auto-import squid-2.5.STABLE1-2 from squid-2.5.STABLE1-2.src.rpm
This commit is contained in:
parent
4b5c7a3665
commit
3a68c214ed
@ -1 +1 @@
|
|||||||
squid-2.4.STABLE7-src.tar.gz
|
squid-2.5.STABLE1.tar.gz
|
||||||
|
523
FAQ.sgml
523
FAQ.sgml
@ -114,6 +114,7 @@ is known to work on at least the following platforms:
|
|||||||
<item> FreeBSD
|
<item> FreeBSD
|
||||||
<item> NetBSD
|
<item> NetBSD
|
||||||
<item> BSDI
|
<item> BSDI
|
||||||
|
<item> Mac OS/X
|
||||||
<item> OSF and Digital Unix
|
<item> OSF and Digital Unix
|
||||||
<item> IRIX
|
<item> IRIX
|
||||||
<item> SunOS/Solaris
|
<item> SunOS/Solaris
|
||||||
@ -128,9 +129,9 @@ is known to work on at least the following platforms:
|
|||||||
For more specific information, please see
|
For more specific information, please see
|
||||||
<url url="http://www.squid-cache.org/platforms.html" name="platforms.html">.
|
<url url="http://www.squid-cache.org/platforms.html" name="platforms.html">.
|
||||||
If you encounter any platform-specific problems, please
|
If you encounter any platform-specific problems, please
|
||||||
let us know by sending email to
|
let us know by registering a entry in our
|
||||||
<url url="mailto:squid-bugs@squid-cache.org"
|
<url url="http://www.squid-cache.org/bugs/"
|
||||||
name="squid-bugs">.
|
name="bug database">.
|
||||||
|
|
||||||
<sect1>Does Squid run on Windows NT?
|
<sect1>Does Squid run on Windows NT?
|
||||||
<label id="squid-NT">
|
<label id="squid-NT">
|
||||||
@ -140,6 +141,10 @@ with the
|
|||||||
<url url="http://www.cygnus.com/misc/gnu-win32/"
|
<url url="http://www.cygnus.com/misc/gnu-win32/"
|
||||||
name="GNU-Win32 package">.
|
name="GNU-Win32 package">.
|
||||||
|
|
||||||
|
<p>
|
||||||
|
<url url="http://serassio.interfree.it/SquidNT.htm" name="Guido Serassio">
|
||||||
|
have Squid NT pages and is actively working on having the needed changes integrated into the standard Squid distribution. Partially based on earlier NT port by <url url="http://www.phys-iasi.ro/users/romeo/squidnt.htm" name="Romeo Anghelache">.
|
||||||
|
|
||||||
<p>
|
<p>
|
||||||
<url url="http://www.logisense.com/" name="LogiSense">
|
<url url="http://www.logisense.com/" name="LogiSense">
|
||||||
has ported Squid to Windows NT and sells a supported
|
has ported Squid to Windows NT and sells a supported
|
||||||
@ -147,19 +152,6 @@ version. You can also download the source from
|
|||||||
<url url="ftp://ftp.logisense.com/pub/cachexpress/" name="their FTP site">.
|
<url url="ftp://ftp.logisense.com/pub/cachexpress/" name="their FTP site">.
|
||||||
Thanks to LogiSense for making the code available as required by the GPL terms.
|
Thanks to LogiSense for making the code available as required by the GPL terms.
|
||||||
|
|
||||||
<p>
|
|
||||||
<url url="mailto: robert dot collins at itdomain dot com dot au" name="Robert Collins">
|
|
||||||
is working on a Windows NT port as well. You can find more information from him
|
|
||||||
at <url url="http://www.ideal.net.au/~collinsdial/Squid2.4.htm" name="his page">.
|
|
||||||
|
|
||||||
<p>
|
|
||||||
<url url="http://serassio.interfree.it/SquidNT.htm" name="Guido Serassio">
|
|
||||||
and <url url="http://www.phys-iasi.ro/users/romeo/squidnt.htm" name="Romeo Anghelache"> have Squid NT pages, including
|
|
||||||
binaries and patches.
|
|
||||||
|
|
||||||
<p>
|
|
||||||
|
|
||||||
|
|
||||||
<sect1>What Squid mailing lists are available?
|
<sect1>What Squid mailing lists are available?
|
||||||
<P>
|
<P>
|
||||||
<itemize>
|
<itemize>
|
||||||
@ -260,13 +252,21 @@ Yeah, its extremely incomplete. I assure you this is the most recent version.
|
|||||||
</itemize>
|
</itemize>
|
||||||
|
|
||||||
<sect1>Does Squid support SSL/HTTPS/TLS?
|
<sect1>Does Squid support SSL/HTTPS/TLS?
|
||||||
<P>
|
|
||||||
Squid supports these encrypted protocols by ``tunelling'' traffic between
|
|
||||||
clients and servers.
|
|
||||||
Squid can relay the encrypted bits between a client and a server.
|
|
||||||
<p>
|
<p>
|
||||||
|
As of version 2.5, Squid can terminate SSL connections. This is perhaps
|
||||||
|
only useful in a surrogate (http accelerator) configuration. You must
|
||||||
|
run configure with <em/--enable-ssl/. See <em/https_port/ in
|
||||||
|
squid.conf for more information.
|
||||||
|
|
||||||
|
<P>
|
||||||
|
Squid also supports these encrypted protocols by ``tunelling''
|
||||||
|
traffic between clients and servers. In this case, Squid can relay
|
||||||
|
the encrypted bits between a client and a server.
|
||||||
|
<p>
|
||||||
|
|
||||||
Normally, when your browser comes across an <em/https/ URL, it
|
Normally, when your browser comes across an <em/https/ URL, it
|
||||||
does one of two things:
|
does one of two things:
|
||||||
|
|
||||||
<enum>
|
<enum>
|
||||||
<item>The browser opens an SSL connection directly to the origin
|
<item>The browser opens an SSL connection directly to the origin
|
||||||
server.
|
server.
|
||||||
@ -283,9 +283,6 @@ method, please see
|
|||||||
<url url="ftp://ftp.isi.edu/in-notes/rfc2817.txt" name="RFC 2817">
|
<url url="ftp://ftp.isi.edu/in-notes/rfc2817.txt" name="RFC 2817">
|
||||||
and <url url="http://www.web-cache.com/Writings/Internet-Drafts/draft-luotonen-web-proxy-tunneling-01.txt"
|
and <url url="http://www.web-cache.com/Writings/Internet-Drafts/draft-luotonen-web-proxy-tunneling-01.txt"
|
||||||
name="Tunneling TCP based protocols through Web proxy servers"> (expired).
|
name="Tunneling TCP based protocols through Web proxy servers"> (expired).
|
||||||
<p>
|
|
||||||
Squid can not (yet) encrypt or decrypt such connections, however.
|
|
||||||
Some folks are working on a patch, using OpenSSL, that allows Squid to do this.
|
|
||||||
|
|
||||||
|
|
||||||
<sect1>What's the legal status of Squid?
|
<sect1>What's the legal status of Squid?
|
||||||
@ -447,13 +444,15 @@ The following people have made contributions to this document:
|
|||||||
<item>
|
<item>
|
||||||
<url url="mailto:Support@dnet.co.uk" name="Martin Lyons">
|
<url url="mailto:Support@dnet.co.uk" name="Martin Lyons">
|
||||||
<item>
|
<item>
|
||||||
<url url="mailto:luyer@ucs.uwa.edu.au" name="David Luyer">
|
<url url="mailto:david@luyer.net" name="David Luyer">
|
||||||
<item>
|
<item>
|
||||||
<url url="mailto:chris@senet.com.au" name="Chris Foote">
|
<url url="mailto:chris@senet.com.au" name="Chris Foote">
|
||||||
<item>
|
<item>
|
||||||
<url url="mailto:elkner@wotan.cs.Uni-Magdeburg.DE" name="Jens Elkner">
|
<url url="mailto:elkner@wotan.cs.Uni-Magdeburg.DE" name="Jens Elkner">
|
||||||
<item>
|
<item>
|
||||||
<url url="mailto:simon@mtds.com" name="Simon White">
|
<url url="mailto:simon@mtds.com" name="Simon White">
|
||||||
|
<item>
|
||||||
|
<url url="mailto: jmurdoc at itraktech dot com" name="Jerry Murdock">
|
||||||
</itemize>
|
</itemize>
|
||||||
<P>
|
<P>
|
||||||
Please send corrections, updates, and comments to:
|
Please send corrections, updates, and comments to:
|
||||||
@ -1442,8 +1441,8 @@ must use the parent for all others, you would write:
|
|||||||
<p>
|
<p>
|
||||||
You could also specify internal servers by IP address
|
You could also specify internal servers by IP address
|
||||||
<verb>
|
<verb>
|
||||||
acl INSIDE_IP dst 1.2.3.4/24
|
acl INSIDE_IP dst 1.2.3.0/24
|
||||||
always_direct allow INSIDE
|
always_direct allow INSIDE_IP
|
||||||
never_direct allow all
|
never_direct allow all
|
||||||
</verb>
|
</verb>
|
||||||
Note, however that when you use IP addresses, Squid must
|
Note, however that when you use IP addresses, Squid must
|
||||||
@ -1871,7 +1870,17 @@ You can use the <em/no_cache/ access list to make Squid never cache any response
|
|||||||
<p>
|
<p>
|
||||||
With Squid-2.4 and later you can use the ``null'' storage module:
|
With Squid-2.4 and later you can use the ``null'' storage module:
|
||||||
<verb>
|
<verb>
|
||||||
cache_dir null /null
|
cache_dir null /tmp
|
||||||
|
</verb>
|
||||||
|
|
||||||
|
<p>
|
||||||
|
Note: the directory (e.g., <em>/tmp</em>) must exist so that squid
|
||||||
|
can chdir to it, unless you also use the <em/coredump_dir/ option.
