Just read in http://www.oreilly.com/catalog/squid/chapter/ch08.pdf that you
should never use RAID for squid cache directories because it always degrades
filesystem performance for squid.
- Original Message -
From: "Hendrik Voigtländer" <[EMAIL PROTECTED]>
To: "Joel Jaeggli" <[EMAIL PROT
I assumed, it is a matter of ACL number. I can have 10 ACLs or 1 ACL in
the squid. But I don't know, how squid does handle this internally, so
you may be right and it doesn't matter anyway.
Sure, I want to permit only the allowed IPs on the proxy, but it is also
a matter of performance. We have ab
On 17.05 22:35, Hendrik Voigtländer wrote:
> Our system uses striped cache disks.
> I really wonder if there is a difference between e.g. 2x36GB striped
> with a decent RAID-Controller (HP/Compaq, to be precise) or using those
> disks independend from each other (only for squid cache, of course)
On 17.05 17:47, Andreas Pettersson wrote:
> If the performance among the disks is about equal then cache performance is
> significant better with 5 x 20G disks instead of 1 x 100G. How they are
> partinioned doesn't matter.
It does matter. partitioning disks used for cache can decrease
performance
Hi frndz,
Yesterday I sent my problem, I think no one observed the mail. Plz
suggest me regarding the problem given below.
>For some sites, after making a request, I am getting the following
> error. Plz help me regarding this.
>
> ERROR
>
> The requested URL could not be retrieved
>
> Whil
since a while I have a problem with the siblings in my proxy cluster.
Some weeks ago, I activated CARP on the proxies, to loadbalance the
parents by URL-Hash.
But unfortunately since this change, sibling does not work anymore. No
ICP request is sent or recieved by one of the proxies. Nothing happen
>
> our squid has to handle more than 100.000 IP adresses.
>
> Is it more efficient to fill up subnets or doesn't it matter.
>
> E.g. 250 IPs of an C-IP Range have to have proxy access, but
> I can also
> allow all 255. Is there a difference in performance, when I give squid
> maybe 10 sub
our squid has to handle more than 100.000 IP adresses.
Is it more efficient to fill up subnets or doesn't it matter.
E.g. 250 IPs of an C-IP Range have to have proxy access, but I can also
allow all 255. Is there a difference in performance, when I give squid
maybe 10 subnets with 250 IPs or 1
Thanks Steve for valuable explaination
next i will try build kernel with icc8
i think this will improve further performance
> >> One more thing. When building Squid with ICC
you'll
> see a lot of these:
>
> icc: Command line remark: option '-MP' not
> supported
Yes u r right i see this
I've got a problem with my squid cache not refreshing for certain urls like;
http://www.bom.gov.au/weather/national/charts/synoptic.shtml
If I remove the proxy settings from the client it gets the latest chart. Also if I stop
squid and remake the cache dirs (squid -z) then the latest chart is av
This might be of interest...
From: http://isp-lists.isp-planet.com/isp-caching/0205/msg00034.html
> Allow me to stir the pot a bit,
>
> A few years ago on a consulting gig I ran into an ISP that claimed to be
> doing just this. The admin/programmer told me that he just "hacked a few
> lines of
Hi, I seems to read somewhere that it's possible to make squid use the
client IP instead of it's own IP for outgoing request(In a transparent proxy
environment). But I ca'nt seems to find the thread now. Anyone have any idea
on how this can be done?
Thanks
Liz
__
Hello,
Howto set acl in squid using ethernet MAC address ?
Thanks
Varun
Maurer Roland MKG-Bank wrote:
> We want to use http over internet to look on an "telnet" UNIX host in our
> firm.
Squid does not support this. However, you can setup Squid's acls to permit
the CONNECT method over port 23, then use a tool that tunnels through
proxies using the CONNECT method to co
[EMAIL PROTECTED] wrote:
> Is there anyway in which i can tell the Squid to refer to our Intranet DNS
> for this particular Intranet URL/URL's ?
