| Author |
Message |
Henrik Nordstrom
*nix forums Guru
Joined: 01 Feb 2005
Posts: 2377
|
 Posted: Tue Jul 18, 2006 10:46 pm Post subject:
RE: Re: Re: imp--- help required for making squid transparent.
|
|
|
tis 2006-07-18 klockan 22:19 +0000 skrev shoaib akbar:
| Quote: | i have installed Squid Cache: Version 2.6.STABLE1-20060718 , but this also isn;t working.
is there still any other possiblity
|
Works in many other installations..
what happens?
any errors in cache.log?
any errors shown in the browser? (if using IE, make sure to disable
"user friendly errors" before responding.. the IE internal error
substitution pages is not of any use to anyone)
Regards
Henrik |
|
| Back to top |
|
 |
Henrik Nordstrom
*nix forums Guru
Joined: 01 Feb 2005
Posts: 2377
|
| Posted: Tue Jul 18, 2006 10:01 pm Post subject:
Re: Re: imp--- help required for making squid transparent.
|
|
|
ons 2006-07-19 klockan 02:53 +0500 skrev shoaib akbar:
| Quote: | The patching option didn't solve my problem.
kindly tell me about the second option, what do you mean by nightly
snapshot.
|
See http://www.squid-cache.org/Versions/v2/2.6/
Regards
Henrik |
|
| Back to top |
|
|
Henrik Nordstrom
*nix forums Guru
Joined: 01 Feb 2005
Posts: 2377
|
| Posted: Tue Jul 18, 2006 9:31 pm Post subject:
RE: Re: imp--- help required for making squid transparent.
|
|
|
tis 2006-07-18 klockan 21:28 +0000 skrev shoaib akbar:
cd squid-2.6.STABLE1
patch -p1 <../10801.patch
../configure etc as usual when building Squid.
Alternatively you can grab the nighly snapshot release which includes
this bugfix and numerous other bugfixes since 2.6.STABLE1 was released,
or wait for 2.6.STABLE2 which shouldn't be far away..
Regards
Henrik |
|
| Back to top |
|
|
Henrik Nordstrom
*nix forums Guru
Joined: 01 Feb 2005
Posts: 2377
|
|
| Back to top |
|
|
Henrik Nordstrom
*nix forums Guru
Joined: 01 Feb 2005
Posts: 2377
|
| Posted: Tue Jul 18, 2006 8:43 pm Post subject:
Re: Help me !. Problem whit Squid 2.5 - commBind: Cannot bind socket FD 11
|
|
|
tis 2006-07-18 klockan 15:23 -0500 skrev Raul Lapitzondo:
| Quote: | linux squid[15990]: commBind: Cannot bind socket FD 11 to
192.168.0.1:3128: (99) Cannot assign requested address
|
This generally indicates 192.168.0.1 is not an IP address assigned on
your network interface..
Check your http_port settings, and make sure it matches what you expect.
Regards
Henrik |
|
| Back to top |
|
|
Richard Steven
*nix forums beginner
Joined: 15 Jul 2005
Posts: 2
|
| Posted: Tue Jul 18, 2006 10:05 am Post subject:
rd_steven@hotmail.com
|
|
|
|
unsubscribe |
|
| Back to top |
|
|
John Walubengo
*nix forums beginner
Joined: 05 May 2005
Posts: 17
|
| Posted: Mon Jul 10, 2006 5:47 am Post subject:
RE: HowDo I: Get Date stamp on the access.log
|
|
|
Thanx Geoff.
U have given me exactly what I needed; a step by step
solution aka the 'dummy's version'  .
thanx alot.
walu.
--- Geoff Varney <geoff.varney@esd112.org> wrote:
| Quote: | John,
Here are the files if you're interested.
