There is anyway to block httptunnel in a squid proxy server?
Thanks.
Adaíl Oliveira
If the connection is to port 443, I don't think so.
Tesla
From: Adaíl Oliveira [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [squid-users] BLock Http Tunnel
Date: Wed, 12 Feb 2003 10:11:37 -
There is anyway to block httptunnel in a squid proxy server?
Thanks.
Adaíl Oliveira
Making something like this would render browsing useless for cache users.
Port restrictions has no definitive effect here. For as long as there is any
allowed port for CONNECT, they can tunnel through that port.
Tesla
From: Federico Lombardo [EMAIL PROTECTED]
To: Adaíl Oliveira [EMAIL
Marc Schmidt wrote:
hi all,
after writing and starting a little performance test client and running
it against squid,
the poor little fish stops doing what he is supposed to do: serving the
requests.
the setting is something like this:
the test client is written in java (using
This one definitely deserves an entry in squid FAQs in capital letters!
Tesla
From: Harald Flory [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: [squid-users] Squid bug? IE bug? or ?
Date: Wed, 12 Feb 2003 13:57:36 +0100 (MET)
Michael Cloutier wrote:
all of my users with any version of IE
sorry
is anyone using webmin and squid. i want to use webmin to do some ACLs but
each time i do this squid crushes and needs to be rebuild help
F
- Original Message -
From: Tesla 13 [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, February 12, 2003 3:57 PM
Subject: Re:
ons 2003-02-12 klockan 11.22 skrev Rainer Traut:
Hi,
I already asked this question some time ago, but I made
some new observations.
Why is https performance so poor, when going direct with
internet explorer instead of using squid?
Don't know.
Broken browser or OS perhaps?
Squid is barely
Sure is.. all you need to do is to identify the servers and then block
them, and use a large bat on the abusing users to teach them to behave
according to the agreed policy of use (which I assume there is one..)
Taking a look what you get in access.log when the application is used is
a good
Hi,
I'm having a little trouble (or maybe misconfiguration) with squid.
I'm using squid behind a firewall (nat) as http acelerator for an
apache.
My conf looks like this :
real ip squid
internal ip
ons 2003-02-12 klockan 11.55 skrev Gavin Hamill:
For example, here 'a solution' would be to search the squid logs for any
CONNECT methods on port 443, and try to establish an SSL connection and GET
/.
If it really is a webserver, then it will at least reply with an HTTP message.
If not,
all you need to do is to identify the servers and then block
them,
This means that they already abused the proxy. A solution prior to this
happenning would be very nice.
Tesla
_
Protect your PC - get McAfee.com VirusScan Online
Squid also logs in cache.log which ports and addresses it listens on.
Regards
Henrik
ons 2003-02-12 klockan 11.48 skrev Ward, John (GroupWare):
Hi,
make sure that the squid is running on port 8080 .. as by default it is port 3128 ..
unlike microsoft proxy.
run a netstat -na|grep LIST to
ons 2003-02-12 klockan 13.57 skrev Harald Flory:
We experienced this problem only with IE6 SP1.
The following setting solved the problem:
unset the folling optionform the IE6 menu:
German Version of IE6 SP1:
Extras - Internet Optionen - Erweitert - Kurze HTTP Fehlermeldungen anzeigen
NCSA.
This was a year ago. Did not try recently. Removing authentication fixed the
problems for us then. Performance degradation was really huge.
Tesla
From: Robert Collins [EMAIL PROTECTED]
To: Tesla 13 [EMAIL PROTECTED]
CC: [EMAIL PROTECTED]
Subject: Re: [squid-users] Squid stops answering
im doing transparent proxy for about 400 concurrent connections on a box with
a 1 gigahertz p3, 2 gig of ram and 2 36 gig u160 scsi drives in raid0 for
cache (9 gig scsi for operating system). running linux kernel 2.4.19 and
iptables, redirecting from cisco router using wccp. machine works
Are you sure your web server is handling the hits?
Also when apache logs 408's, there is sometimes DOS attacks in progress to
the web server like a worm, bounce attack, etc... and it is spawning too
many children. Can you try to isolate the problem?
You can check any external site instead of
hi,
i have on my webserver a simple php site which i query via squid 2.5.
this works (of course) and i see that no last_modified or expiry-header is
replied, which is correct for dynamic sites, too, as far as i know
i have no cache_deny for php-sites and only the usual refresh_patterns of
default
alp wrote:
hi,
i have on my webserver a simple php site which i query via squid 2.5.
this works (of course) and i see that no last_modified or expiry-header is
replied, which is correct for dynamic sites, too, as far as i know
i have no cache_deny for php-sites and only the usual
ons 2003-02-12 klockan 15.39 skrev Rainer Traut:
Hi,
this is exactly you answered me at that time.
