Elsen Marc wrote:
sometime access.log show me code 502, I duno what it mean ?
http://www.squid-cache.org/Doc/FAQ/FAQ-6.html#ss6.8
M.
thanks but why i'm getting "code 520, Bad Gateway" only today even
though we didn't changed anything.
however things kinda smooth from few hours.
r
>
> sometime access.log show me code 502, I duno what it mean ?
>
http://www.squid-cache.org/Doc/FAQ/FAQ-6.html#ss6.8
M.
sometime access.log show me code 502, I duno what it mean ?
I have 3.0-PRE3 running now, but the OWA login prompt doesn't accept
my credentials. The entry in the access log is:
"GET https://testmail.ncmec.org/exchange/ HTTP/1.1" 401 405
TCP_MISS:FIRST_UP_PARENT
My connections using 2.5 always showed http rather than https, if
that's relevant.
The setup
Dear Yang,
I know the site that you sent to me, but I don't quite understand. First
because my squid comes with my FC2 distribution, I did not compile or
build it. Meaning the following steps doesn't apply to my case?
* Before configuring Squid run "/ulimit -HSn /" (where is
th
Hi,
I would like to get LDAP auth working with Squid over my EDIR Tree.
I would like to to auth based on what group the user is in and then have
an acl from there.
Can anyone point me in the right direction, maybe docs or something to
get this working, i have read on the auth_ldap_users (i think
Hi,
I'm using squid proxy.
I have not able to access my mailbox through IE 5.0 or later
It only shows "Loading" in place of mails.
It is accessible through mozilla.
But all my users are on IE.
Plz check the snapshot in the attachment.
Thanks in advance.
-Rahul
<>
Dear all,
I have a squid that always start with 1024 file descriptors. But I
intend to increase the value because my new proxy will serve around
70-80 users. My squid version is squid-2.5.STABLE5-2, kernel is
2.6.5-1.358. My squid comes with the distribution therefore I did not do
any compili
On Thu, 17 Mar 2005 03:55:43 +0100 (CET), Henrik Nordstrom
<[EMAIL PROTECTED]> wrote:
> On Wed, 16 Mar 2005, Martin Burke wrote:
>
> > If there's more to this than compiling squid-2.5.STABLE9 from
> > http://www.squid-cache.org/Versions/v2/2.5/ and applying the Reverse
> > Proxy Enhancements patch
section of squid.conf:
# For dstdomain and dstdom_regex a reverse lookup is tried if a IP
# based URL is used. The name "none" is used if the reverse lookup
# fails.
If I access some addres of interior net ,such as 192.168.1.x , squid always to
revers resolve ip addres untile timeout .
I hope s
On Wed, 16 Mar 2005, Martin Burke wrote:
If there's more to this than compiling squid-2.5.STABLE9 from
http://www.squid-cache.org/Versions/v2/2.5/ and applying the Reverse
Proxy Enhancements patch from
http://devel.squid-cache.org/old_projects.html#rproxy, I would
appreciate any guidance.
You need
On Wed, 16 Mar 2005, Martin Burke wrote:
2005/03/16 19:06:41| parseConfigFile: 'squid.conf' line 5
unrecognized: 'front-end-https=auto'
Hmm.. check your syntax. front-end-https=auto is an option to cache_peer,
but the error seems to indicate it is on a line of it's own in your
config..
Unfortuna
On Thu, 17 Mar 2005 02:31:06 +0100 (CET), Henrik Nordstrom
<[EMAIL PROTECTED]> wrote:
> On Wed, 16 Mar 2005, Martin Burke wrote:
>
> > I'm trying to compile a version of squid with the front-end-https
> > option in order to reverse-proxy for our Exchange 2003 OWA server.
> > The squid server is a
Thanks,
I was doing something wrong as I was also dividing traffic by using an
htb script and thus didn't notice that delay pools hadn't been applied
to the http hits.
Sorry.
Henrik Nordstrom wrote:
On Wed, 16 Mar 2005, Elsen Marc wrote:
But if the downloaded file is already in squid's cache the
On Thu, 17 Mar 2005 02:31:06 +0100 (CET), Henrik Nordstrom
<[EMAIL PROTECTED]> wrote:
> On Wed, 16 Mar 2005, Martin Burke wrote:
>
> > I'm trying to compile a version of squid with the front-end-https
> > option in order to reverse-proxy for our Exchange 2003 OWA server.
> > The squid server is a
On Wed, 16 Mar 2005, Elsen Marc wrote:
But if the downloaded file is already in squid's cache then I'd like it
to avoid that delay_pool somehow and go full speed.
