[squid-users] re: Number of treads

We are using Dell 2850 dual 3.2 Xeon processor, 8 Gig of Physical memory and 15rpm SCSI disk for caching (no raid). The software is FC 4 64 bit with Squid 2.5Stable13. Below is the way I complie my Squid: --prefix=/usr --exec-prefix=/usr --bindir=/usr/sbin --libexecdir=/usr/lib/squid

RE: [squid-users] plugin to secure authentication

Thanks for that, I have installed the helper but am getting stuck on the configuration side. Could you point me to some documentation which explains how to configure squid.conf. I have tried auth_param digest program /usr/local/squid/libexec/digest_ldap_auth -e -b

Re: [squid-users] re: Number of treads

We are using Dell 2850 dual 3.2 Xeon processor, 8 Gig of Physical memory and 15rpm SCSI disk for caching (no raid). The software is FC 4 64 bit with Squid 2.5Stable13. Below is the way I complie my Squid: --prefix=/usr --exec-prefix=/usr --bindir=/usr/sbin --libexecdir=/usr/lib/squid

[squid-users] ntlm_auth + wbinfo_group.pl

Hi, sorry for my bad english! my system: suse linux 10 Squid Cache: Version 2.5.STABLE10 samba (smbd) Version 3.0.20b-3.1-SUSE wbinfo_group.pl is patched with http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE12-wbinfo_group.patch. I'm trying to get the authentication by the

RE: [squid-users] plugin to secure authentication

mån 2006-04-10 klockan 09:26 +0200 skrev Paolo Biancolli: Thanks for that, I have installed the helper but am getting stuck on the configuration side. Could you point me to some documentation which explains how to configure squid.conf. First of all you need an understanding of Digest

Re: [squid-users] squid and blank/empty passwords?

Please keep replies on the mailinglist. sön 2006-04-09 klockan 16:52 -0400 skrev Scott Ehrlich: I successfully patched the source for squid 2.5, compiled, and installed it. I happen to be using NCSA auth and am trying to get my CDMA phone to proxy through my squid server. What is the

Re: [squid-users] Squid3 and certificates in a cluster

sön 2006-04-09 klockan 21:10 -0700 skrev Discussion Lists: Suppose I have two squid3 machines that are clustered, and I want them both to offer reverse SSL proxy (depending on whichever is active of course). Assuming that all is set up correctly, couldn't I just keep identical copies of the

[squid-users] Re: How big of a system do I need to run Squid?

[discussion moved to squid-users where it belongs] tor 2006-03-30 klockan 19:04 -0600 skrev Cristal Montanez: I was reading about this but the documentation In late 1998, if you are buying a new machine for a cache, I would recommend the following configuration: 300 MHz Pentium II CPU

[squid-users] Squid, windows, linux and LDAP

Hi, I have a network with some windows and linux clients. All clients authenticate against a LDAP server (windows clients via samba) running on a linux server. Now, I want to use the client's authentication within squid, so I can allow/disallow access to (parts of) the internet, but without

[squid-users] Flooding squid

Hello! I have some trouble with new kind of flood targeted at proxy server. One hosts creates thousands of new connections. Is there a way to protect against that at squid level? I would like to avoid doing it with netfilter, because it is hard to guess acceptable limit of connections

RE: [squid-users] plugin to secure authentication

I have manged to get the digest_pw_auth program working properly without any Problems. You mentioned I need at least the -A option to the line in squid.conf. The ldap database I am authenticating against is a MS 2003 active directory. Do I specify the password attribute which contains the

Re: [squid-users] Squid, windows, linux and LDAP

Hi, I have a network with some windows and linux clients. All clients authenticate against a LDAP server (windows clients via samba) running on a linux server. Now, I want to use the client's authentication within squid, so I can allow/disallow access to (parts of) the internet, but without

Re: [squid-users] Flooding squid

On 4/10/06, Michał Margula [EMAIL PROTECTED] wrote: Hello! I have some trouble with new kind of flood targeted at proxy server. One hosts creates thousands of new connections. Is there a way to protect against that at squid level? I would like to avoid doing it with netfilter,

Re: [squid-users] Flooding squid

Mark Elsen napisał(a): There is a : max_conn parameter, check it out ; in squid.conf.default. Exact name slips me for the moment M. I was thinking about something more sophisticated, because now I have: acl too-many-connections maxconn 500 http_access deny all

RE: [squid-users] Flooding squid

snip I have some trouble with new kind of flood targeted at proxy server. One hosts creates thousands of new connections. Is there a way to protect against that at squid level? I would like to avoid doing it with netfilter, because it is hard to guess acceptable limit of connections (browsers

[squid-users] Multiple Destinations

Hi, I'm currently researching squid's ability to have traffic destined for specific IPs redirected to specific http_accel_hosts. For example, Squid listens on the following addresses: 192.168.5.2:80 192.168.5.3:80 The nature of requests coming in on each IP differ, so the host they get sent to

[squid-users] NTLM with a client FTP

Hello, HTTP and FTP request using NTLM works fine with Mozilla and IE browser. Now i want to authenticate a client FTP (like Filezilla) with NTLM. I can't find a way to do this, is it possible ? Someone has ever done it ? I have tried to add these rules : acl intfullacl external NT_global_group

RE: [squid-users] plugin to secure authentication

mån 2006-04-10 klockan 15:59 +0200 skrev Paolo Biancolli: You mentioned I need at least the -A option to the line in squid.conf. Yes. It's required as without it the helper has no means of knowing how to retrieve the users password (as plain-text or digest H(A1) hash) from the directory server.

