Henrik Nordstrom schreef:
tis 2006-10-03 klockan 14:53 +0200 skrev Joost de Heer:
I use the following scripts for rotation:
The script will work a bit better if you
1. Set "log_rotate 0" in squid.conf.
2. Have the script rename the log files before it issues "squid -k
rot
I use the following scripts for rotation:
-- rotate.sh ---
#!/bin/sh
SQUID_HOME=/opt/squid
SQUID_VERSION=2.5.13
SQUID_LOG_DIR=${SQUID_HOME}/shared/cache/logging
SQUID_LOG_BACKUP=${SQUID_HOME}/shared/logging
SLEEP_PROG=/bin/sleep
DATE_PROG=/bin/date
#Rotate squid logs
${SQUID_HOME}/${SQU
Hello,
Is Squid+ICAP still developed? The only reference to ICAP in the source
tree of Squid 2.6STABLE3 is in SPONSORS, pointing to
http://devel.squid-cache.org/icap/ , but the latest entry in that page is
from end 2003.
Joost
Adrian Chadd wrote:
> Hi everyone,
>
> The COSS code in Squid-2.6 has come quite far from its original design by
> Eric Stern. Steven Wilton has put an enormous amount of effort into the
> COSS design to fix the remaining bugs and dramatically improve its
> performance.
>
> I've assembled a quick w
> If I perform a search at
> "http://www.linuxquestions.org/questions/search.php"; using Squid the error
> returned is "(110) Connection timed out". The Privoxy on the same box,
> and an IPCop Squid on a different box, perform the search without fault.
> After clicking on "Search" at linuxquestion
William Bohannan wrote:
> Hi I currently have been running squid for a while now and it work
> fantastic. On one problem when I disable my firewall I notice that squid
> goes overtime on caching and external users start using it? Is there a
> way
> to make squid only accept connections from my in
> 2006/09/13 07:50:21| urlParse: Illegal hostname
> '.update.toolbar.yahoo.com'
A hostname may not start with a ., so Squid rightfully says it's illegal.
> The web access is very slow :(
Which is unrelated to people provided invalid hostnames in requests.
Joost
Kevin Gordon wrote:
> I have changed the line to
>
> auth_param credentialsttl 5 minutes
>
> and I still get the following when I run the mysql_auth libexec setup
>
> Core was generated by `./squid -N -f /usr/local/squid/etc/squidAuth.conf'.
> Program terminated with signal 6, Aborted.
> #0 0x0068
> auth_param basic credentialsttl 5
You need a proper time specification:
auth_param credentialsttl 5 minutes
Joost
>>> Somewhere in the documentation I copied the following:
>>>
>>> Squid is written only as a high-performance proxy server, so there is
>>> no
>>> way for it to function as a web server, since Squid has no support for
>>> reading files from a local disk, running CGI scripts and so forth.
>>> There
Mark Gibson wrote:
> I've got 2 cache_dirs set up, and squid doesn't seem to want to use
> them. Squid is Releasing objects before it should, which leads me to
> believe that it thinks it has no more space to store objects. This
> setup worked fine while it was just me testing, but isn't working
Adrian Chadd wrote:
> On Tue, Sep 05, 2006, wangzicai wrote:
>> Thanks Adrian Chadd
>> The squid is not the version shipped with the system.
>> I installed it by my self.
>> But I do not to know how to do "created the relevant symlinks"
>> Could you tell me hou to do.
>
> I -think- the magic comman
Pranav Desai wrote:
> Hello,
>
> Is it possible to inject a specific object into the cache store and
> associate it with a particular URL ?
>
> E.g. a gif on the disk needs to be included in the cache store as say
> http://www.google.com/logo.gif.
> So, when someone accesses http://www.google.com/l
Forgot one additional piece of information: Squid version used is 2.5.13.
But we've been having these problems with 2.5.7, 2.5.10 and 2.5.12 too.
Joost de Heer wrote:
> Hello,
>
> For a while, we've been having performance problems on one of our proxies.
