|
|
|
|
|
|
| Author |
Message |
Pablo Romero
*nix forums beginner
Joined: 01 Feb 2005
Posts: 1
|
 Posted: Tue Feb 01, 2005 11:10 am Post subject:
Squid 2.5 Stable6 doesn't match subdomains
|
|
|
Hello
I am running Squid 2.5Stable6, created an acl like this:
====================================
acl deniedsites dstdomain "/usr/local/squid/blacklists/porn"
http_access deny deniedsites
====================================
The porn file contains entries like:
playboy.com
penthouse.com
When I test the ACL trying to browse http://www.playboy.com, squid doesn't
block the site, but when I go to http://playboy.com, then the site gets
blocked. This means Squid is not matching subdomains.
I installed Squid 2.2 Stable 5, created the same acl, used the same porn
file and the ACL worked. My Question: Is there and option I have to set for
squid 2.5Stable6 match the subdomains?
Hope you can help guys
Regards
Pablo Romero
_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today it's FREE!
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ |
|
| Back to top |
|
 |
Ricardo López Urrutia
*nix forums beginner
Joined: 01 Feb 2005
Posts: 8
|
| Posted: Tue Feb 01, 2005 2:01 pm Post subject:
Re: Squid 2.5 Stable6 doesn't match subdomains
|
|
|
Pablo;
You have to use a . before the domain name.
IE
.playboy.com
.hustler.com
.sex.com
.yahoo.com
Regards!
Ricardo
At 12:10 p.m. 01/02/2005 +0000, Pablo Romero wrote:
| Quote: | Hello
I am running Squid 2.5Stable6, created an acl like this:
====================================
acl deniedsites dstdomain "/usr/local/squid/blacklists/porn"
http_access deny deniedsites
====================================
The porn file contains entries like:
playboy.com
penthouse.com
When I test the ACL trying to browse http://www.playboy.com, squid doesn't
block the site, but when I go to http://playboy.com, then the site gets
blocked. This means Squid is not matching subdomains.
I installed Squid 2.2 Stable 5, created the same acl, used the same porn
file and the ACL worked. My Question: Is there and option I have to set
for squid 2.5Stable6 match the subdomains?
Hope you can help guys
Regards
Pablo Romero
_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today it's FREE!
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
--
No virus found in this incoming message.
Checked by AVG Anti-Virus.
Version: 7.0.300 / Virus Database: 265.8.2 - Release Date: 28/01/2005
|
--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.300 / Virus Database: 265.8.2 - Release Date: 28/01/2005 |
|
| Back to top |
|
|
Guest
|
| Posted: Tue Feb 01, 2005 2:47 pm Post subject:
Re: upgrading Squid 2.5S3 to 2.5S7 broke RealVideo
|
|
|
On Mon, 31 Jan 2005 19:28:36 -0800, I wrote:
| Quote: | We recently upgraded our Squid server from a Sun Ultra60 running
Solaris 2.8 to a Sun V240 running Solaris 2.9. I also took the
opportunity to upgrade Squid from 2.5STABLE3 to 2.5STABLE7. Now our
streaming video (Real Media) no longer works (it hangs).
|
As a follow-up to my own post, I just wanted to reiterate that
RealPlayer is set to *only* use HTTP. Below are some log entries
from the 2.5S7 server that is failing (sorry about the munged domain).
Hopefully someone can help me figure this one out as I am at a loss.
thanks,
Adam
|
|
| Back to top |
|
|
Joost de Heer
*nix forums Guru
Joined: 30 Mar 2005
Posts: 339
|
| Posted: Tue Feb 01, 2005 2:59 pm Post subject:
Re: Squid 2.5 Stable6 doesn't match subdomains
|
|
|
Pablo Romero said:
| Quote: | Hello
I am running Squid 2.5Stable6, created an acl like this:
====================================
acl deniedsites dstdomain "/usr/local/squid/blacklists/porn"
http_access deny deniedsites
====================================
The porn file contains entries like:
playboy.com
penthouse.com
|
Use
..playboy.com
..penthouse.com
Joost |
|
| Back to top |
|
|
Henrik Nordstrom
*nix forums Guru
Joined: 01 Feb 2005
Posts: 2377
|
| Posted: Tue Feb 01, 2005 10:07 pm Post subject:
Re: Pam authentication /etc/shadow
|
|
|
On Tue, 1 Feb 2005, Robert Vangel wrote:
| Quote: | Try removing /etc/pam.d/squid. I have just tried this (on Debian Sarge, pam
0.76-22, squid 2.5 stable 7) myself and it works with no manipulation of pam
(odd I thought... but if it works).
