Re: [squid-users] corruption symptom

On Tue, 2003-09-02 at 09:20, Joshua Brindle wrote: > Ok, after looking at LOTS of logs and tcpdumps of the traffic > i finally figured out that when pages or images are broken there > is an extra crlf after the headers. this only happens when using > a cache peer, and happened with both dansguardia

[squid-users] corruption symptom

Ok, after looking at LOTS of logs and tcpdumps of the traffic i finally figured out that when pages or images are broken there is an extra crlf after the headers. this only happens when using a cache peer, and happened with both dansguardian and tinyproxy as the cache peer. I'm using these cache pe

[squid-users] Using squid_ldap_group

Hi all, I am using Squid and LDAP to control access to Internet via Proxy. I also am using squid_ldap_auth. I would like to separate my users into six groups, named UL1 to UL6. I would like to authenticate then against LDAP and, after that, grant or revoke permission to access h

Re: [squid-users] authentication not applicable on accelerated requests

Henrik, Browser was not configured! Thanks. Henrik Nordstrom wrote: On Monday 01 September 2003 21.27, Rafael Bossle wrote: I know that squid does not support authentication with interception, but I need the last 3 lines. Without then, squid return an error for every request. Example: when

RE: [squid-users] Squid ldap_group

My line say: -f "(&(cn=%g)(member=%u))" -F "(&(sAMAccountName=%s))" Don't work I untherstand... -Mensaje original- De: Henrik Nordstrom [mailto:[EMAIL PROTECTED] Enviado el: Monday, September 01, 2003 16:23 Para: Guillermo Ettlin; [EMAIL PROTECTED] Asunto: Re: [squid-users] Squid ldap

[squid-users] squid_ldap_auth

I am trying to get squid_ldap_auth to work from the command line but am having no success. This works: ldapsearch -H ldap://directory.somewhere.edu -x -b ou=accounts,dc=vt,dc=edu -Z '(uupid=jdoe)' I have tried these and many. many more: squid_ldap_auth -b "ou=accounts,dc=vt,dc=edu" -Z -H lda

Re: [squid-users] authentication not applicable on accelerated requests

On Monday 01 September 2003 21.27, Rafael Bossle wrote: > I know that squid does not support authentication with > interception, but I need the last 3 lines. Without then, squid > return an error for every request. Example: when entering in > browser > http://www.squid-cache.org/Doc/FAQ/FAQ-17.htm

[squid-users] authentication not applicable on accelerated requests

Hi, I am having this message when using msnt_auth with squid-2.5.STABLE1-2 in a Red Hat 9.0: aclAuthenticated: authentication not applicable on accelerated requests Relevant lines in squid.conf: --- auth_param basic program /usr/lib/squid/msnt_auth auth_param basic children 5 auth_param

Re: [squid-users] Squid ldap_group

On Monday 01 September 2003 19.00, Guillermo Ettlin wrote: > I change the filter for: > > -f "(&(cn=%g)(member=%u))" > > Because member is the attribute that the group membership in AD > show, but don't work. With this filter you also need to specify the -F flag with the same data as used for th

[squid-users] Is WCCPv2 on RH capable of multiple routers? Is multicast supported?

> Dear Sir, > > > Regarding the WCCPv2 patch for Squid2.5 pre7 , WCCPv2 model supports > multiple caches with multiple routers. To do this caches must be configured > for the routers. > In squid.conf only one wccp2_router can be defined. Is there any > alternatives to define extra routers? > In ca

Re: [squid-users] Memory leak?

On Monday 01 September 2003 16.57, Shpend Bakalli wrote: > I am aware, but I dont think that squid will start swaping if the > OS is using 2 gigs of disk cache... the cache/buffer memory > supposedly should be freed to the applications asking for it right? Some swapout is normal.. but you do not

Re: [squid-users] read error (104)

On Monday 01 September 2003 16.23, Esteban G wrote: > Read Error > The system returned: > > (104) Connection reset by peer > When or why does this kind of error hapend? When the server contacted aborts the connection while Squid is sending the request. Or more likely, when a firewall, NAT d

RE: [squid-users] Squid ldap_group

I change the filter for: -f "(&(cn=%g)(member=%u))" Because member is the attribute that the group membership in AD show, but don't work. -Mensaje original- De: Henrik Nordstrom [mailto:[EMAIL PROTECTED] Enviado el: Friday, August 29, 2003 20:20 Para: Guillermo Ettlin; [EMAIL PROTECTED

Re: [squid-users] Transparent Proxy + Ldap Auth ... Its posible? ...

