Henrik,
Thanks for reply, can you please provide me the rule which I have to add
at (NAT:s).
Regards,
Kirtimaan
Henrik Nordstrom wrote:
On tor, 2008-06-05 at 11:37 +0530, Kirtimaan wrote:
On squid box, there is a utility Guarddog used for port forwarding. So
it forward all traffic on port
Protocol: TCP
Source IP: LAN
Source port: ANY
Destination IP: ANY
Destination port: 80
Action: DNAT to serverip:port, or alternatively REDIRECT to porxy port
You can find iptables rule templates in the Squid FAQ.
I can not help you with the GUI tool you are using as I have never seen
it or used
Configured proxy, or transparent interception?
On fre, 2008-06-06 at 08:29 +0200, Ionel GARDAIS wrote:
DNS issues ... client side ? proxy side ?
clients resolve to Windows Server 2003 DNS for internal domain names.
These servers forward to DMZ DNS (running bind) for internal view of
the DNS
Configured proxy for now.
I'm doing some network to see how can I use squid in transparent
interception without breaking the exclude rules ffrom the current pac we
use.
Ionel
Henrik Nordstrom wrote:
Configured proxy, or transparent interception?
On fre, 2008-06-06 at 08:29 +0200, Ionel
Henrik,
Thanks for details. I will try these and reply with results.
Regards,
Kirtimaan
Henrik Nordstrom wrote:
Protocol: TCP
Source IP: LAN
Source port: ANY
Destination IP: ANY
Destination port: 80
Action: DNAT to serverip:port, or alternatively REDIRECT to porxy port
You can find
dear all...
i have big problem with my squid-2.6-stable19 transparent.
i cant filter the http-tunnel with squid. usually i used the acl
dstdom_regex, acl dstdom, acl src, but i think it's not useful for
filtering access when my client use http-proxy.
please, explain me, how the http-proxy work.
Is there any difference if you configure the proxy explicit without
using a PAC?
Do you have any rules in the PAC depending on destinaion IP of the
requested server?
fre 2008-06-06 klockan 08:56 +0200 skrev Ionel GARDAIS:
Configured proxy for now.
I'm doing some network to see how can I use
On squid box, there is a utility Guarddog used for port forwarding. So
it forward all traffic on port 80 to Squid port 3128.
I'd say your problem is here. You have port forwarded port 80 on the
server itself to port 3128 on the server itself. Same as configuring
Squid to listen on port 80
[EMAIL PROTECTED] wrote:
dear all...
i have big problem with my squid-2.6-stable19 transparent.
i cant filter the http-tunnel with squid.
What http-tunnel? There are many ways of doing it. Your transparent
setup is one.
usually i used the acl
dstdom_regex, acl dstdom, acl src, but i think
Hi
I'm new to Squid, so please be patient. I've installed Squid 2.6 on a
Debian Etch as a transparent proxy. I can go to many web sites but
suddenly I can't surf the web. I realize the problem when I make ping
to gmail.com and after 10 or 20 minutes gives me Request Time Out.
I saw the link
2008/6/5 Amos Jeffries [EMAIL PROTECTED]:
Sergio Belkin wrote:
Hi,
I'd want to know if it's possible allos MSN usage along transparent proxy.
Possible. But not always easy. It depends highly on the type of network you
have setup (a level of NAT between the client and squid kills it fairly
I got a user (whom I can trust) who uses an explicit proxy configuration
: there are no improvments.
The pac we use is mostly made of a huge if which instruct user's
browser to bypass the proxy and to go direct to some servers.
Here is the pac :
function FindProxyForURL(url,host) {
if
Could you possibly give us the pac script you are using? I once thought that
using the option of DNS does not resolve use proxy, else go direct, as internal
clients can't resolve outside DNS. This caused a very similar symptom as you
are seeing as clients had to wait for local DNS timeouts
This seems like more work, for the admin and clients.