|
It is not soo odd. You probably have suitable defaults in the "other" PAM
service /etc/pam.d/other
Regards
Henrik |
|
| Back to top |
|
|
Henrik Nordstrom
*nix forums Guru
Joined: 01 Feb 2005
Posts: 2377
|
| Posted: Tue Feb 01, 2005 10:09 pm Post subject:
Re: Pam authentication /etc/shadow
|
|
|
On Mon, 31 Jan 2005, Carlos Hernandez wrote:
| Quote: | I am new to squid and I am having a little trouble
authenticating users against /etc/shadow. I am using
FC3, squid-2.5.STABLE6-3 and pam-0.77-66.2. I am
trying to use pam_auth (squid's tool) to authenticate
users against /etc/shadow, but It doesn't work.
|
Have you read the notes in the pam_auth man page regarding this?
| Quote: | Jan 31 17:01:43 gaara squid(pam_unix)[5217]:
authentication failure; logname= uid=23 euid=0 tty=
ruser= rhost= user=carlos
Does squid is running under its own UID? or it's using
root's UID?
|
cache_effective_user/group.
Regards
Henrik |
|
| Back to top |
|
|
Henrik Nordstrom
*nix forums Guru
Joined: 01 Feb 2005
Posts: 2377
|
| Posted: Tue Feb 01, 2005 10:12 pm Post subject:
Re: question on external_acl_type
|
|
|
On Tue, 1 Feb 2005, Norio Korekawa wrote:
| Quote: | Sorry, but just one more comment.
Well, I just want to use different ERR_ pages for user_auth_acl and
myacl by deny_info, say, ERR_USER_AUTH_FAILED for user_auth_acl and
ERR_MYACL_FAILED for myacl.
|
Then just do so ;-)
| Quote: | In case 1. below, squid shows ERR_USER_AUTH_FAILED for user_auth_acl,
however it shows not ERR_MYACL_FAILED but just ERR_ACCESS_DENIED for myacl...
|
This is because you never deny requests by "myacl". Only "user_auth_acl"
(by not being authenticated yet) or the "all" acl when falling thru to the
"deny all" line.
deny_info works by the acl which was active then the request was denied,
which makes it match two kinds of acls:
a) The last acl on an http_access deny line
b) An authentication related acl when the user is not yet authenticated as
this implicitly denies access to request the user to log in.
Regards
Henrik |
|
| Back to top |
|
|
Henrik Nordstrom
*nix forums Guru
Joined: 01 Feb 2005
Posts: 2377
|
| Posted: Tue Feb 01, 2005 10:16 pm Post subject:
Re: PURGE problem in squid-2.5.STABLE7
|
|
|
On Tue, 1 Feb 2005, forgetful tan wrote:
| Quote: | But I found it doesn't work in some unknown situation. I PURGE my
squids, and clean my ie's cache,then review the page. It still the old
version. At last, I found if the GET method pass the 'User-Agent:
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Maxthon; SV1)', then
I'll get the old page. Otherwise, I'll get the new one.
|
Sounds like your server is using Vary.
| Quote: | How can I PURGE all that cached objects without considering the
User-Agent parameter ?
|
Not easy. In Squid-2.5 you need to purge each variant explicitly by
providing the exact matching request headers in the PURGE request.
If you do not provide any of the Vary based request headers in your PURGE
request all you purge is Squids knowledge of what Vary header is used on
this URL. As soon as it learns the Vary header again (and assuming it
hasn't changed) the cached variants will be found again.
Regards
Henrik |
|
| Back to top |
|
|
Henrik Nordstrom
*nix forums Guru
Joined: 01 Feb 2005
Posts: 2377
|
| Posted: Tue Feb 01, 2005 10:20 pm Post subject:
Re: upgrading Squid 2.5S3 to 2.5S7 broke RealVideo
|
|
|
On Mon, 31 Jan 2005 adam-s@pacbell.net wrote:
| Quote: | We recently upgraded our Squid server from a Sun Ultra60 running
Solaris 2.8 to a Sun V240 running Solaris 2.9. I also took the
opportunity to upgrade Squid from 2.5STABLE3 to 2.5STABLE7. Now our
streaming video (Real Media) no longer works (it hangs).
|
Please verify that it really is the Squid upgrade and not the OS upgrade
causing your problems. You can easily do this by either run the new
Squid version on your old server or the old Squid version on your new
server..
Regards
Henrik |
|
| Back to top |
|
|
Henrik Nordstrom
*nix forums Guru
Joined: 01 Feb 2005
Posts: 2377
|
| Posted: Tue Feb 01, 2005 10:26 pm Post subject:
RE: NNTP protocol port 119 throuh squid
|
|
|
On Tue, 1 Feb 2005, K. Yntema wrote:
| Quote: | When i shutdown Squid i can use NNTP and have no problems, but when
squid is started I can't make a NNTP connection So squid blocks the
NNTP protocol.
|
I can assure you that Suqid does nothing of the kind.