Am Montag, 1. September 2003 16:09 schrieb Henrik Nordstrom: > mån 2003-09-01 klockan 15.51 skrev Arias, Sebastian Alejandro - (Ext > > Arg): > > Squid ask me for a password at every time that I change the URL in my > > Browser ... > > Its posible to avoid it using ldap auth + transparent proxy? ..

[squid-users] NTLM/Winbind Auth with Acceleration Mode

Hey All, I've compiled squid/2.5.STABLE3, along with samba 2.2.7. I have compiled both squid, and samba, as per the Reverse Proxy FAQ. Both these src's have been compiled on RedHat 9. Regarding auth, my squid.conf looks like this: auth_param ntlm program /usr/local/squid/libexec/wb_ntlmauth aut

Re: [squid-users] Memory leak?

>From: Richard Lyons <[EMAIL PROTECTED]> >Date: Mon, 1 Sep 2003 23:12:14 +1000 > >On Mon, 1 Sep 2003, Shpend Bakalli wrote: > >> (it continues to eat the mem and swaps), and it is not accounted in >> squid process (which grows up to 500 MB). When squid is shut down > >Forgive me for asking the obv

Re: [squid-users] log file redundancies in a network of caches

mån 2003-09-01 klockan 16.04 skrev Phil Lucs: > My question is, does Squid store redundant caching information, i.e. if > proxy(alpha) went through proxy(beta) to proxy(theta), and proxy(theta) had > a copy of the requested http object that was first propagated from > proxy(alpha), then does an ac

[squid-users] read error (104)

Sometimes Squid returns this error: "ERROR The requested URL could not be retrieved While trying to retrieve the URL: http://login.passport.net/uilogin.srf? The following error was encountered: Read Error The s

Re: [squid-users] Transparent Proxy + Ldap Auth ... Its posible?...

mån 2003-09-01 klockan 15.51 skrev Arias, Sebastian Alejandro - (Ext Arg): > Squid ask me for a password at every time that I change the URL in my > Browser ... > Its posible to avoid it using ldap auth + transparent proxy? ... YOU CAN NOT USE AUTHENTICATION IN A TRANSPARENT PROXY. IF YOU WANT TO

Re: [squid-users] Memory leak?

mån 2003-09-01 klockan 14.40 skrev Shpend Bakalli: > For the moment my cache size is around 13 GB and the maximum setting is 48GB which > I'll probably lower a bit. I have around 1 million objects in HDD and around > 30-40.000 hot (in-memory) objects. this still does not explain why 2 and more G

[squid-users] log file redundancies in a network of caches

Hello to everybody reading this email, I'm a university student charged with the task of determining the page cost for for http requests in a network that makes extensive use of Squid proxies. My question is, does Squid store redundant caching information, i.e. if proxy(alpha) went through proxy(

Re: [squid-users] authenticateDecodeAuth error

mån 2003-09-01 klockan 14.33 skrev [EMAIL PROTECTED]: > authenticateDecodeAuth: Unsupported or unconfigured proxy-auth scheme, 'Basic > ' > -- > is this a misconfigured|buggy|broken client software Yes. This is a client trying to use Basic HTTP authentication to your proxy, e

Re: [squid-users] Aufs Problem???Syncing pending I/O operations..(blocking)

mån 2003-09-01 klockan 12.16 skrev TSIOLAS KOSTAS: > 2003/09/01 11:21:49| squidaio_queue_request: WARNING - Disk I/O overloading > 2003/09/01 11:21:49| squidaio_queue_request: Queue Length: current=4096, > high=4096, low=161, duration=5368 > 2003/09/01 11:21:52| ctx: exit level 0 > 2003/09/01 11

Re: [squid-users]

mån 2003-09-01 klockan 09.43 skrev Ward, John (GroupWare): > I'd like to know if the current versions of squid support CVP ( for > external virus scanners ) or ICAP ( for content filtering). No, but ICAP support is in development. -- Donations welcome if you consider my Free Squid support helpf

Re: [squid-users] Users need to authenticate time and again(solved)

mån 2003-09-01 klockan 11.21 skrev Christoph Haas: > The log files were very confusing. Henrik, is it possible to throw a > warning into the cache.log if the sibling access was denied? It already is there in access.log.. TCP_MISS/4XX (or anything but TCP_DENIED) is not good and tells the request

[squid-users] Transparent Proxy + Ldap Auth ... Its posible? ...

