Re: [squid-users] SquidGuard Replacement
Joseph L. Casale schrieb: When logging in to MS Technet, I get this: ERROR The requested URL could not be retrieved The following error was encountered while trying to retrieve the URL: http:443 Unable to determine IP address from host name The DNS server returned: Name Error: The domain name does not exist.This means that the cache was not able to resolve the hostname presented in the URL. Check if the address is correct. Your cache administrator is root. Generated Tue, 06 Jan 2009 19:12:01 GMT by dev.activenetwerx.int (squid/3.0.STABLE9) What does http:443 mean? This is only a problem when squidGuard is enabled? The url that it tanked on is: https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=10&ct=1231267843&rver=5.5.4177.0&wp=MCMBI&wlcxt=technet%24technet%24technet&wreply=https%3a%2f%2ftechnet.microsoft.com%2fen-ca%2fsubscriptions%2fmanage%2fbb980931.aspx&lc=1033&id=254354&cru=http%3a%2f%2ftechnet.microsoft.com%2fen-ca%2fsubscriptions%2fdefault.aspx Why would it work without squidGuard? I am seeming to have a lot of problems with squidGuard, anyone got a reco on a replacement? Thanks! jlc Hello Joseph, I'm using Squid3STABLE9 and SquidGuard 1.3 on three openSUSE10.3 boxes and tested the URL you gave us above without hanving any problems to access the TechNet site. So this must be something with your specific setup. What's the version of SG are you using ? Maybe you can post your problem to http://www.squidguard.org/mailinglist.html Regards, - Philipp
RE: [squid-users] SquidGuard Replacement
>I'm using Squid3STABLE9 and SquidGuard 1.3 on three openSUSE10.3 boxes >and tested the URL you gave us above >without hanving any problems to access the TechNet site. So this must be >something with your specific setup. >What's the version of SG are you using ? Maybe you can post your problem >to http://www.squidguard.org/mailinglist.html Philipp, I am using Squid3STABLE9 and SquidGuard 1.3-1.el5.rf on a couple of CentOS 5 boxes? My SquidGuard has only a local net defined with an acl blocking many shalla lists. My squid.conf is as follows: acl manager proto cache_object acl localhost src 127.0.0.1/32 acl to_localhost dst 127.0.0.0/8 acl localnet src 192.168.0.0/16 # RFC1918 possible internal network acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow localnet http_access allow localhost http_access deny all icp_access allow localnet icp_access deny all htcp_access allow localnet htcp_access deny all http_port 3128 hierarchy_stoplist cgi-bin ? access_log /var/log/squid/access.log squid url_rewrite_program /usr/bin/squidGuard refresh_pattern ^ftp: 144020% 10080 refresh_pattern ^gopher:14400% 1440 refresh_pattern (cgi-bin|\?)0 0% 0 refresh_pattern . 0 20% 4320 icp_port 3130 coredump_dir /var/spool/squid Both of my servers are independent with identical configs and exhibit the same behavior, how does your config compare? Thanks! jlc
RE: [squid-users] SquidGuard Replacement
I switched to ufdbguard and have been real pleased with it's performance and support. > -Original Message- > From: Joseph L. Casale [mailto:jcas...@activenetwerx.com] > Sent: Tuesday, January 06, 2009 2:58 PM > To: 'Philipp Rusch - New Vision-IT' > Cc: squid-users@squid-cache.org > Subject: RE: [squid-users] SquidGuard Replacement > > >I'm using Squid3STABLE9 and SquidGuard 1.3 on three openSUSE10.3 boxes > >and tested the URL you gave us above > >without hanving any problems to access the TechNet site. So this must > be > >something with your specific setup. > >What's the version of SG are you using ? Maybe you can post your > problem > >to http://www.squidguard.org/mailinglist.html > > Philipp, > I am using Squid3STABLE9 and SquidGuard 1.3-1.el5.rf on a couple of > CentOS 5 > boxes? My SquidGuard has only a local net defined with an acl blocking > many shalla lists. > > My