Hi trying to configure transparent proxy with this rule any error?
#iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT
--to-port 3128
The requested URL could not be retrieved
While trying to retrieve the URL: /
The following error was encountered:
* Invalid URL
Some aspe
Hello Fritz!
Well it didnt work. I was looking forward for somebody to give me a hint
regarding this problem. I am open for inputs.
Shan
Hello Shan!
Were you able to make it work?
I have also been trying to make it work to no avail. :D
Perhaps you can post here what you did if you made it to wo
www.google.com search:
how to block file types with squid
read.
-Original Message-
From: Gaurav Duggal [mailto:[EMAIL PROTECTED]
Sent: Wednesday, January 14, 2004 2:19 PM
To: [EMAIL PROTECTED]
Subject: [squid-users] blocking of downloads
Hi,
I want to block download of mp3,scr,msf,z
Greeting,
My proxy server is setup to contact active directory for user
authentication.
For some reason, it is been blocked every night about 1:00am. I cannot find
any error on both machine, and also no cronjob/at job running on the time.
Can anyone advice if there is the way to log the problem?
Hello Shan!
Were you able to make it work?
I have also been trying to make it work to no avail. :D
Perhaps you can post here what you did if you made it to work.
Thanks.
Cheers,
fritz
---
+ Basta Ikaw Lord
-Original Message-
From: Shan Ch. [mailto:[EMAIL PROTECTED]
Sent: Tuesday,
Hi,
I want to block download of mp3,scr,msf,zip files through squid.
Kindly let me know how to go about this.
Regards
Gaurav Duggal.
begin:vcard
n:Duggal;Gaurav
tel;cell:9810095313
tel;fax:2219169
tel;home:2219800
tel;work:2219060
x-mozilla-html:FALSE
url:OMAXAUTO.COM
org:OMAX AUTOS LIMITED;I
His solution will work. It combines the maxconn and your local net to
limit the grand total. Or use the any source with maxconn like he
describes if you are using it as a accelerator.
-Original Message-
From: Paul [mailto:[EMAIL PROTECTED]
Sent: Tuesday, January 13, 2004 6:04 PM
To: damk
Thank you for your reply, but I don't think this is what I'm
looking for. What I want has nothing to do with our local net.
We want to limit the *grand total* number of connections to our
squid from *anywhere*, to give it some breathing room, to leave
some memory for other processes, to allow us t
This is better:
acl yournet src xxx.xxx.xxx.xxx
acl connlimit maxconn 2
http_access allow yournet !connlimit
http_access deny all
Cheers,
.::DAMK::.
On Tue, 13 Jan 2004 15:21:44 -0800 (PST), Paul <[EMAIL PROTECTED]> wrote:
I'd like to limit the total number of connections from anywhere,
and would
I'd like to limit the total number of connections from anywhere,
and would like some clarification. For example, with the following:
acl connlimit maxconn 2
http_access deny all connlimit
http_access allow !connlimit
I can establish at most 2 connections from one IP number.
So far so good.
On Tue, 13 Jan 2004, Antonio Manfreda wrote:
> Dear all,
> I have a question about NTLM.
>
> Does Squid support NTLMv2 authentication or just standard NTLM?
Just standard NTLM and LANMAN at this time.
The Samba ntlm_auth helper reportedly does support both NTLMv2 and NTLM2
but the interface to
On Tue, 13 Jan 2004, Giulio Cervera wrote:
> 2004/01/13 15:41:57| urlParse: Illegal character in hostname
> '<=strip(nnumber)>'
Someone requested
http://<=strip(nnumber)>/path or similar request.
> 2004/01/13 15:42:09| urlParse: Illegal character in hostname
> '194.213.2.5:8080194.213.2.5'
On Tue, 13 Jan 2004, Robert Gabriel wrote:
> Problem is: can we get Squid to handle [EMAIL PROTECTED], user\domain or
> something similar for proxy authentication from Internet Explorer?
Squid just sends whatever the user entered in the login box to the helper.
If you can get the required authen
Hamed
can you please let me know what is your ldap client and ldap server???
Probably I can give some help on Squid mailing list for ldap server
:-)
BR
Mohammad
-Original Message-
From: Henrik Nordstrom [mailto:[EMAIL PROTECTED]
Sent: 13 January 2004 22:12
To: Hamed Majnooni
On Tue, 13 Jan 2004, Austin Lee wrote:
> I get a lot of lines that say:
> 1073682097.533 2 64.171.70.171 TCP_DENIED/407 1755 CONNECT
> 38.118.153.126:443 - NONE/- text/html
407 is authentication required.
No connection to the server is opened here.
> along with:
> 1073682097.561 63 64.
On Tue, 13 Jan 2004, Tim Neto wrote:
> The undocumented (in Squid 2.5.STABLE1) parameter of "external" was the
> barrier to getting LDAP group control. The group control is working
> very well.
I would recommend upgrading. See http://www.squid-cache.org/bugs/v2/2.5/
for reasons why..
> I rec
On Tue, 13 Jan 2004, Hamed Majnoonian wrote:
> 1- The name of my domain is "juno.hov.butanegroup.com" - juno is the
> name of my active directory and the rest is the domain name.
Ok.