|
||||||
|
<p>
|
||||||
|
To configure Squid for the ``null'' storage module, specify it
|
||||||
|
on the <em/configure/ command line:
|
||||||
|
<verb>
|
||||||
|
./configure --enable-storeio=ufs,null ...
|
||||||
</verb>
|
</verb>
|
||||||
|
|
||||||
<sect1>Can I prevent users from downloading large files?
|
<sect1>Can I prevent users from downloading large files?
|
||||||
@ -3799,6 +3808,22 @@ any of the ports, then Squid stops.
|
|||||||
With version 2.3 and later you can specify IP addresses
|
With version 2.3 and later you can specify IP addresses
|
||||||
and port numbers together (see the squid.conf comments).
|
and port numbers together (see the squid.conf comments).
|
||||||
|
|
||||||
|
<sect1>Can I make origin servers see the client's IP address when going through Squid?
|
||||||
|
<p>
|
||||||
|
Normally you cannot. Most TCP/IP stacks do not allow applications to
|
||||||
|
create sockets with the local endpoint assigned to a foreign IP address.
|
||||||
|
However, some folks have some <url
|
||||||
|
url="http://www.balabit.hu/en/downloads/tproxy/" name="patches to
|
||||||
|
Linux"> that allow exactly that.
|
||||||
|
|
||||||
|
<p>
|
||||||
|
In this situation, you must ensure that all HTTP packets destined for
|
||||||
|
the client IP addresses are routed to the Squid box. If the packets
|
||||||
|
take another path, the real clients will send TCP resets to the
|
||||||
|
origin servers, thereby breaking the connections.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
<!-- %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -->
|
<!-- %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -->
|
||||||
|
|
||||||
<sect>Memory
|
<sect>Memory
|
||||||
@ -4409,7 +4434,7 @@ This marks the script as executable to those in <tt/MGR-PROT/.
|
|||||||
<sect1>Cache manager configuration for Apache
|
<sect1>Cache manager configuration for Apache
|
||||||
<P>
|
<P>
|
||||||
First, make sure the cgi-bin directory you're using is listed with a
|
First, make sure the cgi-bin directory you're using is listed with a
|
||||||
<tt/ScriptAlias/ in your Apache <em/srm.conf/ file like this:
|
<tt/ScriptAlias/ in your Apache <em/httpd.conf/ file like this:
|
||||||
<verb>
|
<verb>
|
||||||
ScriptAlias /Squid/cgi-bin/ /usr/local/squid/cgi-bin/
|
ScriptAlias /Squid/cgi-bin/ /usr/local/squid/cgi-bin/
|
||||||
</verb>
|
</verb>
|
||||||
@ -4418,31 +4443,30 @@ the entire <em//usr/local/squid/bin/ directory where all the
|
|||||||
Squid executables live.
|
Squid executables live.
|
||||||
<P>
|
<P>
|
||||||
Next, you should ensure that only specified workstations can access
|
Next, you should ensure that only specified workstations can access
|
||||||
the cache manager. That is done in your Apache <em/access.conf/,
|
the cache manager. That is done in your Apache <em/httpd.conf/,
|
||||||
not in <em/squid.conf/. At the bottom of <em/access.conf/
|
not in <em/squid.conf/. At the bottom of <em/httpd.conf/
|
||||||
file, insert:
|
file, insert:
|
||||||
<verb>
|
<verb>
|
||||||
<Location /Squid/cgi-bin/cachemgr.cgi>
|
<Location /Squid/cgi-bin/cachemgr.cgi>
|
||||||
order deny,allow
|
order allow,deny
|
||||||
deny from all
|
|
||||||
allow from workstation.example.com
|
allow from workstation.example.com
|
||||||
&etago;Location>
|
&etago;Location>
|
||||||
</verb>
|
</verb>
|
||||||
|
|
||||||
You can have more than one allow line, and you can allow
|
You can have more than one allow line, and you can allow
|
||||||
domains or networks.
|
domains or networks.
|
||||||
<P>
|
<P>
|
||||||
Alternately, <em/cachemgr.cgi/ can be password-protected. You'd
|
Alternately, <em/cachemgr.cgi/ can be password-protected. You'd
|
||||||
add the following to <em/access.conf/:
|
add the following to <em/httpd.conf/:
|
||||||
|
|
||||||
<verb>
|
<verb>
|
||||||
<Location /Squid/cgi-bin/cachemgr.cgi>
|
<Location /Squid/cgi-bin/cachemgr.cgi>
|
||||||
AuthUserFile /path/to/password/file
|
AuthUserFile /path/to/password/file
|
||||||
AuthGroupFile /dev/null
|
AuthGroupFile /dev/null
|
||||||
AuthName User/Password Required
|
AuthName User/Password Required
|
||||||
AuthType Basic
|
AuthType Basic
|
||||||
require user cachemanager
|
require user cachemanager
|
||||||
&etago;Location>
|
&etago;Location>
|
||||||
</verb>
|
</verb>
|
||||||
|
|
||||||
Consult the Apache documentation for information on using <em/htpasswd/
|
Consult the Apache documentation for information on using <em/htpasswd/
|
||||||
@ -5083,6 +5107,16 @@ for the rule to be a match. This means that it is possible to
|
|||||||
write a rule that can never be matched. For example, a port number
|
write a rule that can never be matched. For example, a port number
|
||||||
can never be equal to both 80 AND 8000 at the same time.
|
can never be equal to both 80 AND 8000 at the same time.
|
||||||
|
|
||||||
|
<p>
|
||||||
|
To summarise the acl logics can be described as:
|
||||||
|
<verb>
|
||||||
|
http_access allow|deny acl AND acl AND ...
|
||||||
|
OR
|
||||||
|
http_access allow|deny acl AND acl AND ...
|
||||||
|
OR
|
||||||
|
...
|
||||||
|
</verb>
|
||||||
|
|
||||||
<p>
|
<p>
|
||||||
If none of the rules are matched, then the default action is the
|
If none of the rules are matched, then the default action is the
|
||||||
<em/opposite/ of the last rule in the list. Its a good idea to
|
<em/opposite/ of the last rule in the list. Its a good idea to
|
||||||
@ -5440,6 +5474,8 @@ the neighbor ACL's first in the list of <em/http_access/ lines. For example:
|
|||||||
Information on this on the <url
|
Information on this on the <url
|
||||||
url="http://www.snerpa.is/notendur/infilter/infilter-en.phtml"
|
url="http://www.snerpa.is/notendur/infilter/infilter-en.phtml"
|
||||||
name="INfilter"> webpage.
|
name="INfilter"> webpage.
|
||||||
|
<item>The <url url="http://www.squidguard.org/blacklist/" name="SquidGuard">
|
||||||
|
redirector folks provide a blacklist.
|
||||||
</itemize>
|
</itemize>
|
||||||
|
|
||||||
<sect1>Squid doesn't match my subdomains
|
<sect1>Squid doesn't match my subdomains
|
||||||
@ -5692,6 +5728,17 @@ http_access deny porn
|
|||||||
(additional http_access lines ...)
|
(additional http_access lines ...)
|
||||||
</verb>
|
</verb>
|
||||||
|
|
||||||
|
<sect1>I want to use local time zone in error messages
|
||||||
|
|
||||||
|
<P>Squid by defaults uses GMT as timestamp in all geenrated error messages.
|
||||||
|
This to allow the cache to participate in a hierarchy of caches in different
|
||||||
|
timezones without risking confusion about what the time is.
|
||||||
|
|
||||||
|
<P>To change the timestamp in Squid generated error messages you must change
|
||||||
|
the Squid signature. See <ref id="custom-err-msgs" name="Customizable Error
|
||||||
|
Messages">. The signature by defaults uses %T as timestamp, but if you like
|
||||||
|
then you can use %t instead for a timestamp using local time zone.
|
||||||
|
|
||||||
<!-- %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -->
|
<!-- %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -->
|
||||||
|
|
||||||
<sect>Troubleshooting
|
<sect>Troubleshooting
|
||||||
@ -5818,10 +5865,12 @@ edit <em>src/Makefile</em> and enable
|
|||||||
|
|
||||||
<p>
|
<p>
|
||||||
<url url="mailto:voeckler at rvs dot uni-hannover dot de" name="Jens-S. Voeckler">
|
<url url="mailto:voeckler at rvs dot uni-hannover dot de" name="Jens-S. Voeckler">
|
||||||
advises that you should NOT change the soft limit (<em/rlim_fd_cur/) to anything
|
advises that you should NOT change the default soft limit (<em/rlim_fd_cur/) to anything
|
||||||
larger than 256. It will break other programs, such as the license
|
larger than 256. It will break other programs, such as the license
|
||||||
manager needed for the SUN workshop compiler. Jens-S. also says that it
|
manager needed for the SUN workshop compiler. Jens-S. also says that it
|
||||||
should be safe to raise the limit as high as 16,384.
|
should be safe to raise the limit for the Squid process as high as 16,384
|
||||||
|
except that there may be problems duruing reconfigure or logrotate if all of
|
||||||
|
the lower 256 filedescriptors are in use at the time or rotate/reconfigure.
