Moser, Stefan (SIDB) wrote:
Amos, Henrik,
http_access allow to_ipv6 !to_ipv6 did work, squid now seems to work as
required and can access both single (IPv4 or IPv6) and dual-stack (IPv4 and IPv6)
destinations.
I´m going to play with the configuration within the next days and post a
summary
About point 3, what config files I have to edit ?
-Messaggio originale-
Da: Amos Jeffries [mailto:squ...@treenet.co.nz]
Inviato: Tuesday, November 03, 2009 12:27 AM
A: Squid-Users@squid-cache.org
Oggetto: Re: [squid-users] jesred: regex
On Mon, 2 Nov 2009 15:19:42 +0100, Riccardo
Mikio Kishi wrote:
Hi, Amos
squid-3.0.STABLE18 is OK. but squid-3.1.0.14 ...
Could you fix that ?
Ah sure. Thanks for the reminder.
Applied to HEAD, should be added to 3.1 in a few days.
Amos
Sincerely,
--
Mikio Kishi
On Sun, Oct 18, 2009 at 3:52 AM, Mikio Kishi mki...@104.net wrote:
Hi Amos !
On Mon, Nov 2, 2009 at 11:26 PM, Amos Jeffries squ...@treenet.co.nz wrote:
You seem to have mixed up your view of the information passed versus the
actions taken and what virtual hosting actually does.
On Mon, 2 Nov 2009 21:22:33 +0100, Justo Alonso justo.alo...@gmail.com
wrote:
Henrik Hi,
Thanks for your reply.
external_acl_type session ttl=0 negative_ttl=0 children=10 concurrency=200
%SRC /usr/local/squid/libexec/squid_session -t 30
I assume the %SRC variable in the above string is what the session is based on.
Is there away to add some other uniqueness or variable
HI,
Does the acls work according to the first matching rule principle?
I want to allow only certain people to access certain hosts.
I wrote the acl
acl quant-srvs dstdomain /etc/pf-tables/quant-srvs
acl quant-admins srcdomain /etc/pf-tables/quant-admins
http_access allow quant-admins
Justo Alonso wrote:
Hi Amos !
On Mon, Nov 2, 2009 at 11:26 PM, Amos Jeffries squ...@treenet.co.nz wrote:
You seem to have mixed up your view of the information passed versus the
actions taken and what virtual hosting actually does.
On Mon, 2 Nov 2009 21:22:33 +0100, Justo Alonso
Siju George wrote:
HI,
Does the acls work according to the first matching rule principle?
Yes. top-down left-to-right within each *_access grouping.
I want to allow only certain people to access certain hosts.
I wrote the acl
acl quant-srvs dstdomain /etc/pf-tables/quant-srvs
acl
tis 2009-11-03 klockan 09:55 + skrev Adam Binks:
external_acl_type session ttl=0 negative_ttl=0 children=10 concurrency=200
%SRC /usr/local/squid/libexec/squid_session -t 30
I assume the %SRC variable in the above string is what the session is based
on.
Is there away to add some
On Tue, Nov 3, 2009 at 12:12 PM, Amos Jeffries squ...@treenet.co.nz wrote:
Justo Alonso wrote:
Hi Amos !
On Mon, Nov 2, 2009 at 11:26 PM, Amos Jeffries squ...@treenet.co.nz
wrote:
You seem to have mixed up your view of the information passed versus the
actions taken and what virtual
This is what I get when I put my tproxy iptables rules in:
-Original Message-
From: Henrik Nordstrom [mailto:hen...@henriknordstrom.net]
Sent: Monday, November 02, 2009 8:52 PM
To: Roth, Joe
Cc: Amos Jeffries; squid-users@squid-cache.org
Subject: RE: [squid-users] Squid + WCCP + TProxy
So I may have an iptables problem...
This is what I get in dmesg when I put in my iptables rules:
376.170216] ip_tables: (C) 2000-2006 Netfilter Core Team
[ 376.272658] NF_TPROXY: Transparent proxy support initialized, version 4.1.0
[ 376.272673] NF_TPROXY: Copyright (c) 2006-2007 BalaBit IT
Hi, Amos
Ah sure. Thanks for the reminder.
Applied to HEAD, should be added to 3.1 in a few days.