[squid-users] no cache for local web servers

Hi Squid USers, I have webservers in our local network that users should access always directly. In order to realise that condition, i created an acl as follows: acl dragon dst 10.1.0.0/255.255.0.0 always_direct allow dragon no_cache deny dragon Anyway, i keep finding such records inside

RE: [squid-users] Squid3 and certificates in a cluster

Great advice, thank you! -Original Message- From: Henrik Nordstrom [mailto:[EMAIL PROTECTED] Sent: Monday, April 10, 2006 2:18 AM To: Discussion Lists Cc: squid-users@squid-cache.org Subject: Re: [squid-users] Squid3 and certificates in a cluster sön 2006-04-09 klockan 21:10

[squid-users] acl for ports 443

I run smartfilter plugin for squid. I define catagorys that I want blocked to the internet. I found that I am unable to block any website that has https:// appended to the front end (443). As a result, a lot of the student body has figured out how to bypass the filter. (smart kids). My

Re: [squid-users] acl for ports 443

I run smartfilter plugin for squid. I define catagorys that I want blocked to the internet. I found that I am unable to block any website that has https:// Do you really want to block secure websites ? (...) appended to the front end (443). As a result, a lot of the student body has

Re: [squid-users] no cache for local web servers

Hi Squid USers, I have webservers in our local network that users should access always directly. In order to realise that condition, i created an acl as follows: acl dragon dst 10.1.0.0/255.255.0.0 always_direct allow dragon no_cache deny dragon Anyway, i keep finding such records

Re: [squid-users] acl for ports 443

Quoting Mark Elsen [EMAIL PROTECTED]: I run smartfilter plugin for squid. I define catagorys that I want blocked to the internet. I found that I am unable to block any website that has https:// Do you really want to block secure websites ? (...) appended to the front end (443). As

Re: [squid-users] acl for ports 443

I dont want to block all ssl sites. However, for some reason any url that has https: in it, doesnt go through the proxy - It should, in the default settings; check access.log for the failing URI's. - Check cache.log , for further error info , if any. ... M.

[squid-users] squid does not work after ISP move.

Hello, please CC me on any follow ups as I no longer receive squid list emails. thank you very much. I have been using squid since the beginning of time (1999) and this is the first show stopper I have ran into, nice work!! Over the weekend we changed ISPs. the only thing changed on the

Re: [squid-users] Squid-cache clustering

Hello, I am a bit confused here. I am currently running an several servers each with an instance of apache 2 and squid 2.5 using: httpd_accel_single_host On httpd_accel_host 127.0.0.1 httpd_accel_port 80 From your email it seems like I can set the apache servers as cache peers? Is that

Re: [squid-users] squid does not work after ISP move.

Hello, please CC me on any follow ups as I no longer receive squid list emails. thank you very much. I have been using squid since the beginning of time (1999) and this is the first show stopper I have ran into, nice work!! ... - On the SQUID box, are you using the correct

Re: [squid-users] acl for ports 443

Quoting Mark Elsen [EMAIL PROTECTED]: I dont want to block all ssl sites. However, for some reason any url that has https: in it, doesnt go through the proxy - It should, in the default settings; check access.log for the failing URI's. - Check cache.log , for further error info ,

[squid-users] WPAD Automatically Detect Settings

I am trying to get WPAD or Internet Explorer Proxy Automatically Detect Settings to work. http://www.freeproxy.ru/en/free_proxy/faq/wpad.htm I have NATed all DNS requests that contain wpad to my DNS server. I have created DNS entries for wpad, wpad.reversednsofmyips.com etc on the server

Re: [squid-users] Flooding squid

mån 2006-04-10 klockan 15:08 +0200 skrev Michał Margula: Hello! I have some trouble with new kind of flood targeted at proxy server. One hosts creates thousands of new connections. Is there a way to protect against that at squid level? I would like to avoid doing it with netfilter,

Re: [squid-users] Multiple Destinations

mån 2006-04-10 klockan 10:41 -0400 skrev Sketch: Hi, I'm currently researching squid's ability to have traffic destined for specific IPs redirected to specific http_accel_hosts. Is there any way to accomplish this without running multiple instances of squid? Yes, there is several. Do

Re: [squid-users] NTLM with a client FTP

mån 2006-04-10 klockan 17:03 +0200 skrev Aurélien Bras: HTTP and FTP request using NTLM works fine with Mozilla and IE browser. Now i want to authenticate a client FTP (like Filezilla) with NTLM. I can't find a way to do this, is it possible ? Someone has ever done it ? Does Filezilla support