Just list your intranet's DNS server first in /etc/resolv.conf.
> I guess entry in the hosts file does not help !!
It should. Have you tried it?
Adam
Jason Williams wrote:
> However, is it possible to do some type of throttling for streaming audio
> and video? For instance, maybe I can throttle streaming audio and video so
> tightly that my users just give up on trying to listen to radio stations.
Look into delay pools. The Squid FAQ has more
I've seen similar questions to mine in the archives with no answers.
I'm open to any reasonable suggestions.
We have several different proxying firewalls coming out of our private
internet to the public Internet. I'd like to use squid to (a) change
or remove some of the header information that's
Hello everyone.
We are in the process of deciding on a web proxy to use for our company
here. I have convinced the management here to let me put up a squid server
and have all of our users go through the squid server.
They asked a couple of questions regarding the capability of squid and I
wasn
Boniforti Flavio wrote:
> Do these two lines do the job?
>
> acl SSL_ports port 22 443 460 563 1863 5190 1
> acl Safe_ports port 1025-65535 # unregistered ports
Yes, those lines work - unless there is traffic on other ports that also
needs to be allowed. Check your access.log to see.
Adam
Hello,
Our system uses striped cache disks.
I really wonder if there is a difference between e.g. 2x36GB striped
with a decent RAID-Controller (HP/Compaq, to be precise) or using those
disks independend from each other (only for squid cache, of course)
1st case: both disks on same controller, sam
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
* mr_bksharma <[EMAIL PROTECTED]> [17-05-2004 16:14]:
> I have configured squid for first time on single compr.
> The browser goes thru' proxy but mail smtp/pop and yahoo messsenger can
> connect directly as they don't even check if squid is running o
I have configured squid for first time on single compr.
The browser goes thru' proxy but mail smtp/pop and yahoo messsenger can
connect directly as they don't even check if squid is running or not.
Plz. suggest a fix or some ACL for this
regards
Hello,
has anybody an idea to realize following situation.
We want to use http over internet to look on an "telnet" UNIX host in our
firm.
Therefore we want use a squid as reverse proxy and protocol changer.
Has anybody an idea if and how it works?
Thanks for help
RMA
--
On Mon, 17 May 2004, Michael Gale wrote:
> Hello,
>
> If you have unlimited physical RAM -- then why not use a RAM disk for cache ?
> Personally I think that cache is over rated. There is NO point is having over
> 15-20 MB of cache per-person anyways.
20MB per user is around 400GB for me.
> 2) In term of performance only, is a 100GB harddisk better (partitioned
into
> 5 20GB partitioned) or 5 20GB harddisks better.
If the performance among the disks is about equal then cache performance is
significant better with 5 x 20G disks instead of 1 x 100G. How they are
partinioned doesn't m
Hello,
If you have unlimited physical RAM -- then why not use a RAM disk for cache ?
Personally I think that cache is over rated. There is NO point is having over
15-20 MB of cache per-person anyways.
Here I have given squid a 150MB RAM disk to store it's cache on -- so it the box
crashe
SXB6300 Mailing wrote:
The following is what you need in your squid.conf :
acl SSL_ports port 443 ... 1863 5190
acl CONNECT method CONNECT
http_access deny CONNECT !SSL_ports
This is actually what I got! 0__0
acl SSL_ports port 443 460 563 1863 5190 1
[...]
acl CONNECT method CONNECT
[...]
ht
Adam Aube wrote:
Add those two ports to the Safe_ports and SSL_ports acls, then create an
http_access rule that denies those two ports unless they are to the
relevant servers.
