Hello,
How will i be able to block certain users on using my proxy? They are all
connected via dhcp, and some i allowed full access and some i wish to deny
even on time ex.
user-full-access = NO LIMIT
user-1-access = 12pm to 1pm only access
user-2-access = 6pm to 7pm only access
is this possible
>Example for bad access: username + password is not correct or user has
>no read access to proxyauth:
>
>melvin wrongpassword
>Domain name: bogegod
>Pass-through authentication: no
>Query address options: -U gont-pdc01 -R
>Domain controller IP address: 10.23.4.141
>Domain controller NETBIOS name:
On Wed, 10 Dec 2003, Richard Lyons wrote:
> The bugfix is incorporated into squid-2.5.STABLE4. Perhaps
> the FAQ answer should be updated to indicate that some examples
> of ZSR can be resolved by using a recent version of squid.
Done.
Here are some things you can try to reduce the occurance
On Tue, 9 Dec 2003, Trevor wrote:
> Some firewalls (eg Cisco PIX) allow HTTP filtering based on contents of
> packets. However, such firewalls may require that the Host: header of a
> request be in the first packet of a request. Currently, squid rewrites
> client headers with the result that the
On Tue, 9 Dec 2003, Trevor wrote:
> I downloaded and installed the squid-2.5.STABLE3-20030613.3.i386.rpm,
The package has an early fix for this bug:
http://www.squid-cache.org/bugs/show_bug.cgi?id=699
The bugfix is incorporated into squid-2.5.STABLE4. Perhaps
the FAQ answer should be up
Yes, and I couldn't agree with you more. Thanks for digging up the
reference URL, Henrik.
BTW, there was a Cisco PIX in front of the squid box. Now I'm sure that it
was that damn pix that was screwing up my headers, because on my other
network it works just fine (squid 2.4-STABLE6). Maybe this
What this page refer to is the Host header rearrangement done by
squid-2.5.STABLE3 and earlier and which was found to cause some broken web
servers / firewalls to break in different manners. More information on
this issue can be found from the Squid-2.5 bugs page
http://www.squid-cache.org/Versions
Problem solved.
Below is the steps that I followed:
I went to this website (who also claimed to have similar problems):
http://mis-helpdesk.eq.edu.au/redhat.htm
>From the MIS-Helpdesk Site: "A zero sized reply can be returned for sites
that have complex urls or require the use of cookies (Eg. ho
I would second the need for it. After this came up I immediately
started looking in the default squid.conf for a "allow zero sized reply
message" (or similar) option. Obviously, I didn't find one.
Peter
Henrik Nordstrom wrote:
On Tue, 9 Dec 2003, Peter Smith wrote:
[EMAIL PROTECTED] root
Hendrik,
Yes, ECN is set to 0. Thanks for your assistance.
Regards,
Trevor.
-Original Message-
From: Henrik Nordstrom [mailto:[EMAIL PROTECTED]
Sent: Tuesday, December 09, 2003 1:29 PM
To: Trevor
Cc: [EMAIL PROTECTED]
Subject: RE: [squid-users] Zero Sized Reply [attn: long post]
On T
On Tue, 9 Dec 2003, Peter Smith wrote:
> [EMAIL PROTECTED] root]# *telnet 171.67.89.148 8080*
> Trying 171.67.89.148...
> Connected to 171.67.89.148.
> Escape character is '^]'.
> *GET / HTTP/1.0*
>
> Connection closed by foreign host.
> [EMAIL PROTECTED] root]#
>
> That server is not working co
On Tue, 9 Dec 2003, Kalugdan, Renato wrote:
> /usr/local/squid/sbin/squid -k check
>
> Could not send 0 to process 6712 (3) process does not exist
Your Squid is not running. See cache.log for any error indicating why it
stopped.
Regards
Henrik
On Tue, 9 Dec 2003, Trevor wrote:
> We use squid 2.5-STABLE-3 (port 3128) to connect to the Internet via
> traditional browser proxy configuration. Everything works great except for
> specific sites (yahoo mail, aol mail, hotmail, and sometimes mapquest).
