Yes it's the opposite order. My fault.
Just said it that way for squid tries to start up and then this error
comes.
But could be the winbind pipe, i'll check that out.
Regards,
Jens
> -Ursprüngliche Nachricht-
> Von: Henrik Nordstrom [mailto:[EMAIL PROTECTED]
> Gesendet: Mittwoch, 12. N
my situation : an iis server with intranet on the internal
network (10.10.10.7:80.)
I am trying to disclose the intranet pages to the internet
with ncsa authentication.
I have patched the source to get authentication working in
reversed proxy mode.
I can see in access.log that the authent
Thanks for the input, Henrik. If I didn't understand wrong, that's what
I've been trying to do. Shouldn't the line in my squid.conf forces Squid
to ignore the expiry information?
refresh_pattern . 0 20% 4320 override-expire
I might be missing something here. Please help.
Mr Nordstrom and Squid mailing list,
Squid-2.5.STABLE1-64 SuSE 8.2 Pro
My final solution thanks to much help from Mr Nordstrom is as follows:
--squid.conf:
--(add)
acl webmail url_regex -i ^http://webmail\.domain\.com
http_access deny webmail
deny_info ERR_SEND_HTTPS webmail
--then i
On Wednesday 12 November 2003 08:20 pm, Dave Hahn wrote:
> I'm using Squid 2.5 Stable 4 with a rather basic config. Everything is
> working as it should, with the exception of one site
> (www.hcmuscle.com).
The site loaded fine for me - Squid 2.5 STABLE4, IE 5.5 SP2 on Win2k SP3.
What client bro
I'm using Squid 2.5 Stable 4 with a rather basic config. Everything is
working as it should, with the exception of one site
(www.hcmuscle.com). Connections that do not go through the server are
able to receive the page without problems. As soon as I move the
machine behind the squid server,
On Wednesday 12 November 2003 05:25 pm, Henrik Nordstrom wrote:
> I know the Squid provided winbind helpers incorrecly gave warnings like
> the above when Squid shut down. Maybe the Samba ntlm_auth helper does as
> well..
As a user of Samba 3 and ntlm_auth, I can confirm that it does.
Adam
On Wed, 12 Nov 2003, Alex Carlos Braga Antão wrote:
>I start them perfectly, butwhen i access my proxy the first time,
> SQUID2 multiplies +- 20 times.
>When I type a "ps ax |grep squid", I have 19 process there
Are you using aufs? If so then this is normal and no need to worry.
R
On Thu, 2003-11-13 at 06:54, Henrik Nordstrom wrote:
> On Wed, 12 Nov 2003, Blomberg David wrote:
>
> > By the way I forgot to mention I am using Squid Version 2 (is that right
> > it was the default with SuSE 8.2 Pro)
>
> You need to be a little more specific on the Squid version.
>
> My answer
Hi,
>> acl ssread browser SSDOWNLOAD
>> http_access allow ssread
>>
>> I'm able to download some contents from the web, but not all.
>> Without Squid everything works fine. I'm using
>> squid-2.5.STABLE2-2mdk. The following is snip from access.log. Could
>> someone please give me a few pointers?
>
Hi There.
Please forgive the waffle.
We have an authenticated Squid proxy passing through to ATHENS
Authentication. http://www.athens.ac.uk. This works superbly well, and
is basically so our off campus users can use IP restricted resources.
Details of exactly what we are doing are available at
On Wed, 12 Nov 2003, Norman Zhang wrote:
> acl ssread browser SSDOWNLOAD
> http_access allow ssread
>
> I'm able to download some contents from the web, but not all. Without Squid
> everything works fine. I'm using squid-2.5.STABLE2-2mdk. The following is
> snip from access.log. Could someone ple
On Wed, 12 Nov 2003, Altrock, Jens wrote:
> There is no cache log, although I added the cache_log entry to the conf
> file...
Then there is no write permission for Squid to the specified log file.
> where to find the system's message files?
Usually in /var/log/messages. See your systems syslog
On Wed, 12 Nov 2003, Firas Mubarak wrote:
> 1- not all the pages are getting displayed. such as www.hotmail.com ( not displayed
> ) yahoo mail also not displayes.
