>> If you are doing this inside Squid then whatever you do should fulfill the
>> non-blocking property. You do not want Squid to stop
>> processing requests only because it is waiting for an response from the DB system.
>
> We have started analysis on making flat file filter rules to DB Based.
>
>
> Hello all,
>
> I'm having a problem with downloading files through the proxy
> using ftp.
> I'm able to connect up to an ftp server using Firefox or IE 6 just
> fine, and I can start downloading files without trouble. I
> can see the
> file in the cache as it's downloading, so I kno
Hi
We have to server all the request. Which cluster suits here.
please advise..
Regards
MV
On Thu, 28 Oct 2004 10:29:35 +0530, Murugavel Thiruvengadam
<[EMAIL PROTECTED]> wrote:
>
>
> Hi
> http 15Mbps Traffic
>
> Regards
> MV
>
> "Success comes to the person who does today"
>
--
Hi
http 15Mbps Traffic
Regards
MV
"Success comes to the person who does today"
> If you are doing this inside Squid then whatever you do should fulfill the
> non-blocking property. You do not want Squid to stop
> processing requests only because it is waiting for an response from the DB system.
We have started analysis on making flat file filter rules to DB Based.
Our Obj
Okay. Seems to be working on my FreeBSD box.
For anyone who wants to know in the future.. setting up Squid to Authenticate via
Samba3 to Active Directory Services:
squid.conf
auth_param ntlm program /usr/local/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 30
aut
aha. I needed to use this:
external_acl_type NT_global_group %LOGIN /usr/local/libexec/squid/wbinfo_group.pl
Well that's one step further, but now it allows everyone to access the proxy even if
they aren't in the allowed groups.
external_acl_type NT_global_group %LOGIN /usr/local/libexec/squid/
I am having some issues with squid not caching .cfm pages or responses.
Is there a way to override this behavior? The newest CVS code works
well for this issue, however we are not using it in production yet. Here
is what I get in the access.log when hitting cfm pages. (Squid Version
2.5 STABLE7)
Okay. I forgot this:
# Define the group
external_acl_type NT_global_group %LOGIN /usr/local/squid/libexec/wb_group
Now I can start squid.
I am in group "ITDepartment"
which I put in the "allowedntgroups" file
but it still denies me access.
#Recommended minimum configuration:
acl all src 0.0.0.
I added the below text to the child:
nonhierarchical_direct off
prefer_direct off
cache_peer parent.server.ip parent 3128 0 default no-query
And I added the child to an acl on the parent that does not allow
downloading of .exe's but when I tried to downoad them I was able to.
Since I added the
According to the docs:
acl ProxyUsers external NT_global_group "/usr/local/squid/etc/DomainUsers"
and the DomainUsers files will contain only the following line:
"Domain Users"
I tried this:
acl AllowedNTUsers external NT_global_group "/usr/local/etc/squid/acls/allowedntgroups"
acl AuthorizedUsers
On Wed, 27 Oct 2004, [iso-8859-1] Leonardo Rodrigues Magalhães wrote:
Well .. that's also OK. But the problem is that some of these uses to
make http requests in a VERY fast rate, like 20 per second. In some days, my
access.log file uses to reach it's limit (2Gb) before the end of the week,
On Wed, 27 Oct 2004 Jim_Brouse/[EMAIL PROTECTED] wrote:
I have been reading documentation at the below two urls and what I can not
determine is that do I need to enable something on server a if it is going
to be a parent to server b or do I just need to tell server b which server
is its parent?
You
I have Squid authing to ADS via Samba and I need to add certain groups to have access.
It's something like this:
acl unrestrictedusers external nt_group "/usr/local/etc/squid/acls/allowedntgroups"
but that doesn't work.
Of course, being NT groups, they have spaces in the names.. eg "IT Dept" so a
No! there is no configuration for parent server
but i u want other squid cache on parent then
cache_peer parentcache.foo.com parent 3128 0 no-query default
acl all src 0.0.0.0/0.0.0.0
never_direct allow all
is best way
Note: in condition your parent did not response your cache
Do I need to enable something on the parent server so that it can be a
parent server?
