Hi All,
Recently I configure Squid as reverse proxy for back-end apache server
running Drupal.
acl airarabia_web dstdomain www.airarabia.com
cache_peer 10.4.171.6 parent 80 0 no-query originserver
name=airarabia_peer2 round-robin forceddomain=www.airarabia.com default
# cache_peer 10.4.171.7
Hi,
I wan to log all type of headers.
I have a similar rule but on i386 system same squid version which works fine
//Remy
tookers wrote:
Hi there,
What particular headers are you trying to log?
e.g. Via: User-Agent: etc
Thanks,
tookers
Mario Remy Almeida wrote:
Hi All,
Squid
Hi,
Thanks for that,
what is support I want to know what all headers are set?
//Remy
*
*
tookers wrote:
Hmm, this works fine for me...
logformat custom ... %{User-Agent}h %h %a
I've tested on an i686 and Sparc based servers and this works fine.
Cheers
tookers
Mario Remy Almeida
Hi All,
Squid Cache: Version 2.7.STABLE6
logformat headers %ts.%03tu %tg %a %rp [ %h ] %rm [ %h ]
access_log /var/log/squid/headers.log headers
but in the headers.log file I get
1255582968.512 15/Oct/2009:05:02:48 + 10.200.2.174 /xbe/css/BG1.jpg
[ - ] GET [ - ]
and no headers are logged.
Hi All,
Was on leave for few days
Thanks for all the support.
In other way if I upgrade to 3.x my problem will be solved?
//Remy
Amos Jeffries wrote:
On Mon, 05 Oct 2009 14:30:06 +0200, Henrik Nordstrom
hen...@henriknordstrom.net wrote:
mån 2009-10-05 klockan 22:56 +1300 skrev Amos
Hi Amos,
Thanks for that, My problem is solved.
Is there any way to by-pass such problems. I mean for known source IP if
HTTP headers are not set then still it is pass through.
//Remy
Amos Jeffries wrote:
Mario Remy Almeida wrote:
Hi Amos,
Thanks for your reply.
You mean the length
Hi All,
would like to know what is the reason that i get NONE:// in the
access.log file as below
1254046127.530 0 195.229.115.202 TCP_DENIED/411 1757 POST NONE:// -
NONE/- text/html
my squid proxy acts like a reverse proxy.
A valid request is sent from the above IP
Could some one help
:AAReadRQExt/soapenv:Body/soapenv:Envelope
//Remy
Amos Jeffries wrote:
Mario Remy Almeida wrote:
Hi All,
would like to know what is the reason that i get NONE:// in the
access.log file as below
1254046127.530 0 195.229.115.202 TCP_DENIED/411 1757 POST NONE:// -
NONE/- text/html
my
Hi Maurizio,
Thanks for your reply.
unfortunately even that policy is not working.
//Remy
Maurizio Marini wrote:
On Tuesday 22 September 2009, Mario Remy Almeida wrote:
Hi All
Need to disable file upload with gmail how can I do this?
acl fileupload req_mime_type -i ^multipart/form
Hi All
Need to disable file upload with gmail how can I do this?
acl fileupload req_mime_type -i ^multipart/form-data$
# Only allow cachemgr access from localhost
http_access allow manager localhost
http_access allow localhost PURGE
http_access deny manager
http_access deny fileupload
the
Hi All,
acl ipA src 10.0.0.1
acl acTime time SM
http_access deny ipA acTime
for the above acl need to have custom ERR_ page
deny_info ERR_TIME_DENIED ipA
deny_info ERR_TIME_DENIED acTime
ERR_TIME_DENIED page is in the squid error directory.
what is the correct deny_info parameter to get a
Hi All,
WebServer Cofnig:
OS: Centos 5.3 running on VM Ware connected to Nortel switch with MTU 1500
Applications: Jboss-4.2.3
Network MTU Setup to 9000
Reverse Proxy Config
OS: Centos 5.3 IBM x3350 Server Connected to Cisco Switch with MTU 1500
Application: Squid 2.7
Network MTU Setup to 9000
Hi Amos,
But I can login and browser the Applications server without any issue
even if MTU set to 9000.
