Hi,
I try to setup squid on wccp redirection with a Cisco ASA firewall:
- squid :
Squid Cache: Version 3.1.20
configure options: --enable-ltdl-convenience
- CIsco ASA 8.2.2
My problem is with a assymettric path, the redirect was made by the
ASA and the squid receive the SYN packet on the
Hey all,
Just curious about what size your user base is compared to how many
children processes you have for ntlm authentication. We found with
1000-1500 users that 30 children was no enough, resulting in cache.log
queue warnings. So what combination have you found reasonable?
Thankyou.
--
Rega
Hello List,
i am using a perl script for ACL like this:
external_acl_type ldap_surfer negative_ttl=60 ttl=60 children=200
%DST %SRC /etc/squid/ldap_default_allow.pl
acl ldap_users external ldap_surfer
http_access allow ldap_users
However, after a squid upgrade from squid-3.1.0.14 to squid-3.1.1
On 9/07/2012 9:32 p.m., ml ml wrote:
Hello List,
i am using a perl script for ACL like this:
external_acl_type ldap_surfer negative_ttl=60 ttl=60 children=200
%DST %SRC /etc/squid/ldap_default_allow.pl
acl ldap_users external ldap_surfer
http_access allow ldap_users
However, after a squid upg
On 9/07/2012 9:13 p.m., Jason Leschnik wrote:
Hey all,
Just curious about what size your user base is compared to how many
children processes you have for ntlm authentication. We found with
1000-1500 users that 30 children was no enough, resulting in cache.log
queue warnings. So what combination
On 9/07/2012 8:52 p.m., Abdessamad BARAKAT wrote:
Hi,
I try to setup squid on wccp redirection with a Cisco ASA firewall:
- squid :
Squid Cache: Version 3.1.20
configure options: --enable-ltdl-convenience
- CIsco ASA 8.2.2
My problem is with a assymettric path, the redirect was made by
Thanks for the reply :)
I did some basic math on the cache.log and came up with about 80
helpers we need. I will monitor both the cache.log + the general user
experience to see if this improves the situation.
Will report back with how it pans out... Again, thanks!
-Jason
On Mon, Jul 9, 2012 at
On 9/07/2012 11:50 p.m., Jason Leschnik wrote:
Thanks for the reply :)
I did some basic math on the cache.log and came up with about 80
helpers we need. I will monitor both the cache.log + the general user
experience to see if this improves the situation.
In the cache manager repots there is a
#!/bin/bash
REFRESH=5
while [ 1 ]
do
/usr/sbin/squidclient mgr:ntlmauthenticator | tail -n +20 | head -n 39
sleep ${REFRESH}
clear
done
I quickly knocked up this so i can monitor it tomorrow at work :D thanks
On Mon, Jul 9, 2012 at 10:02 PM, Amos Jeffries wrote:
> On 9/
In fact on the wiki
(http://wiki.squid-cache.org/ConfigExamples/Intercept/CiscoAsaWccp2),
there is this :
Very important passage from the Cisco-Manual
"The only topology that the security appliance supports is when
client and cache engine are behind the same interface of the security
appliance a
Hi,
We are running squid since long time and it is working fine.Now days, we
migrated squid for RHEL 6 to use qos_flow DSCP marking parameter.
For testing purpose at lab, we deploy two squid box, one with rhel rpm (
Version 3.1.19 ) and on second box with squid source compilation (
Version 3
On 7/9/2012 7:00 AM, Ming-Ching Tiew wrote:
- Original Message -
for i in /proc/sys/net/ipv4/conf/*/rp_filter ; do
echo 2 > $i
done
Really strange. I have never able to get tproxy to work unless I switch the
rp_filter to 0.
When rp_filter is 2, I could sniff the traffic, but som
On Mon, 2012-07-09 at 18:22 +0530, Ben wrote:
> We are running squid since long time and it is working fine.Now days, we
> migrated squid for RHEL 6 to use qos_flow DSCP marking parameter.
