Re: [squid-users] Squid 2.5 and Range requests

Hi, As you say, it is hard to strike a right balance between downloading too much and not downloading data that can be cached. This is especially hard for general purpose cache engines like Squid without some knowledge about the access patters of the URLs being accessed. Since Squid provides pa

[squid-users] NTLM Failing and popups occurring in squid 2.5

Hello, I am using Squid-2.5-STABLE5 together with Samba 3.0.3rc1, Running on Red Hat Linux 7.3. Recently, clients have been getting an authentication popup with the proxy server listed as the domain. If this is replaced in the userid field with the \, and the password is entered into its field, au

[squid-users] Squid as ICAP Client

Dear all, I am trying Trend Micro Interscan Viruswall for virus scanning. I install the TrendMicro on the squid box, and the concept is like double caching. So users request to squid, and squid forward the request to TrendMicro service. In my opinion, this resulted in delay compared to before usin

[squid-users] Image on ERR_ACCESS_DENIED

Dear all, How to insert image in to file ERR_ACCESS_DENIED, i already try but until now i can't see that image on browser when user try to connect to porn web. Regards, David Kandou

Re: [squid-users] cache cluster config management

> Can you repeat them? (memory is short.. did not see them as exclusive of > each other) What I'm looking for is a way to have multiple squid peers (siblings) autodiscover each other, or at least be able to use the same squid.conf file. That way if I have a large number of them I don't have to h

Re: [squid-users] Using different IP address

On Wed, 28 Apr 2004, Francisco Lopes wrote: > I have 3 IPs configured on my box, while Squid is binded with IP B (it > only accepts requests on this IP), Squid show's up as IP A (which is > my main IP on this box) when doing a request on pages. Is it possible > to configure Squid to use as IP B wh

Re: [squid-users] strange requests

- Original Message - From: "Joe Cooper" <[EMAIL PROTECTED]> To: "Henrik Nordstrom" <[EMAIL PROTECTED]> Cc: "Hilal Afridi" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Thursday, April 29, 2004 4:05 AM Subject: Re: [squid-users] strange requests > Henrik Nordstrom wrote: > > On Thu, 29 A

[squid-users] Using different IP address

Hello, I have 3 IPs configured on my box, while Squid is binded with IP B (it only accepts requests on this IP), Squid show's up as IP A (which is my main IP on this box) when doing a request on pages. Is it possible to configure Squid to use as IP B when doing requests on pages? Thank you. Rega

Re: [squid-users] cache cluster config management

On Wed, 28 Apr 2004, Will Lowe wrote: > short term. In the longer term I don't mind writing code at all. Of > the three ideas I suggested, is there one that people see as "best"? Can you repeat them? (memory is short.. did not see them as exclusive of each other) Regards Henrik

[squid-users] samba 3.0.0 squid 2.5STABLAE5 - authorisation for the users incorporating windows group membership

Hi, I am trying to use squid with domain authentication and authorisation based on Windows domain group membership. I have authentication working, but if I try to combine this with checking if user belongs to the group - failure. Can someone look and tell me what I am doing wrong? (hence why I am

[squid-users] Soulcatcher + Website

Spam detection software, running on the system "gondor.local", has identified this incoming email as possible spam. The original message has been attached to this so you can view it (if it isn't spam) or block similar future email. If you have any questions, see [EMAIL PROTECTED] for details. Co

RE: [squid-users] It seems SSL is broken in Squid2.5STABLE5

Nothing found in cache log. Nothing found in tcpdump. Same as other instance that I reported it is perfectly working on squid2.4STABLE(X) version. Regards, nooshin -Original Message- From: Henrik Nordstrom [mailto:[EMAIL PROTECTED] Sent: Wednesday, April 28, 2004 3:15 PM To: Zand, Nooshi

