Hi Squids,
How do you think should be the best way to detect if a user is surfing inet
throut its mobile/handset?
TIA
LD
There are 2 ways as far as I know to do this possible:
1. Use de WPAD protocol: lets say PROXY squid1; PROXY squid2 (this is fail
over)
2. Use an HA solution such as Ultramonkey3. Here you could do Active-Active.
Kind regards,
LD
Le lundi 15 juin 2009 11:09:28, Sagar Navalkar a écrit :
Hey
hi Squids,
I wonder to know if there is a way to reduce size of objects that passes over
squid. I mean for example:
1. Get red of all CRLF or useless spaces on html files
2. Reduce paletes or colors in JPG/GIFs files
Do you have any comment?
TIA
LD
Le vendredi 5 juin 2009 08:30:50, vous avez écrit :
Luis Daniel Lucio Quiroz wrote:
hi Squids,
I wonder to know if there is a way to reduce size of objects that passes
over squid. I mean for example:
1. Get red of all CRLF or useless spaces on html files
2. Reduce paletes
to ping this DL every 15 minutes =D
T.I.A.
-Daniel
Le mardi 26 mai 2009 14:48:06, Yanier Salazar Sanchez a écrit :
I don't understand what you want to make, allow me to see if I understood.
Do you want?. Does a listing of IP say of 192.168.0.100 until 192.168.0.150
which provides them a DHCP Server, they can only navigate, provided they
are in
Hi Squids,
Suppose I have an squid configured with https for caching. I wonder if it is
possible to record html traffic, how?
TIA
LD
/Diapositiva20.JPG HTTP/1.0\r\n
User-Agent: Wget/1.11.4 (Red Hat modified)\r\n
Accept: */*\r\n
Host: myserver.com:8080\r\n
Via: 1.1 localhost.localdomain (squid/3.0.STABLE13)\r\n
X-Forwarded-For: 127.0.0.1\r\n
Cache-Control: max-age=0\r\n
Connection: keep-alive\r\n
Best regards,
Daniel
.STABLE13)\r\n
X-Forwarded-For: 127.0.0.1\r\n
Cache-Control: max-age=0\r\n
Connection: keep-alive\r\n
Best regards,
Daniel
Do you think de ESI parser may help?
Le dimanche 29 mars 2009 00:23:24, Amos Jeffries a écrit :
Luis Daniel Lucio Quiroz wrote:
Hi Squids,
Well because a transparent squid when I'm passing BOSH (xmmp/http) squids
sends error 400 and of course all fails.
Find out why that error
You should set an expresión for that URL. Use regexp like this
^http://...sites=.*\.com
I think
On Saturday 28 March 2009 09:14:26 Truth Seeker wrote:
Dear Marcus,
Thanks for your reply... But its not working for me. The thing is my acl
will not block www.example.com. it will only block
Hi Squids,
Well because a transparent squid when I'm passing BOSH (xmmp/http) squids
sends error 400 and of course all fails.
I cant change FW rule because I dont have control, but squid. Is there a way
to tell squid that traffic to a particular server (my jabber one) will not
analize and
I wonder if it is possible to dump a specific traffic that goes through Squid.
For example
acl user src 192.168.3.2
acl server dst 200.33.59.12
acl dstprt port 80
I'd like to dump all traffic from 192.168.3.2 to 200.33.59.12:80 to a file. Is
this possible?
TIA
LD
You mean with this option
I may have html tags that users get?
On Tuesday 24 March 2009 14:40:12 Chris Robertson wrote:
Luis Daniel Lucio Quiroz wrote:
I wonder if it is possible to dump a specific traffic that goes through
Squid. For example
acl user src 192.168.3.2
acl server dst
Your SNMP section into squid.conf must be like that:
# SNMP
acl snmpcommunity snmp_community public
snmp_port 3401
snmp_access allow snmpcommunity localhost
snmp_access deny all
And, at your snmpd.conf that it's on the same same server of squid,
must contain this line:
proxy -v 2c -c public
the different versions of squid but without good results.
Regards,
Daniel
Daniel Donoso
Aeropuertos - Departamento Tecnología y Desarrollo
Airports - Technology and Development Department
donos...@ikusi.com
www.ikusi.com
IKUSI - Ángel Iglesias S.A.
