<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">Walter, what I've found is when
compiling to squid 3.5.x and higher, the compile options change.
Also remember that many of the options that were available with
3.1.x are depreciated and likely will not work with 3.4.x and
higher.<br>
<br>
The other issue is that squid is only supposed to be handling HTTP
and HTTPS traffic, not FTP. trying to use it as a FTP proxy will
need a different configuration than the standard HTTP/Secure
proxy.<br>
<br>
<br>
Mike<br>
<br>
<br>
On 5/25/2017 14:07 PM, Walter H. wrote:<br>
</div>
<blockquote cite="mid:59272B64.20308@mathemainzel.info" type="cite">
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
On 25.05.2017 12:50, Amos Jeffries wrote:
<blockquote
cite="mid:4c4b02a9-c38a-031b-db9d-fec999c64121@treenet.co.nz"
type="cite">On 25/05/17 20:19, Walter H. wrote: <br>
<blockquote type="cite">Hello <br>
<br>
what is the essential difference between the default squid
package and this squid34 package, <br>
</blockquote>
<br>
Run "squid -v" to find out if there are any build options
different. Usually its just two alternative versions from the
vendor. <br>
<br>
</blockquote>
Squid Cache: Version 3.4.14<br>
configure options: '--build=x86_64-redhat-linux-gnu'
'--host=x86_64-redhat-linux-gnu'
'--target=x86_64-redhat-linux-gnu' '--program-prefix='
'--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin'
'--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share'
'--includedir=/usr/include' '--libdir=/usr/lib64'
'--libexecdir=/usr/libexec' '--sharedstatedir=/var/lib'
'--mandir=/usr/share/man' '--infodir=/usr/share/info'
'--enable-internal-dns' '--disable-strict-error-checking'
'--exec_prefix=/usr' '--libexecdir=/usr/lib64/squid'
'--localstatedir=/var' '--datadir=/usr/share/squid'
'--sysconfdir=/etc/squid'
'--with-logdir=$(localstatedir)/log/squid'
'--with-pidfile=$(localstatedir)/run/squid.pid'
'--disable-dependency-tracking' '--enable-arp-acl'
'--enable-follow-x-forwarded-for'
'--enable-auth-basic=LDAP,MSNT,NCSA,PAM,SMB,POP3,RADIUS,SASL,getpwnam,NIS,MSNT-multi-domain'
'--enable-auth-ntlm=smb_lm,fake'
'--enable-auth-digest=file,LDAP,eDirectory'
'--enable-auth-negotiate=kerberos'
'--enable-external-acl-helpers=file_userip,LDAP_group,session,unix_group,wbinfo_group'
'--enable-cache-digests' '--enable-cachemgr-hostname=localhost'
'--enable-delay-pools' '--enable-epoll' '--enable-icap-client'
'--enable-ident-lookups' '--enable-linux-netfilter'
'--enable-referer-log' '--enable-removal-policies=heap,lru'
'--enable-snmp' '--enable-ssl' '--enable-storeio=aufs,diskd,ufs'
'--enable-useragent-log' '--enable-wccpv2' '--enable-esi'
'--enable-http-violations' '--with-aio'
'--with-default-user=squid' '--with-filedescriptors=16384'
'--with-dl' '--with-openssl' '--with-pthreads'
'--disable-arch-native' 'build_alias=x86_64-redhat-linux-gnu'
'host_alias=x86_64-redhat-linux-gnu'
'target_alias=x86_64-redhat-linux-gnu' 'CFLAGS=-O2 -g -pipe -Wall
-Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector
--param=ssp-buffer-size=4 -m64 -mtune=generic -fpie' 'CXXFLAGS=-O2
-g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions
-fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic
-fpie'
'PKG_CONFIG_PATH=:/usr/lib64/pkgconfig:/usr/share/pkgconfig'<br>
<br>
and <br>
<br>
Squid Cache: Version 3.1.23<br>
configure options: '--build=x86_64-redhat-linux-gnu'
'--host=x86_64-redhat-linux-gnu'
'--target=x86_64-redhat-linux-gnu' '--program-prefix='
'--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin'
'--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share'
'--includedir=/usr/include' '--libdir=/usr/lib64'
'--libexecdir=/usr/libexec' '--sharedstatedir=/var/lib'
'--mandir=/usr/share/man' '--infodir=/usr/share/info'
'--enable-internal-dns' '--disable-strict-error-checking'
'--exec_prefix=/usr' '--libexecdir=/usr/lib64/squid'
'--localstatedir=/var' '--datadir=/usr/share/squid'
'--sysconfdir=/etc/squid'
'--with-logdir=$(localstatedir)/log/squid'
'--with-pidfile=$(localstatedir)/run/squid.pid'
'--disable-dependency-tracking' '--enable-arp-acl'
'--enable-follow-x-forwarded-for'
'--enable-auth=basic,digest,ntlm,negotiate'
'--enable-basic-auth-helpers=LDAP,MSNT,NCSA,PAM,SMB,YP,getpwnam,multi-domain-NTLM,SASL,DB,POP3,squid_radius_auth'
'--enable-ntlm-auth-helpers=smb_lm,no_check,fakeauth'
'--enable-digest-auth-helpers=password,ldap,eDirectory'
'--enable-negotiate-auth-helpers=squid_kerb_auth'
'--enable-external-acl-helpers=ip_user,ldap_group,session,unix_group,wbinfo_group'
'--enable-cache-digests' '--enable-cachemgr-hostname=localhost'
'--enable-delay-pools' '--enable-epoll' '--enable-icap-client'
'--enable-ident-lookups' '--enable-linux-netfilter'
'--enable-referer-log' '--enable-removal-policies=heap,lru'
'--enable-snmp' '--enable-ssl' '--enable-storeio=aufs,diskd,ufs'
