Interleaving the acls and http_access lines should work just fine. I'd
change the dstdom_regex to dstdomain, because as it stands now, anything
with ".gov" anywhere in the domain (where the dot can represent any
character i.e. thegovenator.com), will be allowed through. Same thing for
the
Joost:
Thank you- I tested this out, and it certainly does clean up the ACLs
considerably. Unfortunately it doesn't solve my original problem, but
thats not the fault of the ACLs - rather the way that windows media
player seems to handle multiple proxies. This sequence of events is
confirmed by et
On Thu, 10 Feb 2005 [EMAIL PROTECTED] wrote:
I have a problem that I cant seem to figure out, hopefully somone can help.
I have a single proxy server which does not cache and all users are forced to
go through for internet access. A few users have to download msword, excel and
other random files fr
On Fri, 11 Feb 2005, Justin Hennessy wrote:
The problem is that I have come across a couple of sites that are legit
that have EXE in the URL.
Can anyone think of a way to get around this (other than creating a URL
exception list)?
You could look into using mime type based blocking instead of lookin
On Thu, 10 Feb 2005, Ray Charles wrote:
I am getting errors about running out of FD and I
checked d the FAQ and found a couple pointers for
doing a ulimit before running ./config and editing the
/usr/include/bit/types.h file.
You only need to do this for Squid-2.4 and earlier. As noted in the Squi
> -Original Message-
> From: Justin Hennessy [mailto:[EMAIL PROTECTED]
> Sent: Thursday, February 10, 2005 2:50 PM
> To: squid-users@squid-cache.org
> Subject: [squid-users] Blocking EXE problem??
>
>
> Hi all,
>
> I am trying to stop my staff from download EXE files from the
> internet.
Hi all,
I am trying to stop my staff from download EXE files from the
internet.
The problem is that I have come across a couple of sites that are legit
that have EXE in the URL.
Here is an example:
http://www.ht.com.au/scripts/xworks.exe?M
I have the following ACLs:
acl ITStaff src IP1 IP2 IP
I am getting errors about running out of FD and I
checked d the FAQ and found a couple pointers for
doing a ulimit before running ./config and editing the
/usr/include/bit/types.h file. I just wanted to ask
if I should also increase the FD_SETSIZE ?? Probably
not, but here is that part of ./conf
> -Original Message-
> From: Oliver Hookins [mailto:[EMAIL PROTECTED]
> Sent: Thursday, February 10, 2005 1:15 PM
> To: Henrik Nordstrom
> Cc: squid-users@squid-cache.org; Chris Robertson
> Subject: Re: [squid-users] Can't see usernames in logs after enabling
> NTLM
>
>
> Henrik Nordstrom
On Fri, 11 Feb 2005, Oliver Hookins wrote:
This could be a problem. So any program that chooses not to authenticate, or
for some reason cannot authenticate (for example, it's not built-in) will be
denied access?
Yes, as Squid needs the username to evaluate the acl.
If we reversed the rules like t
Henrik Nordstrom wrote:
After that we have someone who IS in the LDAP group, is in the SURFING
IP range and is access a site that is also not in allowedsites. The
connection is denied and the username is not logged.
Here the browser did not agree on logging in to the proxy and hence the
request
> -Original Message-
> From: Oliver Hookins [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, February 09, 2005 10:32 PM
> To: squid-users@squid-cache.org
> Cc: Chris Robertson
> Subject: Re: [squid-users] Can't see usernames in logs after enabling
> NTLM
>
>
> Chris Robertson wrote:
>http
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> Sent: Thursday, February 10, 2005 8:40 AM
> To: squid-users@squid-cache.org
> Subject: [squid-users] Banning all other destinations
>
>
>
>
>>ACLs don't seem to be checked when squid serves cached content (li
Well it's good to know that I'm not alone :)
I'm taking a look through sourceforge now to see what I can dig up but
if it comes down to it I might just end up playing around with Cygwin.
Thanks again for the reply.
-Original Message-
From: Serassio Guido [mailto:[EMAIL PROTECTED]
Sent:
Hi Michael,
At 20.29 10/02/2005, Michael Wassell wrote:
Hi All;
I'm curious to know if anyone might be using SquidNT that has managed to
find a log file analysis tool that will allow reporting on URL's
visited?
