Dear sirs,
I have the same problem , i have two (of 300 hosts)winXP-pro clients that
have the same behaviour. And im not really sure where to look first.
The logs on the webserver (wpad.local.domain/wpad.dat) is accessed by this
two clients but they don't seem to get the proxy information.
/Pete
On Thu, 4 Mar 2004, Rakesh Kumar wrote:
> One problem if I issue this command /path/to/sbin/squid -DNYCd3, I donot
> get the prompt back. However if issue command /path/to/sbin/squid start it
> does not ask for pass phrase for private key and squid does not start.
If you want Squid to start
On Wed, 3 Mar 2004 [EMAIL PROTECTED] wrote:
> When I lsmod, I see ipnat among the loaded modules. Does this mean that
> local NAT is enabled?
No, it just means that NAT is.
There is a special kernel compile option required if you want to enable
NAT of locally initiated connections. If this opt
On Thu, 4 Mar 2004, Payal Rathod wrote:
> Ok...getting some hints. On the machine it is working I have,
>
> #http_access deny !Safe_ports
> #http_access deny CONNECT !SSL_ports
>
> i.e. the lines are commented out.
Very bad. Uncommenting these allows the clients to do serious abuse of the
HTTP
Thanks Henrik for the help. I installed everthing fresh on another box with
Squid V2.5-STABLE4and it worked in first attempt. On my other box where
I have been trying to run SSL reverse proxy earlier I modified openssl.cnf.
This might have created the problem.
One problem if I issue this comma
On Wed, 3 Mar 2004, Doug Kite wrote:
> external_acl_typeunix_group %LOGIN /usr/lib/squid/squid_unix_group -p
> acl full_access external unix_group web
> http_access allow full_access
>
> When I try to browse from a client, it does not prompt me for a username or
> password, and goes directly
On Thu, 4 Mar 2004, David Hajek wrote:
> Well, it seems that correct session handling in SSL is not easy. It
> seems that 255 sessions are cached for each SSL_CTX by default, even if
> the session_id_context is not set. Thats probably why mozilla
> complaints. So I think we have two options here:
> I have an issue with two client machines at the company I work for. All
> clients are configured to "Automatically Detect Settings" in IE 6 sp1.
> Of the two clients, one of them flat out cannot access the internet
> through the proxy unless I explicitly specify the proxy information and
> have
> I am trying to enable WCCP on Redhat 9.0 on a new
> Dell Server -
> Installed base Linux from Redhat 9x CDs
>
> Installed following
> Kernel 2.4.20-8smp
> Apache 1.3.29
> MySQL 4.0
> PHP 4.3.4
> Squid 2.5.STABLE4
what wccp version 1 or 2 you are trying to use
you dont need to patch s
On Wed, Mar 03, 2004 at 10:02:59PM +0100, Henrik Nordstrom wrote:
> On Wed, 3 Mar 2004, Payal Rathod wrote:
>
> > My friend's place where it works, she has a similar configuration like
> > mine and her squid.conf does not have port 8443 listed anywhere. The
> > only difference is that I am doing i
I cannot get the unix group helper to work. I added the following lines to
squid.conf:
external_acl_typeunix_group %LOGIN /usr/lib/squid/squid_unix_group -p
acl full_access external unix_group web
http_access allow full_access
When I try to browse from a client, it does not prompt me for a u
>>
>>> iptables -t nat -A OUTPUT -i eth0 -p tcp --dport 80 -j REDIRECT
>>> --to-port 3128
I think the command should be:
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128
Please try it.
>>
>> This requires support for local NAT to be enabled in your kernel. N
>
>> iptables -t nat -A OUTPUT -i eth0 -p tcp --dport 80 -j REDIRECT
>> --to-port 3128
>
> This requires support for local NAT to be enabled in your kernel. Normally
> not enabled.
>
> Please note that it is absulutely required that you also add rules
> allowing Squid to access the Internet, if no
try with ps -axm
it does it in fedora core 1
At 13:10 03/03/2004, Pauli Borodulin wrote:
Hi,
unixware wrote:
> [...]
other things i see async-io are never enabled
ps -axm commands shows only 2 processes.
but cachemgr shows async-io counters
there's a problem with "ps" and NPTL at least on certai
In The Computer That Is Running SQUID It Is Also A Workstation, So When I
Do A Dial-Up To Some Private Network SQUID Won't Reply To Any Respond It
Just Would Be Opening Page http://www... And Nothing Would Happen And When
I Disconnect The Dial-Up Squid Works Again. Any Help On The Issue ?
