Daniel Iversen wrote:
Hi there..
I have a seemingly simple requirement that I can't get working in
Squid (2.7 on Windows), and that is to be able to use a a Squid setup
as a proxy server (with aggressive caching) behind another closed-off
corporate proxy server (not squid necessarily) for all In
On Wed, Jan 13, 2010 at 12:14 AM, Matt Richards wrote:
> Hello,
>
> I currently have a squid proxy setup and running with AD authentication and
> SSO.
>
> My question is ... is it possiable to have squid only attempt to authenticate
> via kerberos for machines that are a
> member of the AD domai
Hi Mike,
you have to connect to the LDAP server on port 3268 instead of the default
port 389 (-h) and change the basedn where to search for the accounts (-b)
to "dc=domain,dc=com".
It should look like:
auth_param basic program /usr/lib64/squid/squid_ldap_auth -R -b
"dc=domain,dc=com" -D "cn=-LDA
forgot to cc the list...
Hi
> Perhaps you can use a domain-trust between a.domain.com and b.domain.com?
>
There is a trust between the two domains, but the OU structure is
different. a.domain.com has
OU=Sections
OU=Department
OU=Office Location
OU=Organisation Name
and the users in the differ
Hi there..
I have a seemingly simple requirement that I can't get working in
Squid (2.7 on Windows), and that is to be able to use a a Squid setup
as a proxy server (with aggressive caching) behind another closed-off
corporate proxy server (not squid necessarily) for all Internet HTTP
access going
Dave T wrote:
On Mon, Jan 11, 2010 at 6:50 PM, Amos Jeffries wrote:
Dave T wrote:
NP: you probably want icp_access to be limited to local LAN same as
http_access is above.
Amos
--
Thanks for the detailed feedback. I'm not sure how I should apply your
suggestions because my Squid proxy server
Hello,
I currently have a squid proxy setup and running with AD authentication and SSO.
My question is ... is it possiable to have squid only attempt to authenticate
via kerberos for machines that are a
member of the AD domain?
If needed I can write a script that queries the AD LDAP database
Linda Walsh wrote:
Amos Jeffries wrote:
Linda Walsh wrote:
I'm getting an error that 'AIO' isn't found (I'm specifying
aio on the command line as I have libaio installed.
Exactly what ./configure command line?
configure --enable-disk-io="AIO,Blocking,DiskDaemon,DiskThreads"
--enable-async-
Roland Roland wrote:
i have the following config set to allow msn messenger to connect
through my squid.
acl msnport port 1863
http_access allow connect msnport
http_access allow msnport
i have a security breach where one of the users may be using port 1863
to reach a paid proxy that he acq
Can you check with an ldap query (e.g. with ldapadmin from sourceforge) or
search with a filter "(serviceprincipalname=HTTP/f...@realm)" if you have
duplicate entries ?
This kinit -k -t /etc/squid/squid.keytab HTTP/f...@realm.kerberos will only
work if the userprincipal name is HTTP/f...@rea
Chris Robertson wrote:
Drew Wrobel wrote:
Date: Fri, 8 Jan 2010 12:23:11 -0900
From: crobert...@gci.net
To: squid-users@squid-cache.org
Subject: Re: [squid-users] Apache 301 redirects working with squid
Drew Wrobel wrote:
I have the redirects working with squid and apache.
Of course now I
Sorry I didn't have the time yet to do it. I think the samba auth handle
can do both already.
Markus
"Malte Schröder" wrote in message
news:2010010603.24ad8...@cp772381.eur.corp.vattenfall.com...
Hello,
was there any progress on this topic? Applications which mess up
Negotiate keep popp
On Fri, Jan 8, 2010 at 3:35 AM, Alexandros Engelen wrote:
> Hello,
>
> I have a squid box between the router (connectec to Internet) and the
> "final" firewall which is a Checkpoint UTM270 model. The Squid proxy is
> successfully running as a transparent proxy-router (using IPTables) for the
> in
On Tue, Jan 12, 2010 at 2:12 PM, Mike Barnard wrote:
> Hi,
>
> I am wondering whether its possible to have proxy auth work with two
> different OU and two DC entries.
