Re: squid-users-digest Digest V00 #351

From: Jake <jromeyn@dont-contact.us>
Date: Wed, 28 Jun 2000 22:43:45 -0700

I have installed squid 2.3 on RedHat 6.0 of linux. I enabled ipchains and
am using wpm cache manager to allow and dislalow ip addresses. I have two
ethernet cards, one connected to the internet and one to my LAN. The cache
proxy server is working "kind of" . My problem is as follows:

With the Netscape browser set up manualy and the Intenet connected I can
browse the net OK and the Web pages are cached. But when I go to another
client on the LAN and the Internet not conected I can not obtain the cached
sites. If, however, I leave the internet connected and get the home page of
the site I have "cached" and than disconnect the internet all the other
pages are available from the cache server.

Can anyone help?

Jacob Romeyn
jromeyn@tkc.com

At 12:22 PM 6/28/00 -0700, you wrote:
>squid-users-digest Digest Volume 00 : Issue 351 Today's Topics: IE5
>and https [ Glen Blundell ] Re: Question on
>hardware configurati [ Martin Brooks ] clients have to refresh their
>pages [ "Dan Williamson" ] logging cookies ? [
>"Kristoffer Lippert" ] RE: MAC add. based ACL [ Ilker
>Gokhan ] Re: ipchains redirect problem [ Leonardo Rodrigues ]
>Re: Squid with Web Folders [ Henrik Nordstrom To:
>squid-users@ircache.net Subject: IE5 and https Message-ID: Content-Type:
>text/plain; charset=us-ascii MIME-Version: 1.0 Content-Transfer-Encoding:
>7bit I have been configuring and Squid proxy (2.3.STABLE3) and have been
>able to get https (or SSL) working for Netscape and IE4 without much
>effort, but it wont work under IE5, and i dont get an error, it just never
>response. In the access log, the request seems normal but shows 0 0 for
>data, no nothing is being returned. Using tcpdump the requests are this:
>Netscape 4.7: CONNECT www.anz.com:443 HTTP/1.0 User-Agent: Mozilla/4.7
>[en] (WinNT; I) Response: HTTP/1.0 200 Connection established IE5:
>CONNECT www.anz.com:443 HTTP/1.1 User-Agent: Mozilla/4.0 (compatible;
>MSIE 5.5; Windows NT 5.0) Host: www.anz.com Content-Length: 0 Pragma:
>no-cache Response: Nada ... He thinks its because of the extra stuff in
>the HTTP requests that IE 5 has. Any help is greatly appreciated as this
>is very frustrating. Thanks Glen Date: Wed, 28 Jun 2000 07:26:56 +0100
>From: Martin Brooks To: "LAU CHI CHEUNG SAMUEL" , SQUID Subject:
>Re: Question on hardware configuration Message-Id: Content-Type:
>text/plain; charset="us-ascii"; format=flowed MIME-Version: 1.0 At 09:25
>28/06/00 +0800, LAU CHI CHEUNG SAMUEL wrote: >Dear all, > >I am a novice on
>using Squid. Can you tell me what is the >minimum hardware configuration on
>using a PC proxy server >that can serve 50 clients with a good result ?
>P2-233, 2gb hard drive, 64mb of RAM is more than adequate. Regards Martin
>A. Brooks ------------------------------------ The package said Windows NT
>4 or better - I installed Linux. Date: Wed, 28 Jun 2000 07:30:13 +0100
>From: Martin Brooks To: Glen Blundell , squid-users@ircache.net Subject:
>Re: IE5 and https Message-Id: Content-Type: text/plain;
>charset="us-ascii"; format=flowed MIME-Version: 1.0 At 15:24 28/06/00
>+1100, Glen Blundell wrote: >I have been configuring and Squid proxy
>(2.3.STABLE3) and have been able >to get https (or SSL) working for
>Netscape and IE4 without much effort, >but it wont work under IE5, and i
>dont get an error, it just never >response. I found an unspecified problem
>with IE5 and SSL that gave similar symptoms. The problem seems to be when
>IE5 tries to negotiate an SSLv3 session with an Apache server. (I've only
>verifed this as being a problem with SSL under Apache 1.3.12 and IE5).