Re: [squid-users] FAQ - 5.13 IE 6.0 SP1 fails when using authentication

On Wed, 28 Apr 2004, Karl Kopper wrote: > I'm running RH 7.3. > > I just modified the file in /usr/lib/squid: > > # ls -l /usr/lib/squid/errors/English/ERR_CACHE_ACCESS_DENIED > -rw-r--r--1 root root 9028 Apr 26 15:51 > /usr/lib/squid/errors/English/ERR_CACHE_ACCESS_DENIED > # se

Re: [squid-users] cache cluster config management

> But I think the answer to your questions is no on all three issues if you > are not prepared to do some coding to have the features implemented. Well, I need to get (a first draft of this) implemented fairly quickly, so I might have to live with lots of config files in the short term. In the

Re: [squid-users] unable to do access control using squid_ldap_group

On Wed, 28 Apr 2004, Sureen L wrote: > dn: cn=Mur,cn=Users,dc=mydomain,dc=com > cn: Mur > uid: mur > objectClass: top > objectClass: person > objectClass: organizationalPerson > objectClass: inetOrgPerson > userPassword: {SHA}dmMt8K4+dyKZqGTt90RZD4k= > dn: cn=zen, cn=WebAccess,cn=Users,dc=mydoma

Re: [squid-users] strange requests

Henrik Nordstrom wrote: On Thu, 29 Apr 2004, Hilal Afridi wrote: Joe i still have not been able to take care of those TCP/MISS 000 requests. I have been trying to post this question to the list by lord knows why it aint getting there. This question got to the list. What TCP_MISS/000 problem is

[squid-users] Downloading problems with Internet Explorer

Has anybody experienced problem when users are downloading files (ex: .zip files, specially with IE and WinXP) and the download is being cut in any point of the transfer? Squid didn't helped me in that problem neither. When I post a popular programs, it's virutally impossible for my end users (sp

Re: [squid-users] Limiting the bandwidth of certain fyles

Dear Henrik Thanks for the info. I've subscribed to the dev mailing list. | Won't do what you are looking for as netfilter only knows packets, not HTTP or URLs. But in theory it could be possible to combine the string match, connmark and tc to shape certain types of http requests using netfilt

Re: [squid-users] strange requests

On Thu, 29 Apr 2004, Hilal Afridi wrote: > Joe i still have not been able to take care of those TCP/MISS 000 requests. > I have been trying to post this question to the list by lord knows why it > aint getting there. This question got to the list. What TCP_MISS/000 problem is you having? Btw, T

Re: [squid-users] cache cluster config management

On Wed, 28 Apr 2004, Will Lowe wrote: > If not, here are some questions: > > 1) Will squid be unhappy if the local machine has itself listed as a > peer? In this case I could put the SAME squid.conf on every machine > (via cfengine/rdist/whatever) and just list all 20 caches in it. > > 2) Is th

Re: [squid-users] Connecting to www.google.com but getting connected to a different site???

On Wed, 28 Apr 2004, Cavanagh, Kevin B wrote: > Users attempting to get to either "www.google.com" or "www.yahoo.com" > get misdirected to other sites (usually inappropriate ones like > www.viewmya**.com, etc). > > My question is how does one go about troubleshooting a problem like this and how

RE: [squid-users] Multiple requests from one user has stopped service

On Wed, 28 Apr 2004, Trevor wrote: > Simply add the following lines to your squid.conf configuration: > > half_closed_clients off > server_persistent_connections off > client_persistent_connections off The last two is not needed and can have a quite bad impact on over all performance.. Regards

Re: [squid-users] Multiple requests from one user has stopped service

On Wed, 28 Apr 2004, Jason McNeil wrote: > a) Has anything like this happened to anyone else? Yes. It is commonly seen with clients infected by viruses trying to spread via the Internet. > b) Would increasing the number of file descriptors help to avoid this > problem in the future? It will l

Re: [squid-users] It seems SSL is broken in Squid2.5STABLE5

On Wed, 28 Apr 2004, Zand, Nooshin wrote: > This is the second instance of issue that I encounter regarding https > via squid2.5STABLE5 > Got error message "Can not create SSL Socket: Socket Closed > Prematurely." Anything in cache.log? Regards Henrik

[squid-users] Re: Mirroring Windows Update and Squid Accelerator (2.5 Stable3)

On Wed, 28 Apr 2004 [EMAIL PROTECTED] wrote: > How is'it possible making my own CA trusted by the clients ? You need to get your CA certificate installed in each clients list of trusted CAs. > Where can I get Windows Update SSL certificate to locate inside my squid > accelerator ? You can't. Y

[squid-users] Connecting to www.google.com but getting connected to a different site???