//Remy
Amos Jeffries wrote:
Mario Remy Almeida wrote:
Hi All,
WebServer Cofnig:
OS: Centos 5.3 running on VM Ware connected to Nortel switch with MTU
1500
Applications: Jboss-4.2.3
Hi All
I followed the steps mentioned in the below url
http://wiki.squid-cache.org/ConfigExamples/Reverse/SslWithWildcardCertifiate
when below cmd executed
openssl req -x509 -newkey rsa -out cacert.pem -outform PEM -days 1000
I get below message which means some options missing.
can someone
-07-06 at 10:45 +1200, Amos Jeffries wrote:
Mario Remy Almeida wrote:
Hi All
I followed the steps mentioned in the below url
http://wiki.squid-cache.org/ConfigExamples/Reverse/SslWithWildcardCertifiate
when below cmd executed
openssl req -x509 -newkey rsa -out cacert.pem -outform
Jeffries wrote:
Mario Remy Almeida wrote:
Hi Amos,
Tired with the changed worked very well no issues
One small change in the wiki
in openssl.cnf
it is mentioned as
dir = /usr/newrprgate/CertAuth
but
mkdir newprpgate; cd newrprgate
should be mkdir
Hi All,
Would like to know if its possible to setup reverse proxy for multiple
https with just 1 IP for squid
meaning squid will listen on 1 IP and do reverse proxy for multiple
domains with multiple certificate (certificate as per the domain)
//Remy
Hi Sagar,
Just a Question?
How can a DNS server determine that the primary server is down and it
should resolve the secondary server IP?
//Remy
On Mon, 2009-06-15 at 11:21 +0530, Sagar Navalkar wrote:
Hi Abdul,
Please try to enter 2 different IPs in the DNS
10.xxx.yyy.zz1 (proxyA)
Hi All,
Want to know if load balancing is possible with squid by maintaining
sessions.
Health check should be TCP Ports
eg:
Server A - Active port 8080
Server B - Active port 8080
Client - Squid - Server A and/or B
Request 1 comes from 'Client A' Squid forwards the request to 'Server A'
, it will automatically go down to the 2nd
entry.
Regards,
Sagar Navalkar
Team Leader
-Original Message-
From: Mario Remy Almeida [mailto:malme...@isaaviation.ae]
Sent: Monday, June 15, 2009 1:36 PM
To: Sagar Navalkar
Cc: squid-users@squid-cache.org; 'abdul sami'
Subject
at 23:05 +1200, Amos Jeffries wrote:
Mario Remy Almeida wrote:
Hi All,
Want to know if load balancing is possible with squid by maintaining
sessions.
Health check should be TCP Ports
eg:
Server A - Active port 8080
Server B - Active port 8080
Client - Squid - Server
Thanks Amos for the help
On Tue, 2009-06-16 at 00:30 +1200, Amos Jeffries wrote:
Mario Remy Almeida wrote:
Hi Amos,
Thanks for that,
so I need to use carp and sourcehash to do load balancing, right?
only the one you want.
but where do I specify in squid to monitor
Hi All,
This is my 3rd email for the below mentioned problem.
I am writing this email in the hope that someone will reply and say if
it can be done or not. Just yes or no will do for me so that I know it
is possible or not.
Successfully configure reverse proxy HTTPS but proxy with RPC Over HTTPS
Thanks Amos for the reply
I will go through that provided link.
If anyone having a working configurations could you'll please send it to
me.
//Remy
On Tue, 2009-06-16 at 14:38 +1200, Amos Jeffries wrote:
On Mon, 15 Jun 2009 22:44:33 +0400, Mario Remy Almeida
malme...@isaaviation.ae wrote
Hi All,
I have successfully configured reverse proxy,
But have issue with RCP over https
Testing my setup with the following link
https://www.testexchangeconnectivity.com/
have the below error
Attempting to ping RPC Endpoint 6001 (Exchange Information Store) on
server
Hi All,
I have successfully configured reverse proxy,
But have issue with RCP over https
Testing my setup with the following link
https://www.testexchangeconnectivity.com/
have the below error
Attempting to ping RPC Endpoint 6001 (Exchange Information Store) on
server
Hi All,
I downloaded SSL Certificate from verisign and exported pvt key from
windows 2003 server
in squid.conf I have this
https_port 10.200.22.49:443 accel \
cert=/etc/squid/keys/mail.airarabia.ae_cert.pem \
key=/etc/squid/keys/pvtkey.pem defaultsite=mail.airarabia.ae
when access
/newpvtkey.pem defaultsite=mail.airarabia.ae
cache_peer 10.200.22.12 parent 80 0 no-query originserver login=PASS \
front-end-https=on name=owaServer sslflags=DONT_VERIFY_PEER
//Remy
On Wed, 2009-06-03 at 12:51 +1200, Amos Jeffries wrote:
On Tue, 02 Jun 2009 16:56:08 +0400, Mario Remy Almeida
10.200.22.49mail.airarabia.ae
10.200.22.49 - squid proxy ip
10.200.22.12 - OWA ip
Please find the answers below.