>The only way round it was to add a directive to the SSL configuration on
>the Apache server so that MSIE client would be forced to negotiate an SSLv2
> connection. Regards Martin A. Brooks
>------------------------------------ The package said Windows NT 4 or
>better - I installed Linux. Date: Wed, 28 Jun 2000 16:02:51 +0800 (CST)
>From: big_fish@email.com.cn To: squid-users@ircache.net Subject: Is this
>possible? Message-ID: Content-Type: text/plain MIME-Version: 1.0
>X-MIME-Autoconverted: from 8bit to quoted-printable by ircache.net id
>MAA24394 I'm using squid-2.3S3 on FreeBSD-R4. There is some sites that
>squid can't retrieve diretly, I must use parent proxy to solve this.Now I
>have some sites defined to use "never-direct".But if sometime there is a
>new sites need to use parent proxy to be retrieved, I must add this sites
>manully.What I want is: if squid can't retrieve a site in a limited time,he
>then forward the request to parent automatically. Is this possible? I
>think this is a useful function.
>---------------------------------------------- 欢迎您使用
>百家商务电子邮件系统 http://www.email.com.cn Welcome to E-mail business
>system Date: Wed, 28 Jun 2000 12:13:15 +0200 From: Marc Dubrowski To:
>squid-users@ircache.net Subject: Two questions about client identification
>Message-Id: Content-Type: text/plain MIME-Version: 1.0
>Content-Transfer-Encoding: 8bit Hi all, We're using squid here on a test
>bastion-host. It runs twice: once as a cache-proxy, once as a cache
>accelerator Two questions: 1) As a cache accelerator, I'd like to have
>the logs identical to apache's. That means having the description of the
>client's browser. Is it possible ? How? 2) As a cache proxy, I noticed
>that a lot of my users used Outlook to get their mail on hotmail.com
>through squid. Is there a way to prevent the access of these specific
>mail-clients, for security and bandwidth reasons (they keep it on all
>night, sometime) ? If there are any pointers, let me know.. Thanks In
>advance. -- Marc Dubrowski Kind of a Network Administrator
>K.B.I.N.I.R.Sc.N.B. 29 rue Vautier B-1040 Brussels, Belgium Date:
>Wed, 28 Jun 2000 13:44:39 +0300 From: Ilker Gokhan To:
>"'marcus@kbinirsnb.be'" Cc: squid-users@ircache.net Subject: RE: Two
>questions about client identification Message-ID: Content-Type:
>multipart/alternative; boundary="----_=_NextPart_001_01BFE0ED.DC5C2CC4"
>MIME-Version: 1.0
>
> >-----Original Message-----
>>From: Marc Dubrowski [mailto:marcus@kbinirsnb.be]
>>Two questions:
>>
>>1) As a cache accelerator, I'd like to have the logs identical
>>to apache's.
>>That means having the description of the client's browser. Is
>>it possible ? How?
>>
>>2) As a cache proxy, I noticed that a lot of my users used
>>Outlook to get their
>>mail on hotmail.com through squid. Is there a way to prevent
>>the access of
>>these specific mail-clients, for security and bandwidth
>>reasons (they keep it
>>on all night, sometime) ?
>> acl MailSides dstdomain .hotmail.com .mail.com /* etc */
>http_access deny MailSides >If there are any pointers, let me know..
>>
>>Thanks In advance.
>> Greetings from Istanbul,
>Ilker G. Date: Wed, 28 Jun 2000 13:50:00 +0300 (Saudi Standard Time)
>From: Farooq Ashraf To: squid-users@ircache.net Subject: CARP Message-ID:
>Content-Type: TEXT/PLAIN; charset=US-ASCII MIME-Version: 1.0 Hello: I
>have squid-2.3 STABLE3 running on an alpha running RedHat Linux 6.2. It is
>working mostly fine. However, there is one little quirk. My cache is
>cascaded with a number of parents that are (fortunately or unfortunately)
>running MS Proxy. Now, the administrator of the MS Proxy wants me to
>configure CARP and join the array that he has. How to do this in squid? I
>have seen a compile time option to --enable-carp. I have done that. But
>what to do after that? Any suggestions?
