Dear all
I have plan to use squid2.5 stable1 with Redhat 7.2. Before I config squid,I
specify file descriptor using ulimit as following.
ulimit -u ulimited
ulimit -n 15
The result is
core file size (blocks) 0
data seg size (kbytes) unlimited
file si
Hi,
I hv 2 proxies.
First one is an old proxy, second proxy is Squid.
To go out to the Internet, or hq websites, I made the
old proxy as a parent in squid.conf (cache_peer
10.x.x.x parent 8080 0 no-query default).
But I realized that some hq websites can't be reached
when using squid. The Ne
I'm trying to setup squidguard on my RH 8.0 box, and am having some
problems. Hopefully someone can tell me what I did wrong.
I have squid, squidGuard, and the chastity-list all installed, and it
looks ok, but when I try to visit any site on the blacklist from my
browser, I get through. Shouldn
squid-2.4.STABLE3 has installed on a Linux System. But, how can I make squid cache
dynamic content, like cgi or jsp, on another host?
Wang Feng
[EMAIL PROTECTED]
2003-03-04
China Internet Network Informat
Also, if you are running a FW make sure that https is open for users.
On Mon, 2003-03-03 at 22:15, Gary Price (ICT) wrote:
> Gary Price wrote:
> >> Hi
> >> some of my colleagues are reporting that, if they have a HTTP
> >> proxy set in their browser (IE6), they cannot access secure
> >> sites (HTT
Gary Price wrote:
>> Hi
>> some of my colleagues are reporting that, if they have a HTTP
>> proxy set in their browser (IE6), they cannot access secure
>> sites (HTTPS).
Michael Lightfoot wrote
>Have they set the "secure" option to the name and listening port of your
>proxy?
Do you mean that if
> The only thing I can see in the squidguard.log is where I've tested
> it locally and db updates so this further confirms my theory that
> squid isn't redirecting to it?
If squidGuard writes entries in squidGuard.log when you are testing
it but doesn't write log entries when it is started by S
Hi,
I have these lines below in my config file :
cache_peer 10.x.x.x parent 8080 0 no-query default
cache_peer_access 10.x.x.x allow LAN
cache_peer_access 10.x.x.x deny all
always_direct deny all
always_direct allow LAN
When I do "squid -k reconfigure" or "squid -k parse",
no complaint from squi
> In my squid.conf I got the following:
>
> auth_param ntlm children 5
>
> is this the value I need to increase
>
Yes.
Long answer:
Ensure that you have enough memory and CPU resources to handle to
whatever you increase the number. Try incrementing it gradually until
you get a good balance.
> -Original Message-
> From: Gary Price (ICT) [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, 4 March 2003 12:39 PM
> To: [EMAIL PROTECTED]
> Subject: [squid-users] SSL and directed HTTP proxy
>
>
> Hi
> some of my colleagues are reporting that, if they have a HTTP
> proxy set in their bro
http://validator.w3.org/check?uri=http%3A%2F%2Fwww.ask-services.com%2Fes
ervice
I didn't spend much time with analysis, but that reveals that there may
be some
characters in the code that may be causing the problem.
Take care,
--
Waitman C. Gobble, II
EMK Design +1.7145222528 http://emkdesign.
http://www.ask-services.com/eservice
In Mozilla on WinME it appears fine. Using IE6 with all the patches it
appears that there are "extra" numbers are letters scattered randomly in
the html. I have tried all the different cache/proxy settings in IE6 and it
does not make a difference. It works
Hello,
We are running squid with auth - it's all working fine! some users, however
are been prompt to validate after been validated at the domain.
I search through the cache.log and tells me the following:
"Warning: All ntlmauthenticator processes are busy
5 pending requests queue
consider incre
One thing you can do for now is to set their browser not to use the proxy.
You can see that in Advanced button on the LAN Settings Button, on the
Connection Tab
-Original Message-
From: Gary Price (ICT) [mailto:[EMAIL PROTECTED]
Sent: Monday, March 03, 2003 5:39 PM
To: [EMAIL PROTECTED]
S
Squid 1 has no cache, only converting proxy request to web request...
