We have configured squid proxy server 2.6 STABLE in Fedora 6 box. We have
given full time net access for particular users only. Remaining users will
access the net at particular time only. But for skype access we have given
access for all users. This is our code for skype access.
acl Safe_ports
Luis Daniel Lucio Quiroz yazm?s,:
Hi Squids
We found that if we block by MIME type HT-* MIMEs headers we can block
HTTPProxy tunnel (the one that use html tags).
We have found httport (for windows) but still dont know how to block. Has
anyone blocked it by other technique than ip blocking?
░▒▓ ɹɐzǝupɐɥʞ ɐzɹıɯ ▓▒░ wrote:
[EMAIL PROTECTED]:/home/mirza# tail -f /var/log/squid/cache.log
2008/11/12 12:48:44| parseHttpRequest: Unsupported method 'NICK'
2008/11/12 12:48:44| clientReadRequest: FD 31 (192.169.1.112:1539)
Invalid Request
2008/11/12 12:49:14| parseHttpRequest: Unsupported met
Nicole wrote:
On 12-Nov-08 My Secret NSA Wiretap Overheard Amos Jeffries Saying :
Hello all
I have started to receive complains from people trying to get video's
from
msnbc.com that use a # character in the URL.
Such as:
http://www.msnbc.msn.com/id/22425001/vp/27657223#27657223
http://www
[EMAIL PROTECTED]:/home/mirza# tail -f /var/log/squid/cache.log
2008/11/12 12:48:44| parseHttpRequest: Unsupported method 'NICK'
2008/11/12 12:48:44| clientReadRequest: FD 31 (192.169.1.112:1539)
Invalid Request
2008/11/12 12:49:14| parseHttpRequest: Unsupported method 'NICK'
2008/11/12 12:49:14| c
░▒▓ ɹɐzǝupɐɥʞ ɐzɹıɯ ▓▒░ wrote:
base on : http://www.mail-archive.com/squid-users@squid-cache.org/msg52826.html
what should i do with my squid ?
Check cache.log to see if you can locate what the request methods are.
Increase debug level to "debug_options ALL,1 11,6 73,6" if needed to
get mo
[EMAIL PROTECTED] wrote:
You definitely have a fully open proxy configured for anyone who can send
packets to it. Also the firewall itself intercepts and sends stuff into
the proxy.
Yes, I've not had much time to learn it yet, I just needed to get it running
for a quick satellite demo so si
Luis Daniel Lucio Quiroz wrote:
Using squid 3 stable 9, with digest ldap auth, randomly i got this:
assertion failed: ACLProxyAuth.cc:146:
"authenticateValidateUser(auth_user_request)"
later, squid dies
Any comment?
Looks similar to one of the open bugs, but not the same one.
Can you rep
Nicole wrote:
On 11-Nov-08 My Secret NSA Wiretap Overheard Nicole Saying :
Hello all
I have started to receive complains from people trying to get video's from
msnbc.com that use a # character in the URL.
Such as:
http://www.msnbc.msn.com/id/22425001/vp/27657223#27657223
http://www.msnbc.
On 12-Nov-08 My Secret NSA Wiretap Overheard Amos Jeffries Saying :
>>
>>
>> Hello all
>>
>> I have started to receive complains from people trying to get video's
>> from
>> msnbc.com that use a # character in the URL.
>>
>> Such as:
>>
>> http://www.msnbc.msn.com/id/22425001/vp/27657223#276572
The setup is something like this;
Internet User->Public IP->Firewall->NAT->Squid->Web Server
> Assuming the squid box is inside your firewall then your firewall policy is
> incorrect. It should not allow connections from the internet to your squid
> box. Depending on how your network's setup that
base on : http://www.mail-archive.com/squid-users@squid-cache.org/msg52826.html
what should i do with my squid ?
--
Pengin punya Layanan SMS PREMIUM ?
Contact me ASAP. dapatkan Share revenue MAXIMAL tanpa syarat traffic...
> Yesterday, I wanted to get back to the cache and saw a great
> deal of traffic I/O on the cache but the weird part was that
> none of it was for or on my network. It looked like I've been
> used as some sort of payment gateway for a short while :).
> Anyhow, I do have firewall security in place,
Tnkx
> On Tue, 2008-11-11 at 16:53 -0600, Luis Daniel Lucio Quiroz wrote:
> > I'm pretty sure.
> >
> > I have a pcap file captured and, traffic is exchanged and then suddenly a
> > RST from squid to client.