squid.conf is as follows: > > acl manager proto cache_object > acl localhost src 127.0.0.1/32 > acl to_localhost dst 127.0.0.0/8 > acl localnet src 192.168.0.0/16 # RFC1918 possible internal network > acl SSL_ports port 443 > acl Safe_ports port 80 # http > acl Safe_ports port 21 # ftp > acl Safe_ports port 443 # https > acl Safe_ports port 70 # gopher > acl Safe_ports port 210 # wais > acl Safe_ports port 1025-65535 # unregistered ports > acl Safe_ports port 280 # http-mgmt > acl Safe_ports port 488 # gss-http > acl Safe_ports port 591 # filemaker > acl Safe_ports port 777 # multiling http > acl CONNECT method CONNECT > http_access allow manager localhost > http_access deny manager > http_access deny !Safe_ports > http_access deny CONNECT !SSL_ports > http_access allow localnet > http_access allow localhost > http_access deny all > icp_access allow localnet > icp_access deny all > htcp_access allow localnet > htcp_access deny all > http_port 3128 > hierarchy_stoplist cgi-bin ? > access_log /var/log/squid/access.log squid > url_rewrite_program /usr/bin/squidGuard > refresh_pattern ^ftp: 144020% 10080 > refresh_pattern ^gopher:14400% 1440 > refresh_pattern (cgi-bin|\?)0 0% 0 > refresh_pattern . 0 20% 4320 > icp_port 3130 > coredump_dir /var/spool/squid > > Both of my servers are independent with identical configs and exhibit > the same > behavior, how does your config compare? > Thanks! > jlc > >
RE: [squid-users] SquidGuard Replacement
>I switched to ufdbguard and have been real pleased with it's performance >and support. Thomas, Do I understand this right, the software is free but the db is not? Can one use shalla lists with this software? Thanks! jlc
Re: [squid-users] SquidGuard Replacement
Joseph L. Casale schrieb: I switched to ufdbguard and have been real pleased with it's performance and support. Thomas, Do I understand this right, the software is free but the db is not? Can one use shalla lists with this software? Thanks! jlc Joseph, I wasn't able to access the systems with the SG-config today. So let's solve your problem with SG tomorrow instead of hunting for a "suboptimal" solution. Did you try to post your prob to Shalla / Christine Kronberg ? She is usually a great help. CU, Philipp
RE: [squid-users] SquidGuard Replacement
>Joseph,
>I wasn't able to access the systems with the SG-config today.
>So let's solve your problem with SG tomorrow instead of hunting for
>a "suboptimal" solution.
>Did you try to post your prob to Shalla / Christine Kronberg ?
>She is usually a great help.
Philipp,
I did post just now, for some reason my mail takes ages to get on the
list. I have been doing some testing and see no difference between
Squid3STABLE9|Squid2.6STABLE5 and SquidGuard 1.3|1.4 so it's obviously a
config issue of some sorts.
My acl which I omitted from sg is as follows:
acl {
std-clients {
passwhite local !in-addr !adv !aggressive automobile_bikes
automobile_boats automobile_cars automobile_planes !chat !dating !downloads
!drugs !dynamic finance_banking finance_insurance finance_moneylending
finance_other finance_realestate !forum !gamble !hacking hobby_cooking
hobby_games hobby_gardening hobby_pets hospitals !imagehosting isp jobsearch
military !models !podcasts politics !porn recreation_humor recreation_sports
recreation_travel recreation_wellness !redirector !religion !remotecontrol
!ringtones science_astronomy science_chemistry searchengines !Sex_lingerie
shopping !socialnet !spyware !tracker updatesites !violence !warez !weapons
!webmail !webphone !webradio !webtv any
redirect
http://localhost:88/cgi-bin/squidGuard.cgi?clientaddr=%a&clientname=%n&clientuser=%i&clientgroup=%s&targetgroup=%t&url=%u
}
default {
passlocal none
redirect
http://localhost:88/cgi-bin/squidGuard.cgi?clientaddr=%a&clientname=%n&clientuser=%i&clientgroup=%s&targetgroup=%t+url=%u
}
}
Thanks for everything!