> So far it loo
Hello,
For a while, we've been having performance problems on one of our proxies.
So far it looks like the machine is responding horridly when memory is
freed.
Here's some sample output from vmstat:
20060717-12 2 3 0 18332 190544 101322011 0 3
0 0 2 2 1 1
2
> ERROR
> The requested URL could not be retrieved
>
> While trying to retrieve the URL: http://localhost:81/
>
> The following error was encountered:
>
> * Access Denied.
> My squid.conf:
I doubt it is your complete squid.conf, as an ACL is used that's not present:
> http_access deny !Safe_
Nathaniel Staples wrote:
> Hi all!
> auth_param ntlm program /usr/local/bin/ntlm_auth
> --helper-protocol=squid-2.5-ntlmssp
> auth_param ntlm children 5
> auth_param ntlm max_challenge_reuses 0
> auth_param ntlm max_challenge_lifetime 2 minutes
>
> auth_para
> The problem is that when they try to access HTTPS sites they don't get an
> LDAP prompt from the NetCache. They receive an authentication prompt from
> the Squid requesting their NTLM credentials. Which of course is an issue
> because they are not members of nor do they have accounts in the dom
Mike Leong wrote:
> Hi,
>
> Squid is flushing the mem cached objs once it hits a certain
> threshhold. See my attachment for the graph.
>
> system: 4GB of ram
>
> cache mem set to 2GB
> has about ~12,944,329 objects in each cache, and is increasing daily
>
> any ideas why squid is behaving like th
[EMAIL PROTECTED] wrote:
> Hi,
>
> I took a look at the follow_xff patch, but will the ip-address information
> I get in an url rewriter (squid as reverse proxy with redirect script) be
> the one of the client or the one of the other cache-proxy that send its
> request to squid?
> due to the docume
Hement Gopal wrote:
> Hi all
>
> Platform : Squid 2.5 Stable 13 on Redhat 9
>
> I'm having trouble ftp'ing out via squid. If I enter
> ftp://ftp.domain.com in my browser URL and point my browser to my proxy
> server, it does not work. Ftp port in my squid.conf is open.
But you probably have CONNEC
Stefano Del Furia wrote:
> Hi all,
> we have installed Squid 2.5 for Windows and all works fine, but we have a
> problem using outlook express 6.0.
> When we try to retrieve the e-mail from a pop3 account we got always an
> error 10060 while if we bypass the proxy all works fine.
> Is there some co
Vadim Pushkin wrote:
> Hello.
>
> I have tried using:
>
> ./squidclient -h localhost -p 3030 -m PURGE
> http://www.cnn.com/URL-to-delete-from-cache
>
> And I get permission denied. Could someone please tell me what restricts
> this and how I can change it?
To allow purge from localhost:
acl purg
Adrian Chadd wrote:
> Is there much interest in me getting COSS to the point where its stable
> and useable? I have no actual idea how COSS will actually perform in
> the real world as I don't actually know of anyone who has used it.
I have used it about 1 year ago, and it crashed quite often. Als
Mark Elsen wrote:
>> We are running Squid proxy and everybody can connect to the internet
>> without
>> problems. Recently we connect a site with intranet running IIS to our
>> network, using our Squid Proxy we cannot connect to the said intranet,
>> even
>> the login prompt is not appearing, you c
Mark Elsen wrote:
>> Hi,
>>
>> A squid proxy running on FC4 was setup to support multiple remote
>> locations in our organization. However, it was found that the password
>> prompt did not show up when user tried to access some restricted URL on
>> the Windows server, which was other than the curre
> acl all src 0.0.0.0/0.0.0.0
> acl manager proto cache_object
> acl localhost src 127.0.0.1/255.255.255.255
> acl SSL_ports port 443 563
> acl Safe_ports port 80 21 443 563 70 210 1025-65535
> acl Safe_ports port 280
> acl Safe_ports port 488
> acl Safe_ports port 591
> acl Safe_ports port 777
> #
> old-mail01# tail -n10 access.log cache.log store.log
> ==> access.log <==
> 1147170439.085 4 172.16.11.175 TCP_MISS/403 1802 RPC_IN_DATA
> http://webmail.giessen.nl/rpc/rpcproxy.dll? -
> FIRST_UP_PARENT/webmail.giessen.nl text/html
> 1147170439.096 3 172.16.11.175 TCP_MISS/403 1802 RPC
> I have an acl that looks like this:
>
> acl denied_users proxy_auth_regex -i '/etc/squid2/denied_users'
>
> where the denied_users file has a list of users who are not allowed access
> in the form of: john.smith
>
> Now for the first time I have a problem in the way this works. For
> instance, I
Di Giambelardini Gabriele wrote:
> Hi to all,
> this is my first email here...
