Hi All,
in SQUID 2.5 source code the clientSendMoreData() function is
fundamental for HTTP data transfer to the client.
What is the analogous function In HTTPS case? (It's the same?)
Regards,
Massimiliano
Thanks, it didn't install correctly, but now I found it in the
sourcedirectory.
Nevertheless I did not get it working.
I have a group called "Internetuser NU" and a basedn "o=cag"
I have tried
squid_ldap_group -b "o=cag" -f "Internetuser NU" -F uid=%s 172.25.0.19
When trieing directly on the she
Hi,
(B
(BSince I want to introduce Webshield e500 by transparent bridge mode, I am looking for
(Binformation variously.
(BHowever, the problem is checked.
(B
(BClientPC-squid$B!J(Jno transparent$B!"(Jsquid 2.4stable1$B!K(J-e500(transparent
(Bbridge,V.2.6)-Internet
(BIn the above-men
>
> I would like to have a news web page displayed to users who
> pass thru my
> squid proxy. I only want the page to be displayed once per
> day per client
> (IP) if it's possible. I believe I can work out the logic of who's
> visited the page using php scripting and the user's IP. But,
> I
The formats specifications are space separated.
Regards
Henrik
"Davies, Glen" wrote:
>
> Hi
> Can't seem to find anything on this in documentation or archives,
> apologies if I couldn't see it for looking. What is the correct syntax
> for specifying multiple FORMAT option for an external_acl_ty
Craig Home wrote:
>
> Hi,
>
> I have been trying to use squid_ldap_match with Active directory with not
> much success, I have built everything but just can't see to get the
> parameters correct.
>
> I am also unsure whether I just have to use the match, or also do an
> ldap_auth on the user bef
Hi
Can't seem to find anything on this in documentation or archives,
apologies if I couldn't see it for looking. What is the correct syntax
for specifying multiple FORMAT option for an external_acl_type. I want
to pass %SRC and %LOGIN to the helper app I am writing, and all the
examples I could fin
Hi,
I have been trying to use squid_ldap_match with Active directory with not
much success, I have built everything but just can't see to get the
parameters correct.
I am also unsure whether I just have to use the match, or also do an
ldap_auth on the user beforehand - if you can clarify whether
If the amount of cache.log data logged by this message becomes a problem
you can always modify the source.. find the message (by the initial
text) and then modify the second number (1) in the debug(X,Y) to be
errno == ECONNRESET ? 2 : 1
Regards
Henrik
Hector Miranda wrote:
> No Henri, actuall
In regards to my problem, would it be crazy to schedule a crontab job to
run squid -k reconfigure every half hour. what would the implications of
doing so be?
- Forwarded by George Dominguez/MMBS on 02/04/2003 08:43 AM -
Henrik Nordstrom wrote:
> If you are not having any complaints which may be related to this I see
> no reason to worry.
No Henri, actually I don't have any compliant as long as my navigation
ability stays unaffected... my thought is that this could become a problem
since that under heavy traffic
See cachemgr provided statistics for the peer.
Regards
Henrik
Ming Zu wrote:
>
> Hi,
>
> How can I get the duration time(RTT) for ICP queries
> between two sibling caches???
>
> Thanks!! This is emergency!
>
> Regards,
>
> Ming
>
> __
> Do you
Mike Rambo wrote:
>
> We're running squid-2.4.STABLE7-2mdk on Mandrake Linux release 9.0
> (dolphin) for i586. It's been running ok for a few weeks. I noticed this
> morning numerous "WARNING! Your cache is running out of filedescriptors"
> errors in cache.log.
In most cases this is actually a si
There is a man page shipped with the helper..
Regards
Henrik
[EMAIL PROTECTED] wrote:
>
> OK, I now have the group helper installed and the "normal" SQUID_LDAP_AUTH
> working with domino.
>
> Where can I find a detailed(!) description for the squid_ldap_group? The -?
> doesn't help me enough t
Not if using Basic HTTP authentication for both.
Regards
Henrik
Klaaßen, Holger wrote:
>
> Is there no way to make the first authentication independent from the
> second? What I want is that a user must authenticat against the squid before
> he can have access on the OWA.
>
> regards Holger.
Hi,
How can I get the duration time(RTT) for ICP queries
between two sibling caches???
Thanks!! This is emergency!
Regards,
Ming
__
Do you Yahoo!?