'--enable-useragent-log' '--enable-wccpv2' '--enable-esi'
'--enable-http-violations' '--with-aio'
'--with-default-user=squid' '--with-filedescriptors=16384'
'--with-dl' '--with-openssl' '--with-pthreads'
'build_alias=x86_64-redhat-linux-gnu'
'host_alias=x86_64-redhat-linux-gnu'
'target_alias=x86_64-redhat-linux-gnu' 'CFLAGS=-O2 -g -pipe -Wall
-Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector
--param=ssp-buffer-size=4 -m64 -mtune=generic -fpie'
'LDFLAGS=-pie' 'CXXFLAGS=-O2 -g -pipe -Wall
-Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector
--param=ssp-buffer-size=4 -m64 -mtune=generic -fpie'
--with-squid=/builddir/build/BUILD/squid-3.1.23<br>
<br>
<blockquote
cite="mid:4c4b02a9-c38a-031b-db9d-fec999c64121@treenet.co.nz"
type="cite"> <br>
<blockquote type="cite">as I have problems using this squid34
package for FTP connections; <br>
there are no shown icons, when going to e.g. <a
moz-do-not-send="true" class="moz-txt-link-freetext"
href="ftp://ftp.adobe.com/"><a class="moz-txt-link-freetext" href="ftp://ftp.adobe.com/">ftp://ftp.adobe.com/</a></a> <br>
when I tell the browser to show the image then I get this
squid generated message ... <br>
<br>
the same config /etc/squid/squid.conf works with the default
squid package ... <br>
<br>
<message> <br>
While trying to retrieve the URL: <a moz-do-not-send="true"
class="moz-txt-link-freetext"
href="http://proxy.local:3128/squid-internal-static/icons/silk/folder.png">http://proxy.local:3128/squid-internal-static/icons/silk/folder.png</a>
<a moz-do-not-send="true" class="moz-txt-link-rfc2396E"
href="http://zbox-ci323.waldinet.local:3128/squid-internal-static/icons/silk/folder.png"><http://zbox-ci323.waldinet.local:3128/squid-internal-static/icons/silk/folder.png></a>
<br>
<br>
</blockquote>
<br>
Notice the port number in that URL... <br>
<br>
</blockquote>
yes I see the squid port 3128<br>
<br>
when I do this with the default squid package, there I get the
icons, and when I want to get the URL of such an icon,<br>
it shows e.g. <a moz-do-not-send="true"
class="moz-txt-link-freetext"
href="ftp://ftp.adobe.com/squid-internal-static/icons/anthony-dir.gif">ftp://ftp.adobe.com/squid-internal-static/icons/anthony-dir.gif</a><br>
<br>
when I add<br>
global_internal_static off<br>
to squid.conf at the squid34 package, <br>
then there also no icons shown;<br>
when I tell the browser to show the image then I get this squid
generated message ...<br>
<br>
<message><br>
The following URL could not be retrieved: <a
moz-do-not-send="true"
href="ftp://ftp.adobe.com/squid-internal-static/icons/silk/folder.png"><a class="moz-txt-link-freetext" href="ftp://ftp.adobe.com/squid-internal-static/icons/silk/folder.png">ftp://ftp.adobe.com/squid-internal-static/icons/silk/folder.png</a></a>
<p> </p>
<p> Squid sent the following FTP command: </p>
<blockquote> <strong>
<pre>CWD squid-internal-static
</pre>
</strong> </blockquote>
and then received this reply
<blockquote> <strong>
<pre>Failed to change directory.</pre>
</strong> </blockquote>
<p> This might be caused by an FTP URL with an absolute path
(which does not comply with RFC 1738).<br>
If this is the cause, then the file can be found at <a
moz-do-not-send="true"
href="ftp://ftp.adobe.com%2f/squid-internal-static/icons/silk/folder.png"><a class="moz-txt-link-freetext" href="ftp://ftp.adobe.com%2f2f/squid-internal-static/icons/silk/folder.png">ftp://ftp.adobe.com%2f2f/squid-internal-static/icons/silk/folder.png</a></a>.
</p>
<p>Your cache administrator is ...</p>
Generated Thu, 25 May 2017 18:57:52 GMT by proxy.local
(squid/3.4.14) <br>
</message><br>
<br>
what is running wrong here?<br>
is there a setting I can change without having to allow <br>
port 3128 traffic go through the proxy?<br>
(this is not really logic, as the default squid package also
doesn't allow port 3128 traffic go through ...)<br>
<br>
<blockquote
cite="mid:4c4b02a9-c38a-031b-db9d-fec999c64121@treenet.co.nz"
type="cite">
<blockquote type="cite"> <br>
<squid.conf> <br>
acl localnet src 192.168.1.0/24 <br>
<br>
acl SSL_ports port 443 <br>
acl Safe_ports port 80 # http <br>
acl Safe_ports port 21 # ftp <br>
acl Safe_ports port 443 # https <br>
acl Safe_ports port 70 # gopher <br>
</blockquote>
<br>
You have removed the port range 1025-65535 from Safe_ports. So
traffic with URL port 3128 is no longer permitted. <br>
</blockquote>
I configured on the clients this<br>
<a moz-do-not-send="true" class="moz-txt-link-freetext"
href="http://proxy.local:3128">http://proxy.local:3128</a><br>
as proxy ...<br>
<br>
Thanks,<br>
Walter<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
squid-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a>
<a class="moz-txt-link-freetext" href="http://lists.squid-cache.org/listinfo/squid-users">http://lists.squid-cache.org/listinfo/squid-users</a>
</pre>
</blockquote>
<br>
</body>
</html>