On Tue, 19 Apr 2005, Brett Glass wrote:
At 05:02 PM 4/19/2005, Henrik Nordstrom wrote:
check your range_offset_limit setting. Should be in the default 0 KB setting to prevent this from happening.
It is at the default setting on all of the machines in question. The
malfunction occurs despite this.
On Wed, 20 Apr 2005, Wennie V. Lagmay wrote:
Thank you Henrik and Dev, I was able to configure it.
acl all src 0.0.0.0/0.0.0.0
acl ipaddr1 src 192.168.10.0/255.255.255.0
acl ipaddr2 src 192.168.11.0/255.255.255.0
These can be joined into a single acl, simplifying things somewhat.
acl clients
--- Robert Vangel [EMAIL PROTECTED] wrote:
Nirina Michel wrote:
# Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access allow lan
#http_access allow unrestricted
#http_access deny !Authenticated
Hmm.. this allows your users access
On Wed, 20 Apr 2005, Ronald Warner wrote:
where will in the squid.conf will i put down that i prefer the native
log file format? thanks.
The default is the native log format, but you can switch to NCSA style log
format with emulate_httpd_log.
Both of these logs the authenticated userid.
If you
On Wed, 20 Apr 2005, Sergey Chistyakov wrote:
I am trying to configure my cache for next thing:
All downloads from nets of our city are unlimited.
All another downloads mast be limited by delay pool.
As i read many tims - it is must work.
Where is mistake?
Your configuration looks syntactically
On Wed, 20 Apr 2005, Nirina Michel wrote:
Thanks, the dialog box now appears but the user I set
in acl unrestricted can't be autheticated. In the
logs I can see : winbind client not authorized to use
winbindd_pam_auth_crap. Ensure permissions on
/var/run/samba/winbindd_privileged are set
That's what I'm thinking also, but we have nearly 300 acls and a
similar number of http_access rules.
Our setup is like this. We have a machine proxy.company.com that runs
both a proxy and a web server. We monitor the web server by grabbing a
file every minute. We monitor the proxy by grabbing
On Wed, 20 Apr 2005, Thien Vu wrote:
That's what I'm thinking also, but we have nearly 300 acls and a
similar number of http_access rules.
Ok.
What kinds of acls are these?
Our setup is like this. We have a machine proxy.company.com that runs
both a proxy and a web server. We monitor the web
HN Squid needs to do a DNS lookup to get the destination IP address from the
HN host name in the request.
I add this line befor all http_access:
http_access deny city_nets !all
it is not help with pools,
any way pool not working =(
All requests hits the pool...
--
Best regards,
Sergey
On Wed, 20 Apr 2005, Sergey Chistyakov wrote:
http_access deny city_nets !all
it is not help with pools,
any way pool not working =(
All requests hits the pool...
What does all your delay_access rules look like?
Any output of squid -k parse?
Regards
Henrik
- Original Message -
From: Henrik Nordstrom [EMAIL PROTECTED]
To: Wennie V. Lagmay [EMAIL PROTECTED]
Cc: squid-users @ squid-cache.org squid-users@squid-cache.org
Sent: Wednesday, April 20, 2005 9:25 AM
Subject: Re: [squid-users] Delay Pool
On Wed, 20 Apr 2005, Wennie V. Lagmay
On Tuesday 19 April 2005 20:36, Brett Glass wrote:
It can be cached. But Squid malfunctions with it in major ways, especially
due to
very serious blunders (I don't know else to put it; that's what they are) in
its
handling of partial content. Having a Squid cache with Windows clients
Hello Henrik,
Wednesday, April 20, 2005, 3:17:52 PM, you wrote:
HN On Wed, 20 Apr 2005, Sergey Chistyakov wrote:
http_access deny city_nets !all
it is not help with pools,
any way pool not working =(
All requests hits the pool...
HN What does all your delay_access rules look like?
HN Any
--- Henrik Nordstrom [EMAIL PROTECTED] wrote:
I think you are asking if there is means to stop
people from running
child proxies inside your network.
yes this is what i want
Not easily. Some of these make a pretty good job of
not revealing
themselves in the requests. However if the
On 4/20/05, Henrik Nordstrom [EMAIL PROTECTED] wrote:
On Wed, 20 Apr 2005, Thien Vu wrote:
That's what I'm thinking also, but we have nearly 300 acls and a
similar number of http_access rules.
Ok.
What kinds of acls are these?
A portion are external_acl_type for ldap lookups
SC sorry - my type error requests NO hits the pool
SC i use cachemgr.cgi for looking how is using the pool
i trying different delay_access, and result is:
if i try
delay_access allow localnet1 city_nets
delay_access deny all
no any requests hits in this delay
(but if i understand such access
hi all.
i have configured delay pools and its working well.
delay_pools 1
delay_class 1 2
delay_parameters 1 -1/-1 1000/1000
delay_access 1 allow all
delay_initial_bucket_level 50
but it limits users to 1000 B/s even if there is only one user using the
internet all the remaining bandwidth is
Hi,
maybe you should use the new calamaris version. It tells you some
perfomance values like 'Proxy efficiency' and 'speed increase'. You also
get infomation about your refresh_pattern in the 'Requested extensions'
report. Here you will see how many of the cached objects are stale or
fresh.