Paseo Miramón, 170
20009 San Sebastián
SPAIN
Hi Squids,
We are going to set up some inverse squid, but as a requirement we must log
html trafic. Not just access.log but html traffic, I mean tags.
Is this possible with squid?
TIA
LD
With Websense it is included a redirect_program, no worry, it work
like a charm :)
On Feb 10, 2009, at 7:54 AM, Frank Bonnet wrote:
Hello
I'll be forced by my company to use websense as a centralized
URL filtration system.
Is it a (working) websense plugin for squid ?
Thank you
all
http_access allow HOME
http_access allow all
myserver.com is in the etc/hosts file and in both pc's is the same.
Thank you,
Daniel
all http_access allow HOME
http_access allow all
myserver.com is in the etc/hosts file and in both pc's is the same.
Thank you,
Daniel
Hi Squids,
I wonder if is it possible to do this in Sq. We need to long HTTP/GET
response of what users are surfing.
I mean to know one file per http-sesion (not ip, because nat-ed fw) and then
inside that file I could see what does is this user doing. How could you
reach that
or
invalid xml or is not responding
it seems the client over proxy losts its header ID.
On Mon, Feb 16, 2009 at 7:47 AM, Luis Daniel Lucio Quiroz
luis.daniel.lu...@gmail.com wrote:
I think they are like this:
acl ASP urlpath_regex \.asp$
acl ASP urlpath_regex \.asp
I can bet on DNS Server...
On Feb 4, 2009, at 9:43 AM, Moses Truong wrote:
We have squid running on a server with delay pools enabled. The
squidclient usually responds very quickly - in less than 0.03
seconds most of the time. However, there are times when this rises
to over 39 seconds.
I think they are like this:
acl ASP urlpath_regex \.asp$
acl ASP urlpath_regex \.asp\?.+
cache deny ASP
On Sunday 15 February 2009 16:04:31 squid proxy wrote:
acl ASP urlpath_regex .asp$
cache deny ASP
You should do an analysis (stadistics) to know normal curve of your objects on
navigations.
You should obtain:
mean of object size, - set your mean object size value to this
standar desviation of object size
and then you should calculate integral (area below curve) of your maximun
object size
, even closing his browser nor restarting his computer,
but if for some reason his IP address change, it will be asked for his
password and of course, if it session of 3 hours expire.
I'm not sure if I was clear, any questions I'll try explain better.
thanks in advance!
Daniel Kühl Lima
Hi Squids,
I'm configurein a squid in inverse mode. However, I've read about many
studies on cache policies but all talking in normal mode. I wonder to know if
someone has any document talking about this but in inverse mode.
I was thinking that because you know final destination, mem_policy
Is there any death line???
On Friday 23 January 2009 09:21:16 Amos Jeffries wrote:
The Squid HTTP Proxy team is very pleased to announce the
availability of the Squid-3.1.0.4 beta release!
This release fixes a large number of issues found in the previous 3.1
release. Including install and
A date to release final version.
On Monday 26 January 2009 19:54:15 Amos Jeffries wrote:
Luis Daniel Lucio Quiroz wrote:
Is there any death line???
What do you mean by death line?
On Friday 23 January 2009 09:21:16 Amos Jeffries wrote:
The Squid HTTP Proxy team is very pleased
.STABLE8-1. Is there any chance of
the workaround being forward-ported to squid-3? Obviously it's
non-intrusive, since it simply adds a config option...
Many thanks,
Daniel
keywords: mp3 streaming media corruption glitches
--
Daniel J Blueman
hi Squids,
We are currently having 502 response to www.cio.com site. I know that 502
error means that other site has close connection. The fact is that this error
is not constant, some times it works, some times it does not.
Just brainstorming, What possible causes could be?
TIA
LD
You may write your redirector
On Monday 19 January 2009 13:48:02 Enrique wrote:
Hi all
i need insert an string between /Internet/ and /acces/ in urls and let the
rest of the beginin and the end intact
for example:
http://www.site.com/Internet/acces/2009-01-15/network/any_think to
Hi,
We are trying to get rid fo a commercial reverse proxy, how ever, we must get
this data from SNMP. I know that squid has snmp support, I've used, but I
dont know all oids. Does any one has a link where oids are specified?
