AW: [squid-users] FAQ/Most common ACL's

A great idea! You could search the archive of the squid mailing list. Here you will find a lot of qestions from users - and of course a lot of excellent answers from Henrik. Mit freundlichem Gruß / regards Werner Rost GM-FIR - Netzwerk ZF Boge Elastmetall GmbH Friesdorfer Str. 175 53175 Bonn

RE: [squid-users] FAQ/Most common ACL's

> I am looking at putting together either a FAQ or snippets of > config files to achieve some of the most commonly asked > questions on Squid configuration, particularly ACL's (at > least info not already covered in current doc's/default > config file). When you're don with it, just post to

[squid-users] partial word replacement in HTML data

Hi! I'm Shunichi from Japan. (BI wanna make the squid to change HTML data partially according to a certain (Bpattern when the data come through the squid. For example, I wanna (Bsubstitute each and every word "America" on HTML data to "USA". At first, I (Badded the data changing function to "ht

Re: [squid-users] IE auto config how to

On Wednesday 30 July 2003 08.14, Ralf Hildebrandt wrote: > * Henrik Nordstrom <[EMAIL PROTECTED]>: > > On Tuesday 29 July 2003 17.09, JOHNSON DAVID R wrote: > > > I have read how to script the conf file but am unsure as to > > > what to save it as due to platform dependencies. > > > > The trick is

RE: [squid-users] Timeout when Querying a Database

You could try adding debug 5,5 33,5 which will increase debugging for socket functions and client-side routines which could throw up the relevant event that has timed out. These debug settings could cause a lot of data to be logged in cache.log, so, if possible, have only this user using the syste

Re: [squid-users] IE auto config how to

* Henrik Nordstrom <[EMAIL PROTECTED]>: > On Tuesday 29 July 2003 17.09, JOHNSON DAVID R wrote: > > > I have read how to script the conf file but am unsure as to what to > > save it as due to platform dependencies. > > The trick is to set up the correct MIME type in the web server. Which would

[squid-users] Timeout when Querying a Database

-BEGIN PGP SIGNED MESSAGE- Hash: MD5 Hello, i searched through the FAQ and the archives and did not see a situation that exactly matched mine, so I am hoping someone here can help. I have a user behind a Squid proxy who is receiving a browser timeout error when initiating a particularly

Re: [squid-users] FAQ/Most common ACL's

Hi Tony, This is a great idea! Thanks so much for making the effort. :> Cheers Matthew >>> "Tony Melia (DMS)" <[EMAIL PROTECTED]> 07/30/03 08:46AM >>> I am looking at putting together either a FAQ or snippets of config files to achieve some of the most commonly asked questions on Squid configurat

[squid-users] FAQ/Most common ACL's

I am looking at putting together either a FAQ or snippets of config files to achieve some of the most commonly asked questions on Squid configuration, particularly ACL's (at least info not already covered in current doc's/default config file). Can I ask people if they have weird or wonderful sni

Re: [squid-users] Squid 2.5, authentication and ICQ

>Now I'm trying to make msn messenger, yahoo and icq to work with it, and >I've just managed to make the first two do it just right Just out of curiosity - how did you get Yahoo! and MSN Messenger to work? There was a recent post asking about this, and I have had problems as well. Adam

RE: [squid-users] How may I block MSN Messenger...

Adam, I posted this a couple of weeks ago: acl MSN req_mime_type ^application/x-msn-messenger$ http_access deny MSN You have to make sure that your clients can't directly connect to the outside world though (I only allow my proxy and mail servers out everything else is rejected). Justin >>> "

Re: [squid-users] Image Caching

Are you using transparent proxying on your net?? If so please check the 'ie_refresh' parameter in your squid.conf Ries Citeren Chris Wilcox <[EMAIL PROTECTED]>: > > > >I use a squid version 2.4. > >I got a simple problem, i guess. > >How i can set the squid, to never never store any image > >i

[squid-users] Squid 2.5, authentication and ICQ

Hi everybody... I've just configured squid 2.5 stable 3 to work with ntlm & basic authentication and it's working just fine. Now I'm trying to make msn messenger, yahoo and icq to work with it, and I've just managed to make the first two do it just right, but I can't do it with ICQ. On my logs, I

Re: [squid-users] Squid File Locations for standard Denied message

Jim wrote: > At one time I had located the files that are used to create the different > messages for example when a user receives a denied message. Can anyone > please tell me this location again. I am using Debian. I believe it's all in $SQIDHOME/share/errors/. For example /usr/local/squid/sh

[squid-users] Squid File Locations for standard Denied message

At one time I had located the files that are used to create the different messages for example when a user receives a denied message. Can anyone please tell me this location again. I am using Debian. Jim

[squid-users] Refresh Squid and ISA

I have two proxies, Squid and ISA that is connected to Squid, the clients use the ISA to access Internet, they have IE6.0. The problem is when someone try to make login or logout, the page is not refreshed. If the clients use Squid directlty it works fine. ___

Re: [squid-users] Any guidelines on writing external_acl_type s?

