Hi,
vda wrote:
The default number of resumable sessions that will be cached on the
server is 50. To modify the number of sessions
cached, set the SSL_RESUMABLE_SESSIONS notes.ini variable to the desired
number. Setting
SSL_RESUMABLE_SESSIONS=1 will disable SSL session resumption on the server.
Right, i have got squid to block by IP ranges via a web app i have
created, is there a way to enable access to the server thru the proxy
when in the banned list, is there a localhost directive or something.
Many many thanks
Chris
*
On Friday 06 February 2004 06:41, Matt wrote:
> While we are on the subject is there a way to completely block yahoo
> messenger with squid?
watch the logs
construct acl
deny access
feel yourself like BOFH ;)
--
vda
On Thursday 05 February 2004 10:18, Rainer Traut wrote:
> We are using squid 2.5 S4 and also tried v3, OS is Redhat EL ES3,
> clients are always IE6 and IE5.5.
> Squid is the gateway to a small transfer net to firewall and then to DMZ
> and internet.
> Firewall has changed from Checkpoint FW1 to an
Hi,
I would be very pleased about a hint that solves our following
problem. It seems simple but I could not yet find a squid
configuration that works.
We have a list of about 12,000 Hostnames. Users should be forced
to authenticate if they request an URL from one of these Hosts.
Any other host in
Hello:
My environment details:
OS: RH 7.3
Kernel: 2.4.20-28.7
Squid: squid-2.5.STABLE3-1rh_7x
My problem:
When I try to access a web application, certain pages gives me "zero sized
reply".
Description:
I login to a web based application written in jsp. Most of the application
seems to be okay i.
>
> Hello:
>
> My environment details:
> OS: RH 7.3
> Kernel: 2.4.20-28.7
> Squid: squid-2.5.STABLE3-1rh_7x
>
> My problem:
> When I try to access a web application, certain pages gives
> me "zero sized
> reply".
http://www.squid-cache.org/Doc/FAQ/FAQ-11.html#ss11.51
M.
>
Hi Everyone!
Wanted to know if group based acl is possible in
Squid, as I have two group of users in Windows ADS and
users are getting authenticated from ADS. I wanted to
restrict users based on the group, is that possible
using squid and winbind? Ur comments pls
Thanx in advance
Babs
__
Hi all,
I have a need with squid_ldap_auth,
and am entirely unsure how to get it
working..
I need to autheticate users in one OU,
but only if they are a member of a
group in another OU -->
This would be the user:
CN=Test User,OU=Users,OU=Branch
On Thu, 5 Feb 2004, Arbelaez, Jim wrote:
> The helper redirects as it should to https. But for some reason it does not work
> from the client session.
Exacly what does the helper return?
Regards
Henrik
Hi,
You can use group based ACLs.
Eg:
acl unrestricted_users_group proxy_auth
"/opt/iexpress/squid/unrestricted.grp"
http_access allow unrestricted_users_group
Regards,
Durai.
- Original Message -
From: "Babs" <[EMAIL PROTECTED]>
To: "Squid Users" <[EMAIL PROTECTED]>
Sent: Frida
On Thu, 5 Feb 2004 [EMAIL PROTECTED] wrote:
> >From /etc/squid/conf
> cache_dir ufs /var/spool/squid 5000 60 256
I think you may have some leftover crap in your cache. Maybe due to
earlier crashes or uncontrolled shutdowns.
Try decreasing L1 to 10 and let Squid run for 24 hours without restart.
BSD - ldap directory is an AD server running 2000
-Original Message-
From: Lewars, Mitchell (EM, PTL) [mailto:[EMAIL PROTECTED]
Sent: 06 February 2004 01:55 PM
To: 'Dave Raven'
Subject: RE: [squid-users] squid_ldap_auth
Are you running on Linux ?
-Original Message-
From: Dave R
On Fri, 6 Feb 2004, vda wrote:
> > SSL Session Resumption
> > SSL now performs session resumption. This will greatly improve
> > performance when the Notes HTTP Client or server is
> > using SSL, and may have a minor (positive) effect on other "Internet"
> > protocols as well.
