On Mon, Jul 9, 2012 at 12:24 PM, Will Roberts ironwil...@gmail.com wrote:
On 06/17/2012 08:08 PM, Will Roberts wrote:
strace is producing no output. Infinite loop without syscalls?
I also tried attaching with gdb, but even as root I'm getting ptrace:
Operation not permitted. Any ideas on
Hi,
I try to setup squid on wccp redirection with a Cisco ASA firewall:
- squid :
Squid Cache: Version 3.1.20
configure options: --enable-ltdl-convenience
- CIsco ASA 8.2.2
My problem is with a assymettric path, the redirect was made by the
ASA and the squid receive the SYN packet on the
Hey all,
Just curious about what size your user base is compared to how many
children processes you have for ntlm authentication. We found with
1000-1500 users that 30 children was no enough, resulting in cache.log
queue warnings. So what combination have you found reasonable?
Thankyou.
--
Hello List,
i am using a perl script for ACL like this:
external_acl_type ldap_surfer negative_ttl=60 ttl=60 children=200
%DST %SRC /etc/squid/ldap_default_allow.pl
acl ldap_users external ldap_surfer
http_access allow ldap_users
However, after a squid upgrade from squid-3.1.0.14 to
On 9/07/2012 9:32 p.m., ml ml wrote:
Hello List,
i am using a perl script for ACL like this:
external_acl_type ldap_surfer negative_ttl=60 ttl=60 children=200
%DST %SRC /etc/squid/ldap_default_allow.pl
acl ldap_users external ldap_surfer
http_access allow ldap_users
However, after a squid
On 9/07/2012 9:13 p.m., Jason Leschnik wrote:
Hey all,
Just curious about what size your user base is compared to how many
children processes you have for ntlm authentication. We found with
1000-1500 users that 30 children was no enough, resulting in cache.log
queue warnings. So what
On 9/07/2012 8:52 p.m., Abdessamad BARAKAT wrote:
Hi,
I try to setup squid on wccp redirection with a Cisco ASA firewall:
- squid :
Squid Cache: Version 3.1.20
configure options: --enable-ltdl-convenience
- CIsco ASA 8.2.2
My problem is with a assymettric path, the redirect was made by
Thanks for the reply :)
I did some basic math on the cache.log and came up with about 80
helpers we need. I will monitor both the cache.log + the general user
experience to see if this improves the situation.
Will report back with how it pans out... Again, thanks!
-Jason
On Mon, Jul 9, 2012
On 9/07/2012 11:50 p.m., Jason Leschnik wrote:
Thanks for the reply :)
I did some basic math on the cache.log and came up with about 80
helpers we need. I will monitor both the cache.log + the general user
experience to see if this improves the situation.
In the cache manager repots there is
#!/bin/bash
REFRESH=5
while [ 1 ]
do
/usr/sbin/squidclient mgr:ntlmauthenticator | tail -n +20 | head -n 39
sleep ${REFRESH}
clear
done
I quickly knocked up this so i can monitor it tomorrow at work :D thanks
On Mon, Jul 9, 2012 at 10:02 PM, Amos Jeffries
In fact on the wiki
(http://wiki.squid-cache.org/ConfigExamples/Intercept/CiscoAsaWccp2),
there is this :
Very important passage from the Cisco-Manual
The only topology that the security appliance supports is when
client and cache engine are behind the same interface of the security
appliance
Hi,
We are running squid since long time and it is working fine.Now days, we
migrated squid for RHEL 6 to use qos_flow DSCP marking parameter.
For testing purpose at lab, we deploy two squid box, one with rhel rpm (
Version 3.1.19 ) and on second box with squid source compilation (
Version
On 7/9/2012 7:00 AM, Ming-Ching Tiew wrote:
- Original Message -
for i in /proc/sys/net/ipv4/conf/*/rp_filter ; do
echo 2 $i
done
Really strange. I have never able to get tproxy to work unless I switch the
rp_filter to 0.
When rp_filter is 2, I could sniff the traffic, but
On Mon, 2012-07-09 at 18:22 +0530, Ben wrote:
We are running squid since long time and it is working fine.Now days, we
migrated squid for RHEL 6 to use qos_flow DSCP marking parameter.