Jim
Kashif Ali
please explain your words
On Wed, 27 Oct 2004 14:21:02 -0700,
jim_brouse/[EMAIL PROTECTED]
wrote:
> I have been reading documentation at the below two urls and what I can not
> determine is that do I need to enable something on server a if it is going
> to be a parent to server b or do I just ne
Hello Guys,
I'm running Squid 2.5S4 on a RedHat 9 box in a not-small network (350
machines). Web access is done only with authentication. That's working
perfectly.
But, when some machines got infected with ad-ware softwares and viruses,
these softwares/viruses uses to make SEVERAL http
I have been reading documentation at the below two urls and what I can not
determine is that do I need to enable something on server a if it is going
to be a parent to server b or do I just need to tell server b which server
is its parent?
http://squid.visolve.com/squid/squid24s1/neighbour.htm#ca
On Wed, 27 Oct 2004, Culley Harrelson wrote:
using the squid authenticate_* directives I presume.
auth_param more specifially (authenticate_* is Squid-2.4 and earlier
only..)
Is it possible
to use authenticate_program to point to a custom script that does
database lookups? I am dealing with 50K
You might consider configuring your load balancer to always use the
same proxy for the same internal_ machine_ (e.g. a simple hash based
on the IP of the internal machine? This, of course, depends on what
sort of load balancer it is.
The super proxy script won't solve the problem, because a singl
> Config 'request_header_max_size'= 10240 bytes.
> Request header is too large (11680 bytes)
> Config 'request_header_max_size'= 10240 bytes.
> Request header is too large (11680 bytes)
> Config 'request_header_max_size'= 10240 bytes.
> Request header is too large (11680 bytes)
>
usaly it heppend
* Henrik Nordstrom <[EMAIL PROTECTED]> [Oct 27, 2004 21:30]:
> >which is a bit weird, since the actual content shouldn't vary with
> >charset?
> Actual content DO vary with charset. Any non-ascii characters is charset
> dependent.
OK, what I meant by content was perhaps "representation". The dat
On Wed, 27 Oct 2004 21:31:33 +0200 (CEST), Henrik Nordstrom
<[EMAIL PROTECTED]> wrote:
>
> > 2. We are doing basic authentication with the apache module
> > mod_auth_pgsql. This authentication against postgresql is resulting
> > in a lot of database activity. I read somewhere that squid will cac
On Wed, 27 Oct 2004, Culley Harrelson wrote:
1. I read that squid will normally cache based on the relevant http
cache headers. Is it possible to force a cgi script to be cached if
it doesn't have these headers? i.e. if uri matches regex cache it no
matter what.
You can use the refresh_pattern di
On Wed, 27 Oct 2004, Ian Large wrote:
I have some documentation provided by Websense that says I
need to ensure that Samba is built with --with-winbind and
--with-winbind-auth-challenge (which it is - now) and also
gave me the chunk of squid.conf to make it work:
Which version of Samba?
See the Sq
On Wed, 27 Oct 2004, Steve Searles wrote:
Does anyone know of a patch for 2.5 that enables the same logformat
directive + variables as in 3.0PRE?
http://devel.squid-cache.org/
The problem I am having with 3.0 is after about 15 minutes it will just
stop serving pages? The CPU drops to about 1% l
On Wed, 27 Oct 2004, Nikolai Weibull wrote:
which is a bit weird, since the actual content shouldn't vary with
charset?
Actual content DO vary with charset. Any non-ascii characters is charset
dependent.
Regards
Henrik
On Wed, 27 Oct 2004, Michael Pophal wrote:
Here my questions:
1) Why is ICAP not in the squid main branch?
Because of two reasons:
a) The ICAP support is not yet stable
b) Squid-2.5 is frozen and no new features is allowed into this branch,
even if it was stable.
There is an opportunity for I
On Wed, 27 Oct 2004, BusyBoy wrote:
like I have two drives with mount points as
/cacheA > SCSI
/cacheB > SCSI
and I want to use them separately, What you suggest would be better
way to utlize these two SCSI's,, as currently a cache already setup in
this manner is creating proble
On Tue, 26 Oct 2004, Gaylord Van Brocklin wrote:
The Squid -> AV server will be bypassing the firewall, but I guess I could
throw another NAT box outside the AV servers.
