Re: [squid-users] Error tcp_negative on web server in DMZ

>>> ..but on internal client of my LAN when I try in the web browser (IE): >>> http://www.mysite.com >>> ..the dns resolutions is ok and the ip address of my webserver is: >>> 10.0.1.2 >>> ..and I visualize only Fedora Core Test Page. Is 'www.mysite.com' a vhost which is bound to a specific IP add

[squid-users] CLIENT_MAX_AGE: how does it work

Hi, Can someone tell me (or point me to the right resource about) how CLIENT_MAX_AGE works? As I understand it a client request is able to state that it won't accept as fresh something which has an age greater than a certain value. So taking this into account, if I run a reverse proxy with a

[squid-users] Reverse Proxy: Age

Hi, I'm thinking of using Squid as a reverse proxy and I've got a question: - If one uses min_age and max_age (and overrides expiry and last_mod) to keep an object for a long time in cache. Would other caches around the internet -such as ISP caches for example- be mislead by it and store the o

Re: [squid-users] System Lockup

* On 23/11/05 21:45 -0600, WinSE wrote: > > I installed squid on FreeBSD 6.0-RELEASE. Some time after I installed > it and began using it, my system froze up completely. This had never > happened before, and since I deactivated squid, it has not happened > again. I would like to keep using squid,

[squid-users] System Lockup

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 I installed squid on FreeBSD 6.0-RELEASE. Some time after I installed it and began using it, my system froze up completely. This had never happened before, and since I deactivated squid, it has not happened again. I would like to keep using squ

RE: [squid-users] autoconfig pac file

Hello Toto, Using a "normal" browser, try and download the file - something like: wget http://10.1.1.13/proxy/proxy.pac I think the problem lies with apache2 rather than squid or the file. Cheers, Pieter -Original Message- From: Toto Carpaccio [mailto:[EMAIL PROTECTED] Sent: 2005/11/

Re: [squid-users] Overflowing filesystems

Sorry if you see this again, I got a bounced mail from squid-cache.org Chris Robertson wrote: -Original Message- From: Michael Puckett [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 23, 2005 9:25 AM To: squid-users Subject: [squid-users] Overflowing filesystems I am running this

[squid-users] RE: https Webmin using port 12000 doesn't work anymore with Squid

> -Original Message- > From: LeKeiserAmen [mailto:[EMAIL PROTECTED] > Sent: Wednesday, November 23, 2005 3:13 PM > To: squid-users@squid-cache.org > Subject: Re[2]: [squid-users] Re[2]: https Webmin using port 12000 > doesn't work anymore with Squid > > > Hello Chris, > > Wednesday, Nove

Re[2]: [squid-users] Re[2]: https Webmin using port 12000 doesn't work anymore with Squid

Hello Chris, Wednesday, November 23, 2005, 9:59:54 PM, you wrote: CR> The CONNECT method is only allowed to ports 443, 563 and 873 CR> (deny CONNECT, unless it's to a port listed in SSL_Ports). If you add... CR> acl SSL_Ports port 12000 # Webmin CR> ...to your ACL list you would be set. Even

[squid-users] squid redirect

Hi, Scenario: I have a reverse proxy running with squid. The proxy just accepts https-connections. Behind the reverse proxy there are several webservers. Now I need to redirect a client request: https://cwiki.inversum.ch To the adequate webserver: http:

[squid-users] System Lockup

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 I installed squid on FreeBSD 6.0-RELEASE. Some time after I installed it and began using it, my system froze up completely. This had never happened before, and since I deactivated squid, it has not happened again. I would like to keep using squ

RE: [squid-users] Squid slow shutdown

> -Original Message- > From: "Michal W." [mailto:[EMAIL PROTECTED] > Sent: Wednesday, November 23, 2005 12:11 PM > To: squid-users@squid-cache.org > Subject: [squid-users] Squid slow shutdown > > > Hello, > > I am using Squid on a home desktop system > (Linux/Gentoo/AMD64), which is >

RE: [squid-users] Squid slow shutdown

Sounds about normal to me. Mine takes about 2min. -Original Message- From: "Michal W." [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 23, 2005 4:11 PM To: squid-users@squid-cache.org Subject: [squid-users] Squid slow shutdown Hello, I am using Squid on a home desktop system (Linux/

[squid-users] Squid slow shutdown

Hello, I am using Squid on a home desktop system (Linux/Gentoo/AMD64), which is typically shutdown several times a day. During system shutdown it takes quite a long time (~30 seconds) to stop Squid. (This time is about the same when I stop Squid manually by running init scripts or calling "squ

[squid-users] Any way to view the current state of delay pools?