Webalizer is one, you can find a link to the native Windows port on the
SquidNT web pag
I have a problem that I cant seem to figure out, hopefully somone can help.
I have a single proxy server which does not cache and all users are forced to
go through for internet access. A few users have to download msword, excel and
other random files from several remote webservers (different netw
Hi All;
I'm curious to know if anyone might be using SquidNT that has managed to
find a log file analysis tool that will allow reporting on URL's
visited?
Similar to SRG or SARG listed on http://www.squid-cache.org/Scripts/
The problem that I'm running into is the majority of log parsing scripts
> -Original Message-
> From: Maxx Christopher Lobo [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, February 09, 2005 3:55 PM
> To: squid-users@squid-cache.org
> Subject: RE: [squid-users] Port based ACLs for Squid setup with upstream
> proxying to Surfingate's Finjan-
>
>
> Chris:
>
> Thank
On Thu, 10 Feb 2005, Martin Joseph wrote:
How do you setup squid to start at boot?
This depends on what OS you are using. Generally you need to use a init
script and instruct your OS to run this at boot.
A init script for most systems using /etc/init.d or similar structure is
available in the co
On Thu, 10 Feb 2005, Michael Pophal wrote:
I miss the ICAP-patch in your software.
The existing ICAP patch is not considered production quality.
Regards
Henrik
On Thu, 10 Feb 2005, cipher wrote:
One more time thank you for your time and patience.
I will try "half_closed_clients off" and then if it
solves th problem i will patch squid.
It is strange... because squid makes a connection to
msn server and the state SYN SENT doesn't step forward,
i.e. i never
On Thu, 10 Feb 2005, Tobias Reckhard wrote:
Client -- HTTP --> Squid 3 ---> HTTPS with client certificate ---> HTTP proxy
> HTTPS ---> HTTPS Server
i.e. a client talks HTTP to Squid, it encrypts the communication using SSL,
authenticates to the remote HTTPS server using a client certificate
On Feb 10, 2005, at 10:33 AM, Chris Robertson wrote:
http://www.squid-cache.org/Doc/FAQ/FAQ-3.html#ss3.6,
Thanks for the warnings, the info and the link. I am on OSX 10.3.8 (as
of today), so I will investigate the FAQ (duh).
Sorry to any I put out through my ignorance and breach of etiquette..
> -Original Message-
> From: Martin Joseph [mailto:[EMAIL PROTECTED]
> Sent: Thursday, February 10, 2005 8:57 AM
> Cc: squid-users@squid-cache.org
> Subject: Re: [squid-users] squid doesn't start
>
>
> As a total newb I am piggybacking on this thread, because I am
> embarrassed to start
As a total newb I am piggybacking on this thread, because I am
embarrassed to start a new thread for this silly question...
How do you setup squid to start at boot? I have been starting it
manually after every reboot, which thankfully is only twice so far.
Not very wise though...
Marty
Cópia [EMAIL PROTECTED]:
>
> Try with these
>
> 1) in the squid.conf :
>
> acl SSL_ports port 443 563 1863
> http_access deny !Safe_ports
>
> It is important to permit port 1863.
>
> 2) Sometimes Microsoft block this port, and
> because that, only people w> ho
> connect directly or through na
Hi,
Il 16.42 10/02/2005 Michael Wassell ha scritto:
Hi All;
I'm going to try to make this short and sweet...
I'm very new to Squid and I'm in the process of trying to configure
SquidNT with NTLM authentication. I've found multiple sources of
information by googling and it would seem that to config
Cópia Elsen Marc <[EMAIL PROTECTED]>:
>
>
> > No... not when the service was down... now i
> wonder why
> > it came up and suddenly i can access msn
> without proxy,
> > and can't with proxy :)
> >
> - Check squid's access.log, if it still
> doesn't work.
> - You may need :
>
> >
http://
Try with these
1) in the squid.conf :
acl SSL_ports port 443 563 1863
http_access deny !Safe_ports
It is important to permit port 1863.
2) Sometimes Microsoft block this port, and because that, only people who
connect directly or through nat to internet can login (because in this wat
msn u
Try with these
1) in the squid.conf :
acl SSL_ports port 443 563 1863
http_access deny !Safe_ports
It is important to permit port 1863.