The
Hi,
if you use calamaris V3 you can modify the tables. Tt is easy to switch
off redundant columns.
Regards Michael
On Tue, 2005-04-19 at 05:08, Merton Campbell Crockett wrote:
On Mon, 18 Apr 2005, Bob Morrison wrote:
Hello
I need a very easy way to log what user accesses what URL
Hi List,
Is there an easy way to disable this? I have changed my error page
templates to be as stealth as possible, allthough I am still getting the
squid signature at the bottom of these pages.
Some define in errorpage.cc??
TIA,
Andrew
Hello!
Why is LRU still the default replacement policy; others seem to perform much
better in terms of hit ratios.
http://www.hpl.hp.com/techreports/1999/HPL-1999-69.html even suggests lower
cpu utilization:
The results indicate that the heap-based implementation of the GDSF and
LFUDA policies
On Wed, 20 Apr 2005, Henrik Nordstrom wrote:
On Tue, 19 Apr 2005, Damien Nguyen wrote:
I can see name resolution activities from Windows 2000 and XP PCs but not
from NT4 workstations.
Like I mentioned in my previous post, if I specify the automatic
configuration script (the URL to
azeem ahmad wrote:
i have configured delay pools and its working well.
delay_parameters 1 -1/-1 1000/1000
delay_access 1 allow all
but it limits users to 1000 B/s even if there is only one user using the
internet all the remaining bandwidth is wasted. how can i make it to give
the user
Wennie V. Lagmay wrote:
For example I have 16000 bytes of bandwidth connection to the internet and
10/100 Mbps connection to LAN. Also let us say I have 17 workstations each
one is given 1000 bytes strick bandwidth using delay_pools.
How can I implement such rule that every workstion has a
I wonder if someone can maybe help with this. I would like to setup my
squid proxy to block any boxes that do not have adns entry. So in other
words I want to ensure that the box is properly registered in teh dns
before they are allowed squid access. Can this be done and does someone
mybe
I have a problem with https (http redirect to https web site), the error
message is:
The requested URL could not be retrieved
While trying to retrieve the URL: http:443
The following error was encountered:
Unable to determine IP address from host name for http
The dnsserver returned:
From: Adam Aube [EMAIL PROTECTED]
To: squid-users@squid-cache.org
Subject: [squid-users] Re: delay pools
Date: Wed, 20 Apr 2005 09:01:31 -0400
azeem ahmad wrote:
i have configured delay pools and its working well.
delay_parameters 1 -1/-1 1000/1000
delay_access 1 allow all
but it limits users
On Wed, 20 Apr 2005, Thien Vu wrote:
A portion are external_acl_type for ldap lookups for user groups.
Ok.
The
ldap queries themselves are fairly quick, around 200 milliseconds for
the initial lookup but then it should hit the authentication cache
from then on.
Correct. Provided all the active
Is there a suggested NUMTHREADS ?
My clients are getting the Squid error page during the day, so I added
NUMTHREADS=1024, and recompiled.
But now my server is going unresponsive after about 24 hours.
I have to reboot RedHat since the process goes DEFUNCT and I can not kill it.
I have a dual
On Wed, 20 Apr 2005, Merton Campbell Crockett wrote:
5.4.5 DNS TXT service: Entries
- URL as specified by the DNS TXT service: record
I missed this method. Is the following, the correct TXT entry?
IN TXT service: wpad:http://...;
I think so. Never used it myself.
The full text reads:
5.4.5 DNS
On Wed, 20 Apr 2005, Lewars, Mitchell (EM, PTL) wrote:
Is there a suggested NUMTHREADS ?
My clients are getting the Squid error page during the day, so I added
What error?
There is no Squid error related to NUMTHREADS.
NUMTHREADS=1024, and recompiled.
This is way way way too many threads.
Normally
Is there a suggested NUMTHREADS ?
My clients are getting the Squid error page during the day, so I added
Which error page (exact full message) ?
M.
On Wed, 20 Apr 2005, Michael Scheibel wrote:
Why is LRU still the default replacement policy; others seem to perform much
better in terms of hit ratios.
Because LRU performs reasonable, and is very lightweight for the proxy to
maintain.
The results indicate that the heap-based implementation of
The clients are getting the standard error page telling them Squid could not
get the page, they wait and hit refresh and it works.
My old Netscape proxy required the following:
magnus.conf:
MaxProcs 384
ProcessLife 256
During our peak usage, I want to make sure that people aren't being denied
On Wed, 20 Apr 2005 [EMAIL PROTECTED] wrote:
2005/04/20 15:39:58| WARNING: suspicious CR characters in HTTP header near
{Proxy-Authenticate: Basic realm=Internet access proxy^M^M
}
I can't see any extra characters or whitespaces in the lines referring to
the realm in squid.conf and don't know
All,
I just built Squid proxy (2.5S9 + patches) on Linux 2.4.30 with ReiserFS.
