Search squid archive

Re: header_access debug, pam_appl.h, digest-auth-helper, storeio

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> > 1) I got "pam_auth.c:74:31: error: security/pam_appl.h: No such file
> > or directory" when compiling squid-2.6.STABLE16-20070916. I found a
> > nearly identical instance in the list archive more than a year ago.
> > That got me looking into the pam-devel on my host os--Mac OS X 10.4.
> > It turns out pam_appl.h is located in /usr/include/pam/ on OS X 10.4
> > and 10.3, rather than /usr/include/security. A symbolic link takes
> > care of it. I wonder, however, if the developers are open to
> > accommodating this type of OS-specific peculiarities by adjusting
> > during ./configure based on --host=.
>
> so we need a configure test to see which of the two is available, and
> include the proper one..
>
> (should not make that decision based on the host type)

Thanks, Henrik.

> > 2) I narrowed down the cause of my inability to log into several sites
> > to the last line in the 'http_anonymizer paranoid' emulation of
> > squid-2.6 that I was using, namely: "header_access All deny all". I'd
> > like to find out what headers these sites need to see. Could anyone
> > let me know the debug_options number for header_access without going
> > full bore to "debug_options ALL,9"? Currently I'm aware of 33 for
> > reply_mime_type and 28 for ACL debugging. Is there a quick list of all
> > the debug option numbers, without resorting to reading the source
> > code?
>
> Usually login problems means you have blocked cookies..
>

I find "header_access All deny all" appears to be responsible for the cookie blocking.
I'd like to find out what additional header_access I need to allow to let these cookies through. Would enabling
header_access debug help in this regard? Could you point me to a list of all the possible debug_options, other than the source code? =D

Here's the header_access portion of my squid.conf

#Default:
# none
header_access User-Agent deny all
header_access Allow allow all
header_access Authorization allow all
header_access WWW-Authenticate allow all
header_access Cache-Control allow all
header_access Content-Encoding allow all
# to reproduce the old 'http_anonymizer paranoid' feature, as shown in the default squid.conf
header_access Allow allow all
(snipped for brevity)
header_access All deny all

I used Firefox extension LiveHTTPHeader to capture the difference (trying to) logging into youtube,
with the only change to squid.conf being "header_access All deny all" is disabled for the session to the right.

http://www.youtube.com/login?next=/index^M                                                              http://www.youtube.com/login?next=/index^MÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊ;
^M                                                              ^MÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊ
POST /login?next=/index HTTP/1.1^M                                                              POST /login?next=/index HTTP/1.1^MÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊ
Host: www.youtube.com^M                                                         Host: www.youtube.com^MÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊ
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US;^M                                                         User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US;^MÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊ
Accept: text/xml,application/xml,application/xhtml+xml,text/h^M                                                         Accept: text/xml,application/xml,application/xhtml+xml,text/h^MÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊ
Accept-Language: en,en-us;q=0.5^M                                                               Accept-Language: en,en-us;q=0.5^MÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊ
Accept-Encoding: gzip,deflate^M                                                         Accept-Encoding: gzip,deflate^MÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊ
Accept-Charset: gb18030,utf-8;q=0.7,*;q=0.7^M                                                           Accept-Charset: gb18030,utf-8;q=0.7,*;q=0.7^MÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊ
Keep-Alive: 300^M                                                               Keep-Alive: 300^MÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊ
Proxy-Connection: keep-alive^M                                                          Proxy-Connection: keep-alive^MÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊ
Referer: http://www.youtube.com/login?next=/index^M                                                             Referer: http://www.youtube.com/login?next=/index
 ÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊ
Cookie: GEO=4dbf49b28f5f6763908f946191912f49cxUAAABVUyxuaixhd^M                                                         Cookie: GEO=4dbf49b28f5f6763908f946191912f49cxUAAABVUyxuaixhd^MÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊ
Content-Type: application/x-www-form-urlencoded^M                                                               Content-Type: application/x-www-form-urlencoded^MÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊ
Content-Length: 89^M                                                            Content-Length: 89^MÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊ
current_form=loginForm&next=%2Findex&username=a6u5e&password=^M                                                         current_form=loginForm&next=%2Findex&username=a6u5e&password=^MÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊ
HTTP/1.x 303 See Other^M                                                                HTTP/1.x 303 See Other^MÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊ
Date: Wed, 19 Sep 2007 00:46:53 GMT^M                                                         | Date: Wed, 19 Sep 2007 00:48:29 GMT^MÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊ
                                                              > Server: Apache^MÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊ
                                                              > Set-Cookie: LOGIN_INFO=fad04c4763311f496b3a8a54e4ac17e5e3QgAA^MÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊ
                                                              > Set-Cookie: SOM=; path=/; domain=.youtube.com^MÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊ
                                                              > Set-Cookie: TSOM=; path=/; domain=.youtube.com^MÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊ
Cache-Control: no-cache^M                                                               Cache-Control: no-cache^MÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊ
(snipped for brevity...)ÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊÊ

> > 3) Does the latest squid-2.6 still need the digest-auth-helper from
> > squid-3PRE if I want to use digest password? Is this going to change?
>
> Squid-2.6 has the same digest helper as Squid-3.

Good to know. Glad I asked.

> > 4) What are the possible squid storeio options on Mac OS X (HFS+ or
> > UFS format)? So far it seems I have to either accept the default (UFS)
> > even though my disk is formatted HFS+, or --enable-storeio=null.
> > Anything else I tried had failed. Is there a matrix of all the storeio
> > possibilities for every OS squid has been compiled on?
>
> only ufs and null I am afraid..  Max OS X do not provide the factilities
> needed for either aufs or diskd.. and coss is still experimental.
>
> the name ufs has no relation to the actual filesystem type used by your
> OS. It's just Squid's name for "cache ontop of unix-like filesystem". A
> better name would be "simple" with aufs being "threaded".

Would aufs and diskd be valid options for squid on Mac OS X if ZFS becomes available for OS X as long rumored?

Finally, question 5) that I've meant to ask for a long time: I find I always have to issue "squid -k shutdown" at least twice, before squid would shut down.
Not too surprisingly "squid -k kill" only needs to be issued once. I'm curious what's causing squid's "resiliency" in the face of "squid -k shutdown"?
Does it have anything to do with the 8 squidGuard redirect_children in my setup?

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux