A great idea!
You could search the archive of the squid mailing list. Here you will find a
lot of qestions from users - and of course a lot of excellent answers from
Henrik.
Mit freundlichem Gruß / regards
Werner Rost
GM-FIR - Netzwerk
ZF Boge Elastmetall GmbH
Friesdorfer Str. 175
53175 Bonn
> I am looking at putting together either a FAQ or snippets of
> config files to achieve some of the most commonly asked
> questions on Squid configuration, particularly ACL's (at
> least info not already covered in current doc's/default
> config file).
When you're don with it, just post to
Hi! I'm Shunichi from Japan.
(BI wanna make the squid to change HTML data partially according to a certain
(Bpattern when the data come through the squid. For example, I wanna
(Bsubstitute each and every word "America" on HTML data to "USA". At first, I
(Badded the data changing function to "ht
On Wednesday 30 July 2003 08.14, Ralf Hildebrandt wrote:
> * Henrik Nordstrom <[EMAIL PROTECTED]>:
> > On Tuesday 29 July 2003 17.09, JOHNSON DAVID R wrote:
> > > I have read how to script the conf file but am unsure as to
> > > what to save it as due to platform dependencies.
> >
> > The trick is
You could try adding debug 5,5 33,5 which will increase debugging for socket
functions and client-side routines which could throw up the relevant event
that has timed out. These debug settings could cause a lot of data to be
logged in cache.log, so, if possible, have only this user using the syste
* Henrik Nordstrom <[EMAIL PROTECTED]>:
> On Tuesday 29 July 2003 17.09, JOHNSON DAVID R wrote:
>
> > I have read how to script the conf file but am unsure as to what to
> > save it as due to platform dependencies.
>
> The trick is to set up the correct MIME type in the web server.
Which would
-BEGIN PGP SIGNED MESSAGE-
Hash: MD5
Hello,
i searched through the FAQ and the archives and did not see a
situation that exactly matched mine, so I am hoping someone here can
help.
I have a user behind a Squid proxy who is receiving a browser timeout
error when initiating a particularly
Hi Tony,
This is a great idea! Thanks so much for making the effort. :>
Cheers
Matthew
>>> "Tony Melia (DMS)" <[EMAIL PROTECTED]> 07/30/03 08:46AM >>>
I am looking at putting together either a FAQ or snippets of config files to
achieve some of the most commonly asked questions on Squid configurat
I am looking at putting together either a FAQ or snippets of config files to
achieve some of the most commonly asked questions on Squid configuration,
particularly ACL's (at least info not already covered in current
doc's/default config file).
Can I ask people if they have weird or wonderful sni
>Now I'm trying to make msn messenger, yahoo and icq to work with
it, and
>I've just managed to make the first two do it just right
Just out of curiosity - how did you get Yahoo! and MSN Messenger
to work? There was a recent post asking about this, and I have had
problems as well.
Adam
Adam,
I posted this a couple of weeks ago:
acl MSN req_mime_type ^application/x-msn-messenger$
http_access deny MSN
You have to make sure that your clients can't directly connect to the outside world
though (I only allow my proxy and mail servers out everything else is rejected).
Justin
>>> "
Are you using transparent proxying on your net??
If so please check the 'ie_refresh' parameter in your squid.conf
Ries
Citeren Chris Wilcox <[EMAIL PROTECTED]>:
> >
> >I use a squid version 2.4.
> >I got a simple problem, i guess.
> >How i can set the squid, to never never store any image
> >i
Hi everybody...
I've just configured squid 2.5 stable 3 to work with ntlm & basic
authentication and it's working just fine.
Now I'm trying to make msn messenger, yahoo and icq to work with it, and
I've just managed to make the first two do it just right, but I can't do it
with ICQ.
On my logs, I
Jim wrote:
> At one time I had located the files that are used to create the different
> messages for example when a user receives a denied message. Can anyone
> please tell me this location again. I am using Debian.
I believe it's all in $SQIDHOME/share/errors/. For example
/usr/local/squid/sh
At one time I had located the files that are used to create the different
messages for example when a user receives a denied message. Can anyone
please tell me this location again. I am using Debian.
Jim
I have two proxies, Squid and ISA that is connected to Squid, the clients
use the ISA to access Internet, they have IE6.0.
