On Mon, Apr 09, 2007 at 12:51:06PM -0800, Chris Robertson wrote:
> If your user names have upper case characters, and those characters
> are important, perhaps it would be best to set casesensitive on? At
> least give it a try, and see if it fixes the problem.
Thanks a lot, it works.
With warm
On Sun, Apr 08, 2007 at 06:46:59PM +0800, Adrian Chadd wrote:
> On Sat, Apr 07, 2007, Payal Rathod wrote:
>
> > www.google.com:443 - NONE/- text/html [User-Agent: Google Talk\r\nHost:
>
> The hint on how to block google talk from the stand-alone agent is in this
> line.
Hi,
I am using squid on Ubuntu server.
Squid Cache: Version 2.5.STABLE12
My usernames have uppercase letters too, but they are not working. I am
using ncsa_auth and the relevant lines are below.
auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/passwd
auth_param basic children 5
auth_p
On Thu, Apr 05, 2007 at 06:33:48PM +0200, Henrik Nordstrom wrote:
> tor 2007-04-05 klockan 05:37 -0400 skrev Payal Rathod:
> > Hello,
> > Can someone please tell how to block googletalk messenger? I am having
> > all my users dump MSN and yahoo messenger and use it in
Hello,
Can someone please tell how to block googletalk messenger? I am having
all my users dump MSN and yahoo messenger and use it instead.
With warm regards,
-Payal
Hello,
On Wed, Apr 04, 2007 at 10:09:23AM +0200, Henrik Nordstrom wrote:
> Available options:
Thanks for the options. Can you just tell if NTML auth is possible with
vanilla squid or is there any patching required?
With warm regards,
-Payal
On Mon, Apr 02, 2007 at 09:01:34PM +0200, Henrik Nordstrom wrote:
> m??n 2007-04-02 klockan 14:33 -0400 skrev Payal Rathod:
> > Hi,
> > Whenever my users get html mails in their OE, a login name and password
> > window is shown. How do I prevent that?
>
> Using whi
On Mon, Apr 02, 2007 at 09:01:34PM +0200, Henrik Nordstrom wrote:
> m??n 2007-04-02 klockan 14:33 -0400 skrev Payal Rathod:
> > Hi,
> > Whenever my users get html mails in their OE, a login name and password
> > window is shown. How do I prevent that?
>
> Using whi
Hi,
Whenever my users get html mails in their OE, a login name and password
window is shown. How do I prevent that? I am using Squid Cache: Version
2.5.STABLE12.
I have already done in my squid.conf,
acl oe browser Outlook
http_access allow oe
Also, I tried,
extension_methods SEARCH SUBSCRIBE
Hi,
Is there any way I can block googletalk through squid? I am unable to
block it as it also uses www.google.com:443
Any ideas?
With warm regards,
-Payal
Hi,
We have a few design sites which we change often. My users see the old
sites, because of caching. I want to remove the sites from cache.
I have in my configuration,
acl bvdesigns src 192.168.0.0/255.255.0.0
acl PURGE method PURGE
http_access allow PURGE bvdesigns
http_access deny PURGE
I the
On Thu, Mar 10, 2005 at 04:14:39PM +0100, Elsen Marc wrote:
>
> >
>
> acl blocked_ip_addresses dst "/whatever_path/blocked_ip_addresses.txt"
> http access deny blocked_ip_addresses
>
> Put IP's only in the designated file.
>
Thanks for the mail. But why can't I put IPs and domain names in
Hi,
I have blocked a few sites by the domain names but some users access
them by their IPs. How do I stop this. I searched google and archives
but couldn't get exact answer. I tried putting in my block.txt files,
which has domain names too,
http://
and
but both do not work. Any ideas on this pl
On Thu, Jan 13, 2005 at 09:17:11AM +0100, Elsen Marc wrote:
>
> http://www.squid-cache.org/Doc/FAQ/FAQ-11.html#ss11.41
>
> (Conn reset by peer , explanation).