Are you inside a firewall and must use the parent proxy? If so see the
Squid FAQ on how to use Squid within a firewall.
Your sympt
On Thu, 2003-11-13 at 09:28, Henrik Nordstrom wrote:
> On Wed, 12 Nov 2003, [Windows-1251] Èãîðü Ëÿïèí wrote:
>
> > How to delay client's requests from redirector decision?
> > Some of my staff would like to use chat, porn and other
> > and I must not deny them just slow down their connections
> >
On Wed, 12 Nov 2003, Tong Sun wrote:
> How can I configure squid for offline browsing?
The offline flag will enable you to browse any cacheable content cached by
Squid even if it has expired already.
It won't however allow you to browse not cacheable content offline.
Regards
Henrik
This is a dynamic page and does not have any expiry information. Because
of this it won't be cached by Squid unless you force Squid to via the
refresh_pattern directive.
Regards
Henrik
On Wed, 12 Nov 2003, Tong Sun wrote:
> Thanks Henrik for the input.
>
> I've changed the following in /etc/
On Wed, 12 Nov 2003 [EMAIL PROTECTED] wrote:
> Is it possible to specify 2 LDAP servers to implement a sort of failover for
> authentication ? (I tried to, without success).
Just specify the servers last on the command line.
You probably want to specify a connect timeout as well. Not sure what
On Wed, 12 Nov 2003, ROUTIER Gilles wrote:
> How to make with authentification NCSA so that certain users have
> certain rights and others not ?
>
> Exemple : User Gilles have the right to acced to microosft.com but
> Henrik no.
By making different proxy_auth acls for the different groups, and
On Wed, 12 Nov 2003, [Windows-1251] Èãîðü Ëÿïèí wrote:
> How to delay client's requests from redirector decision?
> Some of my staff would like to use chat, porn and other
> and I must not deny them just slow down their connections
> in worktime hours.
I do not think this can be done easily with
On Wed, 12 Nov 2003, Altrock, Jens wrote:
> I get the following error:
>
> utils/ntlm_auth.c: manage_squid_request(1042)
> fgets() failed! dying. errno=0 (Erfolg)
>
> after that squid dies.
> Is there a way to redirect the stdout to a file so I can get the whole start
> process
> of s
On Wed, 12 Nov 2003, Yedidia Klein wrote:
> we want to add another router that will be connected to another internet
> line and have a part of our internal IPs browsing through this new
> connection.
>
> we could run a second process of squid on the proxy machine, is there
> any way to tell s
On Wed, 12 Nov 2003, Altrock, Jens wrote:
> Although there must be an error, for squid reports errors in the ntlm_auth.c
> when starting, so it even doesn't start.
It might be easier to help you if we knew the error reported...
Most likely you have not given permission for Squid to use the privi
On Wed, 12 Nov 2003 [EMAIL PROTECTED] wrote:
> Is there a definitive guide to testing squid_ldap_auth and squid_ldap_group
> from the command line ?
Basic auth helpers (i.e. squid_ldap_auth) wants
username password
as input.
external group helpers (i.e. squid_ldap_group) wants
username group
Have you made sure the ident lookup have completed?
Regards
Henrik
On Wed, 12 Nov 2003 [EMAIL PROTECTED] wrote:
> And why does it not work für me???
>
> Version 2.5.STABLE4
>
> Squid.conf:
>
>acl user_rost ident rost
>
>reply_body_max_size 0 allow user_rost
>
On Wed, 12 Nov 2003 [EMAIL PROTECTED] wrote:
> If Squid is self-contained in this binary, then it should not matter
> whether the same configure flags are used - it should still work just fine,
> correct? Of course it may not work in the way it used to, but it should
> work :-)
Your configuratio
On Wed, 12 Nov 2003, Blomberg David wrote:
> By the way I forgot to mention I am using Squid Version 2 (is that right
> it was the default with SuSE 8.2 Pro)
You need to be a little more specific on the Squid version.
My answers always assumes a current Squid version. The current version is
Squi
On Wed, 12 Nov 2003, Blomberg David wrote:
> >>For older Squid versions you need to use a redirector helper sending a
> >>browser redirect.
>
> So in this case:
>
> regexi ^http://\.webmail\.domain\.com/.* "302:https://www\.domain\.com";
>
> would do the trick? I hope I got that right.
