 

Hi all

I am currently running 2.5 Stable 5 and want to upgrade to Stable 12.

Will my Stable 5 conf file work in Stable 12 ?

Rgds,
Hement

Rv: Re: [squid-users] upgrade

2005-06-06 Thread Daniel Navarro 
In fact I prefer

yum update squid

updates because that way I am sure I am having the
more actual stable version for my redhat box.

Regards

Nota: Se adjuntó el mensaje reenviado.


__
Correo Yahoo!
Espacio para todos tus mensajes, antivirus y antispam ¡gratis! 
Regístrate ya - http://correo.espanol.yahoo.com/ --- Begin Message ---



On Thu, 2 Jun 2005, Matus UHLAR - fantomas wrote:


On 02.06 08:55, azeem ahmad wrote:

infact i wanted to know that will i lose my stored cache if i upgrade my
squid??


no. and upgrade to stable10.


source RPMs for RedHat and Fedora is available from 
http://marasystems.com/download/squid/ to make this easier.


Regards
Henrik
--- End Message ---

Re: [squid-users] upgrade

2005-06-05 Thread Henrik Nordstrom 



On Thu, 2 Jun 2005, Matus UHLAR - fantomas wrote:


On 02.06 08:55, azeem ahmad wrote:

infact i wanted to know that will i lose my stored cache if i upgrade my
squid??


no. and upgrade to stable10.


source RPMs for RedHat and Fedora is available from 
http://marasystems.com/download/squid/ to make this easier.


Regards
Henrik

Re: [squid-users] upgrade

2005-06-02 Thread Matus UHLAR - fantomas 
On 02.06 08:55, azeem ahmad wrote:
> infact i wanted to know that will i lose my stored cache if i upgrade my 
> squid??

no. and upgrade to stable10.

-- 
Matus UHLAR - fantomas, [EMAIL PROTECTED] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety. -- Benjamin Franklin, 1759

Re: [squid-users] upgrade

2005-06-01 Thread azeem ahmad 

hi
infact i wanted to know that will i lose my stored cache if i upgrade my 
squid??

Regards
Azeem


From: rick <[EMAIL PROTECTED]>
To: azeem ahmad <[EMAIL PROTECTED]>
CC: squid-users@squid-cache.org
Subject: Re: [squid-users] upgrade
Date: Wed, 1 Jun 2005 21:33:26 -0400 (EDT)

Hi,
I would go with the latest software out. Squid stable 10 is out now and 6 
is almost a year old. I had cache problems with older releases. 10 seems 
fine for me so far. It's your choice but it is better to keep all software 
up to date to a certain point.

Good Luck,
Rick

On Thu, 2 Jun 2005, azeem ahmad wrote:


hi list
i m using squid-2.5.STABLE5-2.i386.rpm on FC2 now i have planned to 
install FC3 which comes with squid-2.5.STABLE6-3.i386.rpm
the question is that if i upgrade my OS as well as squid from 
squid-2.5.STABLE5-2.i386.rpm to squid-2.5.STABLE6-3.i386.rpm. then can i 
use my old cache build by squid-2.5.STABLE5-2.i386.rpm or will it be 
useless for this new version. mean squid-2.5.STABLE6-3.i386.rpm

Regards
Azeem

_
Express yourself instantly with MSN Messenger! Download today it's FREE! 
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/




_
FREE pop-up blocking with the new MSN Toolbar - get it now! 
http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/

Re: [squid-users] upgrade

2005-06-01 Thread rick 

Hi,
I would go with the latest software out. Squid stable 10 is out now and 6 
is almost a year old. I had cache problems with older releases. 10 seems 
fine for me so far. It's your choice but it is better to keep all software 
up to date to a certain point.