I should have mentioned that I had already read that while
researching on her problems. But unlike the FAQ mentioned she is
getting m
Hi,
My friend is using squid/2.5.STABLE4 in her institute on a Linux
system. She is having around 300 users. Many a times when she tries
to go to google's cache or 'Similar pages' link she gets,
(104) Connection reset by peerAn error condition occurred while
reading data from the network. Please
Hi,
I want to have log for a particular user only on how much data
transfer he does and which sites are visited. It is because I have
very less disk space for logs.
Something like sarg for a single user though. Any ideas on the same?
-Payal
On Fri, Aug 20, 2004 at 01:49:34PM +0200, Henrik Nordstrom wrote:
> On Fri, 20 Aug 2004, Payal Rathod wrote:
>
> >A few of our clients put their designs on their sites and update them
> >regularly. Now I am behind squid server. My users are complaining they
> >can see the
Hi,
A few of our clients put their designs on their sites and update them
regularly. Now I am behind squid server. My users are complaining they
can see the old designs and not new ones. Is there anything I can do
about it? Right now I told them (allowed them) to bypass proxy to access
the net. But
On Thu, Aug 19, 2004 at 01:34:39PM +0800, Jay Turner wrote:
> Try SARG..
>
> http://sarg.sourceforge.net/sarg.php
Thanks a lot fro the replies. I have tried both sarg and squint and they
both are fantastic. Great ones.
Thanks a lot for the help.
With warm regards,
-Payal
Hi,
I rotate my squid logs daily. Do we have any log analysers which will
tell which site is accessed by whom? I want something like a list of
users along with the sites accessed by them daily. AFAIK, calamaris does
not do such a thing.
With warm regards,
-Payal
Hi,
Thanks for the extremly detailed mail. A small general question
for all.
On Tue, Aug 03, 2004 at 02:20:23PM -0300, Pablo Gietz wrote:
> # acl for file types of prohibited docs for downloads
> acl acl_prohibited_doc urlpath_regex -i "/etc/squid/prohibited.doc"
and this contains,
\.com$
Will
Hi,
A friend of mine, a lab teacher, at a college is going to install squid
on her college's Mandrake 10.0 official machine. She will use the default
squid-2.5 Stable4 rpm cos' she is very new to unix. The problem is that
there will be around 300 students using it as a proxy server plus
around 25 t
Hi,
I have IP based authentication. Since I am on slow line I have
allowed only 5 users to access the net. But when they are not in office
other users use their IP and browse the net.
So I am trying squid to authenticate with simple ncsa_auth against a
htaccess file. But here I have a problem that
On Thu, Jul 01, 2004 at 01:29:13PM -0400, Adam Aube wrote:
> If all you are using is a proxy_auth REQUIRED acl, he doesn't need to create
> the group on the Windows side. Any valid Windows logon should work.
Then I guess I should remove the REQUIRED tag.
Also, can I just use smb_auth and deny re
--- Adam Aube <[EMAIL PROTECTED]> wrote:
> >> Use the Winbind helpers. More info is in the
> Squid FAQ:
I couldn't find much documentation out of this. I
created an acl internet_all with proxyauth REQUIRED
and allowed access to it. Btw, the windows machine has
something called as Active Directo
--- Adam Aube <[EMAIL PROTECTED]> wrote:
> Use the Winbind helpers. More info is in the Squid
> FAQ:
Is smb_auth Ok and easier? I know nothing much about
Windows.
I want something which is easy. I may not have access
to the windows machine in a day or two and before that
I want to try it out. I
Hello all,
In my branch office has Win2k machine as PDC. Now I
want to try my Linux squid lapto authenticate users
from that machine and allow/deny access. I don't know
anything about MS-Windows. What do I need to do to
authenticate against windows box? I need something
easy and encouraging to wor
Hi,
I have a simple squid configuration file where I have
just one acl wherein I allow IPs to access my proxy.