2) Sometimes Microsoft block this port, and because that, only people who
connect directly or through nat to internet can login (because in this wat
msn u
Hi All;
I'm going to try to make this short and sweet...
I'm very new to Squid and I'm in the process of trying to configure
SquidNT with NTLM authentication. I've found multiple sources of
information by googling and it would seem that to configure NTLM
authentication for Squid I'm going to h
Cópia Elsen Marc <[EMAIL PROTECTED]>:
>
>
> > No... not when the service was down... now i
> wonder why
> > it came up and suddenly i can access msn
> without proxy,
> > and can't with proxy :)
> >
> - Check squid's access.log, if it still
> doesn't work.
> - You may need :
>
> >
http://
> No... not when the service was down... now i wonder why
> it came up and suddenly i can access msn without proxy,
> and can't with proxy :)
>
- Check squid's access.log, if it still doesn't work.
- You may need :
http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-half_
Hi squidrunner team,
... nice idea!
I miss the ICAP-patch in your software.
Regards Michael
On Wed, 2005-02-09 at 05:43, squidrunner developer wrote:
> Dear All,
>
> Warm wishes to all.
>
> We are working on a script to make squid build,
> configuration and
> installation automation, based
Cópia Elsen Marc <[EMAIL PROTECTED]>:
>
>
> >
> > That's is correct. The service went down.
> Strange is
> > that if i try to access msn without passing
> through
> > squid, i actually do have a successful
> connection...
> >
> > What else can we say about this?
> >
>
>Also, when the ser
>
> That's is correct. The service went down. Strange is
> that if i try to access msn without passing through
> squid, i actually do have a successful connection...
>
> What else can we say about this?
>
Also, when the service was down ?
'(Ah, now come conflicting thoughts, I know
Cópia Elsen Marc <[EMAIL PROTECTED]>:
>
> >...
> >...
> > > > connection errors. During a whole day
> nobody
> > > could get
> > > > connected to msn. My best guess is that
> the
> > > service
> > > > went down for some kind of
> modification... or
> > > maybe it
> > > > is just coincidence...
>
>...
>...
> > > connection errors. During a whole day nobody
> > could get
> > > connected to msn. My best guess is that the
> > service
> > > went down for some kind of modification... or
> > maybe it
> > > is just coincidence...
Reports recently received on the list seem to indicate that MSN
Hi Elsen,
Sorry,
squid-2-5 stable7, Linux, slackware 10, x86
Didn't give you that information at first because i
don't think this might be a platform specific issue,
since it was all working fine... but now that you
asked for those... you never now :)
Thanks for your time Elsen
*cipher*
C
Hi Elsen,
Sorry,
squid-2-5 stable7, Linux, slackware 10, x86
Didn't give you that information AT the first because i
don't think it might be a platform specific issue,
since it was all working fine... but that that you
asked for those... you never now :)
Thanks for your time Elsen
*cipher*
Hi
Can Squid 3 (PRE3-20050209) be made to do the following:
Client -- HTTP --> Squid 3 ---> HTTPS with client certificate ---> HTTP
proxy > HTTPS ---> HTTPS Server
i.e. a client talks HTTP to Squid, it encrypts the communication using
SSL, authenticates to the remote HTTPS server using a cli
On Thu, 10 Feb 2005, squidrunner team wrote:
http://www.geocities.com/squidrunner_dev/squidrunnerv12.txt
Have your view and share your feedbacks/views on this.
Some comments:
use wget -N to retreive files.
patches MUST be applied in reverse order listed, not alphabetically. This
list is easily bui
> What I would like to know/do:
> -
> Is it possible to use the cache_peer directive to pass all port 80/443
> traffic to FinJAN, and process all other 'Safe_Ports' traffic locally
> through Squid?
Not tested:
cache_peer peer1.domain parent [options]
acl http-proto pr
> Hi all
>
> I would like to know if anyone is experiencing the same
> thing i am, with msn messenger.
> Since i set up squid, i have had no problems acessing
> msn messenger through it. Just two days ago, it stopped
> working.
> The only thing i have to remark is that before that
> everybody
Hi all
I would like to know if anyone is experiencing the same
thing i am, with msn messenger.
Since i set up squid, i have had no problems acessing
msn messenger through it. Just two days ago, it stopped
working.