Also, we have clients who go offsite often (salesmen are barely here), if
they have proxies, when they go offsite they will not be able to work online
without using the VPN and proxy through that. And if they are at a hotel
that requires
Carlos Alberto Bernat Orozco escribió:
Hi
I'm new to Squid, so please be patient. I've installed Squid 2.6 on a
Debian Etch as a transparent proxy. I can go to many web sites but
suddenly I can't surf the web. I realize the problem when I make ping
to gmail.com and after 10 or 20 minutes gives
( I'm sorry that this was my third message for the same question to the list.
b/c the before two messages sent from yahoo got lost...)
Hello members,
I want to set squid, which accepts https from clients, then forward the
request to original server with http protocal.
This is the setting I
On 06.06.08 14:37, Ionel GARDAIS wrote:
function FindProxyForURL(url,host) {
if (
(
!(
host.indexOf('www.ifp.fr') == 0
|| host.indexOf('validation.ifp.fr') == 0
||
Hi group
Thanks for your answer. I just checked the resolv.conf. It seems to me
normal, with the nameservers list of my ISP.
Could be another problem?
Thanks in advanced
2008/6/6 Mario Salazar Ba=F1os [EMAIL PROTECTED]:
Carlos Alberto Bernat Orozco escribi=F3:
Hi
I'm new to
I will try the host != some.url.com part.
For the isInNet() trick, the problem is that it inducts a DNS resolution call
for every request to compare with the IP/mask parameters.
I was thinking to myself that it was an useless overhead...
Ionel
-Message d'origine-
De : Matus UHLAR -
Amos Jeffries said:
It's a bit before my time but I believe the initial sponsors were
using it. At least until development on it stopped.
The initial sponsors for ESI support in Squid were Zope Corp, and they
never used it, because Squid 3 which as supposed implement it was a
few years late.
Hi all,
I feel like a complete fool but I just can't seem to use the squid
docs... could someone point me to the list of sections? ALL,1 33,2
seems to be a common setting - but wtf is the doc that says what 33
is?!?
Cheers
Anton
ps. Do I have to read through the source for this?
--
echo
On fre, 2008-06-06 at 14:37 +0200, Ionel GARDAIS wrote:
I got a user (whom I can trust) who uses an explicit proxy configuration
: there are no improvments.
Ok. Then it's at the proxy, or the DNS servers it uses.
Remember that to diagnose DNS slowness you need to query for hosts and
domains
Okay ...
It's been the hardest 20 minutes of the day : find a few domain names that
should have not been accessed and cached by our DNS.
Well, from Paris, France, time given by dig stats :
- mana.pf (French Polynesia, other side of the Earth, satellite link) : around
700ms
- aroundtheworld.com,
Your DNS responses were similar to what I saw on those same domains, but how is
squid querying DNS, it can be set different than the host DNS servers that dig
would be using.
Do you have any of the following options set in your squid.conf? If so what
are they set to?
DNS OPTIONS
Jerome Yanga wrote:
Thanks for the quick response, Chris.
Here are my attempts to answer your questions. :)
Using Live HTTP Headers plugin for Firefox. It seems to show that
Cache-Control and Pragma settings.
http://site_address.com/help/jssamples_start.htm
GET /help/jssamples_start.htm
Hello members,
I want to set squid, which accepts https from clients, then forward the
request to original server with http protocal.
This is the setting I considered:
https_port 443 accel vhost cert=/squid/etc/xxx.crt key=/squid/etc/xxx.key
protocol=http
cache_peer 10.0.0.1 parent 80 0
I can create a simple test tool to create blobs. I will post it later next
week.
Markus
Henrik Nordstrom [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
On ons, 2008-06-04 at 15:41 -0700, Alex Morken wrote:
Thank you Henrik. I kind of figured it needed something else, but I
On Jun 6, 2008, at 2:19 PM, Markus Moeller wrote:
I can create a simple test tool to create blobs. I will post it
later next week.
Markus
Henrik Nordstrom [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
On ons, 2008-06-04 at 15:41 -0700, Alex Morken wrote:
Thank you Henrik.
Is there more than one DNS servre in /etc/resolv.conf or squid.conf? If
so then you need to test both..