Many times when I am not in office my boss wants to
allow or disable access to a particular IP. He is not
familar with vi or any other CLI editor In Linux and I
am afraid he may mess the
Hi Henrik,
Great explanations, but some doubts inline.
On Wed, Apr 21, 2004 at 03:35:42PM +0200, Henrik Nordstrom wrote:
> Depending on which delay pool class there may be 0 to 3 buckets involved.
> The available bandwidth to the user is the least of all involved buckets,
> and any delivered b
On Sat, Apr 17, 2004 at 06:32:55PM +0200, Henrik Nordstrom wrote:
>
> > Does this mean that when say IP 192.168.1.99 starts browsing, first time
> > she will get speed of 12Kb but later it will be maximum of 64KB?
>
> It means that he will be given 12 KByte at full speed, then 8 KByte /
> second.
On Sat, Apr 17, 2004 at 12:00:12PM -0400, Adam Aube wrote:
> No. It means the first 12 KB (kilobytes) downloaded will be at full speed,
> and anything beyond that will be limited to 64 Kbps (kilobits). If the
> delay pool remains idle for about 2 seconds, the 12 KB burst will be
> restored.
Ok.
On Sat, Apr 17, 2004 at 09:44:05AM -0400, Adam Aube wrote:
> Adam Aube wrote:
>
> > delay_parameters 1 8000/12000 #64 Kbps sustained; 96 Kbps burst
>
> A small correction - that comment should actually be:
>
> # 64 Kbps sustained; 12 KB initial burst (downloaded at full speed)
>
> This isn't
On Fri, Apr 16, 2004 at 11:50:43PM -0400, Adam Aube wrote:
> Payal Rathod wrote:
>
> > One software company some distance from us have agreed to share their
> > bandwidth with us for2 months. They will give us 128KBps.
>
> Who will enforce this 128kbps limit - the
Hi,
Since we are in a isolated area there are no ISP to offer permanent
oconnections. One software company some distance from us have agreed to
share their bandwidth with us for2 months. They will give us 128KBps. But the
charges will be very high per Mb. So, I want to allow only few IPs
(192.168.1
On Wed, Mar 10, 2004 at 10:25:37PM +0100, Henrik Nordstrom wrote:
> On Wed, 10 Mar 2004, Payal Rathod wrote:
>
> > Ok. Maybe you are right. But then what is the correct acl list I have to
> > use?
>
> If you want to block something without requesting a new login then the
On Wed, Mar 10, 2004 at 04:26:09PM +0100, Henrik Nordstrom wrote:
> > But it is not working. The password for cl_no users are not at all
> > accepted.
>
> Probably it is accepted, but as they are denied access Squid asks if they
> want to log in as another user..
Ok. Maybe you are right. But the
On Wed, Mar 10, 2004 at 09:51:37AM -0500, Tim Neto wrote:
> I'd recommend:
>acl blockdc_yahoo dstdomain .yahoo.com
>acl blockdc_hotmail dstdomain .hotmail.com
>acl break_time1 time 08:30-08:45
>acl break_time2 time 15:30-15:45
>http_access deny !break_time1 !break_time2 blockd
Hi,
I have 3 users "shilpa, amol and atul" to whom I must block yahoo and
hotmail completely except during tea breaks. Also, I must allow other
users to access the net completely. What can I do for this? I tried,
acl blockdc dstdomain .yahoo.com .hotmail.com
acl cl_no proxy_auth shilpa amod atul
a
On Sun, Mar 07, 2004 at 06:53:32PM +0100, Henrik Nordstrom wrote:
> Because your OS does not allow files larger than 2GB for "normal"
> applications.
OT, but any way I can increase this limit?
> Apart from what you have already done:
>
> * rotate the logs more often before the magic 2GB file si
Hi,
A few days back there was a virus in the office. It just sent requests
to n3t.com.br a non-existence domain. The result was that the access.log
file grew almost 1.8Gb and squid stopped. I still had a space of 10Gb on
the file system where logs were dumped. Why did squid stop then?