Squid ask me for a password at every time that I change the URL in my Browser ... Its posible to avoid it using ldap auth + transparent proxy? ... Regards, _ Sebastián Arias Infraestructure & Technologies AT&T Latín América, Argentina Phone: [5411]5288-05

Re: [squid-users] transparent proxy routing

mån 2003-09-01 klockan 10.04 skrev cc: > Henrik Nordstrom wrote: > > > Don't NAT, just route the packets via a different route (policy > > routing). > > What do you mean? What I say. If you want to redirect packets from a router to a cache server do so by routing. DO NOT USE NAT for the purpose

AW: [squid-users] problem installing squid 3.0 PRE3

Found it. A wrong cd-command before running the configure statementt led me into the wrong place. Sorry. But now - being at the rigt place - configure shows errors: This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. It wa

Re: [squid-users] Memory leak?

On Mon, 1 Sep 2003, Shpend Bakalli wrote: > (it continues to eat the mem and swaps), and it is not accounted in > squid process (which grows up to 500 MB). When squid is shut down Forgive me for asking the obvious question: are you basing this on the output of free? You're aware that the OS uses

Re: [squid-users] Memory leak?

very simple decrase your cache_mem to 32 not more than that and lets C :) -- Best Regs, Masood Ahmad Shah System Administrator ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ | * * * * * * * * * * * * * * * * * * * * * * * * | Fibre Net (Pvt) Ltd. Lahore, Pakistan | Tel: +92-42-6677024

Re: [squid-users] Memory leak?

-- Original Message -- From: Robert Collins <[EMAIL PROTECTED]> Date: Mon, 01 Sep 2003 21:07:44 +1000 >On Mon, 2003-09-01 at 19:50, shpendi wrote: >> Hi there, >> >> I'm running a Squid 2.5.STABLE3 Squid on Redhat 9 linux installed on a dual P4 >> 2.4GHz,

[squid-users] squid - dansguardian forwarding loop problem

Hello List, I have squid with dansguardian working on one system - working perfectly, but one thing i couldn't resolve is: I always get an error message about a forwarding loop in my /var/log/messages like that: (this was generated by requesting google.de) Sep 1 14:11:51 webserver1 squid[27855]

[squid-users] authenticateDecodeAuth error

hello. recently switched to auth scheme "Digest" with squid 2.5.STABLE3. and found this in my cache.log : --- WARNING: failed to unpack meta data authenticateDecodeAuth: Unsupported or unconfigured proxy-auth scheme, 'Basic ' -- is this a misconfigured|buggy

Re: [squid-users] Multiple servers running squid

Hello Adam, Thank you very much for spending your time with my doubts, it's very kind of you. Today I have one strong server (P4 2.8Ghz + 1 GB Ram + 36 GB cache total in 4 disks 15,000 rpm scsi) for about 3,000 users (broadband), but I want to prepare the network to serve 5,000+ users, so I'm

Re: [squid-users] Memory leak?

On Mon, 2003-09-01 at 19:50, shpendi wrote: > Hi there, > > I'm running a Squid 2.5.STABLE3 Squid on Redhat 9 linux installed on a dual P4 > 2.4GHz, 3GB RAM and 6xSCSI 320 harddisks. Your cache size is too large. See the FAQ on memory use. Cheers, Rob -- GPG key available at:

[squid-users] Aufs Problem???Syncing pending I/O operations.. (blocking)

hi, squid stop responding since friday. I have a lot of strange things like this in cache.log 2003/09/01 11:20:30| ctx: exit level 0 2003/09/01 11:20:30| ctx: enter level 0: 'http://www.vodafone.gr/vodafone/rcs/styles.css' 2003/09/01 11:20:30| squidaio_queue_request: WARNING - Disk I/O overload

Re: [squid-users] Squid start problem

On Monday 01 September 2003 10:43 am, ads squid wrote: > I have added user and gruop. > Then i Have given command : > /usr/local/squid/sbin/squid -k parse > > Then I created files in directory "/var/log/squid" > cache.log, access.log, store.log and swap.log Who owns this directory, and these file

[squid-users] Memory leak?