>
> Is it a standar
On Fri, 6 Feb 2004, Rohit Peyyeti wrote:
> When I try to access a web application, certain pages gives me "zero sized
> reply".
Most likely the web application is malfunctioning and does not always
respond and closes the connection before sending a reply.
When not using a proxy these kind of pr
On Fri, 6 Feb 2004, Eberhard Pietzsch wrote:
>Proxy A should test if a requested hostname is contained in our
>list mentioned above. If not contained, proxy A should forward
>the request directly to the host in question.
See cache_peer_access and never_direct. You need both.
Note tha
On Fri, 6 Feb 2004, Babs wrote:
> Wanted to know if group based acl is possible in Squid
Yes.
> as I have two group of users in Windows ADS and
> users are getting authenticated from ADS. I wanted to
> restrict users based on the group, is that possible
> using squid and winbind? Ur comments pls
Hi
I have a set of rules in Squid that will allow no one to access the
outside world but i still need users to access the local http deamon
(webserver) does anyone know what rules i need to put to allow this.
many regards
Chris
**
Hello,
I have been using squid 2.5 stable for a while with 4.9 version of FreeBSD
and it was working fine for months. Now I had to upgrade to 5.x version to
get better support for hyperthreading and sata drives.
When I am using squid with 5.x version of the freebsd. It crash after 1-3
days of u
> Hello,
>
> I have been using squid 2.5 stable for a while with 4.9
> version of FreeBSD
> and it was working fine for months. Now I had to upgrade to
> 5.x version to
> get better support for hyperthreading and sata drives.
> When I am using squid with 5.x version of the freebsd. It
> c
> Hi
>
> I have a set of rules in Squid that will allow no one to access the
> outside world but i still need users to access the local http deamon
> (webserver) does anyone know what rules i need to put to allow this.
Check the Squid FAQ ('Access controls').
M.
Agreed - info from cache.log and try recompile your squid now with bsd5
-Original Message-
From: Elsen Marc [mailto:[EMAIL PROTECTED]
Sent: 06 February 2004 03:08 PM
To: Evren Yurtesen; [EMAIL PROTECTED]
Subject: RE: [squid-users] squid 2.5.STABLE4 + FreeBSD 5.x = crash after a
while...
On Fri, 6 Feb 2004, Elsen Marc wrote:
>
>
> > Hello,
> >
> > I have been using squid 2.5 stable for a while with 4.9
> > version of FreeBSD
> > and it was working fine for months. Now I had to upgrade to
> > 5.x version to
> > get better support for hyperthreading and sata drives.
> > Whe
i have tryed thatbut i cant see nothing, iv tryed all sorts of combo's
and nothing seems to work
>>> "Elsen Marc" <[EMAIL PROTECTED]> 02/06/04 01:16pm >>>
> Hi
>
> I have a set of rules in Squid that will allow no one to access the
> outside world but i still need users to access the local htt
>...
> - Well, it is consuming a lot of cpu, and doesnt
> respond(crash?) at the
> same time. It doesnt answer to its port, it doesnt respond to the -k
> shutdown or kill -TERM [pid] commands.
>
> - I have checked the cache log every time this happened. It just has
> something else as the las
On Fri, 6 Feb 2004, Elsen Marc wrote:
>
> >...
> > - Well, it is consuming a lot of cpu, and doesnt
> > respond(crash?) at the
> > same time. It doesnt answer to its port, it doesnt respond to the -k
> > shutdown or kill -TERM [pid] commands.
> >
> > - I have checked the cache log every time
> i have tryed thatbut i cant see nothing, iv tryed all sorts of combo's
> and nothing seems to work
>
I am not that good on the acl front (not much experience); suggesting :
acl mydomain dstdomain .mydomain.com
http_access deny !mydomain
Perhaps.
> >>> "Elsen Marc" <[EMAIL P
>
> On Fri, 6 Feb 2004, Elsen Marc wrote:
>...
>...
>
>
> The size of squid process was about 200mbyte. I recently
> erased all my
> cache dirs with rm -rf and rebuilt with -z option. I have 64mbyte
> cache_mem set. The squid process is roughly downloading
> 4-5gbytes of data
> in 24 hour
Never tried, it occurs when its 32mbytes
What is your reasoning? It was working fine with FreeBSD 4.9 with 32mbytes
cache_mem
On Fri, 6 Feb 2004, Elsen Marc wrote:
>
> >
> > On Fri, 6 Feb 2004, Elsen Marc wrote:
> >...