> > Squild cache.log complaints about:
> >
> > 2004/03/03 20:53:07| clientNegotiateSSL: Error negotiating SSL
> > connection on FD 17: error:140D9115:SSL
> > routines:SSL_GET_PREV_SESSION:session id context
> uninitialized (1/-1)
>
> This is probably a bug in the Squid SSL implementation or
>
> > Squild cache.log complaints about:
> >
> > 2004/03/03 20:53:07| clientNegotiateSSL: Error negotiating SSL
> > connection on FD 17: error:140D9115:SSL
> > routines:SSL_GET_PREV_SESSION:session id context
> uninitialized (1/-1)
>
> This is probably a bug in the Squid SSL implementation or
>
On Wed, 3 Mar 2004 [EMAIL PROTECTED] wrote:
> Any more ideas? I'm ready to provide any details required. Squid is
> installed from debian package, with default settings (altered just to
> support transparent proxying).. Very strange..
No ideas at this time, other than that this is not normal.
On Wed, 3 Mar 2004, David Hajek wrote:
> Squild cache.log complaints about:
>
> 2004/03/03 20:53:07| clientNegotiateSSL: Error negotiating SSL connection on
> FD 17: error:140D9115:SSL routines:SSL_GET_PREV_SESSION:session id context
> uninitialized (1/-1)
This is probably a bug in the Squid SSL
On Wed, 3 Mar 2004, Nielsen, Steve wrote:
> Here is what I have tried:
> ==
> 1. Setting the limit using ulimit (ulimit -nHS 1024) then restarting squid. Does not
> work.
1024 is the default..
> So I did the following:
> set my ulimit to 2048 for file descriptors
>
On Wed, 3 Mar 2004, M J wrote:
> I have tried quick_abort_min -1KB and quick_abort_min -1.00 KB without
> success.
> What is the correct syntax if I want retrievals to always continue if they
> are being cached?
quick_abort_min -1 KB
is supposed to work, but seems to have been broken somew
On Wed, 3 Mar 2004 [EMAIL PROTECTED] wrote:
> The process looks like this:
>
> client requests http://www.abc.com -> squid tries to resolve "www.abc.com"
> -> squid waits for dns timeout -> squid passes http://www.abc.com to parent
> proxy
This only happens if either
a) You have not told Squid
On Wed, 3 Mar 2004, Merton Campbell Crockett wrote:
> > 1078318883.382 0 192.168.9.182 TCP_DENIED/403 1257 CONNECT
> > :8443 - NONE/- text/html
> >
>
> The source server is denying access. Why?
No, this is defenitely http_access in Squid denying the access.
Regards
Henrik
On Wed, 3 Mar 2004, Payal Rathod wrote:
> My friend's place where it works, she has a similar configuration like
> mine and her squid.conf does not have port 8443 listed anywhere. The
> only difference is that I am doing it on Mandrake 9.1 and she has
> Mandrake 9.2 in her company and we both are
Hello squids,
I'm having squid-3.0-PRE3-20040229 running in https accel mode. I'm
requesting client' auth
using personal SSL certificates. After SSL tunnel is authorized and
established I'm continuing with
simple basic auth via LDAP.
The above works quite fine, but I'm succesfull with Windows Ex
Hello squids,
I'm having squid-3.0-PRE3-20040229 running in https accel mode. I'm
requesting client' auth
using personal SSL certificates. After SSL tunnel is authorized and
established I'm continuing with
simple basic auth via LDAP.
The above works quite fine, but I'm succesfull with Windows Ex
I have been successful at restricting users access to one URL, but the user
is continually prompted for username and password (it seems for every object
on the web page). Here's my squid.conf snippet I believe to be critical:
acl USERS proxy_auth user1
acl limited_url url_regex "/webproxy/squid/e
I am having an issue trying to raise the max number of file descriptors that squid can
use. I have tried everything reasonable.
I am using redhat 7.3 with up to date patches (RPMs). Kernel version 2.4.18
squid RPM from redhat (2.4.STABLE6) latest rpm.
Here is what I want to do. I want to raise m
Hi all,
Im using Squid Cache: Version 2.5.STABLE5-20040303 and Slackware 9.1 and
kernel 2.4.25
When a set quick_abort_min -1 KB as it says in squid.conf squid doesnt
start returning
FATAL: Bungled squid.conf line 1520: quick_abort_min -1 KB
Squid Cache (Version 2.5.STABLE5-20040303
Hi,
unixware wrote:
> [...]
other things i see async-io are never enabled
ps -axm commands shows only 2 processes.
but cachemgr shows async-io counters
there's a problem with "ps" and NPTL at least on certain distributions
(for example Debian Sarge and prolly RH9 too). 'ps -m' wont show the
thr
I am trying to enable WCCP on Redhat 9.0 on a new Dell Server -
Installed base Linux from Redhat 9x CDs
Installed following
Kernel 2.4.20-8smp
Apache 1.3.29
MySQL 4.0
PHP 4.3.4
Squid 2.5.STABLE4
Followed instructions to patch Kernel and get a Kernel Panic.
rm -Rf linux-2.4.20
tar -xvz
> > On Wed, Mar 03, 2004 at 07:45:46AM +0100, Elsen Marc wrote:
> > > > I use squid on my Mandrake 9.1 server which has few acls for my
users.