Do these two lines do the job?
acl SSL_ports port 22 443 460 563 1863 5190 1
acl Safe_ports port 1025-65535 # unregis
The following is what you need in your squid.conf :
acl SSL_ports port 443 ... 1863 5190
acl CONNECT method CONNECT
http_access deny CONNECT !SSL_ports
I know it works for ICQ (login.oscar.aol.com:5190), but where for msn messenger
(messenger.hotmail.com:1863)
I'm not sure that it will works thr
Skarbet wrote:
> i'm using squid2.4stable7 and trying to stop user from
> downloading large file and access some server.this is
> my ACL:
> acl local src 192.168.1.0/24
[other acl lines]
> http_access allow local
[other http_access lines]
> but this does not work !!! can u show
> > You get TCP_DENIED errors because the ports used, in this
> > case 5190 and 1863 are not listed in your SSL_ports acl.
>
> Aha, I didn't know it was trying to connect through SSL, both
> of them...
>
> > Allowing SQUID's CONNECT , for such applications has be
> done with care.
> > Av
Boniforti Flavio wrote:
> This is what I get in access.log:
>
> 1084802777.627 6 10.167.211.11 TCP_DENIED/403 1353 CONNECT
> login.oscar.aol.com:5190 - NONE/- text/html
>
> 1084803020.025 2 10.167.211.11 TCP_DENIED/403 1357 CONNECT
> messenger.hotmail.com:1863 - NONE/- text/html
The l
Elsen Marc wrote:
You get TCP_DENIED errors because the ports used, in this
case 5190 and 1863 are not listed in your SSL_ports acl.
BTW: I added both ports to SSL_ports ACL but nothing changed:
1084804324.562108 10.167.211.11 TCP_MISS/000 1365 CONNECT
messenger.hotmail.com:1863 boniforti
Elsen Marc wrote:
You get TCP_DENIED errors because the ports used, in this
case 5190 and 1863 are not listed in your SSL_ports acl.
Aha, I didn't know it was trying to connect through SSL, both of them...
Allowing SQUID's CONNECT , for such applications has be done with care.
Avoid proxy abuse
>
>
>
>
> Elsen Marc wrote:
>
> > Whether or not this proxying is fully HTTP compliant can
> for instance
> > be verified by checking squid's access log for request(s) coming
> > from this 'source'.
> > Also check squid's cache.log for further info and or errors.
>
> This is what I get
Joel Jaeggli wrote:
socks proxy or http proxy?
HTTP proxy
--
---
Boniforti Flavio
Provincia del Verbano-Cusio-Ossola
Ufficio Informatica
Tecnoparco del Lago Maggiore
Via dell'Industria, 25
28924 Verbania
---
socks proxy or http proxy?
joelja
On Mon, 17 May 2004, Boniforti Flavio wrote:
>
>
> Elsen Marc wrote:
>
> > What is GAIM ?
>
> GAIM is a multi-protocol Instant Messenger (gaim.sourceforge.net).
> It's supposed to be configured to use a proxy, but I always get errors
> with squid...
>
>
Elsen Marc wrote:
Whether or not this proxying is fully HTTP compliant can for instance
be verified by checking squid's access log for request(s) coming
from this 'source'.
Also check squid's cache.log for further info and or errors.
This is what I get in access.log:
1084802777.627 6 10.16
?
>
> GAIM is a multi-protocol Instant Messenger (gaim.sourceforge.net).
> It's supposed to be configured to use a proxy, but I always
> get errors
> with squid...
>
Whether or not this proxying is fully HTTP compliant can for instance
be verified by checking squid's access log for request(
Elsen Marc wrote:
What is GAIM ?
GAIM is a multi-protocol Instant Messenger (gaim.sourceforge.net).
It's supposed to be configured to use a proxy, but I always get errors
with squid...
--
---
Boniforti Flavio
Provincia del Verbano-Cusio-Ossola
Ufficio Informatic
> Hy all!
>
> I'm getting troubles using GAIM through squid.
What is GAIM ?
M.
> I always get "No tunnelling available on port 80", but MSN Messenger
> works fine!
