We've a situation at our facility where specific clients sit in static IP
address block This clients are considered "restricted" and I need a way
to get these clients to access a set of websites that I've defined.
There's probably 20 or 30 sites.
Can I get some recommendations on how to do th
Did you try blocking: ".playboy.com" ?
"Dave Mullen" <[EMAIL PROTECTED]> wrote on 06/09/2006 04:09:11 PM:
> Fellow Users,
>
> I have squid running with a blacklist, but I seem to have found an issue
with
> my config. The blacklist lists a domain, but it's not blocking any
subdomains
> of that
What do you mean you're not connected? You mean you have no route to the
dns server that's defined in /etc/resolv.conf ??
Tim
[EMAIL PROTECTED]
06/02/2004 11:15 AM
To: [EMAIL PROTECTED]
cc:
Subject:Re: [squid-users] squid close
I have DNS server in re
I'd just as soon block all instant messaging. Completely. In the few
cases where it is for business intents, we'll use a service like SameTime.
I've seen viruses, child pornography and the likes hit a company network
because of instant messaging. It isn't a matter of "it's my network, all
I'm not sure where squid stores the DNS cache. However, your test of
attempting to use a transparent proxy, is probably not sufficient. I had
a lot of trouble using the Auto-Configuration script with Internet
Explorer. I mean, a LOT. I found out that there was/is a bug in IE 5.0+
where-in,
Angela is correct.
If you set client_netmask to 255.255.255.255 it will block ip addresses
from being logged. That is the whole point in client_netmask.
Here's the tag, from the documentation:
# TAG: client_netmask
# A netmask for client addresses in logfiles and cachemgr output.
# Change thi
My first suggestion would be to look at the permissions of the cache
directory.
Does the squid user have write permissions to it?
Regards,
Tim Rainier
"Sunil Mohan Ranta" <[EMAIL PROTECTED]>
07/07/2004 02:20 PM
To: [EMAIL PROTECTED]
cc:
Subject:[squid
This has happened before and I guess I have never gotten to the bottom of
it. All of the sudden, squid took and held onto 98% of the CPU.
The machine has plenty of CPU and RAM, not to mention disk space. There
were no warnings in the cache.log.
cache_effective_user is set to nobody.
coredump_
This has happened before and I guess I have never gotten to the bottom of
it. All of the sudden, squid took and held onto 98% of the CPU.
The machine has plenty of CPU and RAM, not to mention disk space. There
were no warnings in the cache.log.
cache_effective_user is set to nobody.
coredump_
Do the following:
[internet] <- [mail server] <-> [fw & gateway coyote]
<> [proxy server] <---> [LAN]
Tim
Fabrice Régnier <[EMAIL PROTECTED]>
08/25/2004 09:54 AM
To: [EMAIL PROTECTED]
cc:
Subject:
Squid needs to be running on your LAN.
Tim
Fabrice Régnier <[EMAIL PROTECTED]>
08/25/2004 12:27 PM
To: [EMAIL PROTECTED]
cc:
Subject:Re: [squid-users] squid + masquerade
You mean i should create a third network ? the proxy server should be a
stand alon
My understanding is that "CONNECT" was originally designed to allow a
proxy to dynamically switch to being a tunnel. ie: ssl.
The problem is, application vendors are mis-using the CONNECT method
because it's "easy".
These particular vendors and their products are rendered as tainted
because t
I have a list of IP addresses from which I want to allow access to a
specific number of internet addresses.
Can someone help get me started with this?
Thanks,
Tim Rainier
What is your cache.log showing?
And your access.log, particularly entries related to sites that "don't
return a response".
pierre <[EMAIL PROTECTED]> wrote on 10/05/2006 11:08:10 AM:
> Hello,
>
> I m a newbie with squid.
> I just installed it on a Freebsd station with 2 interfaces (one on
> in
I know I've had to ask this before, but I went to the FAQ and searched for
UTC and couldn't find what I'm looking for.
Somone, quite a while back, sent me a utc.pl script to convert standard
input from UTC to GMT.
Can someone point me to that script? Google was frutstrating because UTC
was fo
access.log stores the time/date stamp as: nnn.nnn where 'n' is a digit
between 0 and 9.
I'd like to read timestamps in human-readable form. :-)
Like I said, there was a simple perl command to convert it. I just don't
know where to find it.