Is the MST is taken from the Squid access log?
Supposing we are downloading a file, does Squid writes into access log
when it receives the response header or when it receives the whole file?
Will do a wget to compare the actua
Hi
some of my colleagues are reporting that, if they have a HTTP proxy set in their
browser (IE6), they cannot access secure sites
(HTTPS). I am unable to reproduce this behaviour. As far as I can see there should be
no effect on secure traffic, as it will not be
proxied. Has anyone seen anything
Yes I have configured lynx via /etc/lynx.cfg to go through squid
>o this means that you are actually browsing locally using 127.0.0.1 using
>the command shell, now my question is, have you set it so that it will not
>go directly connect to the internet? meaning connect to port 3128, which
>squid i
hmmm squid and squidguard works great in here... so theres no sense of
buying when you can get FREE products
-Original Message-
From: Alireza Naderi [mailto:[EMAIL PROTECTED]
Sent: Monday, March 03, 2003 1:44 PM
To: [EMAIL PROTECTED]
Subject: [squid-users] Commercial Cache server
Hi Guys
o this means that you are actually browsing locally using 127.0.0.1 using
the command shell, now my question is, have you set it so that it will not
go directly connect to the internet? meaning connect to port 3128, which
squid is listening...
-Original Message-
From: Anthony Giggins [mail
Then your Squid is defenitely sending the requests to the redirector.
Regards
Henrik
On Monday 03 March 2003 23.48, Anthony Giggins wrote:
> ># FD # Requests Flags Time Offset
> > Request 1 7128 AB0.000 1
> > cache_object://localhost/redirector 12
> -Original Message-
> From: Anthony Giggins
> Sent: 4 March 2003 9:48
> To: '[EMAIL PROTECTED]'
> Subject:
>
> here are the redirector statistics
>
> Redirector Statistics:
> number running: 15 of 15
> requests sent: 17865
> replies received: 17864
> queue length: 0
Hmm.. the store.log entry you posted conflicts with your findings..
20% of (1046563848 - 993686750 seconds) says that the object should be
considered fresh for 122 days if it was not for the upper limit of 1
week..
Also, as you are not using override-lastmod the min value is not even
used on t
On Monday 03 March 2003 23.17, Anthony Giggins wrote:
> The only thing I can see in the squidguard.log is where I've tested
> it locally and db updates so this further confirms my theory that
> squid isn't redirecting to it?
What does cachemgr say about the usage of the redirector?
cachemgr do in
The only thing I can see in the squidguard.log is where I've tested it locally and db
updates
so this further confirms my theory that squid isn't redirecting to it?
>try checking the squidguard.log, im sure you have some problems with your
>config file (squidguard) thats why its going into emerge
On Monday 03 March 2003 22.43, Alireza Naderi wrote:
> I know that this mailing list is just for squid, but i
> have a question
> about cache servers.
> Do any one work with one of them?
I am partial as we build commercial Squid based cache servers with
filtering subscription options.. B-)
> Do
On Monday 03 March 2003 18.57, Jeff Donovan wrote:
> greetings
>
> how many re-directors can squid handle? I have specified 32
> processes for squidguard. for somee reason i thought 32 was the
> Max. is this true?
No. There is no practical limit.
> i have a very busy machine, and i keep getting W
Hi Guys
I know that this mailing list is just for squid, but i
have a question
about cache servers.
Do any one work with one of them?
Do you think which of them is better and have more
ability and performance?
How about filtering with them?
Is it necessary to install others product such as
smartfi
On Monday 03 March 2003 20.03, Scott Wrosch wrote:
> > This does not mean that you cannot use Microsoft Integrated Login
> > to the proxy and plain Basic authentication to the web server.
>
> Oh? Please, do tell. I'm assuming it's done via an ACL, but I was
> looking through the squid.conf, and
On Monday 03 March 2003 18.29, Ard van Breemen wrote:
> > To allow refreshes via siblings you must also change Squid to not
> > use "only-if-cached" when requesting the object from the sibling,
> > or else the request will be rejected by the sibling.