//Remy
On Sun, 2009-05-17 at 18:16 +1200, Amos Jeffries wrote:
Mario Remy Almeida wrote:
Hi Amos,
I followed the instruction as per
http://wiki.squid-cache.org
/hosts emtpy
User (browser)
ProxySettings: 10.200.22.49 port 80
Do I have to by-pass mail.airarabia.com?
//Remy
On Sun, 2009-05-17 at 19:33 +1200, Amos Jeffries wrote:
Mario Remy Almeida wrote:
Hi Amos,
One thing I forgot to mentioned
/etc/hosts has this entry
10.200.22.12
:
Mario Remy Almeida wrote:
Hi Amos,
One thing I forgot to mentioned
/etc/hosts has this entry
10.200.22.12mail.airarabia.ae
Output of host mail.airarabia.ae from dns is -
mail.airarabia.ae has address 10.200.9.20
User (browser) reads the host file from individual
windows_ipaddrchangemonitor off
Thanks for the help
//Remy
On Mon, 2009-05-18 at 00:57 +1200, Amos Jeffries wrote:
Mario Remy Almeida wrote:
My squid.conf
acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
acl SSL_ports
Thanks Amos,
Finally got it working.
Once again thanks for all the support.
Any idea where to start for scanning of https sites I mean documentation
//Remy
On Mon, 2009-05-18 at 02:04 +1200, Amos Jeffries wrote:
Mario Remy Almeida wrote:
Hi Amos,
Thanks for the configuration I managed
at 16:35 +1200, Amos Jeffries wrote:
Mario Remy Almeida wrote:
Hi All,
Need to setup Reverse proxy
I have
Squid 2.7STABLE6
OS Centos
Web server= Microsoft Outlook Web Access
SSL enabled
port 443
My squid config is as below
acl vhosts1_domains dstdomain
Hi All,
Need to setup Reverse proxy
I have
Squid 2.7STABLE6
OS Centos
Web server= Microsoft Outlook Web Access
SSL enabled
port 443
My squid config is as below
acl vhosts1_domains dstdomain mail.airarabiauae.com
http_port 443 accel defaultsite=mail.airarabiauae.com vhost
cache_peer
Hi I have not enabled squidmime.
But logformat headers %ts.%03tu %tg %a %rp [%h] [%h]
Regards,
Remy
On Tue, 2009-05-12 at 16:14 -0800, Chris Robertson wrote:
Mario Remy Almeida wrote:
Hi All,
Can someone help me in understanding why there is NONE:// [-] for
Request Header in the logs
Hi All,
Can someone help me in understanding why there is NONE:// [-] for
Request Header in the logs
logformat - %ts.%03tu %tg %a %ru [%h] [%h]
for [%h] I get NONE:// [-] in the logs
Need help
Regards,
Remy
--
Hi All,
What I mean to say is..
E.G:-
SP 1 = 10.200.2.1
SP 2 = 10.200.2.2
LAN USERS = 10.200.2.x
All lan users should connect to SP1 or SP2 depending upon the load and
if one of the SP is down the other should take the load.
One way of achieving load balance is with DNS
proxy1.example.com
Hi All,
I was on leave so could not reply.
What I mean to say is..
E.G:-
SP 1 = 10.200.2.1
SP 2 = 10.200.2.2
LAN USERS = 10.200.2.x
All lan users should connect to SP1 or SP2 depending upon the load and
if one of the SP is down the other should take the load.
One way of achieving load
Hi All,
any links on how to configure load balancing of squid
Regards,
Mario
Hi All,
Can someone tell me what is the max number of characters allowed in GET
and POST method.