>
> I have two domains a.domain.com and b.domain.com, each with different
> users. I need to have users from each domain authentica
Drew Wrobel wrote:
Date: Fri, 8 Jan 2010 12:23:11 -0900
From: crobert...@gci.net
To: squid-users@squid-cache.org
Subject: Re: [squid-users] Apache 301 redirects working with squid
Drew Wrobel wrote:
I have the redirects working with squid and apache.
Of course now I have a new wrinkle.
H
Eduardo Maia wrote:
Hello,
I'm testing squid-3.1.0.15 on a mandriva 2009 clone 64 bits. It seems
the squid can not see the "X-Forwarded-For" header correctly.
All logs have the correct IP (x-forwarded), but the function
authenticateAuthUserAddIp doesn't see the forwarded IP:
/var/log/squid
On Mon, Jan 11, 2010 at 6:50 PM, Amos Jeffries wrote:
> Dave T wrote:
> NP: you probably want icp_access to be limited to local LAN same as
> http_access is above.
> Amos
> --
Thanks for the detailed feedback. I'm not sure how I should apply your
suggestions because my Squid proxy server is not o
Ops.. that's too much.
I have severeal squids, and I must keep the log from one month and
it's a lot of space. I was thinking about something like btrfs to
store them.
"Kelly, Jack" escribió:
Logical, but part of the requirements of this project call for me to
keep the logfiles uncompres
Logical, but part of the requirements of this project call for me to keep the
logfiles uncompressed while we store them.
-Original Message-
From: Guido Marino Lorenzutti [mailto:glorenzu...@jusbaires.gov.ar]
Sent: Tuesday, January 12, 2010 11:32 AM
To: Kelly, Jack
Cc: squid-users@squid-c
Hello,
I'm testing squid-3.1.0.15 on a mandriva 2009 clone 64 bits. It seems
the squid can not see the "X-Forwarded-For" header correctly.
All logs have the correct IP (x-forwarded), but the function
authenticateAuthUserAddIp doesn't see the forwarded IP:
/var/log/squid/cache.log:
2010/01/1
> Date: Fri, 8 Jan 2010 12:23:11 -0900
> From: crobert...@gci.net
> To: squid-users@squid-cache.org
> Subject: Re: [squid-users] Apache 301 redirects working with squid
>
> Drew Wrobel wrote:
>> I have the redirects working with squid and apache.
>>
>> Of course now I have a new wrinkle.
>>
>> He
Hello
I have still this problem with the memory leak on solaris, the server
has not crashed but since wednesday that i have restarted the proxy
server the size of squid process is between 600M and 800M.
I have read information over an alternative malloc library, most
specifically the multi-theaded
You should consider compress the logs...
My two cents... this is my logrotate config for squid.
/var/log/squid/*.log {
daily
compress
rotate 31
missingok
nocreate
sharedscripts
postrotate
test ! -e /var/run/squid.pid || /usr/
Hi everyone,
Incredibly dumb question, I'm almost embarrassed asking it.
My access.log only seems to store a day's worth of proxy traffic data.
Do I just need to add a squid3 -k rotate task to my crontab?
Also, when creating the VM to run Squid, I sized the disk to hold about
a month's worth of l
Hi,
I'm trying to get the squid helper squid_kerb_auth to work against our
Active Directory (win 2003 sp2).
I've compiled the latest squid version (squid-2.7.STABLE7)on CentOS 5.4
64 bit.
Squid Cache: Version 2.7.STABLE7
configure options: '--prefix=/usr/local/squid' '--disable-wccp'
'--disable
Honestly the easiest technical fix is to deny access at the firewall
or squid acl to the paid proxy site.
Best long term fix is an enforced security policy (I think I might be
too optimistic).