>
> But doesn't the sibbling only answer UDP_HIT
On Monday 03 March 2003 18.29, Ard van Breemen wrote:
> > To allow refreshes via siblings you must also change Squid to not
> > use "only-if-cached" when requesting the object from the sibling,
> > or else the request will be rejected by the sibling.
>
> But doesn't the sibbling only answer UDP_HI
Hi Henrik,
> You cannot use Microsoft Integrated Login to web servers via Squid (or
> mostly any other Proxy).
Somehow, I figured as much. And it's not just limited to Squid, which
is nice. Makes my argument even more sound for changing anything (it's
never _their_ configuration that's wrong,
As Henrik said, the ufs on tmpfs method will give you a directory tree
you can push out on shutdown and pull from on bootup. (This would be
outside of squid, but just a 'cp -a' in your start/stop script will
suffice.)
If you don't mind clearing your cache on restart, null fs will be
faster, s
greetings
how many re-directors can squid handle? I have specified 32 processes
for squidguard. for somee reason i thought 32 was the Max. is this true?
i have a very busy machine, and i keep getting WARNING: 32 pending
requests queued
consider increasing the number of processes in you config f
On Mon, Mar 03, 2003 at 05:31:42PM +0100, Henrik Nordstrom wrote:
> m?n 2003-03-03 klockan 15.57 skrev Ard van Breemen:
> > Hi,
> > I am busy optimizing an accelerator farm using 2.4.4.
> > It currently contains the following *easy* patches:
> > - remove updates into client_db, this makes sure that
Yeah, is a huge ip-block and no, am not completely sure. That's what I
found on a Microsoft site though. Haven't had any complaints from any users
though and MSN is blocked. Mime-types works, too and probably is easier to
stick in.
-Original Message-
From: G Welter [mailto:[EMAIL PRO
mån 2003-03-03 klockan 16.34 skrev Sheahan, John (PCLN-NW):
> If I am calculating this correctly, since each squid server keeps track of
> it's incoming connections from the end users on a port basis, the maximum
> amount of concurrent connections for each squid server would be limited to
> the am
mån 2003-03-03 klockan 15.57 skrev Ard van Breemen:
> Hi,
> I am busy optimizing an accelerator farm using 2.4.4.
> It currently contains the following *easy* patches:
> - remove updates into client_db, this makes sure that when you
> have a major site, your accelerator won't run out of memory.
>
You cannot use Microsoft Integrated Login to web servers via Squid (or
mostly any other Proxy).
This does not mean that you cannot use Microsoft Integrated Login to the
proxy and plain Basic authentication to the web server.
See http://www.squid-cache.org/Versions/v2/2.5/bugs/ for an option to
ma
mån 2003-03-03 klockan 14.53 skrev Sander Winkel:
> I have a few problems with ftp through the proxy.
>
> The first one is that the internal ftp icons of squid doesn't load, I see
> only red crosses.
> The rights are set wel and the icon directive is right in squid.conf
Then your browser does no
Wow, your MSN acl's are too broad.You are blocking entire ip-blocks. Are you sure all
65000 ip's are used bij MSN messenger?
I don't know about Yahoo, but you can block MSN messenger on mime type:
acl msn_messenger req_mime_type -i "illegal-mime-types.txt"
http_access deny msn_messenger
and ill
Works here..
Are you sure you built your Squid with SNMP enabled? What does the
following report?
squid -v
squid -k parse
Regards
Henrik
mån 2003-03-03 klockan 16.44 skrev Gokhan ERYOL:
> in squid.conf:
> acl localhost src 127.0.0.1/255.255.255.255
> acl snmppublic snmp_community public
>
mån 2003-03-03 klockan 15.09 skrev Joe Maimon:
> I have a hard time seeing that scaling well. I have seen some efforts to
> this end, but we are talking about parsing out a SquidGuard config from
> an sql db - ( not a simplistic task I would think ) - aside from Berkely
> DB updates. Each time
This will fix your issues. Will block IM but not yahoo mail or hotmail.
squid.conf
acl AOL-YAHOO-MESSENGER dstdomain login.oscar.aol.com
acl AOL-YAHOO-MESSENGER dstdomain pager.yahoo.com
acl AOL-YAHOO-MESSENGER dstdomain shttp.msg.yahoo.com
acl AOL-YAHOO-MESSENGER dstdomain update.messenger.yahoo
I want to give ftp access to some users.