We are using all different versions of IE,
W2k and XP, our domino servers are running Windows NT
and Redhat 7.3. Should be no problem then?
You mean, if the browser opens x connections to the
Hi all,
anybody know why in squid2.5 stable1 , when I browse a ftp page the ftp
icons don´t appears.?
Thanks in advance.
ftp.jpg
attachment: ftp.jpg
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
The first question to address is how to read the ToS/DS value on the
received traffic.
I know how to set the ToS/DS value on traffic generated by Squid, but
have yet to find a method where UNIX applications can read the ToS/DS
value of received
On Thu, 2003-02-13 at 01:53, Marc Schmidt wrote:
hihi :-),
sorry, it's probably my fault.
again:
all i need are some good - already tested - values for a bunch of
configuration parameters of the
squid.conf, so that squid will not stop working when i run 20
simultanous clients against
I did the same yesterday :)
Can any developer look into this and verify if it works as expected and if
there is any performance effect?
Also, doesn't useragent need to be escaped like usernames or cleaned off
from garbage characters?
Tesla
From: Justin Albstmeijer [EMAIL PROTECTED]
Are there any ways to build or refresh a cache ? Any program out there
to go get the popular pages during non-busy times?
Highest Regards,
Rodney
www.rcrnet.net
918-358-
ups thank you, it's work but I still can't make it faster, why ?
I have some other problems
1. The program exiting abnormally when I starting squid with DNS testnames
(without -D) option)
2. The client can't send post methode
Pujie
On 12 Feb 2003, Henrik Nordstrom wrote:
Squid also logs in
Hello,
I'm running Squid 2.X in the transparent mode on SuSE linux 8.1 (and also on
Red Hat 8).
It's working and working very well, but some sites stallwhen the client
tries to open the site. No errors, just a pure stall.
Also when clients try to log in to hotmail, they get to the login
Tesla 13 wrote:
We are always talking about policy. But there are situations where a policy
does not have any meaning. What policy can I possibly implement on my
brother or cousin?
Well, if you all agree on a policy then you do.
To tell the truth, I don't want a solution to be found :) I
Most likely your browser does not know how to connect to your Squid by
the name your Squid thinks it has (visible_hostname, or the host name).
Take a look at the HTML code of a FTP directory listing. It contains
URLs which are supposed to end up in the Squid proxy..
Regards
Henrik
Ampugnani,
Alex Sharaz wrote:
Quoting Henrik Nordstrom [EMAIL PROTECTED]:
Nobody has written one for the FAQ yet, but there is some documentation
in the documentation to each helper (authentication and/or group
helper).
If you plan on using groups I strongly advise to look into the group
Delian Krustev wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
The first question to address is how to read the ToS/DS value on the
received traffic.
I know how to set the ToS/DS value on traffic generated by Squid, but
have yet to find a method where UNIX applications can
Please use the squid-users mailinglist for configuration questions.
squid-bugs is for reporting bugs.
Not easily. The attached filename is not part of any URL or even HTTP
headers seen by Squid.. The file is encapsulated inside a
multipart/formdata POST request entity.
What you can do is to
Now you are giving us some valuable hints.
Apparently you are within a private network without direct Internet
connectivity and have to use a parent proxy to reach the Internet.
See the Squid FAQ on how to use Squid inside a firewall.
Regards
Henrik
puji widi wrote:
ups thank you, it's
In article 000901c2d2f5$d73af160$0b01a8c0@rodney, Rodney Richison wrote:
Are there any ways to build or refresh a cache ? Any program out there
to go get the popular pages during non-busy times?
Write a bash script requesting the pages you think are popular by
wget, and put it in cron.
--
Thanks Henrik, Is this save to use more than one parent for private
network ?The speed of my proxy is very poor.
While Squid doesn't use ICP queries for a request if it's behind a
firewall is that mean that I can't use others cache to speed up my proxy ?
On Thu, 13 Feb 2003, Henrik Nordstrom
Hi all
I have Setup now with the Symetirc Link
Squid 2.5+ Cisco WCCP+ Iptables
working well
Due to some reasons we have setup DVB Plat form
for up with symetric Link and down with DVB
and i have BGP anoucement with my DVB provider one class c IP address to
DVB provider.
and i have kept the
thanks marc,
i knowed this page already, it's a really nice one.
but my problem is: does squid never caches an object without validation
headers (expires, max-age, lastmod,...)?
if i have a refresh-pattern like
refresh_pattern . 0 20% 5
such an object should retain at most 5 minutes in cache,
36 matches
Mail list logo