|
||||||
|
|
||||||
<sect2>IRIX
|
<sect2>IRIX
|
||||||
<p>
|
<p>
|
||||||
@ -6351,11 +6400,13 @@ Should produce something like:
|
|||||||
|
|
||||||
<sect1>Sending in Squid bug reports
|
<sect1>Sending in Squid bug reports
|
||||||
<P>
|
<P>
|
||||||
Bug reports for Squid should be sent to the <url url="mailto:squid-bugs@squid-cache.org"
|
Bug reports for Squid should be registered in our
|
||||||
name="squid-bugs alias">. Any bug report must include
|
<url url="http://www.squid-cache.org/bugs/"
|
||||||
|
name="bug database">. Any bug report must include
|
||||||
<itemize>
|
<itemize>
|
||||||
<item>The Squid version
|
<item>The Squid version
|
||||||
<item>Your Operating System type and version
|
<item>Your Operating System type and version
|
||||||
|
<item>A clear description of the bug symptoms
|
||||||
</itemize>
|
</itemize>
|
||||||
|
|
||||||
<sect2>crashes and core dumps
|
<sect2>crashes and core dumps
|
||||||
@ -6387,7 +6438,7 @@ due to one of the following reasons:
|
|||||||
a meaningful coredump.
|
a meaningful coredump.
|
||||||
<item>
|
<item>
|
||||||
Threads and Linux. On Linux, threaded applications do not generate
|
Threads and Linux. On Linux, threaded applications do not generate
|
||||||
core dumps. When you use --enable-async-io, it uses threads and
|
core dumps. When you use the aufs cache_dir type, it uses threads and
|
||||||
you can't get a coredump.
|
you can't get a coredump.
|
||||||
<item>
|
<item>
|
||||||
It did leave a coredump file, you just can't find it.
|
It did leave a coredump file, you just can't find it.
|
||||||
@ -6458,11 +6509,11 @@ starting, so look there first:
|
|||||||
</verb>
|
</verb>
|
||||||
If you cannot find a core file, then either Squid does not have
|
If you cannot find a core file, then either Squid does not have
|
||||||
permission to write in its current directory, or perhaps your shell
|
permission to write in its current directory, or perhaps your shell
|
||||||
limits (csh and clones) are preventing the core file from being written.
|
limits are preventing the core file from being written.
|
||||||
|
|
||||||
<p>
|
<p>
|
||||||
Often you can get a coredump if you run Squid from the
|
Often you can get a coredump if you run Squid from the
|
||||||
command line like this:
|
command line like this (csh shells and clones):
|
||||||
<verb>
|
<verb>
|
||||||
% limit core un
|
% limit core un
|
||||||
% /usr/local/squid/bin/squid -NCd1
|
% /usr/local/squid/bin/squid -NCd1
|
||||||
@ -6500,7 +6551,12 @@ Program terminated with signal 6, Aborted.
|
|||||||
<P>
|
<P>
|
||||||
If possible, you might keep the coredump file around for a day or
|
If possible, you might keep the coredump file around for a day or
|
||||||
two. It is often helpful if we can ask you to send additional
|
two. It is often helpful if we can ask you to send additional
|
||||||
debugger output, such as the contents of some variables.
|
debugger output, such as the contents of some variables. But please
|
||||||
|
note that a core file is only useful if paired with the exact same binary
|
||||||
|
as generated the corefile. If you recompile Squid then any coredumps from
|
||||||
|
previous versions will be useless unless you have saved the corresponding
|
||||||
|
Squid binaries, and any attempts to analyze such coredumps will most certainly
|
||||||
|
give misleading information about the cause to the crash.
|
||||||
|
|
||||||
<P>If you CANNOT get Squid to leave a core file for you then one of
|
<P>If you CANNOT get Squid to leave a core file for you then one of
|
||||||
the following approaches can be used<label ID="nocore">
|
the following approaches can be used<label ID="nocore">
|
||||||
@ -6538,7 +6594,7 @@ Squid. Here is a short automated script that should work:
|
|||||||
|
|
||||||
<P>Other options if the above cannot be done is to:
|
<P>Other options if the above cannot be done is to:
|
||||||
|
|
||||||
<P>a) Build Squid with the --enable-stacktraces option, if support exists for your OS (exists for Linux glibc on Intel, and Solaris with some extra libraries..)
|
<P>a) Build Squid with the --enable-stacktraces option, if support exists for your OS (exists for Linux glibc on Intel, and Solaris with some extra libraries which seems rather impossible to find these days..)
|
||||||
|
|
||||||
<P>b) Run Squid using the "catchsegv" tool. (Linux glibc Intel)
|
<P>b) Run Squid using the "catchsegv" tool. (Linux glibc Intel)
|
||||||
|
|
||||||
@ -6563,7 +6619,7 @@ command line option:
|
|||||||
</verb>
|
</verb>
|
||||||
This causes every <em/debug()/ statement in the source code to write a line
|
This causes every <em/debug()/ statement in the source code to write a line
|
||||||
in the <em/cache.log/ file.
|
in the <em/cache.log/ file.
|
||||||
You also use the same command to restore Squid to normal debugging.
|
You also use the same command to restore Squid to normal debugging level.
|
||||||
|
|
||||||
<P>
|
<P>
|
||||||
To enable selective debugging (e.g. for one source file only), you
|
To enable selective debugging (e.g. for one source file only), you
|
||||||
@ -7179,7 +7235,7 @@ encryption in Webmin.
|
|||||||
<sect1>Segment Violation at startup or upon first request
|
<sect1>Segment Violation at startup or upon first request
|
||||||
|
|
||||||
<p>
|
<p>
|
||||||
Some versions of GCC (notably 2.95.1 through 2.95.3) have bugs
|
Some versions of GCC (notably 2.95.1 through 2.95.4 at least) have bugs
|
||||||
with compiler optimization. These GCC bugs may cause NULL pointer
|
with compiler optimization. These GCC bugs may cause NULL pointer
|
||||||
accesses in Squid, resulting in a ``FATAL: Received Segment
|
accesses in Squid, resulting in a ``FATAL: Received Segment
|
||||||
Violation...dying'' message and a core dump.
|
Violation...dying'' message and a core dump.
|
||||||
@ -7964,7 +8020,7 @@ The <em/keep-alive ratio/ shows up in the <em/server_list/
|
|||||||
cache manager page for Squid 2.
|
cache manager page for Squid 2.
|
||||||
<P>
|
<P>
|
||||||
This is a mechanism to try detecting neighbor caches which might
|
This is a mechanism to try detecting neighbor caches which might
|
||||||
not be able to deal with HTTP/1.1 persistent connections. Every
|
not be able to deal with persistent connections. Every
|
||||||
time we send a <em/proxy-connection: keep-alive/ request header
|
time we send a <em/proxy-connection: keep-alive/ request header
|
||||||
to a neighbor, we count how many times the neighbor sent us
|
to a neighbor, we count how many times the neighbor sent us
|
||||||
a <em/proxy-connection: keep-alive/ reply header. Thus, the
|
a <em/proxy-connection: keep-alive/ reply header. Thus, the
|
||||||
@ -8661,6 +8717,20 @@ describes this.
|
|||||||
|
|
||||||
<sect1>Solaris
|
<sect1>Solaris
|
||||||
|
|
||||||
|
<sect2>TCP incompatibility?
|
||||||
|
<p>
|
||||||
|
J.D. Bronson (jb at ktxg dot com) reported that his Solaris box
|
||||||
|
could not talk to certain origin servers, such as
|
||||||
|
<url url="http://moneycentral.msn.com/" name="moneycentral.msn.com">
|
||||||
|
and <url url="http://www.mbnanetaccess.com" name="www.mbnanetaccess.com">.
|
||||||
|
J.D. fixed his problem by setting:
|
||||||
|
<verb>
|
||||||
|
tcp_xmit_hiwat 49152
|
||||||
|
tcp_xmit_lowat 4096
|
||||||
|
tcp_recv_hiwat 49152
|
||||||
|
</verb>
|
||||||
|
|
||||||
|
|
||||||
<sect2>select()
|
<sect2>select()
|
||||||
<P>
|
<P>
|
||||||
<em/select(3c)/ won't handle more than 1024 file descriptors. The
|
<em/select(3c)/ won't handle more than 1024 file descriptors. The
|
||||||
@ -8972,8 +9042,8 @@ diff -p -u -r1.40 -r1.41
|
|||||||
* SUCH DAMAGE.
|
* SUCH DAMAGE.
|
||||||
*
|
*
|
||||||
* @(#)uipc_socket.c 8.3 (Berkeley) 4/15/94
|
* @(#)uipc_socket.c 8.3 (Berkeley) 4/15/94
|
||||||
- * $Id: FAQ.sgml,v 1.5 2004/09/09 12:40:04 cvsdist Exp $
|
- * $Id: FAQ.sgml,v 1.6 2004/09/09 12:41:26 cvsdist Exp $
|
||||||
+ * $Id: FAQ.sgml,v 1.5 2004/09/09 12:40:04 cvsdist Exp $
|
+ * $Id: FAQ.sgml,v 1.6 2004/09/09 12:41:26 cvsdist Exp $
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include <sys/param.h>
|
#include <sys/param.h>
|
||||||
@ -10582,13 +10652,16 @@ forwarding is enabled with the following command:
|
|||||||
|
|
||||||
<sect1>Interception caching with Linux 2.4 and netfilter
|
<sect1>Interception caching with Linux 2.4 and netfilter
|
||||||
<label id="trans-linux-3">
|
<label id="trans-linux-3">
|
||||||
<P>
|
<p>
|
||||||
NOTE: this information comes from Daniel Kiracofe's
|
NOTE: this information comes from Daniel Kiracofe's
|
||||||
<url url="http://www.linuxdoc.org/HOWTO/mini/TransparentProxy.html"
|
<url url="http://www.linuxdoc.org/HOWTO/mini/TransparentProxy.html"
|
||||||
name="Transparent Proxy with Squid mini-HOWTO">.