Henrik Nordstrom <[EMAIL PROTECTED]> wrote on 03
Please don't top post? I'm not sure what you mean.
Chris Robertson <[EMAIL PROTECTED]> wrote on 03/15/2007 06:22:35 PM:
> [EMAIL PROTECTED] wrote:
> > access.log stores the time/date stamp as: nnn.nnn where 'n' is a
digit
> > between 0 and 9.
> >
> > I'd like to read timestamps in human-re
Has this issue been resolved? I read a lot of the threads that were
talking about it and thought it was fixed, but I'm still getting plenty of
email from him.
Tim Rainier
UNIX Systems Administrator, Kalsec INC.
Robert Collins <[EMAIL PROTECTED]>
09/15/2003 09:13 AM
To: Dee
I'm not positive about squidnt, but in linux, I have to use -k reconfigure
when I make any changes to the squid configuration.
"Dilan Arumainathan" <[EMAIL PROTECTED]>
10/29/2003 01:33 PM
To: <[EMAIL PROTECTED]>
cc:
Subject:[squid-users] SquidNT - maximu
I'm sure there's a faq or a specific document on setting up squid to run
transparently. I cannot find it.
Can someone point me to one?
Regards,
Tim Rainier
Thank you.
Unfortunately, it seems we can't use transparency mode, for two reasons.
The first is authentication. That howto specifically says that you cannot
use authentication via transparency.
The sole purpose of us using the proxy is for authentication.
The second is because of https. We h
I know this was answered already, so my apologies.
I need to know the ./configure parameter to allow MAC Address ACL's.
Regards,
Tim Rainier
I'm running Squid 2.5 STABLE4 in Transparency.
The proxy server is my gateway.
My NAT table looks as follows:
[EMAIL PROTECTED] logs]# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
REDIRECT tcp -- anywhere anywhere
Here is the output:
[EMAIL PROTECTED] logs]# iptables -t nat -L -n -v
Chain PREROUTING (policy ACCEPT 49710 packets, 8766K bytes)
pkts bytes target prot opt in out source destination
152 REDIRECT tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp
dpt:80 redir ports 8000
1
Using 2.5.stable4
Using basic_auth with htpasswd files and would like to know if there's a
way to:
1.) Expire passwords in squid, somehow.
2.) Allow the users to change their passwords.
Thanx,
Tim Rainier
Is there a way for me to redirect to a specific URL if the user's password
is "blank" ??
You suggested using an external ACL to block users with an expired
password. Here's how I'm expiring passwords, since I'm using the NCSA
helper:
When I create a user, it dumps a username, a 'tab' and an e
Would the smb/winbind helper be able to do what I'm asking?
Or. Could you give me a little guidance on "writing a small helper that
tells squid the password is expired".
I don't have much of an idea on what that means. ;-)
TimR
Henrik Nordstrom <[EMAIL PROTECTED]>
01/15/2004 01:24 PM
Do I have to do anything at compile time, in order to use the
redirect_program directive?
I've specified the redirect_program for squidGuard, but it doesn't seem
like squid is passing acl stuff to squidGuard.
Tim Rainier
Is there a point in time at which squid's performance decreases because of
the size of the store.log?
Is there a mechanism to control the size of store.log? Do I need to
control the size of store.log?
What about access.log?
If there's documentation, I'd be glad to read it and apologize for bei
Does it make ANY sense, to use transparency mode on a network that already
has routers in place?
I'm arguing with my netadmin on the best way to place the proxy server in
our environment.
TimR
I've been asked for a baseline on the proxy server. I need to know of any
utilities, processes, I can look at to help me determine how well squid is
performing. And how to estimate increases and decreases based on user
count and requests per second.
TimR
1076134181.846148 .kal.kalsec.com TCP_MISS/200 3551
CONNECT ad.doubleclick.net:443 - DIRECT/216.73.87.22 -
How do I get around this problem?
That request should've been denied, it seems it was allowed because the
requesting agent is using the CONNECT method.
Is there anything I can do abou
If you can ping wpad and wpad.kal.kalsec.com you're issue is probably not
in name resolution.
There is a bug in IE 6 (i'm not convinced the bug doesn't exist in ie5
too) in that, when IE submits the http://wpad/proxy.pac request, it
truncates the very last character on the proxy.pac file.
Since
Doesn't yahoo use the same machine (ip address) for login requests? If
you don't know it, run a sniffer on a machine and identify it.