Re: [squid-users] Multiple Destinations

On 4/10/06, Henrik Nordstrom [EMAIL PROTECTED] wrote: mån 2006-04-10 klockan 10:41 -0400 skrev Sketch: Hi, I'm currently researching squid's ability to have traffic destined for specific IPs redirected to specific http_accel_hosts. Is there any way to accomplish this without running

[squid-users] Squid options in deamon mode

Hello, What is the best option to start squid in deamon mode and avoid these errors ? I run RHEL V4 + squid stable 13, + wccp. Regards, Running: squid -sY /usr/local/squid/var/squid.out 21 /usr/local/squid/bin/RunCache: line 35: 6794 File size limit exceededsquid -NsY $conf $logdir/squid.out

[squid-users] httpd_accel_uses_host_header doesn't use port?

I have been running Squid as a reverse proxy to an Apache origin server on the same host. Squid and Apache use the same port number but different addresses, as recommended (the public routable address for Squid, 127.0.0.1 for Apache). I would like to change this configuration (at least in

Re: [squid-users] WPAD Automatically Detect Settings

Some versions of IE are broken and look for wpad.da, missing the t at the end. Symlink so they stay the same. You need to be able to access the wpad file without the proxy for obvious reasons (but this is sometimes overlooked). Check by turning off all proxy options and trying to access where

Re: [squid-users] Cache Peer Help Need

Mohammad Shakir wrote: I have 3 cache_peer and want to configure like this Paccs acl goes to 192.168.0.1 MediaExt acl goes to 192.168.0.2 and all others request goes to 192.168.0.3 for this I change in squid.conf like this, but it is not working properly. Could you be more specific in how

Re: [squid-users] Using Multiple ldap server for authentication.

Logu wrote: Hi, Is it possible to select and authenticate the clients based on their src IPaddress against a particular ldap server. Say for example I want to authenticate the client 172.16.1.1 against the ldap server at 172.16.1.10 and the client 172.16.1.5 against the ldap server

Re: [squid-users] User download syntax

Nick Duda wrote: We use AD for authentication via samba/winbind. I have ACL setup to deny downloading of file types but want to enable certain users to download. # Define files to block from downloading acl filedownloads urlpath_regex -i \.exe$ \.mp3$ \.mov$ \.mpg$ \.mp?$ \.avi$ \.rm$ # File

Re: [squid-users] squid and blank/empty passwords?

s??n 2006-04-09 klockan 16:52 -0400 skrev Scott Ehrlich: I successfully patched the source for squid 2.5, compiled, and installed it. I happen to be using NCSA auth and am trying to get my CDMA phone to proxy through my squid server. What is the best way to create a proxy account with no

[squid-users] One web site doesn't work if I use proxy.pac file

Hi All, I am running Squid Cache: Version 2.5.STABLE10. I am having a problem with one web site. If I use proxy.pac file it says page cannot be displayed. If I use manual proxy server settings it works fine. I dont have any rules in proxy.pac file for this web site. I couldn't figure out why it

[squid-users] epoll and ENTRY_DEFER_READ messages

I've got Squid-2.5.STABLE13 with the epoll patch, and I'm getting a lot of clearing ENTRY_DEFER_READ messages in my cache.log. Is this something I should be concerned about, or just a debug message at the wrong verbosity level?

Re: [squid-users] delay pool configuration and query - PL PL Respond

[EMAIL PROTECTED] wrote: Hi I posted my question earlier also but no one replied and I am not getting enough information on squid website also. So pl reply to me. Below is my question and configuration I am using class 3 delay pool and objective is to allocate 128kbps to each host which

Re: [squid-users] acl for ports 443

Dwayne Hottinger wrote: Quoting Mark Elsen [EMAIL PROTECTED]: I dont want to block all ssl sites. However, for some reason any url that has https: in it, doesnt go through the proxy - It should, in the default settings; check access.log for the failing URI's. -

Re: [squid-users] epoll and ENTRY_DEFER_READ messages

This is not the case for me. I've had half_closed_clients set to off, and I continue to get more than 5 or so log lines of this per second. Henrik's earlier confirmation of setting the debug level in the patch to debug(20, 2) was a more useful reply for me. --john - Original Message

Re: [squid-users] One web site doesn't work if I use proxy.pac file

Hi All, I am running Squid Cache: Version 2.5.STABLE10. I am having a problem with one web site. - What is the problem, in more exact terms ? For instace, full error(s) - returned in browser ? If I use proxy.pac file it says page cannot be displayed. If I use manual proxy server

Re: [squid-users] Squid options in deamon mode

Hello, What is the best option to start squid in deamon mode and avoid these errors ? I run RHEL V4 + squid stable 13, + wccp. Regards, Running: squid -sY /usr/local/squid/var/squid.out 21 /usr/local/squid/bin/RunCache: line 35: 6794 File size limit - Check whether none of your