Unfortunately
On Wed, Mar 03, 2004 at 10:02:59PM +0100, Henrik Nordstrom wrote:
> On Wed, 3 Mar 2004, Payal Rathod wrote:
>
> > My friend's place where it works, she has a similar configuration like
> > mine and her squid.conf does not have port 8443 listed anywhere. The
> > only
On Wed, Mar 03, 2004 at 05:24:52PM +0100, Henrik Nordstrom wrote:
> On Wed, 3 Mar 2004, Payal Rathod wrote:
>
> > On Wed, Mar 03, 2004 at 07:45:46AM +0100, Elsen Marc wrote:
> > > > I use squid on my Mandrake 9.1 server which has few acls for my users.
> > > &g
On Wed, Mar 03, 2004 at 07:45:46AM +0100, Elsen Marc wrote:
> > I use squid on my Mandrake 9.1 server which has few acls for my users.
> > Now, the problem is that my users need to access a domain with,
> > https://web.example.net:7443
> > https://designs.example.net:8443
> >
> > It does not work
Hi,
I use squid on my Mandrake 9.1 server which has few acls for my users.
Now, the problem is that my users need to access a domain with,
https://web.example.net:7443
https://designs.example.net:8443
It does not work when they have squid server's setting in their browsers
(IE), but when I remove
On Tue, Feb 24, 2004 at 12:56:21PM +0100, [EMAIL PROTECTED] wrote:
> hy, i ve got a problem with me squid,
>
> squid.config lines:
>
> cache_mem 127 MB
> cache_dir diskd /cache/squid/ 2048 16 256
> cache_store_log /cache/squid/squid_store.log
> cache_swap_log /cache/squid/swap.log
Maybe the part
On Tue, Feb 24, 2004 at 09:35:20AM +0100, Henrik Nordstrom wrote:
> On Mon, 23 Feb 2004, Payal Rathod wrote:
>
> > But where do I exactly define IP range for acl new_test?
>
> You don't. You puth the IP range in another acl and then combine the two
> in http_access.
Hi,
I am trying plain simple authentication for squid 2.5 Stable 3.
I am not too sure how acls works in this case. I have,
acl new_test proxy_auth REQUIRE
http_access allow new_test
But where do I exactly define IP range for acl new_test?
I tried putting,
acl new_test src 192.168.10.2
But I am g
On Thu, Jan 15, 2004 at 09:42:07PM +0100, Henrik Nordstrom wrote:
> On Thu, 15 Jan 2004, Payal Rathod wrote:
>
> > Say of 5 interfaces eth0, eth1, eth2 etc. I need squid to listen to
> > only eth0, lo and eth0:1 i.e. 192.168.10.10, 127.0.0.1, 192.168.10.20 ,
> > can t
Hi,
Say of 5 interfaces eth0, eth1, eth2 etc. I need squid to listen to
only eth0, lo and eth0:1 i.e. 192.168.10.10, 127.0.0.1, 192.168.10.20 ,
can this be done? What is the exact syntax for http_port in this case?
With warm regards,
-Payal
--
For GNU/Linux Success Stories and Articles visit:
On Mon, Jan 12, 2004 at 09:32:17AM +0100, Elsen Marc wrote:
> > Unfortunately, we are unable to process your request at this time. We
> > apologize for the inconvenience. Please try again later.
> > Return to Yahoo!"
> >
> > The minute proxy is removed, it starts working properly.
> >
> > What mu
On Mon, Jan 12, 2004 at 09:00:06AM +0100, Henrik Nordstrom wrote:
> The principle is correct, but there is some small errors:
>
> a) allowed should be a dstdomain acl type. and the first element it not
> correct. I think you want
>
>acl allowed dstdomain .staticy.com .gnu.org
>
> b) not_al
Hello,
I use,
Squid Cache: Version 2.5.STABLE3
My users are facing problems when they try to check yahoo mails. They
get the sign-in screen but when they enter username and password they
get,
Unfortunately, we are unable to process your request at this time. We
apologize for the inconvenience. Pl
Hi,
Can someone please correct me if I am wrong?