Regards,
AD has indeed LDAP, so short answer is yes.
You should see how is configure your AD to know where are users.
On Tuesday 13 January 2009 08:30:07 Hermidio A. Rodriguez Chavez wrote:
Hi friends again, it's posible authenticate squid3 with one active
directory server(windows server 2003 R2)
You need a special hash, none of native AD
your properti should have
REALM:MD5(user:REALM:password)
On Tuesday 13 January 2009 08:59:46 Leonardo Rodrigues Magalhães wrote:
i'm actually running squid (2.7 stable4) with squid_ldap_auth for
authenticating users in my MS Active
Of course,
I've paste it here: http://pastebin.com/f77eec269
Regards,
LD
On Monday 12 January 2009 02:54:28 Luca Forti wrote:
Hi,
thanks for your answer but I have not found it ☹
Can you send me by email the solution?
Thanks!
Luca
Da: Luis Daniel Lucio Quiroz [mailto:luis.daniel.lu
Hey Fablio
Look in history, I did post a perl script helper that to this
On Friday 12 December 2008 09:27:51 Fulvio Aleandri wrote:
Hi, I would know if is there any solution to implement a max_user_ip
directive to avoid user account sharing within squid farm balanced by an hw
appliance.
Hi squids,
As you know, squid timestamp is based in GMT0 era time. I'm living at GMT -6
but after doing my log pharsing report we realize that time is based as if you
were at GMT0.
Is there a way to tell squid to log with a -6 offset? I dont want to move my
time at my server, because all
Hi Squids,
Currently we have Squid 3.0.9 running with ldap_digest helper. It runs very
cool, how ever, some sites are presenting problems.
In sites such as ftp://partnerweb.trendmicro.com.br using squid it fails. It
seems that this site use NTLM and squid get confuses about authentication
HI Squids,
I wonder to know if it is possible to tell squid to let some auth-methods
depending Browser. We have as a security policy to use digest, the fact is
that some clients are not digest-aware. Such as pidgin, so I wonder if we
detect pidging id string we may let he to use basic-auth
That sounds like a buggy acl,
i have something like,
you should set debug to level 3 and read cafuly to discover ACL that is doing
this.
LD
Good day.
Im wondering if anybody else has experienced this.
Since ive upgraded to squid3stable10 the proxy continuously stops
responding.
Firefox
Mine is this
auth_param basic program /usr/lib64/squid/squid_ldap_auth -b DC=XXX,DC=XXX -D
[EMAIL PROTECTED] -w Elmasmejor3567 -f sAMAccountName=%s -h XXX.XXX.XXX.XXX.
1 -s sub -p 389 -v 3 -P -O -R
auth_param basic children 25
auth_param basic realm Squid proxy-caching web server
auth_param
I've read stable10 changelog, do you think upgradint to 10 will fix this?
Luis Daniel Lucio Quiroz wrote:
Using squid 3 stable 9, with digest ldap auth, randomly i got this:
assertion failed: ACLProxyAuth.cc:146:
authenticateValidateUser(auth_user_request)
later, squid dies
Any
No, no FIN, but RST
On tis, 2008-11-11 at 16:53 -0600, Luis Daniel Lucio Quiroz wrote:
I have a pcap file captured and, traffic is exchanged and then suddenly a
RST from squid to client.
No FIN before?
Regards
Henrik
On Wednesday 12 November 2008 14:58:27 Henrik Nordstrom wrote:
After debugin ate level 3
I realize this error happens when analizin http_reply_access with user acl.
Luis Daniel Lucio Quiroz wrote:
Using squid 3 stable 9, with digest ldap auth, randomly i got this:
assertion failed: ACLProxyAuth.cc:146:
authenticateValidateUser(auth_user_request
Hi Squids
We found that if we block by MIME type HT-* MIMEs headers we can block
HTTPProxy tunnel (the one that use html tags).
We have found httport (for windows) but still dont know how to block. Has
anyone blocked it by other technique than ip blocking?
Regards,
LD
After debuggin,
I've found that squid is sending a RST packet to a Windows station (WinXP SP2
or WinVista).
Squid is not configured to send RST's. Is there any explication for this?
