[squid-users] SQUID source code

Hi All, in SQUID 2.5 source code the clientSendMoreData() function is fundamental for HTTP data transfer to the client. What is the analogous function In HTTPS case? (It's the same?) Regards, Massimiliano

Re: [squid-users] Authentification against DominoNotes LDAP

Thanks, it didn't install correctly, but now I found it in the sourcedirectory. Nevertheless I did not get it working. I have a group called "Internetuser NU" and a basedn "o=cag" I have tried squid_ldap_group -b "o=cag" -f "Internetuser NU" -F uid=%s 172.25.0.19 When trieing directly on the she

[squid-users] Webshield e500 by transparent bridge mode

Hi, (B (BSince I want to introduce Webshield e500 by transparent bridge mode, I am looking for (Binformation variously. (BHowever, the problem is checked. (B (BClientPC-squid$B!J(Jno transparent$B!"(Jsquid 2.4stable1$B!K(J-e500(transparent (Bbridge,V.2.6)-Internet (BIn the above-men

RE: [squid-users] redirect to a web page once per day using squid?

> > I would like to have a news web page displayed to users who > pass thru my > squid proxy. I only want the page to be displayed once per > day per client > (IP) if it's possible. I believe I can work out the logic of who's > visited the page using php scripting and the user's IP. But, > I

Re: [squid-users] External acl syntax for multiple FORMAT specifications

The formats specifications are space separated. Regards Henrik "Davies, Glen" wrote: > > Hi > Can't seem to find anything on this in documentation or archives, > apologies if I couldn't see it for looking. What is the correct syntax > for specifying multiple FORMAT option for an external_acl_ty

Re: [squid-users] Squid_ldap_group

Craig Home wrote: > > Hi, > > I have been trying to use squid_ldap_match with Active directory with not > much success, I have built everything but just can't see to get the > parameters correct. > > I am also unsure whether I just have to use the match, or also do an > ldap_auth on the user bef

[squid-users] External acl syntax for multiple FORMAT specifications

Hi Can't seem to find anything on this in documentation or archives, apologies if I couldn't see it for looking. What is the correct syntax for specifying multiple FORMAT option for an external_acl_type. I want to pass %SRC and %LOGIN to the helper app I am writing, and all the examples I could fin

[squid-users] Squid_ldap_group

Hi, I have been trying to use squid_ldap_match with Active directory with not much success, I have built everything but just can't see to get the parameters correct. I am also unsure whether I just have to use the match, or also do an ldap_auth on the user beforehand - if you can clarify whether

Re: [squid-users] cache.log showing this...

If the amount of cache.log data logged by this message becomes a problem you can always modify the source.. find the message (by the initial text) and then modify the second number (1) in the debug(X,Y) to be errno == ECONNRESET ? 2 : 1 Regards Henrik Hector Miranda wrote: > No Henri, actuall

[squid-users] re-directing an ip range

In regards to my problem, would it be crazy to schedule a crontab job to run squid -k reconfigure every half hour. what would the implications of doing so be? - Forwarded by George Dominguez/MMBS on 02/04/2003 08:43 AM -

RE: [squid-users] cache.log showing this...

Henrik Nordstrom wrote: > If you are not having any complaints which may be related to this I see > no reason to worry. No Henri, actually I don't have any compliant as long as my navigation ability stays unaffected... my thought is that this could become a problem since that under heavy traffic

Re: [squid-users] How can I get the duration time for sibling ICP queries?

See cachemgr provided statistics for the peer. Regards Henrik Ming Zu wrote: > > Hi, > > How can I get the duration time(RTT) for ICP queries > between two sibling caches??? > > Thanks!! This is emergency! > > Regards, > > Ming > > __ > Do you

Re: [squid-users] running out of file descriptors

Mike Rambo wrote: > > We're running squid-2.4.STABLE7-2mdk on Mandrake Linux release 9.0 > (dolphin) for i586. It's been running ok for a few weeks. I noticed this > morning numerous "WARNING! Your cache is running out of filedescriptors" > errors in cache.log. In most cases this is actually a si

Re: [squid-users] Authentification against DominoNotes LDAP

There is a man page shipped with the helper.. Regards Henrik [EMAIL PROTECTED] wrote: > > OK, I now have the group helper installed and the "normal" SQUID_LDAP_AUTH > working with domino. > > Where can I find a detailed(!) description for the squid_ldap_group? The -? > doesn't help me enough t

AW: [squid-users] Accelerated Proxy and Authentification

Not if using Basic HTTP authentication for both. Regards Henrik Klaaßen, Holger wrote: > > Is there no way to make the first authentication independent from the > second? What I want is that a user must authenticat against the squid before > he can have access on the OWA. > > regards Holger.

