On Thu, 26 May 2005, Abu Khaled wrote:
What happend to the Transparent Proxy term. I have been using Squid
for 3 years now and it was always called Transparent Proxy. After
subscribing to the mailling list all repiles to Transparent Proxy
are answered Intercepting Proxy. I wonder why ?!
The
On Wed, 25 May 2005, Jon Howe wrote:
Does anyone know of any good ntlm authentication tutorials?
The FAQ has a step-by-step guide on configuring Squid NTLM authentication
using winbind.
There is also several other guides out on the Internet.
Regards
Henrik
On Thu, 26 May 2005, Matus UHLAR - fantomas wrote:
However, some researches documented that reiserfs is not good FS for things
like squid cache and that ext3 is faster...
And several has the exact opposite results..
Regards
Henrik
On Wed, 25 May 2005 [EMAIL PROTECTED] wrote:
But: Is there a way to use the integrated windows authentication, so that
the user will not be asked for his password each time he tries to brows the
internet?
It should use the login password from windows automatically.
See the Squid FAQ section
On Wed, 25 May 2005, S.M.H. Hamidi wrote:
Does any one know if there is a patch similar to
BalaBit patches for transparent proxying
(http://www.balabit.com/downloads/tproxy/) to Freebsd
kernel?
Probably somewhere. Dunno if available publically however..
Another question: Is it necessary
On Thu, 26 May 2005, squid squid wrote:
1. whether the duration field in navtive log has the same meaning as
response time in Custom LogFormat???
Yes.
The response time / duration in Squid logs is from the time the request
was received by Squid (full headers seen) until the last byte of
On Thu, 26 May 2005, Konstantin Polihronov wrote:
In the A-office I'm using child-proxy which redirects requests to the
parent1, and I want to make failover in case when internet line for parent1
is down to redirect requests to parent2 in branch2.
If you use ICP then this should be automatic
On Thu, 26 May 2005, squidrunner support wrote:
If you use dstdom* acl, then squid will reverse lookup
on that domain. You can use url_regex acl itself as,
2.5.STABLE10 and later allows matching of IP based hosts in dstdomain and
dstdom_regex.
Regards
Henrik
On Thu, 26 May 2005 [EMAIL PROTECTED] wrote:
The problem is that it works when i am testing it with squidclient,
but not in production.
What does access.log say?
Regards
Henrik
On Thu, 26 May 2005, Matus UHLAR - fantomas wrote:
# usage: refresh_pattern [-i] regex min percent max [options]
[...]
# 'Percent' is a percentage of the objects age (time since last
# modification age) an object without explicit expiry time
# will be considered fresh.
On Thu, 26 May 2005, Matus UHLAR - fantomas wrote:
quick guide or FAQ about transparent (we call it intercapting) proxy with
authentication? There is one:
http://www.squid-cache.org/Doc/FAQ/FAQ-17.html#ss17.16
Probably ntlm or other authorization that doesn't require client to send
On Thu, 26 May 2005, galle wrote:
Which version of Squid?
sorry squid 2.5 stable 3
Both urlpath_regex and dstdom_regex should be able to match these in the
current versions of Squid.
i have try them and they dont work.
Your Squid is not a current version and is well knon to have the
On Thu, 26 May 2005, Charl Papenfus wrote:
With auth enabled we do get auth failed messages on the programmer's side.
Any way to test if packets are really coming back? Apart from running a
traffic monitor, of course.
You can assume there is a responso of some kind sent to the requestor, but
On Fri, 27 May 2005, kodel wrote:
This said I published a patch today to work around this quite common cases
in an reasonable manner, hopefully without opening up for cache pollution
attacks on the proxy.
Thanks again for your help
But where I can find those patch you mention here..?
Please forgive me if this question has been asked/reported before, I
couldn't find anything on the list or faq that suggest a solution.
I have just been asked by the our designer of a strange problem he
observed. While he was working on some new template on 2 of our
testing site, he notices that
On Fri, 27 May 2005, Joshua Goodall wrote:
I've observed three bugs in IE6's digest proxy authentication implemention.
Is anyone able to confirm that it's Not Just Me, and whether any good
workarounds are already out there?
IS6 is well known for being broken in it's authentication support in
On Thu, 26 May 2005, Dan DeLong wrote:
Hello, I am running 2.5.STABLE4 as a reverse proxy. I would like to know
how to use SSL Chain certs. I currently am using SSL certs from Thawte and
can use them with the following line in my conf file
https_port 10.10.1.1:443 cert =/certfile
On Thu, 26 May 2005, Ilker GOKHAN wrote:
As far as I remember there was a benchmarking test which was done by Duane.
According to this report, ext2 with async (aufs) is one the best choice.