> I have a problem. some time mine internet line it'w really slow...
> I'd like know which of my client use all the internet line.
> I tried sarg, but no work well for my case..
> somebody know some software that in
> To the best of my knowledge, this is only available in Squid 3 or via
> the patch on devel.squid-cache.org
> http://devel.squid-cache.org/follow_xff/index.html).
Apart from src/structs.h, this patches fine. But I get several warnings on
running bootstrap.sh (and the first time it actually fails,
> To the best of my knowledge, this is only available in Squid 3 or via
> the patch on devel.squid-cache.org
> http://devel.squid-cache.org/follow_xff/index.html).
Thanks for this link. There's a diff for 2.5 on that page, but it's
ancient (2003). Does it still apply cleanly to 2.5S13? If needed I
Hello,
I have a proxy which uses IP based access (if you come from IP address X,
you're allowed to use the proxy, if from IP address Y, you're denied.
Now, a second proxy is being installed and an F5 loadbalancer is placed in
front of them, which causes all connections to the proxies to be made f
Ngo, Toan wrote:
> Hi,
>
> I'm using Squid 2.5 stable 11. I noticed log entries with TCP_DENIED
> when I go visit a website. The connection gets through but there are
> several TCP_DENIED entries before the login is accepted. I am on a
> domain so NTLM authentication is transparent but is there
[EMAIL PROTECTED] wrote:
> Not true at all. The web browser tries to access the configuration
> script. If it doesn't get to it, the request is submitted directly.
> We wouldn't have been able to use the functionality otherwise.
I think it uses the cached proxy.pac.
All out pac's include somet
> From a workstation running windowsXP a user can't download some type of
> files (doc,pdf,pps). But from a windows98 workstation that is at the same
> "http_access" level in squid.conf the user doesn't have any problem.
Are you using the same browser version on WXP and W98?
This might have somet
Hello,
I have the following ACLs:
acl block_domain dstdomain "/opt/squid-master/etc/block.txt"
http_access deny block_domain
block.txt has the following content:
# Blokkeer domein
.gator.com
.webads.nl
.doubleclick.net
The http_access rule is the first rule in the access rules, so there's no
p
> In my attempt to configure a transparent squid using PF, ( squid is
> running on the
> openbsd gateway ) I have found out that the client is trying to
> connect to the
> internet using the DNS server configured in the client, which does not
> work, because
> the DNS server specified in the client
Dave wrote:
> Hello,
> I've got a unique situation. I've got squid acting as a transparent
> proxy. I want to block all outgoing http requests from a single machine
> with
> the exception of a single site, let that through. In other words if
> machine
> x goes to any other site other than the o
Chris Mason wrote:
> I'm using Squid to control staff access to the net and I'd like to find
> a reasonable log analyzer package to monitor the efficiency and to
> report usage. I've explored the links on http://www.squid-cache.org/ but
> most of what I found isn't very polished. Any suggestions?
Hello,
I have configured a delay pool as follows:
delay_pools 1
delay_class 1 3
delay_access 1 allow all
delay_parameters 1 24/24 -1/-1 3/12
mgr:delay gives the following output for the individual buckets:
Individual:
Max: 12
Rate: 300
- Memory shortage. Montior with vmstat/sar.
2GB memory, Squid takes up 700MB. It's the only thing running on the machine.