The only thing i have to remark is that before that
everybody i know went down for
* Henrik Nordstrom <[EMAIL PROTECTED]>:
> Well, I can't speed for Debian but it is not a security issue, and Squid
> still performs the way it should
Indeed.
> just wasting a bit of elictricity in
> making the CPU run around in circles while there is nothing to do
Hey, it spoils my setiathom
On Thu, 10 Feb 2005, Joost de Heer wrote:
FAQ only explains -how- to increase the limit, not what the impact is. Or
perhaps I've missed a section
The impacts:
*) Having to few will deny clients from using the proxy when under load
*) Having way too many will waste CPU time, possibly making the
On Thu, 10 Feb 2005, johon Doe wrote:
I have upgraded debian sarge and after that squid
doesn't start.
First the basic diagnostics:
0) Are you sure Squid isn't running?
1) Any warnings/errors from "squid -k parse"?
2) Any errors/warnings in cache.log when you attempt to start Squid?
3) Any errors o
>...
>
> FAQ only explains -how- to increase the limit, not what the
> impact is. Or
> perhaps I've missed a section
Remarkable : the FAQ answers a possible 'need/situation' when using
squid.
I.e. cache.log reporting , 'running out of file descriptors'.
>
> The need is dependant on how
On Thu, 10 Feb 2005, Ralf Hildebrandt wrote:
* Elsen Marc <[EMAIL PROTECTED]>:
I will file a Debian Bug report right away.
Ok, don't know so much about Debian, but this was/is a native
squid issue.
Indeed, but the Debian maintainer should be made aware of that and include
the patch into his pack
> Hi,
> I have upgraded debian sarge and after that squid
> doesn't start. I have recompiled and reinstalled squid
> and I also reinstalled with the debian packages, but
> the problem still remain.
>...
What's in cache.log ?
M.
On Thu, 10 Feb 2005, Ralf Hildebrandt wrote:
* Henrik Nordstrom <[EMAIL PROTECTED]>:
On Thu, 10 Feb 2005, Ralf Hildebrandt wrote:
2005/02/10 10:09:48| ctx: enter level 0:
'http://de.sitestat.com/qvc/qvc/s?tvprogramm.kalender&ns__t=1108026476843'
2005/02/10 10:09:48| WARNING: found whitespace in HT
hello developers,
It is pleasure to meet you all in this list.
Currently working on a script to make build and
configuration automation of squid called squidrunner.
Recently inclusion of configuration options are made
and new version is available as,
http://www.geocities.com/squidrunner_dev/squi
>> I however just cannot wrap my head around the
>> SQUID HOWTO that deals with this type of control.
> Check, the squid FAQ on access controls.
Don't blindly refer to the FAQ, but read first
>Limit certain users or groups of users to accessing only certain sites that
>are preapproved by m
>> I want to know, it's need to change file descriptors up to 8192 ?
>> What effect to my system if I up to 8192 ? i'm use linux.
>> Thanks,
> Check the SQUID FAQ on this issue.
FAQ only explains -how- to increase the limit, not what the impact is. Or
perhaps I've missed a section
The need
Hi,
I have upgraded debian sarge and after that squid
doesn't start. I have recompiled and reinstalled squid
and I also reinstalled with the debian packages, but
the problem still remain.
Look the strace log:
linux-ambiente:~/squid-2.5.STABLE7# strace squid
execve("/usr/sbin/squid", ["squid"], [/*
* Elsen Marc <[EMAIL PROTECTED]>:
>
> >I will file a Debian Bug report right away.
>
> Ok, don't know so much about Debian, but this was/is a native
> squid issue.
Indeed, but the Debian maintainer should be made aware of that and include
the patch into his package.
--
Ralf Hildebrandt (i.A
>...
>...
>I applied the patch, the 100% CPU condition is gone.
>Thanks a bunch!
>I will file a Debian Bug report right away.
Ok, don't know so much about Debian, but this was/is a native
squid issue.
Anyway,
Regards,
Marc.
* Ralf Hildebrandt <[EMAIL PROTECTED]>:
> * Elsen Marc <[EMAIL PROTECTED]>:
>
> > You may need this patch :
> >
> >
> > http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-half_closed_POST
> >
> > OR , you could have a go with the 2.5.STABLE8-RC4 on this box (too), if
> >
* Elsen Marc <[EMAIL PROTECTED]>:
> You may need this patch :
>
>
> http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-half_closed_POST
>
> OR , you could have a go with the 2.5.STABLE8-RC4 on this box (too), if you
> so
> desire.
