My firewall is also a squid cache.
I have a firewall NAT rule that says, all requests on port 80, change to
port 3128 (the squid cache):
iptables -t nat -A PREROUTING -i eth1 -p tcp --destination-port 80 -j
DNAT --to 10.2.1.1:3128
Requests are getting pushed to squid, but its not looking at the h
if you are going for a dedicated squid box try to
create a separate cache partition of 10 or more so GB
Also try to read freebsd handbook available on
internet
--- yance kowara <[EMAIL PROTECTED]> wrote:
> Dear All,
>
> I am a squid newbie trying to setup a squid server
> on FreeBSD 4.10.
>
>
> acl NOCACHE dst my.ip.here
>
> and later:
>
> http_access deny NOCACHE
here is correct way of doing it
The first step is to define an ACL for the local
servers. You might want to use an address-based ACL,
such as dst:
acl LocalServers dst 172.17.1.0/24
If the servers don't live on a si
I've a 2-way satellite link at the house. It connects to a windoze pc
via usb. I have all the other machines 5-total to proxy thru the squid
machine. The latency is a killer.
Was wondering if you guys may have some suggestions on tweaking squid
for this high latency setup?
--
---
On Sat, 28 Aug 2004, Przemek Czerkas wrote:
pc-bugfix1-2.5.STABLE6.diff: fixes almost 6 years old bug in enums.h
(someone double me, please :-)
What bug?
The only thing I see in your patch is that you rearrange the enum order of
HDR_REQUEST_RANGE, but what is the bug this is supposed to fix?
Rega
On Fri, 27 Aug 2004, Tim Donahue wrote:
Tim, thanks for the pointer. I had tried adding win32_check_group.exe
as a helper for basic authentication, and I wasn't having any luck
win32_check_group is not an authentication helper, only authorization
helper. It can check if the already authorized use
On Fri, 27 Aug 2004, komal wrote:
Is it possible? If yes , it will be great help, if any one suggest changes
in squid.conf or point me a urlto help me
See the squid_ldap_auth and squid_ldap_group documentation.
A rutimentary understating of LDAP helps greatly, so be prepared to use
ldapsearch etc
On Fri, 27 Aug 2004, Matt wrote:
The "aufs" cache_dir type automatically tries to do this when the harddrive
I/O load is too high.
Is "aufs" type less stable then "ufs"?
Not that I know of.
Regards
Henrik
pc-bugfix1-2.5.STABLE6.diff: fixes almost 6 years old bug in enums.h
(someone double me, please :-)
pc-patch1-2.5.STABLE6.diff: (based on patch by David S. Madole
http://www.omdev.com/squid/squid-2.2.STABLE4.ignore-no-cache.patch )
adds more options to refresh-pattern configuration:
- 'ignore-no-ca
i'm using squid as proxy and cache im network, but i want it do not make
cache for the sites im my local server.
i put this lines in the squid.conf:
acl NOCACHE dst my.ip.here
and later:
http_access deny NOCACHE
but this didnt works. this is the right way to do this job of no cache for
some sit
On Fri, 2004-08-27 at 16:49, Tim Neto wrote:
> Hello Tim,
>
> You need a definition like this -| before these definitions in
> your file:
>
> >auth_param basic children 5
> >auth_param basic realm Squid proxy-caching web server
> >auth_param basic credentialsttl 2 hours
> >
> >
> I use L
Hello Tim,
Your squid.conf is missing a definition.
From the default squid.conf file's comments:
#=== Parameters for the basic scheme follow. ===
#
#"program" cmdline
#Specify the command for the external authenticator.
Such a program
Use the ldap functionality of the Domino Directory and config squid for
ldap authentication.
rick...
Rom.5:8
>>> komal <[EMAIL PROTECTED]> 8/27/2004 12:21:55 PM >>>
Dear All
At one of installation, requirement arises to authenticate users from
LOTUS
Domino mailserver directory service user data
Dear Squid Folk,
I've implemented a mechamism to arbitrarily add/change/delete headers,
using an extension to the existing redirect_program helper application.