> >...
> >
> >
> > The size of squid process was about 200mbyte. I recen
>
>
> Never tried, it occurs when its 32mbytes
> What is your reasoning? It was working fine with FreeBSD 4.9
> with 32mbytes
> cache_mem
>
It's a 'long shot' ; possible malloc bugs e.d.
I would try it as an 'easy-thing-to-do-and-check'
M.
Thank you for your answer!
I would like to ask you an other question.
My system is Red Hat 9 with Squid -2.5.STABLE1-2.
Squid is installed during the standard operating system installation
without any manual intervention.
How can I know which options are installed?
Does it support all three ACL cri
I have a set of rules in Squid that will allow no one to access the
outside world but i still need users to access the local http deamon
(webserver) does anyone know what rules i need to put to allow this.
Why use squid at all if you're not giving anyone access the outside?
Wouldn't firewall rul
On Fri, 6 Feb 2004, Elsen Marc wrote:
>
> >
> >
> > Never tried, it occurs when its 32mbytes
> > What is your reasoning? It was working fine with FreeBSD 4.9
> > with 32mbytes
> > cache_mem
> >
>
> It's a 'long shot' ; possible malloc bugs e.d.
> I would try it as an 'easy-thing-to-do-
Henrik,
Thank you so much!
We have been fighting this problem for at least six weeks. I look
forward to migrating this into production.
Once again,
Thanks,
Dave
Hello,
has anyone experience with proxying SFTP protocol throw squid ?
Client (filezilla) is set to passive mode, ftp control channel works, but
I cannot receive any data.
Squid has configured ports 1024-65535 to allow CONNECT (one from these
ports is randomly used for data transfer over sftp prot
>
> Hello,
> has anyone experience with proxying SFTP protocol throw squid ?
>
> Client (filezilla) is set to passive mode, ftp control
> channel works, but
> I cannot receive any data.
> Squid has configured ports 1024-65535 to allow CONNECT (one from these
> ports is randomly used for data
HI!
Can anyone help me out with yahoo games. i am using red hat 8 and m y
problem is that java applications wont run through squid. can anyone give me
a hint on how to do this? i have already tried http_access on 11999.
Thanks
Shan
Is it possible to pass parameters to the auth_param basic program similar to how
external_acl_type works, for instance:
external_acl_type ident_cmd %SRC /usr/libexec/check_ident
I'd like to pass the client IP to my basic auth program.
Thanks,
David
Greetings,
I am using Squid as a front-end accelerator on top of a server farm.
Wanted to re-direct to an https enabled Apache Server.
Squid is in a "DMZ" and talks to the server farm through a firewall.
The Apache server was set up independently of Squid, by which I mean
I created the keys and c
On Fri, 6 Feb 2004, Dave Raven wrote:
> This would be the user:
> CN=Test User,OU=Users,OU=Branch1,DC=test,DC=co,DC=za
Is all users below OU=Users,OU=Branch1,... or do you have users in other
OUs as well?
Also, what should be used as the login name?
The man page for squid_ldap_auth has a coupl
Squid-2.5.STABLE can not initiate SSL connections, only accept SSL
connections.
To initiate SSL connections you need the SSL update patch from
devel.squid-cache.org, or Squid-3.
Regards
Henrik
On Fri, 6 Feb 2004, Kent, Mr. John (Contractor) wrote:
>
> Greetings,
>
> I am using Squid as a fro
On Fri, 6 Feb 2004, Evren Yurtesen wrote:
> But wouldnt it only delay the result? and the problem is that all of a
> sudden squid starts using a lot of cpu and does nothing. It looks like it
> enters to a loop of some kind.
Correct.
> I will let you know later when I try that. I now try a new
On Fri, 6 Feb 2004, Petr Linke wrote:
> has anyone experience with proxying SFTP protocol throw squid ?
Probably won't work unless you remove all security limitations from the
CONNECT method which will leave your proxy vulnerable to multiple
different abuses by your users.