> >
> > > > I've found that squid is sending a RST packet to a Windows
> > > > station (Wi
> it;'s works now
> i dont know why
> but i do reinstall my ubuntu
> perhaps something wrong with apache
>
> sorry and thankyou
>
> btw amos can i sent you private email about my config ? squid.conf
> tell me it's optimal or not
> if you allow me to sent you email
> i will put it as a attchment
Yo
> You definitely have a fully open proxy configured for anyone who can send
> packets to it. Also the firewall itself intercepts and sends stuff into
> the proxy.
Yes, I've not had much time to learn it yet, I just needed to get it running
for a quick satellite demo so simply opened a port 80 hol
>
>> Not fully 1.1, but from (0.9 + 1.0) to fully 1.0 + partial 1.1. Which
> is
>> weird because 2.6 went almost fully 1.0 as well quite a while back.
>
> I wish changes like this were called out in the release notes
Increases in compatibility are in the release notes and ChangeLog
The regression
thanks
it's very help
thx amos and Visolve Squid Team
On Wed, Nov 12, 2008 at 7:35 AM, Amos Jeffries <[EMAIL PROTECTED]> wrote:
>> how to put IP group
>> like acl chatting url_regex -i "/etc/squid/domain.txt"
>> for domain list
>>
>> how about client ip ?
>> i mean like this :
>>
>> acl full src
> Just a follow-up,
>
> Squid3 didn't work as expected for me, so I tried recompiling
> 2.6-STABLE22 with the MAX_URL changed to 8192.
>
> It's working great so far and have moved it into production with no
> issues.
>
> - Gregori
>
Okay. What was the issue with squid-3 please?
Amos
>
> -Or
>
>
> Hello all
>
> I have started to receive complains from people trying to get video's
> from
> msnbc.com that use a # character in the URL.
>
> Such as:
>
> http://www.msnbc.msn.com/id/22425001/vp/27657223#27657223
> http://www.msnbc.msn.com/id/22425001/vp/27652443#27652443
>
>
> The access l
it;'s works now
i dont know why
but i do reinstall my ubuntu
perhaps something wrong with apache
sorry and thankyou
btw amos can i sent you private email about my config ? squid.conf
tell me it's optimal or not
if you allow me to sent you email
i will put it as a attchment
On Tue, Nov 11, 2008 a
> I'll be soon on vacation, so I need to unsuscribe from the list for this
> next two months
>
> Anybdy knows how to unsuscribe from the list.
>
http://www.squid-cache.org/Support/mailing-lists.dyn
Amos
> New user of squid. Used it many years ago but things have changes. I set
> up a proxy recently then forgot about it as I had other jobs to take care
> of. Seems I left it running but only had a couple of sites with IPs to the
> cache for testing.
>
> Yesterday, I wanted to get back to the cache a
On Tue, 2008-11-11 at 16:53 -0600, Luis Daniel Lucio Quiroz wrote:
> I'm pretty sure.
>
> I have a pcap file captured and, traffic is exchanged and then suddenly a RST
> from squid to client.
>
> > > I've found that squid is sending a RST packet to a Windows
> > > station (WinXP SP2 or WinVista)
Using squid 3 stable 9, with digest ldap auth, randomly i got this:
assertion failed: ACLProxyAuth.cc:146:
"authenticateValidateUser(auth_user_request)"
later, squid dies
Any comment?
LD
On 11-Nov-08 My Secret NSA Wiretap Overheard Nicole Saying :
>
>
> Hello all
>
> I have started to receive complains from people trying to get video's from
> msnbc.com that use a # character in the URL.
>
> Such as:
>
> http://www.msnbc.msn.com/id/22425001/vp/27657223#27657223
> http://www
> how to put IP group
> like acl chatting url_regex -i "/etc/squid/domain.txt"
> for domain list
>
> how about client ip ?
> i mean like this :
>
> acl full src 192.168.1.1
> acl full src 192.168.1.5
> acl chatonly src 192.168.1.3
>
> put on one file like full.txt and chat.txt
> so the squid.conf i
New user of squid. Used it many years ago but things have changes. I set up a
proxy recently then forgot about it as I had other jobs to take care of. Seems
I left it running but only had a couple of sites with IPs to the cache for
testing.
Yesterday, I wanted to get back to the cache and saw a
I'm pretty sure.
I have a pcap file captured and, traffic is exchanged and then suddenly a RST
from squid to client.
> > I've found that squid is sending a RST packet to a Windows
> > station (WinXP SP2 or WinVista).
