Re: [squid-users] Squid 3.0 vs. 2.6 Releases
Amos Jeffries wrote: On the authentication issue I tried changing log level to 9 for a short time but it did not tell me much. Saw the POST when the username and password was submitted but not much else. Its a IIS/6 server with ASP.NET version 2. Looks to be using javascript to log in. Any ideas what I can change on Squid to make it work? Its does this both in transparent and non-transparent modes. I was hoping maybe Squid v3 had some improvements that would make it work. Interception 'transparent' mode ports do not even attempt to perform authentication. To clarify, interception/transparent proxy ports don't allow proxy authentication. It should work just fine for authenticating to a web server, be it via HTTP auth or a login form. Though with most javascript methods HTTP authentication is not involved anyway. Given it's a form that's being POSTed, this doesn't sound like HTTP auth in any case. Making sure the interception and direct-proxy listening ports are different should fix it for most users. If the code itself is failing on a side-band authentication there is nothing you can do to fix it in squid. Only the sites webmaster can fix those. Unless Squid is configured to block some important header, or forced to cache pages that are marked private, or... A look at your squid.conf (without comments) might give the list members a better opportunity to help. Amos Chris
Re: [squid-users] Squid 3.0 vs. 2.6 Releases
I have problems with users connecting to websites on IIS servers not able to authenticate with user name and password. Some other user complains they cannot upload .NET. Will the chunked-encoding issue cause this? On the authentication issue I tried changing log level to 9 for a short time but it did not tell me much. Saw the POST when the username and password was submitted but not much else. Its a IIS/6 server with ASP.NET version 2. Looks to be using javascript to log in. Any ideas what I can change on Squid to make it work? Its does this both in transparent and non-transparent modes. I was hoping maybe Squid v3 had some improvements that would make it work. Interception 'transparent' mode ports do not even attempt to perform authentication. To clarify, interception/transparent proxy ports don't allow proxy authentication. It should work just fine for authenticating to a web server, be it via HTTP auth or a login form. Though with most javascript methods HTTP authentication is not involved anyway. Given it's a form that's being POSTed, this doesn't sound like HTTP auth in any case. Making sure the interception and direct-proxy listening ports are different should fix it for most users. If the code itself is failing on a side-band authentication there is nothing you can do to fix it in squid. Only the sites webmaster can fix those. Unless Squid is configured to block some important header, or forced to cache pages that are marked private, or... A look at your squid.conf (without comments) might give the list members a better opportunity to help. My squid.conf is below. I am only trying to proxy and cache http and my cache is only really secured by the source IP address. Any ideas would be appreciated. Squid2.6stable20 was built like so. ./configure --enable-linux-netfilter --enable-storeio=ufs,aufs Matt http_port 8086 transparent hierarchy_stoplist cgi-bin ? acl QUERY urlpath_regex cgi-bin \? cache deny QUERY acl apache rep_header Server ^Apache broken_vary_encoding allow apache maximum_object_size 65536 KB cache_dir aufs /usr/local/squid/var/cache 96000 16 256 access_log /usr/local/squid/var/logs/access.log squid refresh_pattern ^ftp:144020%10080 refresh_pattern ^gopher:14400%1440 refresh_pattern .020%4320 acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 acl CONNECT method CONNECT http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports acl our_networks src x.x.x.0/24 x.x.x.0/24 http_access allow our_networks http_access deny all http_reply_access allow all icp_access allow all tcp_outgoing_address x.x.10.2 all cache_mgr [EMAIL PROTECTED] cache_effective_user squid cache_effective_group squid visible_hostname proxy.