If you want proxying
On Fri, 6 Feb 2004, David Rippel wrote:
> Is it possible to pass parameters to the auth_param basic program similar to how
> external_acl_type works, for instance:
>
> external_acl_type ident_cmd %SRC /usr/libexec/check_ident
>
> I'd like to pass the client IP to my basic auth program.
This yo
When squidguard blocks a site it redirects squid to an error page. The
access.log for squid reports the page as a TCP_MISS/403. Is there a setting
in squid.con, squidguard.conf, or sarg.conf that I can change the
TCP_MISS/403 to TCP_DENIED for reporting purposes?
Well... I thought I did... but, as it turns out (and
it shouldn't come as a shock to you), I was being an
idiot.
Thanks for your help. It is working now.
--- Henrik Nordstrom <[EMAIL PROTECTED]> wrote:
> Have you even tried what I suggested? The change
> does not modify your
> access contro
2004/02/06 09:19:37| WARNING: Closing client 137.198.232.157 connection due
to lifetime timeout
2004/02/06 09:19:37|
http://64.12.163.130/monitor?sid=400ca38289c6027e014c078014c3f858
FATAL: Received Segment Violation...dying.
2004/02/06 09:19:39| ctx: enter level 0:
'http://www.statblaster.com/upd
On Friday 06 February 2004 10:44, Rainer Traut wrote:
> >>The default number of resumable sessions that will be cached on the
> >>server is 50. To modify the number of sessions
> >>cached, set the SSL_RESUMABLE_SESSIONS notes.ini variable to the desired
> >>number. Setting
> >>SSL_RESUMABLE_SESSION
On Fri, 6 Feb 2004, Harry Crowder wrote:
> When squidguard blocks a site it redirects squid to an error page. The
> access.log for squid reports the page as a TCP_MISS/403. Is there a setting
> in squid.con, squidguard.conf, or sarg.conf that I can change the
> TCP_MISS/403 to TCP_DENIED for rep
On Fri, 6 Feb 2004, squid wrote:
> 2004/02/06 09:19:37| WARNING: Closing client 137.198.232.157 connection due
> to lifetime timeout
> 2004/02/06 09:19:37|
> http://64.12.163.130/monitor?sid=400ca38289c6027e014c078014c3f858
> FATAL: Received Segment Violation...dying.
> 2004/02/06 09:19:39| ctx: e
thank you
-Original Message-
From: Henrik Nordstrom [mailto:[EMAIL PROTECTED]
Sent: Friday, February 06, 2004 5:03 PM
To: Harry Crowder
Cc: [EMAIL PROTECTED]
Subject: Re: [squid-users] Squid 3.0 + squidguard + sarg
On Fri, 6 Feb 2004, Harry Crowder wrote:
> When squidguard blocks a site
On Fri, 6 Feb 2004, Henrik Nordstrom wrote:
> If it happens again then please get a stack trace of the running squid to
> see if it is possible to see what it is doing.
>
> Another important question: Does "kill -9" work? If not there is a kernel
> problem.
>
> Regards
> Henrik
>
>
kill -9
Greetings,
I downloaded and installed Squid3.0 and it works!
I can redirect to a backend server running https and the
web pages come up fine.
The problem I now have is that the accelerator works perfectly and hides
the fact that the client is connecting to an https server.
Somehow I don't thi
What I think you want is Squid as an SSL Accelerator, and the Webserver on
the back end running unsecure.
Load the Cert and Key in the squid.conf, squid -k reconfigure, and run from
there.
See also FAQ Section 19.
Brian Peterson
If it's there and you can see it - it's REAL
If it's th
On Sat, 7 Feb 2004, Evren Yurtesen wrote:
> This is a bit of a lame question I guess, but how can I get the stack
> trace because squid process doesnt exit? I checked from the FAQ, it
> says
The easiest way is to attach gdb to the running process.
gdb /path/to/squid pid_of_running_squid
backtr
On Fri, 6 Feb 2004, Kent, Mr. John (Contractor) wrote:
> The problem I now have is that the accelerator works perfectly and hides
> the fact that the client is connecting to an https server.
You should set up Squid as an https reverse proxy. See the https_port
directive.
Regards
Hernik
56 matches
Mail list logo