|
name="Transparent Proxy with Squid mini-HOWTO">.
|
||||||
<p>
|
<P>
|
||||||
You may need to build a new kernel. Be sure to enable
|
To support netfilter transparent interception on Linux 2.4 Squid
|
||||||
all of these options (none of them as modules):
|
must be compiled with the --enable-linux-netfilter option.
|
||||||
|
<P>
|
||||||
|
To enable netwfilter support you may need to build a new kernel.
|
||||||
|
Be sure to enable all of these options:
|
||||||
<itemize>
|
<itemize>
|
||||||
<item>Networking support
|
<item>Networking support
|
||||||
<item>Sysctl support
|
<item>Sysctl support
|
||||||
@ -11015,8 +11088,8 @@ This appears to cause the correct behaviour.
|
|||||||
<sect1>WCCP - Web Cache Coordination Protocol
|
<sect1>WCCP - Web Cache Coordination Protocol
|
||||||
|
|
||||||
<p>
|
<p>
|
||||||
Contributors: <url url="mailto:glenn@ircache.net" name="Glenn Chisholm"> and
|
Contributors: <url url="mailto:glenn@ircache.net" name="Glenn Chisholm">,
|
||||||
<url url="mailto:ltd@cisco.com" name="Lincoln Dale">.
|
<url url="mailto:ltd@cisco.com" name="Lincoln Dale"> and <url url="mailto:reuben-squid@reub.net" name="Reuben Farrelly">.
|
||||||
|
|
||||||
<sect2>Does Squid support WCCP?
|
<sect2>Does Squid support WCCP?
|
||||||
|
|
||||||
@ -11046,7 +11119,7 @@ debug output from your router to <em/squid-bugs/.
|
|||||||
|
|
||||||
wccp enable
|
wccp enable
|
||||||
!
|
!
|
||||||
interface [Interface Carrying Outgoing Traffic]x/x
|
interface [Interface carrying Outgoing Traffic]x/x
|
||||||
!
|
!
|
||||||
ip wccp web-cache redirect
|
ip wccp web-cache redirect
|
||||||
!
|
!
|
||||||
@ -11070,32 +11143,40 @@ and <em/12.0(4)T/ do not have WCCPv1, but <em/12.0(5)T/ does.
|
|||||||
conf t
|
conf t
|
||||||
|
|
||||||
ip wccp version 1
|
ip wccp version 1
|
||||||
ip wccp web-cache
|
ip wccp web-cache redirect-list 150
|
||||||
!
|
!
|
||||||
interface [Interface Carrying Outgoing/Incomming Traffic]x/x
|
interface [Interface carrying Outgoing/Incoming Traffic]x/x
|
||||||
ip wccp web-cache redirect out|in
|
ip wccp web-cache redirect out|in
|
||||||
!
|
!
|
||||||
CTRL Z
|
CTRL Z
|
||||||
write mem
|
write mem
|
||||||
</verb>
|
</verb>
|
||||||
|
|
||||||
<sect2>IOS 12.3 problems
|
|
||||||
<p>
|
<p>
|
||||||
Some people report problems with WCCP and IOS 12.3. They see
|
Replace 150 with an access list number (either standard or extended)
|
||||||
|
which lists IP addresses which you do not wish to be transparently
|
||||||
|
redirected to your cache. Otherwise simply user the word 'redirect'
|
||||||
|
on it's own to redirect traffic from all sources to all destinations.
|
||||||
|
|
||||||
|
<sect2>IOS 12.x problems
|
||||||
|
<p>
|
||||||
|
Some people report problems with WCCP and IOS 12.x. They see
|
||||||
truncated or fragmented GRE packets arriving at the cache. Apparently
|
truncated or fragmented GRE packets arriving at the cache. Apparently
|
||||||
it works if you disable Cisco Express Forwarding for the interface:
|
it works if you disable Cisco Express Forwarding for the interface:
|
||||||
<verb>
|
<verb>
|
||||||
conf t
|
conf t
|
||||||
ip cep # some systems may need 'ip cep global'
|
ip cef # some systems may already have 'ip cef global'
|
||||||
int Ethernet0/0
|
int Ethernet 0/0 (or int FastEthernet 0/0 or other internal interface)
|
||||||
no ip route-cache cef
|
no ip route-cache cef
|
||||||
CTRL Z
|
CTRL Z
|
||||||
</verb>
|
</verb>
|
||||||
|
<p>
|
||||||
|
This may well be fixed in later releases of IOS.
|
||||||
|
|
||||||
<sect2>Configuring FreeBSD
|
<sect2>Configuring FreeBSD
|
||||||
|
|
||||||
<P>
|
<P>
|
||||||
FreeBSD first needs to be configured to recieve and strip the GRE
|
FreeBSD first needs to be configured to receive and strip the GRE
|
||||||
encapsulation from the packets from the router. To do this you will
|
encapsulation from the packets from the router. To do this you will
|
||||||
need to patch and recompile your kernel.
|
need to patch and recompile your kernel.
|
||||||
|
|
||||||
@ -11512,7 +11593,7 @@ name="cache-snmp-request@ircache.net">.
|
|||||||
|
|
||||||
<P>
|
<P>
|
||||||
<itemize>
|
<itemize>
|
||||||
<item>HTTP/1.1 persistent connections.
|
<item>persistent connections.
|
||||||
<item>Lower VM usage; in-transit objects are not held fully in memory.
|
<item>Lower VM usage; in-transit objects are not held fully in memory.
|
||||||
<item>Totally independent swap directories.
|
<item>Totally independent swap directories.
|
||||||
<item>Customizable error texts.
|
<item>Customizable error texts.
|
||||||
@ -11655,7 +11736,7 @@ option:
|
|||||||
<sect1>Delay Pools
|
<sect1>Delay Pools
|
||||||
|
|
||||||
<P>
|
<P>
|
||||||
by <url url="mailto:luyer@ucs.uwa.edu.au" name="David Luyer">.
|
by <url url="mailto:david@luyer.net" name="David Luyer">.
|
||||||
|
|
||||||
<P>
|
<P>
|
||||||
<bf>
|
<bf>
|
||||||
@ -12101,7 +12182,7 @@ This list describes the tags which Squid will insert into the messages:
|
|||||||
<descrip>
|
<descrip>
|
||||||
<tag/%B/ URL with FTP %2f hack
|
<tag/%B/ URL with FTP %2f hack
|
||||||
<tag/%c/ Squid error code
|
<tag/%c/ Squid error code
|
||||||
<tag/%d/ seconds elapsed since request received
|
<tag/%d/ seconds elapsed since request received (not yet implemented)
|
||||||
<tag/%e/ errno
|
<tag/%e/ errno
|
||||||
<tag/%E/ strerror()
|
<tag/%E/ strerror()
|
||||||
<tag/%f/ FTP request line
|
<tag/%f/ FTP request line
|
||||||
@ -12113,19 +12194,34 @@ This list describes the tags which Squid will insert into the messages:
|
|||||||
<tag/%I/ server IP address
|
<tag/%I/ server IP address
|
||||||
<tag/%L/ contents of <em/err_html_text/ config option
|
<tag/%L/ contents of <em/err_html_text/ config option
|
||||||
<tag/%M/ Request Method
|
<tag/%M/ Request Method
|
||||||
|
<tag/%m/ Error message returned by external auth helper
|
||||||
<tag/%p/ URL port \#
|
<tag/%p/ URL port \#
|
||||||
<tag/%P/ Protocol
|
<tag/%P/ Protocol
|
||||||
<tag/%R/ Full HTTP Request
|
<tag/%R/ Full HTTP Request
|
||||||
<tag/%S/ squid signature from ERR_SIGNATURE
|
<tag/%S/ squid default signature
|
||||||
<tag/%s/ caching proxy software with version
|
<tag/%s/ caching proxy software with version
|
||||||
<tag/%t/ local time
|
<tag/%t/ local time
|
||||||
<tag/%T/ UTC
|
<tag/%T/ UTC
|
||||||
<tag/%U/ URL without password
|
<tag/%U/ URL without password
|
||||||
<tag/%u/ URL without password, %2f added to path
|
<tag/%u/ URL with password (Squid-2.5 and later only)
|
||||||
<tag/%w/ cachemgr email address
|
<tag/%w/ cachemgr email address
|
||||||
<tag/%z/ dns server error message
|
<tag/%z/ dns server error message
|
||||||
</descrip>
|
</descrip>
|
||||||
|
|
||||||
|
The Squid default signature is added automatically unless %s or %S
|
||||||
|
is used in the error page. To change the signature you must manually append
|
||||||
|
the signature to each error page.