- I/O bottleneck. Monitor with vmstat/iostat/sar.
Cache hits are fast as usual, it's just cache misses and cache near misses
that go kablooey. If there was an IO bot
Mark Elsen wrote:
>>
>> I was wondering if there was a way to log the content of all POST
>> requests that are passed through squid? I've looked through the
>> archives, documentation, and FAQ. Any pointers would be appreciated...
>>
>>
> In squid.conf :
>
>strip_query_terms off
Query te
Kinkie wrote:
> On Thu, 2006-02-02 at 09:21 +0100, Joost de Heer wrote:
>> Hello,
>>
>> How does the 'default' keyword for cache_peer work exactly?
>
> Does this answer your question?
> http://squidwiki.kinkie.it/SquidFaq/TroubleShooting#head-
Hello,
How does the 'default' keyword for cache_peer work exactly?
- the 'default' is always tried first, and then for that cache_peer the
cache_peer_access rules are applied.
- A list of cache_peers which are allowed is generated from the
cache_peer_access rules, and then the default is tried fi
Hello,
The current Windows binary provided by Guido Serassio has a 2048 file
descriptor limit. I'd like to increase this to 4096. Is the current an OS
limit or can this be changed? And if it can be changed, could anyone
provide me with information how to do this?
Joost
Mark Elsen wrote:
Hello,
One of our proxies has a problem which causes the response time to explode.
We've been unable to find a cause for this behaviour, but I want to implement
a workaround: when the median response time grows over 1 second (normal
behaviour is a median response time of about
Hello,
One of our proxies has a problem which causes the response time to explode.
We've been unable to find a cause for this behaviour, but I want to implement
a workaround: when the median response time grows over 1 second (normal
behaviour is a median response time of about 100/110ms) I wan
> Squid on Windows doesn't ignore the dns_nameservers squid.conf
> directive, unless you are using an old external DNS build.
I downloaded 2.5STABLE12-NT Standard from acmeconsulting.it.
> The specified name server could not be able to resolve the host names
> specified in the dns_testnames squid
Hello,
I have installed SquidNT on Windows 2003, and configured a nameserver with
dns_nameservers (due to domain restrictions, I can't change the nameserver
in the TCP properties, and I want to use the local DNS server, not a
server on the other side of the country). This nameserver works (I can u
>>> ..but on internal client of my LAN when I try in the web browser (IE):
>>> http://www.mysite.com
>>> ..the dns resolutions is ok and the ip address of my webserver is:
>>> 10.0.1.2
>>> ..and I visualize only Fedora Core Test Page.
Is 'www.mysite.com' a vhost which is bound to a specific IP add
> Since I have installed Squid on my Debian 3.1, I cannot use Webmin
> anymore.
> I get the error :
> 1132704539.351 0 192.168.1.10 TCP_DENIED/403 1414 CONNECT
> 192.168.1.1:12000 - NONE/- text/html
> 1132704539.473121 192.168.1.10 TCP_DENIED/403 1414 CONNECT
> 192.168.1.1:12000 - NONE
Boniforti Flavio wrote:
> Hello everybody.
> I'm actually playing around with my "useragent" logs, and would like to
> know if there's a place on the 'net where I could seek information about
> the useragent strings I find in my logfiles.
> Or, if anybody would be interested, I would "donate" part
Colin Farley wrote:
> I've had problems with the latest versions of SARG, I have only tested or
> BSD boxes but I would suggest trying 2.0.6. Unfotunately I don't use the
> -p switch so I can't say for sure if this is your problem.
I somewhat fixed this by patching fixip() in util.c, adding a che
Not a squid question per se, but I figure several people here use SARG.
Has anyone got SARG working with the -p argument? I get a failure in
creating a temporary file:
sarg: (log) Cannot open temporary file: /tmp/sarg/TCP.MISS/504...unsort -
No such file or directory
When checking the /tmp/sarg
>> Is it possible to stop squid from logging gifs and jpegs in the
>> access.log
>> file?