> These sites return a "Zero Sized Reply"
On Tue, 9 Dec 2003, Trevor wrote:
> I have another squid box with the same squid.conf configuration (however,
> it's transparent) at another location and it works fine with hotmail.
> That's strange. It's running on port 3128 I wonder if the firewall (Cisco
> PIX) needs to know about that port.
On Tue, 9 Dec 2003, Ampugnani, Fernando wrote:
> Anybody know if a large swap.state file downgrade the squid box
> performance.?
Not as long as there is space awailable and you stay below the magic 2GB
filesize limit.
It should howevever be noted that swap.state is garbage collected every
time
On Tue, 9 Dec 2003 [EMAIL PROTECTED] wrote:
> The intranet page uses NT credentials to automatically authenticate the
> user. I enabled the always_direct option for the local servers but it looks
> like this does not do what I expected it to do (always_direct means never
> cache? My proxy is sti
On Tuesday 09 December 2003 7:56 pm, Peter Smith wrote:
> [EMAIL PROTECTED] root]# *telnet 171.67.89.148 8080*
> Trying 171.67.89.148...
> Connected to 171.67.89.148.
> Escape character is '^]'.
> *GET / HTTP/1.0*
>
> Connection closed by foreign host.
> [EMAIL PROTECTED] root]#
>
> That server is
On Tue, 9 Dec 2003, Travis Bullock wrote:
> Hey thanks for that. It confirmed that it is indeed 'stable1' and not
> 'stable4'.
>
> The command I used at the start was:
>
> ./configure --prefix=/usr/local/squid
>
> I also edited the init script to ensure it was pointing to
> /usr/local/squid/sq
On Tue, 9 Dec 2003, josh wrote:
> I have noticed that my system seems to be using more and more memory
> over time as reported by top and free while the number of applications
> running stays the same.
By which column in the free output?
> Then it crashes eventually.
This is not normal.
> Stop
On Tue, 9 Dec 2003 [EMAIL PROTECTED] wrote:
> When I try to run multiple Squid processors from the command line it tells
> me that Squid is already running and returns the process ID.
There is a lilttle work required to run more than one Squid on the same
box, but not much.
The easies is to in
[EMAIL PROTECTED] root]# *telnet 171.67.89.148 8080*
Trying 171.67.89.148...
Connected to 171.67.89.148.
Escape character is '^]'.
*GET / HTTP/1.0*
Connection closed by foreign host.
[EMAIL PROTECTED] root]#
That server is not working correctly. It really does give a zero-sized
reply. It is not
Hi all,
Anybody know if a large swap.state file downgrade the squid box
performance.?
Thanks in advance.
Fernando Ampugnani
EDS Argentina - Software, Storage & Network
Global Operation Solution Delivery
Tel: 5411 4704 3428
Mail: [EMAIL PROTECTED]
This is an example of a link that does not connect (same message squid gives
me when trying to connect to hotmail):
http://171.67.89.148:8080/
I get:
ERROR
The requested URL could not be retrieved
While trying to
Thanks Peter,
I have another squid box with the same squid.conf configuration (however,
it's transparent) at another location and it works fine with hotmail.
That's strange. It's running on port 3128 I wonder if the firewall (Cisco
PIX) needs to know about that port.
Regards,
Trevor.
-Ori
I would like to say that I am using ~4 Squid-2.5.STABLE4's which have
about 190-250 users connected to each on average and haven't had any
problems with "Zero Sized Reply"s. I would probably suspect my
connection if that were the case. I'll post my squid.conf, however, so
you can look at it:
Hello,
We use squid 2.5-STABLE-3 (port 3128) to connect to the Internet via
traditional browser proxy configuration. Everything works great except for
specific sites (yahoo mail, aol mail, hotmail, and sometimes mapquest).
These sites return a "Zero Sized Reply" error message. Disabling squid
al
Newbie here,
/usr/local/squid/sbin/squid -z creates swap directories
/usr/local/squid/sbin/squid starts squid
/usr/local/squid/sbin/squid -k parse (looks ok)
/usr/local/squid/sbin/squid -k check
Could not send 0 to process 6712 (3) process does not exist
Please clarify. Thanks.