The problem is when someone try to make login or logout, the page is not
refreshed.
If the clients use Squid directlty it works fine.
___
On Tuesday 29 July 2003 17.48, Chris Wilcox wrote:
> I've had a good search through google and found nothing. Are there
> any limits or things that can't be done with this type of ACL? Eg
> can the helper class query a DB, can it be written in any language?
> Can it be a simple perl script?
Squ
On Tuesday 29 July 2003 17.44, [EMAIL PROTECTED] wrote:
> I mean, how can I stop this mailing list from filling up my
> webmail inbox?
If you can not do it by deleting messages before your inbox is full or
moving to an email account allowing for a larger inbox, then your
other option is to unsu
On Tuesday 29 July 2003 16.47, CPD - Equipe de Segurança wrote:
> Now, the default route points to the WAN #2 router , so I'm sure I
> need an extra route for the WAN#1 interface.
>
> Has anyone ever got into this mess?
I do things like this quite often, but on Linux.
The technology you need to
On Tuesday 29 July 2003 16.58, Vincent Cunat wrote:
> Browser -> squid -> viruswall -> internet
>
> But i dont know how to configure my squid.conf and my viruswall
See the Squid FAQ On how to configure Squid to forward all requests to
another proxy.
Regards
Henrik
--
Donations welcome if you
On Tuesday 29 July 2003 17.09, JOHNSON DAVID R wrote:
> I have read how to script the conf file but am unsure as to what to
> save it as due to platform dependencies.
The trick is to set up the correct MIME type in the web server. Then
you only need to save the file with an extension matching th
On Tue, 29 Jul 2003, JOHNSON DAVID R wrote:
> Can someone provide me a brief how-to as to how to (lol) setup a config file
> on an IIS and Apache web server for dispersal to IE browsers.
Here is a very simple browser configuration file. Its basic function is
to have the browser access the URL di
Hmm, not sure about your e-mail, but I canset filters in Hotmail so mail
from specific places goes into certain folders eg mail with 'squid users' in
the Subject goes into a 'Squid Users' folder. That way I don't clutter my
inbox.
Regards,
nry
Hi all,
I've had a good search through google and found nothing. Are there any
limits or things that can't be done with this type of ACL? Eg can the
helper class query a DB, can it be written in any language? Can it be a
simple perl script?
I'm kinda thinking of something like the following:
I mean, how can I stop this mailing list from filling up my webmail
inbox? I can't use a pop3 because I change ISPs too frequently to be
worthwhile.
Adrian Chadd said:
>
> _replies_ ?
>
> What do you mean?
-
This email was sent using FREE Catholic Onlin
Can someone provide me a brief how-to as to how to (lol) setup a config file
on an IIS and Apache web server for dispersal to IE browsers.
I have read how to script the conf file but am unsure as to what to save it
as due to platform dependencies.
Hi,
Configuration :
Red hat 8.0
Squid 2.4
Viruswall 3.8
I wan t :
Browser -> squid -> viruswall -> internet
But i dont know how to configure my squid.conf and my viruswall
Please could you help me.
Regards,
vincent
Gentlman,
I'm facing the following scenario. One machine with three NICs, one
internal and two WAN ( external ) interfaces. Now, I want all the HTTP (
port 80 ) traffic to be sent through WAN #1 with squid, and all the rest
through WAN #2.
My idea is to do it with IPFW, adding the following ru
tis 2003-07-29 klockan 15.00 skrev JOHNSON DAVID R:
> First question, Is there a way to setup squid so that a user does not have
> to authenticate everytime they open a new browser? Kind of like a token
> validating their ip and credentials for a set amount of time?
This is a browser question and
Hi !
> Due to the sheer size of a decent ratings databases you will need to
> implement your own DNS master servers however, using some form of
> replicated backend database with a DNS interface frontend. The
> standard DNS servers is not suitable for these volumes of master
> information or
tis 2003-07-29 klockan 14.46 skrev Neil A. Hillard:
> > acl user_dom dstdomain www.cnn.com www.linux.org
> Or even simpler:
>
> acl user_dst dst www.cnn.com www.linux.org
No, dstdomain is better.
dstdomain literally matches the host component of the requested URL
using a domain match.
dst ma
tis 2003-07-29 klockan 14.00 skrev Adam Aube:
> If he wants to block by domain, then the dstdomain acl might
> be a better choice, as dstdomain probably doesn't require as
> many resources as url_regex.