Regards,
LD
Hi Squids,
Becase we are aware that a farm of squids cant block a user who shares his
username. I've just programmed a helper to let squid to dont share logins even
if one person logs into squid1 and other into squid2. I've paste it in:
http://pastebin.mandriva.com/1333
It bassically uses
I use Squid 3
On tis, 2008-11-11 at 13:01 -0600, Luis Daniel Lucio Quiroz wrote:
now, I have a situation. Because here we must use digest auth, not all
applications are aware of this. And many users are complaining about
applications. I was thinking of a external helper that let an IP
I'm pretty sure.
I have a pcap file captured and, traffic is exchanged and then suddenly a RST
from squid to client.
I've found that squid is sending a RST packet to a Windows
station (WinXP SP2 or WinVista).
Squid is not configured to send RST's. Is there any
explication for this?
Using squid 3 stable 9, with digest ldap auth, randomly i got this:
assertion failed: ACLProxyAuth.cc:146:
authenticateValidateUser(auth_user_request)
later, squid dies
Any comment?
LD
Tnkx
On Tue, 2008-11-11 at 16:53 -0600, Luis Daniel Lucio Quiroz wrote:
I'm pretty sure.
I have a pcap file captured and, traffic is exchanged and then suddenly a
RST from squid to client.
I've found that squid is sending a RST packet to a Windows
station (WinXP SP2
Hi Squids,
There are several questions I have about deny_info I couldnt find.
Looking at I found that %U corresponds url blocked, %w to wemaster email.
There are other several %'s that I dont understand, Is there a table that
explains them?
Is there a % that has error filename that should
-- Forwarded Message --
Subject: deny_info customization
Date: vendredi 07 novembre 2008
From: Luis Daniel Lucio Quiroz [EMAIL PROTECTED]
To: squid-users@squid-cache.org
Hi Squids,
There are several questions I have about deny_info I couldnt find.
Looking at I found that %U
Thanks both
Henrik Nordstrom wrote:
On fre, 2008-11-07 at 12:23 -0600, Luis Daniel Lucio Quiroz wrote:
Hi Squids,
There are several questions I have about deny_info I couldnt find.
Looking at I found that %U corresponds url blocked, %w to wemaster
email. There are other several %'s
Hi Squids,
I wonder to know you one of you knows about this. We've put a squid with
digest_ldap_auth helper. It works, but only one user and just one has this
issues:
- Reauth happens to him every 3 mins aprox, auth is successfull
Any comment to review?
Regards,
LD
Hi Squids,
I'm having a lot of: HTTP header field {\r} at cache.log. Currently we are
having performance problems. This log is related to my performance? How can I
explain this, why this happens, are we having tunneling ?
Regards,
LD
We use Squid 3 Stable9
On tor, 2008-11-06 at 13:15 -0600, Luis Daniel Lucio Quiroz wrote:
Hi Squids,
I wonder to know you one of you knows about this. We've put a squid with
digest_ldap_auth helper. It works, but only one user and just one has
this issues:
- Reauth happens to him
Hi :-D
What type of performance problems? Surfing is slow. But I fond this
problem is not about squid it was about file descriptors, fixed.
At cache.log I found only allot of: HTTP header field {\r} no more, no less.
Could be tunneling?
Luis Daniel Lucio Quiroz wrote:
Hi
--
Thanks,
Daniel
requests to dynamic web page content give
TCP_REFRESH_MODIFIED:FIRST_UP_PARENT, while all requests to gifs etc. geht a
TCP_HIT?
Thanks,
Daniel
, Pablo
On Thu, Oct 30, 2008 at 4:09 PM, Luis Daniel Lucio Quiroz
[EMAIL PROTECTED] wrote:
Hi Squids,
We are putting in a heavy load environment. my squid is getting tired,
after a while of load testing, 3128/tcp begins to stop responding
(randomly) to requests. All other ports
Hi Squids,
We are putting in a heavy load environment. my squid is getting tired, after
a while of load testing, 3128/tcp begins to stop responding (randomly) to
requests. All other ports at that servers responds ok
i've recompile my squid with 16k file handlers, but this does not seems to
:3128/servlet? (Without
arguments) but squid doesn't store the object.
Is it possible to configure squid to cache this?
Regards,
Daniel
Thank you very much John.
Now works fine.