|
||||||
|
|
||||||
|
<P>The default signature reads like:
|
||||||
|
<verb>
|
||||||
|
<BR clear="all">
|
||||||
|
<HR noshade size="1px">
|
||||||
|
<ADDRESS>
|
||||||
|
Generated %T by %h (%s)
|
||||||
|
</ADDRESS>
|
||||||
|
</BODY></HTML>
|
||||||
|
</verb>
|
||||||
|
|
||||||
<sect1>My squid.conf from version 1.1 doesn't work!
|
<sect1>My squid.conf from version 1.1 doesn't work!
|
||||||
<P>
|
<P>
|
||||||
Yes, a number of configuration directives have been renamed.
|
Yes, a number of configuration directives have been renamed.
|
||||||
@ -12908,6 +13004,291 @@ storage of passwords and usernames.
|
|||||||
|
|
||||||
<!-- %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -->
|
<!-- %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -->
|
||||||
|
|
||||||
|
<sect1>How do I use the Winbind authenticators?
|
||||||
|
|
||||||
|
<p>by
|
||||||
|
<url url="mailto: jmurdock at itraktech dot com" name="Jerry Murdock">
|
||||||
|
|
||||||
|
<p>
|
||||||
|
Winbind is a recent addition to Samba providing some impressive
|
||||||
|
capabilities for NT based user accounts. From Squid's perspective winbind provides a
|
||||||
|
robust and efficient engine for both basic and NTLM challenge/response authentication
|
||||||
|
against an NT domain controller.
|
||||||
|
<p>
|
||||||
|
The winbind authenticators have been used successfully under Linux, FreeBSD and Solaris.
|
||||||
|
<p>
|
||||||
|
|
||||||
|
<sect2>Supported Samba Releases
|
||||||
|
<p>
|
||||||
|
Samba 2.2.x releases 2.2.4 and later are officially supported.
|
||||||
|
|
||||||
|
Squid 2.5 uses an internal Samba interface to communicate with the winbindd daemon.
|
||||||
|
It is therefore sensitive to any changes the Samba team may make to the interface.
|
||||||
|
|
||||||
|
If using Samba 2.2.4 or 2.2.5 then the Squid winbind helpers will work as is.
|
||||||
|
|
||||||
|
With Samba 2.2.6, the winbindd interface changed and Squid 2.5 will not work as
|
||||||
|
distributed. Replacing the <tt>winbindd_nss.h</tt> file in Squid's
|
||||||
|
<tt>helpers/basic_auth/winbind</tt>, <tt>helpers/ntlm_auth/winbind</tt> and <tt>helpers/external_acl/wb_group/</tt>
|
||||||
|
directories with the version in Samba's <tt>source/nsswitch</tt> directory
|
||||||
|
is needed for the helpers to work properly.
|
||||||
|
|
||||||
|
Samba 3.0a17 and 3.0a18 implement the same winbindd interface as 2.2.4+ and are known to work.
|
||||||
|
|
||||||
|
With Samba 3.0a19, the winbindd interface changed and Squid 2.5 will not work as
|
||||||
|
distributed. Replacing the <tt>winbindd_nss.h</tt> file in Squid's
|
||||||
|
<tt>helpers/basic_auth/winbind</tt>, <tt>helpers/ntlm_auth/winbind</tt> and <tt>helpers/external_acl/wb_group/</tt>
|
||||||
|
directories with the version in Samba's <tt>source/nsswitch</tt> directory has
|
||||||
|
been reported to work.
|
||||||
|
|
||||||
|
The approach may be applicable for later Samba 3.0 versions as long as the
|
||||||
|
interface does not change significantly, but there is no guarantees.
|
||||||
|
|
||||||
|
The Samba and Squid teams are actively working together to insure future Samba
|
||||||
|
stable releases will be supported.
|
||||||
|
|
||||||
|
<sect2>Configure Samba
|
||||||
|
<p>
|
||||||
|
<bf>Build/Install Samba</bf>
|
||||||
|
<p>
|
||||||
|
Samba must be built with configure options:
|
||||||
|
<verb>
|
||||||
|
--with-winbind
|
||||||
|
--with-winbind-auth-challenge (needed for ntlm)
|
||||||
|
</verb>
|
||||||
|
<p>
|
||||||
|
Optionally, if building Samba 2.2.5, apply the
|
||||||
|
<url url="http://www.squid-cache.org/mail-archive/squid-dev/200207/att-0117/01-smbpasswd.diff" name="smbpasswd.diff">
|
||||||
|
patch. See <ref id="WinbindTrustAccounts" name="SMBD and Machine Trust Accounts"> below to
|
||||||
|
determine if the patch is worthwhile.
|
||||||
|
|
||||||
|
<bf>Test Samba's winbindd</bf>
|
||||||
|
<enum>
|
||||||
|
<item>
|
||||||
|
Edit smb.conf for winbindd functionality. The following entries in
|
||||||
|
the [global] section of smbd.conf may be used as a template.
|
||||||
|
<verb>
|
||||||
|
workgroup = mydomain
|
||||||
|
password server = myPDC
|
||||||
|
security = domain
|
||||||
|
winbind uid = 10000-20000
|
||||||
|
winbind gid = 10000-20000
|
||||||
|
winbind use default domain = yes
|
||||||
|
</verb>
|
||||||
|
</item>
|
||||||
|
|
||||||
|
<item>
|
||||||
|
Join the NT domain as outlined in the winbindd man page for your
|
||||||
|
version of samba.
|
||||||
|
</item>
|
||||||
|
|
||||||
|
<item>
|
||||||
|
Test winbindd functionality.
|
||||||
|
<itemize>
|
||||||
|
<item>
|
||||||
|
Start nmbd (required to insure proper operation).
|
||||||
|
</item>
|
||||||
|
|
||||||
|
<item>
|
||||||
|
Start winbindd.
|
||||||
|
</item>
|
||||||
|
|
||||||
|
<item>
|
||||||
|
Test basic winbindd functionality "wbinfo -t":
|
||||||
|
<verb>
|
||||||
|
# wbinfo -t
|
||||||
|
Secret is good
|
||||||
|
</verb>
|
||||||
|
</item>
|
||||||
|
|
||||||
|
<item>
|
||||||
|
Test winbindd user authentication:
|
||||||
|
<verb>
|
||||||
|
# wbinfo -a mydomain\\myuser%mypasswd
|
||||||
|
plaintext password authentication succeeded
|
||||||
|
error code was NT_STATUS_OK (0x0)
|
||||||
|
challenge/response password authentication succeeded
|
||||||
|
error code was NT_STATUS_OK (0x0)
|
||||||
|
</verb>
|
||||||
|
</item>
|
||||||
|
</itemize>
|
||||||
|
|
||||||
|
<em/NOTE/: both plaintext and challenge/response should return
|
||||||
|
"succeeded." If there is no "challenge/response" status returned then Samba
|
||||||
|
was not built with "--with-winbind-auth-challenge" and cannot support ntlm
|
||||||
|
authentication.
|
||||||
|
<p>
|
||||||
|
</enum>
|
||||||
|
|
||||||
|
<bf>SMBD and Machine Trust Accounts</bf><label id="WinbindTrustAccounts">
|
||||||
|
<p>
|
||||||
|
|
||||||
|
<bf>Samba 2.2.x</bf>
|
||||||
|
<p>
|
||||||
|
Samba's smbd daemon, while not strictly required by winbindd may be needed
|
||||||
|
to manage the machine's trust account.
|
||||||
|
<p>
|
||||||
|
Well behaved domain members change the account password on a regular
|
||||||
|
basis. Windows and Samba servers default to changing this password
|
||||||
|
every seven days.
|
||||||
|
<p>
|
||||||
|
The Samba component responsible for managing the trust account password
|
||||||
|
is smbd. Smbd needs to receive requests to trigger the password change.
|
||||||
|
If the machine will be used for file and print services, then just
|
||||||
|
running smbd to serve routine requests should keep everything happy.
|
||||||
|
<p>
|
||||||
|
However, in cases where Squid's winbind helpers are the only reason
|
||||||
|
Samba components are running, smbd may sit idle. Indeed, there may be
|
||||||
|
no other reason to run smbd at all.
|
||||||
|
<p>
|
||||||
|
There are two sample options to change the trust account. Either may be scheduled daily via a cron job to
|
||||||
|
change the trust password.
|
||||||
|
<p>
|
||||||
|
<url url="http://www.squid-cache.org/mail-archive/squid-dev/200207/att-0076/02-UglySolution.pl" name="UglySolution.pl">
|
||||||
|
is a sample perl script to load smbd, connect to
|
||||||
|
a Samba share using smbclient, and generate enough dummy activity to
|
||||||
|
trigger smbd's machine trust account password change code.
|
||||||
|
<p>
|
||||||
|
<url url="http://www.squid-cache.org/mail-archive/squid-dev/200207/att-0117/01-smbpasswd.diff" name="smbpasswd.diff">
|
||||||
|
is a patch to Samba 2.2.5's smbpasswd utility to allow
|
||||||
|
changing the machine account password at will. It is a minimal patch
|
||||||
|
simply exposing a command line interface to an existing Samba function.
|
||||||
|
<p><bf>Note: This patch has been included in Samba as of 2.2.6pre2.</bf>
|
||||||
|
|
||||||
|
<p>
|
||||||
|
Once patched, the smbpasswd syntax to change the password is:
|
||||||
|
<verb>
|
||||||
|
smbpasswd -t DOMAIN -r PDC
|
||||||
|
</verb>
|
||||||
|
|
||||||
|
<bf>Samba 3.x</bf>
|
||||||
|
<p>
|
||||||
|
The Samba team has incorporated functionality to change the machine
|
||||||
|
trust account password in the new "net" command. A simple daily cron
|
||||||
|
job scheduling "<tt>net rpc changetrustpw</tt>" is all that is needed.
