Hi Amos,
We are also having trouble in accessing share point site which uses NTLM
authentication.
We have configured squid with NTLM scheme. Whether the below fix
(pipeline_prefetch on ) works for the squid which is configured with
NTLM proxy authentication.
Thanks
Senthil
Amos Jeffries wr
On Tue, 1 Feb 2011 08:26:48 -0800, Qvalpro Solutions
wrote:
> Hi Amos,
>
> But, I am running the squid proxy from the administrator login of the
> Windows server. Please let me know if there could be some other
> problem.
>
> Thanks,
> KB.
>
This would be the point where you need to search for
On Tue, 01 Feb 2011 16:34:44 +, "Gonzalo Morera"
wrote:
> Thanks a lot Amos
>
> I really appreciate the time you spent to explain the issue. Now i see
> where my error was and i understand better how squid process the rules.
> Great learning experience.
>
> Thanks
>
> Gonzalo
>
>>
>
>
On Tue, 1 Feb 2011 20:25:42 +0530, Saurabh Agarwal
wrote:
> It works now! I followed the code and then turned "off
pipeline_prefetch".
> In code there was this check which was setting no_connection_auth flag
to
> 1.
>
> if (Config.onoff.pipeline_prefetch)
> request->flags.no_connection_auth =
On Tue, 01 Feb 2011 14:31:02 +0100, Jack Falworth
wrote:
> On 31.01.2011 23:53, Amos Jeffries wrote:
>> On Mon, 31 Jan 2011 10:57:57 +0100, "Jack Falworth"
>> wrote:
>>> Hi squid-users,
>>>
>>> I have a question regarding the TCP send/receive buffer size Squid
uses.
>>> For my high-performance set
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi Amos,
On 31/01/2011 14:04, Amos Jeffries wrote:
> If you can get a hold of a 3.1.10 you may enjoy it more.
> We had a small audit of the NTLM and Kerberos handling with performance
> bug fixes leading up to that release.
Ok, I'll update to 3.1.10.
Thanks a lot Amos
I really appreciate the time you spent to explain the issue. Now i see where my
error was and i understand better how squid process the rules. Great learning
experience.
Thanks
Gonzalo
>>> Amos Jeffries 1/2/2011 11:51 AM >>>
On 01/02/11 21:50, Gonzalo Morera wrote:
> T
Hi Amos,
But, I am running the squid proxy from the administrator login of the
Windows server. Please let me know if there could be some other
problem.
Thanks,
KB.
On Mon, Jan 31, 2011 at 10:23 PM, Amos Jeffries wrote:
> On 01/02/11 16:28, Qvalpro Solutions wrote:
>>
>> Hi Amos,
>>
>> Thanks fo
Hi Amos
Thank you for your help
I removed the to_all from_all as suggested by pandu, it's working.
On 02/01/2011 01:56 PM, Amos Jeffries wrote:
>> is not matching in this case, because the domain resolving did not
>> return an ip address. so the request is still the domain name and squid
>> is co
On 02/01/2011 01:35 PM, Pandu Poluan wrote:
> Any reason for "from_all to_all"?
> Why not just:
> http_access allow within_timeframe_rule1
wow. ok, now i feel stupid :)
well. this is because the rules are dynamically created by a template
engine.
but it should be possible to remove these. it work
It works now! I followed the code and then turned "off pipeline_prefetch". In
code there was this check which was setting no_connection_auth flag to 1.
if (Config.onoff.pipeline_prefetch)
request->flags.no_connection_auth = 1;
I don't understand it completely but I can move forward. Thank Yo
On 01/02/2011, at 8:39 AM, Amos Jeffries wrote:
> On Mon, 31 Jan 2011 16:20:45 +1030, Michael Hendrie
>
> wrote:
>> Hello List,
>>
>> I need to use a version with connection pinning and was hoping to use
>> 3.1.10 but I've run into a problem using a cache_peer that requires NTLM
>> authenticati
On 31.01.2011 23:53, Amos Jeffries wrote:
On Mon, 31 Jan 2011 10:57:57 +0100, "Jack Falworth"
wrote:
Hi squid-users,
I have a question regarding the TCP send/receive buffer size Squid uses.
For my high-performance setup I increased both buffer sizes on my Ubuntu
10.04 system. Unfortunately I fo
On 02/02/11 02:10, Alberto Cappadonia wrote:
Hi all,
I've a question about acl usage.
Is this legal?
No.
acl pippo scr 10.0.0.1
acl pippo port 80
http_access allow pippo
How does squid interpret the above directives?
Startup fails reporting "FATAL: bungled "... something about ACL typ
On 02/02/11 01:27, Pandu Poluan wrote:
On Tue, Feb 1, 2011 at 18:15, Amos Jeffries wrote:
On 01/02/11 19:58, Pandu Poluan wrote:
On Tue, Feb 1, 2011 at 13:36, Amos Jeffries wrote:
On 01/02/11 16:29, Pandu Poluan wrote:
Hello,
I want to configure SQUID as a transparent proxy, but on a sepa
Hi all,
I've a question about acl usage.
Is this legal?
acl pippo scr 10.0.0.1
acl pippo port 80
http_access allow pippo
How does squid interpret the above directives?
Thanks in advance,
Alberto
On 02/02/11 00:43, Saurabh Agarwal wrote:
Looks like we are making progress. Yeah there is a condition in the code client_side.c
that relates to when "WWW-Authenticate" header is being deleted. Condition
checks for no_connection_auth flag in the request.