[squid-users] How can I get the duration time for sibling ICP queries?

Hi, How can I get the duration time(RTT) for ICP queries between two sibling caches??? Thanks!! This is emergency! Regards, Ming __ Do you Yahoo!? Yahoo! Tax Center - File online, calculators, forms, and more http://platinum.yahoo.com

[squid-users] WCCPv2 + Linux + Squid + Sun Sparc hardware

Hi, I have an Intel machine running Mandrake with ip_wccp kernel patch + Squid with WCCPv2 patch. I managed to use this one with a Cisco router and it's smoothly running.. (I'm writing this to mention that I have a working copy of WCCPv2 squid with a cisco router). Now, I'm trying to do this on a

Re: [squid-users] Logs and Aol.

acl aol dst 64.12.163.198 http_access allow aol dont make aol go through authentication you probably find your users aren't auth'ing with aol... I assume they have multiple ips though so... - Original Message - From: "Ampugnani, Fernando" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent

[squid-users] 2nd recv delay on GET

With the default squid config with Basic auth enabled, I am experiencing the following: In my app which sends HTTP requests, a loop processes recv()'s until a 0 or error return. With direct connect and via a socks proxy (dante), this works fine, but with squid, the 2nd recv (rather, all recvs afte

[squid-users] Logs and Aol.

Hi all, Anybody know why aol makes many entry in acces.log like this... 1049223695.538 1 207.169.88.210 TCP_DENIED/407 1725 GET http://64.12.163.198:20480/monitor? - NONE/- text/html 1049223696.894 1 207.169.88.210 TCP_DENIED/407 1725 GET http://64.12.163.198:20480/monitor? - NON

Re: [squid-users] Ldap and Active directory

Hi, try this : squid_ldap_auth -b ou=AllUsers,dc=mansfield13104,dc=lancsngfl,dc=ac,dc=uk -u cn pluto:389 Make sure that "Pluto" can be resolved by Squid. Regards, Cécile. Quoting kevin stuttard <[EMAIL PROTECTED]>: > Hi. I have been muddling my way through

[squid-users] Ldap and Active directory

Hi. I have been muddling my way through setting up squid_ldap_auth for about a week now and I just seem to be going around in circles with this one. I set up Squid2.5 stable 1 and I have it up and running a treat. No problems etc. I installed the squid_ldap_auth by running make install as suggested

[squid-users] ftp

it is going through port 22, if squid can't log it, is there another way to log them On Tue, 2003-04-01 at 12:29, Dave Raven wrote: > if people are pointing to squid. > not transparently. > > Then it will log all requests as it does with http. > > --Dave > > - Original Message - > Fr

Re: [squid-users] squid training

the slides and presentations from my squid workshops at the 2000 2001 and 2002 afnog workshops are at: http://ws.afnog.org/ in the scaleable internet services track. depending on what you want to knwo that may be useful... joelja On Tue, 1 Apr 2003 [EMAIL PROTECTED] wrote: > Hello, > > I am

[squid-users] redirect to a web page once per day using squid?

Hi! I would like to have a news web page displayed to users who pass thru my squid proxy. I only want the page to be displayed once per day per client (IP) if it's possible. I believe I can work out the logic of who's visited the page using php scripting and the user's IP. But, I'm not sure how

Re: [squid-users] Ftp help

if people are pointing to squid. not transparently. Then it will log all requests as it does with http. --Dave - Original Message - From: "darlene" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, April 01, 2003 6:29 PM Subject: [squid-users] Ftp help : : Is it possible to

[squid-users] Ftp help

Is it possible to log all incoming and outgoing files for ftp through squid? Thanks