Sounds reasonable. ext2 is a farily light filesystem unless you need
syncronous operations (which
Okay, thanks Henrik,
I have modded my helpers to unencode this.
Cheers once again for your always extremely helpful replies
Scott
On 27/05/2005, at 2:48 PM, Henrik Nordstrom wrote:
On Wed, 25 May 2005, Scott Horsley wrote:
scott abc#123
would produce
scott abc%23123
Correct.
On Thu, 26 May 2005, Sunil S wrote:
Helo Selvam,
1. I use auth param as below:
auth_param basic program /d2/sw/squid-3.0/libexec/squid_ldap_auth -u CN
-b CN=Users,DC=my,DC=company,DC=co,DC=in -h server_ip
Looks reasonable if you have a flat tree of users (all in the Users
container) and
PF wrote:
Do you know where the blacklist's, the logs directory and squidGuard.conf
is located? All the directories need to be owned by squid
So just chown -R squid:squid directory
[EMAIL PROTECTED] ~]# ls -l /etc/squid/squidguard.conf
-rw-r--r-- 1 root root 2569 23 mag 15:24
On Thu, 26 May 2005, Matus UHLAR - fantomas wrote:
However, some researches documented that reiserfs is not good FS for things
like squid cache and that ext3 is faster...
On 27.05 07:51, Henrik Nordstrom wrote:
And several has the exact opposite results..
Of course, for example there are
Hi,
I am again fighting with caching my dynamic content via web proxy.
I noticed a *strange* behaivor.
I started now debuging my http request headers and saw that (on using Squid)
I allways got no If-None-Match header. My application sets ETag inside of the
response header, so I am wondering,
On Fri, 27 May 2005, sasa wrote:
.. but now the problem is then also squid (whitout redirect to squidguard) not
start
What error(s) do you see?
/usr/local/squid/sbin/squid -DNYCd3
Regards
Henrik
The problem is that it works when i am testing it
with squidclient,
but not in production.
Please elaborate with sample logs? It will work. How
it is differing from testing and production?
==
Best Regards,
Squid Runner Support
squidrunner_dev
Hello, I've configured my squid to authenticate with ldap, but when
browser prompt the user and password window i write it and get no
answer, the squid access.log file shows it: 1116840548.325 6 10.0.20.113
TCP_DENIED/407 1706 GET http://www.google.es/ pprueba3 NONE/- text/html
and when I
If-Modified-Since is also missing
note, the requests are against a Servlet that generates dynamic content.
But when I request static content (that is stored in a folder of my web app)
If-Modified-Since request header was sent?
I used a ServletFilter to *debug* that, so I saw that the
.. but now the problem is then also squid (whitout redirect to squidguard)
not start !!??? :-(((
.. in the my previous mail I have writed the actual situation of
permission !!
Hello,
Nothing much would be known if you send a mail that squid is not starting.
Reply back with the error that
squidrunner support wrote:
You are changed squid.conf to root but changed
permission of binary to another squid:squid??
..now I have:
[EMAIL PROTECTED] ~]# ls -l /etc/squid/
totale 604
-rw-r- 1 root squid367 16 mag 21:59 cachemgr.conf
lrwxrwxrwx 1 root root 22 20 mag 17:40
Hi
Your ldap authentication statement is incomplete.
Please have a look at the examples and before you put
them into squid.conf, please make sure they are fine
by running them from a shell prompt as how you did and
you must get OK instead of ERR.
From your statement it#8217;s missing the -h option
Hi list,
so, I managed to get transparent proxying (transparent or vhost) working,
but the parent squid logs the IP of the intermediate proxy, not the client.
Can Squid3 spoof the IP when it connects to the parent cache? This would
work in practice, because the network is laid out for such,
#/usr/sbin/squid -DNYCd3
Abortito
To help you out on this, just start your squid binary
as,
./squid -NCd10
What you are getting out there.
1. You have configured cache_effective_user and
cache_effective_group as squid
2. Change all permissions under var/log directory
squid to squid:squid
I get this now when I write:
[EMAIL PROTECTED] ~]# /usr/lib/squid/squid_ldap_auth -R -b
dc=prueba,dc=com -D cn=root,ou=People,dc=prueba,dc=com -w hello -f
sAMAccountName=%s -h 10.0.21.100
ERR
--
Angel Prieto
[EMAIL PROTECTED]
SINERGIA TECNOLÓGICA
C/ Almirante Churruca
30007 Murcia
TEL.
On Fri, 27 May 2005, Matthias Wessendorf wrote:
If-Modified-Since is also missing
Do your responses have a Last-Modified? If not there isn't anything to
relate If-Modified-Since to..
So I have now no idea, why the static content is cacheable, but not my dynamic.