On fre, 2008-06-06 at 21:55 +0200, GARDAIS Ionel wrote:
Okay ...
It's been the hardest 20 minutes of the day : find a few domain names that
should have not been accessed and cached by our
On tor, 2008-06-05 at 20:10 -0400, Jonathan Chretien wrote:
It's very strange. I really don't know if it's a Mac problem or if it's a
problem with the Helper that has difficulty to talk with Mac Computers.
Shoule be easy to see with a wireshark capture of the traffic. Each new
connection
My cache performance is acting strange; I'm getting extremely high
tcp_hit times for cached objects:
1212787643.465 50343 10.2.7.22 TCP_HIT/200 19290 GET http://cache-int/
1212787737.740 15212 10.2.7.25 TCP_HIT/200 11511 GET http://cache-int/
Those high times comes in bursts. Eg:
On tor, 2008-06-05 at 17:22 -0700, Jerome Yanga wrote:
#/cache/usr/bin/purge -n -v -c /etc/squid/cachepurge.conf -p 127.0.0.1:80 -P
1 -e site_address\.com /var/log/site_address.com_purge.log
I grep'ed the log created from the command above and I can find instances of
site_address.com
On tor, 2008-06-05 at 23:15 -0500, Carlos Alberto Bernat Orozco wrote:
I'm new to Squid, so please be patient. I've installed Squid 2.6 on a
Debian Etch as a transparent proxy. I can go to many web sites but
suddenly I can't surf the web. I realize the problem when I make ping
to gmail.com
On fre, 2008-06-06 at 17:06 +0200, Matus UHLAR - fantomas wrote:
is using of
isInNet(host, 127.0.0.0, 255.0.0.0)
not working?
That relies on DNS lookups..
Regards
Henrik
On fre, 2008-06-06 at 07:40 -0700, modulok wrote:
Also, we have clients who go offsite often (salesmen are barely here), if
they have proxies, when they go offsite they will not be able to work online
without using the VPN and proxy through that. And if they are at a hotel
that requires
On fre, 2008-06-06 at 22:59 +0800, Ken W. wrote:
I want to set squid, which accepts https from clients, then forward the
request to original server with http protocal.
This is the setting I considered:
https_port 443 accel vhost cert=/squid/etc/xxx.crt key=/squid/etc/xxx.key
On fre, 2008-06-06 at 18:56 +0200, Anton Melser wrote:
Hi all,
I feel like a complete fool but I just can't seem to use the squid
docs... could someone point me to the list of sections? ALL,1 33,2
seems to be a common setting - but wtf is the doc that says what 33
is?!?
On fre, 2008-06-06 at 14:33 -0700, Alex Morken wrote:
I have done a bit more testing and shut off my ldap authentication
and it seems that it still trying to use the basic auth. I have shut
squid completely down and restarted each time I change auth methods
per the documentation. How
Hi
Thanks to all for the answers. I will tell you my confguration. I have
a debian etch box with 2 network interfaces. One for WAN and the other
LAN. I have an script with iptables to redirect traffic to the proxy
as transparent proxy.
When I started the Squid service, the ping after 10 or 15
On fre, 2008-06-06 at 14:38 -0700, leongmzlist wrote:
My cache performance is acting strange; I'm getting extremely high
tcp_hit times for cached objects:
1212787643.465 50343 10.2.7.22 TCP_HIT/200 19290 GET http://cache-int/
1212787737.740 15212 10.2.7.25 TCP_HIT/200 11511 GET
I think it's due to dns. Here was the squid manager output:
Median Service Times (seconds) 5 min60 min:
HTTP Requests (All): 8.68295 2.37608
Cache Misses: 10.20961 0.03066
Cache Hits:8.22659 2.79397
Near Hits: 0.0
On Jun 6, 2008, at 2:55 PM, Henrik Nordstrom wrote:
On fre, 2008-06-06 at 14:33 -0700, Alex Morken wrote:
I have done a bit more testing and shut off my ldap authentication
and it seems that it still trying to use the basic auth. I have shut
squid completely down and restarted each time I
Getting ready to roll out a squid server in my organization after doing
about a month of testing on it on a virtual machine in VMware server.
