Re: [squid-users] Redirection - How to in English fornonprogrammers...

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Tue, 17 Feb 2009 15:20:37 +1300 (NZDT)

>>>> On Tuesday, 17 February 2009 at 7:52 am, in message
>>>> <4999D91A.5080104_at_gci.net>,
> Chris Robertson <crobertson_at_gci.net> wrote:
>> Geoffrey ROBERTS wrote:
>
>> How was the old version installed?
>
> Tick a box when installing SLES10.
> No idea of the actual method.
>
> I eventually found squid.exe and some other squid files in /USR/SBIN
> squid.conf is in /etc/squid. And I now realise that squid -v tells you
> where
> it is...
>
>> It appears that SUSE uses RPMs, so
>> "rpm -e squid" ought to get rid if the old Squid version.
>
> I'll try that on the test box.
>
>> Of course, it
>> will likely also remove the startup scripts, so you might not want to go
>> that route without knowing how to relocate/replace them.
>> http://wiki.squid-cache.org/SquidFaq/InstallingSquid has some generic
>> tips for starting Squid.
>
> Yes, I had to do some of that to get it to load at startup. I don't think
> that will be a problem.
> (But I could be wrong)
>
>>> Obviously I would much prefer that the 3.0 install simply overwrite the
>>> existing 2.5 install but I have no real idea how to go about that -
>
>> Run "squid -v" to find out how your current version of Squid was
>> compiled. Compile Squid 3 using the same arguments and "make install"
>> will overwrite it.
>
> heimdal:/etc/squid # squid -v
> Squid Cache: Version 2.5.STABLE12
> configure options:
 --prefix=/usr
 --sysconfdir=/etc/squid
 --bindir=/usr/sbin
 --sbindir=/usr/sbin
 --localstatedir=/var
 --libexecdir=/usr/sbin
 --datadir=/usr/share/squid

Above are where all the squid files are.

The below are just features that are turned on in that build.
You can ignore for the first testing builds. If you make a small script
that just runs configure, make, make install and keep the source around,
it becomes easy enough to enable or disable features and
rebuild/reinstall.

Here the rest grouped by what they provide so you can quick crop a few..

SNMP monitoring squid:

> '--enable-snmp'

Authentication to the proxy:

'--enable-auth=basic digest ntlm'
> '--enable-basic-auth-helpers=LDAP MSNT NCSA PAM SMB YP getpwnam
> multi-domain-NTLM'
> '--enable-ntlm-auth-helpers=SMB no_check'
> '--enable-digest-auth-helpers=password'
> '--enable-ntlm-fail-open'
> '--with-samba-sources=/usr/include/samba'

Fancy access controls: (can be built separately if needed)
> '--enable-external-acl-helpers=ip_user ldap_group unix_group wbinfo_group'

Methods of linking/meshing with other proxies:

> '--enable-carp' '--enable-htcp' '--enable-cache-digests'

Debugging, maybe if you get
> '--enable-stacktraces'

Storage related stuff: (for linux: ufs, aufs, null)
> '--enable-storeio=aufs,ufs,diskd,null'
> '--enable-removal-policies=heap,lru'

Transparent Interception support for linux:
> '--enable-linux-netfilter'

client bandwidth control:
> '--enable-delay-pools'

everything SSL-related. probably wanted...
> '--enable-ssl'

um,,,
> '--enable-x-accelerator-vary'

And these are pretty much crud. Take some time thinking about why before
turning on...
> '--enable-useragent-log'
> '--enable-referer-log' '--enable-arp-acl'
> '--enable-underscores'
> 'CFLAGS=-O2 -march=i586 -mtune=i686 -fmessage-length=0 -Wall
> -D_FORTIFY_SOURCE=2 -g -fPIE -DLDAP_DEPRECATED -fno-strict-aliasing'
> 'LDFLAGS=-pie'
>

> Are all of these 'arguments'? I have no idea what a lot of them are for,
> or even if they are necessary.

Many of them won't be. Check the usage above and see if you need it. if
not forget or --disable-*

>
>> But be aware, if you perform a software update and a
>> newer Squid 2.5 package is available, your compiled version will be
>> overwritten.
>
> ?? Mmm. I think I should remove it then do a clean install of 3.whatever
> if that's the case.
>
>>> I've downloaded the squid 3 stable tar.gz and unpacked it on another
>>> SLES10
>>> box that also has Squid on it (2.15 again - out of the box).
>
>> No such version.
>
> Well, I hate to argue with someone clearly far more clued than me, but I
> assure you that
> the SLES10 SP2 install DVD ISO installs Squid 2.15 Stable 12 for you. I
> have 2 SLES10 boxes
> and both have the same version and both are plain vanilla installs
> straight from the DVD.

I'd guess something is seriously screwed with their version system then.
6 > 15 = false, is probably why their users can't upgrade automatically.