Good Luck,
Rick

On Thu, 2 Jun 2005, azeem ahmad wrote:


hi list
i m using squid-2.5.STABLE5-2.i386.rpm on FC2 now i have planned to install 
FC3 which comes with squid-2.5.STABLE6-3.i386.rpm
the question is that if i upgrade my OS as well as squid from 
squid-2.5.STABLE5-2.i386.rpm to squid-2.5.STABLE6-3.i386.rpm. then can i use 
my old cache build by squid-2.5.STABLE5-2.i386.rpm or will it be useless for 
this new version. mean squid-2.5.STABLE6-3.i386.rpm

Regards
Azeem

_
Express yourself instantly with MSN Messenger! Download today it's FREE! 
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/

[squid-users] upgrade

2005-06-01 Thread azeem ahmad 

hi list
i m using squid-2.5.STABLE5-2.i386.rpm on FC2 now i have planned to install 
FC3 which comes with squid-2.5.STABLE6-3.i386.rpm
the question is that if i upgrade my OS as well as squid from 
squid-2.5.STABLE5-2.i386.rpm to squid-2.5.STABLE6-3.i386.rpm. then can i use 
my old cache build by squid-2.5.STABLE5-2.i386.rpm or will it be useless for 
this new version. mean squid-2.5.STABLE6-3.i386.rpm

Regards
Azeem

_
Express yourself instantly with MSN Messenger! Download today it's FREE! 
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/

Fwd: [squid-users] Upgrade to squid version 2.5 stable 4

2004-02-01 Thread mortbox 
i've  asked to be removed countless times. here's another message that
i didn't want. it's really not that hard to remove somebody is it...

This is a forwarded message
From: Henrik Nordstrom <[EMAIL PROTECTED]>
To: novelit <[EMAIL PROTECTED]>
Date: Tuesday, January 27, 2004, 8:39:18 AM
Subject: [squid-users] Upgrade to squid version 2.5 stable 4

===8<==Original message text===
On Tue, 27 Jan 2004, novelit wrote:

> Anybody knows why my new version has not been installed..

Most likely it is installed, but in a different location compared to your 
old Squid installation.

When you build Squid from source the default installation directory is 
/usr/local/squid, with the path to the Squid binary 
/usr/local/squid/sbin/squid

If you previously installed a binary distribution of Squid then this most 
likely is built differently, quite likely installing the Squid binary as
/usr/sbin/squid

Regards
Henrik

===8<===End of original message text===



-- 
Best regards,
 mortboxmailto:[EMAIL PROTECTED]

Re: [squid-users] Upgrade to squid version 2.5 stable 4

2004-01-27 Thread Henrik Nordstrom 
On Tue, 27 Jan 2004, novelit wrote:

> Anybody knows why my new version has not been installed..

Most likely it is installed, but in a different location compared to your 
old Squid installation.

When you build Squid from source the default installation directory is 
/usr/local/squid, with the path to the Squid binary 
/usr/local/squid/sbin/squid

If you previously installed a binary distribution of Squid then this most 
likely is built differently, quite likely installing the Squid binary as
/usr/sbin/squid

Regards
Henrik

RE: [squid-users] Upgrade to squid version 2.5 stable 4

2004-01-27 Thread Elsen Marc 

  
> 
> Dear all,
> i have squid version 2.5 stable 1 installed 
> and i want to
> upgrade to squid version 2.5 stable 4 with snmp enabled.
> 
> i have downloaded the tar and  compiled it
> ./configure --enable snmp ;make all; make install ... without 
> any errors.
>
> ...

  Could you change the configure option into :

 --enable-snmp

 Note the '-' between  'enable' and 'snmp'.

 M.