Hi there, (B (BWe are running Squid V2.5 Stable on a Proliant DL380 G3 running Redhat Linux 8 (kernel (B2.4.18-19). Servers have 2.5GB of RAM. We have a IPrism $B"*(J Caching $B"*(J AV (Bserver chain setup (6 of each with 1:1 relationship). We$B!G(Jve been in production (Bmode for

RE: [squid-users] squid and firefox

On 28 Apr 2004, Prashant Kumar wrote: > But as a temporary fix I would kill the browser from the server doing an > ssh or something. Can you tell me how many times an ext acl is called by > squid Once per ttl and unique query to the helper. See the external_acl_type directive for the ttl definit

[squid-users] Mirroring Windows Update and Squid Accelerator (2.5 Stable3)

Dear Enrik, I should like you to clear up this point please: Why W.Update is unlikely to accept https_port directive ? > The client should reject this as the SSL certificate of the server does > nto match, but if you make your own CA trusted by the clients then it may > be possible to work aroun

[squid-users] unable to do access control using squid_ldap_group

Hello, The following is my ldif file of LDAP. dn: dc=mydomain,dc=com o: mydomain objectclass: top objectclass: organization dn: cn=Manager, dc=mydomain, dc=com cn: Manager objectclass: top objectclass: organizationalRole dn: cn=Users,dc=mydomain,dc=com cn: Users objectclass: top objectclass: or

RE: [squid-users] Multiple requests from one user has stopped service

Jason, I added the following to my /etc/squid/squid.conf configuration file, when I had similar problems with the squid proxy as you are having. I am using the binary version of squid as well. Haven't had a problem in 6 months, and consider the issue closed. Simply add the following lines to yo

RE: [squid-users] squid and firefox

I've given up on this design now Henrik as it does not solve my problems and am rewriting the design doc to remove proxy auth and do all client side custom GUI auth (perl/GTK maybe) against mysql. But as a temporary fix I would kill the browser from the server doing an ssh or something. Can you te

[squid-users] cpu usage difference between squid-2.5.STABLE4 to squid-2.5.STABLE5

Hello, I am having a weird CPU usage problem here. Can anybody tell me whats going on? I just have upgraded my squid from squid-2.5.STABLE4-20040210 to squid-2.5.STABLE5-20040425 and squid process cpu usage jumped from %8-%10 to %50-%60 in 2 machines... I compiled both version with the same e

[squid-users] strange requests

Joe i still have not been able to take care of those TCP/MISS 000 requests. I have been trying to post this question to the list by lord knows why it aint getting there. Kindly do let me know what to do with those. Regards Hilal

Re: [squid-users] Multiple requests from one user has stopped service

Yes. This is exactly the kind of thing that is helped by disabling half_closed_clients. As I mentioned, I found it alleviated the need to increase file descriptors in all cases, for my clients. It is still a problem, however, in that the virus still causes an increased load on the proxy. So

Re: [squid-users] Multiple requests from one user has stopped service

Thanks Joe, I may give that a shot, as well as increasing the file descriptors, though I don't rightly how, as our squid was installed as a binary rpm package. This is cur from my cache.log when I tried to restart squid, does it look like the kind of thing that may be helped by turning off hal

[squid-users] cache cluster config management

I'm looking at setting up a fairly large (> 20 machines) cluster of Squid caches in an http-acceleration type setup. In some cases the content we're caching will come from third parties (think of an Akamai-type setup), so the ability to peer caches and avoid hits on the origin server is key for us