> http://devel.squid-cache.org/old_projects.html#customlog
Don't you mean http://devel.squid-cache.org/old_projects.html#log_access ?
Joostz
> What do the squid/kernel logs say?
Squid log: nothing. Kernel log: Only strange things I see are messages
about 'shrinking window', but no timestamp is given for those...
> Doesn't squid wipe the cache at that time?
No, it just accepts connections really slow for some time.
> isn't there some
Venkatesh K said:
> Checkout whether you are running out of file descriptors.
Max descriptors is 8192, the largest peak I've ever seen was around 5000,
and around the time of the problems, mgr:info shows around 2500
descriptors.
> If you are using iptables, checkout if you are maxing on
> net.ipv
Mark Elsen said:
>> Hello,
>>
>> Usually my proxy (Squid 2.5 STABLE10 on RH Linux) performs quite well,
>> but
>> occasionally I see a drop in the number of successful requests (it's
>> usually around 200/s, but drops to as low as 100/s).
>
> Couldn´t that just be related to user activity (browsi
Hello,
Usually my proxy (Squid 2.5 STABLE10 on RH Linux) performs quite well, but
occasionally I see a drop in the number of successful requests (it's
usually around 200/s, but drops to as low as 100/s). I've written a small
performance test which uses curl to measure time_total, time_connect and
Covington, Chris said:
> On Wed, Oct 26, 2005 at 05:25:08PM -0300, Mantelli, Dami??n [ACARA] wrote:
>> anybody can help me with this?. I will really appreciate that!
>
> Remove the squid RPMs and install the latest squid from source. Check
> your logrotation scripts to make sure they're not killin
> Now I want to configure authentication ntlm, but I obtain the error:
> 'unrecognised ntlm auth scheme parameter 'mac-challenge-lifetime'
max-challenge-lifetime
Joost
> Yoy can try the following new patch that implements connection
> pinning needed for NTLM proxy support:
>
> http://devel.squid-cache.org/projects.html#pinning
Content of patch:
This patch is generated from the negotiate branch of s2_5 in squid
Sun Oct 23 15:19:46 2005 GMT
See http://devel.squid
> I temporarily set permissions on both /cache and /cache/squid to 777. I
> still get the same error. Besides overly strict permissions, is there
> anything else that would cause Squid to give "Permission denied"? Or is
> there anything else i should try?
- What filesystem is on /cache/squid?
- Ho
Ben said:
> hi Kumara
> check it
> http://squid.visolve.com/squid/configuration_manual_24.htm
Which is antique and doesn't cover everything in 2.5 (for instance
auth_param isn't in there)
Joost
How hard would it be to implement strftime() style logfile names (i.e.
things like cache_access_log /var/log/squid/access-%F.log)? That'd avoid
having to rotate the logs every time.
Joost
> 1) does some situation exist where large HTTP outbound transfers are
> done without any Content-Length header? This would make it possible for
> users to work around my acl;
chunked responses (Transfer-encoding: chunked) don't contain Content-Length.
> 2) what happens with HTTPS? Is it subject
> I'm not sure (I doubt) if apache's mod_proxy supports ssl client
> connections.
It does ('ProxySSLEngine on' if memory serves me right)
Joost
M Harrata said:
>
>
> Joost,
> If it's not a security secret, can you describe your alternative solution
> ?
Entrust GetAccess Proxy Server
Joost
> There's no reason for squid to forward request as https, unless the
> network
> between squid and server is untrusted. But in such case, there's usually
> no
> need for using squid.
I disagree. For one customer, we provide reverse proxy functionality
(although it's not Squid). The customer is di
> When I start squid, it tells me :
> FATAL: ipcache_init : DNS name lookup tests failed.
The DNS server you configured (either in squid.conf or in
/etc/resolv.conf) isn't working, or the dns_testnames you defined can't be
resolved by the DNS server you configured.
Joost
[EMAIL PROTECTED] said:
> What if the squid cache is stored on the "/" partition?
That's a bad idea. Your cache could potentially fill up the root partition.