What does the
On Fri, 27 May 2005, sasa wrote:
/usr/local/squid/sbin/squid -DNYCd3
#/usr/sbin/squid -DNYCd3
Abortito
Nothing more? If not something is wrong with your binary. Reinstall Squid.
What about
/usr/sbin/squid -v
Regards
Henrik
On Fri, 27 May 2005, [ISO-8859-1] Ángel Prieto wrote:
I get this now when I write:
[EMAIL PROTECTED] ~]# /usr/lib/squid/squid_ldap_auth -R -b dc=prueba,dc=com
-D cn=root,ou=People,dc=prueba,dc=com -w hello -f sAMAccountName=%s -h
10.0.21.100
ERR
This is normal. A blank line is not a
I added Expires and it works now as aspected
Thanks for your hints.
Matthias
-Ursprüngliche Nachricht-
Von: Henrik Nordstrom [mailto:[EMAIL PROTECTED]
Gesendet: Freitag, 27. Mai 2005 13:51
An: Matthias Wessendorf
Cc: squid-users@squid-cache.org
Betreff: Re: AW: [squid-users]
Hi!
We are using squid with ntlm authentication, wich then forwards the user
name do DansGuardian, and it is working very well, with no problems at all
...
Regards,
Carlos.
--
Dansguardian is very stable but can slow down network traffic depending on
the size of
On 5/27/05, Henrik Nordstrom [EMAIL PROTECTED] wrote:
On Thu, 26 May 2005, Abu Khaled wrote:
I found this in the FAQ's
delay pools are incompatible with slow aborts; quick abort should be
set fairly low to prevent objects being retrived at full speed once
there are no clients requesting
no problum is not solved it giving jerks squid stop responding after
60 minut and nothing is log files and squid sarts after 1 minut
without adding any log
On 5/26/05, Henrik Nordstrom [EMAIL PROTECTED] wrote:
On Tue, 24 May 2005, Kashif Ali Bukhari wrote:
i get very strange problem
Henrik Nordstrom wrote:
Nothing more? If not something is wrong with your binary. Reinstall Squid.
I have installed squid and squidguard from rpm file, pheraps this is a problem
??
What about
/usr/sbin/squid -v
..nothing.
thanks.
Salvatore.
squidrunner support wrote:
To help you out on this, just start your squid binary
as,
./squid -NCd10
..but I have installed with rpm file
What you are getting out there.
1. You have configured cache_effective_user and
cache_effective_group as squid
yes
2. Change all permissions
On 5/27/05, Jigar Raval [EMAIL PROTECTED] wrote:
Hello,
We have 2MBPS leased line for internet connectivity. I
would like to configure delay pools to allocate a
bandwidth to various department. I would like to
assign BW to two department so that the department
will get only speed 6Kbps,
I work in the security assessment field and currently utilize Websense for content monitoring. My
license for websense will be up in a month and would like to replace it with an open source solution.
Are there any open source solutions that will allow me to use a spanned (mirrored) port on a
Em Qui, 2005-05-26 às 17:52 -0400, Matt Benjamin escreveu:
Paulo,
Hi Matt
Don't know of one, but we've done bugfixes on the Webmin module, though
it is still imperfect (error handling), added a config backup feature,
and have used it as recently as Webmin-1.8.0.
Fwiw and no warranty:
well
If i am testing with squid-client, i've got
127.0.0.1 - - [27/May/2005:16:48:43 +0200] GET http://1.2.3.4 HTTP/1.0 403
1398 TCP_DENIED:NONE
If i am testing from my browser, i've got
x.x.x.x - - [27/May/2005:16:46:54 +0200] GET http://1.2.3.4/ HTTP/1.0 0 0
TCP_MISS:NONE
For information,
I'm not sure about an Open-source solution, but SurfControl
(www.surfcontrol.com) is a great alternative product. We have done numerous
Corporate installations of it, including some icap integrations with squid -
although there is still continual development for this support.
Ali
-Original
Hi,
We are having problem in running squid with diskd with squid 2.5.10
it exits with message storeDiskdInit: msgget: (28) No space left on
device
cache_dir diskd /var/squid/disk1 4 73 256
cache_dir diskd /var/squid/disk2 4 73 256
cache_dir diskd /var/squid/disk3 4 73 256
Sorry for breaking into the thread, but I though that'd be related:
Does anybody know of any good filtering solution (possibly to go along
with squid) with capabilities to filter out not only based on content
but also by type of request divided into classes. Something like:
machine A has
Applied the patch and all is well.
Thanks !