> > > > Now, the problem is that my users need to access a domain with,
> > > > https://web.example.net:7443
> > > > https://designs.example.net:8443
> > >
On Wed, Mar 03, 2004 at 05:24:52PM +0100, Henrik Nordstrom wrote:
> On Wed, 3 Mar 2004, Payal Rathod wrote:
>
> > On Wed, Mar 03, 2004 at 07:45:46AM +0100, Elsen Marc wrote:
> > > > I use squid on my Mandrake 9.1 server which has few acls for my users.
> > > > Now, the problem is that my users nee
I tried to turn this option off before posting to list. No effect at
all.
Any more ideas? I'm ready to provide any details required. Squid is
installed from debian package, with default settings (altered just to
support transparent proxying).. Very strange..
> Try if "half_closed_clients off
OK, I've seen this matter discussed a few times, but I have a system that
is still behaving somewhat unexpected
We have the following setup:
clients>squid>parent proxy (not squid)>internet
we want squid to always talk to the parent proxy. Basically this works
after configuring the ne
On Wed, 3 Mar 2004, Payal Rathod wrote:
> On Wed, Mar 03, 2004 at 07:45:46AM +0100, Elsen Marc wrote:
> > > I use squid on my Mandrake 9.1 server which has few acls for my users.
> > > Now, the problem is that my users need to access a domain with,
> > > https://web.example.net:7443
> > > https://
On Wed, 3 Mar 2004, Allen Miller wrote:
> I am running Squid-2.5. I am using NCSA authentication. I would like to
> limit a specific user to one URL, regardless of which computer he/she may be
> accessing the Squid Proxy from.
See the Squid FAQ chapter 10 Access Controls.
If anything is unclea
On Wed, 3 Mar 2004, Doug Kite wrote:
> I have read some about LDAP auth with groups, but if I have no LDAP server at
> present, is there an easier way? Can you use unix /etc/group ?
Yes, there is a UNIX group helper as well (unix_group)
> Or would setting up an ldap server on the same box as squ
Try if "half_closed_clients off" helps.
Regards
Henrik
On Wed, 3 Mar 2004 [EMAIL PROTECTED] wrote:
> Hi!
>
> I'm running squid as transparent proxy server for dial-up users.
> Everything seems to be ok except CPU load. With 1.5 Mbit/s (35 requests
> per second) traffic through proxy, squid co
Short version:
What you ask for is not possible to do at the proxy.
If you want to require users to authenticate again after one hour this
must be configured in the users browsers not the proxy as it is the
browser who keeps a record of if the user is logged in or not, not the
proxy (the proxy j
On Wed, 3 Mar 2004, Payal Rathod wrote:
> On Wed, Mar 03, 2004 at 07:45:46AM +0100, Elsen Marc wrote:
> > > I use squid on my Mandrake 9.1 server which has few acls for my users.
> > > Now, the problem is that my users need to access a domain with,
> > > https://web.example.net:7443
> > > https://
On Wed, Mar 03, 2004 at 07:45:46AM +0100, Elsen Marc wrote:
> > I use squid on my Mandrake 9.1 server which has few acls for my users.
> > Now, the problem is that my users need to access a domain with,
> > https://web.example.net:7443
> > https://designs.example.net:8443
> >
> > It does not work
I am running Squid-2.5. I am using NCSA authentication. I would like to
limit a specific user to one URL, regardless of which computer he/she may be
accessing the Squid Proxy from.
Any help would be greatly appreciated.
Regards,
Allen Miller
Network Administrator
Lyman-Richey Corporation
402-5
I wish to use authentication and groups. I have no existing directory that I
need to tie into, i.e. no LDAP or domain.
I have read some about LDAP auth with groups, but if I have no LDAP server at
present, is there an easier way? Can you use unix /etc/group ?
Or would setting up an ldap server o
> I'm running squid as transparent proxy server for
> dial-up users.
> Everything seems to be ok except CPU load. With 1.5
> Mbit/s (35 requests
> per second) traffic through proxy, squid consumes
> about 50-60% of cpu
> (40-45% is system time). And with a load of 3-3.5
> Mbit/s processor load
>
Hi!