|
||||||
|
<p>
|
||||||
|
|
||||||
|
<sect2>Configure Squid
|
||||||
|
<p>
|
||||||
|
|
||||||
|
<bf>Build/Install Squid</bf>
|
||||||
|
<p>
|
||||||
|
Squid must be built with the configure options:
|
||||||
|
<verb>
|
||||||
|
--enable-auth="ntlm,basic"
|
||||||
|
--enable-basic-auth-helpers="winbind"
|
||||||
|
--enable-ntlm-auth-helpers="winbind"
|
||||||
|
</verb>
|
||||||
|
|
||||||
|
<bf>Test Squid without auth</bf>
|
||||||
|
<p>
|
||||||
|
Before going further, test basic Squid functionality. Make sure squid
|
||||||
|
is functioning without requiring authorization.
|
||||||
|
<p>
|
||||||
|
|
||||||
|
<bf>Test the helpers</bf>
|
||||||
|
<p>
|
||||||
|
Testing the winbind ntlm helper is not really possible from the command
|
||||||
|
line, but the winbind basic authenticator can be tested like any other
|
||||||
|
basic helper:
|
||||||
|
<verb>
|
||||||
|
# /usr/local/squid/libexec/wb_auth -d
|
||||||
|
/wb_auth[65180](wb_basic_auth.c:136): basic winbindd auth helper ...
|
||||||
|
mydomain\myuser mypasswd
|
||||||
|
/wb_auth[65180](wb_basic_auth.c:107): Got 'mydomain\myuser mypasswd' from squid (length: 24).
|
||||||
|
/wb_auth[65180](wb_basic_auth.c:54): winbindd result: 0
|
||||||
|
/wb_auth[65180](wb_basic_auth.c:57): sending 'OK' to squid
|
||||||
|
OK
|
||||||
|
</verb>
|
||||||
|
The helper should return "OK" if given a valid username/password.
|
||||||
|
<p>
|
||||||
|
|
||||||
|
|
||||||
|
<bf>Edit squid.conf</bf>
|
||||||
|
<p>
|
||||||
|
<enum>
|
||||||
|
|
||||||
|
<item>
|
||||||
|
Setup the authenticators.
|
||||||
|
<p>
|
||||||
|
Add the following to enable both the winbind basic and ntlm
|
||||||
|
authenticators. IE will use ntlm and everything else basic:
|
||||||
|
<verb>
|
||||||
|
auth_param ntlm program /usr/local/squid/libexec/wb_ntlmauth
|
||||||
|
auth_param ntlm children 5
|
||||||
|
auth_param ntlm max_challenge_reuses 0
|
||||||
|
auth_param ntlm max_challenge_lifetime 2 minutes
|
||||||
|
|
||||||
|
auth_param basic program /usr/local/squid/libexec/wb_auth
|
||||||
|
auth_param basic children 5
|
||||||
|
auth_param basic realm Squid proxy-caching web server
|
||||||
|
auth_param basic credentialsttl 2 hours
|
||||||
|
</verb>
|
||||||
|
</item>
|
||||||
|
|
||||||
|
<item>
|
||||||
|
Add acl entries to require authentication:
|
||||||
|
<verb>
|
||||||
|
acl AuthorizedUsers proxy_auth REQUIRED
|
||||||
|
..
|
||||||
|
http_access allow all AuthorizedUsers
|
||||||
|
</verb>
|
||||||
|
</item>
|
||||||
|
</enum>
|
||||||
|
<p>
|
||||||
|
|
||||||
|
<bf>Test Squid with auth</bf>
|
||||||
|
<p>
|
||||||
|
<enum>
|
||||||
|
|
||||||
|
<item>
|
||||||
|
Internet Explorer:
|
||||||
|
<p>
|
||||||
|
Test browsing through squid with IE. If logged into the domain,
|
||||||
|
a password prompt should NOT pop up.
|
||||||
|
<p>
|
||||||
|
Confirm the traffic really is being authorized by tailing access.log.
|
||||||
|
The domain\username should be present.
|
||||||
|
<p>
|
||||||
|
</item>
|
||||||
|
|
||||||
|
<item>
|
||||||
|
Netscape, mozilla, opera...:
|
||||||
|
<p>
|
||||||
|
Test with a non-IE browser. A standard password dialog should appear.
|
||||||
|
<p>
|
||||||
|
Entering the domain should not be required if the user is in the
|
||||||
|
default domain and "winbind use default domain = yes" is set in
|
||||||
|
smb.conf. Otherwise, the username must be entered in "domain\username" format.
|
||||||
|
</item>
|
||||||
|
</enum>
|
||||||
|
<p>
|
||||||
|
<p>
|
||||||
|
If no usernames appear in access.log and/or no password dialogs appear
|
||||||
|
in either browser, then the acl/http_access portions of squid.conf are
|
||||||
|
not correct.
|
||||||
|
<p>
|
||||||
|
<p>
|
||||||
|
<bf>References</bf>
|
||||||
|
<p>
|
||||||
|
<url url="http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection.html#WINBIND" name="Samba Winbind Overview">
|
||||||
|
<p>
|
||||||
|
<url url="http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection.html#AEN1134" name="Joining a Domain in Samba 2.2.x">
|
||||||
|
<p>
|
||||||
|
<url url="http://www.samba.org/samba/docs/man/winbindd.8.html" name="winbindd man page">
|
||||||
|
<p>
|
||||||
|
<url url="http://www.samba.org/samba/docs/man/wbinfo.1.html" name="wbinfo man page">
|
||||||
|
<p>
|
||||||
|
<url url="http://www.samba.org/samba/docs/man/nmbd.8.html" name="nmbd man page">
|
||||||
|
<p>
|
||||||
|
<url url="http://www.samba.org/samba/docs/man/smbd.8.html" name="smbd man page">
|
||||||
|
<p>
|
||||||
|
<url url="http://www.samba.org/samba/docs/man/smb.conf.5.html" name="smb.conf man page">
|
||||||
|
<p>
|
||||||
|
<url url="http://www.samba.org/samba/docs/man/smbclient.1.html" name="smbclient man page">
|
||||||
|
|
||||||
|
<!-- %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -->
|
||||||
|
|
||||||
<sect>Terms and Definitions
|
<sect>Terms and Definitions
|
||||||
|
|
||||||
<sect1>Neighbor
|
<sect1>Neighbor
|
||||||
@ -12975,7 +13356,7 @@ want to make a cron job that regularly verifies that your proxy blocks
|
|||||||
access to port 25.
|
access to port 25.
|
||||||
|
|
||||||
<verb>
|
<verb>
|
||||||
$Id: FAQ.sgml,v 1.5 2004/09/09 12:40:04 cvsdist Exp $
|
$Id: FAQ.sgml,v 1.6 2004/09/09 12:41:26 cvsdist Exp $
|
||||||
</verb>
|
</verb>
|
||||||
</article>
|
</article>
|
||||||
<!-- LocalWords: SSL MSIE Netmanage Chameleon WebSurfer unchecking remotehost
|
<!-- LocalWords: SSL MSIE Netmanage Chameleon WebSurfer unchecking remotehost
|
||||||
|
2
sources
2
sources
@ -1 +1 @@
|
|||||||
3b91136b8ddcc37196716fa6e85a14b2 squid-2.4.STABLE7-src.tar.gz
|
cd26774cd917842a689fee5f76c8d752 squid-2.5.STABLE1.tar.gz
|
||||||
|
@ -54,7 +54,7 @@ start() {
|
|||||||
for adir in $CACHE_SWAP; do
|
for adir in $CACHE_SWAP; do
|
||||||
if [ ! -d $adir/00 ]; then
|
if [ ! -d $adir/00 ]; then
|
||||||
echo -n "init_cache_dir $adir... "
|
echo -n "init_cache_dir $adir... "
|
||||||
$SQUID -z -F 2>/dev/null
|
$SQUID -z -F -D 2>/dev/null
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
echo -n $"Starting $prog: "
|
echo -n $"Starting $prog: "
|
||||||
|
182
squid.spec
182
squid.spec
@ -1,20 +1,55 @@
|
|||||||
Summary: The Squid proxy caching server.
|
Summary: The Squid proxy caching server.