I think, that's default behavior.
It is.
delay_pools by design only applies to data fetched from the "Internet" by
Squid.
Regards
He
On Wed, 16 Mar 2005, Brad wrote:
I am using 2.5.stable8, and basic auth. Recently I've noticed that when I do
a /usr/local/squid/sbin/squid -k reconfigure, my auth program quits, I can
tell by doing a ps aux |grep squid, and squid is still running.
Whenever you do "-k reconfigure" or "-k rotate
On Wed, 16 Mar 2005 [EMAIL PROTECTED] wrote:
Okay, so it seems I'm using the wrong ACL type, but which one would be
right?
Which kind of acl to use depends on what data you have.
In most whitelist situations you need to use both dstdomain and dst acls
for different portions of the whitelist.
IOW,
On Wed, 16 Mar 2005, [ISO-8859-1] "José J. Cintrón" wrote:
never_direct allow all
I tried this and effectively stopped all connectivity to any sites.
Are you sure?
All this does is that it forces Squid to always use your parent, never
attempt to go directly to the origin server.
If this stops c
On Wed, 16 Mar 2005, Martin Burke wrote:
I'm trying to compile a version of squid with the front-end-https
option in order to reverse-proxy for our Exchange 2003 OWA server.
The squid server is a Gentoo Linux box, so the newest package
available through emerge is 2.5.9-r1 which doesn't recognize
fr
I'm trying to compile a version of squid with the front-end-https
option in order to reverse-proxy for our Exchange 2003 OWA server.
The squid server is a Gentoo Linux box, so the newest package
available through emerge is 2.5.9-r1 which doesn't recognize
front-end-https.
After compiling squid-3.
Hello,
I am trying to block/allow sites based on machine hostnames within my
network; I have an inhouse DNS server that manages hostnames to IPs.
When I look at the squid logs, it appears to only show IP address. Is
there a way to set up a client hostname ACL based on local machines on
my netwo
Attached is my squid.conf to see if there is anything wrong with it...
You also need
never_direct allow all
I tried this and effectively stopped all connectivity to any sites.
as per the Squid FAQ on how to use Squid within a firewall.
This is quite likely the source of your problems as the (unen
I am using 2.5.stable8, and basic auth. Recently I've noticed that
when I do a /usr/local/squid/sbin/squid -k reconfigure, my auth program
quits, I can tell by doing a ps aux |grep squid, and squid is still
running.
linproxy:/home/brad# /usr/local/squid/sbin/squid -k reconfigure
linproxy:/home
On Wed, 16 Mar 2005, [ISO-8859-1] "José J. Cintrón" wrote:
When I try to download a file using wget
wget ftp://ftp.site.com/file-???-x86.exe
Is there a file names exacly like this?
You may need to URL-encode the ? characters
wget ftp://ftp.site.com/file-%3f%3f%3f-x86.exe
Also, squidclient will
On Wed, 16 Mar 2005, [iso-8859-1] Luis Lourenço wrote:
The problem I now have is that I have a Redhat 8 and a Redhat 6.2 server
running with old versions of squid. When I try to upgrade these servers to
squid-2.5.STABLE3-0 with a rpm package, I get a lot of errors complaining
about the following fa
On Wed, 16 Mar 2005, zottmann wrote:
As the Bugzilla database doesn´t state the Stable version to with the patch
applies (or, at least, I didn´t find it), I would like to know if this patch
applies to the version that we are running.
Patches in bugzilla applies to the Squid sources at the time the
On Thu, 17 Mar 2005, Ytzhak Levy wrote:
How can I authorize specific users using squid_ldap_group ?
I'd make tests and notice that in prompt, squid_ldap_auth asks for a login and
a GROUP, not a login name and a PASSWORD.
What helper should I use to authorize users by the pair login password and v
On Wed, 16 Mar 2005, Pablo Arias wrote:
i cant find information about time units in the idns cachemanager stats.
if someone can tell me if those are in seconds, miliseconds,etc.
my first guess is that they are in seconds.
Correct. And with 3 decimals giving you millisecond precision.
Regards
Henrik
On Wed, 16 Mar 2005, Steve Jasper wrote:
For some reason I can't get a HTTP POST request through to a web server.
Although HTTP GET works fine.
How have you configured the Squid request forwarding to route the incoming
requests to your web server?
If using cache_peer then make sure to also use ne
On Wed, 16 Mar 2005, Allen Schmidt wrote:
it is recommended to set up http_access to only allow reuqests to your
published servers using the dstdomain acl. This will stop these
requests proper, avoiding the "failed to select source" clutter in your
cache.log.