[squid-users] It seems SSL is broken in Squid2.5STABLE5

Hi, This is the second instance of issue that I encounter regarding https via squid2.5STABLE5 Got error message "Can not create SSL Socket: Socket Closed Prematurely." Please advise. Regards, nooshin

Re: [squid-users] FAQ - 5.13 IE 6.0 SP1 fails when using authentication

> > > Sorry, I still don't understand. What change is being suggested here? Are > > you saying to increase the size of this error message file by adding > > extraneous error message text to it? (The English version of this file on my > > 2.5.STABLE2 source tree is 1069 bytes, in /usr/lib/squid/erro

[squid-users] Multiple requests from one user has stopped service

Hello there, yesterday one of our users going through the squid cache machine (which is also our networks gateway) began attempting to connect to random ip addresses what seemed randomly, and far faster then humanly possible. We suspect he had either some sort of trojan or virus. The problem is

Re: [squid-users] Detected DEAD Parent

> > Hi > > > > My cache.log often says 'Detected DEAD Parent' and 'TCP > > connection to X.X.X.X/8080 failed'. > > If my alert tool catches 'Detected DEAD Parent', that tool > > tells me this event. > > But I can access to the internet through squid box. > > I want to tweak timing of 'Detected D

Re: [squid-users] single autoconf.pac with multiples squid proxy

On Wed, 28 Apr 2004, Pascal DeMilly wrote: > How can I tell in the autoconf.pac what host the request came from, so I > can properly redirect to the appropriate (closest) proxy. http://wp.netscape.com/eng/mozilla/2.0/relnotes/demo/proxy-live.html#isInNet > I kind of remember reading somewhere t

Re: [squid-users] SSL update patch to Squid-2.5Stable3 - Accelerator

http://devel.squid-cache.org/ Regards Henrik On Wed, 28 Apr 2004 [EMAIL PROTECTED] wrote: > I need SSL update patch to Squid-2.5 Stable3 to handle HTTPS requests with > Squid Accelerator. Can someone tell me where I can exactly find it , please? > Which is URL ?! > > best regards > > Sampei >

Re: [squid-users] Squid access control based on browser agents.

On Wed, 28 Apr 2004, Mr. S M Thakor wrote: > I want to put access control on user's browsers. Can squid accept > requests only from Internet Explorer, Netscape Navigator and Opena ? Yes, as long as the user is not lying about what browser he is using. Se the browser acl. > If a user allowed to

[squid-users] Problems with www.terra.es

Hi, When we visit the site www.terra.es and we try some link ejm: correo an error is produced: The requested URL could not be retrieved While trying to retrieve the URL: The following error was encountered: Unable to determine IP address from host na

Re: [squid-users] dir_index feature of ext2/3

On Wed, 28 Apr 2004, Matthias Weigel wrote: > how much does squid performance benefit from the dir_index feature of ext2 / ext3? Probably none. > What is the easiest way to actually test squid performance? polygraph is a very good test if it is cache performance you want to measure. Almost all

Re: [squid-users] wb_group issues

On Wed, 28 Apr 2004, Roman Rathler wrote: > I have a squid up and running with samba-3 using the fedora packages > (squid-2.5.STABLE3-1.fc1). authentication against the ads works fine from squid for > basic and ntlm authentication. now i want to build some acls using groups from the > active di

RE: [squid-users] client auth with SSL certificate

On Wed, 28 Apr 2004, David Hajek wrote: > The scenario is: Enable client cert auth in https_port directive. Then open > mozilla 1.6/1.7rc1 and > check "Ask every time" when selecting certificate. When you then open page > behind reverse proxy, > you are being asked by Mozilla which certificate you

RE: [squid-users] client auth with SSL certificate

> However, I have not yet found any browser requiring this, nor > have I found any difference in the SSL handshakes.. the > Context ID field seems to be blank both with and without this > call. (using OpenSSL 0.9.7a with RedHat patches). > > The patch as such looks valid, except that it was re