>
On Mon, May 17, 2004 at 02:36:20PM +0200, Skarbet wrote:
> i'm using squid2.4stable7 and trying to stop user from
> downloading large file and access some server.this is
> my ACL:
>
> #My Access List
> acl limit_conn src 192.168.1.0/24
> acl 6conn maxconn 6
> acl post method post
> acl exe urlp
Hy all!
I'm getting troubles using GAIM through squid.
I always get "No tunnelling available on port 80", but MSN Messenger
works fine!
Who can help me?
Thanks
--
---
Boniforti Flavio
Provincia del Verbano-Cusio-Ossola
Ufficio Informatica
Tecnoparco del Lago Maggio
On Mon, May 17, 2004 at 12:56:19PM +0200, Boniforti Flavio wrote:
> May 17 12:19:53 plin squid[433]: Failed to select source for
> 'http://www.provincia.verbania.it/piffero.css'
> May 17 12:19:53 plin squid[433]: always_direct = -1
> May 17 12:19:53 plin squid[433]:never_direct = 1
> May 17
Your first ACL allow full access from local network (192.168.1.0/24) if
your user arre inthis range squid will never go furher on the ACL check.
Move the first line at the end. So squid will proceed your deny first.
Ragards,
Arno
On Monday 17 May 2004 09:46, Matus UHLAR - fantomas wrote:
> On 17.05 09:31, Denis Vlasenko wrote:
> > On Friday 14 May 2004 15:04, Christoph Haas wrote:
> > > this morning we found out that our cache hit ratio is zero. We started
> > > to investigate and according to the store.log all objects were
I don't know if this will solve it but I have this rule at the end of my acl
(denies everything that doesn't match your rule)
http_access deny all
-Original Message-
From: Skarbet [mailto:[EMAIL PROTECTED]
Sent: Monday, May 17, 2004 8:36 AM
To: [EMAIL PROTECTED]
Subject: [squid-users] Sq
Hi,
i'm using squid2.4stable7 and trying to stop user from
downloading large file and access some server.this is
my ACL:
#My Access List
acl limit_conn src 192.168.1.0/24
acl 6conn maxconn 6
acl post method post
acl exe urlpath_regex -i \.exe$
acl local src 192.168.1.0/24
acl download dstdomain
Hi all !
As in the Subj, how can I set a maximum download size for each user ?
I have users that download a lot of small (2-3Mb) files and by doing so
use a lot of bandwidth.
How can I prevent them from doing so ?
I would like to just make them able to download "so much" per day.
How can I do It ?
Hello all!
I get:
May 17 12:19:53 plin squid[433]: Failed to select source for
'http://www.provincia.verbania.it/piffero.css'
May 17 12:19:53 plin squid[433]: always_direct = -1
May 17 12:19:53 plin squid[433]:never_direct = 1
May 17 12:19:53 plin squid[433]:timedout = 0
And the i g
Greetings all ..
I have a typical problem.
I have configured squid for internet access.
All Intranet(inside our organizations) sites are bypassed at the browser
itself for most of the Users.
But some users who work on a physically separate network but access our
squid cannot have these address
On Mon, 17 May 2004, Lizzy Dizzy wrote:
> Thanks.
>
> So does it means that the number of partition as well as the total size per
> harddisk does not matter?
>
> As long as the harddisk has multiple spindles, performance would be
> equivalent?
hard-drives have one spindle with one or more pla
Hi Squid users,
For some sites, after making a request, I am getting the following
error. Plz help me regarding this.
ERROR
The requested URL could not be retrieved
While trying to retrieve the URL: http://www.google.co.uk/search?
The following error was encountered:
Connection Failed
Th
>
> Hi,
>
> Duane Wessels's "Squid - The Definitive Guide"
> http://www.oreilly.com/catalog/squid/chapter/ch08.pdf (pg
> 112) recommended
> that changing ASYNC_WRITE to 1 would ensure that disk writes
> is running
> asynchronously (= better performance).