Can anyone be more specific on how t
On Wed, 16 Mar 2005, Corey Tyndall wrote:
Is it possible to allow based on domain?
Yes, by using the appropriate acl type.
If I use Ip ranges would it be like 123.123.0.0?
A single IP is ADDR/32
192.168.1.14/32
A range is A-B/32,
192.168.1.14-192.168.1.54/32
In both of the above you can skip
Hi guys,
How can I authorize specific users using squid_ldap_group ?
I'd make tests and notice that in prompt, squid_ldap_auth asks for a login and
a GROUP, not a login name and a PASSWORD.
What helper should I use to authorize users by the pair login password and
verify if a certain user be
Hi
I have a few squid servers running in my environment, they all are
installed with different Redhat versions. I configured squid with
tcp_outgoing_address option on my Fedora Core 1 server with
squid-2.5.STABLE3-0 installed, everything worked fine. I then implemented
the same configuration on
Hi:
i cant find information about time units in the idns cachemanager stats.
im talking about:
delay since
FIRST SEND
LAST SEND
if someone can tell me if those are in seconds, miliseconds,etc.
my first guess is that they are in seconds.
thanks.
Elsen Marc wrote:
Is this possible? Squid keeps looking up the real www.example.com and
trying to connect to that. We want it to just look in it's
/etc/hosts
file and
ignore DNS completely. It should only resolve from /etc/hosts.
Squid version ?
Recent SQUID versions use /etc/hosts (too).
Hello,
When trying to use squid as a front end to our Outlook Web Access
server, in the following configuration:
Internet<--https port 443-->firewall1<--->https port 443<--->squid
box<--->https port 444<--->outlook web server
I see the following in my log (aka, from a squid -d 9):
ERROR
The re
Occasionally the cache.log will show:
2005/03/08 14:13:26| Failed to select source for
'http://st.sageanalyst.net/tag-703.js'
2005/03/08 14:13:26| always_direct = 0
2005/03/08 14:13:26|never_direct = 1
2005/03/08 14:13:26|timedout = 0
no live cache_peers where this could be forwarde
When I try to download a file using wget
wget ftp://ftp.site.com/file-???-x86.exe
I get the following error message
502 Bad Gateway
Now, if I specify a specific file
wget ftp://ftp.site.com/file-001-x86.exe
it all works great.
My configuration looks something like this
Lab Comp -> S
Hi,
I am in desperate need to solve the following problem:
I have configured Squid 2.4 as a HTTPD-ACCELERATOR for a number of web
servers.
For some reason I can't get a HTTP POST request through to a web server.
Although HTTP GET works fine.
Can someone give me any pointers as to what needs ch
I have used a converter but is there a way to have the logs show local time
instead of the utc. It would eliminate a step for me. I am new to all of
this
When i mean through the forwarder:
I will set my browser not to use a proxy and i will connect
to the internet via the forwarder ( ip_forward ). When i do
it that way things are nice and speedy for ftp access.
When i set my browser to use a proxy (squid), ftp access is
slow.
Browsing the net and
Is it possible to allow based on domain? If I use Ip ranges would it be
like 123.123.0.0?
>>> "Henrik Nordstrom" <[EMAIL PROTECTED]> 03/15/05 04:08PM >>>
On Tue, 15 Mar 2005, Corey Tyndall wrote:
> THanks for the info. I have it working now with allowing one
intranet
> sites IP address. Is i
> Hi!
>
> We are running Squid Version 2.5.STABLE7-20050124, and we
> begun experiencing
> squid crashes, apparently due to the following error, found
> in cache.log:
>
> 2005/03/16 08:36:44| WARNING: found whitespace in HTTP header
> name {Cache
> Control: no-cache}
> 2005/03/16 08:36
Hi Henrik,
I have tried with Mozilla but getting the same error.
Thanks & Regards
Prashant Kulkarni.
-Original Message-
From: Henrik Nordstrom [mailto:[EMAIL PROTECTED]
Sent: Tuesday, March 15, 2005 2:51 PM
To: Prashant Kulkarni
Cc: squid-users@squid-cache.org
Subject: Re: [squid-users
Hi Henrik,
I have tried with Mozilla but getting the same error.
Thanks & Regards
Prashant Kulkarni.
-Original Message-
From: Henrik Nordstrom [mailto:[EMAIL PROTECTED]
Sent: Tuesday, March 15, 2005 2:51 PM
To: Prashant Kulkarni
Cc: squid-users@squid-cache.org
Subject: Re: [squid-users
Hi!