I have tried to do this with:
acl ftp_ports port 20 21
acl FTPUSERS ident "/usr/local/squid/etc/ftpusers"
http_access deny ftp_ports ! FTPUSERS
Poorly this doesn't work, it seems that I can only specifiy IP's who may
access the ftp ports.
When browsing the
If I am calculating this correctly, since each squid server keeps track of
it's incoming connections from the end users on a port basis, the maximum
amount of concurrent connections for each squid server would be limited to
the amount of available TCP ports. I am calculating this as 64535-1024 =
63
Hi,
I am busy optimizing an accelerator farm using 2.4.4.
It currently contains the following *easy* patches:
- remove updates into client_db, this makes sure that when you
have a major site, your accelerator won't run out of memory.
This means commenting out the few calls to clientdbUpdate
- A
Grrr.. I love sending an email when I don't mean to. I looked a little
further into this after having written the email. Didn't mean to send
it, but I did anyways. Whoops.
Anyways, according to what I've found, it's because I'm using NTLM
through a proxy server.
I have found a solution to tak
Henrik Nordstrom wrote:
mån 2003-03-03 klockan 13.41 skrev Joe Maimon:
My company is looking to extend the Squid redirector, SquidGuard to work
realtime out of a SQL database. We are looking to target the GNU/Linux
environment and the MySql database server.
Hmm.. I would be a little wo
Good morning!
So I've got everything up and running the way I want it to. Of course,
a few more monkey wrenches get tossed in the machine, but that's not a
problem that I can't handle (I just have to get the ambition to actually
take care of it).
But, an issue has arisen. We have an "internal"
I have a few problems with ftp through the proxy.
The first one is that the internal ftp icons of squid doesn't load, I see
only red crosses.
The rights are set wel and the icon directive is right in squid.conf
The second is that ftp is very slow, even if I use a fast FTP server.
The third is th
mån 2003-03-03 klockan 13.41 skrev Joe Maimon:
> My company is looking to extend the Squid redirector, SquidGuard to work
> realtime out of a SQL database. We are looking to target the GNU/Linux
> environment and the MySql database server.
Hmm.. I would be a little worried about the latency of u
mån 2003-03-03 klockan 11.55 skrev Luman:
> Is there a pinger version checking response of host using HTTP protocol
> instead of ICMP?
squidclient has this capability..
squidclient -g 5 http://www.example.com/
will request http://www.example.com/ 5 times and report the latency of
each request.
Using SQL database would be a big hit in straightforward performance but
would be a huge win for the flexibility of rolling it out to many
different customers with different needs. Something a Value-Adding ISP
would want to use.
As for performance, there is always decision caching, defered logg
Joe Maimon wrote:
>
> All,
>
> My company is looking to extend the Squid redirector, SquidGuard to work
> realtime out of a SQL database. We are looking to target the GNU/Linux
> environment and the MySql database server.
>
> We are doing this for enterprise scalability reasons. This means tha
All,
My company is looking to extend the Squid redirector, SquidGuard to work
realtime out of a SQL database. We are looking to target the GNU/Linux
environment and the MySql database server.
We are doing this for enterprise scalability reasons. This means that
all flat-file configuration that
Is there a pinger version checking response of host using HTTP protocol
instead of ICMP?
One of my possible way leads by other w3cache server, which isn't SQUID
and doesn't support of ICP and that stuff. So the only why to check if
this way is better is to make random GET request for unexisting pag
On Tuesday 04 March 2003 01.47, SSCR Internet Admin wrote:
> In addition to his question, brian.. Is it possible before a system
> shutdown squid will save all cache objects from RAM to disks? And
> load all cache object from object to RAM? coz you have /dev/null as
> the cache directory...
Only i
Probably because Squid-1 is seeing more cache hits, making its median
response time quicker.