> >
> > Squid is not configured to send RST's. Is there any
> > explication fo
> I've found that squid is sending a RST packet to a Windows
> station (WinXP SP2 or WinVista).
>
> Squid is not configured to send RST's. Is there any
> explication for this?
Are you sure that the client is connecting to the correct port and that the
service is running? The OS will typically re
Henrik,
Thanks for the response. It turns out you have to put those lines
after the acl, so it's fixed and working.
Thanks
On Tue, Nov 11, 2008 at 3:12 PM, Henrik Nordstrom
<[EMAIL PROTECTED]> wrote:
> On tis, 2008-11-11 at 14:02 -0600, Kevin Blackwell wrote:
>
>> This seems to be my only issue.
I use Squid 3
> On tis, 2008-11-11 at 13:01 -0600, Luis Daniel Lucio Quiroz wrote:
> > now, I have a situation. Because here we must use digest auth, not all
> > applications are aware of this. And many users are complaining about
> > applications. I was thinking of a external helper that let an
On tis, 2008-11-11 at 13:01 -0600, Luis Daniel Lucio Quiroz wrote:
> now, I have a situation. Because here we must use digest auth, not all
> applications are aware of this. And many users are complaining about
> applications. I was thinking of a external helper that let an IP without
> auth
On tis, 2008-11-11 at 14:02 -0600, Kevin Blackwell wrote:
> This seems to be my only issue.
>
> access_log /var/log/squid/access.log common
> access_log /var/log/squid/40access.log common 40_auth
>
> acl 40_auth external nt_group DomainGroup
>
> FATAL: Bungled squid.conf line 1080: access_log
>
Scratch last problem.
This seems to be my only issue.
access_log /var/log/squid/access.log common
access_log /var/log/squid/40access.log common 40_auth
acl 40_auth external nt_group DomainGroup
FATAL: Bungled squid.conf line 1080: access_log
/var/log/squid/40access.log common 40_auth
Thanks in
To all, thanks for the direction
I seem to be running into one problem.
We have multiple companies in our domain. They are all in different
OU's What I'm trying to do is create a different log file for each OU.
So say if user from OU Domain Users authenticates, I want logging of
this user to go t
Hi Squids,
Becase we are aware that a farm of squids cant block a user who shares his
username. I've just programmed a helper to let squid to dont share logins even
if one person logs into squid1 and other into squid2. I've paste it in:
http://pastebin.mandriva.com/1333
It bassically uses LDA
After debuggin,
I've found that squid is sending a RST packet to a Windows station (WinXP SP2
or WinVista).
Squid is not configured to send RST's. Is there any explication for this?
Regards,
LD
Hello all
I have started to receive complains from people trying to get video's from
msnbc.com that use a # character in the URL.
Such as:
http://www.msnbc.msn.com/id/22425001/vp/27657223#27657223
http://www.msnbc.msn.com/id/22425001/vp/27652443#27652443
The access log shows that it is rem
Just a follow-up,
Squid3 didn't work as expected for me, so I tried recompiling
2.6-STABLE22 with the MAX_URL changed to 8192.
It's working great so far and have moved it into production with no
issues.
- Gregori
-Original Message-
From: Amos Jeffries [mailto:[EMAIL PROTECTED]
Sent: S
> Not fully 1.1, but from (0.9 + 1.0) to fully 1.0 + partial 1.1. Which
is
> weird because 2.6 went almost fully 1.0 as well quite a while back.
I wish changes like this were called out in the release notes
> always_direct prevents the requests going through peers. Nothing more.
> if the domain
Hi Squids
We found that if we block by MIME type HT-* MIMEs headers we can block
HTTPProxy tunnel (the one that use html tags).
We have found httport (for windows) but still dont know how to block. Has
anyone blocked it by other technique than ip blocking?
Regards,
LD
On Tue, Nov 11, 2008 at 8:10 AM, kaustav_deybiswas
<[EMAIL PROTECTED]> wrote:
>
> Hi,
> I am a squid newbie. I am trying to set up daily download quotas for NCSA
> authorized users. I have a daemon running which checks the log files, and
> whnever the download limit is reached (for a particular use
First download...
http://srv0107-08.sjc3.imeem.com/G/3/a3fyPn66Hu0NCjZ5lh07AXysH--kyIK4751AzIiSs2MuU4JanDY3_cdiGG9g796p5DMt9ikrlvIpNLUFMRB8WoA6X4UThXIN9foS59ipZBypp6-KY65fNuf2_4uV3JW0Nu2e1xFHR_hlO8Xu4BR7inF1jrQwNppyCJysoCxUZyEBMyLTzglQ-HuoK2IzDoAYwifb_neG41Ei0Wvsm9HU7358APQI6TpRK-wtrsJ6ICSjgSMb7xv
I'll be soon on vacation, so I need to unsuscribe from the list for this
next two months
Anybdy knows how to unsuscribe from the list.