>
Ok, good the book open at tha
Hi,
Duane Wessels's "Squid - The Definitive Guide"
http://www.oreilly.com/catalog/squid/chapter/ch08.pdf (pg 112) recommended
that changing ASYNC_WRITE to 1 would ensure that disk writes is running
asynchronously (= better performance).
Thanks
Liz
From: "Elsen Marc" <[EMAIL PROTECTED]>
To: "Li
>
> Hi, I am configuring my squid 2.5S4 to used aufs. The
> following are the
> config:
>
> ./configure --enable-cache-digests --enable-gnuregex
> --enable-underscores
> --enable-err-languages="English" --enable-storeio=aufs,ufs
>
>
> modified /src/fs/aufs/store_async.h such that ASYNC_W
Hi, I am configuring my squid 2.5S4 to used aufs. The following are the
config:
./configure --enable-cache-digests --enable-gnuregex --enable-underscores
--enable-err-languages="English" --enable-storeio=aufs,ufs
modified /src/fs/aufs/store_async.h such that ASYNC_WRITE is changed from 0
to 1.
Thanks.
So does it means that the number of partition as well as the total size per
harddisk does not matter?
As long as the harddisk has multiple spindles, performance would be
equivalent?
Regards
Liz
From: "Elsen Marc" <[EMAIL PROTECTED]>
To: "Lizzy Dizzy" <[EMAIL PROTECTED]>,<[EMAIL PROTECT
On Mon, 17 May 2004, CHARREAU Anthony wrote:
> If I try to see a Internet or Intranet website without NTLM auth through Squid, who
> always auth users with NTLM, it works fine.
This it should.
> So, Apache alone works fine, squid alone works fine, but when I try to chain both,
> it fails.
You
On Mon, 17 May 2004, Matus UHLAR - fantomas wrote:
> Changing maximum_object_size to long long (or however is it called, iirc
> quad on FreeBSD) wouldn't help itself. Squid should be rewritten to use
> 64bit file access. squid 3.0 supports it for now.
Squid-2.5 is very unlikely to ever support th
>
>
> Thanks.
>
> So does it means that the number of partition as well as the
> total size per
> harddisk does not matter?
>
> As long as the harddisk has multiple spindles, performance would be
> equivalent?
>
By multiple spindles I meant multiple harddisks. Partioning per hard disk
Varun,
How are you?
Please add following lines into /etc/squid.conf
#--please add following lines after icp_port 0
auth_param basic program /usr/lib/squid/ncsa_auth /usr/lib/squid/etc/passwd
auth_param basic children 5
auth_param basic realm Tell me your user name and password
auth_param ba
On Fri, 14 May 2004, Christoph Haas wrote:
> We reduced the squid.conf to track down the problem. It appears that when
> specifying a maximum_object_size larger than 2 GB the whole caching feature
> becomes disabled. However I haven't seen anything useful in the cache.log
> that would give me a hi
You cannot use NTLM-authentication through squid.
See http://www.squid-cache.org/Doc/FAQ/FAQ-11.html#ss11.14
"CHARREAU Anthony"
>
> Hi,
>
> I understand that the size of the physical RAM has to be
> proportional to the
> total harddisk cache size. Supposing I have
>
> unlimited physical RAM,
>
>
> 1) What is the recommended size of 1 physical harddisk for
> each server (each
> server can have sda, sdb etc...). T
Hi everybody,
I have got a problem with Squid NTLM feature and it is a bit strange, be advise :-)
I am setting a proxy / cache platform based on squid with NTLM auth feature.
This platform includes an Apache web server to show access statistics to users.
The problem occurred when I try to gain a
Hi,
I understand that the size of the physical RAM has to be proportional to the
total harddisk cache size. Supposing I have
unlimited physical RAM,
1) What is the recommended size of 1 physical harddisk for each server (each
server can have sda, sdb etc...). The reason I
am asking this is that
67 matches
Mail list logo