This would help me fine tune the bucket & refill settings. I've got 100+ users sharing a 1 mbps satellite internet connection, and delay pools have done a great job keeping the heavy downloaders in check. There are still a handful of guys running downloads 24/7, but they're held back to a 4 K/s r

RE: [squid-users] Re[2]: https Webmin using port 12000 doesn't work anymore with Squid

> -Original Message- > From: LeKeiserAmen [mailto:[EMAIL PROTECTED] > Sent: Wednesday, November 23, 2005 11:48 AM > To: squid-users@squid-cache.org > Subject: [squid-users] Re[2]: https Webmin using port 12000 > doesn't work > anymore with Squid > > > Hello Joost, > > Wednesday, Novembe

Re[2]: [squid-users] https Webmin using port 12000 doesn't work anymore with Squid

Hello Tim, Wednesday, November 23, 2005, 2:33:13 AM, you wrote: TB> Recheck your ACL's... TB> You have these: TB> #acl Safe_ports port 12000 #Webmin TB> http_access deny !Safe_ports TB> http_access deny CONNECT !SSL_ports TB> You need to allow CONNECT on the Webmin port (probably better to make

Re[2]: [squid-users] https Webmin using port 12000 doesn't work anymore with Squid

Hello Wash, Wednesday, November 23, 2005, 5:56:37 AM, you wrote: OW> Try changing that to: OW> acl our_networks src 192.168.1.0/255.255.255.128 OW> Or 192.168.1.0/25 OW> Then do `squid -k reconfigure` and try browsing again. OW> -Wash I tried what you suggested, but I still get the same err

[squid-users] Re[2]: https Webmin using port 12000 doesn't work anymore with Squid

Hello Joost, Wednesday, November 23, 2005, 10:02:25 AM, you wrote: >> Since I have installed Squid on my Debian 3.1, I cannot use Webmin >> anymore. >> I get the error : >> 1132704539.351 0 192.168.1.10 TCP_DENIED/403 1414 CONNECT >> 192.168.1.1:12000 - NONE/- text/html >> 1132704539.473

RE: [squid-users] Overflowing filesystems

> -Original Message- > From: Michael Puckett [mailto:[EMAIL PROTECTED] > Sent: Wednesday, November 23, 2005 9:25 AM > To: squid-users > Subject: [squid-users] Overflowing filesystems > > > I am running this version of squid: > > Squid Cache: Version 2.5.STABLE10 > configure options: --e

RE: [squid-users] Overflowing filesystems

I think u need to check what is your cache replacement policy Btw how much bandwidth do you save with this configuration? Cordially, Lokesh -Original Message- From: Michael Puckett [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 23, 2005 7:25 PM To: squid-users Subject: [squid-users]

RE: [squid-users] Error tcp_negative on web server in DMZ

> -Original Message- > From: sasa [mailto:[EMAIL PROTECTED] > Sent: Wednesday, November 23, 2005 5:48 AM > To: squid-users@squid-cache.org > Subject: Re: [squid-users] Error tcp_negative on web server in DMZ > > > Hi, > also with: > > acl internalsite dstdomain www.mysite.com > no_cache

Re: [squid-users] Error tcp_negative on web server in DMZ

Hi, this problem is present only request at my server http and windows update, for all other sites it's all ok, and this problem is present on all my machine. Thanks. -- Salvatore. - Original Message - From: "sasa" <[EMAIL PROTECTED]> To: Sent: Wednesday, November 23, 2005 7:37

Re: [squid-users] Error tcp_negative on web server in DMZ

Hi, I have tried with another cache directory (and then squid -z) but the result isn't changed, how this is possible ? thanks again. -- Salvatore. - Original Message - From: "sasa" <[EMAIL PROTECTED]> To: Sent: Wednesday, November 23, 2005 3:47 PM Subject: Re: [squid-users] Error

RE: [squid-users] parent proxy not working correctly?