>----------------------------------------------------------- | Farooq Ashraf
> | Tel : (966) 3-860-5634 | | System Admin. & Lecturer |
>Fax : (966) 3-860-5634 | | College of Computer Science | | |
> and Engineering (CCSE) | | | King Fahd University of | E-Mail:
> | | Petroleum & Minerals (KFUPM)|
>farooq@ccse.kfupm.edu.sa | | KFUPM Box 1218 |
>farooq.ashraf@usa.net | | Dhahran 31261, Saudi Arabia |
> | -----------------------------------------------------------
>Date: Wed, 28 Jun 2000 12:55:55 +0200 From: Marc Dubrowski
><marcus@kbinirsnb.be> To: Ilker Gokhan <IlkerG@sumerbank.com.tr> Cc:
>squid-users@ircache.net Subject: RE: Two questions about client
>identification Message-Id: <00062812581702.04703@px20_115> Content-Type:
>text/plain MIME-Version: 1.0 Content-Transfer-Encoding: 8bit On Wed, 28
>Jun 2000, you wrote: > > > > >-----Original Message----- > >Two
>questions: > > > >1) As a cache accelerator, I'd like to have the logs
>identical > >to apache's. > >That means having the description of the
>client's browser. Is > >it possible ? How? > > > >2) As a cache proxy, I
>noticed that a lot of my users used > >Outlook to get their > >mail on
>hotmail.com through squid. Is there a way to prevent > >the access of >
>>these specific mail-clients, for security and bandwidth > >reasons (they
>keep it > >on all night, sometime) ? > > > > acl MailSides dstdomain
>.hotmail.com .mail.com /* etc */ > http_access deny MailSides > > >If
>there are any pointers, let me know.. > > > >Thanks In advance. > > > >
>Greetings from Istanbul, > Ilker G. Well, denying the access to hotmail is
>not my goal: All I want is to prevent them from using MSOutlook for that.
>-- Marc Dubrowski Kind of a Network Administrator
>K.B.I.N.I.R.Sc.N.B. 29 rue Vautier B-1040 Brussels, Belgium Date:
>Wed, 28 Jun 2000 12:18:44 +0100 From: Matthew Hunter <matthewh@rcp.co.uk>
>To: squid-users@ircache.net Subject: Squid with Web Folders Message-ID:
><217F6DFA440ED111ACDA00A0C906B006010B0D32@arsenic.rcp.co.uk> Content-Type:
>text/plain; charset="iso-8859-1" MIME-Version: 1.0 Hi all, I am running
>Squid 2.2Stable3 (yes, I will upgrade it at some point :-). We wish to
>block all external internet access except through the proxy server, but
>unfortunately this cannot be done as Web Folders (M$) do not run through
>Squid. I believe they use NTLM, which would explain the problem. Does
>anyone know if there is a work-around for this? Cheers, Matt. -- Matt
>Hunter Date: Wed, 28 Jun 2000 07:05:56 -0500 From: "Dan Williamson" To:
>Subject: clients have to refresh their pages Message-ID: Content-Type:
>text/plain; charset="iso-8859-1" MIME-Version: 1.0
>Content-Transfer-Encoding: 7bit About 75% of my users are affected by this
>problem and it happens to them about 50% of the time. For them to view a
>page they have to press the refresh/reload button on their browser. In
>Netscape an error box pops up saying "server has reset connection". In
>MSIE a page comes up saying the server could not be found. On my own
>machine that I can dual boot between 2k and Linux, both IE and Netscape run
>flawlessly and very quick too I might add. To the best of my knowledge I
>can't see any significant difference between the boxes that do work, and
>the ones that don't. I have a 7200 router running IOS 12.1 T with WCCP V1
>enabled. I have tried several flavours of Linux with several different
>kernels both with the ip_gre and ip_wccp methods. I have tried FreeBSD. I
>have been battling with Squid 2.3Stable3 and I can get it fully
>operational, however they all have the same problem. The router is telling
>me that it is making the connection and transferring the packets without
>any errors. The only thing that has really remained constant is the IOS.