Re: [squid-users] Authenticate with Squid transparent mode ?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Luiz Gustavo Sarubi Macchi escreveu: | Hi all | | Is it possible to have a transparency proxy and deny some users for | access ? | | thanks a lot | | Hi Luiz ~ If you are talking about proxy auth, it doesn't works with ~ interception. See FAQ. ~ But you

[squid-users] squid training

Hello, I am looking for squid training sessions (standard and advanced configuration, reflexion on architecture,...). Do you know if such training exist (France or Europe) ? Thanks by advance, Lionel

Re: [squid-users] Squid

check cache.log tail cache.log and mail if you can figure it out from there.. --Dave - Original Message - From: "Kevin Hoffer" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, April 01, 2003 5:31 PM Subject: [squid-users] Squid : Squid will not stay running. I start it up wi

[squid-users] Problem trying FTP site.

Hi all, When I want try an ftp site, squid ask for a password many times. Why happen this? I´m using Squid-2.5-STABLE2. Here is the access log. 1049210347.763 1 207.169.88.182 TCP_MEM_HIT/200 2111 GET ftp://debian.org/ xzsl81 NONE/- text/html 1049210360.016 7 207.169.88.182 TCP_

[squid-users] Squid

Squid will not stay running. I start it up with /usr/local/squid/sbin/squid -sY -f /usr/local/squid/etc/squid.conf but it won't stay running. I copied the default.squid.conf to squid.conf so I am using the default config file. Any Ideas? If you get more then one of these messages I am sorry. I ha

Re: [squid-users] Authenticate with Squid transparent mode ?

Luiz Gustavo Sarubi Macchi wrote: > > Hi all > > Is it possible to have a transparency proxy and deny some users for > access ? http://www.squid-cache.org/Doc/FAQ/FAQ-17.html#ss17.15 M. > > thanks a lot > > -- > Atenciosamente, > > Luiz Gustavo Sarubi Macchi -- 'Love is truth withou

[squid-users] Authenticate with Squid transparent mode ?

Hi all Is it possible to have a transparency proxy and deny some users for access ? thanks a lot -- Atenciosamente, Luiz Gustavo Sarubi Macchi

Re: [squid-users] IE Problem with Proxy Auth

Renato Ghirotti wrote: > > Hi, > I have setup Squid (Squid Cache: Version 2.4.STABLE7 (RH7.3)) to > perform proxy caching with authentication (to LDAP, but I don't think > that relevent). > > When I attempt to browse, Squid enters a line in the access.log > file like this >

Re: [squid-users] Authentification against DominoNotes LDAP

OK, I now have the group helper installed and the "normal" SQUID_LDAP_AUTH working with domino. Where can I find a detailed(!) description for the squid_ldap_group? The -? doesn't help me enough to get it running. Any examples with descriptions? Thanks again Stefan

[squid-users] IE Problem with Proxy Auth

Hi, I have setup Squid (Squid Cache: Version 2.4.STABLE7 (RH7.3)) to perform proxy caching with authentication (to LDAP, but I don't think that relevent). When I attempt to browse, Squid enters a line in the access.log file like this 103611.711 2 203.8.6.5 TCP_DENIED/4

Re: AW: [squid-users] Accelerated Proxy and Authentification

Makes sense I think.. It seems you are trying to access an application requiring Basic HTTP authorization behind a proxy requiring Basic HTTP authorization.. the entered login is accepted by the proxy, but then rejected by the backend web server as the login probably does not match.. There is on

[squid-users] NTLM auth works with groups! (was Re: [squid-users] NTLM questions (sorry))

On Tue, Apr 01, 2003 at 12:17:40PM +0100, Gavin Hamill wrote: > > This sounds like either a source-hacking job, or a little shim bash script > with 'tr' to translate the backtick into a double-quote to pass on to the > real wb_group It turned out to be a very simple source tweak.. I just changed

[squid-users] Need HelP...!!!!!