> Wouldn't that be a hideous mistake to set "/" to 'noatime' ?
Wouldn't it be a hideous mistake to put the cache on the same partition as
> Hi Stefano,
>
> thank you for fast answering - you solved the problem :-)
Actually no, he didn't solve the problem, he masked the problem. The real
problem is that MS has done a poor job on the current WU implementation,
forcing it to go through proxies unauthenticated. A -real- solution would
b
> So I change to Fedora 4 with stable 12 and has hangs
> again but now same message. just receiving this
> continously
>
> Oct 6 09:39:50 ngproxy kernel:
> audit(1128605990.095:2): avc: denied { name_co
> nnect } for pid=2195 comm="squid" dest=8001
> scontext=system_u:system_r:squid_t
> tcontex
> Free Memory = 24M !! I have installed on my serverv 1G Reg Ecc
> available
> (plus 2Gb swap). Swap still remain unused and from phisycal memory it
> remain
> 18-24M free.
Two words: memory cache. Reading from memory is much much faster than
reading from disk, so disk reads are cached in memo
> Squid use more and more memory continuously during it's running ,and it
> will restart when all physical memory is exhausted ,so my squid restart
> many times a day . It's boring ,how can I solve the prolem ?
How much memory does your machine have? You have a 5G cache and 256M
memory cache, pe
> On firewall logs i see that squid requests has the original ip source
> (ie eth0) and not the virtual one (eth0:1).
tcp_outgoing_address is your friend.
Joost
> We have Suse Linux 9.2 distribution installed.
>
> Now, when we launch the command ./configure, to compile squid, we get this
> message :
>
> Configure:error:no acceptable cc found in $PATH
You don't have a compiler installed on your machine. Install the gcc package.
Joost
Henrik Nordstrom said:
> On Mon, 19 Sep 2005, Joost de Heer wrote:
>
>> I recently had to work with squid_rad_auth 1.07 on a Linux machine,
>> which needed to talk to a radius server on Solaris 8. I couldn't get the
>> thing to work properly, and after lots of search
James Moe said:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Hello,
> ~ Disclaimer: Yes, I RTFM. Yes, I scanned the archives; because there is
> no search, I probably missed a similar question. Yes, I have lurked here
> for a couple of weeks.
>
> ~ v2.5.stable5
> ~ Can squid be configur
Hello,
I recently had to work with squid_rad_auth 1.07 on a Linux machine, which
needed to talk to a radius server on Solaris 8. I couldn't get the thing
to work properly, and after lots of searching I found out that there is a
difference between the ports defined for radius in /etc/services on Li
Joe Acquisto said:
> Docs say I can purge objects using "squidclient" after setting up acl and
> http_allow.
>
> Cannot find "squidclient" file on the server.
In 2.4, it's called 'client' (located in the bin-directory)
Joost
Xavier Cabrera said:
> Thanks for your answer...
>
> I want to limited the number of connections to a webpage www.foo.com per
> IP address, for example i want to user only connect 5 times to a webpage
> per day.
maxconn won't help you with that. You'll have to write an external acl,
which would lo
John R. Van Lanen, Network Operations - TCCSA said:
> Done that too. Allowed squid -z to rebuild and it will still die with in
> hours.
Did you delete everything before running 'squid -z', including the
cache_swap.log?
Another reason might be hardware related.
- Check all cables
- badblocks test
Xavier Cabrera said:
> Hello i try to use maxconn acl but there is not block for the ip
> configured Can anyone hellpme whit this issue?
Define what you want to do. You only limit the number of concurrent
sessions, not the number of browsers.
Joost
>> So what else do I need to change to get the default start port to 8080?
>> I
>> know I can set it with http_port in the configuration, but things like
>> squidclient still need the -p argument then, and I wanted to avoid that.
> The relevant configuration directive is http_port.
> Please check
I forgot to mention:
- OS: Linux RHES (Taroon update 4)
- Squid version: 2.5STABLE10
Joost
Hello,
I want the port on which Squid starts to be 8080. Default it's port 3128.