Hey thanks for that. It confirmed that it is indeed 'stable1' and not
'stable4'.
The command I used at the start was:
./configure --prefix=/usr/local/squid
I also edited the init script to ensure it was pointing to
/usr/local/squid/squid.conf
Why is it still running 'stable1' ?
Cheers,
Travi
Hey everybody. Up front I am very green at Linux.
I have downloaded, ./configure'd, make all and make install,
squid2.5-stable4. When I point my browser to port 3128, I get a Access
Denied HTML page. This does not concern me because I haven't fully
configured the squid.conf file yet. I was just d
[EMAIL PROTECTED] writes:
> When I try to run multiple Squid processors from the command line it tells
> me that Squid is already running and returns the process ID.
[...]
You have to tweak various parameters for this to work correctly: prepare a
second configuration file which differs from the
All,
I have recently setup a squid proxy and am having trouble dealing with
connections to a local intranet. Im running Squid 2.5STABLE1 and ie 6.0 is
my browser.
The intranet page uses NT credentials to automatically authenticate the
user. I enabled the always_direct option for the local serv
On Tue, Dec 09, 2003 at 10:40:10AM +0100, Henrik Nordstrom wrote:
> On Mon, 8 Dec 2003, josh wrote:
>
> > How do I track down a memory leak?
>
> I usuaully use memprof on RedHat 7.X for this purpose.
>
> > How do I fix one if I find it?
>
> Once it is tracked down it is usually not hard to plug
When I try to run multiple Squid processors from the command line it tells
me that Squid is already running and returns the process ID.
Any advice.
Jonathan Hughes
Original Message
Subject: Re: [squid-users] A little help with always_direct
From:[EMAIL PROTECTED]
Date:Tue, December 9, 2003 7:24 pm
To: "Henrik Nordstrom" <[EMAIL PROTECTED]>
--
Thank you so much Hendrik !
Thx & Rgds,
Awie
- Original Message -
From: "Henrik Nordstrom" <[EMAIL PROTECTED]>
To: "Awie" <[EMAIL PROTECTED]>
Cc: "Squid-users" <[EMAIL PROTECTED]>
Sent: Tuesday, December 09, 2003 5:43 PM
Subject: Re: [squid-users] Patching Squid
> On Tue, 9 Dec 2003,
> Hi all,
>
> I've got a parent proxy which requires authentification and is the only
> way to get to outside world. I configured my squid to use this parent
> proxy as default. When I try to request any document, child squid requests
> credentials, but it appears that they are not passed to paren
On Tue, 9 Dec 2003, melvin melvin wrote:
> /usr/local/bin/smb_auth.sh: /usr/local/samba/bin/nmblookup: No such file or
> directory
This is a problem.. you have not told smb_auth where Samba is installed.
See the smb_auth installation instructions.
Regards
Henrik
On Tue, 9 Dec 2003, Awie wrote:
> [EMAIL PROTECTED] squid-2.5.STABLE4]# patch -p1< squid-2.5.STABLE4-synflood.patch
> patching file src/cf.data.pre
> Hunk #1 succeeded at 3107 (offset -8 lines).
> patching file src/comm.c
> patching file src/forward.c
> patching file src/neighbors.c
> patching fil
On Tue, 9 Dec 2003, Yedidia Klein wrote:
> I've a user that use FP extension to update his site,
> and he can't do it w/ squid.
>
> here is the log (squid2.5STABLE4)
> 1070899870.386194 1.2.3.4 TCP_MISS/401 1676 POST
> http://www.site.com/_vti_bin/_vti_aut/author.exe username
> DIRECT/212.1
On Mon, 8 Dec 2003, josh wrote:
> How do I track down a memory leak?
I usuaully use memprof on RedHat 7.X for this purpose.
> How do I fix one if I find it?
Once it is tracked down it is usually not hard to plug the leak.