On Tuesday 29 July 2003 17.48, Chris Wilcox wrote: > I've had a good search through google and found nothing. Are there > any limits or things that can't be done with this type of ACL? Eg > can the helper class query a DB, can it be written in any language? > Can it be a simple perl script? Squ

Re: [squid-users] Re: is there a way I can recieve replies only?

On Tuesday 29 July 2003 17.44, [EMAIL PROTECTED] wrote: > I mean, how can I stop this mailing list from filling up my > webmail inbox? If you can not do it by deleting messages before your inbox is full or moving to an email account allowing for a larger inbox, then your other option is to unsu

Re: [squid-users] Transparent proxying and two WAN links

On Tuesday 29 July 2003 16.47, CPD - Equipe de Segurança wrote: > Now, the default route points to the WAN #2 router , so I'm sure I > need an extra route for the WAN#1 interface. > > Has anyone ever got into this mess? I do things like this quite often, but on Linux. The technology you need to

Re: [squid-users] Squid and viruswall

On Tuesday 29 July 2003 16.58, Vincent Cunat wrote: > Browser -> squid -> viruswall -> internet > > But i dont know how to configure my squid.conf and my viruswall See the Squid FAQ On how to configure Squid to forward all requests to another proxy. Regards Henrik -- Donations welcome if you

Re: [squid-users] IE auto config how to

On Tuesday 29 July 2003 17.09, JOHNSON DAVID R wrote: > I have read how to script the conf file but am unsure as to what to > save it as due to platform dependencies. The trick is to set up the correct MIME type in the web server. Then you only need to save the file with an extension matching th

RE: [squid-users] IE auto config how to

On Tue, 29 Jul 2003, JOHNSON DAVID R wrote: > Can someone provide me a brief how-to as to how to (lol) setup a config file > on an IIS and Apache web server for dispersal to IE browsers. Here is a very simple browser configuration file. Its basic function is to have the browser access the URL di

Re: [squid-users] Re: is there a way I can recieve replies only?

Hmm, not sure about your e-mail, but I canset filters in Hotmail so mail from specific places goes into certain folders eg mail with 'squid users' in the Subject goes into a 'Squid Users' folder. That way I don't clutter my inbox. Regards, nry

[squid-users] Any guidelines on writing external_acl_type s?

Hi all, I've had a good search through google and found nothing. Are there any limits or things that can't be done with this type of ACL? Eg can the helper class query a DB, can it be written in any language? Can it be a simple perl script? I'm kinda thinking of something like the following:

[squid-users] Re: is there a way I can recieve replies only?

I mean, how can I stop this mailing list from filling up my webmail inbox? I can't use a pop3 because I change ISPs too frequently to be worthwhile. Adrian Chadd said: > > _replies_ ? > > What do you mean? - This email was sent using FREE Catholic Onlin

RE: [squid-users] IE auto config how to

Can someone provide me a brief how-to as to how to (lol) setup a config file on an IIS and Apache web server for dispersal to IE browsers. I have read how to script the conf file but am unsure as to what to save it as due to platform dependencies.

[squid-users] Squid and viruswall

Hi, Configuration : Red hat 8.0 Squid 2.4 Viruswall 3.8 I wan t : Browser -> squid -> viruswall -> internet But i dont know how to configure my squid.conf and my viruswall Please could you help me. Regards, vincent

[squid-users] Transparent proxying and two WAN links

Gentlman, I'm facing the following scenario. One machine with three NICs, one internal and two WAN ( external ) interfaces. Now, I want all the HTTP ( port 80 ) traffic to be sent through WAN #1 with squid, and all the rest through WAN #2. My idea is to do it with IPFW, adding the following ru

Re: [squid-users] *tweak*

tis 2003-07-29 klockan 15.00 skrev JOHNSON DAVID R: > First question, Is there a way to setup squid so that a user does not have > to authenticate everytime they open a new browser? Kind of like a token > validating their ip and credentials for a set amount of time? This is a browser question and

Re: [squid-users] open webpage category database proposal

Hi ! > Due to the sheer size of a decent ratings databases you will need to > implement your own DNS master servers however, using some form of > replicated backend database with a DNS interface frontend. The > standard DNS servers is not suitable for these volumes of master > information or

RE: [squid-users] ACL for one single IP

tis 2003-07-29 klockan 14.46 skrev Neil A. Hillard: > > acl user_dom dstdomain www.cnn.com www.linux.org > Or even simpler: > > acl user_dst dst www.cnn.com www.linux.org No, dstdomain is better. dstdomain literally matches the host component of the requested URL using a domain match. dst ma