RE: [squid-users] client auth with SSL certificate

> However, I have not yet found any browser requiring this, nor > have I found any difference in the SSL handshakes.. the > Context ID field seems to be blank both with and without this > call. (using OpenSSL 0.9.7a with RedHat patches). > > The patch as such looks valid, except that it was re

[squid-users] Asunto: [squid-users] wb_group issues

>-- Mensaje original -- >From: Roman Rathler <[EMAIL PROTECTED]> >To: [EMAIL PROTECTED] >Date: Wed, 28 Apr 2004 10:11:59 +0200 (METDST) >Subject: [squid-users] wb_group issues > > >Hi, > >for sure I am not the only one having this problem and maybe it a rtfm-thing, >but i wasn't able to find it an

[squid-users] SSL update patch to Squid-2.5Stable3 - Accelerator

I need SSL update patch to Squid-2.5 Stable3 to handle HTTPS requests with Squid Accelerator. Can someone tell me where I can exactly find it , please? Which is URL ?! best regards Sampei __ Social price: l'ADSL diventa per tutti Ti

[squid-users] single autoconf.pac with multiples squid proxy

Hello, I have a network with multiple locations connected over Frame relay. Each location has also a DSL for internet access. Squid is running on each router in transparent proxy mode right now. So far so good. I would like to start authentication for some group of people/workstations. To mini

RE: [squid-users] NTLM helper performance problem

Thx, as I always keep my old configuration file, I hadn't seen this option. I have modified my squid.conf and smb.conf to ensure NTLM v2 authentication. It's up for a few minutes now ; I'm just waiting to see what's gonna happen. Thx again. Pierre-Emmanuel -Message d'origine- De :

RE: [squid-users] cannot access http://itmanagers.net/postt10.html

> Hi, > > Some documents in your discussion group are pointing to > http://itmanagers.net/postt10.html > (in regards to how to configure squid with access > restrictions based on > group membership) > > I am trying to get there and I can't. > did they change this link? > (it seems to be prett

RE: [squid-users] Detected DEAD Parent

> Hi > > My cache.log often says 'Detected DEAD Parent' and 'TCP > connection to X.X.X.X/8080 failed'. > If my alert tool catches 'Detected DEAD Parent', that tool > tells me this event. > But I can access to the internet through squid box. > I want to tweak timing of 'Detected DEAD Parent's

[squid-users] cannot access http://itmanagers.net/postt10.html

Hi, Some documents in your discussion group are pointing to http://itmanagers.net/postt10.html (in regards to how to configure squid with access restrictions based on group membership) I am trying to get there and I can't. did they change this link? (it seems to be pretty recent - maybe Australia

[squid-users] Squid access control based on browser agents.

Hi, I want to put access control on user's browsers. Can squid accept requests only from Internet Explorer, Netscape Navigator and Opena ? If a user allowed to use squid proxy installs on client PC a proxy server like analogue-x, proxyi, winproxy or naviscope, his request should be rejected. My o

[squid-users] Detected DEAD Parent

Hi My cache.log often says 'Detected DEAD Parent' and 'TCP connection to X.X.X.X/8080 failed'. If my alert tool catches 'Detected DEAD Parent', that tool tells me this event. But I can access to the internet through squid box. I want to tweak timing of 'Detected DEAD Parent's logging , because th

[squid-users] dir_index feature of ext2/3

Hello, how much does squid performance benefit from the dir_index feature of ext2 / ext3? What is the easiest way to actually test squid performance? Best Regards Matthias Weigel

[squid-users] wb_group issues

Hi, for sure I am not the only one having this problem and maybe it a rtfm-thing, but i wasn't able to find it and I searched a lot. I have a squid up and running with samba-3 using the fedora packages (squid-2.5.STABLE3-1.fc1). authentication against the ads works fine from squid for basic a

Re: [squid-users] How can i determine http_tunnel like apps.