What I can think of maybe relating to this is either
a) (unlikely) You use a web browser to connect to NNTP and this web
browser has HTTP proxy support for NNTP. If this is the case then just
tell your browser to not use the proxy for NNTP. HTTP proxying of NNTP is
very limited in functionality and in fact not implemented at all in Squid.
b) (more likely) Maybe your script which starts Squid also sets up
firewalling rules blocking NNTP access.
Regards
Henrik |
|
| Back to top |
|
|
Chris Robertson
*nix forums Guru
Joined: 01 Feb 2005
Posts: 373
|
| Posted: Tue Feb 01, 2005 11:53 pm Post subject:
RE: trying to read squid reports - Reformatted for clarity
|
|
|
| Quote: | -----Original Message-----
From: Daniel Navarro
[mailto:danielnavarro001@yahoo.com]
Sent: Tuesday, February 01, 2005 3:12 PM
To: Squid Cache
Subject: [squid-users] trying to read squid reports
Hi,
what does the hit percentage mean in calamaris
report?
Thanks, Daniel Navarro
Maracay, Venezuela
www.csaragua.com/ecodiver
--- Chris Robertson <crobertson@gci.com> escribió:
It's the percentage of requests that resulted in one
of the following:
item was not modified since last request (IMS_HIT)
item was cached on disk (TCP_HIT)
or
item was still in memory (TCP_MEM_HIT)
In the above list "item" refers to any web object
requested by a browser
(html page, gif image, ccs sheet, etc.).
(I think that covers it, but it might also include
items found on
sibling/parent caches...)
Chris
-----Original Message-----
From: Daniel Navarro [mailto:danielnavarro001@yahoo.com]
Sent: Tuesday, February 01, 2005 3:41 PM
To: Chris Robertson; Squid Cache
Subject: RE: [squid-users] trying to read squid reports
Thanks,
Is there any parameters telling me how much of
browsing is took directly from squid cache?
Regards, Daniel Navarro
Maracay, Venezuela
www.csaragua.com/ecodiver
|
The summary seems to do a pretty good job to me. It shows the total number
of requests, the number that the proxy served, total local bandwidth used
serving requests, how much internet traffic was prevented by using the
cache...
Chris |
|
| Back to top |
|
|
Awie
*nix forums beginner
Joined: 02 Feb 2005
Posts: 49
|
| Posted: Wed Feb 02, 2005 2:19 am Post subject:
Re: Abnormal end of Squid 2.5S7
|
|
|
| Quote: | My Squid2.5S7 (+ all patches) has an abnormal end with (last) message
assertion failed: HttpHeader.c:532: "0". Below the report in cache.log
Make sure you have current versions of the patches. The header_parsing
patch has been updated many times, and your error looks very similar to
a bug fix in one of these updates..
|
Henrik,
After running for more than 30 hours, my Squid never had abnormal end
anymore. Thanks a lot !
Thx & Rgds,
Awie |
|
| Back to top |
|
|
Norio Korekawa
*nix forums beginner
Joined: 01 Feb 2005
Posts: 2
|
| Posted: Wed Feb 02, 2005 3:28 am Post subject:
Re: question on external_acl_type
|
|
|
Hello again Henrik
Thank you for your answer. My understanding of "deny_info" (with
relation to "http_access deny") was just insufficient...
It might look a little redundant, but according to Scott's advice
I guess an appropriate squid.conf would be as follows:
--- my squid.conf --
deny_info ERR_USER_AUTH_FAILED user_auth_acl
deny_info ERR_MYACL_FAILED myacl
http_access allow user_auth_acl myacl
http_access deny !user_auth_acl
http_access deny !myacl
http_access deny all
--- my squid.conf --
Thanks again.
Regards,
Norio
| Quote: | In case 1. below, squid shows ERR_USER_AUTH_FAILED for user_auth_acl,
however it shows not ERR_MYACL_FAILED but just ERR_ACCESS_DENIED for myacl...
This is because you never deny requests by "myacl". Only "user_auth_acl"
(by not being authenticated yet) or the "all" acl when falling thru to the
"deny all" line.
deny_info works by the acl which was active then the request was denied,
which makes it match two kinds of acls:
a) The last acl on an http_access deny line
b) An authentication related acl when the user is not yet authenticated as
this implicitly denies access to request the user to log in.