>I would like to be able to try an older IOS just to try, but the downtime
>isn't an option. Any suggestions would be gratefully accepted. After two
>weeks of searching the archives, the net... I've exhausted everything that
>I can think of. Dan Date: Wed, 28 Jun 2000 17:14:34 +0400 From: Ant To:
>squid-users@ircache.net Subject: HOWTO chroot squid ?? Message-ID:
>Content-Type: text/plain; charset=us-ascii MIME-Version: 1.0
>Content-Transfer-Encoding: 7bit Hello all, Im trying to chroot squid
>2.3.STABLE.1 put in /usr/squid /bin/squid redir client
>dnsserver unlinkd /etc/mib.txt resolv.conf passwd
>protocols services hosts squid.conf mime.conf
>icons/ - subdir for icons errors/ - subdir for error files /logs -
>subdir for log files /dev/zero - /lib/ld-linux.so.2 ld.so
>libc.so.6 libm.so.6 libresolv.so.2 libnss_files.so.1
>libnss_dns.so.1 libpthread.so.0 I also add into squid.conf
>cache_effective_user nobody cache_effective_group nogroup chroot /usr/squid
> When I start as root: ./squid -X I gote: -----------CUT-----------------
>2000/06/28 15:50:35| Processing: 'cache_effective_user nobody' 2000/06/28
>15:50:35| parse_line: cache_effective_user nobody 2000/06/28 15:50:35|
>Processing: 'cache_effective_group nogroup' 2000/06/28 15:50:35|
>parse_line: cache_effective_group nogroup 2000/06/28 15:50:35| Processing:
>'chroot /usr/squid' 2000/06/28 15:50:35| parse_line: chroot /usr/squid
>-----------CUT----------------- 2000/06/28 15:50:35| Squid is not safe to
>run as root! If you must 2000/06/28 15:50:35| start Squid as root, then
>you must configure 2000/06/28 15:50:35| it to run as a non-priveledged user
>with the 2000/06/28 15:50:35| 'cache_effective_user' option in the config
>file. FATAL: Don't run Squid as root, set 'cache_effective_user'! Squid
>Cache (Version 2.3.STABLE1): Terminated abnormally. When I start as
>effective user(nobody) I got FATAL: failed to chroot Squid Cache (Version
>2.3.STABLE1): Terminated abnormally. CPU Usage: 0.020 seconds = 0.020 user
>+ 0.000 sys Maximum Resident Size: 0 KB Page faults with physical i/o: 181
> Best regards, Ant mailto:Ant@ibd.ru Date: Wed,
>28 Jun 2000 15:08:34 +0200 From: "Kristoffer Lippert" To: Subject:
>logging cookies ? Message-ID: Content-Type: multipart/alternative;
> boundary="----=_NextPart_000_00D6_01BFE112.BA424770" MIME-Version: 1.0
> Hi Is it posibble to log cookies? We are running squid ad a
>webaccelerator, in front of 4 IIS Servers, and would like to be able to
>log referer and cookies (preferably into the squid log.) Anybody have
>tried this before ? Reggards Kristoffer /Netdoktor Date: Wed, 28 Jun
>2000 08:15:03 -0500 From: "Craig Fels" To: Subject: MAC add. based ACL
>Message-ID: Content-Type: text/plain; charset="iso-8859-1" MIME-Version:
>1.0 Content-Transfer-Encoding: 7bit Does anyone have experience with MAC
>address based acl's? Thanks, Craig Date: Wed, 28 Jun 2000 18:02:13 +0300
>From: Ilker Gokhan To: "'Craig Fels'" Cc: squid-users@ircache.net
>Subject: RE: MAC add. based ACL Message-ID: Content-Type:
>multipart/alternative; boundary="----_=_NextPart_001_01BFE111.D7D28A3A"
>MIME-Version: 1.0
>
> >-----Original Message-----
>>From: Craig Fels [mailto:csfels@swbell.net]
>>Sent: Wednesday, June 28, 2000 4:15 PM
>>To: squid-users@ircache.net
>>Subject: MAC add. based ACL
>>
>>
>>
>> you should configure your squid with --enable-arp-acl option and creat
>an acl like this: <><> Best regards,
>Ilker G. Date: Wed, 28 Jun 2000 13:48:36 -0400 From: "robr" To:
>Subject: ipchains redirect problem Message-Id: Content-Type: text/plain;
>charset=us-ascii MIME-Version: 1.0 Hi all, The following rule doesnt
>catch port 80 traffic and send to squid on 3128 /sbin/ipchains -A input -p
>tcp -s ext.ip.address.0/24 -d 0/0 80 -j REDIRECT 3128 I have two nic's,
>one with ext.ip.addres.9 and one with a private internal address of
>192.168.1.1, both are class c. I'm using Red Hat 6.2 with a non modified
>kernel. From a workstation on the lan I can browse out as long as the proxy
>settings are configured for IE5 (192.168.1.1 and port 3128). The
>workstation is configured to use 192.168.1.1 as the gateway. If I add the
>following chain it will work, but still I dont believe that the traffic is
>getting redirected to squid: ipchains -A forward -s 192.168.1.0/24 -d
>0.0.0.0/0 -j MASQ Ip forwarding is enabled. Do I need any chains other
>than the REDIRECT? I'm assuming squid is ok since it works with manual
>proxy config. Any suggestions would be appreciated. Thanks, Rob
>robr@zzzip.net Date: Wed, 28 Jun 2000 15:34:40 -0300 From: Leonardo
>Rodrigues To: Cc: Subject: Re: ipchains redirect problem Message-Id:
>Content-Type: text/plain; charset="iso-8859-1"; format=flowed MIME-Version:
>1.0 X-MIME-Autoconverted: from 8bit to quoted-printable by ircache.net id
>MAA24394 You surely need to 'prepare' Squid for what磖e doing.