Regards
Oscar
Hi,
Friday, November 7, 2008, 9:48:16 PM, you wrote:
> File a bug report, preferably with a stack backtrace of the error.
Hm, since we use aufs cache_dir type, we cannot provide a stack
backtrace... :(
Dietmar
--
NetCologne Gesellschaft fuer Telekommunikation mbH
Am Coloneum 9, 50829 Koeln
Ges
zhang yikai wrote:
> hi Amos, I use wget and in the /etc/wgetrc file:
>
> http_proxy = http://10.0.2.110:9090
>
> and I can connect to google from this computer:
>
> [EMAIL PROTECTED] ~]# ping www.google.com
> PING www.google.com (64.233.189.147): 56 data bytes
> 64 bytes from 64.233.189.147: ic
Hi Mirza,
Yes, you can do for client IP also as you have done for url_regex ACL.
like
acl full src "/etc/squid/full.txt"
acl chatonly src "/etc/squid/chat.txt"
You can mention the ip address in the respective text file one below the
other.
Regards
Visolve Squid Team
how to put IP group
lik
hi Amos, I use wget and in the /etc/wgetrc file:
http_proxy = http://10.0.2.110:9090
and I can connect to google from this computer:
[EMAIL PROTECTED] ~]# ping www.google.com
PING www.google.com (64.233.189.147): 56 data bytes
64 bytes from 64.233.189.147: icmp_seq=0 ttl=237 time=40 ms
>> ---
On tis, 2008-11-11 at 15:33 +0800, zhang yikai wrote:
> 10.0.2.110 is the machine run squid and dansguardian, thank you for your
> reply.
Yes, but why does a DNS lookup of www.google.com return 10.0.2.110? You
are not google.
Regards
Henrik
signature.asc
Description: This is a digitally signed
Henrik Nordstrom wrote:
On tis, 2008-11-11 at 15:24 +1300, Amos Jeffries wrote:
Not fully 1.1, but from (0.9 + 1.0) to fully 1.0 + partial 1.1. Which is
weird because 2.6 went almost fully 1.0 as well quite a while back.
From this discussion it seems Squid-3 no longer accepts the obsolete
HTT
░▒▓ ɹɐzǝupɐɥʞ ɐzɹıɯ ▓▒░ wrote:
On Tue, Nov 11, 2008 at 9:31 AM, Amos Jeffries <[EMAIL PROTECTED]> wrote:
Ahh okay. "cache_peer 202.169.51.118" should be the web server IP as seen
from Squid (internal IP if squid is internal, external IP if squid is
external, localhost maybe if squid is on same
zhang yikai wrote:
> 10.0.2.110 is the machine run squid and dansguardian, thank you for your
> reply.
> - Original Message -
> From: "Henrik Nordstrom" <[EMAIL PROTECTED]>
> To: "zhang yikai" <[EMAIL PROTECTED]>
> Cc: "Amos Jeffries" <[EMAIL PROTECTED]>; "Kinkie" <[EMAIL PROTECTED]>;
>
how to put IP group
like acl chatting url_regex -i "/etc/squid/domain.txt"
for domain list
how about client ip ?
i mean like this :
acl full src 192.168.1.1
acl full src 192.168.1.5
acl chatonly src 192.168.1.3
put on one file like full.txt and chat.txt
so the squid.conf is more simple
--
-=-
Dansguardian is alone the same lines of ufdbguard, configurable etc, you
can bolt in av scanning of files, as well as setting strict policies,
you can also rewrite urls (i.e. automatically turning google safe search
on) It has a few more features, that same blacklist applies.
Client > Dansguardian
-- Forwarded message --
From: a bv <[EMAIL PROTECTED]>
Date: 2008/11/11
Subject: Re: [squid-users] URL Filtering for Squid
To: Alex Huxham <[EMAIL PROTECTED]>
Thanks, I may test /use in on an Redhatware (redhat,fedora,Centos
etc). And also what about Dansguardian? What is its posi
56 matches
Mail list logo