Looks
On Thu, 2003-11-13 at 05:28, Chris Wilcox wrote:
> >Hello,
> > I have an strange problem here.
> > I Have :
> >SQUID1 -> Dansguardian -> SQUID2
> >
> > On the same machine, SQUID1 and SQUID2 are 2 different process, with
> >different squid.conf files.
> >
> > I start them perfectly, bu
Hi,
I've a reader SSReader that goes to web and downloads a list of docs through
Squid. I have tracked down the User-Agent to be SSDOWNLOAD (www.ssread.com)
by enabling log_mime_hdrs. And I added the following rules to squid.conf
acl ssread browser SSDOWNLOAD
http_access allow ssread
I'm able to
> -Ursprüngliche Nachricht-
> Von: Adam Aube [mailto:[EMAIL PROTECTED]
> Gesendet: Mittwoch, 12. November 2003 15:43
> An: [EMAIL PROTECTED]
> Betreff: RE: [squid-users] Group Authentication (NT4 Domain)
>
>
> > I get the following error:
> >
> > utils/ntlm_auth.c: manage_squid_request(
Hello,
I am using Squid 2.5.STABLE3
I today discovered a page on my Squid Accelerator,
that had not completely been loaded from the Webserver backend.
I understand that this might happen, when users press Stop
or anything similar.
But hitting "Shift Reload" in latest MSIE should perform
a supe
Chris,
That's the point. There's only on client (me) accessing this proxy...
very strange. and I have never seen squid make this kind of things
ps -axf gives me:
220 ?S 0:05 /usr/local/squid/sbin/squid -NsY -f
/usr/local/squid/etc/squid.conf
222 ?S 0:00
Hello,
I have an strange problem here.
I Have :
SQUID1 -> Dansguardian -> SQUID2
On the same machine, SQUID1 and SQUID2 are 2 different process, with
different squid.conf files.
I start them perfectly, butwhen i access my proxy the first time, SQUID2
multiplies +- 20 times.
When I
Dear all,
i have this problem when im trying to operate squid as a proxy server...
1- not all the pages are getting displayed. such as www.hotmail.com ( not displayed )
yahoo mail also not displayes.
2- MSN messenger and yahoo messenger cant be used from the station connecting to the
squid
Hi,
How can I configure squid for offline browsing?
yesterday, I was browsing http://www.mnot.net/cache_docs/. I saw in
"store.log" that it has been cached:
1068584217.170 SWAPOUT 00 020B DCD1739F26628C5942E644EC80D67977 200
1068584197
1056513926 1068587797 text/html 48443/48443 GET http:
Thanks Henrik for the input.
I've changed the following in /etc/squid/squid.conf
#hierarchy_stoplist cgi-bin #?
hierarchy_stoplist
#acl QUERY urlpath_regex cgi-bin #\?
acl QUERY urlpath_regex nouse
no_cache deny QUERY
refresh_pattern . 0 20% 4320 ove
Hello,
We use a CacheFlow proxy with LDAP authentication. This proxy allow the administrator
to specify 2 LDAP servers, a main and a backup server, in case the main does not
respond to
queries.
I successfully implemented LDAP authentication on a Squid 2.5.3, with one server
("auth_param basic"
> Like This ?
Yes, that's the general idea.
Remember that a generic "http_access allow" (as all authenticated
users, your entire address space, etc) later in the chain could ruin
what you're trying to accomplish.
Are you trying to allow certain sites to only certain users, or allow
certain users
Like This ?
auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/passwd
auth_param basic children 10
acl sitesLoc dstdomain "/etc/squid/sitesLocaux"
acl sitesNat dstdomain "/etc/squid/sitesNationaux"
acl UsersSitesLoc proxy_auth "/etc/squid/UsersSitesLocaux"
acl UsersSitesNat proxy_auth
I cannot get a TCP_HIT using the ESI spec syntax:
Surrogate-Control: max-age=3600, content="ESI/1.0"
...but I can get a TCP_HIT by dropping the max-age directive from
surrogate control, and letting the Cache-Control tag set max-age,
like:
Cache-Control: max-age=86400
Surrogate-Control: c
> How to make with authentification NCSA so that certain users
> have certain rights and others not ?