And generally does a better job at matching domains in a way that makes
sense.
Regards
Henrik
tis 2003-07-29 klockan 14.56 skrev Boniforti Flavio:
> acl msn_no_block src 10.167.211.11
> acl msn_server dst 64.4.13.0/255.255.255.0
> http_access deny !msn_no_block msn_server
>
> But it doesn't work!
What do you get in access.log?
Regards
Henrik
--
Donations welcome if you consider my Fre
> My PC (10.167.211.11) is the ONLY ONE supposed to connect to MSN
> Messenger. The fact is that when trying to connect from another
> IP it still works!
This means your acl to block MSN messegner isn't working. There was
a thread in late June that discussed how to block MSN messenger -
that threa
> > But it doesn't work!
>
> "Doesn't work" doesn't give us much info to go on. Please
> be more specific - does it not block MSN messenger at all,
> or does it not allow the one IP it is supposed to?
Ok, sorry!
My PC (10.167.211.11) is the ONLY ONE supposed to connect to MSN
Messenger. The fact
> acl msn_no_block src 10.167.211.11
> acl msn_server dst 64.4.13.0/255.255.255.0
> http_access deny !msn_no_block msn_server
> But it doesn't work!
"Doesn't work" doesn't give us much info to go on. Please
be more specific - does it not block MSN messenger at all,
or does it not allow the one IP
> Or even simpler:
> acl user_dst dst www.cnn.com www.linux.org
I thought dst matched only on destination IP address.
Adam
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.237 / Virus Database: 115 - Release Date: 3/7/2001
> First question, Is there a way to setup squid so that a user
> does not have to authenticate everytime they open a new
> browser? Kind of like a token validating their ip and
> credentials for a set amount of time?
That's a browser issue, not a Squid issue. Currently the only
setup that can work
hi members.
i think a ip pool of msn is started with 207.*.*.*
thats not start with 64.*.*.*
may be thats the prob..
ne how ..
try it..
Thanks & B-regards
Furqan Abbas
From: "Boniforti Flavio" <[EMAIL PROTECTED]>
To: "'Henrik Nordstrom'" <[EMAIL PROTECTED]>
CC: <[EMAIL PROTECTED]>
Subject: RE:
Morning all!! ( East Coast U.S.)
First question, Is there a way to setup squid so that a user does not have
to authenticate everytime they open a new browser? Kind of like a token
validating their ip and credentials for a set amount of time?
Second qestion, i am using LDAP top authenticate users
Hi,
> > acl user_url url_regex www\.cnn\.com www\.linux\.org
> > acl user_src src 192.168.0.125
> > ...
>
> If he wants to block by domain, then the dstdomain acl might
> be a better choice, as dstdomain probably doesn't require as
> many resources as url_regex.
>
> acl user_dom dstdomain www.cn
> acl not_block_msn src ...
> http_access deny !not_block_msn acl_used_to_block_msn
I set it up as:
acl msn_no_block src 10.167.211.11
acl msn_server dst 64.4.13.0/255.255.255.0
http_access deny !msn_no_block msn_server
But it doesn't work!
What's wrong? (I'm a bit tired, maybe I didn't catch
> acl user_url url_regex www\.cnn\.com www\.linux\.org
> acl user_src src 192.168.0.125
> ...
If he wants to block by domain, then the dstdomain acl might
be a better choice, as dstdomain probably doesn't require as
many resources as url_regex.
acl user_dom dstdomain www.cnn.com www.linux.org
Ad
tis 2003-07-29 klockan 13.08 skrev Stéphane Ascoët:
> Hello,
> I've got the same problem and submitted the bug in the bug database. It
> seems that Squid connects itself to something in the Internet before
> denying, this is very annoying.
Squid does not do this unless you have access controls
tis 2003-07-29 klockan 12.23 skrev Boniforti Flavio:
> ... For every user, BUT some IPs?
acl not_block_msn src ...
http_access deny !not_block_msn acl_used_to_block_msn
Regards
Henrik
--
Donations welcome if you consider my Free Squid support helpful.
https://www.paypal.com/xclick/business=hno%
hi,
> How may I set up an ACL for one IP, on which ONLY some sites have to be
> viewed?