Attach please find a unified diff made against the 20040805 Squid-3.0
snapshot--it should patch more recent ones, of course. Also, plea
I have been asked by the owner of my company to setup a proxy that
restricts employee's internet access to approved websites only because
of people that have been abusing their access to the internet. It would
be nice if we could use group membership to limit their access, so I
started off by atte
Dear All
At one of installation, requirement arises to authenticate users from LOTUS
Domino mailserver directory service user database. User will be authenticate
with directory server database to get access of internet browsing.
Squid and Domino are running on different server.
Is it possible? If
Dear All,
I am a squid newbie trying to setup a squid server on FreeBSD 4.10.
Hardware specs:
PIII 800Mhz
256 MB SDRAM
80 Gb HDD IDE
We have around 70 concurent users and a 2Mb ADSL.
The box is only functioning as a caching server.
I have done some OS tuning following the book "Squid - definitive
>The "aufs" cache_dir type automatically tries to do this when the harddrive
>I/O load is too high.
Is "aufs" type less stable then "ufs"?
Matt
>>Can Squid be setup so that under heavy load if due to hard drive
access/seek
>>time it cannot keep up with requests and object writes it stops caching
On Fri, 27 Aug 2004, Eswari sharma wrote:
I struck up at this step , it generates many errors and warning as given
below :
--
---
---
include/net/sock.h:228: error: storage size of `sk_error_queue' isn't known
include/net/sock.h:238: error: storage size of `sk_peercred' isn't known
Have you really
On Fri, 27 Aug 2004, Ray Phillips wrote:
Could someone explain what causes these entries in the access.log file,
please?
1093600564.753 634089 192.168.37.201 TCP_MISS/200 433 GET
http://64.12.163.197:2
0480/monitor? - FIRST_PARENT_MISS/proxy2.uq.edu.au AIM/HTTP
This is most likely a AIM chat ses
On Fri, 27 Aug 2004, Eswari sharma wrote:
Dear all,
Thank you for your reply.
As You said I download the module at
http://www.squid-cache.org/WCCP-support/Linux/ip_wccp.c
and (patch ) compile Fedora 2 kernel-2.6.5-1.358 with the given below
command and it generates many errors and warning.
See mai
> make[1]: *** [/usr/src/ip_wccp/ip_wccp.o] Error 1
> make: *** [/usr/src/ip_wccp] Error 2
>
as far i know . do you have kernel source installed ?
___
Do you Yahoo!?
Win 1 of 4,000 free domain names from Yahoo! Enter now.
http://promotions.yahoo.
On Fri, 27 Aug 2004 [EMAIL PROTECTED] wrote:
Cache-Control: max-age=259200
Connection: keep-alive
2004/08/27 10:03:58| Starting Squid Cache version 2.5.STABLE6 for
i386-debian-linux-gnu...
Looks like your Squid is crashing.
See Squid FAQ on how to report bugs for guidance.
R
Download the entire package:
http://www.squid-cache.org/WCCP-support/Linux/ip_wccp-1.6.tar.gz
It includes a Makefile that should allow you to build on kernel 2.6.X
Sean
Unixware wrote :
> A quick investigation of Linux-2.6 build model showed
> that the following
> simple procedure works for compiling ip_wccp for your
> kernel:
> 1. Build and test your kernel. This is required in
> order to correcly
> build
> additional modules..
>
> 2. Create a directory somewhere
Has anyone configured squid to authenticate using SIP, SIP2, or
NCIP. These are protocols used by library systems and are the bases
for many automated features at libraries. Examples include self
checkout where a patron might run their card and a book through a
scanner.
They aren't complicated pr
>> All my users are redirected to the cache via wccp. From squid I'd like
to
>> have certain users or subnets redirected to DansGuardian for content
>>iltering. I am able to make this work fairly easy if I configure squid to
>>use DansGuardian as a cache_peer, but this affects all users and is no
>
> Could someone explain what causes these entries in the
> access.log file, please?