Setup - allow client 192.168.10.19-192.168.10.21 only some sites.
acl clients1 192.168.10.19 192.168.10.20 192.168.10.21
acl allowed dst http://staticky.com www.gnu.org
acl not_allowed dst 0.0.0.0
http_access allow allowed clients1
http_access deny
On Sat, Jan 10, 2004 at 12:38:22AM +0100, Henrik Nordstrom wrote:
> On Fri, 9 Jan 2004, Payal Rathod wrote:
>
> > Can you please explain what you mean by that?
>
> That your blacklist maybe does not match the server accessed while
> browsing the hotmail service, only the s
On Fri, Jan 09, 2004 at 05:36:43PM +0100, Henrik Nordstrom wrote:
> What do you get in access.log when they do?
I don't have the logs right now. But I will try them first thing
tomorrow.
> Probably you do not block the servers used after logging in, only the
> servers used during the login.
Can
Hello all,
I have full access for some clients and part access for other like,
acl everyone src 192.168.10.0/255.255.255.0
acl block_them dstdomain .yahoo.com .hotmail.com .rediffmail.com
acl full_pl src 192.168.10.1 192.168.10.200 192.168.10.20
acl full_pl_dst dst 0.0.0.0
acl lunch_time time 13:2
Hi,
I use squid in a small LAN. Here squid is just a basic caching proxy for
192.168.10.0/24. I want to trim down squid's config file so that my
collegues who are not friendly with *nix can use it for a while when I
am away on vacation. They might just need it to add or remove an ip in allow acl.
On Tue, Jan 06, 2004 at 04:48:14AM +0100, Henrik Nordstrom wrote:
> On Tue, 6 Jan 2004, Payal Rathod wrote:
>
> > I will be on vacation for a while later this month and so do not need
> > any logs on my machine for squid. How do I disable logging? I am using,
> > Squid Ca
Hi,
I will be on vacation for a while later this month and so do not need
any logs on my machine for squid. How do I disable logging? I am using,
Squid Cache: Version 2.5.STABLE3
I googled a while before asking this, but could not find a exact
solution. One solution suggested using /dev/null as a
Hi,
My friend has a cybercafe with RH Linux installed which is the proxy
server and gateway for the rest of clients. She has got good b/w saving
when I suggested squid on it. It is just a vanilla installation of
squid. The bandwidth available is very costly here. It would be
great if you can share
On Tue, Nov 18, 2003 at 04:47:02PM +0100, Henrik Nordstrom wrote:
> On Tue, 18 Nov 2003, Payal Rathod wrote:
>
> > A friend of mine who own a cybercafe and has squid setup as a caching
> > proxy. She is charged per Mb of download. Is it possible to know how
> > much b
Hi,
A friend of mine who own a cybercafe and has squid setup as a caching
proxy. She is charged per Mb of download. Is it possible to know how
much bandwidth is saved due to squid? If yes, how do I go about it?
With warm regards,
-Payal
--
For GNU/Linux Success Stories and Articles visit:
On Wed, Nov 05, 2003 at 09:56:56PM +0100, Henrik Nordstrom wrote:
> On Wed, 5 Nov 2003, Payal Rathod wrote:
>
> > Thanks for the mail. Well, I have only one proxy running, and webserve
> > ris on 80. But I believe I mentioned port 0? What might be the reason
> > that squ
On Thu, Nov 06, 2003 at 05:26:38AM +0700, Robert Collins wrote:
> On Thu, 2003-11-06 at 07:56, Henrik Nordstrom wrote:
> > On Wed, 5 Nov 2003, Payal Rathod wrote:
> >
> > > Thanks for the mail. Well, I have only one proxy running, and webserve
> > > ris on 80.