>
> I mean like:
>
> IP 192.168.0.125 has to be able to surf only www.cnn.com and
> www.linux.org ?!?
i think:
acl user_url url_regex www\.cnn\.com www\.linux\.org
acl user_src src 192.168.0.125
...
http_a
Hy!
How may I set up an ACL for one IP, on which ONLY some sites have to be
viewed?
I mean like:
IP 192.168.0.125 has to be able to surf only www.cnn.com and
www.linux.org ?!?
Thank you!
---
Boniforti Flavio
Provincia del Verbano-Cusio-Ossola
Ufficio Informatic
Le vendredi, 25 juil 2003, à 15:10 Europe/Paris, Steve Snyder a écrit :
1. Why does it take so long to do the denial? I would think that the
denial would be nearly instantaneous given that no network I/O needs
to be
done. The client requested a destination, that destination is
disallowed,
the d
... For every user, BUT some IPs?
Thank you!
---
Boniforti Flavio
Provincia del Verbano-Cusio-Ossola
Ufficio Informatica
Tecnoparco del Lago Maggiore
Via dell'Industria, 25
28924 Verbania
---
Hi !
> > This data is well cache-able. The overhead is not that big. And don't
> > forget that for many companies, institutions a well managable
> > supervision/filtering is more important than a few seconds of browsing
> > time a day.
>
> But it's not a few seconds per day - it's a few second
Hugo Bouckaert wrote:
>
> Hi
>
> I am trying to make squid over a VPN connection, but no matter what I
> try, I can't get it to work. I have squid-2.5-stable-2 installed on a
> RedHat 9.0 machine and from within the office it works fine. However,
> when I make a VPN connection to the Windows do
Hi
I am trying to make squid over a VPN connection, but no matter what I
try, I can't get it to work. I have squid-2.5-stable-2 installed on a
RedHat 9.0 machine and from within the office it works fine. However,
when I make a VPN connection to the Windows domain from outside, I can't
get squid t
I think this was mentioned before.
Henrik replied with the possibility if you can hack the OS you are running,
as it is dependent on the TCP stack of the OS.
Best regards,
Kareem Mahgoub
Senior System Administrator
Wayout
Phone: +2023017153
Fax: +2023017130
45 El Batal Ahmed Abdel Aziz st.
14th Flo
On Wednesday 30 July 2003 20.54, Adrian Costescu wrote:
> Hail List!
> I'm looking for a feature, but i don't know if squid has one like
> this...maybe you can help me!
> i want squid not to make the request "in his name", i want squid to
> use originating ip address, but also be a cache-proxy so i
Adrian Costescu wrote:
>
> Hail List!
> I'm looking for a feature, but i don't know if squid has one like this...maybe
> you can help me!
> i want squid not to make the request "in his name", i want squid to use
> originating ip address, but also be a cache-proxy so i can use its caching
> abili
Hail List!
I'm looking for a feature, but i don't know if squid has one like this...maybe
you can help me!
i want squid not to make the request "in his name", i want squid to use
originating ip address, but also be a cache-proxy so i can use its caching
ability...i want this for bandwidth reaso
I use a squid version 2.4.
I got a simple problem, i guess.
How i can set the squid, to never never store any image
in your cache, CUZ here we got a lot of web developers
and designers. We are got so much problems with
squid. The squid store all images, and when a designer
change this images, him c
On Wednesday 30 July 2003 09.07, Kamal Shams wrote:
> acl blum src 192.168.3.0/24
> acl 10Max maxconn 10
> http_access deny 10Max blum
>
> But this didn't help since all the subnet now had a limit of 10
> connections as opposed to every host in the subnet having a limit
> of 10 connections.
The
On Tuesday 29 July 2003 04.16, Sukhjit Singh wrote:
> Dear Henrik,
>
> I think i have found the problem, squid is fine but there is some
> problem with the wccp v2 module on my cisco 3660 router. I decided
> this because even when the squid is running the sites are not
> opening and if i stop the w
Henrik Nordstrom wrote:
>Is it possible to define a subnet for the "maxconn" configuration tag
>in which every host in the subnet would be limited to the specified
>maximum connections
>
> Yes. Done via http_access, having one http_access rule per
> subnet/class of users, linking the user to their
60 matches
Mail list logo