Squid was unable to load immediately after system boot. Below the message I
got.
Around 10-15 seconds after boot, I can load Squid and it will run very well.
Please advise to solve such problem. Many thanks for your
On Thu, 21 Apr 2005, Awie wrote:
All,
I just built Squid proxy (2.5S9 + patches) on Linux 2.4.30 with ReiserFS.
Squid was unable to load immediately after system boot. Below the message I
got.
Around 10-15 seconds after boot, I can load Squid and it will run very well.
Please advise to solve such
Hello everyone,
I've been running squid for a while, and did a few redirection via
squidguard, and also some really simple authentication etc...
but this one I don't know how to accomplish :
I would like to redirect a certain group of ip addresses
(192.168.1.40-192.168.1.80) from 6:00 till
On 4/20/05, Henrik Nordstrom [EMAIL PROTECTED] wrote:
The rest are url_regex which involve urls or ports (for the CONNECT)
later defined in the http_access rules. So essentially we have a
population of users and we want to restrict what they can access
depending on what group they're in.
Robert Becskei wrote:
I would like to redirect a certain group of ip addresses
(192.168.1.40-192.168.1.80) from 6:00 till 18:00 to a banned.html
webpage, so they will only be able to surf the internet after
workhours 18:00 till 06:00 .
Don't bother using a redirector. Use deny_info instead.
-Original Message-
From: Ben Wylie [mailto:[EMAIL PROTECTED]
Sent: Saturday, April 16, 2005 5:41 AM
To: squid-users@squid-cache.org
Subject: [squid-users] DNS/Domain Blocklists
Thanks for all of your advice so far.
Using the latest stable SquidNT 2.5, I've been trying to set
-Original Message-
From: Ben Wylie [mailto:[EMAIL PROTECTED]
Sent: Monday, April 18, 2005 4:42 PM
To: squid-users@squid-cache.org
Subject: [squid-users] Windows Permissions through Squid
On our webserver I have some pages which I want you to have to log on, to
be
able to access
Hello,
I'm sorry if this has been asked before but I wasn't able to locate
something like it.
I have the following setup:
Router (+transparent proxy ) that does cache_peer with another proxy.
I have about 800 users behind the proxy and I have started noticing a
strange problem when most of the
-Original Message-
From: Scott Presnell [mailto:[EMAIL PROTECTED]
Sent: Monday, April 18, 2005 8:40 AM
To: squid-users
Subject: [squid-users] Help understanding calamaris/squid output
HI Folks,
I'm running Squid Cache: Version 2.5.STABLE7 under NetBSD 2.0
and I'm using
-Original Message-
From: Robert Becskei [mailto:[EMAIL PROTECTED]
Sent: Wednesday, April 20, 2005 9:19 AM
To: squid-users@squid-cache.org
Subject: [squid-users] Squid, redirect user by ip from 06 to 18:00 to
you are not allowed to surf page
Hello everyone,
I've been running
On Wed, 20 Apr 2005, Carinus Carelse wrote:
I wonder if someone can maybe help with this. I would like to setup my
squid proxy to block any boxes that do not have adns entry. So in other
words I want to ensure that the box is properly registered in teh dns
before they are allowed squid access.
On Wed, 20 Apr 2005, Sergey Chistyakov wrote:
delay_access allow localnet1 city_nets
delay_access deny all
no any requests hits in this delay
And how is city_nets defined?
Regards
Henrik
On Wed, 20 Apr 2005, sasa wrote:
I have a problem with https (http redirect to https web site), the error
message is:
The requested URL could not be retrieved
While trying to retrieve the URL: http:443
The following error was encountered:
Unable to determine IP address from host name for http
The
Hello Henrik,
Thursday, April 21, 2005, 4:13:12 AM, you wrote:
HN On Wed, 20 Apr 2005, Sergey Chistyakov wrote:
delay_access allow localnet1 city_nets
delay_access deny all
no any requests hits in this delay
HN And how is city_nets defined?
HN Regards
HN Henrik
acl city_nets dst
Please advise to solve such problem. Many thanks for your help.
2005/04/21 00:31:05| Set Current Directory to /cache/logs
FATAL: Received Segment Violation...dying.
Please get a stracktrace of the error as per the instructions in the Squid
FAQ On how to report bugs.
This applies to
azeem ahmad wrote:
Adam Aube wrote:
azeem ahmad wrote:
i have configured delay pools and its working well.
delay_parameters 1 -1/-1 1000/1000
delay_access 1 allow all
but it limits users to 1000 B/s even if there is only one user using
the internet all the remaining bandwidth is
Dear all,
How do we assign url_regex which will allow only specified sites in the
url_regex; and only to effect particular machine (IP address)
I setup as fallows but it didn't work
Acl user1 src 192.168.100.3
Acl sites url_regex .redhat.com .oracle.com .sun.com
http_access allow user1 sites
The clients are getting the standard error page telling them
Squid could not get the page, they wait and hit refresh and it works.
Please post the error message your users are seeing.
M.
My old Netscape proxy required the following:
magnus.conf:
MaxProcs 384
ProcessLife
53 matches
Mail list logo