Regards,
Daniel
-Mensaje original-
De: John Doe [mailto:[EMAIL PROTECTED]
Enviado el: lunes, 29 de septiembre de 2008 11:19
Para: squid-users@squid-cache.org
Asunto: Re: [squid-users] Servlets Cache
I'm using squid for a short time
Hi Squids,
I have a squid that is child of other. The child has in its configuration a
url_rewriteprogram redirector and a parent squid.
The question is, what is the correct flow:
squid-child-squid-parent-squid-child-redirector-action
or
Hi Squids,
I had a squid with 2 parents. The fact is that we need to tell squid child to
use one parent by specific user. Is there a way to do this?
Regards,
LD
Hi all,
We have a cripy implementation of squid+dansguardian.
- squid (digest auth) - dansguardian (clamav, icap filtering) - squid
Because user requirements squid must have ip and user. The only way to do
this is using this schema. But with this, dansguardian stops watching users.
I
HI folks
I already know that there is not a recipe for squid. But I wonder if anyone
knows an official document that lists squid requirements.
Regards,
LD
, 2008-07-01 at 20:25 -0500, Luis Daniel Lucio Quiroz wrote:
1214974554.906 0 99.90.40.253 TCP_DENIED/407 3249 GET
http://www.presidencia.gob.mx/imgs/edomayor_over.gif a2 NONE/- text/html
if we use percistance, it works, but we can stop using of sharing
usernames. Balancig schema
Hi guys,
I have 2 squid boxes working good alone. My customer ask me to balance them
using his BIGIP F5. The fact is that when I balance them without percistance
I got this at log (on both servers):
1214974554.906 0 99.90.40.253 TCP_DENIED/407 3249 GET
is acceptable for a FQDN. Your link to facebook
worked fine for me, and I would assume that you get these attempts because people are
using to ending a type phrase with a full stop ENTER sequence.
Howard
--
Daniel Rose
National Library of Australia
Hello,
I have a question.
My http server sends the objects with max-age of 48 hours. This is
perfect for me, because squid during 48 hours doesn't send to server the
packet to check if the object is modified.
I saw that is possible delete all the cached objects with squidclient,
or with
, squid would ask for them again, and
only get the modified objects.
I know that is possible to decrease the max-age or put max-age to 0 (ask
always if the object is modified) but this generate a lot of network
traffic when a lot of objects are asked.
Thanks for your help.
Daniel
-Mensaje
way to do this?
-Mensaje original-
De: Amos Jeffries [mailto:[EMAIL PROTECTED]
Enviado el: jueves, 19 de junio de 2008 5:37
Para: Henrik Nordstrom
CC: Donoso Gabilondo, Daniel; squid-users@squid-cache.org
Asunto: Re: [squid-users] name resolution problems (/etc/hosts)
On ons, 2008-06
Thank you very much. Now works fine!
tor 2008-06-19 klockan 09:21 +0200 skrev Donoso Gabilondo, Daniel:
What does your cache_peer line (and cache_peer_access/domain if any)
look like?
cache_peer_domain 192.168.240.22 myserver.com
This won't match as you haven't told that your service
Hello again,
I Use Squid as a reverse Proxy with 192.168.240.22:8080 as default site
and works fine, but when I put a name, and after restarting, doesn't
work.
I have correctly configured the name in the /etc/hosts file.
What am I doing wrong?
I use squid as a reserve Proxy with cache. When squid has a resource
cached it doesn't send a request to http server to check if the resource
is modified.
I want to know if is possible (and how) to do:
* Squid send a request to http server asking if the resource is
modified.
* If the http
I've squid configured as a Reverse Proxy with a default site
(192.168.240.22:8080)
I've an application that asks resources to squid, and squid ask them to
the default site (Is not possible to configure a proxy in the app)
Is it possible to define other site and if the default site is shutdown
or
(images) and the results
are the same.
I read squid configuration and for default squid allow all to be catched.
What am I doing wrong?
Thank you again for your help.
Daniel
-Mensaje original-
De: Amos Jeffries [mailto:[EMAIL PROTECTED]
Enviado el: miércoles, 11 de junio de 2008 15
: jueves, 12 de junio de 2008 14:21
Para: Donoso Gabilondo, Daniel
CC: squid-users@squid-cache.org
Asunto: Re: [squid-users] Problems Using squid 2.6 as a transparent web
cache
Donoso Gabilondo, Daniel wrote:
Hello again,
Thank you very much for your help.