Geoff
-----Original Message-----
From: John Walubengo [mailto:jwalu@yahoo.com]
Sent: Friday, July 07, 2006 1:39 AM
To: Guido Serassio; Laurent Marc 00
Cc: squid-users@squid-cache.org
Subject: Re: [squid-users] HowDo I: Get Date stamp on the
access.log
Below is my sample access.log data:
1152258629.089 23364 172.16.32.80 TCP_MISS/200 4625 GET
http://www.pcreview.co.uk/template/vbulletin.css student
DIRECT/70.86.33.18 text/css
1152258629.261 2792 172.16.32.80 TCP_MISS/200 2570 GET
http://www.htmlgoodies.com/css/starlight/star-light.css
student DIRECT/63.236.73.67 text/css
It is basically the default log; how can i get it to show
the date:time stamp so that I get to know WHEN the users
accessed these sites?
walu.
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection
around
http://mail.yahoo.com
|
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com |
|
| Back to top |
|
|
Dirk
*nix forums addict
Joined: 03 Apr 2005
Posts: 61
|
| Posted: Thu Jul 06, 2006 5:59 am Post subject:
Re: [squid-users] squid dns problem
|
|
|
In ipcop are 2 resolv.conf, one in /etc and the the other in /var/ipcop/red.
The one in /var/ipcop/red is updated by the connection to the ISP.
Why isn't here an update to /etc/resolv.conf at the same time?
Dirk
| Quote: | ons 2006-07-05 klockan 18:08 +0700 skrev dny:
i have this weird problem with squid on a clean install ipcop 1.4.10
there are lots of website give out error:
The dnsserver returned:
No DNS records
ping to the domain from ipcop box gives unknown host error.
but, when i ping the domain name from client pc, it gives out good reply.
and when i disable the proxy, the website opened up fine.
Most likely the two is using different DNS servers. The one used by the
clients working, but the one used by Squid & ipcop broken...
check /etc/resolv.conf.
Regards
Henrik
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
IPCop-user mailing list
IPCop-user-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org
https://lists.sourceforge.net/lists/listinfo/ipcop-user
|
= = = = = = = = = ========= = = = = = = = = = =
Dirk
dirk-CWa3ahdiOKprRZJ7SnVzDQ@public.gmane.org
06.07.2006
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 |
|
| Back to top |
|
|
Nathaniel Staples
*nix forums beginner
Joined: 04 Jul 2006
Posts: 3
|
| Posted: Wed Jul 05, 2006 3:04 am Post subject:
RE: RE: WARNING: Cannot run '/user/bin/ntlm_auth'process.
|
|
|
Henrik
Thank you very much! Changing my firewall settings solved the problem!
Wish I had known about it 2 days ago!
Nathaniel
-----Original Message-----
From: Henrik Nordstrom [mailto:henrik@henriknordstrom.net]
Sent: Wednesday, 5 July 2006 8:54 AM
To: Nathaniel Staples
Cc: squid-users@squid-cache.org
Subject: Re: [squid-users] RE: WARNING: Cannot run
'/user/bin/ntlm_auth'process.
ons 2006-07-05 klockan 08:44 +1000 skrev Nathaniel Staples:
| Quote: | This line
was then followed by 5 "WARNING: Cannot run '/user/bin/ntlm_auth'
process."
|
This error is usually seen if there is a local firewall blocking
communication over the loopback address (127.0.0.1).
Squid-2.5 and earlier uses TCP/IP over the loopback address for talking
to it's helpers. 2.6 and later uses UNIX domain sockets if available
avoiding this issue (and a few other similar issues..).
Regards
Henrik |
|
| Back to top |
|
|
Henrik Nordstrom
*nix forums Guru
Joined: 01 Feb 2005
Posts: 2377
|
| Posted: Tue Jul 04, 2006 10:53 pm Post subject:
Re: RE: WARNING: Cannot run '/user/bin/ntlm_auth' process.
|
|
|
ons 2006-07-05 klockan 08:44 +1000 skrev Nathaniel Staples:
| Quote: | This line
was then followed by 5 "WARNING: Cannot run '/user/bin/ntlm_auth'
process."
|
This error is usually seen if there is a local firewall blocking
communication over the loopback address (127.0.0.1).