jlc
RE: [squid-users] SquidGuard Replacement
>I wasn't able to access the systems with the SG-config today. >So let's solve your problem with SG tomorrow instead of hunting for >a "suboptimal" solution. >Did you try to post your prob to Shalla / Christine Kronberg ? >She is usually a great help. Philipp, It turned out to be the in-addr that was breaking it. I don't know if it was at all related, but I thought to try without it after seeing this without sg: 1231366747.608749 192.168.0.44 TCP_MISS/200 2562 GET http://ad.yieldmanager.com/st? - DIRECT/76.13.212.11 text/html Versus this with sg: 1231366679.400 48 192.168.0.44 TCP_MISS/403 2585 GET http://ad.yieldmanager.com/st? - DIRECT/192.168.0.11 text/html in the squid logs. I don't know if you can log in-addr blocks, but that's why I wasn't seeing anything related to it. After dropping the !, it worked. I would love to know if the above is related, or if not what it's about? Thanks everyone! jlc
Re: [squid-users] SquidGuard Replacement
Thomas Raef schrieb: How do you figure that ufdb Guard is "sub-optimal"? Yes you can use shalla lists with this. I suggest you contact the owner and discuss your needs with him. He reads this list so I think he'll be available. Thomas J. Raef www.ebasedsecurity.com <http://www.ebasedsecurity.com> "You're either hardened, or you're hacked!" *From:* Philipp Rusch - New Vision IT [mailto:philipp.ru...@newvision-it.de] *Sent:* Wed 1/7/2009 1:12 PM *To:* squid-users@squid-cache.org *Subject:* Re: [squid-users] SquidGuard Replacement Joseph L. Casale schrieb: >> I switched to ufdbguard and have been real pleased with it's performance >> and support. >> > > Thomas, > Do I understand this right, the software is free but the db is not? Can one > use shalla lists with this software? > > Thanks! > jlc > > Joseph, I wasn't able to access the systems with the SG-config today. So let's solve your problem with SG tomorrow instead of hunting for a "suboptimal" solution. Did you try to post your prob to Shalla / Christine Kronberg ? She is usually a great help. CU, Philipp Thomas, I did not say that ufdbguard is a "suboptimal" solution. ALL I wanted to express with my mail was, that Joseph's search for a solution was leading to a somewhat suboptimal setup. He already had everything in place and encountered some problems, so I advised him to search for the reasons of that problem and solve them instaed of replacing components on a trial and error basis. And despite the possible second meaning of my original posting, I really wasn't trying to offend somebody. AND, btw, please keep in mind that english is not my mother's tongue. Regards from Germany, Philipp in his setup
RE: [squid-users] SquidGuard Replacement
Sorry for my misunderstanding. It was a bad day for me. Please accept my apologies. > -Original Message- > From: Philipp Rusch - New Vision-IT [mailto:philipp.ru...@newvision- > it.de] > Sent: Thursday, January 08, 2009 12:02 PM > To: squid-users@squid-cache.org > Subject: Re: [squid-users] SquidGuard Replacement > > Thomas Raef schrieb: > > How do you figure that ufdb Guard is "sub-optimal"? > > > > Yes you can use shalla lists with this. > > > > I suggest you contact the owner and discuss your needs with him. He > > reads this list so I think he'll be available. > > > > Thomas J. Raef > > www.ebasedsecurity.com <http://www.ebasedsecurity.com> > > "You're either hardened, or you're hacked!" > > > > - > --- > > *From:* Philipp Rusch - New Vision IT > > [mailto:philipp.ru...@newvision-it.de] > > *Sent:* Wed 1/7/2009 1:12 PM > > *To:* squid-users@squid-cache.org > > *Subject:* Re: [squid-users] SquidGuard Replacement > > > > Joseph L. Casale schrieb: > > >> I switched to ufdbguard and have been real pleased with it's > > performance > > >> and support. > > >> > > > > > > Thomas, > > > Do I understand this right, the software is free but the db is not? > > Can one > > > use shalla lists with this software? > > > > > > Thanks! > > > jlc > > > > > > > > Joseph, > > I wasn't able to access the systems with the SG-config today. > > So let's solve your problem with SG tomorrow instead of hunting for > > a "suboptimal" solution. > > Did you try to post your prob to Shalla / Christine Kronberg ? > > She is usually a great help. > > > > CU, Philipp > > > Thomas, > I did not say that ufdbguard is a "suboptimal" solution. > ALL I wanted to express with my mail was, that Joseph's > search for a solution was leading to a somewhat suboptimal setup. > He already had everything in place and encountered some problems, > so I advised him to search for the reasons of that problem and solve > them instaed of replacing components on a trial and error basis. > And despite the possible second meaning of my original posting, > I really wasn't trying to offend somebody. > AND, btw, please keep in mind that english is not my mother's tongue. > > Regards from Germany, > Philipp > > in his setup >