Then, simply block the machine(s) using the dst acl directective.
Tim Rainier
"Winanjaya" <[EMAIL PROTECTED]>
02/19/2004 09:34 PM
Please respond to "Winanjay
I have an issue with two client machines at the company I work for. All
clients are configured to "Automatically Detect Settings" in IE 6 sp1.
Of the two clients, one of them flat out cannot access the internet
through the proxy unless I explicitly specify the proxy information and
have nothing
Sorry for the late reply. The clients are WindowsNT and Windows2k
machines and I've figured out the problem.
My first recommendation to you, is to copy wpad.dat to wpad.da and
proxy.pac and proxy.pa
There's a bug in IE that truncates the last character of the proxy script.
To fix this parti
Is there a way to have squid automatically flush the cache when it reaches
it limit?
I suppose I could, alternatively, write a shell script that runs every
hour and analyses the size of the cache directory, then entities the
swap.state file(s) and clears the directories when it gets close to t
Our cache filled up. Squid cosumed 99% of the CPU and filled it's memory
buffer, at which point it nearly filled our swap partition.
I tried to give it an abort, then core signal (kill -6), but for some
reason, it didn't write the core file.
Anyone care to share their thoughts on that one? It'
I strongly advise against blocking http://ip_address.
There are WAY too many websites that redirect to an ip address.
You really should use a firewall to control worms and viruses.
Besides, if you leave it open, your access.log will be able to tell you of
any machines on your network that migh
http://www.squid-cache.org/Scripts/
Plenty of useful products there.
Regards,
Tim Rainier
E Roberts <[EMAIL PROTECTED]>
03/26/2004 12:25 PM
To: [EMAIL PROTECTED]
cc:
Subject:[squid-users] Looking for good log analysis
package
I have been going one
Nothing other than a "your cache limit has been reached", about 300
messages saying the same thing. I wanted a core file to see what squid
was doing.
but, after I sent it a signal 6, it only aborted and didn't write a core
file. My squid.conf is pasted below. Perhaps my core_dir isn't set
pr
32-bit Architecture. What would you suggest cache_mem to be on a system
with 1 gig of ram?
What would you suggest as a maximum_object_size ??
The filesystem is 40gig.
What do you mean by, "if the filesystem usage gets too big" ??
Regards,
Tim Rainier
Matus UHLAR - fantomas <[EMAIL PRO
Unfortunately the logfile has already been rotated out. I don't remember
the exact error message.
I couldn't get to cachemgr.
And yes, my squid startup scripts run as root. I will change this.
I just wish I knew why squid consumed all those resources. I appreciate
everyone's help.
Regards,
Well, the cache_mem thing sounds interesting. I'm going to try 512MB to
start with.
My filesystem isn't close to 90% full. Only about 6 gigs being using in
total (including the cache).
I appreciate all your suggestions.
Regards,
Tim
Matus UHLAR - fantomas <[EMAIL PROTECTED]>
03/30/2004 03
I've been running SuSE 7.3 for 4 years now. I've, not once, had to
contact SuSE for support on their operating system. There's so much
support and documentation in other places (web, usenet, irc) I haven't
bothered with support from SuSE. SuSE does tend to drop support on their
operating sys
Are you being told the cache is corrupted by people or squid? If squid is
reporting it, what is/are the error(s)?
If a person is telling you, where are they getting this information from.
"Corrupt" is a very vague term and is used more often than it should be.
I'd be interested in seeing your c
SuSE can be just as 'minimal' as any other linux distribution. I select
the packages I need for the system, regardless of the distribution. There
are a ton of benefits to the suse operating system. It's system
management tools are impressive. Just because a distribution has a lot
of softwa
This is specifically what seemed to be my issues when Squid utilization
was out the roof.
This error was in cache.log about 300 times. My cache directory was full,
as well.
I'm very interested with this issue.
Regards,
Tim Rainier
"Raphael Maseko" <[EMAIL PROTECTED]>
04/02/2004 11:00 AM
CacheMGR.
Detailed information on the Cache Manager can be found in section 9 of the
Squid FAQ.
Regards,
Tim Rainier
Michael Gale <[EMAIL PROTECTED]>
04/02/2004 03:47 PM
To: [EMAIL PROTECTED]
cc:
Subject:Re: [squid-users] CPU usage
Hello,
101 - 149 of 149 matches
Mail list logo