Yahoo! Tax Center - File online, calculators, forms, and more
http://platinum.yahoo.com
Hi,
I have an Intel machine running Mandrake with ip_wccp kernel patch +
Squid with WCCPv2 patch.
I managed to use this one with a Cisco router and it's smoothly
running.. (I'm writing this to mention that I have a working copy of
WCCPv2 squid with a cisco router).
Now, I'm trying to do this on a
acl aol dst 64.12.163.198
http_access allow aol
dont make aol go through authentication
you probably find your users aren't auth'ing
with aol... I assume they have multiple ips though
so...
- Original Message -
From: "Ampugnani, Fernando" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent
With the default squid config with Basic auth enabled, I am experiencing
the following:
In my app which sends HTTP requests, a loop processes recv()'s until a 0
or error return. With direct connect and via a socks proxy (dante), this
works fine, but with squid, the 2nd recv (rather, all recvs afte
Hi all,
Anybody know why aol makes many entry in acces.log like this...
1049223695.538 1 207.169.88.210 TCP_DENIED/407 1725 GET
http://64.12.163.198:20480/monitor? - NONE/- text/html
1049223696.894 1 207.169.88.210 TCP_DENIED/407 1725 GET
http://64.12.163.198:20480/monitor? - NON
Hi,
try this :
squid_ldap_auth -b ou=AllUsers,dc=mansfield13104,dc=lancsngfl,dc=ac,dc=uk -u cn
pluto:389
Make sure that "Pluto" can be resolved by Squid.
Regards,
Cécile.
Quoting kevin stuttard <[EMAIL PROTECTED]>:
> Hi. I have been muddling my way through
Hi. I have been muddling my way through setting up
squid_ldap_auth for about a week now and I just seem
to be going around in circles with this one. I set up
Squid2.5 stable 1 and I have it up and running a
treat. No problems etc. I installed the
squid_ldap_auth by running make install as suggested
it is going through port 22, if squid can't log it, is there another way
to log them
On Tue, 2003-04-01 at 12:29, Dave Raven wrote:
> if people are pointing to squid.
> not transparently.
>
> Then it will log all requests as it does with http.
>
> --Dave
>
> - Original Message -
> Fr
the slides and presentations from my squid workshops at the 2000 2001 and
2002 afnog workshops are at:
http://ws.afnog.org/
in the scaleable internet services track. depending on what you want to
knwo that may be useful...
joelja
On Tue, 1 Apr 2003 [EMAIL PROTECTED] wrote:
> Hello,
>
> I am
Hi!
I would like to have a news web page displayed to users who pass thru my
squid proxy. I only want the page to be displayed once per day per client
(IP) if it's possible. I believe I can work out the logic of who's
visited the page using php scripting and the user's IP. But, I'm not sure
how
if people are pointing to squid.
not transparently.
Then it will log all requests as it does with http.
--Dave
- Original Message -
From: "darlene" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, April 01, 2003 6:29 PM
Subject: [squid-users] Ftp help
:
: Is it possible to
Is it possible to log all incoming and outgoing files for ftp through
squid?
Thanks
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Luiz Gustavo Sarubi Macchi escreveu:
| Hi all
|
| Is it possible to have a transparency proxy and deny some users for
| access ?
|
| thanks a lot
|
|
Hi Luiz
~ If you are talking about proxy auth, it doesn't works with
~ interception. See FAQ.
~ But you
Hello,
I am looking for squid training sessions (standard and advanced configuration,
reflexion on architecture,...).
Do you know if such training exist (France or Europe) ?
Thanks by advance,
Lionel
check cache.log
tail cache.log and mail if you can figure it out from there..
--Dave
- Original Message -
From: "Kevin Hoffer" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, April 01, 2003 5:31 PM
Subject: [squid-users] Squid
: Squid will not stay running. I start it up wi
Hi all,
When I want try an ftp site, squid ask for a password many times.
Why happen this?
I´m using Squid-2.5-STABLE2.
Here is the access log.
1049210347.763 1 207.169.88.182 TCP_MEM_HIT/200 2111 GET
ftp://debian.org/ xzsl81 NONE/- text/html
1049210360.016 7 207.169.88.182 TCP_
Squid will not stay running. I start it up with
/usr/local/squid/sbin/squid -sY -f /usr/local/squid/etc/squid.conf but it
won't stay running. I copied the default.squid.conf to squid.conf so I am
using the default config file.
Any Ideas?