Is running squid in a virtual environment recommended, or is having a
dedicated box a safer way to go? I'll have about 30 users that hit
YouTube and other
Henrik,
I believe some do but others don't. I just responded to Chris with the
http headers. The captured log is a mere mouse over of an icon in the
site.
I apologize for my noobness.
Regards,
Jerome
-Original Message-
From: Henrik Nordstrom [mailto:[EMAIL PROTECTED]
Sent: Friday,
Leonardo Rodrigues Magalhães wrote:
probably the problem reported is chunked-encoding related. Please check:
http://squidproxy.wordpress.com/2008/04/29/chunked-decoding/
Blog entry http://squidproxy.wordpress.com/2008/04/29/chunked-decoding/; posted
on April 29, 2008 at 2:24pm says:
[
Hello members,
I want to set squid, which accepts https from clients, then forward the
request to original server with http protocal.
This is the setting I considered:
https_port 443 accel vhost cert=/squid/etc/xxx.crt key=/squid/etc/xxx.key
protocol=http
cache_peer 10.0.0.1 parent 80 0
BTW If you download the cvs source from sourceforge at
http://squidkerbauth.cvs.sourceforge.net/squidkerbauth you can use
./configure and it should check everything for Mac
Markus
Alex Morken [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
Hello,
This is the first time I have
2008/6/7 Henrik Nordstrom [EMAIL PROTECTED]:
But you are quite likely to run into issues with the server sending out
http:// URLs in it's responses unless the server has support for running
behind an SSL frontend. See for example the front-end-https cache_peer
option.
Thanks Henrik.
Under
On Fri, Jun 06, 2008, Brodsky, Jared S. wrote:
Getting ready to roll out a squid server in my organization after doing
about a month of testing on it on a virtual machine in VMware server.
Is running squid in a virtual environment recommended, or is having a
dedicated box a safer way to go?
Hi everyone,
I hate to ask for stuff on the public mailing list but I'm a little stuck
right now.
I've been loaned a pair of compaq storageworks arrays - 14 U160 disks
per array - but I don't have disks for them. I have some older 10krpm
disks to partially fill one array but those disks are
Linda W wrote:
Leonardo Rodrigues Magalhães wrote:
probably the problem reported is chunked-encoding related. Please
check:
http://squidproxy.wordpress.com/2008/04/29/chunked-decoding/
Blog entry
http://squidproxy.wordpress.com/2008/04/29/chunked-decoding/; posted on
April 29, 2008 at
On Sat, Jun 07, 2008, Brodsky, Jared S. wrote:
In my instance it is not an ESX server but rather their free offering. When I
did my testing I did it on my desktop with was a P4 w 3GB ram and I saw a hit
of 25-30 percent usage with 6 users and myself working on the desktop.
Right. VMWare
Sergio Belkin wrote:
2008/6/5 Amos Jeffries [EMAIL PROTECTED]:
Sergio Belkin wrote:
Hi,
I'd want to know if it's possible allos MSN usage along transparent proxy.
Possible. But not always easy. It depends highly on the type of network you
have setup (a level of NAT between the client and
leongmzlist wrote:
I think it's due to dns. Here was the squid manager output:
Median Service Times (seconds) 5 min60 min:
HTTP Requests (All): 8.68295 2.37608
Cache Misses: 10.20961 0.03066
Cache Hits:8.22659 2.79397
Near Hits:
On fre, 2008-06-06 at 15:30 -0700, leongmzlist wrote:
Does squid still use dns for reverse proxy requests? All my requests
goes to http://cache-int/, but cache-int is not on /etc/hosts nor on
DNS. I have 1 orginal-server defined and is used as the default, so
shouldn't squid just goto
On fre, 2008-06-06 at 15:48 -0700, Jerome Yanga wrote:
I believe some do but others don't. I just responded to Chris with the
http headers. The captured log is a mere mouse over of an icon in the
site.
Yes, but is those headers from an object which you found was cached by
Squid?
Regards
56 matches
Mail list logo