For testing purpose at lab, we deploy two squid box, one with rhel rpm (
Version 3.1.19 ) and on second
Hi Amos,
I was wondering if there is a documentation for the fields reported by
CacheManager. I was looking at the objects report and I assumed, 'File
0X' means that the hex code is a hash of the file and 'GET
http://www.iana.org/domains/example/' means that the original
requester issued
Hello,
I have been trying to get WCCPv2 and Ubuntu to talk now for about 2 days
and its driving be nutz! The GRE tunnel is established with my Cisco router
and Im revieving TCP port 80 requsest over it, but when tailing the message
log I never see anything in there. I confirned I was getting the
On 07/09/2012 02:18 AM, Alan wrote:
A quick search suggest that you are using some kernel security crap, I
don't know much about it but try this:
echo 0 /proc/sys/kernel/yama/ptrace_scope
Or simply start squid from gdb instead of attaching to the existing process.
Alan,
I believe I stumbled
On 10.07.2012 00:44, Abdessamad BARAKAT wrote:
In fact on the wiki
(http://wiki.squid-cache.org/ConfigExamples/Intercept/CiscoAsaWccp2),
there is this :
Very important passage from the Cisco-Manual
The only topology that the security appliance supports is when
client and cache engine are
On 10.07.2012 00:58, Muhammed Shehata wrote:
Hi All,
hope you all are doing well
actually I followed the replies on squid users-mail-list about
sslbump issues with showing up some websites inline without images or
css style sheet
like https://gmail.com and https://facebook.com
I do
Also, here are the IPTABLES running:
root@dude-AOA150:~# iptables-save
# Generated by iptables-save v1.4.12 on Mon Jul 9 17:32:27 2012
*nat
:PREROUTING ACCEPT [50:8040]
:INPUT ACCEPT [50:8040]
:OUTPUT ACCEPT [39:2423]
:POSTROUTING ACCEPT [0:0]
-A PREROUTING -i wccp0 -p tcp -m tcp --dport 80 -j
On 10.07.2012 09:58, Will Roberts wrote:
On 07/09/2012 02:18 AM, Alan wrote:
A quick search suggest that you are using some kernel security crap,
I
don't know much about it but try this:
echo 0 /proc/sys/kernel/yama/ptrace_scope
Or simply start squid from gdb instead of attaching to the
On 10.07.2012 07:32, Abhishek Chanda wrote:
Hi Amos,
I was wondering if there is a documentation for the fields reported
by
CacheManager. I was looking at the objects report and I assumed,
'File
0X' means that the hex code is a hash of the file and 'GET
Hi.
Has anyone successfully used squid, and the squid_session helper in
order to force users of the proxy server to see a webpage (be
redirected to it) at the beginning of each session?
After spending weeks trying to get this to work, I was finally
successful using squid version 3.1.10 on
On 10.07.2012 13:18, Jack Black wrote:
Hi.
Has anyone successfully used squid, and the squid_session helper in
order to force users of the proxy server to see a webpage (be
redirected to it) at the beginning of each session?
Yes, many.
After spending weeks trying to get this to work, I was
Seems to have done the trick, also needed to increase the number of
file descriptors to handle the extra helpers.
At peak load now using 33 (30 was our Default), what i can only assume
has something to do with problems related to queuing theory and
exponential wait times occurred due to this.
On Mon, Jul 9, 2012 at 7:48 PM, Amos Jeffries squ...@treenet.co.nz wrote:
On 10.07.2012 13:18, Jack Black wrote:
Hi.
Has anyone successfully used squid, and the squid_session helper in
order to force users of the proxy server to see a webpage (be
redirected to it) at the beginning of each
On 10.07.2012 15:12, Jack Black wrote:
On Mon, Jul 9, 2012 at 7:48 PM, Amos Jeffries wrote:
On 10.07.2012 13:18, Jack Black wrote:
Hi.
Has anyone successfully used squid, and the squid_session helper in
order to force users of the proxy server to see a webpage (be
redirected to it) at the
27 matches
Mail list logo