We are running Squid Version 2.5.STABLE7-20050124, and we begun experiencing
squid crashes, apparently due to the following error, found in cache.log:
2005/03/16 08:36:44| WARNING: found whitespace in HTTP header name {Cache
Control: no-cache}
2005/03/16 08:36:44| ctx: exit level 0
200
As I know there is a possibility to define a homepage via proxy-pac.
proxypac is a javascript, which configures the client. It tells the
client, which proxy to use and afaik it can tell the homepage, as well.
Regards Michael
On Tue, 2005-03-15 at 04:16, Hendro Susanto wrote:
> Hi,
>
> I've tried
You have to use
--enable-removal-policies="lru heap"
when configuring squid.
Calamaris is a good tool. It gives you a lot of reports an graphical
output. It is highly configurable, but easy to use.
Look at the demo report (calamaris v3)
http://cord.de/tools/squid/calamaris/calamaris-3/
Regards Mi
Hello,
I try to use squid and squidGuard and I encounter the following problem:
my squid is a child and is told to take everything from its parent,
except for the local redirector page:
acl lokal dstdomain localhost
always_direct allow lokal
always_direct deny all
never_direct allow all
redirect_
Hi All,
I am yet to get my Squid-MRTG working as I am stuck
with snmpwalk on squid
Squid version - 2.5.Stable6
Net-SNMP Version - 5.1.2
I have set the following in squid.conf
snmp_port 3401
acl snmppublic snmp_community public
snmp_access allow snmppublic localhost
snmp_access deny all
With th
Hi Henrik,
and again thanks for your quick reply.
>> acl whitelistip dst some.ip.addresses.here
>> http_access allow whitelistip
> and the use here matches your description above.. (whitelist quick, other
> slow).
Okay, so it seems I'm using the wrong ACL type, but which one would be
right?
T
On Wed, 16 Mar 2005, davep wrote:
The next Mandrake release (10.2 due next Month) seems to stick with Squid 2.5
STABLE6. To fix this problem should I use the latest Squid version built from
source?
I am not aware of this problem in the official source distribution.
You should file a bug report wi
On Wed, 16 Mar 2005, deny1 wrote:
#Recommended minimum configuration:
acl localdomain src 192.168.0.0/255.255.255.0
acl eth0 src 192.168.0.0/255.255.255.0
These two looks redundant to me.
acl users proxy_auth REQUIRED
http_access allow eth0 users
This should be moved last in your http_access rules
On Wed, 16 Mar 2005, Reginald Dennis B. Kosca wrote:
Good day I have a Squid Proxy server connected to an ISP running and I
want
to configure another Squid proxy server connected to the first Squid Proxy
is there a guide in doing this scenario? Thank you.
Yes. See the FAQ.
Regards
Henrik
On Tue, 15 Mar 2005, Dave Mangot wrote:
Is this possible? Squid keeps looking up the real www.example.com and
trying to connect to that. We want it to just look in it's /etc/hosts file
and
ignore DNS completely. It should only resolve from /etc/hosts.
Squid by default reads /etc/hosts on startu
Yesterday I upgraded a proxy server from Mandrake 10.0 to Mandrake 10.1,
which upgraded Squid from 2.5 STABLE4 to 2.5 STABLE6 (with later
security patches folded in by Mandrake). Now I'm seeing errors such as
this every few hours:
2005/03/16 09:22:09| ctx: enter level 0:
'http://www.tescohs.c
Try something like this:
acl myclients src 10.1.3.0/255.255.255.0
acl myclients src 10.19.220.0/255.255.255.0
http_access deny !myclients
"myclients" are the allowed clients which may use the proxy.
Use these acl's in front of all other acl's.
Mit freundlichem Gruß/Yours sincerely
Werner Rost
> -Original Message-
> From: deny1 [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, March 16, 2005 3:56 PM
> Subject: [squid-users] securise squid
>
> a nessus scan give this about my squid :
> Warning found on port squid-http (3128/tcp)
>The misconfigured proxy accepts requests coming
>
good morning
a nessus scan give this about my squid :
Warning found on port squid-http (3128/tcp)
The misconfigured proxy accepts requests coming
from anywhere. This allows attackers to gain some anonymity when
browsing
some sensitive sites using your proxy, making the remote sites think
th
On 16.03 09:59, it clown wrote:
> I am using squid with iptables. When i connect to an ftp site through
> squid it is extremely slow but when i set iptables to forward ftp and i
> connect through the forwarder ftp access is much faster.
through the forwarder? do you mean, directly to FTP site?
>
61 matches
Mail list logo