Dan
- Original Message -
From: Henrik Nordstrom [EMAIL PROTECTED]
To: Dan DeLong [EMAIL PROTECTED]
Cc: squid-users@squid-cache.org
Sent: Friday, May 27, 2005 4:30 AM
Subject: Re: [squid-users] Chain SSL Cert files
On Thu, 26 May 2005,
On 27.05 22:29, sk wrote:
We are having problem in running squid with diskd with squid 2.5.10
it exits with message storeDiskdInit: msgget: (28) No space left on
device
you must configure enough of message queues and probably shared memory too.
On May 27, 2005 10:01 am, Hunter, Jess wrote:
I do not know what type of enterprise you will be using the content
filtering for, however depending on your type of organization.
DansGaurdian just might be a good fit
Yeah, it looks like it might do the trick except that I haven't found
detailed
I have been working all week to try and get ntlm with squid to work. I have
recompiled squid, samba, and kerberos with the appropriate flags but to no
avail. Does anyone have a How-to that actually works as the ones that I have
been using obviously don¹t.
Thanks
Gary
On 5/27/05 8:53 AM,
www.dansguardian.org
From: Ali Resting [EMAIL PROTECTED]
To: [EMAIL PROTECTED],squid-users@squid-cache.org
Subject: RE: [squid-users] Content Filtering Solutions
Date: Fri, 27 May 2005 17:17:59 +0200
I'm not sure about an Open-source solution, but SurfControl
(www.surfcontrol.com) is a great
David,
We had some problems with Windows Update too. We solved with:
acl Microsoft_Windows_Update dstdom_regex .download.microsoft.com
.windowsupdate.com .windowsupdate.microsoft.com .microsoft.com
http_access allow Microsoft_Windows_Update
[]´s,
Denis
-Original
Hi Gary !!
I have a how-to documented in portuguese Would you be able to read it?
Regards,
Carlos.
Hi !!
These kind of filtering can be done with squid itself, with its built-in
acls. You can combine it with traditional content-filtering solutions, like
Dansguardian, that was pointed by someone at this list ...
Regards,
Carlos.
--
Sorry for breaking into the thread, but I
I'm working here trying to get ntlm with squid working. I can get ntlm_auth
--username to work and it asks for a password and that works. I mistype the
password and it tells me so. So I think that part is working. When I fire up
./squid -NCd1 that is where I get the ntlmauthenticator helpers are
Hi.
I'm trying to add squid to a firewall-in-a-floppy little distribution called
Coyote Linux.
Coyote doen't have perl and I don't like to add it too.
If I leave some squid resources out can I produce a perl independent version?
Please send link to working coyote.
-Original Message-
From: Claudio Roberto Cussuol [EMAIL PROTECTED]
Sent: May 27, 2005 1:07 PM
To: squid-users@squid-cache.org
Subject: [squid-users] Squid without Perl. Is it possible?
Hi.
I'm trying to add squid to a firewall-in-a-floppy little
Hello all,
Does anyone know if there is a speed difference between using src and
listing 200 IP blocks and using src_as and listing 2 or 3 ASN's?
Ryan Lamberton
On Fri, 27 May 2005, sasa wrote:
I have installed squid and squidguard from rpm file, pheraps this is a problem
??
Which RPM on what distribution?
What about
/usr/sbin/squid -v
..nothing.
Then /usr/sbin/squid is not a valid squid binary, or not for your OS.
Regards
Henrik
On Fri, 27 May 2005, Matthias Wessendorf wrote:
What does the cacheability check engine say about your
dynamic content?
do you mean the logfile ?
No, I mean the cacheability check engine.
http://www.mnot.net/cacheability/
I am setting the following:
Cache-Control: public, must-revalidate
On Fri, 27 May 2005, squid squid wrote:
However there is some garbagge parameters in the %tl field shown on the
logfile. The %tl field is supposed to show date+time+800hrs but it showed
date+time+%25z. Anyway the date and time is still readable and I think this
should not caused much problem
On Fri, 27 May 2005 [EMAIL PROTECTED] wrote:
If i am testing with squid-client, i've got
127.0.0.1 - - [27/May/2005:16:48:43 +0200] GET http://1.2.3.4 HTTP/1.0 403
1398 TCP_DENIED:NONE
If i am testing from my browser, i've got
x.x.x.x - - [27/May/2005:16:46:54 +0200] GET http://1.2.3.4/
On 5/27/05, Claudio Roberto Cussuol [EMAIL PROTECTED] wrote:
I'm trying to add squid to a firewall-in-a-floppy little distribution called
Coyote Linux.
I'd assume this is similar to the BSD-based m0n0wall and pfSense, which
use a floppy to store the firewall configuration (the above tools boot
Hi Henrik,
On Fri, May 27, 2005 at 10:27:50AM +0200, Henrik Nordstrom wrote:
Related question: What was the request-URI on the request line send by IE
in the above? Was this escaped properly or where it using unescaped quote
there as well?
The request-URI was similarly unescaped.
67 matches
Mail list logo