When I access the below URL (mentioned in the access.log file) I get
Invalid URL ERROR message int he browser
message in access.log file
1229585541.757 - 10.200.2.75 TCP_DENIED/400 5595 GET
OK thanks Amos,
the size of the requested URL is 12k and my squid version is 2.6STABLE20
I'll be moving to squid 2.7STABLE5 justing waiting for the new hardware.
any other suggestions.
//Remy
On Fri, 2008-12-19 at 00:03 +1300, Amos Jeffries wrote:
Mario Remy Almeida wrote:
Hi All,
Can
Sorry My mistake i used src instead of dst
//Remy
On Tue, 2008-12-16 at 21:22 +1300, Amos Jeffries wrote:
Mario Remy Almeida wrote:
Hi All,
I am using squid 3.1.0.2
I want squid to connect 213.42.24.11 ip directly without connect to the
parent squid
below is the settings
Hi All,
I am using squid 3.1.0.2
I want squid to connect 213.42.24.11 ip directly without connect to the
parent squid
below is the settings
acl intranet_src src 213.42.24.11
always_direct allow intranet_src
but its going to the parent proxy
in the log file i get this
1229406697.569 4897
Are you using /etc/resolve.conf or dns_nameservers in squid.conf
if /etc/resolve.conf used how may entry are there i mean the number of
name servers
Do the following
eg:
If you have 3
nameserver 10.0.0.1
nameserver 10.0.0.2
nameserver 10.0.0.3
comment out one by one and run
time host
Hi All,
Need help on how to configure c-icap to scan http,https and ftp request
Sample virus to test
http://www.eicar.org/download/eicar.com
my configuration is as below
to test my setup I used the above link but it was not scanned for virus
and I was able to downloaded it nothing is working
Hi Christos,
I used icap_class and icap_access but I get this
2008/11/27 17:07:44| Processing Configuration
File: /etc/squid/squid.conf (depth 0)
2008/11/27 17:07:44| WARNING: 'icap_class' is depricated. Use
'adaptation_service_set' instead
2008/11/27 17:07:44| WARNING: 'icap_access' is
libsigc++20-2.0.17-1.el5.rf
gcc-c++-4.1.2-42.el5
compat-libstdc++-296-2.96-138
compat-libstdc++-33-3.2.3-61
JD
- Original Message
From: Mario Remy Almeida [EMAIL PROTECTED]
To: Squid Users squid-users@squid-cache.org
Sent: Wednesday, November 26, 2008 6:42:08 AM
Hi All,
Can someone tell me how can I scan http,https and ftp request for virus
etc... with squid 3.1.x
Without DG is it possible?
Regards,
Mario
Thnaks Christos.
After applying the patch I managed to install
Regards,
Remy
On Wed, 2008-11-26 at 10:14 -0500, Christos Tsantilas wrote:
Hi Remy,
2nd any idea where am i failing to compile it in ubuntu 8.10
errors
g++ -DHAVE_CONFIG_H
Hi All,
tried to compile squid squid-3.1.0.2 on ubuntu 8.10
with the following options
./configure \
--prefix=/usr \
--localstatedir=/var \
--libexecdir=${prefix}/lib/squid \
--srcdir=. \
--datadir=${prefix}/share/squid \
--sysconfdir=/etc/squid \
--with-default-user=prox \
Hi All
Since compilation failed on Ubuntu 8.10 thought to give a try on rhel 5
32bit
but no luck
had all the No such file or directory error message posted in the early
mail and also got this error message
run make and got the below errors
debug.o: In function `operator std::char_traitschar
Thanks,
Yes I had to do that.
I downloaded the latest daily snapshot last night and copied the file to
squid-3.1.0.2 and it worked fine
now no problem
Regards,
Remy
On Mon, 2008-11-24 at 10:34 +1300, Amos Jeffries wrote:
Hi All,
Tried to compile squid on Ubuntu 8.04
got the bellow
Hi All,
Tried to compile squid on Ubuntu 8.04
got the bellow error message
squid_kerb_auth.c:121:20: error: base64.h: No such file or directory
base64.h file not found under the below directory
helpers/negotiate_auth/squid_kerb_auth/
instead base64.c file found
would like to know if anyone
54 matches
Mail list logo