>
> For testing purpose at lab, we deploy two squid box, one with rhel rpm (
> Version 3.1.19 ) and on seco
Hi Amos,
I was wondering if there is a documentation for the fields reported by
CacheManager. I was looking at the objects report and I assumed, 'File
0X' means that the hex code is a hash of the file and 'GET
http://www.iana.org/domains/example/' means that the original
requester issued a
Hello,
I have been trying to get WCCPv2 and Ubuntu to talk now for about 2 days
and its driving be nutz! The GRE tunnel is established with my Cisco router
and Im revieving TCP port 80 requsest over it, but when tailing the message
log I never see anything in there. I confirned I was getting the
On 07/09/2012 02:18 AM, Alan wrote:
A quick search suggest that you are using some kernel security crap, I
don't know much about it but try this:
echo 0 > /proc/sys/kernel/yama/ptrace_scope
Or simply start squid from gdb instead of attaching to the existing process.
Alan,
I believe I stumbled
On 10.07.2012 00:44, Abdessamad BARAKAT wrote:
In fact on the wiki
(http://wiki.squid-cache.org/ConfigExamples/Intercept/CiscoAsaWccp2),
there is this :
Very important passage from the Cisco-Manual
"The only topology that the security appliance supports is when
client and cache engine are behi
On 10.07.2012 00:58, Muhammed Shehata wrote:
Hi All,
hope you all are doing well
actually I followed the replies on squid users-mail-list about
sslbump issues with showing up some websites inline without images or
css style sheet
like https://gmail.com and https://facebook.com
I do use
Also, here are the IPTABLES running:
root@dude-AOA150:~# iptables-save
# Generated by iptables-save v1.4.12 on Mon Jul 9 17:32:27 2012
*nat
:PREROUTING ACCEPT [50:8040]
:INPUT ACCEPT [50:8040]
:OUTPUT ACCEPT [39:2423]
:POSTROUTING ACCEPT [0:0]
-A PREROUTING -i wccp0 -p tcp -m tcp --dport 80 -j RE
On 10.07.2012 09:58, Will Roberts wrote:
On 07/09/2012 02:18 AM, Alan wrote:
A quick search suggest that you are using some kernel security crap,
I
don't know much about it but try this:
echo 0 > /proc/sys/kernel/yama/ptrace_scope
Or simply start squid from gdb instead of attaching to the exist
On 10.07.2012 07:32, Abhishek Chanda wrote:
Hi Amos,
I was wondering if there is a documentation for the fields reported
by
CacheManager. I was looking at the objects report and I assumed,
'File
0X' means that the hex code is a hash of the file and 'GET
http://www.iana.org/domains/exa
Hi.
Has anyone successfully used squid, and the squid_session helper in
order to force users of the proxy server to see a webpage (be
redirected to it) at the beginning of each session?
After spending weeks trying to get this to work, I was finally
successful using squid version 3.1.10 on CentOS.
On 10.07.2012 13:18, Jack Black wrote:
Hi.
Has anyone successfully used squid, and the squid_session helper in
order to force users of the proxy server to see a webpage (be
redirected to it) at the beginning of each session?
Yes, many.
After spending weeks trying to get this to work, I was
Seems to have done the trick, also needed to increase the number of
file descriptors to handle the extra helpers.
At peak load now using 33 (30 was our Default), what i can only assume
has something to do with problems related to queuing theory and
exponential wait times occurred due to this.
Hop
On Mon, Jul 9, 2012 at 7:48 PM, Amos Jeffries wrote:
> On 10.07.2012 13:18, Jack Black wrote:
>>
>> Hi.
>>
>> Has anyone successfully used squid, and the squid_session helper in
>> order to force users of the proxy server to see a webpage (be
>> redirected to it) at the beginning of each session?
On 10.07.2012 15:12, Jack Black wrote:
On Mon, Jul 9, 2012 at 7:48 PM, Amos Jeffries wrote:
On 10.07.2012 13:18, Jack Black wrote:
Hi.
Has anyone successfully used squid, and the squid_session helper in
order to force users of the proxy server to see a webpage (be
redirected to it) at the beg
Dears,
hope you all are doing well
actually I was following the replies on squid users-mail-list about sslbump
issues with showing up some websites inline without images or css style sheet
like https://gmail.com and https://facebook.com as I have same issue in
version squid 3.1.19, I know th
27 matches
Mail list logo