>That磗 called Transparent Proxying. Try finding on your
>squid.conf file the following statements, and modifying them to match
>this: httpd_accel_host virtual httpd_accel_port 80 httpd_accel_with_proxy
>on httpd_accel_uses_host_header on Then, restart squid and there
>it goes !!!! Transparent Proxying Working !!!!! At 13:48 28/06/00 -0400,
>robr wrote: >Hi all, > >The following rule doesnt catch port 80 traffic and
>send to squid on 3128 > >/sbin/ipchains -A input -p tcp -s
>ext.ip.address.0/24 -d 0/0 80 -j >REDIRECT 3128 > >I have two nic's, one
>with ext.ip.addres.9 and one with a private internal >address of
>192.168.1.1, both are class c. I'm using Red Hat 6.2 with a non >modified
>kernel. From a workstation on the lan I can browse out as long as >the
>proxy settings are configured for IE5 (192.168.1.1 and port >3128). The
>workstation is configured to use 192.168.1.1 as the gateway. >If I add the
>following chain it will work, but still I dont believe that >the traffic
>is getting redirected to squid: >ipchains -A forward -s 192.168.1.0/24 -d
>0.0.0.0/0 -j MASQ > >Ip forwarding is enabled. Do I need any chains other
>than the REDIRECT? >I'm assuming squid is ok since it works with manual
>proxy config. Date: Wed, 28 Jun 2000 12:54:49 -0600 From: Duane Wessels
>To: Ant cc: squid-users@ircache.net Subject: Re: HOWTO chroot squid ??
>Message-ID: Content-Type: TEXT/PLAIN; charset=US-ASCII MIME-Version: 1.0
>Ant, If you're using freebsd, then you need to copy /etc/pwd.db as well.
>> Hello all, > Im trying to chroot squid 2.3.STABLE.1 put > in /usr/squid >
> > /bin/squid > redir > client > dnsserver > unlinkd >
>/etc/mib.txt > resolv.conf > passwd > protocols >
>services > hosts > squid.conf > mime.conf > icons/ -
>subdir for icons > errors/ - subdir for error files > /logs - subdir
>for log files > /dev/zero - > /lib/ld-linux.so.2 > ld.so >
>libc.so.6 > libm.so.6 > libresolv.so.2 > libnss_files.so.1 >
> libnss_dns.so.1 > libpthread.so.0 > > I also add into
>squid.conf > cache_effective_user nobody > cache_effective_group nogroup >
>chroot /usr/squid > > > When I start as root: ./squid -X > I gote: >
>-----------CUT----------------- > 2000/06/28 15:50:35| Processing:
>'cache_effective_user nobody' > 2000/06/28 15:50:35| parse_line:
>cache_effective_user nobody > 2000/06/28 15:50:35| Processing:
>'cache_effective_group nogroup' > 2000/06/28 15:50:35| parse_line:
>cache_effective_group nogroup > 2000/06/28 15:50:35| Processing: 'chroot
>/usr/squid' > 2000/06/28 15:50:35| parse_line: chroot /usr/squid >
>-----------CUT----------------- > 2000/06/28 15:50:35| Squid is not safe to
>run as root! If you must > 2000/06/28 15:50:35| start Squid as root, then
>you must configure > 2000/06/28 15:50:35| it to run as a non-priveledged
>user with the > 2000/06/28 15:50:35| 'cache_effective_user' option in the
>config file. > FATAL: Don't run Squid as root, set 'cache_effective_user'!
>> Squid Cache (Version 2.3.STABLE1): Terminated abnormally. > > When I
>start as effective user(nobody) I got > > FATAL: failed to chroot > Squid
>Cache (Version 2.3.STABLE1): Terminated abnormally. > CPU Usage: 0.020
>seconds = 0.020 user + 0.000 sys > Maximum Resident Size: 0 KB > Page
>faults with physical i/o: 181 > > > Best regards, > Ant
> mailto:Ant@ibd.ru > > Date: Wed, 28 Jun 2000 20:16:33 +0200 From:
>Henrik Nordstrom To: Matthew Hunter Cc: squid-users@ircache.net Subject:
>Re: Squid with Web Folders Message-ID: Content-Type: text/plain;
>charset=us-ascii MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Matthew
>Hunter wrote: > through Squid. I believe they use NTLM, which would
>explain the problem. > Does anyone know if there is a work-around for this?