> 2- Here is my Ldapsearch argument: /Ldapsearch -h 192.168.2.2 -xv -b
> dc=juno,dc=hov,dc=butanegroup,dc=com "ui
I believe the built-in handlers support standard NTLM. For NTLMv2, you have to
use Samba 3's authenticator, like this:
/usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
- Original Message -
From: "Antonio Manfreda" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, January 13
Dear all,
I have a question about NTLM.
Does Squid support NTLMv2 authentication or just standard NTLM?
Regards,
Antonio Manfreda
I get a lot of lines that say:
1073682097.533 2 64.171.70.171 TCP_DENIED/407 1755 CONNECT
38.118.153.126:443 - NONE/- text/html
along with:
1073682097.561 63 64.171.70.171 TCP_MISS/200 164 POST
http://38.118.153.221/idle/142032232/306 austin DIRECT/38.118.153.221 -
or
1073682097.496
And make sure you could get yog1.yahoo.com through yog33.yahoo.com
resolved, try nslookup.
On Tue, 13 Jan 2004 12:34:08 +, Shan Ch. <[EMAIL PROTECTED]> wrote:
Hi!
I am trying to route all the network traffic through my Linux 8.0 machine
using Squid. But everytime i try to connect to yahoo
try put line acl Safe_ports port 11999 in #ACCESS CONTROL OPTIONS instead
of http_port.
Cheers,
.::DAMK::.
On Tue, 13 Jan 2004 12:34:08 +, Shan Ch. <[EMAIL PROTECTED]> wrote:
Hi!
I am trying to route all the network traffic through my Linux 8.0 machine
using Squid. But everytime i try t
Today reading cache.log i found a lot of strange messages
'<=strip(nnumber)>'
...
2004/01/13 15:41:57| urlParse: Illegal character in hostname
'<=strip(nnumber)>'
2004/01/13 15:41:57| urlParse: Illegal character in hostname
'<=strip(nnumber)>'
2004/01/13 15:41:58| urlParse: Illegal character in
Hello all,
I have looked everywhere, the archives, FAQs, man pages, squid.conf
etc. I must be missing something. PLEASE CAN SOMEONE HELP!
We have at our client, Linux with Kerberos 5 setup to authenticate users
wishing to use Squid via Active Directory Services on NT. The NT system
is the KDC.
W
Hello Henrik,
Thank you very much!:)
The undocumented (in Squid 2.5.STABLE1) parameter of "external" was the
barrier to getting LDAP group control. The group control is working
very well.
I recommend placing the group allow ACL definitions before the deny
definitions in the squid.conf fi
>On Tue, 13 Jan 2004 [EMAIL PROTECTED] wrote:
>
> What I wish to know is that even though I have 37.85kbps downlink I
> never get this.
>
How are you calculating this amount of bandwidth ?
It would be a lot easier if u use Delay Pools .
Regards
Babar Kazmi.
Dear Henrik,
Regarding to your last e-mail here is the information:
1- The name of my domain is "juno.hov.butanegroup.com" - juno is the
name of my active directory and the rest is the domain name.
2- Here is my Ldapsearch argument: /Ldapsearch -h 192.168.2.2 -xv -b
dc=juno,dc=hov,dc=butanegroup
On 13 Jan 2004, Leon Dippenaar wrote:
> httpd_accel_port : 81 ( because 80 is taken by apache or doesn't this
> matter?)
This needs to be 80. It is not related to on which port Squid accepts the
requests, but which port it should assume the request is for.
> Now here is my question must tra
Hi!
I am trying to route all the network traffic through my Linux 8.0 machine
using Squid. But everytime i try to connect to yahoo games the java
applet wont load. I get a message that my PC is behind a firewall.
I have opened the port 11999 following is the config.
http_port 3128
http_port 11999
Okay here is the scenario
I need to do transparently proxy for RAS users on 172.17.1.0/24 range
here is a simple picture
LAN
|
[(RAS)172.17.1.0/24]-[Cisco3640]--[Firewall1]---[PROX
On Mon, 12 Jan 2004, Nilesh wrote:
> How can i Block only mp3, Dat , exe files from
> downloading
By using the urlpath_regex acl, matching URLs ending in .mp3 (\.mp3$) etc.
You may also be able to use the rep_mime_type acl in http_reply_access to
match the mime type of the returned content.
R
On Mon, 12 Jan 2004, Nilesh wrote:
> One more problem im facing in squid that is im not
> able to block sites through IP , i can block sites
> through URL but not through IP
> check my acl
To block sites by domain you should use dstdomain acl type.
To block sites by IP you should use the dst a
On Tue, 13 Jan 2004 [EMAIL PROTECTED] wrote:
> What is the default bandwidth of squid?
Squid by default does not limit bandwidth usage.
If you want you can limit the bandwidth usage by using delay pools.
> What I wish to know is that even though I have 37.85kbps downlink I
> never get this.
Th
On Mon, 12 Jan 2004, Austin Lee wrote:
> Our company has a Flash Communications Server MX 1.5 application. When I connect
> to it through squid, it keeps on generating connections until the server limit
> is reached. Why does it do this? The connection from the workstation to squid
> shows that th
On Mon, Jan 12, 2004 at 10:33:11PM -0800, Nilesh wrote:
> How can i Block only mp3, Dat , exe files from downloading
If you only want to check the file suffixes you can you ACLs with
regular expressions. However often enough it's complicated to find the
right syntax. People can easily add a '?' a
35 matches
Mail list logo