I'm trying this patch now. Debian come
* Henrik Nordstrom <[EMAIL PROTECTED]>:
> On Thu, 10 Feb 2005, Ralf Hildebrandt wrote:
>
> >2005/02/10 10:09:48| ctx: enter level 0:
> >'http://de.sitestat.com/qvc/qvc/s?tvprogramm.kalender&ns__t=1108026476843'
> >2005/02/10 10:09:48| WARNING: found whitespace in HTTP header name {Cache
> >Cont
>
> # squid -v
>
> Squid Cache: Version 2.5.STABLE7
> configure options: --prefix=/usr --exec_prefix=/usr
> --bindir=/usr/sbin
> --sbindir=/usr/sbin --libexecdir=/usr/lib/squid
> --sysconfdir=/etc/squid
> --localstatedir=/var/spool/squid --datadir=/usr/share/squid
> --enable-async-io --with
On Thu, 10 Feb 2005, Ralf Hildebrandt wrote:
2005/02/10 10:09:48| ctx: enter level 0:
'http://de.sitestat.com/qvc/qvc/s?tvprogramm.kalender&ns__t=1108026476843'
2005/02/10 10:09:48| WARNING: found whitespace in HTTP header name {Cache
Control: no-cache}
2005/02/10 10:09:48| ctx: exit level 0
Th
* Elsen Marc <[EMAIL PROTECTED]>:
> Which version of SQUID is running on the trouble some box ?
> % squid -v
# squid -v
Squid Cache: Version 2.5.STABLE7
configure options: --prefix=/usr --exec_prefix=/usr --bindir=/usr/sbin
--sbindir=/usr/sbin --libexecdir=/usr/lib/squid --sysconfdir=/etc/sq
* Elsen Marc <[EMAIL PROTECTED]>:
> Os/platform/version ?
$ uname -a
Linux spiderboy 2.6.10 #1 SMP Mon Jan 3 16:22:38 CET 2005 i686 GNU/Linux
Debian/testing
> Squid version(s)?
squid2.5.7-8
--
_
Charité - Uni
[EMAIL PROTECTED]>:
>
> > We have two identical boxes, on one of them squid suddenly
> started eating
> > 100% CPU, while the other box is fine.
>
> squid2.5.7-8
> from Debian/testing
>
Which version of SQUID is running on the trouble some box ?
% squid -v
(thx a l
* Ralf Hildebrandt <[EMAIL PROTECTED]>:
> We have two identical boxes, on one of them squid suddenly started eating
> 100% CPU, while the other box is fine.
squid2.5.7-8
from Debian/testing
The cache.log suddenly spits out:
2005/02/10 10:09:48| ctx: enter level 0:
'http://
>
> We have two identical boxes, on one of them squid suddenly
> started eating
> 100% CPU, while the other box is fine.
>
> I tried restarting squid, cleaning/recreating the
> cache_directory, all to no
> avail: upon restart, squid climbs up to 100% again.
> The box isn't swamped by clients
Version of squid?
Mit freundlichem Gruß/Yours sincerely
Werner Rost
GMT-FIR - Netzwerk
ZF Boge Elastmetall GmbH
Friesdorfer Str. 175, 53175 Bonn, Deutschland/Germany
Telefon/Phone +49 228 3825 - 420
Telefax/Fax +49 228 3825 - 398
[EMAIL PROTECTED]
>-Ursprüngliche Nachricht-
>Von: Ralf
We have two identical boxes, on one of them squid suddenly started eating
100% CPU, while the other box is fine.
I tried restarting squid, cleaning/recreating the cache_directory, all to no
avail: upon restart, squid climbs up to 100% again.
The box isn't swamped by clients' request.
How can I de
On Thu, 10 Feb 2005, Oliver Hookins wrote:
1108019834.574 45 192.168.0.153 TCP_REFRESH_HIT/200 2524 GET
http://secure-uk.imrworldwide.com/v5.js epa\scottb NONE/- text/html
1108019834.684109 192.168.0.153 TCP_MISS/503 1353 GET
http://secure-uk.imrworldwide.com/cgi-bin/m? epa\scottb NONE/-
71 matches
Mail list logo