>
>> The newest branch of the Squid 2.x tree is
>> 2.7.STABLE6. While this might be construed as pedantic, without using
>> the same terminology, problems are REALLY hard to solve. Significant
>> differences exist between 2.5, 2.6 and 2.7.
>
> I'll take your obviously knowledgeable word for that, some of the issue
> I'm having appears
> to be version related (the apparent lack of the url_redirect tag in 2.15
> being one)
>
> When you install SLES10 you get Squid 2.15 Stable 12
> pre-installed for you, I did some minor changes (from an optimising squid
> performance doc I found
> on the web somewhere) and it came up and has been working fine.
> The SLES install (even with SP2 embedded) iso has not changed since it was
> released and
> the online update service doesn't seem to update squid (though it seems to
> update just about everything else.)
>
> What would you suggest is the best course here? 2.15 seems to be years
> old so it seems advisable to
> upgrade, but should I wipe it out (however that should be done) and
> install 2.7 or go to 3.0
>
>>> No problem with that. I just need to figure out how to do an in place
>>> upgrade of the existing (working) squid 2.15 without breaking anything
>>> else.
>
>> Assuming you really mean Squid 2.5 and further assuming the proxy is not
>> internet facing, you really don't.
>
> If you mean does it present an outside interface to the internet, no, it's
> inside the
> firewall with an internal IP address.
>
>> There are likely security
>> vulnerabilities in 2.5, it doesn't support websites that require NTLM
>> authentication
>
> Don't think it matters. Squid here is just a proxy/cache, it's connected
> to the internal lan
> via a transparent bridge that is the ContentKeeper appliance, which does
> all the logging
> and authentication (to Novell eDirectory on a Netware server via LDAP).
>
>> and that branch has been relegated to the ravages of
>> history, so support will be harder to come by, but it still works. If
>> the version of SUSE you are using is still supported, perhaps that
>> community is able to give support.
>
> ?? SLES 10SP2 is the current version of SUSE Linux Enterprise Server.
>
>> That said, upgrading to a actively developed version (2.7 or 3.0) is
>> probably a good idea.
>
> Ok. That seems like the best course.
>
>> http://www.squid-cache.org/Doc/config/ :o) That vast majority of it
>> does not need to be adjusted. The important bit is ACLs
>> (http://wiki.squid-cache.org/SquidFaq/SquidAcl).
>
> I don't think we are using ACLs, as the authentication is not handled by
> squid.

The squid ACLs are not always auth related. They control most of the
operations inside Squid.

>
>> Henrik gave you a copy (fill-in-the-variables) and paste for your
>> squid.conf (that should even work in Squid 2.5) that doesn't require
>> redirectors...
>>
>> http://www.squid-cache.org/mail-archive/squid-users/200902/0275.html
>
> Yes, I'm going to try that next, I was going to just persist with the .pl
> or .php stuff
> as I know the script itself is ok, but I have a window later today and I
> will try the
> other method he supplied.
>
>>> If you supply the actual FQDN and IP of the docushare server (on list
>>> or
>> off), we can even take care of the "fill-in-the-variables" part. Put
>> your squid.conf in a paste-bin and we can even tell you where in the
>> config file to put those lines.
>
> I'd rather try it myself first, if I don't I will never learn, but I'll
> keep that in mind.
>
>
>>> The redirect *seemed* to be quick and easy to implement, I should have
>>> known
>> >anything to do with changing *nix based stuff is rarely quick and easy.
>>
>> Replace "*nix" with "computer" or even "electronic"...
>> http://xkcd.com/349/ :o)
>
> Well, some are harder than others. I'm going to take a look at webmin,
> but YAST seems
> fine for a lot of it, but the applications are another story, squid being
> a perfect example.
> The last proxy/cache I played with other than a pizza box appliance was
> WASD Web Server
> on VMS which is... ahem, quite different (and was much easier to configure
> ;^)
>
>>> That much I *have* learned about it so far.
>>> The mere fact you need to have squid call script files in .php or perl
>>> to do
>>> the redirect is enough to put me off. I don't speak
>>> C, perl, php or java.
>
>> Again, a copy (fill-in-the-variables) and paste example was provided.
>> You did state that it didn't work but didn't reply to the request for
>> more information, which is the only way for us to help you fix it.
>
> Sorry, I thought I had. The problem is not with the script, it works fine
> in
> a command line. (I did have to change the permissions on it to execute
> which I would not have thought of.)
> The problem does not appear to be with the script but with squid itself,
> which seems unable to use it,
> or is not using it correctly.
>
>>> I wish they'd just pick ONE script language and leave it at that.
>>>
>>
>> Variety is the spice of life. :o) I'd hate to only see one car on the
>> roads, or one type of house in a neighborhood and I'd HATE to be forced
>> to use one scripting language for every problem.
>
> I hate to be forced to use scripting language, period. ;^)
>
> I have located the support group for SLES so I am posting there as well
> for the more
> specific stuff.
>
> Thanks again for all your help, I really appreciate it.
>
>

Amos
Received on Tue Feb 17 2009 - 02:20:51 MST

This archive was generated by hypermail 2.2.0 : Wed Feb 18 2009 - 12:00:01 MST