> NTLM authentication is not proxyable by any normal proxy. For MS NTLM
>authentication to be proxyable it needs quite specific support in the proxy
>in ways which contradicts parts of the HTTP standards. -- Henrik Nordstrom
>Squid hacker Date: Wed, 28 Jun 2000 20:14:24 +0200 From: Henrik Nordstrom
>To: marcus@kbinirsnb.be Cc: Ilker Gokhan , squid-users@ircache.net Subject:
>Re: Two questions about client identification Message-ID: Content-Type:
>text/plain; charset=us-ascii MIME-Version: 1.0 Content-Transfer-Encoding:
>7bit Marc Dubrowski wrote: > Well, denying the access to hotmail is not
>my goal: All I want is to prevent > them from using MSOutlook for that. If
>Outlook identifies with something useful in the User-Agent header, then the
>"browser" ACL type can be used to identify Outlook requests. One way to
>record what Outlook sends in it's User-Agent field is to enable
>log_mime_hdrs in squid.conf. -- Henrik Nordstrom Squid hacker Date: Wed,
>28 Jun 2000 20:26:11 +0200 From: Henrik Nordstrom To: Ant Cc:
>squid-users@ircache.net Subject: Re: HOWTO chroot squid ?? Message-ID:
>Content-Type: text/plain; charset=us-ascii MIME-Version: 1.0
>Content-Transfer-Encoding: 7bit Now I don't have the exact list of files
>required, but it wasn't that many.. One file which looks like it is
>missing is nsswitch.conf. Also, make positively sure that you have all the
>nss libraries you need, or symptoms like this will be seen. strace is a
>good tool for finding out what files you need in the chroot. Configure
>squid to NOT run as chroot, and start it with strace -f -o
>/tmp/squid.trace /usr/squid/bin/squid -NXd3 Then run one or two requests,
>and kill Squid. Now you have a quite detailed trace of what is needed
>egrep "exec|open" /tmp/squid.trace | grep "= [0-9]" To extract the
>relevant info. -- Henrik Nordstrom Squid hacker Ant wrote: > > Hello
>all, > Im trying to chroot squid 2.3.STABLE.1 put > in /usr/squid > >
>/bin/squid > redir > client > dnsserver > unlinkd >
>/etc/mib.txt > resolv.conf > passwd > protocols >
>services > hosts > squid.conf > mime.conf > icons/ -
>subdir for icons > errors/ - subdir for error files > /logs - subdir
>for log files > /dev/zero - > /lib/ld-linux.so.2 > ld.so >
>libc.so.6 > libm.so.6 > libresolv.so.2 > libnss_files.so.1 >
> libnss_dns.so.1 > libpthread.so.0 > > I also add into
>squid.conf > cache_effective_user nobody > cache_effective_group nogroup >
>chroot /usr/squid > > When I start as root: ./squid -X > I gote: >
>-----------CUT----------------- > 2000/06/28 15:50:35| Processing:
>'cache_effective_user nobody' > 2000/06/28 15:50:35| parse_line:
>cache_effective_user nobody > 2000/06/28 15:50:35| Processing:
>'cache_effective_group nogroup' > 2000/06/28 15:50:35| parse_line:
>cache_effective_group nogroup > 2000/06/28 15:50:35| Processing: 'chroot
>/usr/squid' > 2000/06/28 15:50:35| parse_line: chroot /usr/squid >
>-----------CUT----------------- > 2000/06/28 15:50:35| Squid is not safe to
>run as root! If you must > 2000/06/28 15:50:35| start Squid as root, then
>you must configure > 2000/06/28 15:50:35| it to run as a non-priveledged
>user with the > 2000/06/28 15:50:35| 'cache_effective_user' option in the
>config file. > FATAL: Don't run Squid as root, set 'cache_effective_user'!
>> Squid Cache (Version 2.3.STABLE1): Terminated abnormally. > > When I
>start as effective user(nobody) I got > > FATAL: failed to chroot > Squid
>Cache (Version 2.3.STABLE1): Terminated abnormally. > CPU Usage: 0.020
>seconds = 0.020 user + 0.000 sys > Maximum Resident Size: 0 KB > Page
>faults with physical i/o: 181 > > Best regards, > Ant
> mailto:Ant@ibd.ru
Received on Wed Jun 28 2000 - 23:46:03 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:54:14 MST