Squid-2.5 and earlier uses TCP/IP over the loopback address for talking
to it's helpers. 2.6 and later uses UNIX domain sockets if available
avoiding this issue (and a few other similar issues..).
Regards
Henrik |
|
| Back to top |
|
|
Nathaniel Staples
*nix forums beginner
Joined: 04 Jul 2006
Posts: 3
|
| Posted: Tue Jul 04, 2006 10:44 pm Post subject:
RE: WARNING: Cannot run '/user/bin/ntlm_auth' process.
|
|
|
Joost
Thanks for pointing that out. Nearly killed my self reading it. HOWEVER
the error is in the config I posted not my config, I just copied it off
the squid website and edited it for my email and forgot to edit out the
local part of the path.
The actual lines in the config file are :
auth_param ntlm program /usr/bin/ntlm_auth
--helper-protocol=squid-2.5-ntlmssp
auth_param basic program /usr/bin/ntlm_auth
--helper-protocol=squid-2.5-basic
I also checked this path to make sure that was actually where the file
was and it is correct. As a note it was one of the directories I gave
the proxy group full privileges on.
Nathaniel
-----Original Message-----
From: Joost de Heer [mailto:sanguis@xs4all.nl]
Sent: Tuesday, 4 July 2006 10:11 PM
To: Nathaniel Staples
Cc: squid-users@squid-cache.org
Subject: Re: WARNING: Cannot run '/user/bin/ntlm_auth' process.
Nathaniel Staples wrote:
| Quote: | Hi all!
auth_param ntlm program /usr/local/bin/ntlm_auth
--helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 5
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 2 minutes
auth_param basic program /usr/local/bin/ntlm_auth
--helper-protocol=squid-2.5-basic
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
This line
was then followed by 5 "WARNING: Cannot run '/user/bin/ntlm_auth'
process."
|
Is this the exact message? Because there's a path mismatch between your
config and the actual message.
Are you sure you're editing the correct squid.conf file?
Joost |
|
| Back to top |
|
|
Henrik Nordstrom
*nix forums Guru
Joined: 01 Feb 2005
Posts: 2377
|
| Posted: Mon Jul 03, 2006 9:21 pm Post subject:
Re: transparent proxying in squid 2.6-Stable1
|
|
|
mån 2006-07-03 klockan 13:06 +0700 skrev RdBSD:
| Quote: | before i have squid 2.5.stable 13 and then i want to transparent and
get authentication in each user who's connected to internet using
their browser.
|
Not possible I am afraid. This is not something you can do in a proxy
using proxy authentication. You will need to implement a separate
authentication system keeping track of your users and reporting the user
name to Squid via external_acl_type..
| Quote: | And then i found squid2.6 stable which support
auth-on-accell.
|
Yes, but it's litterally what it says. Authentication in accelerator
mode infront of YOUR web servers under your administrative control, not
when transparently intercepting traffic to other web servers.
Proxy authentication requires the browser to be configured to use the
proxy.
Authentication in accelerator mode is web server authentication, unique
to each web server and for that web server only.
| Quote: | my problem is howto make transparent proxy in squid
2.6stable ?.
|
Similar to 2.5, except that you use the word transparent in the
http_port line instead of the "httpd_accel_host virtual" thing one used
in 2.5..
But unfortunately a small bug crept in into 2.6.STABLE1 in the
transparent interception mode. See bug #1650.
| Quote: | http_port ip-proxy:3128 transparent vhost vport=80 defaultsite=virtual
protocol=http
cache_peer ip-sibling sibling 8080 3130 no-query originserver
|
This is a typical reverse proxy setup, not transparent proxy..
A transparent proxy setup looks more like
http_port ip-proxy:3128 transparent
and due to bug #1650 you will also need the following until a patch is
available if you don't have any parent proxies the request should be
forwarded to:
always_direct allow all
patch will be available shortly.
Regards
Henrik |
|
| Back to top |
|
|
fulan Peng
*nix forums beginner
Joined: 02 Jul 2006
Posts: 4
|
| Posted: Mon Jul 03, 2006 2:08 pm Post subject:
Re: How to set up a reverse proxy server over SSL?
|
|
|
Hello,
I got success to set up a reverse proxy server over SSL.
