i have tried to get this working, and still have issues. i think it
might be related to my topology. i did add the HTTP/proxy.domain.tld
principal to the keytab on the load balancer, and have the -s
GSS_C_NO_NAME directive in each squid config. the two servers each
have a squid.keytab that has t
would i be missing?
On 1/9/13, brendan kearney wrote:
> i must have misunderstood you when you said that i need a third entry in
> the keytab for the VIP. I took that to mean that the device hosting the
> VIP should have a keytab on it with the HTTP principal in the keytab.
>
> fr
resending because i got a mailer-daemon failure for HTML formatting...
all,
i am running squid 3.2.5 on fedora 16 64 bit on two separate boxes,
load balanced with HA Proxy. i am trying to access cachemgr on either
one of the squid instances, and both exhibit the behaviour where the
squid-interna
med. :* or :any matches any port on the
target server.
On Thu, Apr 11, 2013 at 4:41 AM, Kinkie wrote:
> On Thu, Apr 11, 2013 at 2:28 AM, brendan kearney wrote:
>> resending because i got a mailer-daemon failure for HTML formatting...
>>
>> all,
>>
>> i am run
Why are you using the CONNECT method with FTP? The CONNECT method is
for use with tunneled connections, such as HTTPS through a proxy. It
does not seem correct that the CONNECT method is being used.
i have:
acl ftp proto FTP
acl Safe_ports port 21 # ftp
http_access allow ftp
always_dire
i am using HAProxy, with Kerberos auth and have no issues. Once i
figured out the keytab bit, where you make one keytab file and put that
one keytab file on all proxies in the load balanced pool, i was off and
running. My relevant HAProxy configs:
global
log 127.0.0.1 local1
pidf
there is an entire wiki article to this exact topic.
http://wiki.squid-cache.org/ConfigExamples/Authenticate/Bypass
every matching http_access line before the required auth is
unauthenticated. the http_access line requiring auth and all matching
http_access lines after it are authenticated.
On T
On Mon, 2013-06-24 at 15:28 -0700, Matthew Ceroni wrote:
> I am trying to prevent certain requests from being logged to the access log.
>
> Have the following configuration snippet:
>
> acl NoLogSites url_regex -i "/etc/squid/nolog.txt"
> log_access deny NoLogSites
>
> Within /etc/squid/nolog.tx
On Tue, 2013-07-23 at 00:07 +0100, Markus Moeller wrote:
> Hi Eugene,
>
> Looks like an interesting problem. Can you wireshark the traffic on your
> home machine on port 88 ( Kerberos ). If the negotiate wrapper says you got
> a Kerberos token you should see traffic on port 88.
>
> Markus
>
On Tue, 2013-10-01 at 14:14 +0330, Hooman Valibeigi wrote:
> I understand the prime of challenge/response protocol. Failing the
> first request looks fine as long as it occurs only once and not for
> every page you visit.
>
> I wonder if administrators would be happy with the fact that users
> hav
On Tue, 2013-11-05 at 08:31 -0500, Monah Baki wrote:
> I came across this where it forward all requests to another proxy
>
> cache_peer parentcache.foo.com parent 3128 0 no-query default
> never_direct allow all
>
>
> How can I deny all requests to use the parent proxy except for a
> specific do
i am wondering if there is a logformat code that can be used to log the
URL (domain.tld or host.domain.tld) independent of the URI
(/path/to/file.ext?parameter)? i am using %ru, which gives me the URL
and URI in one string. %rp seems to be the URI, but i am not using that
right now and can only g
On Thu, 2013-12-05 at 17:55 +1300, Amos Jeffries wrote:
> On 5/12/2013 1:41 p.m., Brendan Kearney wrote:
> > i am wondering if there is a logformat code that can be used to log the
> > URL (domain.tld or host.domain.tld) independent of the URI
> > (/path/to/file.ext?parame
On Mon, 2013-12-09 at 23:12 +0900, Alan wrote:
> On Thu, Dec 5, 2013 at 9:41 AM, Brendan Kearney wrote:
> > i am wondering if there is a logformat code that can be used to log the
> > URL (domain.tld or host.domain.tld) independent of the URI
> > (/path/to/file.ext?parame
On Tue, 2014-03-11 at 10:10 -0600, Alex Rousskov wrote:
> On 03/11/2014 08:05 AM, Omid Kosari wrote:
>
> > Is it possible for Squid to automatically find every similar object based on
> > something like md5 of objects and serve them to clients without need custom
> > DB ?
>
> No, because clients
On Mon, 2014-07-14 at 15:57 +1200, Jason Haar wrote:
> Hi there
>
> I've started testing sslbump with "ssl_bump server-first" and have
> noticed something (squid-3.4.5)
>
> If your clients have the "Proxy CA" cert installed and go to legitimate
> https websites, then everything works perfectly (e
On Thu, 2014-08-07 at 22:02 +, Mark jensen wrote:
> I have asked this question on Apache mailing list but they tell me to ask it
> here:
>
> we know that we can allow some IPS with out authentication using Allow from
> IP:
>
>
> Order allow,deny
> Allow from 192.168.1.5
>
On Fri, 2014-08-08 at 11:48 +1200, Jason Haar wrote:
> Googling "apache x-forwarded-for" led me to mod_extract_forwarded
>
> http://www.openinfo.co.uk/apache/
>
from the apache mod_proxy page:
Reverse Proxy Request Headers
When acting in a reverse-proxy mode (using the ProxyPass directive, for
18 matches
Mail list logo