Red Branch | For Future Reference …
I have three main proxy servers running Squid, Squidguard and DansGuardian servicing over 1300 desktop computers. The stock DansGuardian code includes a setting to limit the number of potential DansGuardian child processes to the operating system file descriptor limits. I have managed to increase this to 900 but would like to push it further. The setting… Read more »
I was trying to explain to a colleague a few days ago how a few shell commands can be really useful, when today I came across an example to try to illustrate. My problem was that I had 245 log files each about 70-80MB in size – roughly 4 million lines in each log file…. Read more »
I decided to do a bit of checking on the proxy.pac file we were using. I grepped through our Apache access log files to pull out all of the IP addresses accessing the file over the year: zgrep “proxy.pac” ./2013-??-??.access_log.gz | awk ‘{print $1}’ | awk -F “:” ‘{print $2}’ | sort | uniq >… Read more »
Todays installment in the Adventures of Squid Sandwich: Forwarding loop detected WARNING: Forwarding loop detected for: in /var/log/squid/cache.log Since I am using a DansGuardian sandwich with Squid for bread I set the unique_hostname host.domain.com in the first Squid conf then in the second Squid conf used a CNAME for the same machine of: unique_hostname proxy1.domain.com… Read more »
So I had a problem with the ldapusersearch string as some eejit has created an OU with spaces and an apostrophe in the name. So the characters are represented as: comma %2c space %20 apostrophe %27 For example (entirely fictional organisation): src staff { ldapusersearch ldap://dc.ads.domain.uk:3268/dc=ads,dc=domain,dc=uk?sAMAccountName?sub?(&(sAMAccountName=%s)(memberOf=cn=All%20Staff%2cOU=King%27s%20College%20Dublin%2cdc=ads%2cdc=domain%2cdc=uk)) }
WARNING: (B) ‘::/0’ is a subnetwork of (A) ‘::/0’ I had this warning when restarting squid 3. I had a line left over from squid 2: acl all src 0.0.0.0/0.0.0.0 which I had subsequently changed to acl all src all as I received a CIDR warning. So to get rid of the subnetwork warning I… Read more »
Squid Get a few dependencies to get the ball rolling: yum -y groupinstall “Development Tools” yum -y install rpm-build openjade linuxdoc-tools openldap-devel pam-devel openssl-devel httpd rpm-devel expat-devel db4-devel libpcap-devel Browse http://www.jur-linux.com/rpms/el-updates/5Client/SRPMS/ and find the latest Source RPM for your architecture, then install the sprm e.g. wget http://www.jur-linux.com/rpms/el-updates/5Client/SRPMS/squid-3.1.12-2.el5.src.rpm rpm -ivh squid*.src.rpm This does not actually install… Read more »
If you plan to use URLBlacklist.com or Shalla rules in Dansguardian you may suffer from very slow (or impossible) restarts of the daemon. Dansguardian prefers the rules randomized rather than in alphabetical order. I couldn’t find the randomize lines package in the repos so compiled it first e.g.: wget http://arthurdejong.org/rl/rl-0.2.7.tar.gztar xzf rl-0.2.7.tar.gzcd rl-0.2.7./configuremakemake install Then… Read more »
After putting together an RPM for DansGuardian v2.10.1.1 I thought I would make a few notes. The version of DansGuardian in the repositories is currently version 2.8 and the only other repo or rpm I could find was a 32-bit 2.10. Why DansGuardian 2.10? Content Scanning Support with Clamd or Kapersky Regular Expressions to enforce… Read more »