On Thu, Nov 06, 2003 at 09:26:38AM +1100, Robert Collins wrote:
> On Thu, 2003-11-06 at 07:56, Henrik Nordstrom wrote:
> > On Wed, 5 Nov 2003, Payal Rathod wrote:
> >
> > > Thanks for the mail. Well, I have only one proxy running, and webserve
> > > ris on 80.
On Wed, Nov 05, 2003 at 04:30:03PM +0100, Henrik Nordstrom wrote:
> On Wed, 5 Nov 2003, Payal Rathod wrote:
>
> > The problem is that they can browse alright, but the acls I have defined
> > do not work. e.g. I don't allow access to hotmail and yahoo but when
> > t
On Wed, Nov 05, 2003 at 11:37:15AM +0100, Henrik Nordstrom wrote:
> On Wed, 5 Nov 2003, Payal Rathod wrote:
>
> > I have in squid,
> > http_port 192.168.10.100:3128
> >
> > But people in the office can browse the net using 192.168.10.100 and
> > port
Hi,
I have in squid,
http_port 192.168.10.100:3128
But people in the office can browse the net using 192.168.10.100 and
port too.
Plus they can brose without giving a port number, but just the ip of
proxy.
How can I stop that? Do I need to give any more info? What? It is simple
out-of-box squ
On Fri, Sep 19, 2003 at 02:14:49PM +0200, Henrik Nordstrom wrote:
> On Fri, 19 Sep 2003, Payal Rathod wrote:
>
> > What if I have to allow from time 09:00-10:00 and 6:00-07:00 too with
> > lunchbreak?
> >
> > I mean the users can access hotmail, yahoo in the abvoe 3
On Thu, Sep 18, 2003 at 03:28:27PM +0200, Henrik Nordstrom wrote:
acl my_network src 192.168.10.0/24 ...
[...]
Thanks for the mail. It worksbeautifully. Just one small question below.
> acl webmail dstdomain .yahoo.com .hotmail.com
> acl lunchbreak time 13:00-14:00
> http_access deny !lunchbreak
Hi,
I am at a loss to configure squid acl meeting the following
requirements.
1. All clients must have internet access throughout the day.
2. Clients 192.168.10.1, 192.168.10.2, 192.168.10.5 (can be
changed to something appropriate if you wish) will have access to all
sites throughout the day.
3.
On Mon, Sep 15, 2003 at 10:38:39AM +0800, Henrik Nordstrom wrote:
> On Thursday 31 July 2003 16.00, Payal Rathod wrote:
>
[...]
Don't you think we are little late for the reply :)
Anyway, I think you had replied that time only. And I am receving
strange bounce s saying that squ
On Thu, Jul 31, 2003 at 09:52:22PM +0200, Henrik Nordstrom wrote:
> > I ran from 127.0.0.1 itself.
> > Shall I try it from other browser?
> > I mean from any other machine?
>
> Your interception rule in iptables only applies to traffic forwarded,
> not traffic originating from the box itself.
Th
On Thu, Jul 31, 2003 at 07:29:18PM +0200, Henrik Nordstrom wrote:
> On Thursday 31 July 2003 16.00, Payal Rathod wrote:
>
> > Can you give an example? I am not getting what you mean exactly.
> > I use squid on Mdk Linux 9.1 2.4.21 default kernel.
>
> Where
On Wed, Jul 30, 2003 at 10:53:58AM +0200, Henrik Nordstrom wrote:
> Do you rin linkx locally on the proxy server? In such case you need to
> use NAT rules in OUTPUT as well I think, and use a kernel with
> support for NAT of local connections, and use a user match to allow
> Squid to go out (if
Hi,
For life of it I am still unable to get transparent proxy working.
Now I am trying it on a single standalone Linux Mdk 9.1 box with
dial-up connection to net with squid.
Then I removed the proxy tab from links and tried surfing the net hoping
that access_log will be filled no matter if proxy i
76 matches
Mail list logo