>
> 1093600564.753 634089 192.168.37.201 TCP_MISS/200 433 GET
> http://64.12.163.197:2
> 0480/monitor? - FIRST_PARENT_MISS/proxy2.uq.edu.au AIM/HTTP
>
> 1093602363.415556 192.168.37.201 TCP_MISS/200 38
> and (patch ) compile Fedora 2 kernel-2.6.5-1.358
> with the given below
> command and it generates many errors and warning.
these gcc lines wont work on kernel 2.6 here the way
which Henrik have suggested
A quick investigation of Linux-2.6 build model showed
that the
following
simple procedur
Could someone explain what causes these entries in the access.log file, please?
1093600564.753 634089 192.168.37.201 TCP_MISS/200 433 GET
http://64.12.163.197:2
0480/monitor? - FIRST_PARENT_MISS/proxy2.uq.edu.au AIM/HTTP
1093602363.415556 192.168.37.201 TCP_MISS/200 384 POST
http://205.188.2
> Hi, I did :
>
> 1- Stop squid.
> 2- rm -Rf /cache/*
> 3- change "cache_dir ufs /cache 1000 16 256" to "cache_dir
> ufs /cache 5000
> 16 256"
> 4- squid -z
> 5- Start Squid
>
>
> And now I have :
> ...
> 2004/08/27 13:11:13| WARNING: Disk space over limit: 5150424
> KB > 512 KB
> 200
Dear all,
Thank you for your reply.
As You said I download the module at
http://www.squid-cache.org/WCCP-support/Linux/ip_wccp.c
and (patch ) compile Fedora 2 kernel-2.6.5-1.358 with the given below
command and it generates many errors and warning.
-
gcc -D__KERNEL__
Hi, I did :
1- Stop squid.
2- rm -Rf /cache/*
3- change "cache_dir ufs /cache 1000 16 256" to "cache_dir ufs /cache 5000
16 256"
4- squid -z
5- Start Squid
And now I have :
...
2004/08/27 13:11:13| WARNING: Disk space over limit: 5150424 KB > 512 KB
2004/08/27 13:11:24| WARNING: Disk space
>
> Hi,
>
> I'm having triubles starting squid.
> i get this from /var/log/messages:
>
>
> Aug 27 10:40:54 squid squid[8606]: Squid Parent: child
> process 8627 started
> Aug 27 10:40:54 squid (squid): Cannot open HTTP Port
> Aug 27 10:40:54 squid squid[8606]: Squid Parent: child process 862
Dear Simmen
You are correct i need yahoo messenger to be blocked
Regards
P.Robert
> ALL
>
>
> what he wanted to ask was how to block yahoo
> messenger ..
>
> Not to block yahoo !!
>
> Pandit ...Please review my old email (a day ago ) on
> the same subject ..
>
> --- Henrik Nordstrom <[
Dear Sir,
my point is to have authenticated logins only be it for a limited time.
regards,
Bimal Pandit
On Fri, 2004-08-27 at 13:00, Henrik Nordstrom wrote:
> On Fri, 27 Aug 2004, bimal pandit wrote:
>
> > acl your_pass proxy_auth REQUIRED
> > acl limit_group proxy_auth a b c d e
> > acl unli
Hi,
I'm having triubles starting squid.
i get this from /var/log/messages:
Aug 27 10:40:54 squid squid[8606]: Squid Parent: child process 8627 started
Aug 27 10:40:54 squid (squid): Cannot open HTTP Port
Aug 27 10:40:54 squid squid[8606]: Squid Parent: child process 8627
exited due to signal 6
Aug
Ok
Here is part of my logfile cache.log :
2004/08/27 09:54:04| WARNING: Forwarding loop detected for:
GET /squid-internal-periodic/store_digest HTTP/1.0
Accept: application/cache-digest
Accept: text/html
Host: proxy.eu.domain.com:8080
Via: 0.0 wit
On Fri, 27 Aug 2004, [iso-8859-1] Mark Tinka wrote:
having used SuSE all my geek-life, they will always
add "-beta" to any package still under development,
and will continue to include the current stable
package, in this case, Squid 2.5...
back with SuSE 7.0, Squid-2.4 was "-beta", while 2.3
was av
On Fri, 27 Aug 2004, Matus UHLAR - fantomas wrote:
OK, so there's my question: is there a plan for (possibly) all config
directives to be acl-driven?