On Tue, Jan 12, 2010 at 6:56 AM, Roland Roland wrote:
> i have the following config set to allow msn me
Amos Jeffries wrote:
Linda W wrote:
If I missed this, please let me know, but I was wondering why
HTTP 1.1 wasn't on the list on the roadmap? I don't know all
the details, but compression and RANGES are two that could
speed up web usage for the average user.
Not sure which roadmap you are loo
Amos Jeffries wrote:
Linda Walsh wrote:
I'm getting an error that 'AIO' isn't found (I'm specifying
aio on the command line as I have libaio installed.
Exactly what ./configure command line?
configure --enable-disk-io="AIO,Blocking,DiskDaemon,DiskThreads" --enable-async-io=8
--enable-storei
Hi,
I am wondering whether its possible to have proxy auth work with two
different OU and two DC entries.
I have two domains a.domain.com and b.domain.com, each with different
users. I need to have users from each domain authenticate and access
the Internet via proxy_auth.
Currently, I have,
au
i have the following config set to allow msn messenger to connect
through my squid.
acl msnport port 1863
http_access allow connect msnport
http_access allow msnport
i have a security breach where one of the users may be using port 1863
to reach a paid proxy that he acquired.
is there a way
Nikolaos Pavlidis wrote:
Hello Amos,
I understand... I think... We are using Zope+Silva as our CMS, any
suggestions on that? Many thanks again.
Not a clue I'm afraid. Try contacting the Zope authors or user help.
(I would not ave a clue where those are either sorry).
Amos
--
Please be using
Richard Wall wrote:
On Sat, Jan 9, 2010 at 1:10 PM, Amos Jeffries wrote:
I would not worry about that. P2P apps which use port 80 usually have other
methods of connecting. Particularly their own dedicated protocol ports.
Leave those open and they work better.
The apps which do not use port 80
Hello Amos,
I understand... I think... We are using Zope+Silva as our CMS, any
suggestions on that? Many thanks again.
Kind regards,
Nik
On Tue, 2010-01-12 at 23:26 +1300, Amos Jeffries wrote:
> Nikolaos Pavlidis wrote:
> > Hello Amos,
> >
> > Many thanks for your reply first of all,
> >
> > O
Thanks Amos
Will give the latest stack a try of both ubuntu 9.1 and squid 3.1.
-Original Message-
From: Amos Jeffries [mailto:squ...@treenet.co.nz]
Sent: 12 January 2010 01:07 AM
To: squid-users@squid-cache.org
Subject: Re: [squid-users] RE: Squid Question?
Johann Terblanche wrote:
> H
Nikolaos Pavlidis wrote:
Hello Amos,
Many thanks for your reply first of all,
On Tue, 2010-01-12 at 12:10 +1300, Amos Jeffries wrote:
Nikolaos Pavlidis wrote:
Hello,
Many thanks for your response, I have added
to the template of the site (to be applied on all pages)
and I still get TCP_MI
On Sat, Jan 9, 2010 at 1:10 PM, Amos Jeffries wrote:
> I would not worry about that. P2P apps which use port 80 usually have other
> methods of connecting. Particularly their own dedicated protocol ports.
> Leave those open and they work better.
>
> The apps which do not use port 80 for HTTP prope
Linda Walsh wrote:
I'm getting an error that 'AIO' isn't found (I'm specifying
aio on the command line as I have libaio installed.
Exactly what ./configure command line?
If I leave enable-diskio blank, I don't know what I am getting, but
it fails on the storeio param next with "aufs" not fou
Hello Amos,
Many thanks for your reply first of all,
On Tue, 2010-01-12 at 12:10 +1300, Amos Jeffries wrote:
> Nikolaos Pavlidis wrote:
> > Hello,
> >
> > Many thanks for your response, I have added
> >
> > to the template of the site (to be applied on all pages)
> > and I still get TCP_MISS:F
38 matches
Mail list logo