On Wed, 28 Apr 2004, Tolga YAMAN wrote: > some of my users using socks2http for http tunneling, they can pass my > squids acls by this way, so they can download blocked files, and connect to > p2p apps. i want to block and/or log their http tunnel like activities. You should be able to identify

[squid-users] ip_wccp and IP spoofing

Hi all, Quick question about ip_wccp's v2 support if I may. I'm using it with a Cisco 2600 to redirect outbound HTTP to squid. This works very well. The router is also able to push spoofed return traffic back to the cache via WCCP. Is this something that is inherently supported by ip_wccp or i

Re: [squid-users] Squid error ?

On Tue, 27 Apr 2004, Abdul Khader wrote: > Server Error > The following error occurred: > > [code=RESOURCE_RECLAIMED] Internal error. Try again. This error does not look like a Squid error.. if it is a Squid error then there should be a signature at the bottom of the page indicating which vers

Re: [squid-users] apache

On Wed, 28 Apr 2004 [EMAIL PROTECTED] wrote: > Do you have any idea how to apply apache patches? I m running squid 2.4 > stable 3 on a SuSE Linux platform. What patches are you talking about, where? Squid is not Apache. > I have also run squidGuard to prevent illegal websites. Is there a way >

Re: [squid-users] Squid-lite?

On Tue, 27 Apr 2004, Elvis Presley wrote: > I am willing to run two instances of squid on my > firewall, one forward, one reverse, but I am not > interested in accelerating, caching, logging, > filtering, controlling... just proxy-ing, I mean, just > url resolution. > > Is there a squid-lite? Al

Re: [squid-users] RTSP DESCRIBE METHOD ByPassing

On Tue, 27 Apr 2004, James MacLean wrote: > Any way to have squid-2.5.STABLE5 _not_ error out when an RTSP DESCRIBE > method is generated. We see Darwin/Apple servers out there setup for rtsp > over port 80. Squid replies with a 400 Bad Request and cache.log has: You are running interception pr

Re: [squid-users] Transparent Proxy iptables rules - Help needed

On Tue, 27 Apr 2004, Roy Walker wrote: > If I take the -o off the rule works fine. However, only want traffic > from eth0 and destined out eth1 to be proxied except when it is destined > for the network specified by the -d. Anyone have any idea what is not > right with that? You can't use -o in

[squid-users] Antwort: [squid-users] antivirus with squid

Configuration Nr. 1 is the more secure option since all http traffic is scanned by the viruswall (which also scans for stuff like javascript "malware"). Of course this affects performance, or rather the way users experience their download. In order to scan a file (say a .zip-archive), the viruswal

Re: [squid-users] Limiting the bandwidth of certain fyles

On Tue, 27 Apr 2004, Xavier Baez wrote: > Should I recompile the linux kernel and patch it with Netfilter? Won't do what you are looking for as netfilter only knows packets, not HTTP or URLs. But in theory it could be possible to combine the string match, connmark and tc to shape certain types

RE: [squid-users] How can i determine http_tunnel like apps.

> > Hi, > some of my users using socks2http for http tunneling, they can pass my > squids acls by this way, so they can download blocked files, > and connect to > p2p apps. i want to block and/or log their http tunnel like > activities. > Any advice? > Even that 'solution' from your bra

[squid-users] antivirus with squid

I searched in the mail list archives for the configuration of AV viruswall trend micro with squid, but I have some doubt: Case 1) clients --> hiearchi proxy --> virus-wall --> internet All the traffic to the internet go through to the virus wall. Case 2) Equal to case 1, but the

[squid-users] How can i determine http_tunnel like apps.

Hi, some of my users using socks2http for http tunneling, they can pass my squids acls by this way, so they can download blocked files, and connect to p2p apps. i want to block and/or log their http tunnel like activities. Any advice? Kind Regards Tolga

[squid-users] weird parent proxy problem

Hello I am asking to sibling cache about a web site and it asks from its parent. The parent thinks its a cache miss but the sibling says its a hit SIBLING CACHE 1083136150.250104 130.232.138.155 TCP_REFRESH_HIT/304 369 GET http://www.batili.com.tr/ - DEFAULT_PARENT/217.21.68.52 - 1083136152