Patches are happily accepted (for Squid-3).
Regards
Henrik
On Fri, 27 Aug 2004 [EMAIL PROTECTED] wrote:
And is it normal that it comes every hour ?
No, it is not normal that your Squid is restarted in an uncontrolled
manner every hour. You then need to look for other messages. The message
you have quoted is just an effect of the fact, not the cause.
Reg
>
> Hi All
>
> I would appreciate some help if possible with regard to how one would
> achieve the following:
>
> Consider the situation of a school, where a teacher wants to
> do a lesson
> based on the image and PDF heavy content of a website. To run the
> lesson realtime over a 64kbps
--- Henrik Nordstrom <[EMAIL PROTECTED]> wrote:
> On Wed, 25 Aug 2004, Mrvka Andreas wrote:
>
> > i have suse linux 9.1 where squid3 is precompiled
>
> Hmm.. I think I have to go and shoot someone at
> SuSE.. Squid3 is not yet
> released and way away from a production quality
> release. Havin
Ok thanks.
And is it normal that it comes every hour ?
Moreover last one I had, "Store rebuilding" was 1.6%: Lower than in the
past.
Thanks
-Ursprüngliche Nachricht-
Von: Henrik Nordstrom [mailto:[EMAIL PROTECTED]
Gesendet: Freitag, 27. August 2004 09:32
An: Gix, Lilian (BR/PII3) *
Cc:
> On Thu, 26 Aug 2004, Matus UHLAR - fantomas wrote:
> >>>Another possibility would be to use content filtering on one port, while
> >>>not filtering on another port, everything with one http proxy...
> >
> >On 26.08 12:29, Henrik Nordstrom wrote:
> >>See the myport acl.
> >
> >Yes, I know about th
Hi All
I would appreciate some help if possible with regard to how one would
achieve the following:
Consider the situation of a school, where a teacher wants to do a lesson
based on the image and PDF heavy content of a website. To run the
lesson realtime over a 64kbps line would be killer slow
On Fri, 27 Aug 2004 [EMAIL PROTECTED] wrote:
Now, in Cache.log, I have :
Store rebuilding is 2.5% complete
2004/08/27 09:04:04| WARNING: newer swaplog entry for dirno 0, fileno
002C
2004/08/27 09:04:09| WARNING: newer swaplog entry for dirno 0, fileno
0586
2004/08/27 09:04:09| WARNING: new
On Fri, 27 Aug 2004, bimal pandit wrote:
acl your_pass proxy_auth REQUIRED
acl limit_group proxy_auth a b c d e
acl unlimit_group proxy_auth f g h i j
acl time_limit time 16.00-20.00
http_access allow limit_group your_pass time_limit
http_access allow unlimit_group your_pass
The your_pass acl is no
On Fri, 27 Aug 2004, Shu Ung wrote:
Thanks Henrik. The problem was to do with yet another misconfiguaration on my
part. I have my authenticate_ttl set to 0 for testing purposes and have
forgotten to also set my external_acl ttl to 0 which has default of 1 hour -
I have an external acl which does
Hi,
I realy don't undertand my new Squid (2.5 Stable 6).
So many warning.
Now, in Cache.log, I have :
Store rebuilding is 2.5% complete
2004/08/27 09:04:04| WARNING: newer swaplog entry for dirno 0, fileno
002C
2004/08/27 09:04:09| WARNING: newer swaplog entry for dirno 0, fileno
0586
50 matches
Mail list logo