If you get more then one of these messages I am sorry. I ha
Luiz Gustavo Sarubi Macchi wrote:
>
> Hi all
>
> Is it possible to have a transparency proxy and deny some users for
> access ?
http://www.squid-cache.org/Doc/FAQ/FAQ-17.html#ss17.15
M.
>
> thanks a lot
>
> --
> Atenciosamente,
>
> Luiz Gustavo Sarubi Macchi
--
'Love is truth withou
Hi all
Is it possible to have a transparency proxy and deny some users for
access ?
thanks a lot
--
Atenciosamente,
Luiz Gustavo Sarubi Macchi
Renato Ghirotti wrote:
>
> Hi,
> I have setup Squid (Squid Cache: Version 2.4.STABLE7 (RH7.3)) to
> perform proxy caching with authentication (to LDAP, but I don't think
> that relevent).
>
> When I attempt to browse, Squid enters a line in the access.log
> file like this
>
OK, I now have the group helper installed and the "normal" SQUID_LDAP_AUTH
working with domino.
Where can I find a detailed(!) description for the squid_ldap_group? The -?
doesn't help me enough to get it running. Any examples with descriptions?
Thanks again
Stefan
Hi,
I have setup Squid (Squid Cache: Version 2.4.STABLE7 (RH7.3)) to
perform proxy caching with authentication (to LDAP, but I don't think
that relevent).
When I attempt to browse, Squid enters a line in the access.log
file like this
103611.711 2 203.8.6.5 TCP_DENIED/4
Makes sense I think..
It seems you are trying to access an application requiring Basic HTTP
authorization behind a proxy requiring Basic HTTP authorization.. the
entered login is accepted by the proxy, but then rejected by the backend
web server as the login probably does not match..
There is on
On Tue, Apr 01, 2003 at 12:17:40PM +0100, Gavin Hamill wrote:
>
> This sounds like either a source-hacking job, or a little shim bash script
> with 'tr' to translate the backtick into a double-quote to pass on to the
> real wb_group
It turned out to be a very simple source tweak..
I just changed
Members,
Can anybody tell me that my client can use OUTLOOK EXPRESS. if i m running
squid on server?
Thanks & B-regards
Furqan Abbas
_
Tired of spam? Get advanced junk mail protection with MSN 8.
http://join.msn.com/?page=feat
IP-Filter is a free packet filtering package which works on many
platforms including Solaris.
I have no experience of running either IP-Filter on SunScreen on
Solaris, but the IP-Filter instructions found in the Squid FAQ should
work.
No FAQ entry exists for SunScreen.
Regards
Henrik
tis 2003-
Your right again :-)
Thanks.
Tuesday, April 1, 2003, 10:02:40 AM, you wrote:
HN> what you want is
HN> http_access deny max_ip
HN> Regards
HN> Henrik
HN> tis 2003-04-01 klockan 13.50 skrev Pedro Lineu Orso:
>> Hello Henrik,
>>
>> I try deny_info and max_user_ip with no success.
>>
>> deny_
It is not much to do besides compiling Squid with --enable-ssl, and then
configure the https_port directive.
For documentation on how to configure the https_port directive see
squid.conf.default.
Note: Squid expects a SSL certificate and key in PEM format. If the key
is encrypted then Squid must
To my knowledge nobody has picked up the torch and it still remains as
an idea for a future Squid improvement.
As in my previous reply:
Anyone willing at taking a stab at this are welcome, and it
will get committed.
Regards
Henrik
tis 2003-04-01 klockan 14.04 skrev wilco heinneman:
> Hi G
Hi Henrik!
Thanks for your answer.
We have SunScreen (but not installed yet). I don't know what IP-Filter is.
Is this a smaller package than SunScreen? Do you recommend it?
Where can I get more information about it?
Thanks again,
--Claudio
From: Henrik Nordstrom <[EMAIL PROTECTED]>
To: Claudio
Can you please describe your problem in more detail?
- Is a error message show to the user, or is the error logged in
cache.log?
- How are you running Squid?
o) Normal proxy
o) Transparent proxy
o) Reverse proxy infront of your (or your customers) webservers
- What is said in access.log
what you want is
http_access deny max_ip
Regards
Henrik
tis 2003-04-01 klockan 13.50 skrev Pedro Lineu Orso:
> Hello Henrik,
>
> I try deny_info and max_user_ip with no success.
>
> deny_info ERR_USER_ALREADY_IN_USE max_ip
> acl max_ip max_user_ip -s 1
> http_access allow all max_ip
> http_ac
Hi Guys,
I am using Ident3d (30/6/2000) on some windows machines and Squid 2.4
stable7 on a linux server.