Re: [squid-users] Squid 3.0 vs. 2.6 Releases
No. Thats another two issues altogether. The authentication one is probably a configuration issue. But may be an auth bug. The upload one may be related to squid blocking unknown HTTP request methods, or the size of the objects being uploaded. A good cache.log trace of the two operations should lead you to the problem. I did notice this between Squid and the IIS server. Duplicate to the ACK in frame. If it means anything. Matt
Re: [squid-users] Squid 3.0 vs. 2.6 Releases
Matt wrote: What are the primary differences between these releases? If I am running Squid 2.6stable20 will it be relatively easy to upgrade too the latest stable 3 release? Never had much trouble going from one STABLE 2.6 to the next. Does Squid 3 handle .NET issues or IIS webservers any better then 2.6? Matt Both are based on 2.5. - 3.0 adds features geared towards content adaptation. - 2.6 adds performance upgrades for high-traffic acceleration clients. The upgrade itself should be easy. Last time we checked 3.0 was on par with 2.6s6, so its a step down from s20. You probably want to wait for 3.1 or later. But it depends entirely on your performance and more importantly feature needs. As for .NET and IIS issues. Other than their chunk-encoding problem I'm not aware of any affecting squid. In that case 2.6 is slightly better than 3.0 and worse than 3.1. Amos -- Please use Squid 2.6.STABLE20 or 3.0.STABLE6
Re: [squid-users] Squid 3.0 vs. 2.6 Releases
What are the primary differences between these releases? If I am running Squid 2.6stable20 will it be relatively easy to upgrade too the latest stable 3 release? Never had much trouble going from one STABLE 2.6 to the next. Does Squid 3 handle .NET issues or IIS webservers any better then 2.6? Both are based on 2.5. - 3.0 adds features geared towards content adaptation. - 2.6 adds performance upgrades for high-traffic acceleration clients. The upgrade itself should be easy. Last time we checked 3.0 was on par with 2.6s6, so its a step down from s20. You probably want to wait for 3.1 or later. But it depends entirely on your performance and more importantly feature needs. As for .NET and IIS issues. Other than their chunk-encoding problem I'm not aware of any affecting squid. In that case 2.6 is slightly better than 3.0 and worse than 3.1. I have problems with users connecting to websites on IIS servers not able to authenticate with user name and password. Some other user complains they cannot upload .NET. Will the chunked-encoding issue cause this? Matt
Re: [squid-users] Squid 3.0 vs. 2.6 Releases
What are the primary differences between these releases? If I am running Squid 2.6stable20 will it be relatively easy to upgrade too the latest stable 3 release? Never had much trouble going from one STABLE 2.6 to the next. Does Squid 3 handle .NET issues or IIS webservers any better then 2.6? Both are based on 2.5. - 3.0 adds features geared towards content adaptation. - 2.6 adds performance upgrades for high-traffic acceleration clients. The upgrade itself should be easy. Last time we checked 3.0 was on par with 2.6s6, so its a step down from s20. You probably want to wait for 3.1 or later. But it depends entirely on your performance and more importantly feature needs. As for .NET and IIS issues. Other than their chunk-encoding problem I'm not aware of any affecting squid. In that case 2.6 is slightly better than 3.0 and worse than 3.1. I have problems with users connecting to websites on IIS servers not able to authenticate with user name and password. Some other user complains they cannot upload .NET. Will the chunked-encoding issue cause this? No. Thats another two issues altogether. The authentication one is probably a configuration issue. But may be an auth bug. The upload one may be related to squid blocking unknown HTTP request methods, or the size of the objects being uploaded. A good cache.log trace of the two operations should lead you to the problem. Amos
Re: [squid-users] Squid 3.0 vs. 2.6 Releases
I have problems with users connecting to websites on IIS servers not able to authenticate with user name and password. Some other user complains they cannot upload .NET. Will the chunked-encoding issue cause this? No. Thats another two issues altogether. The authentication one is probably a configuration issue. But may be an auth bug. The upload one may be related to squid blocking unknown HTTP request methods, or the size of the objects being uploaded. A good cache.log trace of the two operations should lead you to the problem. On the authentication issue I tried changing log level to 9 for a short time but it did not tell me much. Saw the POST when the username and password was submitted but not much else. Its a IIS/6 server with ASP.NET version 2. Looks to be using javascript to log in. Any ideas what I can change on Squid to make it work? Its does this both in transparent and non-transparent modes. I was hoping maybe Squid v3 had some improvements that would make it work. Matt
Re: [squid-users] Squid 3.0 vs. 2.6 Releases
I have problems with users connecting to websites on IIS servers not able to authenticate with user name and password. Some other user complains they cannot upload .NET. Will the chunked-encoding issue cause this? No. Thats another two issues altogether. The authentication one is probably a configuration issue. But may be an auth bug. The upload one may be related to squid blocking unknown HTTP request methods, or the size of the objects being uploaded. A good cache.log trace of the two operations should lead you to the problem. On the authentication issue I tried changing log level to 9 for a short time but it did not tell me much. Saw the POST when the username and password was submitted but not much else. Its a IIS/6 server with ASP.NET version 2. Looks to be using javascript to log in. Any ideas what I can change on Squid to make it work? Its does this both in transparent and non-transparent modes. I was hoping maybe Squid v3 had some improvements that would make it work. Interception 'transparent' mode ports do not even attempt to perform authentication. Though with most javascript methods HTTP authentication is not involved anyway. Making sure the interception and direct-proxy listening ports are different should fix it for most users. If the code itself is failing on a side-band authentication there is nothing you can do to fix it in squid. Only the sites webmaster can fix those. Amos