[squid-users] Upgrade to squid version 2.5 stable 4

2004-01-27 Thread novelit 
Dear all,
i have squid version 2.5 stable 1 installed and i want to
upgrade to squid version 2.5 stable 4 with snmp enabled.

i have downloaded the tar and  compiled it
./configure --enable snmp ;make all; make install ... without any errors.

however, when i type squid -v, i can still see my old
version running i.e

Squid Cache: Version 2.5.STABLE1
configure
options:  --host=i386-redhat-linux --build=i386-redhat-linux --target=i386-r
edhat-linux-gnu --program-prefix= --prefix=/usr --exec-prefix=/usr --bindir=
/usr/bin --sbindir=/usr/sbin --sysconfdir=/etc --datadir=/usr/share --includ
edir=/usr/include --libdir=/usr/lib --libexecdir=/usr/libexec --localstatedi
r=/var --sharedstatedir=/usr/com --mandir=/usr/share/man --infodir=/usr/shar
e/info --exec_prefix=/usr --bindir=/usr/sbin --libexecdir=/usr/lib/squid --l
ocalstatedir=/var --sysconfdir=/etc/squid --enable-poll --enable-snmp --enab
le-removal-policies=heap,lru --enable-storeio=aufs,coss,diskd,ufs --enable-s
sl --with-openssl=/usr/kerberos --enable-delay-pools --enable-linux-netfilte
r --with-pthreads --enable-basic-auth-helpers=LDAP,NCSA,PAM,SMB,SASL,MSNT --
enable-ntlm-auth-helpers=SMB,winbind --enable-external-acl-helpers=ip_user,l
dap_group,unix_group,wbinfo_group,winbind_group

Anybody knows why my new version has not been installed..

Secondly how i check whether snmp is enabled and running on squid?

Thanks
nat

Re: [squid-users] Upgrade Squid but Use Old Cache

2004-01-09 Thread Henrik Nordstrom 
On Thu, 8 Jan 2004, Dodjie Nava wrote:

> a friend of mine is using redhat 8.0 & squid-2.4.STABLE7-4.rpm.  he 
> asked me to help him upgrade to squid-2.5.STABLE4.  the only question is 
> can squid2.5 use the squid2.4 cache?  it's quite big already, around 
> 100gig, and he doesn't want to start all over again.  i'm not sure about 
> this coz when i did upgrade our server, i did start my cache from 
> scratch, but mine is only 10gig.
> 
> our faq only has an entry for 1.1 to 2, but i'll include this in the update.

The cache in Squid-2.x and Squid-3 is upwards compatible between 
releases.

This is except for the 2.4.STABLE1 and 2.4.STABLE2 releases where the
on-disk format got accidently broken and not even compatible with itself..
http://www.squid-cache.org/Versions/v2/2.4/bugs/#squid-2.4.STABLE2-swap_meta>. 
But even then it is upwards compatible unless one needs to make a slow 
rebuild of swap.state.

It is not guaranteed that downgrading will always work flawlessly. In both 
Squid-2.5 and Squid-3.0 new features is introduces extending the on-disk 
format, and older releases may get upset when encountering objects using 
these extensions. And it is extremely likely additional extensions will be 
added during the lifecycle of Squid-3.

Regards
Henrik

RE: [squid-users] Upgrade Squid but Use Old Cache

2004-01-08 Thread Elsen Marc 

 
> 
> a friend of mine is using redhat 8.0 & squid-2.4.STABLE7-4.rpm.  he 
> asked me to help him upgrade to squid-2.5.STABLE4.  the only 
> question is 
> can squid2.5 use the squid2.4 cache?  it's quite big already, around 
 
  Yes.

  M.

[squid-users] Upgrade Squid but Use Old Cache

2004-01-08 Thread Dodjie Nava 
hi to all.

a friend of mine is using redhat 8.0 & squid-2.4.STABLE7-4.rpm.  he 
asked me to help him upgrade to squid-2.5.STABLE4.  the only question is 
can squid2.5 use the squid2.4 cache?  it's quite big already, around 
100gig, and he doesn't want to start all over again.  i'm not sure about 
this coz when i did upgrade our server, i did start my cache from 
scratch, but mine is only 10gig.

our faq only has an entry for 1.1 to 2, but i'll include this in the update.

thanks.

--
Dodjie Nava <[EMAIL PROTECTED]>
Systems Engineer
E-Net Corporation
Binan, Laguna, Philippines