Depending on the way a user types his username, this corresponding
string will be given to squid.
How can I make this lookup case insentive?
I thought off:
acl identname2 ident -i wilcoh w
Good Afternoon,
I am wanting to setup squid using SSL and was wondering if anyone can
point me in the direction of some good documentation so I can get
started.
Many Thanks
Simon
NOTICE: All email sent to or from this address will be received by the
Bottomline Technologies Europe Corporate Ema
Dear all
can anybody give me the ip_wccp v2 patch for kernel 2.4.19
Regards
Sukhjit Singh
Network Administrator
Emmsons Infotech Ltd.
SCO 13-14-15, Sec 34A,
Chandigarh-160 022
(Ph): +91 172 606664
Mobile 9815228132
[EMAIL PROTECTED]
http://www.emmtel.com
- Or
tis 2003-04-01 klockan 12.42 skrev Gavin Hamill:
> acl domainadmins external NT_global_group "Domain Admins"
You can not specify acl elements with spaces in them like this.
What you can do is to place the acl data (Domain Admins) into a separate
file, and then include this file by specifying "/p
tis 2003-04-01 klockan 12.55 skrev mailinglists:
> please forgive my ignorance, but...
>
> > What exactly is it you want me to do?
> >
> > Have you looked ad teh ssl update patch?
>
> ..I've searched that patch in google.com and couldn't find it. Do you mean whether I
> compiled squid with --en
> > external_acl_type NT_global_group %LOGIN /usr/lib/squid/wb_group
> > acl domainadmins external NT_global_group "Domain Admins"
> Hi Gavin,
> Brian O'Neill submitted a patch in November to allow you to use `Domain
> Admins`, because you can't do it with spaces (as you've discovered).
> It's do
On Tue, 2003-04-01 at 11:42, Gavin Hamill wrote:
> > Gavin,
> > I know how you feel I battled with winbind and these problems for ages and
> > finally it all worked. Below is the relevant parts of my squid.conf.
>
> I'm /almost/ there :) winbindd now seems to work fine, and I can
> successfully li
please forgive my ignorance, but...
> What exactly is it you want me to do?
>
> Have you looked ad teh ssl update patch?
..I've searched that patch in google.com and couldn't find it. Do you mean whether I
compiled squid with --enable-ssl and with-ssl-include=/usr/include/openssl? yes, I
> Gavin,
> I know how you feel I battled with winbind and these problems for ages and
> finally it all worked. Below is the relevant parts of my squid.conf.
I'm /almost/ there :) winbindd now seems to work fine, and I can
successfully limit squid access only to those who authenticate using NTLM...
> Gavin,
> I know how you feel I battled with winbind and these problems for ages and
> finally it all worked. Below is the relevant parts of my squid.conf.
I'm /almost/ there :) winbindd now seems to work fine, and I can
successfully limit squid access only to those who authenticate using NTLM...
tis 2003-04-01 klockan 11.42 skrev Massimiliano Cuzzoli:
> Now the question is:
> Are there checking operations other than DNS Lookup that require some
> trickly rules?
Any operation which may involve a external lookup not immediately known
by the Squid configuration files.
This is primarily DN
No.
What you can do is to make the DNS server used by Squid have reliable
access to the needed domain information, most easily done by configuring
the DNS server as if it was a secondary DNS server for the DNS zone in
question, but without having it registered in the zone.
Regards
Henrik
tis 200
What exactly is it you want me to do?
Have you looked ad teh ssl update patch?
Have you applied this patch to your Squid?
Have you read the updated squid.conf.default documentation for the
directives mentioned in my previous reply?
Regards
Henrik
tis 2003-04-01 klockan 11.50 skrev mailinglists
This indicates there is a problem with the configuration of your helper.
Regards
Henrik
tis 2003-04-01 klockan 11.34 skrev Klaaßen, Holger:
> 2003/04/01 11:34:54| WARNING: basicauthenticator #1 (FD 15) exited
--
Henrik Nordstrom <[EMAIL PROTECTED]>
MARA Systems AB, Sweden
> OWA knows about a custom Front-End-Https header for this purpose.
>
> The SSL update to Squid-2.5 adds partial support for this
> header via the
> cache_peer directive and may work for your purposes (combine
> cache_peer
> to the OWA server and never_direct to have the requests forwarded via
Hello Everybody,
in SQUID 2.5 the "tcp_outgoing_tos" applied on ACL's type that envolves
a DNS lookup operation need a trick of this kind:
acl nowhere dst 0.0.0.0/32
http_access deny nowhere
(thank you Henrik!!)