Hi there, I'm running a Squid 2.5.STABLE3 Squid on Redhat 9 linux installed on a dual P4 2.4GHz, 3GB RAM and 6xSCSI 320 harddisks. The proxy is configured to work as transparent. The problem is that after the proxy starts being hit, the memory consumption is going high as time passes until it st

Re: [squid-users] Squid start problem

I have added user and gruop. Then i Have given command : /usr/local/squid/sbin/squid -k parse No error. then command /usr/local/squid/sbin/squid -z Then I created files in directory "/var/log/squid" cache.log, access.log, store.log and swap.log no error. When i gave command /usr/local/squid/s

Re: [squid-users] Users need to authenticate time and again (solved)

On Fri, Aug 29, 2003 at 05:31:40PM +0200, Henrik Nordstrom wrote: > Enable log_mime_hdrs and pay attention to the Proxy-Authorization > headers sent by the browser. This header contains BASE64 encoded > login:password, and if it shows differences between a failed and a > successful request when you

Re: [squid-users] transparent proxy routing

Henrik Nordstrom wrote: > Don't NAT, just route the packets via a different route (policy > routing). What do you mean? > > If there is other routers inbetween the interception point and the > Squid box then use a GRE tunnel, if not direct routing. > > For reliable session routing in iptables

Re: [squid-users] Users need to authenticate time and again

On Fri, Aug 29, 2003 at 05:31:40PM +0200, Henrik Nordstrom wrote: > Enable log_mime_hdrs and pay attention to the Proxy-Authorization > headers sent by the browser. This header contains BASE64 encoded > login:password, and if it shows differences between a failed and a > successful request when you

[squid-users]

Hi, I'd like to know if the current versions of squid support CVP ( for external virus scanners ) or ICAP ( for content filtering). If not, how would you suggest it be implemented as we'd like to implement delay pools and certain content filters/scanners placed before the squid cache will break

Re: [squid-users] transparent proxy routing

On Monday 01 September 2003 06.18, cc wrote: > But how do I restrict Src ips? As it > stands, all the port 80 packets that > are sent to the 'net from the clients > are DNATd to the Squid box and SNAT > from the routing-box. Don't NAT, just route the packets via a different route (policy routin

Re: [squid-users] including more config files in main squid.conf

On Mon, 1 Sep 2003, at 2:44pm, [EMAIL PROTECTED] wrote: > What I would like to do is have a seperate config file for my squid ACLs > because i need a script which will modify these acls, and i dont want it > to have to go through the whole config file to find/update a single acl. You can referen

[squid-users] including more config files in main squid.conf

Hi people, Is there a way I can include seperate config files in the main squid.conf in a similar way to that done with the Apache config file. e.g. in squid.conf i would have the following line... Include conf/acls.conf and in acls.conf i would have all my access control lines instead of having

[squid-users] transparent proxy routing

Hi, I have transparent proxy running pretty well and caching ok. I'm not sure where to post, but since it is also a squid configuration issue, I'd try here. Currently, all outgoing port 80 calls are being routed (via iptables) to the squid box and then routed back through to the routing machine

Re: [squid-users] SQUID on an LTSP Server

On Mon, 2003-09-01 at 11:29, Simon Bryan wrote: > Hi all, > I have a number of clients running off an LTSP server An LTSP server is a single IP from squid's point of view. Ident would work, as it's a unix environment. Otherwise authentication is the way to go. Cheers, Rob -- GPG key available a

[squid-users] SQUID on an LTSP Server

Hi all, I have a number of clients running off an LTSP server, I need to block a number of them from accessing the internet, but allow access to the local intranet, and allow the rest to connect to the internet via our authenticating proxy. Now normally I would find this reasonably easy to do, howe