But it should be noticed that Squid-2.5.STABLE4 is not known to leak any
On Tue, 9 Dec 2003, Scott Muller wrote:
> 1). Access to the Internet should go via Parent ProxyABC or
> if that is unavaiable then go Direct.
>
> 2). Access to *.xyz.example.com should (DEFAULT) go via ProxyXYZ or
> if unavalaible via ProxyABC or else go Direct (As for 1)
One way to do this is b
On Tue, 9 Dec 2003, melvin melvin wrote:
> 1) create proxyauth file with "READ" access on the Netlogon share of the
> Primary domain controller
> added the lines in squid.conf
> 2) authenticate_program /usr/local/squid/bin/smb_auth -W SVR10
>
> do i need to do any changes to the smb.conf file of
On Tue, 9 Dec 2003, Kenneth Oncinian wrote:
> ***
> cache_peer proxy.parent.domain.com parent 8080 0 no-query default
> acl mydomain dstdomain .domain.com
> acl ipdomain1 dstdomain 10.87.2.0/25
> acl localnew dstdomai
Dear Frans,
Please use the script to do this.
Refer http://home.netscape.com/eng/mozilla/2.0/relnotes/demo/proxy-live.html
Regards,
Fadjar Tandabawana
> -Original Message-
> From: Frans Westra [mailto:[EMAIL PROTECTED]
> Sent: 09 Desember 2003 16:05
> To: [EMAIL PROTECTED]
> Subject
"Raphael Maseko" <[EMAIL PROTECTED]> writes:
> Hi Carols,
> Have you been able to determine that Squid is actually making use of both
> processors? Do you have other applications running on the same box?
[...]
Just run more than one squid process per box.
BTW: in my setup, I have noticed one v
Looks like missing the samba directory.
You must install samba.
Mit freundlichem Gruß/Yours sincerely
Werner Rost
GM-FIR - Netzwerk
ZF Boge Elastmetall GmbH
Friesdorfer Str. 175, 53175 Bonn, Deutschland/Germany
Telefon/Phone +49 228 3825 - 420, Telefax/Fax +49 228 3825 - 398
[EMAIL PROTECTED]
Thx Antony
I just put a comment in fron of http_access allow our_networks and
everything works fine
-Original Message-
From: Antony Stone [mailto:[EMAIL PROTECTED]
Sent: Monday, December 08, 2003 6:45 PM
To: Squid-Users
Subject: Re: [squid-users] restricting access by MAC
On Monday 08 De
hi all,
smb_auth will work with Windows NT account right?
when i use the -U option, do i key in the ip address or the computer name?
in anycase i think smb_auth cant seem to find this file
i tried this line
/usr/local/squid/bin/smb_auth -W SVR10 -U Poppy01 -d
it returns
melvin correctpasswd
Pass-t
Hello,
I have the following problem. I wan't to load the correct Proxy server
based on URL.
If visitor visits http://10.2.3.98 use proxy A and keep using it, so the
following
urls like http://10.2.14.1 and all other http://10.2.x.x go via proxy A
If visitor visits URL http://10.2.3.233 use no p
hi,
I've a user that use FP extension to update his site,
and he can't do it w/ squid.
here is the log (squid2.5STABLE4)
1070899870.386194 1.2.3.4 TCP_MISS/401 1676 POST
http://www.site.com/_vti_bin/_vti_aut/author.exe username
DIRECT/212.199.222.4 text/html
1070899884.039173 1.2.3.4 TCP
Does smb_auth work without squid?
Please enter this command:
/usr/local/bin/smb_auth -W -U -d
There is no prompt. Enter blank and check the output
carefully
Example for success: username + password is correct
melvin topsecret
Domain name: bogegod
Pass-through authentication: no
Query addres
All,
I tried to apply patch and saw messages below.
[EMAIL PROTECTED] squid-2.5.STABLE4]# patch -p1< squid-2.5.STABLE4-synflood.patch
patching file src/cf.data.pre
Hunk #1 succeeded at 3107 (offset -8 lines).
patching file src/comm.c
patching file src/forward.c
patching file src/neighbors.c
patch
52 matches
Mail list logo