I'll be waiting !
And now, for something completely different, when would you release
3.1 STABLE ?
Do you have any plan ?
Sincerely,
--
Mikio Kishi
On Tue, Nov 3, 2009 at 6:34 PM, Amos
Ok... so would it be possible to also pass the %SRCPORT variable to
squid_session in addition to %SRC as this will probably be unique in
most cases ?
Thanks
Adam
-Original Message-
From: Henrik Nordstrom [mailto:hen...@henriknordstrom.net]
Sent: 03 November 2009 11:44
To: Adam Binks
Henrik Nordstrom hen...@henriknordstrom.net wrote in message
news:1257212761.2980.2.ca...@localhost.localdomain...
mån 2009-11-02 klockan 23:42 +1300 skrev Amos Jeffries:
IME, I think sending the correct realm or domain in the NTLM or
Negotiate auth headers may prevent clients attempting
Hi
I have my Server proxy under Squid work very well but in the last time the
users start to use anonymous proxy that allow users to connect to the
Internet via an external site and bypass restrictions , so if you know some
blocking tools under squid or linux to stop this big problem
i will be
Le mardi 3 novembre 2009 18:53:05, Montaque a écrit :
I use the squid 2.6 server as the acceleartion mode.
and override the default setting to eanble the caching of dynamic url
(those contains ?)
like http://www.example.com?a=123
I can see those content are cached via the accesslog,
On Nov 3, 2009, at 12:07 AM, Amos Jeffries wrote:
Ross Kovelman wrote:
From: Amos Jeffries squ...@treenet.co.nz
Date: Fri, 30 Oct 2009 14:08:23 +1300
Cc: squid-users@squid-cache.org squid-users@squid-cache.org
Subject: Re: [squid-users] WCCP
Ross Kovelman wrote:
From: Amos Jeffries
HI squids,
We have 2 squid server, one with load other with minimal (1-2 users). After
doing a -k reconfigure, the loaded server delays 40 seconds, but unloaded 2
seconds. Look:
Unloaded:
2009/11/03 19:01:14| Processing Configuration File: /etc/squid/squid.conf
(depth 0)
2009/11/03 19:01:14|
Hi,
This post is valid only for Italy.
If you have had connection errors with the software EMens ( released
by INPS) , connecting via squid 2.7, you should insert the parameter
ignore_expect_100 on in your squid.conf. The software works fine
with the previous squid versions.
Hope this can help !
tis 2009-11-03 klockan 13:12 + skrev Adam Binks:
Ok... so would it be possible to also pass the %SRCPORT variable to
squid_session in addition to %SRC as this will probably be unique in
most cases ?
You could, but that would be almost unique per request, still not
identifying an user.
Several scripts on my server respond differently based on whether or
not they are being accessed with a secure connection. I set up Squid
as an accelerator-cache (reverse proxy) in front of this server, and
all of a sudden these scripts don't detect the secure connection. I
assume Squid is
I use the squid 2.6 server as the acceleartion mode.
and override the default setting to eanble the caching of dynamic url (those
contains ?)
like http://www.example.com?a=123
I can see those content are cached via the accesslog, which says MEM_HIT.
after I try to purge those content
Because some openldap issues I'm moving to hoard as malloc replacement. I
wonder to know if squid will take advantage.
TIA
LD
tis 2009-11-03 klockan 18:58 +0100 skrev Sergio Marchi:
If you have had connection errors with the software EMens ( released
by INPS) , connecting via squid 2.7, you should insert the parameter
ignore_expect_100 on in your squid.conf. The software works fine
with the previous squid versions.
On Tue, Nov 3, 2009 at 1:16 PM, Brian Mearns bmea...@ieee.org wrote:
Several scripts on my server respond differently based on whether or
not they are being accessed with a secure connection. I set up Squid
as an accelerator-cache (reverse proxy) in front of this server, and
all of a sudden
tis 2009-11-03 klockan 19:44 + skrev Markus Moeller:
But how would that work if the guest uses his own machine e.g. Kerberos (no
ticket available) nor NTLM (no shared machine key available) can be used or
? and ISA (or squid) sends Negotiate as the first auth option ?