Now the question is:
Are there checking operations other than DNS Lookup that re
Vineet Mehta wrote:
>
> In my LAN environment we have Windows Domain Controllers and Windows
> Active Directory servers which authenticate users when they log in to
> the domain. I am trying to setup squid proxy here.
>
> I want SQUID to allow users access to Internet if they are already
> auth
Hi,
Use squid with winbindd , samba and NTLM authentication (ntlm_auth)
See the samba docs.
Regards,
Cécile.
Quoting Vineet Mehta <[EMAIL PROTECTED]>:
> In my LAN environment we have Windows Domain Controllers and Windows
> Active Directory servers which authenticate users when they log in
In my LAN environment we have Windows Domain Controllers and Windows
Active Directory servers which authenticate users when they log in to
the domain. I am trying to setup squid proxy here.
I want SQUID to allow users access to Internet if they are already
authenticated by the Windows Domain Contr
No.
Regards
Henrik
Denis Heitbrock wrote:
>
> hi,
>
> thxxx for your answer. is there no chance to configure squid in a way that
> the site will work?
> maybe is there a way to tell squid to dont cache any sites to go directly
> there?
>
> best regards,
> denis
>
> -Ursprüngliche Nachrich
You must set the following squid parameter :
dns_nameservers x.y.w.z
-Messaggio originale-
Da: Emanuele Lo Giudice [mailto:[EMAIL PROTECTED]
Inviato:martedi 1 aprile 2003 10.33
A: [EMAIL PROTECTED]
Oggetto:[squid-users] Squid and DNS
I need to now if is possibl
>Who is sending you the error message? I think the error is sent to you
>by your parent.
>
The error message appears when i browse my internal web broser using IE.
anyway It works now. thanks a lot.
regards
andihari
I need to now if is possible to delegate the name resolution of some domain
to other name server (not in the resolv.conf file)
someting like:
all the domain are solved by resolv.conf content
*.my.foo.com is dolved by x.y.z.w
is this possible? and How?
Thanks
Emanuele
atit jariwala wrote:
>
> Hello SQUID Users,
> I found tag cache_access_log ..
> giving none value for this case will disable logging..
> and i have tried it but not got success
> i am sending -k reconfigre signal to SQUID. operation completes
> successfully,
> but still loggin of entry in access.l
Who is sending you the error message? I think the error is sent to you
by your parent.
I think you are missing
acl local dst 10.0.0.0/8
always_direct allow local
Also, having the browsers reconfigured to go direct for internal servers
is generally recommended.
Regards
Henrik
Andi Hari Cahyo
You are still not reading my responses or answering my questions I
think.
The free ram SHOULD BE NEARLY NOTHING when your server is operating
correctly. Any large amounts of free ram IS PURE WASTE OF RESOURCES.
The free -/+ buffers/cache figure is what you need to look at, as this
is the column w
"Jesus M. Salvo Jr." wrote:
>
> There's another possible reason for those logs.
>
> In our case, we have 2 SPARC Solaris that have the same public IP
> address ( different internal IP address of course ), and the Cisco load
> balancer would do a check by sending TCP_SYN to each of them internal I
atit jariwala wrote:
> now i also want to disable access.log logging.
> reasons for doing it is to see impact on cpu usage of squid.
CPU impact of access.log is marginal.
> is there any option for doing it or some external script?.
See the documentation in squid.conf.default.
Regards
Henrik
OWA knows about a custom Front-End-Https header for this purpose.
The SSL update to Squid-2.5 adds partial support for this header via the
cache_peer directive and may work for your purposes (combine cache_peer
to the OWA server and never_direct to have the requests forwarded via
cache_peer in an
There is a hidden define for this purpose. Add
-DAUTH_ON_ACCELERATION
to the DEFS = line in src/Makefile after running configure and then
rebuild Squid.
Regards
Henrik
Klaaßen, Holger wrote:
>
> Hello,
>
> We are using squid 2.5-2 as reverse Proxy.
> I want that users have to authenticate a
Ming Zu wrote:
>
> Oh! Thanks so much!
>
> But how about the duration field for TCP records, are
> they stand for local processing time as well and do
> not include time duration spent over the network
> If so, my project need to change a great deal!!!
The duration is the duration as seen by
78 matches
Mail list logo