Members, Can anybody tell me that my client can use OUTLOOK EXPRESS. if i m running squid on server? Thanks & B-regards Furqan Abbas _ Tired of spam? Get advanced junk mail protection with MSN 8. http://join.msn.com/?page=feat

Re: [squid-users] iptables for Sun

IP-Filter is a free packet filtering package which works on many platforms including Solaris. I have no experience of running either IP-Filter on SunScreen on Solaris, but the IP-Filter instructions found in the Squid FAQ should work. No FAQ entry exists for SunScreen. Regards Henrik tis 2003-

Re: [squid-users] Re: Re[2]: Squid 2.5 patch

Your right again :-) Thanks. Tuesday, April 1, 2003, 10:02:40 AM, you wrote: HN> what you want is HN> http_access deny max_ip HN> Regards HN> Henrik HN> tis 2003-04-01 klockan 13.50 skrev Pedro Lineu Orso: >> Hello Henrik, >> >> I try deny_info and max_user_ip with no success. >> >> deny_

Re: [squid-users] Squid Proxy and SSL

It is not much to do besides compiling Squid with --enable-ssl, and then configure the https_port directive. For documentation on how to configure the https_port directive see squid.conf.default. Note: Squid expects a SSL certificate and key in PEM format. If the key is encrypted then Squid must

Re: [squid-users] Any news on :acl identname2 ident usernamecase-insensitive

To my knowledge nobody has picked up the torch and it still remains as an idea for a future Squid improvement. As in my previous reply: Anyone willing at taking a stab at this are welcome, and it will get committed. Regards Henrik tis 2003-04-01 klockan 14.04 skrev wilco heinneman: > Hi G

Re: [squid-users] iptables for Sun

Hi Henrik! Thanks for your answer. We have SunScreen (but not installed yet). I don't know what IP-Filter is. Is this a smaller package than SunScreen? Do you recommend it? Where can I get more information about it? Thanks again, --Claudio From: Henrik Nordstrom <[EMAIL PROTECTED]> To: Claudio

Re: [squid-users] connection reset by peer. Read error 104

Can you please describe your problem in more detail? - Is a error message show to the user, or is the error logged in cache.log? - How are you running Squid? o) Normal proxy o) Transparent proxy o) Reverse proxy infront of your (or your customers) webservers - What is said in access.log

[squid-users] Re: Re[2]: Squid 2.5 patch

what you want is http_access deny max_ip Regards Henrik tis 2003-04-01 klockan 13.50 skrev Pedro Lineu Orso: > Hello Henrik, > > I try deny_info and max_user_ip with no success. > > deny_info ERR_USER_ALREADY_IN_USE max_ip > acl max_ip max_user_ip -s 1 > http_access allow all max_ip > http_ac

[squid-users] Any news on :acl identname2 ident username case-insensitive

Hi Guys, I am using Ident3d (30/6/2000) on some windows machines and Squid 2.4 stable7 on a linux server. Depending on the way a user types his username, this corresponding string will be given to squid. How can I make this lookup case insentive? I thought off: acl identname2 ident -i wilcoh w

[squid-users] Squid Proxy and SSL

Good Afternoon, I am wanting to setup squid using SSL and was wondering if anyone can point me in the direction of some good documentation so I can get started. Many Thanks Simon NOTICE: All email sent to or from this address will be received by the Bottomline Technologies Europe Corporate Ema

[squid-users] wccp patch for kernel 2.4.19

Dear all can anybody give me the ip_wccp v2 patch for kernel 2.4.19 Regards Sukhjit Singh Network Administrator Emmsons Infotech Ltd. SCO 13-14-15, Sec 34A, Chandigarh-160 022 (Ph): +91 172 606664 Mobile 9815228132 [EMAIL PROTECTED] http://www.emmtel.com - Or

Re: [squid-users] NTLM questions (sorry)

tis 2003-04-01 klockan 12.42 skrev Gavin Hamill: > acl domainadmins external NT_global_group "Domain Admins" You can not specify acl elements with spaces in them like this. What you can do is to place the acl data (Domain Admins) into a separate file, and then include this file by specifying "/p

Re: AW: AW: [squid-users] exchange 2k and 2.5 ssl reverse proxy

tis 2003-04-01 klockan 12.55 skrev mailinglists: > please forgive my ignorance, but... > > > What exactly is it you want me to do? > > > > Have you looked ad teh ssl update patch? > > ..I've searched that patch in google.com and couldn't find it. Do you mean whether I > compiled squid with --en

Re: [squid-users] NTLM questions (sorry)