Is this a common solution to this problem?
I seen it done at many places requiring more than one proxy, for the exact
reasons
Hi,
I am evaluating squid for use as a reverse proxy. I have spent a few
hours reading documentation and I think I am ready to ask some
questions:
1. I read that squid will normally cache based on the relevant http
cache headers. Is it possible to force a cgi script to be cached if
it doesn't h
The Squid -> AV server will be bypassing the firewall, but I guess I
could throw another NAT box outside the AV servers.
Is this a common solution to this problem?
-gvb
On Oct 26, 2004, at 3:08 PM, Henrik Nordstrom wrote:
On Tue, 26 Oct 2004, Gaylord Van Brocklin wrote:
One problem that I have ha
Henrik Nordstrom wrote:
On Tue, 26 Oct 2004, Daniel Fenert wrote:
I have two (for now) internet connections, one is exclusively for www
usage,
and the other for everything else.
The problem is that 'www connection' hangs from time to time (usually
once a
week). I would like to setup squid for fa
The Squid -> AV server will be bypassing the firewall, but I guess I
could throw another NAT box outside the AV servers to also add a layer
of security.
Is this a common solution to this problem?
Here is another idea for architecture.. what do you think:
- I was thinking about using the Super Pr
Hello all,
I'm having a problem with downloading files through the proxy using ftp.
I'm able to connect up to an ftp server using Firefox or IE 6 just
fine, and I can start downloading files without trouble. I can see the
file in the cache as it's downloading, so I know Squid is at least
star
You should be using the ntlm_auth helper from Samba, not the squid wb_*
helpers.
Also check permissions on the winbind pipe.
See the squid FAQ and pay attention to the differences between Samba 2.x
and 3.x.
Jerry
- Original Message -
From: "Ian Large" <[EMAIL PROTECTED]>
To: <[EMAIL P
Hi
I've been banging my head against a wall for too long and I
hope someone can enlighten me as to what I am doing wrong. I
have been trying to get a squid proxy (using NT4 domain
logons) working on a RHEL WS 3.0 server and had some success
using basic authentication. The problem is that I want to
Hello everyone,
I am having a bit of trouble with the reverse proxy setup in 3.0. We
currently use 2.5Stable7. I would at least like to test under 3.0
because of the logformat directive being available. Does anyone know of
a patch for 2.5 that enables the same logformat directive + variables
On Wednesday 27 October 2004 01:02, James Gray wrote:
> On Tue, 26 Oct 2004 09:32 pm, Angela Williams wrote:
> > On Tuesday 26 October 2004 08:10, [EMAIL PROTECTED] wrote:
> > > Hi everyone,
> > >
> > > I am running Squid 2.5STABLE5 and trying to block a few of the more
> > > prominent web advertis
* Henrik Nordstrom <[EMAIL PROTECTED]> [Oct 26, 2004 22:10]:
> >Is there a way to tell squid to override Content-Type's sent from http
> >servers so that the files they serve will actually get the right
> >mime-type even though the server serves them wrongly, e.g., text/plain
> >instead of image/x-
* Matus UHLAR - fantomas <[EMAIL PROTECTED]> [Oct 27, 2004 12:51]:
> > It seems that my previous post on image/x-icon and mime handling
> > wasn't very successful in catching people's attention, so I'll
> > rephrase the question:
> > Is there a way to tell squid to override Content-Type's sent fro
On 26.10 16:55, Nikolai Weibull wrote:
> It seems that my previous post on image/x-icon and mime handling wasn't
> very successful in catching people's attention, so I'll rephrase the
> question:
>
> Is there a way to tell squid to override Content-Type's sent from http
> servers so that the files
Hi,
I use squid 2.5.STABEL6 with ICAP Patch from
http://www.squid-cache.org/~wessels/squid-icap-2.5/.
Here my questions:
1) Why is ICAP not in the squid main branch? Is there any developement
going on?
2) When can I expect an ICAP-patched squid-2.5.STABLE7?
3) I regularily get the following er
44 matches
Mail list logo