The following is my experience:
1, compile squid with --enable-ssl and optional --with-openssl= if your
ssl-devel not in /usr/include/openssl f.e.
--with-openssl=/usr/local/include
../configure --enable-ssl --with-openssl=/usr/local/ssl/include
2. cd /usr/local/squid/etc
mkdir demoCA
cd demoCA
touch index.txt
echo "01" > serial
mkdir private
mkdir newcerts
generate CA certificate (self-signed)
/usr/local/ss/bin/openssl req -new -x509 -keyout
/usr/local/squid/etc/demoCA/private/cakey.pem -out
/usr/local/squid/etc/demoCA/cacert.pem -days 365 -subj
/CA=US/ST=xxxx/L=xxxxx/OU=xxxx/O=xxxx/CN=yourdomain/emailAddress=youremail@address.com
3. generate certificate
/usr/local/ssl/bin/openssl req -new -keyout key.pem -out req.pem -days 365
where req.pem - certificate request
4. Remove the password from the key.
cd /usr/local/squid/etc
cp key.pem key.pem.old
/usr/local/ssl/bin/openssl rsa -in key.pem.old -out key.pem
5.sign this certificate with your CA cert
/usr/local/ssl/bin/openssl ca -in /usr/local/squid/etc/req.pem -out
/usr/local/squid/etc/cert.pem
6.remove unneeded lines from cert.pem (usually you only need
lines beetwen
-----BEGIN CERTIFICATE-----
..........................
.......................
-----END CERTIFICATE-----
7. add this in squid.conf
https_port [ip_address:]port cert=/where/cert.pem key=/where/key.pem
Here are the keys for the config of squid:
acl huanghuagang.org dstdomain huanghuagang.org
acl our_networks src 192.168.0.0/24
http_access allow huanghuagang.org
http_access allow our_networks
https_port 8888 accel vhost cert=/usr/local/squid/etc/cert.pem
key=/usr/local/squid/etc/key.pem
cafile=/usr/local/squid/etc/demoCA/cacert.pem defaultsite=xxx.fr
cache_peer huanghuagang.org parent 80 0 no-query originserver name=huanghuagang
cache_peer_access huanghuagang allow huanghuagang.org
If I need another site, I would assign 8889 to this site and repeat
everything above. I do not know if there is a better way. But this way
is easy to understand.
On 7/3/06, frankpeng@netscape.net <frankpeng@netscape.net> wrote:
| Quote: | Yes. I have finished to set up reverse proxy server without SSL. It is
fast! I love it! Now it is an issue to add SSL on it.I think it will
not be hard. I will post the whole procedure and the actual woking
squid.conf file once I got success.
Thank you!
-----Original Message-----
From: Henrik Nordstrom <henrik@henriknordstrom.net
To: fulan Peng <fulanpeng@gmail.com
Cc: squid-users@squid-cache.org; Visolve Squid <squid@visolve.com
Sent: Mon, 03 Jul 2006 07:34:54 +0200
Subject: Re: [squid-users] How to set up a reverse proxy server over
SSL?
mån 2006-07-03 klockan 09:17 +0530 skrev Visolve Squid:
Hello Peng,
The following steps are used to configure the squid-3.0 with SSL
Compile squid with the ssl support option
./configure --prefix=/usr/local/squid --enable-ssl
Edit the squid configuration for squid with SSL support (Reverse
proxy)
https_port 443 protocol=http
cert=/path/to/server/certificate/server_cert.pem
key=/path/to/server/key/server_priv_key.pem vport=<port in which the
back end server listen
almost... you should primarily use defaultsite=your.main.site to enable
reverse proxy mode and maybe vhost is you need to support domain based
virtual hosting. vport is normally not needed. The port number is
specified in cache_peer.
As hinted above you also need a cache_peer line defining the origin
server address and port.
acl SSL method CONNECT
never_direct allow SSL
The CONNECT mthod is not applicable to reverse proxies and should
probably be denied entirely...
