On Sat, Aug 18, 2012 at 2:51 PM, Bennett Haselton benn...@peacefire.org wrote:
I installed squid 3.1.10 on CentOS 6.3 with the default squid.conf.
When I test it out from localhost:
[root@33736 ~]# telnet localhost 3128
Trying ::1...
Connected to localhost.
Escape character is '^]'.
GET
Hi Paul,
Does squid running user have read access to the keytab ? Did you use
export KRB5_KTNAME to point to the keytab in the startup script ? What is
the hostname of your squid host ? Did you get a minor code message ?
Check also my page for some further hints
Hi Markus
Thanks for responding. The squid effective user can read the keytab
and I've got the export line in the squid init script. If I check
/proc/pid/environ for the main squid process I can see KRB5_KTNAME
is set correctly. DNS hostname is proxy01.domain.local but
--computer-name used in
On 08/18/2012 08:02 AM, Robert Collins wrote:
On Sat, Aug 18, 2012 at 2:51 PM, Bennett Haselton benn...@peacefire.org wrote:
I installed squid 3.1.10 on CentOS 6.3 with the default squid.conf.
When I test it out from localhost:
The following error was encountered while trying to retrieve the
I may be missing something here, but it looks like ACL processing is
broken for at least some HTTPS requests in 3.2.
Example configuration:
acl useparent dstdomain domain.com
cache_peer 172.25.2.70 parent 8080 0 no-query name=parent01
connection-auth=off
cache_peer_access parent01
nonhierarchical_direct off
Jenny
Date: Sat, 18 Aug 2012 18:31:14 +0100
From: a.f...@ntlworld.com
To: squid-users@squid-cache.org
Subject: [squid-users] ACL processing in Squid 3.2
I may be missing something here, but it looks like ACL processing is
broken for at least some HTTPS requests
On 18/08/2012 18:43, Jenny Lee wrote:
nonhierarchical_direct off
That did the trick. I thought I was probably missing something :-)
Thanks very much,
Andrew.
Apologies for top posting, from Squid FAQs:
Certain types of requests cannot be cached or are served faster going direct,
and Squid is optimized to send them over direct connections by default. The
nonhierarchical_direct off directive tells Squid to send these requests via the
parent anyway.
I
SNIP
The browser is 100% unaware of the proxies existence and the page being
fetched from a different server than its TCP connection was sent to.
All the IP level security the browser uses to check same-origin is
bypassed silently. All the DNSSEC, IP-based firewall rules, etc which
the LAN
Hi Paul.
A account reset means the password or key of this accounts changes and
the extracted key in the keytab will get out of sync. So don't reset the
account in AD, but only autoupdate from msktutil. Also don't share a samba
account with squid as samba daemons als reset the account from
Hi,
Is there a way to force squid to cache an object? I am trying to do
this, a client and an apache server communicates. At some intermediate
point in the path, the response from Apache will be split and one copy
will go to the client, one to Squid. Will squid cache the object in
this situation?
Many thanks Markus, I see what's going on now. :)
I will approach the commercial company regarding adding support for
the username being supplied in the kerberos format.
Paul
On 18 August 2012 20:58, Markus Moeller hua...@moeller.plus.com wrote:
Hi Paul.
A account reset means the password
Today I noticed,sometime I visit
http://dwarffortresswiki.org/index.php/DF2012:Large_pot sometime squid
will return the webpage as a downloadable .gz file
any idea what's going on?
13 matches
Mail list logo