> > external_acl_type NT_global_group %LOGIN /usr/lib/squid/wb_group > > acl domainadmins external NT_global_group "Domain Admins" > Hi Gavin, > Brian O'Neill submitted a patch in November to allow you to use `Domain > Admins`, because you can't do it with spaces (as you've discovered). > It's do

Re: [squid-users] NTLM questions (sorry)

On Tue, 2003-04-01 at 11:42, Gavin Hamill wrote: > > Gavin, > > I know how you feel I battled with winbind and these problems for ages and > > finally it all worked. Below is the relevant parts of my squid.conf. > > I'm /almost/ there :) winbindd now seems to work fine, and I can > successfully li

AW: AW: [squid-users] exchange 2k and 2.5 ssl reverse proxy

please forgive my ignorance, but... > What exactly is it you want me to do? > > Have you looked ad teh ssl update patch? ..I've searched that patch in google.com and couldn't find it. Do you mean whether I compiled squid with --enable-ssl and with-ssl-include=/usr/include/openssl? yes, I

Re: [squid-users] NTLM questions (sorry)

> Gavin, > I know how you feel I battled with winbind and these problems for ages and > finally it all worked. Below is the relevant parts of my squid.conf. I'm /almost/ there :) winbindd now seems to work fine, and I can successfully limit squid access only to those who authenticate using NTLM...

Re: [squid-users] NTLM questions (sorry)

> Gavin, > I know how you feel I battled with winbind and these problems for ages and > finally it all worked. Below is the relevant parts of my squid.conf. I'm /almost/ there :) winbindd now seems to work fine, and I can successfully limit squid access only to those who authenticate using NTLM...

Re: [squid-users] Again tcp_outgoing_tos

tis 2003-04-01 klockan 11.42 skrev Massimiliano Cuzzoli: > Now the question is: > Are there checking operations other than DNS Lookup that require some > trickly rules? Any operation which may involve a external lookup not immediately known by the Squid configuration files. This is primarily DN

Re: [squid-users] Squid and DNS

No. What you can do is to make the DNS server used by Squid have reliable access to the needed domain information, most easily done by configuring the DNS server as if it was a secondary DNS server for the DNS zone in question, but without having it registered in the zone. Regards Henrik tis 200

Re: AW: [squid-users] exchange 2k and 2.5 ssl reverse proxy

What exactly is it you want me to do? Have you looked ad teh ssl update patch? Have you applied this patch to your Squid? Have you read the updated squid.conf.default documentation for the directives mentioned in my previous reply? Regards Henrik tis 2003-04-01 klockan 11.50 skrev mailinglists

Re: AW: AW: [squid-users] Accelerated Proxy and Authentification

This indicates there is a problem with the configuration of your helper. Regards Henrik tis 2003-04-01 klockan 11.34 skrev Klaaßen, Holger: > 2003/04/01 11:34:54| WARNING: basicauthenticator #1 (FD 15) exited -- Henrik Nordstrom <[EMAIL PROTECTED]> MARA Systems AB, Sweden

AW: [squid-users] exchange 2k and 2.5 ssl reverse proxy

> OWA knows about a custom Front-End-Https header for this purpose. > > The SSL update to Squid-2.5 adds partial support for this > header via the > cache_peer directive and may work for your purposes (combine > cache_peer > to the OWA server and never_direct to have the requests forwarded via

[squid-users] Again tcp_outgoing_tos

Hello Everybody, in SQUID 2.5 the "tcp_outgoing_tos" applied on ACL's type that envolves a DNS lookup operation need a trick of this kind: acl nowhere dst 0.0.0.0/32 http_access deny nowhere (thank you Henrik!!) Now the question is: Are there checking operations other than DNS Lookup that re

Re: [squid-users] squid_ldap_auth and Single Sign-On

Vineet Mehta wrote: > > In my LAN environment we have Windows Domain Controllers and Windows > Active Directory servers which authenticate users when they log in to > the domain. I am trying to setup squid proxy here. > > I want SQUID to allow users access to Internet if they are already > auth

Re: [squid-users] squid_ldap_auth and Single Sign-On

Hi, Use squid with winbindd , samba and NTLM authentication (ntlm_auth) See the samba docs. Regards, Cécile. Quoting Vineet Mehta <[EMAIL PROTECTED]>: > In my LAN environment we have Windows Domain Controllers and Windows > Active Directory servers which authenticate users when they log in