Use the proxy_auth and/or proxy_auth_regex acl types. REQUIRED is just
a special wildcard for proxy_auth; one or more specific usercodes can
be specified instead.
This will work with any form of
Hy,
How to make with authentification NCSA so that certain users have
certain rights and others not ?
Exemple : User Gilles have the right to acced to microosft.com but
Henrik no.
Thanks
Gilles
Hello,
I have an strange problem here.
I Have :
SQUID1 -> Dansguardian -> SQUID2
On the same machine, SQUID1 and SQUID2 are 2 different process, with
different squid.conf files.
I start them perfectly, butwhen i access my proxy the first time,
SQUID2 multiplies +- 20 times.
When I t
And why does it not work für me???
Version 2.5.STABLE4
Squid.conf:
acl user_rost ident rost
reply_body_max_size 0 allow user_rost
reply_body_max_size 200 allow all
Trying to download a file of about 100 MB gives I get the message
ERR_TOO_BIG.
access.l
> Could you give an example of such acl for
Check your squid.conf.default for information on the url_regex and
time acls, and see the Squid FAQ on access controls.
http://www.squid-cache.org/Doc/FAQ/FAQ-10.html
Adam
Hello Adam,
Could you give an example of such acl for
http://URl-1
.
http://URl-1000
and working during working hours 10-00 16-30 in
M - Monday
T - Tuesday
W - Wednesday
H - Thursday
F - Friday
Wednesday, November 12, 2003, 5:34:17 PM, you wrote:
>> How to delay client's requests from redire
> we want to add another router that will be connected to
> another internet line and have a part of our internal
> IPs browsing through this new connection.
Then you'll want to use the tcp_outgoing_address directive to set the
source IP for the outgoing packets based on Squid acls. It works
simil
> I get the following error:
>
> utils/ntlm_auth.c: manage_squid_request(1042)
> fgets() failed! dying. errno=0 (Erfolg)
>
> after that squid dies.
This looks like the "error" the ntlm_auth helpers give when Squid
closes the connection between them.
> Is there a way to redirect the stdo
cause I don't want to maintain two proxies servers...
--Yedidia
Mohsin Khan wrote:
hi!
why do not you run squid on any other machine?,
with the gateway of other router.
--- Yedidia Klein <[EMAIL PROTECTED]> wrote:
Hi,
We are using squid as web proxy in our campus for
several years.
the c
> How to delay client's requests from redirector decision?
> So the decision is make from time and URL.
You can control what requests get put into a delay pool using standard
Squid acls and the delay_access parameter (similar to http_access). So
if you can write a Squid acl to match it, you can co
Hello squid-users,
How to delay client's requests from redirector decision?
Some of my staff would like to use chat, porn and other
and I must not deny them just slow down their connections
in worktime hours.
So the decision is make from time and URL.
Best regards,
Игорь
Hi all
Has anyone got any experience with configuring SQUINT ?
I cannot get any reports.
It creates directories and html files but all empty.
Any clue ?
Thanx !
Valter
I get the following error:
utils/ntlm_auth.c: manage_squid_request(1042)
fgets() failed! dying. errno=0 (Erfolg)
after that squid dies.
Is there a way to redirect the stdout to a file so I can get the whole start
process
of squid logged?
Jens
> -Ursprüngliche Nachricht-
> V
> I need to make a group authentication via proxy, set up
> samba, authentication of user by Samba 3 works (groups as well).
> Although there must be an error, for squid reports errors in
> the ntlm_auth.c when starting, so it even doesn't start.
Could you post the error you see on startup?
Adam
Henrik Nordstrom wrote:
On Tue, 4 Nov 2003, David Landgren wrote:
reply_body_max_size 0 allow user_davidl user_tomn
This is a contradiction and can never be true. The same request can not
come from both users at the same time.
What you want is a single ACL listing all users in this ca
> I am using ntlm_auth from samba-3.0.0 with squid 2.5.STABLE3.
> And neither Win2k clients can authenticate, nor win98 ones.
Then you likely have a problem with your Samba install. Did you run
the wbinfo tests as specified in the Squid FAQ? If so, what was the
output? If not, run them and post th
> If Squid is self-contained in this binary, then it should not matter
> whether the same configure flags are used - it should still
> work just fine, correct?