This is the code. It checks if there is
On 02/02/11 00:26, Peter Warasin wrote:
Hi squids
Anyone ready for helping me? Have a quite funny problem.
I have a more or less complex configuration, so i cut it down to the
interesting part.
Basically it is a sandwich configuration
squid -> content filters -> squid
which normally is worki
On Tue, Feb 1, 2011 at 18:26, Peter Warasin wrote:
> Hi squids
>
> Anyone ready for helping me? Have a quite funny problem.
>
> I have a more or less complex configuration, so i cut it down to the
> interesting part.
>
> Basically it is a sandwich configuration
> squid -> content filters -> squid
On Tue, Feb 1, 2011 at 18:15, Amos Jeffries wrote:
> On 01/02/11 19:58, Pandu Poluan wrote:
>>
>> On Tue, Feb 1, 2011 at 13:36, Amos Jeffries wrote:
>>>
>>> On 01/02/11 16:29, Pandu Poluan wrote:
Hello,
I want to configure SQUID as a transparent proxy, but on a separate
b
On 02/02/11 00:00, Helmut Hullen wrote:
Hallo, squid-users,
I'm just trying squid-3.1.10-20110110, especially the smb
authentification.
The error with the hard coded samba directory seems to be cured, but the
is still another bug; I'm investigating.
By searching I found
a)
path_to_sour
Hallo, squid-users,
I'm testing squid-3.1.0-20110131.
I'm trying authentification. When authentification (ncsa or smb) fails
then "errors/errorpage.css" ("/etc/squid/errorage.css") seems to be
invoked.
And in this *.css the address of the background picture (SN.png) leads
to the "www.squid-
Looks like we are making progress. Yeah there is a condition in the code
client_side.c that relates to when "WWW-Authenticate" header is being deleted.
Condition checks for no_connection_auth flag in the request.
This is the code. It checks if there is no_connection_auth in incoming request
the
Hi squids
Anyone ready for helping me? Have a quite funny problem.
I have a more or less complex configuration, so i cut it down to the
interesting part.
Basically it is a sandwich configuration
squid -> content filters -> squid
which normally is working well.
However, if you try to access an *
Hallo, squid-users,
I'm just trying squid-3.1.10-20110110, especially the smb
authentification.
The error with the hard coded samba directory seems to be cured, but the
is still another bug; I'm investigating.
By searching I found
a)
path_to_source/helpers/basic_auth/SMB/README
and i
On 01/02/11 23:57, Saurabh Agarwal wrote:
Thanks Amos. Yeah they were cut and paste errors. Other than that I have tried
using http11 with http_port and ignore_expect and it still doesn't work.
I think this is by design in Squid. Following code in "client_side.c" suggests that it
will always f
On 01/02/11 22:04, John Treen wrote:
Hi Amos,
I have compared the headers between the 2.6.STABLE5 and 3.1.10 and have
found the following:
* added Mime-Version: 1.0
* added Vary: Accept-Language
* added Content-Language: en
* changed Proxy-Connection: keep-alive to Connection: keep-alive
Hmm,
Thanks Amos. Yeah they were cut and paste errors. Other than that I have tried
using http11 with http_port and ignore_expect and it still doesn't work.
I think this is by design in Squid. Following code in "client_side.c" suggests
that it will always filter the "WWW-Authenticate" header from HTT
On 01/02/11 21:50, Gonzalo Morera wrote:
Thanks Amos
I'm pretty new to squid and trying to catch up as fast as i can but still some
of your statement are difficult for me to understand.
What i posted are all the http rules i've got. Everything works fine, except
for this little issue with t
On 01/02/11 21:48, Giles Coochey wrote:
On 01/02/2011 07:36, Amos Jeffries wrote:
The whole of section 6.1 is a major security vulnerability "don't do
it!" situation. Read CVE-2009-0801 for an explanation of what malware
can do to trivially spread themselves across your whole client base.
The
On 01/02/11 21:29, Saurabh Agarwal wrote:
Hi Amos
I am using squid.2.7.STABLE7. Following is my configuration. I want to allow
everything.
http_port 192.168.11.35:3128 transparent
acl from_localhost src 192.168.11.35
http_port 10.102.79.82:3128 transparent
acl from_localhost src 10.102.79.8
Hi Amos,
I have compared the headers between the 2.6.STABLE5 and 3.1.10 and have
found the following:
* added Mime-Version: 1.0
* added Vary: Accept-Language
* added Content-Language: en
* changed Proxy-Connection: keep-alive to Connection: keep-alive
After having a quick look with Wireshark (
Thanks Amos
I'm pretty new to squid and trying to catch up as fast as i can but still some
of your statement are difficult for me to understand.
What i posted are all the http rules i've got. Everything works fine, except
for this little issue with the IPUser.
When a user with novell client tr
On 01/02/2011 07:36, Amos Jeffries wrote:
The whole of section 6.1 is a major security vulnerability "don't do
it!" situation. Read CVE-2009-0801 for an explanation of what malware
can do to trivially spread themselves across your whole client base.
The currently available Squid do permit it
Hi Amos
I am using squid.2.7.STABLE7. Following is my configuration. I want to allow
everything.
http_port 192.168.11.35:3128 transparent
acl from_localhost src 192.168.11.35
http_port 10.102.79.82:3128 transparent
acl from_localhost src 10.102.79.82
http_port 10.102.79.82:3128 transparent
acl f
35 matches
Mail list logo