You should probably be looking at the individual HIT/MISS/NEAR_HIT/...
response times if you want to compare the two caches as their request
load is quite different.
Regards
Henrik
On Monday 03 March
On Tuesday 04 March 2003 01.09, SSCR Internet Admin wrote:
> Oh i get it.. thanks, but what Connection information for squid?>
A collection of various connection related information-
> is this also a part of client_db setting?
the "Number of clients accessing cache" is. The other not.
Regards
H
Your problem can be solved by a little of coding in either
a) Squid, to strip out well known domains from NTLM authentication.
b) In SquidGuard, to do the same..
c) In a glue between Squid and SquidGuard, to do the same..
Regards
Henrik
On Monday 03 March 2003 04.56, Prasanta kumar Panda wrote
On Monday 03 March 2003 01.57, Simon Bryan wrote:
> Problem 1: How do I give them unfettered access to the local
> network and only restrict access the the internet?
By using delay_access and "denying" delay of requests of local
resources.
> Problem 2: The file of usernames is automatically gen
On Monday 03 March 2003 17.54, SSCR Internet Admin wrote:
> This is the result from which cache manager reports on General
> Runtime Information
>
> Squid Object Cache: Version 2.5.STABLE1
>
> Start Time: Sun, 02 Mar 2003 03:36:04 GMT
> Current Time: Mon, 03 Mar 2003 01:01:15 GMT
>
> Connection inf
On Monday 03 March 2003 00.19, Amy Anderson wrote:
> I am not sure why these images are trying to load, I do see them in
> the errors of the squid dir, but not sure why they are trying to
> load. is there anyway i can stop them from trying to load?
Squid always loads the icons on startup, as per i
In addition to his question, brian.. Is it possible before a system shutdown
squid will save all cache objects from RAM to disks? And load all cache
object from object to RAM? coz you have /dev/null as the cache directory...
-Original Message-
From: Brian [mailto:[EMAIL PROTECTED]
Sent: Su
SSCR Internet Admin wrote:
>
> Its doin great, its working now... now i can see clearly how my cache is
> doing... from where i restart squid, the result is not good... too much
> TCP_MISSes.. maybe i should wait for awhile...
Ok, that's probably advisable
M.
>
> -Original Message-
SSCR Internet Admin wrote:
>
> I already set it to 'on'.. it was 'off' awhile ago... thanks...
>
>
Ok, then the client stats should be included in cachemgr.
If not, don't forget 'squid -k reconfigure' after making
changes to squid.conf.
If not solved : which squid version ?
I already set it to 'on'.. it was 'off' awhile ago... thanks...
-Original Message-
From: Marc Elsen [mailto:[EMAIL PROTECTED]
Sent: Monday, March 03, 2003 12:03 AM
To: SSCR Internet Admin
Cc: squid-mailing list
Subject: Re: [squid-users] inquiry
SSCR Internet Admin wrote:
>
> Oh i get
SSCR Internet Admin wrote:
>
> Oh i get it.. thanks, but what Connection information for squid? is this
> also a part of client_db setting?
I only mean, that 'client_db' setting should not be off.
Pls verify.
> BTW, i forgot, that im on the other side of the world (philippines) , its
> 4:00p
Oh i get it.. thanks, but what Connection information for squid? is this
also a part of client_db setting?
BTW, i forgot, that im on the other side of the world (philippines) , its
4:00pm here and you guys are still sleeping.. hehe
Connection information for squid:
Number of clients acces
Hi All,
I have been using the CacheMgr - Median Service Times (MST) as a
measurement for the Squid response time.
Recently, I was given the following setup:
- -
| Squid 1 | --> Transparent hijack --> | Squid 2 |
-
On Saturday 01 March 2003 05:55 pm, Allan wrote:
> Hello,
>
> we are currently using a single server (squid 2.4-STABLE7, Linux
> RedHat 7.3, 1.4 GHz Pentium III, 2 Gb Ram, 4096 FileDescriptors) as
> reverse-proxy for a small site (approx 2,5K objects, about 150 Mb).
To extract the most out of this
71 matches
Mail list logo
