Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
I have a Squid Proxy setup on and older Dell dual Pentium III server, it is not a transparent proxy, though I would eventually like to turn it into one, which leads to an issue I am having now. I have done several searches, and perhaps I am not searching for the correct wording, but I would like to exempt certain sites from actually being proxied, though I would still like to have stats, i.e. know that clients are requesting the site. Specifically we have a a vendor website that is accessed via SSL which has abysmal performance through the proxy, however, I still need to know how many requests are made for the site. As far as my searching goes I could not find a way to do this. I know with my proxy not being a transparent proxy I could exempt the site on the client browser, however, I would not know how many times it was accessed and this also would not work in a transparent proxy situation. Can anyone assist me with that configuration, as far as what I need to setup in the configuration, or ACLs etc...?
Second configuration question:
I would like to get a set of stats on a subgroup of users, specifically I want to know what the topsites are that our inside sales in visiting. I get top sites company wide, but I want just this subset if possible.
Well it's impossible to NOT proxy something if you're trying to configure this behaviour *INSIDE* of squid. Too late, you're already proxied. What do you actually mean about performance of SSL? If you're decrypting the SSL on the proxy, scanning, and then reencrypting, then sure that performance could really suck the big one, but if you are simply permitting CONNECT on 443 then you are still proxying the traffic, you just can't see it, and there should be no performance issues whatsoever.
I should admit here though, I'm unclear exactly what Squid3.0 can do in terms of SSL maniuplation, I'm sure there are ways to make it do MITM decrpytion of HTTPS traffic, but can find so little information about it if it is possible.
Last edited by acid_kewpie; 10-16-2009 at 06:01 AM.
I sort of though that I was up a creek, I can't figure out why the performance seems to suffer I am not decrypting/re-encrypting traffic. But my co-worker in IT who also uses the system he said that he used it with the proxy and it was slower than hell, and when he turned off the proxy settings it ran great. THe only thing I could think of was that perhaps the system itself is just so old it is having a problem keeping up, but if I run top on it It utilizes nearly no CPU cycle so I don't know.
Generally it so often comes down to DNS being a total arse when things are being oddly slow. If you're explicitly using the proxy, then squid should be doing the DNS, not the browser, and that should really be the only significant difference I'd think of, assuming that all routing changes are inconsequential, e.g. only one net feed on a basic lan etc. I'd check out DNS, maybe you have a duff entry in resolv.conf on the server? But then unencrypted data was ok?
Well I have a caching DNS server on the proxy box, But I thought that the browser would still be doing the lookup, even with all traffic going through the proxy. I can say that our Domain DNS server has previously slowed us down as it would sometimes take long times to resolve names.
On a side note, any way I can exempt local NetBios/DNS names from the proxy with Firefox on Linux. In other words when I am not on the proxy I type vmalpha and it brngs me to the web server on the machine vmalpha.hesco.local but when I am on the proxy vmalpha and vmalpha.hesconet.com do not work I can only access the local resource by IP. The Caching DNS caches off of the 2003 Domain controller with alternate DNS servers set to globa, so IP resolution of local resources should be ok. But I get an access denied on local resources, and I can't seem to figure out how to exempt local sites.