More or less correct. Remember that the new Squid binary will be using
the squid.conf of the old Squid binary, so you want to make sure th
Hello Squid users,
Nerijus Baliunas already had asked here about similar problem, but there was no answer.
I am using ntlm_auth from samba-3.0.0 with squid 2.5.STABLE3.
And neither Win2k clients can authenticate, nor win98 ones.
(people, who had faced this trouble, usually could authenticate Win2
Hi,
We are using squid as web proxy in our campus for several years.
the configuration now is that the machine is routing all web data
through it's default gateway.
we want to add another router that will be connected to another internet
line and have a part of our internal IPs browsing throug
Files aren't fed to the client until they have been downloaded in full and
scanned. Just enough data is trickled to the client to keep the
connection alive until the full file is received at the gateway.
Jerry
- Original Message -
From: "Peter van der Does" <[EMAIL PROTECTED]>
To: <[EMA
If the desktops are locked down 100% and are updated regularly then it's
not really necessary IMO, but I generally do it anyway. It's an extra
layer that can help stop things before they get in the network.
Webmail is the biggest real offender. Other routine browsing is rare to
get a hit.
There
Rui,
Thanks for the input again
I was using icap://:1344/respmod, instead of avscan
I changed it, and it worked, for a while
I was using the icap_streaming patch, and it worked for a while, then it
complained about something like a 0 byte response from the icap server
Rui,
Thanks for the input again
I was using icap://:1344/respmod, instead of avscan
I changed it, and it worked, for a while
I was using the icap_streaming patch, and it worked for a while, then it
complained about something like a 0 byte response from the icap server
Hello, I am very new to squid & Linux in general. This past weekend I
got a very simple squid to work & I was also able to connect to cache
manager that was on the same RH9 box. When I attempted to add my other
subnetwork 192.168.2.1 (192.168.1.1 was working O.K.) I could not
connect to cache man
What is it you want to scan on the proxy?
I don't see the use of a scanner on a proxy myself. Files which you
download can not be scanned until they are downloaded completely and
then they are on the client allready anyway.
As for HTML/Javascript threads, I don't know how much you encounter
them,
Henrik
If Squid is self-contained in this binary, then it should not matter
whether the same configure flags are used - it should still work just fine,
correct? Of course it may not work in the way it used to, but it should
work :-)
Just wanted to clarify, as I'm planning on doing this in the n
Hello,
I have unsuccesfully tried to install Squirm/Virulator/Sophos Antivirus
(Squid is working nice).
Not I am asking for technical support, but only want to know if you think an
antivirus should be installed on the Proxy or just on the clients.
I need arguments to convince my boss to keep the p
Hello all,
I have trouble getting the squid_ldap_group module running
Actually I am even still stuck at the command-line, which is not
working.
linux:/usr/local/squid/libexec # ldapsearch -x -h 192.168.10.1 -b
"ou=gruppen,o=nsc" "(&(cn=alle)(member=cn=JBeers,ou=Technik,o=NSC))"
...(snip)
# alle,
Hello members,
can anybody help me that how i redirect all downloading to another server.
Scenario is
I've 2 server. 1 is use for browsing and 2nd is use for downloading.
I want that all downloading request like (exe, mp3, zip, mpg) , those r
comming on First server is automatically redirect to s
Hi there,
I am back again :) I need to make a group authentication via proxy, set up
samba, authentication of user by Samba 3 works (groups as well).
Although there must be an error, for squid reports errors in the ntlm_auth.c
when starting, so it even doesn't start.
My conf file:
---
Henrik
Just for closure now the system is now up and running as we wanted and
I have a moment to relax.
On Friday, November 7, 2003, at 04:18 pm, Henrik Nordstrom wrote:
On Fri, 7 Nov 2003, Richard Barrett wrote:
My objective is to use Squid as an https reverse proxy front ending an
Apache se
On Wed, 2003-11-12 at 09:09, Henrik Nordstrom wrote:
> On Wed, 12 Nov 2003, Blomberg David wrote:
>
> > I have a bunch of users (actually across a few domains) who are
> > requesting http://webmail.domain.com as I have no control over that
> > server and it answers the request happily I need to pu
73 matches
Mail list logo