> -Original Message- > From: kfliong [mailto:[EMAIL PROTECTED] > Sent: Tuesday, November 22, 2005 9:24 PM > To: squid-users@squid-cache.org > Subject: [squid-users] parent proxy not working correctly? > > > I have just setup some parent proxy for my squid proxyserver but > somehow it doe

[squid-users] Overflowing filesystems

I am running this version of squid: Squid Cache: Version 2.5.STABLE10 configure options: --enable-large-cache-files --disable-internal-dns --prefix=/opt/squid --enable-async-io --with-pthreads --with-aio --enable-icmp --enable-snmp specifically enabled for large files. My cache_dir is 535GB

[squid-users] Blocking content in html body via external acl?

I'm interested in parsing the html body of requests using a custom external acl (Blocking yesterday's IE window() exploit), but can't seem to find how to get the body of the request in the script from squid. Is this possible, or is the ACL requested prior to getting the content? (I can pass header

Re: [squid-users] Re: useragent list somewhere?

Quoting Odhiambo Washington <[EMAIL PROTECTED]>: Yes, you are right, too. But if I apply such a blacklist, I reduce the chance for such "malware" to pass through (altough it will never be 100% protection). Do you agree? You are not alone in that thinking. The IDS think tank at bleedingsnort.

Re: [squid-users] Error tcp_negative on web server in DMZ

Hi, also with: acl internalsite dstdomain www.mysite.com no_cache deny internalsite .. in the log file I have: tcp_miss/403 4174 get http://www.mysite.com direct /10.0.0.121 tcp_negative_hit/403 GET http://www.mysite.com ..but with parameter no_cache I not use the squid cache or no ?? thanks a

Re: [squid-users] Error tcp_negative on web server in DMZ

Hi, the same configuration with old proxy server machine is ok but with new machine (always the same version of Fedora, Squid and SquidGuard) not functionally !! thanks again. -- Salvatore. - Original Message - From: "sasa" <[EMAIL PROTECTED]> To: Sent: Tuesday, November 22, 20

[squid-users] Log Users Session Information

Is there a way to capture users session information, ie jserv session id or cookie information, in the squid access logs ? Looked all around and it appears not but any definitive answer. thanks

[squid-users] autoconfig pac file

Hi, I'm using squid installed on a debian server. I've installed Apache2 (checked the pac extension in mimes.conf too) also, and create a directory in /var/www/ called proxy where i put a proxy.pac file containing : function FindProxyForURL(url, host) { if (isInNet(host, "10.2.0.0", "255.

Re: [squid-users] ACL Rules in memory

On Wednesday 23 November 2005 13:02, Ghislain Garcon wrote: > > >real0m7.057s > >user0m0.640s > >sys 0m6.260s > > > > > >In other words: my Celeron 1200 MHz just did more than 10 > >open/read/close's > >per 1 sec. > > > > > > > As open() read() and close() are system calls, your

Re: [squid-users] ACL Rules in memory

>real0m7.057s >user0m0.640s >sys 0m6.260s > > >In other words: my Celeron 1200 MHz just did more than 10 open/read/close's >per 1 sec. > > > As open() read() and close() are system calls, your execution time souldn't be 6.26+0.64=6.9s and 7.057-6.9=0.157s is the time given to oth

Re: [squid-users] Re: useragent list somewhere?

* On 23/11/05 10:01 +0100, Boniforti Flavio wrote: > Joost de Heer wrote: > > >Personally, I think such a list is useless, since 'User-Agent' is a header > >that can be faked. > > Yes, you are right, too. But if I apply such a blacklist, I reduce the > chance for such "malware" to pass through (

[squid-users] Re: https Webmin using port 12000 doesn't work anymore with Squid

> Since I have installed Squid on my Debian 3.1, I cannot use Webmin > anymore. > I get the error : > 1132704539.351 0 192.168.1.10 TCP_DENIED/403 1414 CONNECT > 192.168.1.1:12000 - NONE/- text/html > 1132704539.473121 192.168.1.10 TCP_DENIED/403 1414 CONNECT > 192.168.1.1:12000 - NONE

Re: [squid-users] Re: useragent list somewhere?

Joost de Heer wrote: Personally, I think such a list is useless, since 'User-Agent' is a header that can be faked. Yes, you are right, too. But if I apply such a blacklist, I reduce the chance for such "malware" to pass through (altough it will never be 100% protection). Do you agree? -- -

[squid-users] Re: useragent list somewhere?

Boniforti Flavio wrote: > Hello everybody. > I'm actually playing around with my "useragent" logs, and would like to > know if there's a place on the 'net where I could seek information about > the useragent strings I find in my logfiles. > Or, if anybody would be interested, I would "donate" part