RE: [squid-users] ACL for one single IP

tis 2003-07-29 klockan 14.00 skrev Adam Aube: > If he wants to block by domain, then the dstdomain acl might > be a better choice, as dstdomain probably doesn't require as > many resources as url_regex. And generally does a better job at matching domains in a way that makes sense. Regards Henrik

RE: [squid-users] How may I block MSN Messenger...

tis 2003-07-29 klockan 14.56 skrev Boniforti Flavio: > acl msn_no_block src 10.167.211.11 > acl msn_server dst 64.4.13.0/255.255.255.0 > http_access deny !msn_no_block msn_server > > But it doesn't work! What do you get in access.log? Regards Henrik -- Donations welcome if you consider my Fre

RE: [squid-users] How may I block MSN Messenger...

> My PC (10.167.211.11) is the ONLY ONE supposed to connect to MSN > Messenger. The fact is that when trying to connect from another > IP it still works! This means your acl to block MSN messegner isn't working. There was a thread in late June that discussed how to block MSN messenger - that threa

RE: [squid-users] How may I block MSN Messenger...

> > But it doesn't work! > > "Doesn't work" doesn't give us much info to go on. Please > be more specific - does it not block MSN messenger at all, > or does it not allow the one IP it is supposed to? Ok, sorry! My PC (10.167.211.11) is the ONLY ONE supposed to connect to MSN Messenger. The fact

RE: [squid-users] How may I block MSN Messenger...

> acl msn_no_block src 10.167.211.11 > acl msn_server dst 64.4.13.0/255.255.255.0 > http_access deny !msn_no_block msn_server > But it doesn't work! "Doesn't work" doesn't give us much info to go on. Please be more specific - does it not block MSN messenger at all, or does it not allow the one IP

RE: [squid-users] ACL for one single IP

> Or even simpler: > acl user_dst dst www.cnn.com www.linux.org I thought dst matched only on destination IP address. Adam --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.237 / Virus Database: 115 - Release Date: 3/7/2001

RE: [squid-users] *tweak*

> First question, Is there a way to setup squid so that a user > does not have to authenticate everytime they open a new > browser? Kind of like a token validating their ip and > credentials for a set amount of time? That's a browser issue, not a Squid issue. Currently the only setup that can work

RE: [squid-users] How may I block MSN Messenger...

hi members. i think a ip pool of msn is started with 207.*.*.* thats not start with 64.*.*.* may be thats the prob.. ne how .. try it.. Thanks & B-regards Furqan Abbas From: "Boniforti Flavio" <[EMAIL PROTECTED]> To: "'Henrik Nordstrom'" <[EMAIL PROTECTED]> CC: <[EMAIL PROTECTED]> Subject: RE:

[squid-users] *tweak*

Morning all!! ( East Coast U.S.) First question, Is there a way to setup squid so that a user does not have to authenticate everytime they open a new browser? Kind of like a token validating their ip and credentials for a set amount of time? Second qestion, i am using LDAP top authenticate users

RE: [squid-users] ACL for one single IP

Hi, > > acl user_url url_regex www\.cnn\.com www\.linux\.org > > acl user_src src 192.168.0.125 > > ... > > If he wants to block by domain, then the dstdomain acl might > be a better choice, as dstdomain probably doesn't require as > many resources as url_regex. > > acl user_dom dstdomain www.cn

RE: [squid-users] How may I block MSN Messenger...

> acl not_block_msn src ... > http_access deny !not_block_msn acl_used_to_block_msn I set it up as: acl msn_no_block src 10.167.211.11 acl msn_server dst 64.4.13.0/255.255.255.0 http_access deny !msn_no_block msn_server But it doesn't work! What's wrong? (I'm a bit tired, maybe I didn't catch

RE: [squid-users] ACL for one single IP

> acl user_url url_regex www\.cnn\.com www\.linux\.org > acl user_src src 192.168.0.125 > ... If he wants to block by domain, then the dstdomain acl might be a better choice, as dstdomain probably doesn't require as many resources as url_regex. acl user_dom dstdomain www.cnn.com www.linux.org Ad

Re: FYI: [squid-users] Questions on "http_access deny" andTCP_DENIED

tis 2003-07-29 klockan 13.08 skrev Stéphane Ascoët: > Hello, > I've got the same problem and submitted the bug in the bug database. It > seems that Squid connects itself to something in the Internet before > denying, this is very annoying. Squid does not do this unless you have access controls

Re: [squid-users] How may I block MSN Messenger...

tis 2003-07-29 klockan 12.23 skrev Boniforti Flavio: > ... For every user, BUT some IPs? acl not_block_msn src ... http_access deny !not_block_msn acl_used_to_block_msn Regards Henrik -- Donations welcome if you consider my Free Squid support helpful. https://www.paypal.com/xclick/business=hno%