NTLM works
tis 2009-11-03 klockan 13:21 + skrev Markus Moeller:
Does anybody know how MS intends to deal with this (e.g. guests in a company
network) in a MS only environment with ISA proxy ?
Supposedly by having guest accounts in the Windows domain.
Regards
Henrik
Henrik Nordstrom hen...@henriknordstrom.net wrote in message
news:1257278257.20561.5.ca...@localhost.localdomain...
tis 2009-11-03 klockan 19:44 + skrev Markus Moeller:
But how would that work if the guest uses his own machine e.g. Kerberos
(no
ticket available) nor NTLM (no shared
tis 2009-11-03 klockan 07:43 -0800 skrev espoire20:
I have my Server proxy under Squid work very well but in the last time the
users start to use anonymous proxy that allow users to connect to the
Internet via an external site and bypass restrictions , so if you know some
blocking tools under
Does it appear that my iptables rules are in the correct order? I see packets
matching them. Possible my problem is with the ip rule or ip route? I am using
the standard ones from the wiki.
r...@indianwells:~# iptables -t mangle -L
Chain PREROUTING (policy ACCEPT)
target prot opt source
Hi,
I am considering using squid as to grant restricted access to a large set of
internal corporate applications.
I would like the access log to include the name of the ACL that matched (i.e.
the name of the application). logformat does not seem to have an option for
logging the ACL name or
Dear Sir,
As per your previous mail, I have filed a bug report and the link is
provided below,
http://bugs.squid-cache.org/show_bug.cgi?id=2805
I am still restarting the squid everyday to avoid Authentication
failed issue. Please help me in this.
I am looking forward to hear from you.
Thanks
From: Robert Szabo
Sent: Tuesday, November 03, 2009 10:46 PM
To: squid-users@squid-cache.org
Subject: Icap Reqmod
Hi all,
I am attempting to use the icap client interface to perform url redirects. I
have done this using my icap server connecting to several commercial gateway
boxes without
Evan Champion wrote:
Hi,
I am considering using squid as to grant restricted access to a large set of
internal corporate applications.
I would like the access log to include the name of the ACL that matched (i.e.
the name of the application). logformat does not seem to have an option for
On Tue, Nov 3, 2009 at 9:13 PM, espoire20 zakariase2...@yahoo.fr wrote:
Hi
I have my Server proxy under Squid work very well but in the last time the
users start to use anonymous proxy that allow users to connect to the
Internet via an external site and bypass restrictions , so if you know
Luis Daniel Lucio Quiroz wrote:
HI squids,
We have 2 squid server, one with load other with minimal (1-2 users). After
doing a -k reconfigure, the loaded server delays 40 seconds, but unloaded 2
seconds. Look:
Unloaded:
2009/11/03 19:01:14| Processing Configuration File:
Luis Daniel Lucio Quiroz wrote:
Because some openldap issues I'm moving to hoard as malloc replacement. I
wonder to know if squid will take advantage.
TIA
LD
Only if squid is built against a library Hoard provides.
Squid by default will use its own memory pooling mechanism backed by
On Tue, Nov 3, 2009 at 4:50 PM, Amos Jeffries squ...@treenet.co.nz wrote:
it still seems to block quant-admins from accessing quant-srvs
Then the visitors rDNS domain names is not matching the listed
quant-admins domains.
I didnt get you :-(
There is nothing more we can offer without
Robert Szabo wrote:
From: Robert Szabo
Sent: Tuesday, November 03, 2009 10:46 PM
To: squid-users@squid-cache.org
Subject: Icap Reqmod
Hi all,
I am attempting to use the icap client interface to perform url redirects. I
have done this using my icap server connecting to several commercial
Siju George wrote:
On Tue, Nov 3, 2009 at 4:50 PM, Amos Jeffries squ...@treenet.co.nz wrote:
it still seems to block quant-admins from accessing quant-srvs
Then the visitors rDNS domain names is not matching the listed
quant-admins domains.
I didnt get you :-(
Read your earlier
Mikio Kishi wrote:
Hi, Amos
Ah sure. Thanks for the reminder.
Applied to HEAD, should be added to 3.1 in a few days.
I'll be waiting !
Ported. 'twill be in the next snapshot.
And now, for something completely different, when would you release
3.1 STABLE ?
Do you have any plan ?
No set
42 matches
Mail list logo