But I can't seem to get Squid compiled with the start-port on 8080.
What I did:
- Set the environment variable CACHE_HTTP_PORT to 8080
- ./configure --with-lots-of-options
- Checked include/autoconf.h, in it I see '#
Ken Ara said:
> I have seen this question asked before but I have been
> unable to find the answer.
>
> Using squid-2.5.STABLE9 as reverse proxy, I try to
> defend my server against assorted nasties using lots
> of 'src' and 'browser' acls.
>
> But in access.log, when a 403 is reported, there seems
[EMAIL PROTECTED] wrote:
Hello,
Yes squid have all right on directories it need to.
and here is the output of the squid -Nd1
bash-3.00# ../sbin/squid -Nd1
2005/08/22 07:53:14| Starting Squid Cache version 2.5.STABLE10 for
sparc-sun-solaris2.8...
2005/08/22 07:53:14| Process ID 21606
2005/08/22 07
> acl my_net src 10.0.0.1/255.255.255.0
> acl USERA src 10.0.0.1/255.255.255.255
> acl UPLIMIT req_header Content-Length [5-9][0-9]{5,}
And if the size is 1000? That won't match that regex.
acl UPLIMIT req_header Content-Length [5-9][0-9]{5} [0-9]{7,}
(either 6 digits with a 5-9 at the begin
MARLON BORBA said:
> Squid ubergeeks,
>
> I am configuring a Squid (2.5-STABLE9 in a Fedora Core 4) to authenticate
> users into a LDAP directory. Having succeeded in that configuration, my
> next challenge is to implement access control AND logging of users'
> accesses to forbidden sites.
>
> I cr
[EMAIL PROTECTED] said:
> Hi,
> I try to use the latest Squid compile (squid-2.5.STABLE10-20050816), but
> the system is not starting.
- Did you run 'squid -z' before starting?
- Does the user you start squid with have write access to all directories
it tries to write to?
- Start with 'squid -Nd1'
> Squid´s access log shows this:
>
> 1124403238.616590 10.x.x.x TCP_DENIED/403 310 HEAD
> http://www.download.windowsupdate.com/msdownload/update/v3-19990518/cabpool/ndp1.1sp1-kb867460-x86_74a5b25d65a70b8ecd6a9c301a0aea10d8483a23.exe
> - DIRECT/206.24.192.222 text/html
>
> Does anyone know what
Corey Tyndall said:
> I have tried all of these and none of these provide a fix. I was hoping
> someone had another solution. Also, I am not getting the Zero Size reply
> with the new version just getting a blank screen and then I can hit
> refresh on the browser and everything is fine.
New vers
> Thankyou so much Chris for the reply but the squid.conf says
>
> tcp_outgoing_address
> # Allows you to map requests to different outgoing IP addresses
> # based on the username or sourceaddress of the user making
> # the request.
> #
> # tcp_outgoing_address ipaddr [[!]a
I took a look at the squidaio_counters page today, and saw something strange:
In the Squid book, I read, on page 244: 'The cancel counter is normally
equal to the close counter'. However, when I look at the statistics of my
cache I see the following:
open6011915
close 463
cancel 6011881
T
> acl win1 dstdomain http://*.update.microsoft.com
No, protocol shouldn't be in a dstdomain acl. The correct acl is:
acl win1 dstdomain .update.microsoft.com
If you want the protocol too you need the 'proto' acl type.
Joost
Lasse Mørk said:
> ok. I've putted at the end of squid.conf :(
> Then tried to move it up a little.
>
> Now i looks like this:
> --snip--
>
> acl WIN1 dstdomain http://*.update.microsoft.com
acl WIN1 dstdomain .update.microsoft.com
Joost
Kashif Ali Bukhari said:
> its very hard there is an easy way to solv this problem
> u can by pass authantication on windows update site
Or have Microsoft repair their broken software. But I guess that around
that time, pigs have learned to fly
Joost
1 - 100 of 170 matches
Mail list logo