I'm running squid as transparent proxy server for dial-up users.
Everything seems to be ok except CPU load. With 1.5 Mbit/s (35 requests
per second) traffic through proxy, squid consumes about 50-60% of cpu
(40-45% is system time). And with a load of 3-3.5 Mbit/s processor load
comes to 90%.
- Original Message -
From: Mihai BUHA <[EMAIL PROTECTED]>
Date: Tue, 2 Mar 2004 20:24:58 +0200 (EET)
To: babar haq <[EMAIL PROTECTED]>
Subject: Re: [squid-users] cache_dir size problem
> It seems to me that something else is using the space in that
> partition. Think about it: the partiti
> Hi all
>
> I'm running Squid Cache: Version 2.4.STABLE6 on :-
>
> Linux version 2.4.20-28.7smp ([EMAIL PROTECTED]) (gcc
> version 2.9
> 6 2731 (Red Hat Linux 7.3 2.96-126)) #1 SMP Thu Dec 18
> 11:18:31 EST 2003
>
> Server is PIII 866 MHz, with 1Gb RAM. 3 x 18 Gb SCSI drives.
>
> Inte
--
TeBiVo Email disclaimer
To view our e-mail legal notice:
Go to http://www.tebivo.com/email.htm or call: +27 21 888 7956
--
Hi all
Hopefully someone can help me with
Hi all
I'm running Squid Cache: Version 2.4.STABLE6 on :-
Linux version 2.4.20-28.7smp ([EMAIL PROTECTED]) (gcc
version 2.9
6 2731 (Red Hat Linux 7.3 2.96-126)) #1 SMP Thu Dec 18 11:18:31 EST 2003
Server is PIII 866 MHz, with 1Gb RAM. 3 x 18 Gb SCSI drives.
Internet browsing was fine until
On Tue, 2 Mar 2004, unixware wrote:
> My machine has following software installed
>
> linux kernel 2.6.3 ( Redhat 9 )
> squid-2.5-Stable-5 compiled with --with-pthreads
> --enable-async-io
The Squid async-io has not yet been verified with NPTL and certainly not
with the Linux-2.6 version thereof
On Wed, 3 Mar 2004, W3bbo wrote:
> But from what I've read in the FAQs for Squid is that its used in a similar way to
> LAN Proxies, (IE > Tools > Connection) rather than a web-accessable one like
> The-Cloak.com
Correct. Squid IS a proxy. It can be used both as a Internet proxy or as a
revers
On Wed, 3 Mar 2004, berrabah abdelrani wrote:
> We use Squid for authenticating users; Our purpose is
> to force users to reauthenticate after each 1 hour;
This is not possible in HTTP.
The problem is that the "authentication session" is within the browser,
not the proxy. To the proxy the brow
>
> Erm... Hi :)
>
> I'm primarily interested in using Squid in a similar fashion
> to sites such as www.the-cloak.com or www.anonymizer.com, and
> the owner of the Cloak recommended that I try Squid.
>
> But from what I've read in the FAQs for Squid is that its
> used in a similar way to
> Dear all
>
> i am getting following error squid.conf
>
> My machine has following software installed
>
> linux kernel 2.6.3 ( Redhat 9 )
> squid-2.5-Stable-5 compiled with --with-pthreads
> --enable-async-io
>
> other things i see async-io are never enabled
> ps -axm commands shows only 2
Erm... Hi :)
I'm primarily interested in using Squid in a similar fashion to sites such as
www.the-cloak.com or www.anonymizer.com, and the owner of the Cloak recommended that I
try Squid.
But from what I've read in the FAQs for Squid is that its used in a similar way to LAN
Proxies, (IE > Too
Hello;
We use Squid for authenticating users; Our purpose is
to force users to reauthenticate after each 1 hour;
We have used authenticate_ttl ; but the result is not
satisfying because the authenticationn dialog box
appears in a random manner (example: after one hour
it does not ask authentifi
On Wed, 3 Mar 2004, Emiel van Kalken wrote:
> I blocked access to all ftp sites, by putting a hash in front of the
> port 21 line in squid.conf.
This is better done by denying access to the ftp protocol
acl ftp protocol ftp
http_access deny ftp
> There is one user who needs access to one specif
Hi there,
I blocked access to all ftp sites, by putting a hash in front of the
port 21 line in squid.conf. There is one user who needs access to one
specific ftp site. Is it possible to just allow access to this one site
and still deny all access to all other ftp traffic?
I'm using squid versio
59 matches
Mail list logo