Regards
Henrik
|
|
|
| Back to top |
|
|
frankpeng@netscape.net
*nix forums beginner
Joined: 24 Jun 2006
Posts: 8
|
| Posted: Mon Jul 03, 2006 9:58 am Post subject:
Re: How to set up a reverse proxy server over SSL?
|
|
|
Yes. I have finished to set up reverse proxy server without SSL. It is
fast! I love it! Now it is an issue to add SSL on it.I think it will
not be hard. I will post the whole procedure and the actual woking
squid.conf file once I got success.
Thank you!
-----Original Message-----
From: Henrik Nordstrom <henrik@henriknordstrom.net>
To: fulan Peng <fulanpeng@gmail.com>
Cc: squid-users@squid-cache.org; Visolve Squid <squid@visolve.com>
Sent: Mon, 03 Jul 2006 07:34:54 +0200
Subject: Re: [squid-users] How to set up a reverse proxy server over
SSL?
mån 2006-07-03 klockan 09:17 +0530 skrev Visolve Squid:
| Quote: | Hello Peng,
The following steps are used to configure the squid-3.0 with SSL
Compile squid with the ssl support option
./configure --prefix=/usr/local/squid --enable-ssl
Edit the squid configuration for squid with SSL support (Reverse
proxy)
https_port 443 protocol=http
cert=/path/to/server/certificate/server_cert.pem
key=/path/to/server/key/server_priv_key.pem vport=<port in which the
back end server listen
|
almost... you should primarily use defaultsite=your.main.site to enable
reverse proxy mode and maybe vhost is you need to support domain based
virtual hosting. vport is normally not needed. The port number is
specified in cache_peer.
As hinted above you also need a cache_peer line defining the origin
server address and port.
| Quote: | acl SSL method CONNECT
never_direct allow SSL
|
The CONNECT mthod is not applicable to reverse proxies and should
probably be denied entirely...
Regards
Henrik |
|
| Back to top |
|
|
RdBSD
*nix forums beginner
Joined: 03 Jul 2006
Posts: 3
|
| Posted: Mon Jul 03, 2006 6:06 am Post subject:
transparent proxying in squid 2.6-Stable1
|
|
|
Dear All,
before i have squid 2.5.stable 13 and then i want to transparent and
get authentication in each user who's connected to internet using
their browser. And then i found squid2.6 stable which support
auth-on-accell. my problem is howto make transparent proxy in squid
2.6stable ?.
here;s my squid install configuration :
...
...
--enable-auth-on-acceleration \
...
--enable-truncate \
--enable-x-accelerator-vary \
--enable-follow-x-forwarded-for
here's my squid config :
http_port ip-proxy:3128 transparent vhost vport=80 defaultsite=virtual
protocol=http
cache_peer ip-sibling sibling 8080 3130 no-query originserver
#Authentication
auth_param basic program /usr/local/squid/libexec/auth.pl
auth_param basic children 5
auth_param basic realm Restricted Access
auth_param basic credentialsttl 1 hours
firewall :
rdr fxp0 from 192.168.0.0/24 to 0/0 port=80 -> ip-proxy port 3128 tcp
but it always show this error message :
ERROR
The requested URL could not be retrieved ________________________________
While trying to retrieve the URL: http://www.microsoft.com/isapi/redir.dll?
The following error was encountered:
Unable to forward this request at this time.
This request could not be forwarded to the origin server or to any
parent caches. The most likely cause for this error is that:
The cache administrator does not allow this cache to make direct
connections to origin servers, and
All configured parent caches are currently unreachable.
Your cache administrator is webmaster.
________________________________
Generated Mon, 03 Jul 2006 05:52:48 GMT by Aptech (squid/2.6.STABLE1)
but if i checked the tools-options-connection
and fill the ip-proxy address, then the above error disappear.
can anyone help me ?
Thanks |
|
| Back to top |
|
|
Google
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
Forum index
»
Apps
»
Squid