Regards
Henrik |
|
|
| Back to top |
|
|
Guest
|
| Posted: Wed Feb 02, 2005 9:27 am Post subject:
AW: Can not Browse this url since i update from squ id2.5-stable6 to squid2.5-stable7 - Mail libre de virus.
|
|
|
Works for me showing "Resultado de la consulta para la pieza: TC -
366514830".
# sq version
Squid Cache: Version 2.5.STABLE7
configure options: --enable-auth=ntlm,basic
--enable-external-acl-helpers=winbi
nd_group --enable-basic-auth-helpers=winbind
--enable-ntlm-auth-helpers=winbind
--prefix=/usr/local/squid --with-samba-sources=/usr/local/samba-2.2.5
#
Mit freundlichem Gruß/Yours sincerely
Werner Rost
GMT-FIR - Netzwerk
ZF Boge Elastmetall GmbH
Friesdorfer Str. 175, 53175 Bonn, Deutschland/Germany
Telefon/Phone +49 228 3825 - 420
Telefax/Fax +49 228 3825 - 398
werner.rost@zf.com
Since i update to 2.5stable7 and later they can´t
I test installing again the stable6 with the same squid.conf and works
again.
Any idea it is welcome.
Thanks!
**********************
Gustavo M. Ortega
********************** |
|
| Back to top |
|
|
Guest
|
| Posted: Thu Feb 03, 2005 2:23 am Post subject:
Re: upgrading Squid 2.5S3 to 2.5S7 broke RealVideo
|
|
|
On Tue, 1 Feb 2005 23:20:34 +0100 (CET), Hendrik wrote:
| Quote: | On Mon, 31 Jan 2005 adam-s@pacbell.net wrote:
We recently upgraded our Squid server from a Sun Ultra60 running
Solaris 2.8 to a Sun V240 running Solaris 2.9. I also took the
opportunity to upgrade Squid from 2.5STABLE3 to 2.5STABLE7. Now our
streaming video (Real Media) no longer works (it hangs).
Please verify that it really is the Squid upgrade and not the OS upgrade
causing your problems. You can easily do this by either run the new
Squid version on your old server or the old Squid version on your new
server..
|
Thanks for the great idea Hendrik. I installed each version that
wasn't already tehre on the other server on a different port so I have
both versions running on each server. What we found was that either
*all* versions work for a user or they all *don't* work. So I've
misidentified the problem and apologize for that.
However we've narrowed the problem down to a particular site's Real
Media archives: http://www2.courtinfo.ca.gov/cjer/aoctv/archives.htm.
The older files (e.g. April 13, May 11th, etc.) are RealMedia and fail
to load for a user. Users for whom these files fail can view other
RealVideo files like from ABC.com, Real.com themselves etc. hence we
think it is this sites use or configuration of RealMedia.
For users who can't view the files there is a crazy work-around: if we
allow that user to unproxy themselves and then grab even the beginning
of a RealMedia TV program, then it works. And then, here is the
kicker, the user can go back to using the proxy and ALL the other
files load/view fine for that user after that (i.e. even one's he/she
has never viewed). So I suspect there is some kind of initial
handshake problem. Our webmaster is in contact with the site owners
(and their 3rd party content provider) to see if maybe they are doing
some side-band stuff. Our contact said that they use port 80 to
serve the content but may use port 1964 to setup communication so I
put that in the list of http ports squid accepts, restarted squid and
still it fails for users who have never unproxied as a work-around.
Again, once they unproxy for even just the start of one RealMedia TV
program, then they can go back to being proxied. The WindowsMedia
files (the newer dates at the above site) all play fine.
So I suspect it is a port problem but don't know how to fix it. We've
eliminated the firewall as the culprit because the (internal access
only) DEV squid proxy now has wide open access (any/any) for
connecting to the outside and it still fails there, even with port
1964 added to the accepted http ports.
So I apologize for misidentifying the problem. We are working with
the site but they don't have much info/help so I was hoping someone
here might have encountered something similar - info or a pointer to a
previous thread where this is discussed/fixed would be much
appreciated.
thanks all,
Adam |
|
| Back to top |
|
|
Google
|
|
| Back to top |
|
|
|
|
The time now is Tue Dec 02, 2008 6:29 am | All times are GMT
|
|
Facebook Proxy | Mortgage | Free Credit Report | Mortgages | Loans
|
|
Copyright © 2004-2005 DeniX Solutions SRL
|
|
|
|
Other DeniX Solutions sites:
Unix/Linux blog |
electronics forum |
medicine forum |
science forum |
|
|
Privacy Policy
|
Powered by phpBB © 2001, 2005 phpBB Group
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
Forum index
»
Apps
»
Squid