|
||||||
Name: squid
|
Name: squid
|
||||||
Version: 2.4.STABLE7
|
Version: 2.5.STABLE1
|
||||||
Release: 4
|
Release: 2
|
||||||
Serial: 7
|
Serial: 7
|
||||||
License: GPL
|
License: GPL
|
||||||
Group: System Environment/Daemons
|
Group: System Environment/Daemons
|
||||||
Source: http://www.squid-cache.org/Squid/v2/squid-%{version}-src.tar.gz
|
Source: http://www.squid-cache.org/Squid/v2/squid-%{version}.tar.gz
|
||||||
Source1: http://www.squid-cache.org/Squid/FAQ/FAQ.sgml
|
Source1: http://www.squid-cache.org/Squid/FAQ/FAQ.sgml
|
||||||
Source2: squid.init
|
Source2: squid.init
|
||||||
Source3: squid.logrotate
|
Source3: squid.logrotate
|
||||||
Source4: squid.sysconfig
|
Source4: squid.sysconfig
|
||||||
Patch0: squid-2.1-make.patch
|
Patch1: squid-2.5-config.patch
|
||||||
Patch1: squid-2.4-config.patch
|
|
||||||
Patch2: squid-perlpath.patch
|
Patch2: squid-perlpath.patch
|
||||||
Patch3: squid-location.patch
|
Patch3: squid-location.patch
|
||||||
Patch10: squid-2.4.STABLE7-msntauth.patch
|
Patch4: squid-2.5-build.patch
|
||||||
|
|
||||||
|
# Official upstream patches
|
||||||
|
Patch100: squid-2.5.STABLE1-ldap_group.patch
|
||||||
|
Patch101: squid-2.5.STABLE1-relnote11.patch
|
||||||
|
Patch102: squid-2.5.STABLE1-aufs_reentrant.patch
|
||||||
|
Patch103: squid-2.5.STABLE1-chroot.patch
|
||||||
|
Patch104: squid-2.5.STABLE1-S.patch
|
||||||
|
Patch105: squid-2.5.STABLE1-offline_mode.patch
|
||||||
|
Patch106: squid-2.5.STABLE1-rebuild_assert.patch
|
||||||
|
Patch107: squid-2.5.STABLE1-RunCache.patch
|
||||||
|
Patch108: squid-2.5.STABLE1-aufs_performance.patch
|
||||||
|
Patch109: squid-2.5.STABLE1-ldap_group-compile.patch
|
||||||
|
Patch110: squid-2.5.STABLE1-flags_open.patch
|
||||||
|
Patch111: squid-2.5.STABLE1-spaces.patch
|
||||||
|
Patch112: squid-2.5.STABLE1-dnsserver.patch
|
||||||
|
Patch113: squid-2.5.STABLE1-auth-proxy.patch
|
||||||
|
Patch114: squid-2.5.STABLE1-cachemgr.patch
|
||||||
|
Patch115: squid-2.5.STABLE1-uninstall.patch
|
||||||
|
Patch116: squid-2.5.STABLE1-ext_acl_exit.patch
|
||||||
|
Patch117: squid-2.5.STABLE1-request_entity.patch
|
||||||
|
Patch118: squid-2.5.STABLE1-ext_acl_comma.patch
|
||||||
|
Patch119: squid-2.5.STABLE1-acl_leak.patch
|
||||||
|
Patch120: squid-2.5.STABLE1-aufs.patch
|
||||||
|
Patch121: squid-2.5.STABLE1-memstat.patch
|
||||||
|
Patch122: squid-2.5.STABLE1-wccp.patch
|
||||||
|
Patch123: squid-2.5.STABLE1-strwordtok.patch
|
||||||
|
Patch124: squid-2.5.STABLE1-pthreads.patch
|
||||||
|
Patch126: squid-2.5.STABLE1-ldap_auth.patch
|
||||||
|
Patch127: squid-2.5.STABLE1-referer_log.patch
|
||||||
|
Patch128: squid-2.5.STABLE1-load_icons.patch
|
||||||
|
Patch129: squid-2.5.STABLE1-cache_dir_docs.patch
|
||||||
|
Patch130: squid-2.5.STABLE1-max_user_ip.patch
|
||||||
|
Patch131: squid-2.5.STABLE1-proxy_auth.patch
|
||||||
|
Patch132: squid-2.5.STABLE1-disable-http-violations.patch
|
||||||
|
Patch133: squid-2.5.STABLE1-disable-ident-lookups.patch
|
||||||
|
|
||||||
BuildRoot: %{_tmppath}/%{name}-%{version}-root
|
BuildRoot: %{_tmppath}/%{name}-%{version}-root
|
||||||
Prereq: /sbin/chkconfig logrotate shadow-utils
|
Prereq: /sbin/chkconfig logrotate shadow-utils
|
||||||
Requires: bash >= 2.0
|
Requires: bash >= 2.0
|
||||||
@ -35,35 +70,61 @@ lookup program (dnsserver), a program for retrieving FTP data
|
|||||||
|
|
||||||
%prep
|
%prep
|
||||||
%setup -q
|
%setup -q
|
||||||
%patch0 -p1 -b .make
|
|
||||||
%patch1 -p1 -b .config
|
%patch1 -p1 -b .config
|
||||||
%patch2 -p1 -b .perlpath
|
#%patch2 -p1 -b .perlpath
|
||||||
%patch3 -p1
|
%patch3 -p1 -b .location
|
||||||
%patch10 -p1
|
%patch4 -p1 -b .build
|
||||||
|
|
||||||
|
%patch100 -p1
|
||||||
|
%patch101 -p1
|
||||||
|
%patch102 -p1
|
||||||
|
%patch103 -p1
|
||||||
|
%patch104 -p1
|
||||||
|
%patch105 -p1
|
||||||
|
%patch106 -p1
|
||||||
|
%patch107 -p1
|
||||||
|
%patch108 -p1
|
||||||
|
%patch109 -p1
|
||||||
|
%patch110 -p1
|
||||||
|
%patch111 -p1
|
||||||
|
%patch112 -p1
|
||||||
|
%patch113 -p1
|
||||||
|
%patch114 -p1
|
||||||
|
%patch115 -p1
|
||||||
|
%patch116 -p1
|
||||||
|
%patch117 -p1
|
||||||
|
%patch118 -p1
|
||||||
|
%patch119 -p1
|
||||||
|
%patch120 -p1
|
||||||
|
%patch121 -p1
|
||||||
|
%patch122 -p1
|
||||||
|
%patch123 -p1
|
||||||
|
%patch124 -p1
|
||||||
|
%patch126 -p1
|
||||||
|
%patch127 -p1
|
||||||
|
%patch128 -p1
|
||||||
|
%patch129 -p1
|
||||||
|
%patch130 -p1
|
||||||
|
%patch131 -p1
|
||||||
|
%patch132 -p1
|
||||||
|
%patch133 -p1
|
||||||
|
|
||||||
|
|
||||||
%build
|
%build
|
||||||
%configure \
|
%configure \
|
||||||
--exec_prefix=/usr --bindir=/usr/sbin --libexecdir=/usr/lib/squid \
|
--exec_prefix=/usr --bindir=/usr/sbin --libexecdir=/usr/lib/squid \
|
||||||
--localstatedir=/var --sysconfdir=/etc/squid \
|
--localstatedir=/var --sysconfdir=/etc/squid \
|
||||||
--enable-poll --enable-snmp --enable-removal-policies="heap,lru" \
|
--enable-poll --enable-snmp --enable-removal-policies="heap,lru" \
|
||||||
--enable-storeio="aufs,coss,diskd,ufs" \
|
--enable-storeio="aufs,coss,diskd,ufs" --enable-ssl \
|
||||||
|
--with-openssl=/usr/kerberos \
|
||||||
--enable-delay-pools --enable-linux-netfilter \
|
--enable-delay-pools --enable-linux-netfilter \
|
||||||
--with-pthreads \
|
--with-pthreads \
|
||||||
--enable-auth-modules="LDAP,NCSA,PAM,SMB,MSNT" # --enable-icmp
|
--enable-basic-auth-helpers="LDAP,NCSA,PAM,SMB,SASL,MSNT" \
|
||||||
|
--enable-ntlm-auth-helpers="SMB,winbind" \
|
||||||
|
--enable-external-acl-helpers="ip_user,ldap_group,unix_group,wbinfo_group,winbind_group" \
|
||||||
|
# --enable-icmp
|
||||||
|
|
||||||
# Some versions of autoconf fail to detect sys/resource.h correctly;
|
make
|
||||||
# apparently because it generates a compiler warning.
|
|
||||||
|
|
||||||
if [ -e /usr/include/sys/resource.h ]; then
|
|
||||||
cat >>include/autoconf.h <<EOF
|
|
||||||
#ifndef HAVE_SYS_RESOURCE_H
|
|
||||||
#define HAVE_SYS_RESOURCE_H 1
|
|
||||||
#define HAVE_STRUCT_RUSAGE 1
|
|
||||||
#endif
|
|
||||||
EOF
|
|
||||||
fi
|
|
||||||
|
|
||||||
make -f makefile
|
|
||||||
|
|
||||||
mkdir faq
|
mkdir faq
|
||||||
cp $RPM_SOURCE_DIR/FAQ.sgml faq
|
cp $RPM_SOURCE_DIR/FAQ.sgml faq
|
||||||
@ -71,18 +132,6 @@ cd faq
|
|||||||
sgml2html FAQ.sgml
|
sgml2html FAQ.sgml
|
||||||
|
|
||||||
#cd ..
|
#cd ..
|
||||||
#cd auth_modules
|
|
||||||
#cd LDAP
|
|
||||||
#make
|
|
||||||
#cd ../NCSA
|
|
||||||
#make
|
|
||||||
#cd ../PAM
|
|
||||||
#make
|
|
||||||
#cd ../SMB
|
|
||||||
#make SAMBAPREFIX=%{prefix}
|
|
||||||
#cd ../getpwnam
|
|
||||||
#make
|
|
||||||
#cd ../..