Re: [squid-users] ACL for one single IP

hi, > How may I set up an ACL for one IP, on which ONLY some sites have to be > viewed? > > I mean like: > > IP 192.168.0.125 has to be able to surf only www.cnn.com and > www.linux.org ?!? i think: acl user_url url_regex www\.cnn\.com www\.linux\.org acl user_src src 192.168.0.125 ... http_a

[squid-users] ACL for one single IP

Hy! How may I set up an ACL for one IP, on which ONLY some sites have to be viewed? I mean like: IP 192.168.0.125 has to be able to surf only www.cnn.com and www.linux.org ?!? Thank you! --- Boniforti Flavio Provincia del Verbano-Cusio-Ossola Ufficio Informatic

FYI: [squid-users] Questions on "http_access deny" and TCP_DENIED

Le vendredi, 25 juil 2003, à 15:10 Europe/Paris, Steve Snyder a écrit : 1. Why does it take so long to do the denial? I would think that the denial would be nearly instantaneous given that no network I/O needs to be done. The client requested a destination, that destination is disallowed, the d

[squid-users] How may I block MSN Messenger...

... For every user, BUT some IPs? Thank you! --- Boniforti Flavio Provincia del Verbano-Cusio-Ossola Ufficio Informatica Tecnoparco del Lago Maggiore Via dell'Industria, 25 28924 Verbania ---

Re: [squid-users] open webpage category database proposal

Hi ! > > This data is well cache-able. The overhead is not that big. And don't > > forget that for many companies, institutions a well managable > > supervision/filtering is more important than a few seconds of browsing > > time a day. > > But it's not a few seconds per day - it's a few second

Re: [squid-users] unable to use squid over vpn

Hugo Bouckaert wrote: > > Hi > > I am trying to make squid over a VPN connection, but no matter what I > try, I can't get it to work. I have squid-2.5-stable-2 installed on a > RedHat 9.0 machine and from within the office it works fine. However, > when I make a VPN connection to the Windows do

[squid-users] unable to use squid over vpn

Hi I am trying to make squid over a VPN connection, but no matter what I try, I can't get it to work. I have squid-2.5-stable-2 installed on a RedHat 9.0 machine and from within the office it works fine. However, when I make a VPN connection to the Windows domain from outside, I can't get squid t

Re: [squid-users] a sort of transparency

I think this was mentioned before. Henrik replied with the possibility if you can hack the OS you are running, as it is dependent on the TCP stack of the OS. Best regards, Kareem Mahgoub Senior System Administrator Wayout Phone: +2023017153 Fax: +2023017130 45 El Batal Ahmed Abdel Aziz st. 14th Flo

Re: [squid-users] a sort of transparency

On Wednesday 30 July 2003 20.54, Adrian Costescu wrote: > Hail List! > I'm looking for a feature, but i don't know if squid has one like > this...maybe you can help me! > i want squid not to make the request "in his name", i want squid to > use originating ip address, but also be a cache-proxy so i

Re: [squid-users] a sort of transparency

Adrian Costescu wrote: > > Hail List! > I'm looking for a feature, but i don't know if squid has one like this...maybe > you can help me! > i want squid not to make the request "in his name", i want squid to use > originating ip address, but also be a cache-proxy so i can use its caching > abili

[squid-users] a sort of transparency

Hail List! I'm looking for a feature, but i don't know if squid has one like this...maybe you can help me! i want squid not to make the request "in his name", i want squid to use originating ip address, but also be a cache-proxy so i can use its caching ability...i want this for bandwidth reaso

Re: [squid-users] Image Caching

I use a squid version 2.4. I got a simple problem, i guess. How i can set the squid, to never never store any image in your cache, CUZ here we got a lot of web developers and designers. We are got so much problems with squid. The squid store all images, and when a designer change this images, him c

Re: [squid-users] Maximum connections per host in a subnet

On Wednesday 30 July 2003 09.07, Kamal Shams wrote: > acl blum src 192.168.3.0/24 > acl 10Max maxconn 10 > http_access deny 10Max blum > > But this didn't help since all the subnet now had a limit of 10 > connections as opposed to every host in the subnet having a limit > of 10 connections. The

[squid-users] Re: wccp patch

On Tuesday 29 July 2003 04.16, Sukhjit Singh wrote: > Dear Henrik, > > I think i have found the problem, squid is fine but there is some > problem with the wccp v2 module on my cisco 3660 router. I decided > this because even when the squid is running the sites are not > opening and if i stop the w

RE: [squid-users] Maximum connections per host in a subnet

Henrik Nordstrom wrote: >Is it possible to define a subnet for the "maxconn" configuration tag >in which every host in the subnet would be limited to the specified >maximum connections > > Yes. Done via http_access, having one http_access rule per > subnet/class of users, linking the user to their