[squid-users] squid_ldap_auth and Single Sign-On

In my LAN environment we have Windows Domain Controllers and Windows Active Directory servers which authenticate users when they log in to the domain. I am trying to setup squid proxy here. I want SQUID to allow users access to Internet if they are already authenticated by the Windows Domain Contr

Re: AW: [squid-users] problems to get access into microsoft 2000 webserver running IIS v.5

No. Regards Henrik Denis Heitbrock wrote: > > hi, > > thxxx for your answer. is there no chance to configure squid in a way that > the site will work? > maybe is there a way to tell squid to dont cache any sites to go directly > there? > > best regards, > denis > > -Ursprüngliche Nachrich

[squid-users] R: [squid-users] Squid and DNS

You must set the following squid parameter : dns_nameservers x.y.w.z -Messaggio originale- Da: Emanuele Lo Giudice [mailto:[EMAIL PROTECTED] Inviato:martedi 1 aprile 2003 10.33 A: [EMAIL PROTECTED] Oggetto:[squid-users] Squid and DNS I need to now if is possibl

Re: [squid-users] web internal servers problem

>Who is sending you the error message? I think the error is sent to you >by your parent. > The error message appears when i browse my internal web broser using IE. anyway It works now. thanks a lot. regards andihari

[squid-users] Squid and DNS

I need to now if is possible to delegate the name resolution of some domain to other name server (not in the resolv.conf file) someting like: all the domain are solved by resolv.conf content *.my.foo.com is dolved by x.y.z.w is this possible? and How? Thanks Emanuele

Re: [squid-users] disable access.log writing issue

atit jariwala wrote: > > Hello SQUID Users, > I found tag cache_access_log .. > giving none value for this case will disable logging.. > and i have tried it but not got success > i am sending -k reconfigre signal to SQUID. operation completes > successfully, > but still loggin of entry in access.l

Re: [squid-users] web internal servers problem

Who is sending you the error message? I think the error is sent to you by your parent. I think you are missing acl local dst 10.0.0.0/8 always_direct allow local Also, having the browsers reconfigured to go direct for internal servers is generally recommended. Regards Henrik Andi Hari Cahyo

Re: [squid-users] Problem with RAM usage with squid

You are still not reading my responses or answering my questions I think. The free ram SHOULD BE NEARLY NOTHING when your server is operating correctly. Any large amounts of free ram IS PURE WASTE OF RESOURCES. The free -/+ buffers/cache figure is what you need to look at, as this is the column w

Re: [squid-users] cache.log showing this...

"Jesus M. Salvo Jr." wrote: > > There's another possible reason for those logs. > > In our case, we have 2 SPARC Solaris that have the same public IP > address ( different internal IP address of course ), and the Cisco load > balancer would do a check by sending TCP_SYN to each of them internal I

Re: [squid-users] Want to disable access.log logging

atit jariwala wrote: > now i also want to disable access.log logging. > reasons for doing it is to see impact on cpu usage of squid. CPU impact of access.log is marginal. > is there any option for doing it or some external script?. See the documentation in squid.conf.default. Regards Henrik

Re: [squid-users] exchange 2k and 2.5 ssl reverse proxy

OWA knows about a custom Front-End-Https header for this purpose. The SSL update to Squid-2.5 adds partial support for this header via the cache_peer directive and may work for your purposes (combine cache_peer to the OWA server and never_direct to have the requests forwarded via cache_peer in an

Re: [squid-users] Accelerated Proxy and Authentification

There is a hidden define for this purpose. Add -DAUTH_ON_ACCELERATION to the DEFS = line in src/Makefile after running configure and then rebuild Squid. Regards Henrik Klaaßen, Holger wrote: > > Hello, > > We are using squid 2.5-2 as reverse Proxy. > I want that users have to authenticate a

Re: [squid-users] Need help about SQUID access.log (How can I get the duration of an ICP query?)

Ming Zu wrote: > > Oh! Thanks so much! > > But how about the duration field for TCP records, are > they stand for local processing time as well and do > not include time duration spent over the network > If so, my project need to change a great deal!!! The duration is the duration as seen by