I suspect you are trying to do some sort
Hello,
I have an application in linux that uses http resources (videos,
images..). These resources are in other machine with a http server
running (under windows).
The linux application always download the resources. I installed and
configured squid in the linux machine to cache these resources,
Helo Squids,
While debugin why my auth does not work I find this function with a little
pitty I'm not sure it is okay. I'm a C++ programmer. At file digest_pw_auth
(squid 3stable6) I found this function:
static void
ParseBuffer(char *buf, RequestData * requestData)
{
char *p;
Hi,
i'm using the redirect_program directive to include squidGuard in my
squid configuration. Now i want to omit connection requests matching to
one special acl beeing redirected to squidGuard. Is this possible? And
if it is, what exactly do i have to do?
regard,
Daniel
seems to be the squidguard configuration.
I just googled a little bit, but could not find someone with similar
problems. Do you maybe have an idea how to solve this?
regards,
Daniel
I have a huge txt file with domains that I want to ban, like this:
.dom.com
.dom2.net
.etc
I not sure I i can do this at my acl configuration
acl banneddommains dstdomain /path/file.txt
or how?
TIA
LD
Hi,
thanks for your answer. Just to be sure, that means, that it is not the
fault of my squid configuration, but a configuration error of the peer
webserver?
Regards,
Daniel
Hi,
have you already testet the solution in the squid FAQ page?
http://wiki.squid-cache.org/SquidFaq/WindowsUpdate
regards,
Daniel
/404 0 CONNECT http:443 - DIRECT/-
I have absolutely no idea, why and under which specific conditions this
error occurs.
Thanks for your help in advance!
Regards,
Daniel Becker
package during the
installation, so it should work right out of the box.
--
Daniel Rose
National Library of Australia
Le Monday 10 March 2008 16:30:42 Nick Duda, vous avez écrit :
I'm curious to see what others have done for redundant/failover squid
servers, and any configs that go with it. If we run a squid server in
branch offices and it dies it would cause an outage and we would have to
repair or build a
to launch a browser to hit your page
as a diagnostic poll to see if their connection is still up.
Having said all that, awstats will probably do what you want it to.
Cheers!
--
Daniel Rose
National Library of Australia
$CISCO_IP local $HOST_IP dev eth0
/sbin/ifconfig wccp0 $HOST_IP netmask 255.255.255.255 up
It works perfectly. However, they say that you should know it will work
because it is right, not assume it is right because it works!
Anyway, I hope it's right.
--
Daniel Rose
National Library of Australia
HI
I've managed to get wpad.dat to work on most of our PCs, using automatic
detect settings on internet explorer (with versions from 6 to 7).
Now I have 2 problems:
1 - some pc's always ask for credentials when using the auto proxy
configuration. If I choose the proxy manually, everything goes
.
Access is granted for the users on a specific AD group, and squid allows
that group to browse the internet.
Can I configure winbind to validate users from another domain? What's my
best option?
Thank you very much,
Daniel
be on the same interface
of the firewall. If you try to make a dmz with the proxy, and use wccp on the
firewall between the dmz and the clients, it won't work.
If any of this is wrong I'd love to know as well, as these are my working
understandings of the system.
--
Daniel Rose
National
*;)) { return proxy_no; }
return proxy_yes;
}
If I specify the proxy manually everything is fine.
I've been looking around for this for hours now!
Thank you very much
Daniel
Hello,
trying to view this web page
http://gepas.bioinfo.cipf.es/cgi-bin/norm.cgi
we get this error:
TCP_DENIED/411 3610 POST http://gepas.bioinfo.cipf.es/cgi-bin/norm.cgi -
NONE/- text/html
Googled about this error, got this article:
Bruno Lopes de Souza Benchimol wrote:
You probably can try to disable the unicast RPF feature on the ASA, i know
how to it works on Routers but its probably pretty similar to the ASA Series
(i also do not have one for testing... i wish i could), altough thats not
the Best method because it
. I will push google a bit harder before I give up though.
--
Daniel Rose
National Library of Australia
401 - 500 of 742 matches
Mail list logo