|
|
||||||
|
|
||||||
%install
|
%install
|
||||||
rm -rf $RPM_BUILD_ROOT
|
rm -rf $RPM_BUILD_ROOT
|
||||||
@ -91,20 +140,8 @@ rm -rf $RPM_BUILD_ROOT
|
|||||||
localstatedir=$RPM_BUILD_ROOT/var \
|
localstatedir=$RPM_BUILD_ROOT/var \
|
||||||
bindir=$RPM_BUILD_ROOT/usr/sbin \
|
bindir=$RPM_BUILD_ROOT/usr/sbin \
|
||||||
libexecdir=$RPM_BUILD_ROOT/usr/lib/squid
|
libexecdir=$RPM_BUILD_ROOT/usr/lib/squid
|
||||||
#install -m 4750 src/pinger $RPM_BUILD_ROOT/usr/lib/squid
|
|
||||||
|
|
||||||
mv $RPM_BUILD_ROOT/usr/sbin/*auth $RPM_BUILD_ROOT/usr/lib/squid
|
ln -s %{_datadir}/squid/errors/English $RPM_BUILD_ROOT/etc/squid/errors
|
||||||
|
|
||||||
cd errors
|
|
||||||
rm -rf $RPM_BUILD_ROOT/etc/squid/errors
|
|
||||||
mkdir -p $RPM_BUILD_ROOT/usr/lib/squid/errors
|
|
||||||
for i in *; do
|
|
||||||
if [ -d $i ]; then
|
|
||||||
mkdir -p $RPM_BUILD_ROOT/usr/lib/squid/errors/$i
|
|
||||||
install -m 644 $i/* $RPM_BUILD_ROOT/usr/lib/squid/errors/$i
|
|
||||||
fi
|
|
||||||
done
|
|
||||||
ln -s /usr/lib/squid/errors/English $RPM_BUILD_ROOT/etc/squid/errors
|
|
||||||
|
|
||||||
mkdir -p $RPM_BUILD_ROOT/etc/rc.d/init.d
|
mkdir -p $RPM_BUILD_ROOT/etc/rc.d/init.d
|
||||||
mkdir -p $RPM_BUILD_ROOT/etc/logrotate.d
|
mkdir -p $RPM_BUILD_ROOT/etc/logrotate.d
|
||||||
@ -116,6 +153,9 @@ install -m 644 $RPM_SOURCE_DIR/squid.sysconfig $RPM_BUILD_ROOT/etc/sysconfig/squ
|
|||||||
mkdir -p $RPM_BUILD_ROOT/var/log/squid
|
mkdir -p $RPM_BUILD_ROOT/var/log/squid
|
||||||
mkdir -p $RPM_BUILD_ROOT/var/spool/squid
|
mkdir -p $RPM_BUILD_ROOT/var/spool/squid
|
||||||
|
|
||||||
|
# remove unpackaged files from the buildroot
|
||||||
|
rm -f $RPM_BUILD_ROOT%{_sbindir}/{RunAccel,RunCache}
|
||||||
|
|
||||||
%clean
|
%clean
|
||||||
rm -rf $RPM_BUILD_ROOT
|
rm -rf $RPM_BUILD_ROOT
|
||||||
|
|
||||||
@ -125,22 +165,27 @@ rm -rf $RPM_BUILD_ROOT
|
|||||||
%config(noreplace) /etc/squid/squid.conf
|
%config(noreplace) /etc/squid/squid.conf
|
||||||
%config(noreplace) /etc/squid/mime.conf
|
%config(noreplace) /etc/squid/mime.conf
|
||||||
%config(noreplace) /etc/sysconfig/squid
|
%config(noreplace) /etc/sysconfig/squid
|
||||||
|
%config(noreplace) /etc/squid/msntauth.conf
|
||||||
%config /etc/squid/mib.txt
|
%config /etc/squid/mib.txt
|
||||||
|
/etc/squid/msntauth.conf.default
|
||||||
/etc/squid/squid.conf.default
|
/etc/squid/squid.conf.default
|
||||||
/etc/squid/mime.conf.default
|
/etc/squid/mime.conf.default
|
||||||
%config(noreplace) /etc/squid/errors
|
%config(noreplace) /etc/squid/errors
|
||||||
/usr/lib/squid
|
/usr/lib/squid
|
||||||
|
%{_datadir}/squid
|
||||||
/usr/sbin/squid
|
/usr/sbin/squid
|
||||||
/usr/sbin/client
|
/usr/sbin/squidclient
|
||||||
%config /etc/rc.d/init.d/squid
|
%config /etc/rc.d/init.d/squid
|
||||||
%config /etc/logrotate.d/squid
|
%config /etc/logrotate.d/squid
|
||||||
%doc faq/* README ChangeLog QUICKSTART doc/*
|
%doc faq/* README ChangeLog QUICKSTART doc/*
|
||||||
%doc contrib/url-normalizer.pl contrib/rredir.* contrib/user-agents.pl
|
#%doc contrib/url-normalizer.pl contrib/rredir.* contrib/user-agents.pl
|
||||||
%attr(750,squid,squid) %dir /var/log/squid
|
%attr(750,squid,squid) %dir /var/log/squid
|
||||||
%attr(750,squid,squid) %dir /var/spool/squid
|
%attr(750,squid,squid) %dir /var/spool/squid
|
||||||
|
%{_mandir}/man8/*
|
||||||
|
|
||||||
|
|
||||||
%pre
|
%pre
|
||||||
/usr/sbin/useradd -u 23 -d /var/spool/squid -r -s /dev/null squid >/dev/null 2>&1
|
/usr/sbin/useradd -u 23 -d /var/spool/squid -r -s /sbin/nologin squid >/dev/null 2>&1
|
||||||
|
|
||||||
for i in /var/log/squid /var/spool/squid ; do
|
for i in /var/log/squid /var/spool/squid ; do
|
||||||
if [ -d $i ] ; then
|
if [ -d $i ] ; then
|
||||||
@ -159,6 +204,9 @@ if [ $1 = 0 ]; then
|
|||||||
bg*)
|
bg*)
|
||||||
DIR=Bulgarian
|
DIR=Bulgarian
|
||||||
;;
|
;;
|
||||||
|
ca*)
|
||||||
|
DIR=Catalan
|
||||||
|
;;
|
||||||
cs*)
|
cs*)
|
||||||
DIR=Czech
|
DIR=Czech
|
||||||
;;
|
;;
|
||||||
@ -183,6 +231,9 @@ if [ $1 = 0 ]; then
|
|||||||
de*)
|
de*)
|
||||||
DIR=German
|
DIR=German
|
||||||
;;
|
;;
|
||||||
|
he*)
|
||||||
|
DIR=Hebrew
|
||||||
|
;;
|
||||||
hu*)
|
hu*)
|
||||||
DIR=Hungarian
|
DIR=Hungarian
|
||||||
;;
|
;;
|
||||||
@ -207,6 +258,9 @@ if [ $1 = 0 ]; then
|
|||||||
ru*)
|
ru*)
|
||||||
DIR=Russian-koi8-r
|
DIR=Russian-koi8-r
|
||||||
;;
|
;;
|
||||||
|
sr*)
|
||||||
|
DIR=Serbian
|
||||||
|
;;
|
||||||
sk*)
|
sk*)
|
||||||
DIR=Slovak
|
DIR=Slovak
|
||||||
;;
|
;;
|
||||||
@ -216,9 +270,12 @@ if [ $1 = 0 ]; then
|
|||||||
sv*)
|
sv*)
|
||||||
DIR=Swedish
|
DIR=Swedish
|
||||||
;;
|
;;
|
||||||
zh*)
|
zh_TW*)
|
||||||
DIR=Traditional_Chinese
|
DIR=Traditional_Chinese
|
||||||
;;
|
;;
|
||||||
|
zh_CN*)
|
||||||
|
DIR=Simplify_Chinese
|
||||||
|
;;
|
||||||
tr*)
|
tr*)
|
||||||
DIR=Turkish
|
DIR=Turkish
|
||||||
;;
|
;;
|
||||||
@ -226,9 +283,15 @@ if [ $1 = 0 ]; then
|
|||||||
DIR=English
|
DIR=English
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
ln -snf /usr/lib/squid/errors/$DIR /etc/squid/errors
|
ln -snf %{_datadir}/squid/errors/$DIR /etc/squid/errors
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
%triggerpostun -- squid < 2.5.STABLE1-1
|
||||||
|
errordir=`ls -ld /etc/squid/errors | awk '{ print $NF }'`
|
||||||
|
errordir=${errordir##*/}
|
||||||
|
ln -snf %{_datadir}/squid/errors/$DIR /etc/squid/errors
|
||||||
|
|
||||||
|
|
||||||
%preun
|
%preun
|
||||||
if [ $1 = 0 ] ; then
|
if [ $1 = 0 ] ; then
|
||||||
service squid stop >/dev/null 2>&1
|
service squid stop >/dev/null 2>&1
|
||||||
@ -242,6 +305,15 @@ if [ "$1" -ge "1" ] ; then
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed Jan 22 2003 Tim Powers <timp@redhat.com>
|
||||||
|
- rebuilt
|
||||||
|
|
||||||
|
* Wed Jan 15 2003 Bill Nottingham <notting@redhat.com> 7:2.5.STABLE1-1
|
||||||
|
- update to 2.5.STABLE1
|
||||||
|
|
||||||
|
* Wed Nov 27 2002 Tim Powers <timp@redhat.com> 7:2.4.STABLE7-5
|
||||||
|
- remove unpackaged files from the buildroot
|
||||||
|
|
||||||
* Tue Aug 27 2002 Nalin Dahyabhai <nalin@redhat.com> 2.4.STABLE7-4
|
* Tue Aug 27 2002 Nalin Dahyabhai <nalin@redhat.com> 2.4.STABLE7-4
|
||||||
- rebuild
|
- rebuild
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user